Pop Ups öffnen sich automatisch nach Virenmeldung

FiDoS · 21.04.2010, 15:44

hab ein problem

gerade eben hat mein anti-virus irgendein virus oder trojaner gemeldet

und jetzt öffnen sich immer mein IE explorer mit irgendwelchen pop ups

was soll ich jetzt machen ?

Code:

ATTFilter

 
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:47:29, on 21.04.2010
Platform: Unknown Windows (WinNT 6.01.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal
 
Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\rundll32.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe
C:\Program Files\AVG\AVG9\avgtray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Windows\system32\rundll32.exe
C:\Users\Michael\AppData\Local\Temp\Hqq.exe
C:\Windows\system32\mshta.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Michael\AppData\Local\Temp\Hqr.exe
C:\Program Files\Internet Explorer\IELowutil.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
 
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Welcome to ALDI
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Welcome to ALDI
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN, Messenger und Hotmail sowie Nachrichten, Unterhaltung, Video, Sport, Lifestyle, Finanzen, Auto uvm. bei MSN
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN, Messenger und Hotmail sowie Nachrichten, Unterhaltung, Video, Sport, Lifestyle, Finanzen, Auto uvm. bei MSN
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s
O4 - HKLM\..\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [MDS_Menu] "C:\Program Files\CyberLink\MediaShow4\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\MediaShow4" UpdateWithCreateOnce "Software\CyberLink\MediaShow\4.1"
O4 - HKLM\..\Run: [CLMLServer] "C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe"
O4 - HKLM\..\Run: [PDVD9LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD9\Language\Language.exe"
O4 - HKLM\..\Run: [UCam_Menu] "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\3.0"
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [AutoStartNPSAgent] C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe
O4 - HKCU\..\Run: [NokiaOviSuite2] C:\Program Files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe -tray
O4 - HKCU\..\Run: [Canaveral] rundll32.exe C:\Users\Michael\AppData\Local\Temp\sshnas21.dll,BackupReadW
O4 - HKCU\..\Run: [YVIBBBHA8C] C:\Users\Michael\AppData\Local\Temp\Hqr.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETZWERKDIENST')
O4 - Global Startup: McAfee Security Scan.lnk = ?
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - eBay: Neue und gebrauchte Elektronikartikel, Autos, Kleidung, Sammlerstücke, Sportartikel und mehr ? alles zu günstigen Preisen (file missing)
O9 - Extra 'Tools' menuitem: eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - eBay: Neue und gebrauchte Elektronikartikel, Autos, Kleidung, Sammlerstücke, Sportartikel und mehr ? alles zu günstigen Preisen (file missing)
O9 - Extra button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - eBay: Neue und gebrauchte Elektronikartikel, Autos, Kleidung, Sammlerstücke, Sportartikel und mehr ? alles zu günstigen Preisen (file missing) (HKCU)
O9 - Extra 'Tools' menuitem: eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - eBay: Neue und gebrauchte Elektronikartikel, Autos, Kleidung, Sammlerstücke, Sportartikel und mehr ? alles zu günstigen Preisen (file missing) (HKCU)
O13 - Gopher Prefix: 
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - hxxp://messenger.zone.msn.com/MessengerGamesContent/GameContent/de/uno1/GAME_UNO1.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgemc.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: Bonjour-Dienst (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FABS - Helping agent for MAGIX media database (Fabs) - MAGIX AG - C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe
O23 - Service: FsUsbExService - Teruten - C:\Windows\system32\FsUsbExService.Exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\Windows\system32\PSIService.exe
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
 
--
End of file - 9475 bytes

FiDoS · 21.04.2010, 16:17

jetzt findet mein laptop auch andere trojaner

zB den Virtumonde

wie kann ich das entfernen

Larusso · 21.04.2010, 16:24

Eine Bereinigung ist mitunter mit viel Arbeit für Dich verbunden.

Bitte arbeite alle Schritte der Reihe nach ab.
Sollte es Probleme geben, bitte stoppen und hier so gut es geht beschreiben.
Nur Scanns durchführen zu denen Du von einem Helfer aufgefordert wirst.
Bitte kein Crossposting ( posten in mehreren Foren).

Hinweis: Ich kann Dir niemals eine Garantie geben, dass ich auch alles finde. Eine Formatierung ist meist der Schnellere und immer der sicherste Weg.
Solltest Du Dich für eine Bereinigung entscheiden, arbeite bitte folgendes ab.

Vista und Win7 User
Alle Tools mit Rechtsklick "als Administrator ausführen" starten.

schritt 1

Temp File Cleaner

Downloade Dir bitte TFC ( von Oldtimer ) und speichere die Datei auf dem Desktop.
Schließe nun alle offenen Programme und trenne Dich von dem Internet.
Doppelklick auf die TFC.exe
Sollte TFC nicht alle Dateien löschen können wird es einen Neustart verlangen. Dies bitte zulassen.

schritt 2

Bereinigung mit Malwarebytes' Anti-Malware (Quick-Scan)

Downloade Dir bitte Malwarebytes

Installiere das Programm in den vorgegebenen Pfad.
Denke daran, bei Vista das Programm als Admin zu starten, ansonsten per Doppelklick starten.
Lasse es online updaten (Reiter Updates), sofern sich das Programm bereits auf dem Rechner befand.
Aktiviere "Quick-Scan durchführen" => Scan.
Wenn der Scan beendet ist, klicke auf "Ergebnisse anzeigen".
Bei Funden in C:\System Volume Information den Haken entfernen.
Ansonsten wird dieser Systemwiederherstellungspunkt nicht mehr funktionieren.
Er könnte jedoch trotz Malware noch gebraucht werden.
Versichere Dich, dass ansonsten alle Funde markiert sind und drücke "Entferne Auswahl".
Poste das Logfile, welches sich in Notepad öffnet, hier in den Thread.
Nachträglich kannst du den Bericht unter "Scan-Berichte" finden.
Berichte, wie der Rechner nun läuft.

Hier findest Du eine ausführliche und bebilderte Anleitung.

schritt 3

CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop

Starte bitte die OTL.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Kopiere nun den Inhalt in die Textbox.

Code:

ATTFilter

netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
nvrd32.sys
symmpi.sys
adp3132.sys
mv61xx.sys
/md5stop
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav

Schliesse bitte nun alle Programme. (Wichtig)
Klicke nun bitte auf den Quick Scan Button.
Klick auf .
Kopiere nun den Inhalt aus OTL.txt und Extra.txt hier in Deinen Thread

Bitte poste in Deiner nächsten Antwort
Log von Malwarebytes
OTL.txt
Extra.txt

FiDoS · 21.04.2010, 17:01

Malwarebytes logfile:

Zitat:

malwarebytes' anti-malware 1.45
www.malwarebytes.org

datenbank version: 4016

windows 6.1.7600
internet explorer 8.0.7600.16385

21.04.2010 17:43:42
mbam-log-2010-04-21 (17-43-42).txt

art des suchlaufs: Quick-scan
durchsuchte objekte: 104602
laufzeit: 4 minute(n), 23 sekunde(n)

infizierte speicherprozesse: 0
infizierte speichermodule: 0
infizierte registrierungsschlüssel: 6
infizierte registrierungswerte: 2
infizierte dateiobjekte der registrierung: 0
infizierte verzeichnisse: 0
infizierte dateien: 0

infizierte speicherprozesse:
(keine bösartigen objekte gefunden)

infizierte speichermodule:
(keine bösartigen objekte gefunden)

infizierte registrierungsschlüssel:
Hkey_current_user\software\yvibbbha8c (trojan.agent) -> quarantined and deleted successfully.
Hkey_local_machine\software\microsoft\tracing\sshnas21_rasapi32 (worm.koobface) -> quarantined and deleted successfully.
Hkey_local_machine\software\microsoft\tracing\sshnas21_rasmancs (worm.koobface) -> quarantined and deleted successfully.
Hkey_current_user\software\xml (trojan.fakealert) -> quarantined and deleted successfully.
Hkey_current_user\software\microsoft\handle (malware.trace) -> quarantined and deleted successfully.
Hkey_current_user\software\qzaib7kitk (trojan.fakealert) -> quarantined and deleted successfully.

Infizierte registrierungswerte:
Hkey_current_user\software\microsoft\windows\currentversion\run\yvibbbha8c (trojan.fakealert) -> quarantined and deleted successfully.
Hkey_current_user\software\microsoft\windows\currentversion\run\canaveral (trojan.downloader) -> quarantined and deleted successfully.

Infizierte dateiobjekte der registrierung:
(keine bösartigen objekte gefunden)

infizierte verzeichnisse:
(keine bösartigen objekte gefunden)

infizierte dateien:
(keine bösartigen objekte gefunden)

FiDoS · 21.04.2010, 17:03

OTL.TXT

HTML-Code:

OTL logfile created on: 21.04.2010 17:47:49 - Run 1
OTL by OldTimer - Version 3.2.1.3     Folder = C:\Users\Michael\Desktop
 Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 73,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 85,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 424,66 Gb Total Space | 378,17 Gb Free Space | 89,05% Space Free | Partition Type: NTFS
Drive D: | 40,00 Gb Total Space | 31,60 Gb Free Space | 78,99% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: MICHAEL-PC
Current User Name: Michael
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan
 
[color=#E56717]========== Processes (SafeList) ==========[/color]
 
PRC - [2010.04.21 17:31:30 | 000,562,176 | ---- | M] (OldTimer Tools) -- C:\Users\Michael\Desktop\OTL.exe
PRC - [2010.04.21 08:43:00 | 002,064,736 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG9\avgtray.exe
PRC - [2010.04.21 08:43:00 | 000,620,896 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG9\avgnsx.exe
PRC - [2010.04.02 09:52:22 | 001,101,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG9\avgchsvx.exe
PRC - [2010.03.17 17:03:13 | 000,508,184 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG9\avgrsx.exe
PRC - [2010.03.17 17:03:12 | 000,308,064 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG9\avgwdsvc.exe
PRC - [2010.03.17 17:02:47 | 000,916,760 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG9\avgemc.exe
PRC - [2010.03.17 17:02:47 | 000,710,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG9\avgcsrvx.exe
PRC - [2009.10.31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009.09.11 20:54:20 | 007,739,936 | ---- | M] (Realtek Semiconductor) -- C:\Programme\Realtek\Audio\HDA\RtHDVCpl.exe
PRC - [2009.07.28 02:19:10 | 000,199,184 | ---- | M] (McAfee, Inc.) -- C:\Programme\McAfee Security Scan\1.0.150\SSScheduler.exe
PRC - [2009.07.15 10:18:48 | 000,102,400 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Programme\Samsung\Samsung New PC Studio\NPSAgent.exe
PRC - [2009.07.15 10:08:24 | 000,233,472 | ---- | M] (Teruten) -- C:\Windows\System32\FsUsbExService.Exe
PRC - [2009.07.14 03:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009.07.14 03:14:38 | 001,173,504 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Sidebar\sidebar.exe
PRC - [2009.06.04 19:03:32 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2009.06.04 19:03:06 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2009.06.03 20:59:02 | 000,103,720 | ---- | M] (CyberLink) -- C:\Programme\CyberLink\Power2Go\CLMLSvc.exe
PRC - [2009.05.19 11:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2009.02.03 14:53:00 | 001,155,072 | ---- | M] (MAGIX AG) -- C:\Programme\Common Files\MAGIX Services\Database\bin\FABS.exe
PRC - [2009.01.26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Programme\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2007.07.24 11:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) -- c:\Programme\Common Files\Protexis\License Service\PsiService_2.exe
PRC - [2007.06.05 13:20:32 | 000,177,704 | ---- | M] () -- C:\Windows\System32\PSIService.exe
 
 
[color=#E56717]========== Modules (SafeList) ==========[/color]
 
MOD - [2010.04.21 17:31:30 | 000,562,176 | ---- | M] (OldTimer Tools) -- C:\Users\Michael\Desktop\OTL.exe
MOD - [2010.03.17 17:03:13 | 000,012,464 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\avgrsstx.dll
MOD - [2009.07.14 03:16:15 | 000,099,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sspicli.dll
MOD - [2009.07.14 03:16:13 | 000,092,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sechost.dll
MOD - [2009.07.14 03:16:13 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\samcli.dll
MOD - [2009.07.14 03:16:12 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\profapi.dll
MOD - [2009.07.14 03:16:03 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\netutils.dll
MOD - [2009.07.14 03:15:35 | 000,288,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\KernelBase.dll
MOD - [2009.07.14 03:15:13 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dwmapi.dll
MOD - [2009.07.14 03:15:11 | 000,064,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\devobj.dll
MOD - [2009.07.14 03:15:07 | 000,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cryptbase.dll
MOD - [2009.07.14 03:15:02 | 000,145,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cfgmgr32.dll
MOD - [2009.07.14 03:03:50 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll
 
 
[color=#E56717]========== Win32 Services (SafeList) ==========[/color]
 
SRV - [2010.03.17 17:03:12 | 000,308,064 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2010.03.17 17:02:47 | 000,916,760 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgemc.exe -- (avg9emc)
SRV - [2010.01.26 13:41:08 | 000,652,800 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2009.07.15 10:08:24 | 000,233,472 | ---- | M] (Teruten) [Auto | Running] -- C:\Windows\System32\FsUsbExService.Exe -- (FsUsbExService)
SRV - [2009.07.14 03:16:21 | 000,185,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wwansvc.dll -- (WwanSvc)
SRV - [2009.07.14 03:16:17 | 000,151,552 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wbiosrvc.dll -- (WbioSrvc)
SRV - [2009.07.14 03:16:17 | 000,119,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\umpo.dll -- (Power)
SRV - [2009.07.14 03:16:16 | 000,037,376 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\themeservice.dll -- (Themes)
SRV - [2009.07.14 03:16:15 | 000,053,760 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sppuinotify.dll -- (sppuinotify)
SRV - [2009.07.14 03:16:13 | 000,043,520 | ---- | M] (Microsoft Corporation) [Unknown | Running] -- C:\Windows\System32\RpcEpMap.dll -- (RpcEptMapper)
SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 03:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpsvc.dll -- (PNRPsvc)
SRV - [2009.07.14 03:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpsvc.dll -- (p2pimsvc)
SRV - [2009.07.14 03:16:12 | 000,165,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\provsvc.dll -- (HomeGroupProvider)
SRV - [2009.07.14 03:16:12 | 000,020,480 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpauto.dll -- (PNRPAutoReg)
SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009.07.14 03:15:36 | 000,194,560 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\ListSvc.dll -- (HomeGroupListener)
SRV - [2009.07.14 03:15:21 | 000,797,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2009.07.14 03:15:11 | 000,253,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dhcpcore.dll -- (Dhcp)
SRV - [2009.07.14 03:15:10 | 000,218,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\defragsvc.dll -- (defragsvc)
SRV - [2009.07.14 03:14:59 | 000,076,800 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\bdesvc.dll -- (BDESVC)
SRV - [2009.07.14 03:14:58 | 000,088,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\AxInstSv.dll -- (AxInstSV) ActiveX-Installer (AxInstSV)
SRV - [2009.07.14 03:14:53 | 000,027,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\appidsvc.dll -- (AppIDSvc)
SRV - [2009.07.14 03:14:29 | 003,179,520 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\sppsvc.exe -- (sppsvc)
SRV - [2009.06.04 19:03:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
SRV - [2009.05.19 11:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2009.02.03 14:53:00 | 001,155,072 | ---- | M] (MAGIX AG) [Unknown | Running] -- C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe -- (Fabs)
SRV - [2009.01.26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Programme\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2008.08.07 10:10:02 | 003,276,800 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance)
SRV - [2007.07.24 11:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) [Auto | Running] -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
SRV - [2007.06.05 13:20:32 | 000,177,704 | ---- | M] () [Auto | Running] -- C:\Windows\System32\PSIService.exe -- (ProtexisLicensing)
 
 
[color=#E56717]========== Standard Registry (SafeList) ==========[/color]
 
 
[color=#E56717]========== Internet Explorer ==========[/color]
 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://medion.msn.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://medion.msn.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.aldi.com
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
[color=#E56717]========== FireFox ==========[/color]
 
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.812
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.3
 
FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2010.04.21 09:57:49 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.04.03 21:15:46 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.04.03 21:15:46 | 000,000,000 | ---D | M]
 
[2010.01.03 23:16:50 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\mozilla\Extensions
[2010.04.20 22:37:34 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\mozilla\Firefox\Profiles\cj6zx2mo.default\extensions
[2010.01.28 18:54:21 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Michael\AppData\Roaming\mozilla\Firefox\Profiles\cj6zx2mo.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010.01.03 23:16:28 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions
[2010.01.16 03:15:29 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.01.16 03:15:29 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.01.16 03:15:29 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.01.16 03:15:29 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.01.16 03:15:29 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programme\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Programme\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Programme\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [CLMLServer] C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [IAAnotif] C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [MDS_Menu] C:\Program Files\CyberLink\MediaShow4\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [NPSStartup]  File not found
O4 - HKLM..\Run: [PDVD9LanguageShortcut] C:\Program Files\CyberLink\PowerDVD9\Language\Language.exe (CyberLink Corp.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [UCam_Menu] C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKCU..\Run: [AutoStartNPSAgent] C:\Programme\Samsung\Samsung New PC Studio\NPSAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKCU..\Run: [NokiaOviSuite2] C:\Program Files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe File not found
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} -  File not found
O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} -  File not found
O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} hxxp://messenger.zone.msn.com/MessengerGamesContent/GameContent/de/uno1/GAME_UNO1.cab (UnoCtrl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programme\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (avgrsstx.dll) - C:\Windows\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias [2009.07.14 04:37:08 | 000,000,000 | ---D | M]
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
NetSvcs: Themes - C:\Windows\System32\themeservice.dll (Microsoft Corporation)
NetSvcs: BDESVC - C:\Windows\System32\bdesvc.dll (Microsoft Corporation)
 
[color=#E56717]========== Files/Folders - Created Within 14 Days ==========[/color]
 
[2010.04.21 17:31:29 | 000,562,176 | ---- | C] (OldTimer Tools) -- C:\Users\Michael\Desktop\OTL.exe
[2010.04.21 17:30:04 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\Malwarebytes
[2010.04.21 17:29:56 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010.04.21 17:29:55 | 000,020,824 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010.04.21 17:29:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010.04.21 17:29:54 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2010.04.21 17:27:38 | 000,444,416 | ---- | C] (OldTimer Tools) -- C:\Users\Michael\Desktop\TFC.exe
[2010.04.21 16:59:30 | 000,000,000 | ---D | C] -- C:\Programme\Spybot - Search & Destroy
[2010.04.21 16:59:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2010.04.21 16:47:16 | 000,000,000 | ---D | C] -- C:\Programme\Trend Micro
[2010.04.21 14:42:45 | 006,578,176 | ---- | C] (Superfirm) -- C:\Users\Michael\Desktop\2009Decoder.exe
[2010.04.08 23:49:11 | 000,000,000 | ---D | C] -- C:\Users\Michael\Documents\Yuwi ada
 
[color=#E56717]========== Files - Modified Within 14 Days ==========[/color]
 
[2010.04.21 17:48:27 | 001,835,008 | -HS- | M] () -- C:\Users\Michael\ntuser.dat
[2010.04.21 17:44:07 | 000,009,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010.04.21 17:44:07 | 000,009,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010.04.21 17:43:07 | 001,472,002 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010.04.21 17:43:07 | 000,643,866 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2010.04.21 17:43:07 | 000,607,190 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010.04.21 17:43:07 | 000,126,394 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2010.04.21 17:43:07 | 000,103,568 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010.04.21 17:36:53 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010.04.21 17:36:49 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010.04.21 17:36:43 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.04.21 17:36:41 | 2363,129,856 | -HS- | M] () -- C:\hiberfil.sys
[2010.04.21 17:31:30 | 000,562,176 | ---- | M] (OldTimer Tools) -- C:\Users\Michael\Desktop\OTL.exe
[2010.04.21 17:29:59 | 000,000,983 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.04.21 17:27:38 | 000,444,416 | ---- | M] (OldTimer Tools) -- C:\Users\Michael\Desktop\TFC.exe
[2010.04.21 17:14:00 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010.04.21 17:08:05 | 000,000,000 | ---- | M] () -- C:\Users\Michael\AppData\Local\prvlcl.dat
[2010.04.21 16:59:37 | 000,001,220 | ---- | M] () -- C:\Users\Michael\Desktop\Spybot - Search & Destroy.lnk
[2010.04.21 16:47:17 | 000,002,043 | ---- | M] () -- C:\Users\Michael\Desktop\HijackThis.lnk
[2010.04.21 14:44:21 | 1135,655,140 | ---- | M] () -- C:\Users\Michael\Desktop\Inseltraum_Suedthailand_10.04.20_02-50_zdfneo_50_TVOON_DE.mpg.avi
[2010.04.21 09:44:41 | 008,607,800 | -H-- | M] () -- C:\Users\Michael\AppData\Local\IconCache.db
[2010.04.21 08:43:00 | 000,242,896 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgtdix.sys
[2010.04.21 08:42:58 | 059,102,211 | ---- | M] () -- C:\Windows\System32\drivers\Avg\incavi.avm
[2010.04.19 20:31:40 | 000,002,016 | ---- | M] () -- C:\Users\Michael\AppData\Roaming\wklnhst.dat
[2010.04.18 20:33:54 | 021,573,632 | ---- | M] () -- C:\Users\Michael\Desktop\Guns N' Roses-November Rain.mp3
[2010.04.15 18:49:09 | 000,002,174 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2010.04.09 07:02:58 | 015,338,945 | ---- | M] () -- C:\Users\Michael\Desktop\hasi.mp4
 
[color=#E56717]========== Files Created - No Company Name ==========[/color]
 
[2010.04.21 17:29:59 | 000,000,983 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.04.21 16:59:37 | 000,001,220 | ---- | C] () -- C:\Users\Michael\Desktop\Spybot - Search & Destroy.lnk
[2010.04.21 16:47:17 | 000,002,043 | ---- | C] () -- C:\Users\Michael\Desktop\HijackThis.lnk
[2010.04.21 14:43:36 | 1135,655,140 | ---- | C] () -- C:\Users\Michael\Desktop\Inseltraum_Suedthailand_10.04.20_02-50_zdfneo_50_TVOON_DE.mpg.avi
[2010.04.18 20:33:16 | 021,573,632 | ---- | C] () -- C:\Users\Michael\Desktop\Guns N' Roses-November Rain.mp3
[2010.04.15 18:49:09 | 000,002,174 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2010.04.09 20:53:07 | 015,338,945 | ---- | C] () -- C:\Users\Michael\Desktop\hasi.mp4
[2010.03.26 20:23:19 | 000,043,008 | ---- | C] () -- C:\Users\Michael\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.03.14 15:53:17 | 000,002,016 | ---- | C] () -- C:\Users\Michael\AppData\Roaming\wklnhst.dat
[2010.02.09 22:06:19 | 000,000,019 | ---- | C] () -- C:\Users\Michael\AppData\Roaming\mdbu.bin
[2010.02.06 15:28:48 | 000,000,000 | ---- | C] () -- C:\Users\Michael\AppData\Local\prvlcl.dat
[2010.01.14 11:04:38 | 000,110,592 | ---- | C] () -- C:\Windows\System32\FsUsbExDevice.Dll
[2010.01.14 11:04:38 | 000,036,608 | ---- | C] () -- C:\Windows\System32\FsUsbExDisk.Sys
[2010.01.09 10:18:30 | 000,524,288 | -HS- | C] () -- C:\Users\Michael\ntuser.dat{7e50aebe-fcf7-11de-abf1-00222008339b}.TMContainer00000000000000000002.regtrans-ms
[2010.01.09 10:18:30 | 000,524,288 | -HS- | C] () -- C:\Users\Michael\ntuser.dat{7e50aebe-fcf7-11de-abf1-00222008339b}.TMContainer00000000000000000001.regtrans-ms
[2010.01.09 10:18:30 | 000,065,536 | -HS- | C] () -- C:\Users\Michael\ntuser.dat{7e50aebe-fcf7-11de-abf1-00222008339b}.TM.blf
[2009.12.24 18:52:11 | 000,524,288 | -HS- | C] () -- C:\Users\Michael\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000002.regtrans-ms
[2009.12.24 18:52:11 | 000,524,288 | -HS- | C] () -- C:\Users\Michael\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000001.regtrans-ms
[2009.12.24 18:52:11 | 000,262,144 | -HS- | C] () -- C:\Users\Michael\ntuser.dat.LOG1
[2009.12.24 18:52:11 | 000,065,536 | -HS- | C] () -- C:\Users\Michael\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TM.blf
[2009.12.24 18:52:11 | 000,000,020 | -HS- | C] () -- C:\Users\Michael\ntuser.ini
[2009.12.24 18:52:11 | 000,000,000 | -HS- | C] () -- C:\Users\Michael\ntuser.dat.LOG2
[2009.12.24 18:52:09 | 001,835,008 | -HS- | C] () -- C:\Users\Michael\ntuser.dat
[2009.09.29 12:18:10 | 000,120,200 | ---- | C] () -- C:\Windows\System32\DLLDEV32i.dll
[2009.09.29 07:38:08 | 000,036,864 | ---- | C] () -- C:\Windows\System32\Hooks.dll
[2009.09.29 07:15:05 | 000,140,288 | ---- | C] () -- C:\Windows\System32\igfxtvcx.dll
[2009.09.28 12:53:48 | 000,004,608 | ---- | C] () -- C:\Windows\System32\HdmiCoin.dll
[2009.07.14 01:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2007.10.25 18:26:10 | 000,005,632 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen.sys
 
[color=#E56717]========== LOP Check ==========[/color]
 
[2010.04.21 16:04:03 | 000,000,000 | -HSD | M] -- C:\Users\Michael\AppData\Roaming\.#
[2010.04.21 16:02:55 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\ALDI_SUED_Mah_Jong
[2009.12.24 19:08:46 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\MAGIX
[2010.03.27 09:03:41 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Nokia
[2010.03.27 08:27:10 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\PC Suite
[2010.02.19 17:25:56 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\PhotoFiltre
[2010.01.14 11:04:30 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Samsung
[2010.03.14 15:53:18 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Template
[2010.03.20 20:04:23 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\TS3Client
[2010.03.30 19:36:08 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
[color=#E56717]========== Purity Check ==========[/color]
 
 
 
[color=#E56717]========== Custom Scans ==========[/color]
 
 
[color=#A23BEC]< %SYSTEMDRIVE%\*.exe >[/color]
 
 
[color=#A23BEC]< MD5 for: AGP440.SYS  >[/color]
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_65848c2d7375a720\AGP440.sys
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys
 
[color=#A23BEC]< MD5 for: ATAPI.SYS  >[/color]
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_f64b9c35a3a5be81\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys
 
[color=#A23BEC]< MD5 for: CNGAUDIT.DLL  >[/color]
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
 
[color=#A23BEC]< MD5 for: EVENTLOG.DLL  >[/color]
[2007.05.17 21:34:04 | 000,007,216 | ---- | M] () MD5=C2A279A458A06DE2C83D842AA042B5A8 -- C:\Programme\CyberLink\PowerDirector\EventLog.dll
 
[color=#A23BEC]< MD5 for: IASTOR.SYS  >[/color]
[2009.06.04 18:54:36 | 000,408,600 | ---- | M] (Intel Corporation) MD5=1D004CB1DA6323B1F55CAEF7F94B61D9 -- C:\Programme\Intel\Intel Matrix Storage Manager\driver64\IaStor.sys
[2009.06.04 18:43:16 | 000,330,264 | ---- | M] (Intel Corporation) MD5=D483687EACE0C065EE772481A96E05F5 -- C:\Programme\Intel\Intel Matrix Storage Manager\driver\IaStor.sys
[2009.06.04 18:43:16 | 000,330,264 | ---- | M] (Intel Corporation) MD5=D483687EACE0C065EE772481A96E05F5 -- C:\Windows\System32\drivers\iaStor.sys
[2009.06.04 18:43:16 | 000,330,264 | ---- | M] (Intel Corporation) MD5=D483687EACE0C065EE772481A96E05F5 -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_x86_neutral_4f144d6467fc7c22\iaStor.sys
 
[color=#A23BEC]< MD5 for: IASTORV.SYS  >[/color]
[2009.07.14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\System32\drivers\iaStorV.sys
[2009.07.14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_18cccb83b34e1453\iaStorV.sys
[2009.07.14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys
 
[color=#A23BEC]< MD5 for: NETLOGON.DLL  >[/color]
[2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\System32\netlogon.dll
[2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll
 
[color=#A23BEC]< MD5 for: NVSTOR.SYS  >[/color]
[2009.07.14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\System32\drivers\nvstor.sys
[2009.07.14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_5bde3fe2945bce9e\nvstor.sys
[2009.07.14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys
 
[color=#A23BEC]< MD5 for: SCECLI.DLL  >[/color]
[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\System32\scecli.dll
[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll
 
[color=#A23BEC]< %systemroot%\*. /mp /s >[/color]
 
[color=#A23BEC]< %systemroot%\system32\*.dll /lockedfiles >[/color]
[2009.07.14 03:15:13 | 000,346,112 | ---- | M] (Microsoft Corporation)[b] Unable to obtain MD5[/b] -- C:\Windows\System32\dxtmsft.dll
[2009.07.14 03:15:13 | 000,215,552 | ---- | M] (Microsoft Corporation)[b] Unable to obtain MD5[/b] -- C:\Windows\System32\dxtrans.dll
 
[color=#A23BEC]< %systemroot%\Tasks\*.job /lockedfiles >[/color]
 
[color=#A23BEC]< %systemroot%\system32\drivers\*.sys /lockedfiles >[/color]
 
[color=#A23BEC]< %systemroot%\System32\config\*.sav >[/color]

< End of report >

FiDoS · 21.04.2010, 17:04

EXTRA.TXT

HTML-Code:

OTL Extras logfile created on: 21.04.2010 17:47:49 - Run 1
OTL by OldTimer - Version 3.2.1.3     Folder = C:\Users\Michael\Desktop
 Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 73,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 85,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 424,66 Gb Total Space | 378,17 Gb Free Space | 89,05% Space Free | Partition Type: NTFS
Drive D: | 40,00 Gb Total Space | 31,60 Gb Free Space | 78,99% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: MICHAEL-PC
Current User Name: Michael
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan
 
[color=#E56717]========== Extra Registry (SafeList) ==========[/color]
 
 
[color=#E56717]========== File Associations ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
[color=#E56717]========== Shell Spawning ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~3\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[color=#E56717]========== Security Center Settings ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[color=#E56717]========== Authorized Applications List ==========[/color]
 
 
[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{08C0729E-3E50-11DF-9D81-005056806466}" = Google Earth
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2624B969-7135-4EB1-B0F6-2D8C397B45F7}_is1" = Media Player Classic - Home Cinema v. 1.3.1249.0
"{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron Flash Media Controller Driver
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java(TM) 6 Update 16
"{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3E6F0CAD-EE38-42A5-9EEA-AE17A55BF2D4}" = Firebird SQL Server - MAGIX Edition
"{3EFEF049-23D4-4B46-8903-4592FEA51018}" = Windows Live Movie Maker
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{4737AD9F-13AA-4E4C-B86F-B631D557F6A7}" = e-Wörterbücher
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{70B7A167-0B88-445D-A3EA-97C73AA88CAC}" = Windows Live Toolbar
"{7397EDED-F38A-4654-B669-BF61065803D0}" = PC Connectivity Solution
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7E84FAC8-C518-40F9-9807-7455301D6D25}" = SamsungConnectivityCableDriver
"{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{96DCEE2F-98EE-4F80-8C0F-7C04D1FB9D7F}" = JMicron Ethernet Adapter NDIS Driver
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9D3D8C60-A55F-4fed-B2B9-173F09590E16}" = REALTEK Wireless LAN Driver
"{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AB770FDE-8087-4C98-9A85-BD64262C104C}" = Medion Home Cinema
"{AC76BA86-7AD7-1031-7B44-A91000000001}" = Adobe Reader 9.1.3 - Deutsch
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer
"{B9C9DB4C-6D77-4AE9-AD1C-C708C23239A0}" = Nokia Connectivity Cable Driver
"{BAC80EF3-E106-4AEA-8C57-F217F9BC7358}" = Microsoft SQL Server 2005 Compact Edition [DEU]
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"{D36DD326-7280-11D8-97C8-000129760CBE}" = CyberLink PhotoNow
"{D8DDC00B-2881-407D-AAC2-44AEE70AF0B7}" = Nokia Software Updater
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E3D04529-6EDB-11D8-A372-0050BAE317E1}" = CyberLink PowerDVD Copy
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"{F439D7AF-03F3-4F8E-AEC4-571BFE977C61}" = iTunes
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"504244733D18C8F63FF584AEB290E3904E791693" = Windows-Treiberpaket - Nokia pccsmcfd  (08/22/2008 7.0.0.0)
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"ALDI Süd Foto Manager Free D" = ALDI Süd Foto Manager Free
"ALDI Süd Foto Service D" = ALDI Süd Foto Service
"Aldi Süd Fotoservice_is1" = Aldi Süd Fotoservice
"ALDI SÜD Mah Jong" = ALDI SÜD Mah Jong
"ALDI Süd Online Druck Service D" = ALDI Süd Online Druck Service
"Audacity_is1" = Audacity 1.2.6
"AVG9Uninstall" = AVG Free 9.0
"E24870CB6AA1C3511635FF9020A3E9471287FBE7" = Windows-Treiberpaket - MobileTop (sshpmdm) Modem  (01/26/2008 2.6.0.0)
"Free 3GP Video Converter_is1" = Free 3GP Video Converter version 3.2
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.2
"Free YouTube Download_is1" = Free YouTube Download 2.3
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.2
"Google Chrome" = Google Chrome
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HijackThis" = HijackThis 2.0.2
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow
"InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
"InstallShield_{AB770FDE-8087-4C98-9A85-BD64262C104C}" = Medion Home Cinema
"InstallShield_{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}" = CyberLink PhotoNow
"InstallShield_{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"McAfee Security Scan" = McAfee Security Scan
"MEDION Fotos auf CD & DVD SE Sued D" = MEDION Fotos auf CD & DVD SE Sued
"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
"NSS" = NSS (remove only)
"SAMSUNG Mobile Composite Device" = SAMSUNG Mobile Composite Device Software
"SAMSUNG Mobile Modem" = SAMSUNG Mobile Modem Driver Set
"Samsung Mobile Modem Device" = Samsung Mobile Modem Device Software
"SAMSUNG Mobile Modem V2" = SAMSUNG Mobile Modem V2 Software
"Samsung Mobile phone USB driver Drive" = Samsung Mobile phone USB driver Drive Software
"SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software
"SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software
"SAMSUNG USB Mobile Device" = SAMSUNG USB Mobile Device Software
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"TVWiz" = Intel(R) TV Wizard
"Uninstall_is1" = Uninstall 1.0.0.1
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
 
[color=#E56717]========== Last 10 Event Log Errors ==========[/color]
 
[ Application Events ]
Error - 11.04.2010 10:14:05 | Computer Name = Michael-PC | Source = Google Update | ID = 20
Description = 
 
Error - 11.04.2010 11:14:05 | Computer Name = Michael-PC | Source = Google Update | ID = 20
Description = 
 
Error - 11.04.2010 14:47:25 | Computer Name = Michael-PC | Source = Google Update | ID = 20
Description = 
 
Error - 11.04.2010 15:36:31 | Computer Name = Michael-PC | Source = Google Update | ID = 20
Description = 
 
Error - 12.04.2010 15:02:14 | Computer Name = Michael-PC | Source = Google Update | ID = 20
Description = 
 
Error - 12.04.2010 15:14:05 | Computer Name = Michael-PC | Source = Google Update | ID = 20
Description = 
 
Error - 17.04.2010 16:14:05 | Computer Name = Michael-PC | Source = Google Update | ID = 20
Description = 
 
Error - 21.04.2010 02:42:03 | Computer Name = Michael-PC | Source = VSS | ID = 8194
Description = 
 
Error - 21.04.2010 10:24:45 | Computer Name = Michael-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: cxwsroeamn.exe, Version: 0.0.0.0,
 Zeitstempel: 0x4bcd8ebb  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
 Zeitstempel: 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00000000  ID des fehlerhaften
 Prozesses: 0x1620  Startzeit der fehlerhaften Anwendung: 0x01cae15e5ea63206  Pfad der
 fehlerhaften Anwendung: C:\Users\Michael\AppData\Local\Temp\cxwsroeamn.exe  Pfad 
des fehlerhaften Moduls: unknown  Berichtskennung: a1a70348-4d51-11df-ab99-00222008339b
 
Error - 21.04.2010 10:24:46 | Computer Name = Michael-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Hqp.exe, Version: 6.0.0.33, Zeitstempel:
 0x4ba3a52d  Name des fehlerhaften Moduls: msvcrt.dll, Version: 7.0.7600.16385, Zeitstempel:
 0x4a5bda6f  Ausnahmecode: 0xc0000005  Fehleroffset: 0x0001366a  ID des fehlerhaften Prozesses:
 0xc38  Startzeit der fehlerhaften Anwendung: 0x01cae15e5768e8d3  Pfad der fehlerhaften
 Anwendung: C:\Users\Michael\AppData\Local\Temp\Hqp.exe  Pfad des fehlerhaften Moduls:
 C:\Windows\system32\msvcrt.dll  Berichtskennung: a1a72a59-4d51-11df-ab99-00222008339b
 
[ System Events ]
Error - 06.03.2010 07:52:41 | Computer Name = Michael-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?05.?03.?2010 um 21:44:51 unerwartet heruntergefahren.
 
Error - 10.03.2010 08:14:15 | Computer Name = Michael-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?10.?03.?2010 um 10:20:56 unerwartet heruntergefahren.
 
Error - 15.03.2010 11:19:17 | Computer Name = Michael-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?15.?03.?2010 um 16:17:00 unerwartet heruntergefahren.
 
Error - 22.03.2010 14:09:18 | Computer Name = Michael-PC | Source = Microsoft-Windows-Application-Experience | ID = 205
Description = Der Dienst "Programmkompatibilitäts-Assistent" konnte Phase 2 nicht
 initialisieren.
 
Error - 26.03.2010 11:53:46 | Computer Name = Michael-PC | Source = JMCR | ID = 262159
Description = Das Gerät \Device\Scsi\JMCR1 ist für den Zugriff noch nicht bereit.
 
Error - 26.03.2010 11:53:46 | Computer Name = Michael-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
 
Error - 26.03.2010 11:59:06 | Computer Name = Michael-PC | Source = Disk | ID = 262159
Description = Das Gerät \Device\Harddisk1\DR1 ist für den Zugriff noch nicht bereit.
 
Error - 26.03.2010 11:59:06 | Computer Name = Michael-PC | Source = Disk | ID = 262159
Description = Das Gerät \Device\Harddisk1\DR1 ist für den Zugriff noch nicht bereit.
 
Error - 26.03.2010 13:58:17 | Computer Name = Michael-PC | Source = Service Control Manager | ID = 7030
Description = Der Dienst "MotoConnect Service" ist als interaktiver Dienst gekennzeichnet.
 Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich
 sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
 
Error - 26.03.2010 14:20:04 | Computer Name = Michael-PC | Source = Service Control Manager | ID = 7030
Description = Der Dienst "ServiceLayer" ist als interaktiver Dienst gekennzeichnet.
 Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich
 sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
 
 
< End of report >

so...

wie gehts weiter

?

Larusso · 21.04.2010, 20:47

Lade ComboFix von einem dieser Download-Spiegel herunter:

BleepingComputer - ForoSpyware

* Wichtig !! Speichere ComboFix auf dem Desktop

Deaktivere Deine Anti-Virus- und Anti-Spyware-Programme. Normalerweise kannst Du dies über einen Rechtsklick auf das Systemtray-Icon tun. Die Programme könnten sonst eventuell unsere Programme bei deren Arbeit stören.
Doppelklicke auf die ComboFix.exe und folge den Anweisungen.
ComboFix wird schauen, ob die Microsoft-Windows-Wiederherstellungskonsole installiert ist. Dies ist Teil des Prozesses. Angesichts der Art von Malware Infizierungen, die es heute gibt, wird dringend empfohlen, diese Wiederherstellungskonsole auf dem PC installiert zu haben, bevor jegliche Reinigung von Malware durchgeführt wird.
Folge den Anweisungen, um ComboFix das Herunterladen und Installieren der Wiederherstellungskonsole zu ermöglichen und stimme dem Lizenzvertrag (EULA) zu, sobald Du dazu aufgefordert wirst.

**Zur Information: Sollte die Wiederherstellungskonsole schon installiert sein, so wird ComboFix seine Malware-Entfernungsprozedur normal fortfahren.

Sobald die Wiederherstellungskonsole durch ComboFix installiert wurde, solltest Du folgende Nachricht sehen:

Klicke "Ja", um mit dem Suchlauf nach Malware fortzufahren.

Wenn ComboFix fertig ist, wird es ein Log erstellen. Bitte füge die C:\ComboFix.txt Deiner nächsten Antwort bei.

FiDoS · 22.04.2010, 07:02

Combofix.txt

HTML-Code:

ComboFix 10-04-21.01 - Michael 22.04.2010   7:50.1.2 - x86
Microsoft Windows 7 Home Premium   6.1.7600.0.1252.49.1031.18.3005.2057 [GMT 2:00]
ausgeführt von:: c:\users\Michael\Desktop\ComboFix.exe
SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
.

((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\Michael\AppData\Roaming\.#
c:\users\Michael\AppData\Roaming\.#\MBX@1038@1422740.###
c:\users\Michael\AppData\Roaming\.#\MBX@1038@1422770.###
c:\users\Michael\AppData\Roaming\.#\MBX@10B8@372740.###
c:\users\Michael\AppData\Roaming\.#\MBX@10B8@372770.###
c:\users\Michael\AppData\Roaming\.#\MBX@10C4@272740.###
c:\users\Michael\AppData\Roaming\.#\MBX@10C4@272770.###
c:\users\Michael\AppData\Roaming\.#\MBX@10FC@1572740.###
c:\users\Michael\AppData\Roaming\.#\MBX@10FC@1572770.###
c:\users\Michael\AppData\Roaming\.#\MBX@112C@14A2740.###
c:\users\Michael\AppData\Roaming\.#\MBX@112C@14A2770.###
c:\users\Michael\AppData\Roaming\.#\MBX@1164@1662740.###
c:\users\Michael\AppData\Roaming\.#\MBX@1164@1662770.###
c:\users\Michael\AppData\Roaming\.#\MBX@118C@15C2740.###
c:\users\Michael\AppData\Roaming\.#\MBX@118C@15C2770.###
c:\users\Michael\AppData\Roaming\.#\MBX@11AC@1472740.###
c:\users\Michael\AppData\Roaming\.#\MBX@11AC@1472770.###
c:\users\Michael\AppData\Roaming\.#\MBX@1244@13C2740.###
c:\users\Michael\AppData\Roaming\.#\MBX@1244@13C2770.###
c:\users\Michael\AppData\Roaming\.#\MBX@124C@3E2740.###
c:\users\Michael\AppData\Roaming\.#\MBX@124C@3E2770.###
c:\users\Michael\AppData\Roaming\.#\MBX@1254@1322740.###
c:\users\Michael\AppData\Roaming\.#\MBX@1254@1322770.###
c:\users\Michael\AppData\Roaming\.#\MBX@12E4@1522740.###
c:\users\Michael\AppData\Roaming\.#\MBX@12E4@1522770.###
c:\users\Michael\AppData\Roaming\.#\MBX@12F4@1502740.###
c:\users\Michael\AppData\Roaming\.#\MBX@12F4@1502770.###
c:\users\Michael\AppData\Roaming\.#\MBX@12FC@15F2740.###
c:\users\Michael\AppData\Roaming\.#\MBX@12FC@15F2770.###
c:\users\Michael\AppData\Roaming\.#\MBX@1310@202740.###
c:\users\Michael\AppData\Roaming\.#\MBX@1310@202770.###
c:\users\Michael\AppData\Roaming\.#\MBX@1350@14C2740.###
c:\users\Michael\AppData\Roaming\.#\MBX@1350@14C2770.###
c:\users\Michael\AppData\Roaming\.#\MBX@13C4@1F2740.###
c:\users\Michael\AppData\Roaming\.#\MBX@13C4@1F2770.###
c:\users\Michael\AppData\Roaming\.#\MBX@1454@1352740.###
c:\users\Michael\AppData\Roaming\.#\MBX@1454@1352770.###
c:\users\Michael\AppData\Roaming\.#\MBX@1488@1412740.###
c:\users\Michael\AppData\Roaming\.#\MBX@1488@1412770.###
c:\users\Michael\AppData\Roaming\.#\MBX@1490@2D2740.###
c:\users\Michael\AppData\Roaming\.#\MBX@1490@2D2770.###
c:\users\Michael\AppData\Roaming\.#\MBX@14EC@1462740.###
c:\users\Michael\AppData\Roaming\.#\MBX@14EC@1462770.###
c:\users\Michael\AppData\Roaming\.#\MBX@14F8@382740.###
c:\users\Michael\AppData\Roaming\.#\MBX@14F8@382770.###
c:\users\Michael\AppData\Roaming\.#\MBX@153C@14E2740.###
c:\users\Michael\AppData\Roaming\.#\MBX@153C@14E2770.###
c:\users\Michael\AppData\Roaming\.#\MBX@1550@1582740.###
c:\users\Michael\AppData\Roaming\.#\MBX@1550@1582770.###
c:\users\Michael\AppData\Roaming\.#\MBX@1554@3F2740.###
c:\users\Michael\AppData\Roaming\.#\MBX@1554@3F2770.###
c:\users\Michael\AppData\Roaming\.#\MBX@1684@1352740.###
c:\users\Michael\AppData\Roaming\.#\MBX@1684@1352770.###
c:\users\Michael\AppData\Roaming\.#\MBX@1694@15D2740.###
c:\users\Michael\AppData\Roaming\.#\MBX@1694@15D2770.###
c:\users\Michael\AppData\Roaming\.#\MBX@16A8@252740.###
c:\users\Michael\AppData\Roaming\.#\MBX@16A8@252770.###
c:\users\Michael\AppData\Roaming\.#\MBX@1768@13D2740.###
c:\users\Michael\AppData\Roaming\.#\MBX@1768@13D2770.###
c:\users\Michael\AppData\Roaming\.#\MBX@17A0@13B2740.###
c:\users\Michael\AppData\Roaming\.#\MBX@17A0@13B2770.###
c:\users\Michael\AppData\Roaming\.#\MBX@17A4@732740.###
c:\users\Michael\AppData\Roaming\.#\MBX@17A4@732770.###
c:\users\Michael\AppData\Roaming\.#\MBX@17C8@1362740.###
c:\users\Michael\AppData\Roaming\.#\MBX@17C8@1362770.###
c:\users\Michael\AppData\Roaming\.#\MBX@1B68@612740.###
c:\users\Michael\AppData\Roaming\.#\MBX@1B68@612770.###
c:\users\Michael\AppData\Roaming\.#\MBX@1E1C@1502740.###
c:\users\Michael\AppData\Roaming\.#\MBX@1E1C@1502770.###
c:\users\Michael\AppData\Roaming\.#\MBX@2138@14C2740.###
c:\users\Michael\AppData\Roaming\.#\MBX@2138@14C2770.###
c:\users\Michael\AppData\Roaming\.#\MBX@22CC@14F2740.###
c:\users\Michael\AppData\Roaming\.#\MBX@22CC@14F2770.###
c:\users\Michael\AppData\Roaming\.#\MBX@2D8@1492740.###
c:\users\Michael\AppData\Roaming\.#\MBX@2D8@1492770.###
c:\users\Michael\AppData\Roaming\.#\MBX@2E0@672740.###
c:\users\Michael\AppData\Roaming\.#\MBX@2E0@672770.###
c:\users\Michael\AppData\Roaming\.#\MBX@384@1652740.###
c:\users\Michael\AppData\Roaming\.#\MBX@384@1652770.###
c:\users\Michael\AppData\Roaming\.#\MBX@38DC@14F2740.###
c:\users\Michael\AppData\Roaming\.#\MBX@38DC@14F2770.###
c:\users\Michael\AppData\Roaming\.#\MBX@3BA4@792740.###
c:\users\Michael\AppData\Roaming\.#\MBX@3BA4@792770.###
c:\users\Michael\AppData\Roaming\.#\MBX@3D4@14A2740.###
c:\users\Michael\AppData\Roaming\.#\MBX@3D4@14A2770.###
c:\users\Michael\AppData\Roaming\.#\MBX@3D4@3D2740.###
c:\users\Michael\AppData\Roaming\.#\MBX@3D4@3D2770.###
c:\users\Michael\AppData\Roaming\.#\MBX@470@1522740.###
c:\users\Michael\AppData\Roaming\.#\MBX@470@1522770.###
c:\users\Michael\AppData\Roaming\.#\MBX@4B0@13A2740.###
c:\users\Michael\AppData\Roaming\.#\MBX@4B0@13A2770.###
c:\users\Michael\AppData\Roaming\.#\MBX@4B0@1642740.###
c:\users\Michael\AppData\Roaming\.#\MBX@4B0@1642770.###
c:\users\Michael\AppData\Roaming\.#\MBX@4CC@1442740.###
c:\users\Michael\AppData\Roaming\.#\MBX@4CC@1442770.###
c:\users\Michael\AppData\Roaming\.#\MBX@4E4@1372740.###
c:\users\Michael\AppData\Roaming\.#\MBX@4E4@1372770.###
c:\users\Michael\AppData\Roaming\.#\MBX@4E8@3A2740.###
c:\users\Michael\AppData\Roaming\.#\MBX@4E8@3A2770.###
c:\users\Michael\AppData\Roaming\.#\MBX@4FC@762740.###
c:\users\Michael\AppData\Roaming\.#\MBX@4FC@762770.###
c:\users\Michael\AppData\Roaming\.#\MBX@508@14D2740.###
c:\users\Michael\AppData\Roaming\.#\MBX@508@14D2770.###
c:\users\Michael\AppData\Roaming\.#\MBX@528@682740.###
c:\users\Michael\AppData\Roaming\.#\MBX@528@682770.###
c:\users\Michael\AppData\Roaming\.#\MBX@53C@3D2740.###
c:\users\Michael\AppData\Roaming\.#\MBX@53C@3D2770.###
c:\users\Michael\AppData\Roaming\.#\MBX@554@212740.###
c:\users\Michael\AppData\Roaming\.#\MBX@554@212770.###
c:\users\Michael\AppData\Roaming\.#\MBX@560@14B2740.###
c:\users\Michael\AppData\Roaming\.#\MBX@560@14B2770.###
c:\users\Michael\AppData\Roaming\.#\MBX@578@1582740.###
c:\users\Michael\AppData\Roaming\.#\MBX@578@1582770.###
c:\users\Michael\AppData\Roaming\.#\MBX@580@3F2740.###
c:\users\Michael\AppData\Roaming\.#\MBX@580@3F2770.###
c:\users\Michael\AppData\Roaming\.#\MBX@584@1462740.###
c:\users\Michael\AppData\Roaming\.#\MBX@584@1462770.###
c:\users\Michael\AppData\Roaming\.#\MBX@584@632740.###
c:\users\Michael\AppData\Roaming\.#\MBX@584@632770.###
c:\users\Michael\AppData\Roaming\.#\MBX@5A0@1572740.###
c:\users\Michael\AppData\Roaming\.#\MBX@5A0@1572770.###
c:\users\Michael\AppData\Roaming\.#\MBX@5F4@692740.###
c:\users\Michael\AppData\Roaming\.#\MBX@5F4@692770.###
c:\users\Michael\AppData\Roaming\.#\MBX@660@1592740.###
c:\users\Michael\AppData\Roaming\.#\MBX@660@1592770.###
c:\users\Michael\AppData\Roaming\.#\MBX@668@1432740.###
c:\users\Michael\AppData\Roaming\.#\MBX@668@1432770.###
c:\users\Michael\AppData\Roaming\.#\MBX@694@1432740.###
c:\users\Michael\AppData\Roaming\.#\MBX@694@1432770.###
c:\users\Michael\AppData\Roaming\.#\MBX@6DC@14C2740.###
c:\users\Michael\AppData\Roaming\.#\MBX@6DC@14C2770.###
c:\users\Michael\AppData\Roaming\.#\MBX@6F0@3A2740.###
c:\users\Michael\AppData\Roaming\.#\MBX@6F0@3A2770.###
c:\users\Michael\AppData\Roaming\.#\MBX@770@712740.###
c:\users\Michael\AppData\Roaming\.#\MBX@770@712770.###
c:\users\Michael\AppData\Roaming\.#\MBX@778@392740.###
c:\users\Michael\AppData\Roaming\.#\MBX@778@392770.###
c:\users\Michael\AppData\Roaming\.#\MBX@77C@1412740.###
c:\users\Michael\AppData\Roaming\.#\MBX@77C@1412770.###
c:\users\Michael\AppData\Roaming\.#\MBX@7B4@1492740.###
c:\users\Michael\AppData\Roaming\.#\MBX@7B4@1492770.###
c:\users\Michael\AppData\Roaming\.#\MBX@7BC@762740.###
c:\users\Michael\AppData\Roaming\.#\MBX@7BC@762770.###
c:\users\Michael\AppData\Roaming\.#\MBX@86C@14A2740.###
c:\users\Michael\AppData\Roaming\.#\MBX@86C@14A2770.###
c:\users\Michael\AppData\Roaming\.#\MBX@884@1492740.###
c:\users\Michael\AppData\Roaming\.#\MBX@884@1492770.###
c:\users\Michael\AppData\Roaming\.#\MBX@8C4@14C2740.###
c:\users\Michael\AppData\Roaming\.#\MBX@8C4@14C2770.###
c:\users\Michael\AppData\Roaming\.#\MBX@8D8@1422740.###
c:\users\Michael\AppData\Roaming\.#\MBX@8D8@1422770.###
c:\users\Michael\AppData\Roaming\.#\MBX@8D8@1512740.###
c:\users\Michael\AppData\Roaming\.#\MBX@8D8@1512770.###
c:\users\Michael\AppData\Roaming\.#\MBX@924@15B2740.###
c:\users\Michael\AppData\Roaming\.#\MBX@924@15B2770.###
c:\users\Michael\AppData\Roaming\.#\MBX@948@1F2740.###
c:\users\Michael\AppData\Roaming\.#\MBX@948@1F2770.###
c:\users\Michael\AppData\Roaming\.#\MBX@980@1562740.###
c:\users\Michael\AppData\Roaming\.#\MBX@980@1562770.###
c:\users\Michael\AppData\Roaming\.#\MBX@988@222740.###
c:\users\Michael\AppData\Roaming\.#\MBX@988@222770.###
c:\users\Michael\AppData\Roaming\.#\MBX@9A4@232740.###
c:\users\Michael\AppData\Roaming\.#\MBX@9A4@232770.###
c:\users\Michael\AppData\Roaming\.#\MBX@9B8@1522740.###
c:\users\Michael\AppData\Roaming\.#\MBX@9B8@1522770.###
c:\users\Michael\AppData\Roaming\.#\MBX@9C0@14A2740.###
c:\users\Michael\AppData\Roaming\.#\MBX@9C0@14A2770.###
c:\users\Michael\AppData\Roaming\.#\MBX@A1C@1452740.###
c:\users\Michael\AppData\Roaming\.#\MBX@A1C@1452770.###
c:\users\Michael\AppData\Roaming\.#\MBX@A58@262740.###
c:\users\Michael\AppData\Roaming\.#\MBX@A58@262770.###
c:\users\Michael\AppData\Roaming\.#\MBX@A60@15A2740.###
c:\users\Michael\AppData\Roaming\.#\MBX@A60@15A2770.###
c:\users\Michael\AppData\Roaming\.#\MBX@A64@1382740.###
c:\users\Michael\AppData\Roaming\.#\MBX@A64@1382770.###
c:\users\Michael\AppData\Roaming\.#\MBX@A70@15C2740.###
c:\users\Michael\AppData\Roaming\.#\MBX@A70@15C2770.###
c:\users\Michael\AppData\Roaming\.#\MBX@AE8@13E2740.###
c:\users\Michael\AppData\Roaming\.#\MBX@AE8@13E2770.###
c:\users\Michael\AppData\Roaming\.#\MBX@B48@14D2740.###
c:\users\Michael\AppData\Roaming\.#\MBX@B48@14D2770.###
c:\users\Michael\AppData\Roaming\.#\MBX@B58@14D2740.###
c:\users\Michael\AppData\Roaming\.#\MBX@B58@14D2770.###
c:\users\Michael\AppData\Roaming\.#\MBX@B5C@1512740.###
c:\users\Michael\AppData\Roaming\.#\MBX@B5C@1512770.###
c:\users\Michael\AppData\Roaming\.#\MBX@B64@1432740.###
c:\users\Michael\AppData\Roaming\.#\MBX@B64@1432770.###
c:\users\Michael\AppData\Roaming\.#\MBX@B70@392740.###
c:\users\Michael\AppData\Roaming\.#\MBX@B70@392770.###
c:\users\Michael\AppData\Roaming\.#\MBX@B94@14E2740.###
c:\users\Michael\AppData\Roaming\.#\MBX@B94@14E2770.###
c:\users\Michael\AppData\Roaming\.#\MBX@B9C@7B2740.###
c:\users\Michael\AppData\Roaming\.#\MBX@B9C@7B2770.###
c:\users\Michael\AppData\Roaming\.#\MBX@BA0@14D2740.###
c:\users\Michael\AppData\Roaming\.#\MBX@BA0@14D2770.###
c:\users\Michael\AppData\Roaming\.#\MBX@BA4@1572740.###
c:\users\Michael\AppData\Roaming\.#\MBX@BA4@1572770.###
c:\users\Michael\AppData\Roaming\.#\MBX@BA8@1562740.###
c:\users\Michael\AppData\Roaming\.#\MBX@BA8@1562770.###
c:\users\Michael\AppData\Roaming\.#\MBX@BAC@212740.###
c:\users\Michael\AppData\Roaming\.#\MBX@BAC@212770.###
c:\users\Michael\AppData\Roaming\.#\MBX@BB0@13A2740.###
c:\users\Michael\AppData\Roaming\.#\MBX@BB0@13A2770.###
c:\users\Michael\AppData\Roaming\.#\MBX@BC0@1512740.###
c:\users\Michael\AppData\Roaming\.#\MBX@BC0@1512770.###
c:\users\Michael\AppData\Roaming\.#\MBX@BD4@1662740.###
c:\users\Michael\AppData\Roaming\.#\MBX@BD4@1662770.###
c:\users\Michael\AppData\Roaming\.#\MBX@C10@1472740.###
c:\users\Michael\AppData\Roaming\.#\MBX@C10@1472770.###
c:\users\Michael\AppData\Roaming\.#\MBX@C34@15C2740.###
c:\users\Michael\AppData\Roaming\.#\MBX@C34@15C2770.###
c:\users\Michael\AppData\Roaming\.#\MBX@C44@15B2740.###
c:\users\Michael\AppData\Roaming\.#\MBX@C44@15B2770.###
c:\users\Michael\AppData\Roaming\.#\MBX@C88@1362740.###
c:\users\Michael\AppData\Roaming\.#\MBX@C88@1362770.###
c:\users\Michael\AppData\Roaming\.#\MBX@C90@1F2740.###
c:\users\Michael\AppData\Roaming\.#\MBX@C90@1F2770.###
c:\users\Michael\AppData\Roaming\.#\MBX@CB0@15A2740.###
c:\users\Michael\AppData\Roaming\.#\MBX@CB0@15A2770.###
c:\users\Michael\AppData\Roaming\.#\MBX@CB8@322740.###
c:\users\Michael\AppData\Roaming\.#\MBX@CB8@322770.###
c:\users\Michael\AppData\Roaming\.#\MBX@CC0@1492740.###
c:\users\Michael\AppData\Roaming\.#\MBX@CC0@1492770.###
c:\users\Michael\AppData\Roaming\.#\MBX@CC0@262740.###
c:\users\Michael\AppData\Roaming\.#\MBX@CC0@262770.###
c:\users\Michael\AppData\Roaming\.#\MBX@CC4@1492740.###
c:\users\Michael\AppData\Roaming\.#\MBX@CC4@1492770.###
c:\users\Michael\AppData\Roaming\.#\MBX@D34@602740.###
c:\users\Michael\AppData\Roaming\.#\MBX@D34@602770.###
c:\users\Michael\AppData\Roaming\.#\MBX@D3C@15D2740.###
c:\users\Michael\AppData\Roaming\.#\MBX@D3C@15D2770.###
c:\users\Michael\AppData\Roaming\.#\MBX@D80@1652740.###
c:\users\Michael\AppData\Roaming\.#\MBX@D80@1652770.###
c:\users\Michael\AppData\Roaming\.#\MBX@D9C@1312740.###
c:\users\Michael\AppData\Roaming\.#\MBX@D9C@1312770.###
c:\users\Michael\AppData\Roaming\.#\MBX@DA0@1462740.###
c:\users\Michael\AppData\Roaming\.#\MBX@DA0@1462770.###
c:\users\Michael\AppData\Roaming\.#\MBX@DCC@3C2740.###
c:\users\Michael\AppData\Roaming\.#\MBX@DCC@3C2770.###
c:\users\Michael\AppData\Roaming\.#\MBX@DE4@782740.###
c:\users\Michael\AppData\Roaming\.#\MBX@DE4@782770.###
c:\users\Michael\AppData\Roaming\.#\MBX@E04@15A2740.###
c:\users\Michael\AppData\Roaming\.#\MBX@E04@15A2770.###
c:\users\Michael\AppData\Roaming\.#\MBX@E0C@322740.###
c:\users\Michael\AppData\Roaming\.#\MBX@E0C@322770.###
c:\users\Michael\AppData\Roaming\.#\MBX@E1C@1642740.###
c:\users\Michael\AppData\Roaming\.#\MBX@E1C@1642770.###
c:\users\Michael\AppData\Roaming\.#\MBX@E4C@1F2740.###
c:\users\Michael\AppData\Roaming\.#\MBX@E4C@1F2770.###
c:\users\Michael\AppData\Roaming\.#\MBX@E98@13E2740.###
c:\users\Michael\AppData\Roaming\.#\MBX@E98@13E2770.###
c:\users\Michael\AppData\Roaming\.#\MBX@EB4@6A2740.###
c:\users\Michael\AppData\Roaming\.#\MBX@EB4@6A2770.###
c:\users\Michael\AppData\Roaming\.#\MBX@EC0@1382740.###
c:\users\Michael\AppData\Roaming\.#\MBX@EC0@1382770.###
c:\users\Michael\AppData\Roaming\.#\MBX@ED4@1422740.###
c:\users\Michael\AppData\Roaming\.#\MBX@ED4@1422770.###
c:\users\Michael\AppData\Roaming\.#\MBX@ED8@1552740.###
c:\users\Michael\AppData\Roaming\.#\MBX@ED8@1552770.###
c:\users\Michael\AppData\Roaming\.#\MBX@EE4@1442740.###
c:\users\Michael\AppData\Roaming\.#\MBX@EE4@1442770.###
c:\users\Michael\AppData\Roaming\.#\MBX@EEC@1462740.###
c:\users\Michael\AppData\Roaming\.#\MBX@EEC@1462770.###
c:\users\Michael\AppData\Roaming\.#\MBX@F0C@15D2740.###
c:\users\Michael\AppData\Roaming\.#\MBX@F0C@15D2770.###
c:\users\Michael\AppData\Roaming\.#\MBX@F10@3B2740.###
c:\users\Michael\AppData\Roaming\.#\MBX@F10@3B2770.###
c:\users\Michael\AppData\Roaming\.#\MBX@F28@1612740.###
c:\users\Michael\AppData\Roaming\.#\MBX@F28@1612770.###
c:\users\Michael\AppData\Roaming\.#\MBX@F40@1522740.###
c:\users\Michael\AppData\Roaming\.#\MBX@F40@1522770.###
c:\users\Michael\AppData\Roaming\.#\MBX@F48@13C2740.###
c:\users\Michael\AppData\Roaming\.#\MBX@F48@13C2770.###
c:\users\Michael\AppData\Roaming\.#\MBX@F70@1352740.###
c:\users\Michael\AppData\Roaming\.#\MBX@F70@1352770.###
c:\users\Michael\AppData\Roaming\.#\MBX@F74@372740.###
c:\users\Michael\AppData\Roaming\.#\MBX@F74@372770.###
c:\users\Michael\AppData\Roaming\.#\MBX@F78@14B2740.###
c:\users\Michael\AppData\Roaming\.#\MBX@F78@14B2770.###
c:\users\Michael\AppData\Roaming\.#\MBX@F8C@1522740.###
c:\users\Michael\AppData\Roaming\.#\MBX@F8C@1522770.###
c:\users\Michael\AppData\Roaming\.#\MBX@F9C@212740.###
c:\users\Michael\AppData\Roaming\.#\MBX@F9C@212770.###
c:\users\Michael\AppData\Roaming\.#\MBX@FA8@3D2740.###
c:\users\Michael\AppData\Roaming\.#\MBX@FA8@3D2770.###
c:\users\Michael\AppData\Roaming\.#\MBX@FB4@1462740.###
c:\users\Michael\AppData\Roaming\.#\MBX@FB4@1462770.###
c:\users\Michael\AppData\Roaming\.#\MBX@FB8@1382740.###
c:\users\Michael\AppData\Roaming\.#\MBX@FB8@1382770.###
c:\users\Michael\AppData\Roaming\.#\MBX@FC8@1582740.###
c:\users\Michael\AppData\Roaming\.#\MBX@FC8@1582770.###
c:\users\Michael\AppData\Roaming\.#\MBX@FD8@13B2740.###
c:\users\Michael\AppData\Roaming\.#\MBX@FD8@13B2770.###

.
(((((((((((((((((((((((   Dateien erstellt von 2010-03-22 bis 2010-04-22  ))))))))))))))))))))))))))))))
.

2010-04-21 15:30 . 2010-04-21 15:30	--------	d-----w-	c:\users\Michael\AppData\Roaming\Malwarebytes
2010-04-21 15:29 . 2010-03-29 22:46	38224	----a-w-	c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-21 15:29 . 2010-04-21 15:29	--------	d-----w-	c:\programdata\Malwarebytes
2010-04-21 15:29 . 2010-03-29 22:45	20824	----a-w-	c:\windows\system32\drivers\mbam.sys
2010-04-21 15:29 . 2010-04-21 15:29	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2010-04-21 14:59 . 2010-04-21 15:29	--------	d-----w-	c:\programdata\Spybot - Search & Destroy
2010-04-21 14:59 . 2010-04-21 14:59	--------	d-----w-	c:\program files\Spybot - Search & Destroy
2010-04-21 14:47 . 2010-04-21 14:47	--------	d-----w-	c:\program files\Trend Micro
2010-04-21 06:43 . 2010-04-21 06:43	242696	----a-w-	c:\programdata\avg9\update\backup\avgtdix.sys
2010-04-21 06:42 . 2010-04-21 06:42	1689952	----a-w-	c:\programdata\avg9\update\backup\avgupd.dll
2010-04-15 16:45 . 2010-03-08 21:33	427520	----a-w-	c:\windows\system32\vbscript.dll
2010-04-15 16:45 . 2010-02-27 12:07	3954568	----a-w-	c:\windows\system32\ntkrnlpa.exe
2010-04-15 16:45 . 2010-02-27 12:07	3899280	----a-w-	c:\windows\system32\ntoskrnl.exe
2010-04-15 16:45 . 2010-02-27 07:32	221696	----a-w-	c:\windows\system32\drivers\mrxsmb10.sys
2010-04-15 16:45 . 2010-02-27 07:32	95744	----a-w-	c:\windows\system32\drivers\mrxsmb20.sys
2010-04-15 16:45 . 2010-02-27 07:32	123392	----a-w-	c:\windows\system32\drivers\mrxsmb.sys
2010-04-15 16:44 . 2009-12-29 06:55	172032	----a-w-	c:\windows\system32\wintrust.dll
2010-04-15 16:44 . 2010-01-09 06:52	132608	----a-w-	c:\windows\system32\cabview.dll
2010-04-09 18:00 . 2010-04-09 18:00	4255072	----a-w-	c:\programdata\avg9\update\backup\avgcorex.dll
2010-04-02 07:52 . 2010-04-02 07:52	598296	----a-w-	c:\programdata\avg9\update\backup\avgsrmx.dll
2010-04-02 07:52 . 2010-04-02 07:52	4076824	----a-w-	c:\programdata\avg9\update\backup\avgui.exe
2010-04-02 07:52 . 2010-04-02 07:52	313112	----a-w-	c:\programdata\avg9\update\backup\avglogx.dll
2010-04-02 07:52 . 2010-04-02 07:52	2059544	----a-w-	c:\programdata\avg9\update\backup\avgtray.exe
2010-04-02 07:52 . 2010-04-02 07:52	1598744	----a-w-	c:\programdata\avg9\update\backup\avgssie.dll
2010-04-02 07:52 . 2010-04-02 07:52	1515224	----a-w-	c:\programdata\avg9\update\backup\avgwd.dll
2010-04-02 07:52 . 2010-04-02 07:52	1274136	----a-w-	c:\programdata\avg9\update\backup\avgfrw.exe
2010-04-02 07:52 . 2010-04-02 07:52	556824	----a-w-	c:\programdata\avg9\update\backup\avgchjwx.dll
2010-04-02 07:52 . 2010-04-02 07:52	459544	----a-w-	c:\programdata\avg9\update\backup\avgcclix.dll
2010-04-02 07:52 . 2010-04-02 07:52	301336	----a-w-	c:\programdata\avg9\update\backup\avgchclx.dll
2010-04-02 07:52 . 2010-04-02 07:52	1086744	----a-w-	c:\programdata\avg9\update\backup\avgchsvx.exe
2010-04-02 07:52 . 2010-04-02 07:52	1035032	----a-w-	c:\programdata\avg9\update\backup\avgupd.exe
2010-03-31 06:13 . 2010-02-23 07:56	977920	----a-w-	c:\windows\system32\wininet.dll
2010-03-29 20:08 . 2010-02-11 07:10	293376	----a-w-	c:\windows\system32\browserchoice.exe
2010-03-29 16:44 . 2010-03-29 16:44	--------	d-----w-	c:\program files\Common Files\Nokia
2010-03-29 16:44 . 2010-03-29 16:41	34687496	----a-w-	c:\programdata\Installations\{D8DDC00B-2881-407D-AAC2-44AEE70AF0B7}\NokiaSoftwareUpdaterSetup_de(4).exe
2010-03-29 16:16 . 2006-08-29 14:56	32377	----a-w-	c:\windows\system32\drivers\prodigy.sys
2010-03-29 16:16 . 2010-03-29 16:21	--------	d-----w-	c:\program files\NSS
2010-03-27 06:48 . 2010-03-27 06:48	34687496	----a-w-	c:\programdata\Installations\{D8DDC00B-2881-407D-AAC2-44AEE70AF0B7}\NokiaSoftwareUpdaterSetup_de(3).exe
2010-03-27 00:15 . 2010-03-27 00:15	--------	d-----w-	c:\programdata\Nokia
2010-03-27 00:11 . 2010-03-27 00:06	34687496	----a-w-	c:\programdata\Installations\{D8DDC00B-2881-407D-AAC2-44AEE70AF0B7}\NokiaSoftwareUpdaterSetup_de.exe
2010-03-27 00:10 . 2010-03-27 00:10	36864	----a-w-	c:\programdata\Installations\{D8DDC00B-2881-407D-AAC2-44AEE70AF0B7}\Installer\CommonCustomActions\Sleep.exe
2010-03-27 00:10 . 2010-03-27 00:10	3351812	----a-w-	c:\programdata\Installations\{D8DDC00B-2881-407D-AAC2-44AEE70AF0B7}\Installer\CommonCustomActions\msxml6Exec.exe
2010-03-27 00:10 . 2010-03-27 00:10	3203453	----a-w-	c:\programdata\Installations\{D8DDC00B-2881-407D-AAC2-44AEE70AF0B7}\Installer\CommonCustomActions\vcredistExec.exe
2010-03-26 20:26 . 2010-03-26 20:27	--------	d-----w-	c:\users\Michael\AppData\Roaming\Media Player Classic
2010-03-26 20:26 . 2010-03-26 20:26	--------	d-----w-	c:\program files\MPC HomeCinema
2010-03-26 18:39 . 2010-03-29 16:45	--------	d-----w-	c:\programdata\Installations
2010-03-26 18:24 . 2010-03-27 07:03	--------	d-----w-	c:\users\Michael\AppData\Roaming\Nokia
2010-03-26 18:22 . 2010-03-26 18:22	--------	d-----w-	c:\users\Michael\AppData\Local\Nokia
2010-03-26 18:22 . 2010-03-26 18:22	--------	d-----w-	c:\users\Michael\AppData\Local\NokiaAccount
2010-03-26 18:19 . 2010-03-26 18:19	12212040	----a-w-	c:\programdata\OviInstallerCache\{DEE1E2E5-B553-4F88-9DE7-23CBEA5D739C}\Installer\CommonCustomActions\WMFDist11-WindowsXP-X86-ENU.exe
2010-03-26 18:19 . 2010-03-26 18:19	13930312	----a-w-	c:\programdata\OviInstallerCache\{DEE1E2E5-B553-4F88-9DE7-23CBEA5D739C}\Installer\CommonCustomActions\WMFDist11-WindowsXP-X64-ENU.exe
2010-03-26 18:19 . 2010-03-26 18:19	77824	----a-w-	c:\programdata\OviInstallerCache\{DEE1E2E5-B553-4F88-9DE7-23CBEA5D739C}\Installer\CommonCustomActions\Run_XML6_SP1.exe
2010-03-26 18:19 . 2010-03-26 18:19	61440	----a-w-	c:\programdata\OviInstallerCache\{DEE1E2E5-B553-4F88-9DE7-23CBEA5D739C}\Installer\CommonCustomActions\WMF11Runx86.exe
2010-03-26 18:19 . 2010-03-26 18:19	58880	----a-w-	c:\programdata\OviInstallerCache\{DEE1E2E5-B553-4F88-9DE7-23CBEA5D739C}\Installer\CommonCustomActions\WMF11Runx64.exe
2010-03-26 18:19 . 2010-03-26 18:19	50000	----a-w-	c:\programdata\OviInstallerCache\{DEE1E2E5-B553-4F88-9DE7-23CBEA5D739C}\Installer\CommonCustomActions\pcswpc.exe
2010-03-26 18:18 . 2010-03-29 16:44	--------	d-----w-	c:\program files\Nokia
2010-03-26 18:18 . 2010-03-26 18:18	--------	d-----w-	c:\programdata\OviInstallerCache
2010-03-26 18:18 . 2010-03-26 18:18	98366952	----a-w-	c:\programdata\OviInstallerCache\{DEE1E2E5-B553-4F88-9DE7-23CBEA5D739C}\Nokia_Ovi_Suite_webinstaller_ALL.exe
2010-03-26 17:58 . 2010-03-26 17:58	--------	d-----w-	c:\program files\Common Files\Motorola Shared

.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-22 05:44 . 2009-07-14 08:47	643866	----a-w-	c:\windows\system32\perfh007.dat
2010-04-22 05:44 . 2009-07-14 08:47	126394	----a-w-	c:\windows\system32\perfc007.dat
2010-04-21 19:08 . 2010-02-06 13:28	0	----a-w-	c:\users\Michael\AppData\Local\prvlcl.dat
2010-04-21 14:02 . 2009-12-25 19:16	--------	d-----w-	c:\users\Michael\AppData\Roaming\ALDI_SUED_Mah_Jong
2010-04-21 06:43 . 2010-01-06 13:32	242896	----a-w-	c:\windows\system32\drivers\avgtdix.sys
2010-04-19 18:31 . 2010-03-14 13:53	2016	----a-w-	c:\users\Michael\AppData\Roaming\wklnhst.dat
2010-04-17 20:07 . 2009-09-29 06:08	--------	d-----w-	c:\programdata\Microsoft Help
2010-04-15 16:48 . 2010-02-06 16:07	--------	d-----w-	c:\program files\Google
2010-04-05 17:21 . 2010-04-05 17:21	0	---ha-w-	c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2010-03-27 06:27 . 2010-03-27 06:27	0	---ha-w-	c:\windows\system32\drivers\Msft_User_PCCSWpdDriver_01_07_00.Wdf
2010-03-27 06:27 . 2010-01-14 09:08	--------	d-----w-	c:\users\Michael\AppData\Roaming\PC Suite
2010-03-27 06:27 . 2010-01-14 09:08	--------	d-----w-	c:\programdata\PC Suite
2010-03-27 00:21 . 2010-03-27 00:21	0	---ha-w-	c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01007.Wdf
2010-03-26 23:09 . 2010-02-15 08:54	--------	d-----w-	c:\program files\Common Files\DVDVideoSoft
2010-03-26 23:09 . 2010-02-15 08:54	--------	d-----w-	c:\program files\DVDVideoSoft
2010-03-26 18:20 . 2010-01-14 09:04	--------	d-----w-	c:\program files\DIFX
2010-03-26 18:20 . 2010-01-14 09:04	--------	d-----w-	c:\program files\PC Connectivity Solution
2010-03-26 17:59 . 2010-03-26 17:59	0	---ha-w-	c:\windows\system32\drivers\Msft_Kernel_motmodem_01007.Wdf
2010-03-20 18:04 . 2010-03-20 17:58	--------	d-----w-	c:\users\Michael\AppData\Roaming\TS3Client
2010-03-20 17:57 . 2010-03-20 17:57	--------	d-----w-	c:\program files\TeamSpeak 3 Client
2010-03-20 14:57 . 2010-03-20 14:57	--------	d-----w-	c:\program files\Audacity
2010-03-17 15:03 . 2010-03-17 15:03	12464	----a-w-	c:\windows\system32\avgrsstx.dll
2010-03-17 15:03 . 2010-01-06 13:32	29512	----a-w-	c:\windows\system32\drivers\avgmfx86.sys
2010-03-17 15:02 . 2010-01-06 13:32	216200	----a-w-	c:\windows\system32\drivers\avgldx86.sys
2010-03-15 15:19 . 2009-09-29 06:31	--------	d-----w-	c:\program files\Microsoft Silverlight
2010-03-14 13:53 . 2010-03-14 13:53	--------	d-----w-	c:\users\Michael\AppData\Roaming\Template
2010-02-18 10:31 . 2010-02-09 20:06	19	----a-w-	c:\users\Michael\AppData\Roaming\mdbu.bin
2010-02-02 07:45 . 2010-02-24 08:27	2048	----a-w-	c:\windows\system32\tzres.dll
2010-01-22 18:51 . 2010-01-22 18:51	72488	----a-w-	c:\programdata\Apple Computer\Installer Cache\iTunes 9.0.3.15\SetupAdmin.exe
2009-06-10 21:26 . 2009-07-14 02:04	9633792	--sha-r-	c:\windows\Fonts\StaticCache.dat
2009-07-14 01:14 . 2009-07-13 23:42	396800	--sha-w-	c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe
.

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883840]
"AutoStartNPSAgent"="c:\program files\Samsung\Samsung New PC Studio\NPSAgent.exe" [2009-07-15 102400]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-04 186904]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-02 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-02 174104]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-02 151064]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-09-11 7739936]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-08-14 1549608]
"MDS_Menu"="c:\program files\CyberLink\MediaShow4\MUITransfer\MUIStartMenu.exe" [2009-02-25 218408]
"CLMLServer"="c:\program files\CyberLink\Power2Go\CLMLSvc.exe" [2009-06-03 103720]
"PDVD9LanguageShortcut"="c:\program files\CyberLink\PowerDVD9\Language\Language.exe" [2009-04-27 50472]
"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-10 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-01-22 141608]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan.lnk - c:\program files\McAfee Security Scan\1.0.150\SSScheduler.exe [2009-7-28 199184]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-06 135664]
R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\Common Files\MAGIX Services\Database\bin\fbserver.exe [2008-08-07 3276800]
R3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2009-12-30 137344]
R3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [2009-12-30 8320]
S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\Drivers\avgldx86.sys [2010-03-17 216200]
S1 AvgTdiX;AVG Free Network Redirector;c:\windows\System32\Drivers\avgtdix.sys [2010-04-21 242896]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 avg9emc;AVG Free E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [2010-03-17 916760]
S2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [2010-03-17 308064]
S2 Fabs;FABS - Helping agent for MAGIX media database;c:\program files\Common Files\MAGIX Services\Database\bin\FABS.exe [2009-02-03 1155072]
S2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [2009-07-15 233472]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.SYS [2009-07-15 36608]
S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2009-07-10 122880]
S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2009-07-14 116064]
S3 JME;JMicron Ethernet Adapter NDIS6 Driver;c:\windows\system32\DRIVERS\JME.sys [2009-07-14 82272]
S3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\DRIVERS\rtl8192se.sys [2009-08-19 859648]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]


--- Andere Dienste/Treiber im Speicher ---

*NewlyCreated* - FSUSBEXDISK
.
Inhalt des "geplante Tasks" Ordners

2010-04-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-06 16:07]

2010-04-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-06 16:07]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.aldi.com
uInternet Settings,ProxyOverride = *.local
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: {{0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-25/4
FF - ProfilePath - c:\users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\cj6zx2mo.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/
FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll

---- FIREFOX Richtlinien ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency",   1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug",            false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight",       2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize",       1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight",   25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight",     5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation",  false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "hxxp://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -

HKCU-Run-NokiaOviSuite2 - c:\program files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe
HKLM-Run-NPSStartup - (no file)


.
--------------------- Gesperrte Registrierungsschluessel ---------------------

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2010-04-22  07:56:54
ComboFix-quarantined-files.txt  2010-04-22 05:56

Vor Suchlauf: 7 Verzeichnis(se), 405.646.495.744 Bytes frei
Nach Suchlauf: 12 Verzeichnis(se), 405.563.920.384 Bytes frei

- - End Of File - - D1FD7CB760B15A6E2F505238C8A99CA4

Larusso · 22.04.2010, 13:41

Hab ich vergessen, bitte keine Code-Tags. Ich mag die nicht

schritt 1

Java aktualisieren

Deine Javaversion ist veraltet. Da einige Schädlinge (z. B. Vundo) über Java-Exploits in das System eindringen, muss Java aktualisiert werden und alte Versionen müssen vom System entfernt werden, da die alten Versionen ein Sicherheitsrisiko darstellen. Lade JavaRa von prm753 herunter und entpacke es auf den Desktop. JavaRA ist geeignet für Windows 9x, 2k, XP und Vista (mit deaktivierter Benuterkontensteuerung).

Schließe alle Browserfenster.
Doppelklicke die JavaRa.exe, um das Programm zu starten.
Die Sprache auswählen, nimm Englisch und klicke "Select".
Klicke auf Additional Task, mache Haken bei Remove Useless JRE Files und [b]Remove Sun Download Manager[b].
Klicke auf Go und jeweils auf Ok und schließe das Fenster "Additional Tasks" wieder.
Klicke auf Remove Older Versions, um alte Java-Versionen, die auf dem Rechner installiert sind, zu entfernen.
Klicke auf Yes wenn es verlangt wird. Wenn JavaRa fertig, erscheint eine Notiz, dass ein Logfile erstellt wurde, klicke OK.
Das Logfile wird im Editor geöffnet, bitte speichern und später hier posten.
Kontrolliere in Systemsteuerung => Programme, ob noch Java-Versionen vorhanden sind und deinstalliere diese.
Rechner neu starten.

Downloade nun Java [B](Java Runtime Environment (JRE) 6 Update ..)[B] von http://www.trojaner-board.de/105213-java-update-einstellungen.html]SUN[/url] und installiere es. Vor dem Download musst Du die Lizenzbedingungen akzeptieren, indem Du "Accept License Agreement" aktivierst. Erweiterte Optionen anhaken, Sponsoren-Programm (Toolbar oder ähnliches) ggfs. abwählen.

schritt 2

Grundreinigung mit SUPERAntiSpyware

Bitte lade Dir SUPERAntiSpyware FREE Edition herunter.
Das Programm ist geeignet für: Windows 98, 98SE, ME, 2000, 2003, XP und Vista.
Installiere das Programm und lasse das Programm die neuesten Definition und Updates laden.
Eine bebilderte Anleitung findest Du hier.
Schließe alle Anwendungen inkl. Browser.
Öffne SUPERAntiSpyware und klicke auf Ihren Computer durchsuchen.
Setze ein Häkchen bei Kompletter Scan und klicke auf Weiter.
Wenn der Suchlauf beendet ist, wird Dir eine Übersicht mit den Funden angezeigt, die Du mit OK zur Kenntnis nimmst.
Achte darauf, dass bei allen Funden ein Häkchen steht, klicke dann auf Weiter und OK.
Klicke auf Fertig stellen, was Dich ins Hauptfenster bringt.
Es kann sein, dass Dein Rechner neu gestartet werden muss, um Malware mit dem Neustart vom System zu entfernen.
Um das Logfile zu erhalten, musst du erst auf Präferenzen und dann auf den Statistiken und Protokolle klicken.
Klicke auf das datierte Logfile, drücke auf Protokoll anzeigen. Nun erscheint ein Textfenster.
Bitte kopiere diesen Bericht hier in den Thread.

schritt 3

ESET Online Scanner

Bitte während der Online-Scans evtl. vorhandene externe Festplatten einschalten! Bitte während der Scans alle Hintergrundwächter (Anti-Virus-Programm, Firewall, Skriptblocking und ähnliches) abstellen und nicht vergessen, alles hinterher wieder einzuschalten.

Unterstützte Betriebssysteme: Microsoft Windows 98/ME/NT 4.0/2000/XP und Windows Vista
Anmerkung für Vista-User: Bitte den Browser unbedingt als Administrator starten.
Dein Anti-Virus-Programm während des Scans deaktivieren.
Button "ESET Online Scanner" drücken.
Firefox-User müssen ein zusätzliches Addon (esetsmartinstaller_enu.exe) installieren.
Das Firefox-Addon auf dem Desktop speichern und dann installieren.
IE-User müssen das Installieren eines ActiveX Elements erlauben.
Einen Haken bei "Remove found threads" und "Scan archives" machen.
Start drücken.
Signaturen werden heruntergeladen.
Der Scan beginnt automatisch.
Finish drücken.
Browser schließen.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt suchen und mit Deinem Editor öffnen.
Logfile hier posten.
Deinstallation: Systemsteuerung => Software => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset
IE-User zusätzlich: mit HJT folgenden Eintrag fixen:
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control)

schritt 4

Starte bitte OTL.exe und klicke auf den Quick Scan Button.

Bitte poste in Deiner nächsten Antwort
Log von SuperAntiSpyware
Log von ESET
OTL.txt
Berichte ob noch weiter Probleme vorhanden sind

FiDoS · 22.04.2010, 18:27

Funktionieren die Programme auch mit Windows 7 ?

Larusso · 22.04.2010, 20:54

Ja sollten sie.
/me muss seine Anleitungen mal updaten

FiDoS · 23.04.2010, 06:23

Die Datei JavaRa log konnte nicht gefunden werden...

Larusso · 23.04.2010, 11:46

Hm :/

Okay, deinstalliere bitte alle vorhandenen Java JRE Versionen und downloade Dir die aktuelle Version. Downloadlink im vorigen Post

Der Java Download hat sich geändert. Lade es bitte von Oracle herunter (update 20)

FiDoS · 23.04.2010, 12:46

SuperAntiSpyware Bericht:

Zitat:

SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com

Generated 04/23/2010 at 01:40 PM

Application Version : 4.35.1002

Core Rules Database Version : 4842
Trace Rules Database Version: 2654

Scan type : Complete Scan
Total Scan Time : 00:24:29

Memory items scanned : 650
Memory threats detected : 0
Registry items scanned : 7814
Registry threats detected : 0
File items scanned : 25400
File threats detected : 66

Adware.Tracking Cookie
C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Cookies\michael@stat.aldi[1].txt
C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Cookies\michael@mediaplex[2].txt
C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Cookies\michael@msnportal.112.2o7[1].txt
C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Cookies\michael@webmasterplan[1].txt
C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Cookies\michael@ad.zanox[2].txt
C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Cookies\michael@weborama[2].txt
C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Cookies\michael@ad.yieldmanager[1].txt
C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Cookies\michael@zanox-affiliate[2].txt
C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Cookies\michael@doubleclick[1].txt
C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Cookies\michael@www.zanox-affiliate[2].txt
C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Cookies\michael@zanox[1].txt
C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Cookies\michael@pro-market[2].txt
C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Cookies\michael@ad.adition[1].txt
C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Cookies\michael@serving-sys[2].txt
C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Cookies\michael@content.yieldmanager[1].txt
C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Cookies\michael@tracking.mlsat02[1].txt
C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Cookies\michael@clicksor[1].txt
C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Cookies\michael@apmebf[1].txt
C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Cookies\michael@adfarm1.adition[2].txt
C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Cookies\michael@myroitracking[1].txt
C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Cookies\michael@www.etracker[1].txt
C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Cookies\michael@advertising[1].txt
C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Cookies\michael@traffictrack[2].txt
C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Cookies\michael@tradedoubler[1].txt
C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Cookies\michael@adtech[1].txt
C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Cookies\michael@content.yieldmanager[3].txt
C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Cookies\michael@atdmt[2].txt
C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Cookies\michael@bs.serving-sys[1].txt
C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Cookies\Low\michael@content.yieldmanager[3].txt
C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Cookies\Low\michael@mediaplex[2].txt
C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Cookies\Low\michael@doubleclick[2].txt
C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Cookies\Low\michael@bs.serving-sys[2].txt
C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Cookies\Low\michael@apmebf[1].txt
C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Cookies\Low\michael@ads.quartermedia[1].txt
C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Cookies\Low\michael@www.etracker[1].txt
C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Cookies\Low\michael@himedia.individuad[1].txt
C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Cookies\Low\michael@content.yieldmanager[1].txt
C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Cookies\Low\michael@tracking.metalyzer[1].txt
C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Cookies\Low\michael@webmasterplan[2].txt
C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Cookies\Low\michael@ad.yieldmanager[1].txt
C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Cookies\Low\michael@tracking.quisma[1].txt
C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Cookies\Low\michael@unitymedia[2].txt
C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Cookies\Low\michael@zanox[2].txt
C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Cookies\Low\michael@tradedoubler[2].txt
C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Cookies\Low\michael@ad.ad-srv[2].txt
C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Cookies\Low\michael@advertiser.contextmatters[1].txt
C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Cookies\Low\michael@adfarm1.adition[2].txt
C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Cookies\Low\michael@zedo[2].txt
C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Cookies\Low\michael@serving-sys[2].txt
C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Cookies\Low\michael@atdmt[1].txt
C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Cookies\Low\michael@de.at.atwola[1].txt
C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Cookies\Low\michael@adtech[1].txt
C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Cookies\Low\michael@traffictrack[2].txt
C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Cookies\Low\michael@zanox-affiliate[1].txt
C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Cookies\Low\michael@fastclick[1].txt
C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Cookies\Low\michael@cunda.122.2o7[1].txt
C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Cookies\Low\michael@www.zanox-affiliate[1].txt
C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Cookies\Low\michael@ad.zanox[2].txt
C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Cookies\Low\michael@tracking.mlsat02[1].txt
C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Cookies\Low\michael@euros4click[2].txt
C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Cookies\Low\michael@a7.adserver01[2].txt
C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Cookies\Low\michael@advertising[2].txt
C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Cookies\Low\michael@a2.adserver01[1].txt
C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Cookies\Low\michael@eas.apm.emediate[1].txt
C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Cookies\Low\michael@msnportal.112.2o7[1].txt
C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Cookies\michael@stat.aldi[2].txt

FiDoS · 23.04.2010, 15:14

ESET log:

C:\Users\Michael\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\33\1108a961-7dbd59e5 Java/TrojanDownloader.Agent.NAM trojan deleted - quarantined

22.04.2010, 20:54	#11
Larusso /// Selecta Jahrusso	Pop Ups öffnen sich automatisch nach Virenmeldung Ja sollten sie. /me muss seine Anleitungen mal updaten __________________ mfg, Daniel ASAP & UNITE Member Alliance of Security Analysis Professionals Unified Network of Instructors and Trusted Eliminators Lerne, zurück zu schlagen und unterstütze uns! TB Akademie

Pop Ups öffnen sich automatisch nach Virenmeldung

Antiviren-, Firewall- und andere Schutzprogramme: Pop Ups öffnen sich automatisch nach Virenmeldung