Probleme:
Explorer arbeitete nicht mehr richtig, alle Browser stürzten immer wieder ab, der Brenner ging nicht.....Windows sagte was von Service Pack is was faul....Firefox meldetet fehlende Plugins oder Ähnliches

C:\Users\Junglette68\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ntuser_mssec.exe
[FUND] Ist das Trojanische Pferd TR/Crypt.XPACK.Gen2
[HINWEIS] Die Datei wurde gelöscht.
C:\Users\Junglette68\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\wwwxbv32.exe
[FUND] Ist das Trojanische Pferd TR/Crypt.XPACK.Gen2
[HINWEIS] Die Datei wurde gelöscht.

...meine Reaktion gestern mit AntiVir...jetzt geht mein Bildschirm immer aus....
musste externen am Vaio jetzt anschließen und frage mich....hat mein Bildschirmausfall damit zu tun??

Malware suchprogramm sowie Windows Defender haben NACH dem löschen die Anwendung geblockt!! Wie geht das? Sollte doch gelöscht sein....

Ich denke alle Logs zu haben, CC cleaner lief, Malware dings und RSIT alles ausgeführt.....nach besten gewissen

Denke auch, dass ich keine ilegalen Programme nutze

wie auch immer...mag sich jemand damit auseinandersetzen, mir helfen??

Any ideas???

Vielen Dank im Voraus!!

ok,
1. wenn du fehlermeldungen erhällst, möchte ich nicht, irgendwas lesen, sondern was da stand. wir geben dir hier ja auch genaue anweisungen und möchten genaue infos dafür. sonst ist ne hilfe schwirig
2. was genau hat Malwarebytes gefunden, zu finden unter logdaeien.
3.
ootl:
Systemscan mit OTL
download otl:
http://filepony.de/download-otl/

Doppelklick auf die OTL.exe
(user von Windows 7 und Vista: Rechtsklick als Administrator ausführen)
1. Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
2. Hake an "scan all users"
3. Unter "Extra Registry wähle:
"Use Safelist" "LOP Check" "Purity Check"
4. Kopiere in die Textbox:
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
5. Klicke "Scan"
6. 2 reporte werden erstellt:
OTL.Txt
Extras.Txt
poste beide.

huhu....
1. sorry für die fehlende Präzision der Angaben aber konnt mir das net exakt merken

2. Malware sagt:

Code: Alles auswählenAufklappen

ATTFilter

 Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 4052

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18928

22.07.2010 10:58:08
mbam-log-2010-07-22 (10-58-08).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|F:\|)
Durchsuchte Objekte: 291653
Laufzeit: 1 Stunde(n), 56 Minute(n), 5 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 1

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
C:\Users\Junglette68\AppData\Roaming\avdrn.dat (Malware.Trace) -> Quarantined and deleted successfully.
         

und 3.

geht grad net so mit runterladen

Gibts auch irgendwie nur auf einem Weg und der klappt grad net

ausser des hab ich gefunden :

OTL von "OldTimer" (Analysetool)

Zunächst nur der Downloadlink:

http://filepony.de/download-otl/
Ersatzdownloadlink (18.04.2010)
SHA1-Checksumme: 607055bfb5bf4d5f3e42a7ee4de812a4bf594857
http://sicher-ins-netz.info/dl/lichtinsdunkel.exe

aber ist net was ich brauch, oder??

Hoffe man kann schon was sehn

vielen Dank für deine Aufmerksamkeit

doch ist der.
kannst du mal malwarebytes öffnen, registerkarte aktualisierung, progrmam updaten, erneut scannen, funde löschen, log posten, danach otl noch mal versuchen

OOoookay...

Malware Datenbank erfolgreich aktualisiert
den Scan nochmal vollständig machen oder nur quick??

OTL ist jetzt auch da

vollständig bitte.
und danach otl logs erstellen bitte

so...OTL Bericht:

OTL Logfile:

Code: Alles auswählenAufklappen

ATTFilter

OTL logfile created on: 22.07.2010 17:44:12 - Run 1
OTL by OldTimer - Version 3.2.9.1     Folder = C:\Users\Junglette68\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18928)
Locale: 00000xxx | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 56,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 78,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 289,22 Gb Total Space | 181,32 Gb Free Space | 62,69% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
Drive F: | 465,76 Gb Total Space | 361,97 Gb Free Space | 77,71% Space Free | Partition Type: NTFS
Drive G: | 993,97 Mb Total Space | 987,08 Mb Free Space | 99,31% Space Free | Partition Type: FAT
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: JUNGLETTE68-PC
Current User Name: Junglette68
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Junglette68\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\MySpace\IM\MySpaceIM.exe ()
PRC - C:\Programme\Windows Media Player\wmplayer.exe (Microsoft Corporation)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Programme\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Programme\Sony\Network Utility\LANUtil.exe (Sony Corporation)
PRC - C:\Programme\Sony\VAIO Power Management\SPMgr.exe (Sony Corporation)
PRC - C:\Programme\Sony\VAIO Power Management\SPMService.exe (Sony Corporation)
PRC - C:\Programme\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe (Sony Corporation)
PRC - C:\Programme\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe (Sony Corporation)
PRC - C:\Programme\Sony\VAIO Update 4\VAIOUpdt.exe (Sony Corporation)
PRC - C:\Programme\Sony\VAIO Media plus\VMpTtray.exe (Sony Corporation)
PRC - C:\Programme\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe (Sony Corporation)
PRC - C:\Programme\Sony\VAIO Media plus\SOHDms.exe (Sony Corporation)
PRC - C:\Programme\Sony\VAIO Media plus\SOHCImp.exe (Sony Corporation)
PRC - C:\Programme\Sony\VAIO Media plus\SOHDs.exe (Sony Corporation)
PRC - C:\Programme\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation)
PRC - C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Defender\MSASCui.exe (Microsoft Corporation)
PRC - C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe (Macrovision Corporation)
PRC - C:\Windows\System32\wpcumi.exe (Microsoft Corporation)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\Junglette68\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll (Microsoft Corporation)
MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (SeekappSrch Service) -- C:\ProgramData\SeekappSrch\seekapp167.exe File not found
SRV - (sdCoreService) -- C:\Users\Junglette68\Desktop\Spyware Doctor\pctsSvc.exe File not found
SRV - (sdAuxService) -- C:\Users\Junglette68\Desktop\Spyware Doctor\pctsAuxs.exe File not found
SRV - (Browser Defender Update Service) -- C:\Users\Junglette68\Desktop\Spyware Doctor\BDT\BDTUpdateService.exe File not found
SRV - (WPFFontCache_v0400) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe (Microsoft Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (fsssvc) -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe (Microsoft Corporation)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (VAIO Event Service) -- C:\Programme\Sony\VAIO Event Service\VESMgr.exe (Sony Corporation)
SRV - (NSUService) -- C:\Program Files\Sony\Network Utility\NSUService.exe (Sony Corporation)
SRV - (VCFw) -- C:\Program Files\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe (Sony Corporation)
SRV - (VAIO Power Management) -- C:\Program Files\Sony\VAIO Power Management\SPMService.exe (Sony Corporation)
SRV - (Vcsw) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe (Sony Corporation)
SRV - (VcmIAlzMgr) -- C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe (Sony Corporation)
SRV - (VcmXmlIfHelper) -- C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe (Sony Corporation)
SRV - (VzCdbSvc) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe (Sony Corporation)
SRV - (VAIO Entertainment TV Device Arbitration Service) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe (Sony Corporation)
SRV - (SOHDms) -- C:\Program Files\Sony\VAIO Media plus\SOHDms.exe (Sony Corporation)
SRV - (SOHCImp) -- C:\Program Files\Sony\VAIO Media plus\SOHCImp.exe (Sony Corporation)
SRV - (SOHDs) -- C:\Program Files\Sony\VAIO Media plus\SOHDs.exe (Sony Corporation)
SRV - (SPTISRV) -- C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe (Sony Corporation)
SRV - (MSCSPTISRV) -- C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe (Sony Corporation)
SRV - (PACSPTISVR) -- C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe (Sony Corporation)
SRV - (EvtEng) -- C:\Programme\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation)
SRV - (RegSrvc) -- C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (AdobeActiveFileMonitor6.0) -- C:\Programme\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe ()
SRV - (IviRegMgr) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (NwlnkFwd) -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- C:\Windows\System32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- C:\Windows\System32\DRIVERS\ipinip.sys File not found
DRV - (hwdatacard) -- C:\Windows\System32\DRIVERS\ewusbmdm.sys File not found
DRV - (btwrchid) -- C:\Windows\System32\DRIVERS\btwrchid.sys File not found
DRV - (btwl2cap) -- C:\Windows\System32\DRIVERS\btwl2cap.sys File not found
DRV - (btwavdt) -- C:\Windows\System32\drivers\btwavdt.sys File not found
DRV - (btwaudio) -- C:\Windows\System32\drivers\btwaudio.sys File not found
DRV - (EverestDriver) -- C:\Programme\Lavalys\EVEREST Ultimate Edition\kerneld.wnt ()
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (PCTCore) -- C:\Windows\system32\drivers\PCTCore.sys (PC Tools)
DRV - (fssfltr) -- C:\Windows\System32\drivers\fssfltr.sys (Microsoft Corporation)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (ElbyCDIO) -- C:\Windows\System32\drivers\ElbyCDIO.sys (Elaborate Bytes AG)
DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (KMWDFILTER) -- C:\Windows\System32\drivers\KMWDFILTER.sys (Windows (R) Codename Longhorn DDK provider)
DRV - (DMICall) -- C:\Windows\System32\drivers\DMICall.sys (Sony Corporation)
DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio.sys (Conexant Systems, Inc.)
DRV - (HSF_DPV) -- C:\Windows\System32\drivers\HSX_DPV.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\Windows\System32\drivers\HSX_CNXT.sys (Conexant Systems, Inc.)
DRV - (HSXHWAZL) -- C:\Windows\System32\drivers\HSXHWAZL.sys (Conexant Systems, Inc.)
DRV - (SynTP) -- C:\Windows\System32\drivers\SynTP.sys (Synaptics, Inc.)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.)
DRV - (risdptsk) -- C:\Windows\System32\drivers\risdptsk.sys (REDC)
DRV - (rimsptsk) -- C:\Windows\System32\drivers\rimsptsk.sys (REDC)
DRV - (yukonwlh) -- C:\Windows\System32\drivers\yk60x86.sys (Marvell)
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (WimFltr) -- C:\Windows\System32\drivers\WimFltr.sys (Microsoft Corporation)
DRV - (TcUsb) -- C:\Windows\System32\drivers\tcusb.sys (UPEK Inc.)
DRV - (MHIKEY10) -- C:\Windows\System32\drivers\MHIKEY10.sys (Generic USB smartcard reader)
DRV - (NETw5v32) Intel(R) -- C:\Windows\System32\drivers\NETw5v32.sys (Intel Corporation)
DRV - (iaStor) -- C:\Windows\system32\DRIVERS\iaStor.sys (Intel Corporation)
DRV - (SFEP) -- C:\Windows\System32\drivers\SFEP.sys (Sony Corporation)
DRV - (MegaSR) -- C:\Windows\system32\drivers\megasr.sys (LSI Corporation, Inc.)
DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Corporation)
DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)
DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (HSFHWAZL) -- C:\Windows\System32\drivers\VSTAZL3.SYS (Conexant Systems, Inc.)
DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (regi) -- C:\Windows\System32\drivers\regi.sys (InterVideo)
DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.club-vaio.com
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.club-vaio.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [Binary data over 100 bytes]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.icq.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Яндек�"
FF - prefs.js..browser.search.defaulturl: "http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampie7&query="
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://home.myspace.com/index.cfm?fuseaction=home"
FF - prefs.js..extensions.enabledItems: de-DE@dictionaries.addons.mozilla.org:2.0.1
FF - prefs.js..extensions.enabledItems: {c33c5b47-69c8-45a4-a5e0-af85bbe628dd}:1.6.1.3
FF - prefs.js..extensions.enabledItems: pinkpaula-combo@pinktheme.com:2.0
FF - prefs.js..extensions.enabledItems: {4548ECB8-DA60-439A-A00D-5C893F8E1F9A}:1.0
FF - prefs.js..extensions.enabledItems: {EEE6C361-6118-11DC-9C72-001320C79847}:1.0.0.10
FF - prefs.js..extensions.enabledItems: en-US@dictionaries.addons.mozilla.org:4.0.0
FF - prefs.js..extensions.enabledItems: {d9284e50-81fc-11da-a72b-0800200c9a66}:7.3.3
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..keyword.URL: "http://search.sweetim.com/search.asp?src=2&q="
FF - prefs.js..sweetim.toolbar.previous.keyword.URL: "http://yandex.ru/yandsearch?stype=first&clid=43912&yasoft=barff&text="
 
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.06.27 22:36:11 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.06.27 22:36:11 | 000,000,000 | ---D | M]
 
[2008.11.07 19:27:01 | 000,000,000 | ---D | M] -- C:\Users\Junglette68\AppData\Roaming\mozilla\Extensions
[2010.07.22 17:30:55 | 000,000,000 | ---D | M] -- C:\Users\Junglette68\AppData\Roaming\mozilla\Firefox\Profiles\xiwt3nuq.default\extensions
[2010.06.30 06:04:46 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Junglette68\AppData\Roaming\mozilla\Firefox\Profiles\xiwt3nuq.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009.07.12 15:50:12 | 000,000,000 | ---D | M] (Mega Manager Integration) -- C:\Users\Junglette68\AppData\Roaming\mozilla\Firefox\Profiles\xiwt3nuq.default\extensions\{40a1f5d7-afc2-498f-b264-02668d616ff6}
[2010.02.01 09:41:25 | 000,000,000 | ---D | M] (Interclue) -- C:\Users\Junglette68\AppData\Roaming\mozilla\Firefox\Profiles\xiwt3nuq.default\extensions\{c33c5b47-69c8-45a4-a5e0-af85bbe628dd}
[2010.06.30 06:04:46 | 000,000,000 | ---D | M] (Yoono) -- C:\Users\Junglette68\AppData\Roaming\mozilla\Firefox\Profiles\xiwt3nuq.default\extensions\{d9284e50-81fc-11da-a72b-0800200c9a66}
[2010.06.30 06:04:46 | 000,000,000 | ---D | M] (SweetIM Toolbar for Firefox) -- C:\Users\Junglette68\AppData\Roaming\mozilla\Firefox\Profiles\xiwt3nuq.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}
[2010.02.13 00:21:44 | 000,000,000 | ---D | M] -- C:\Users\Junglette68\AppData\Roaming\mozilla\Firefox\Profiles\xiwt3nuq.default\extensions\de-DE@dictionaries.addons.mozilla.org
[2009.10.08 17:40:44 | 000,000,000 | ---D | M] -- C:\Users\Junglette68\AppData\Roaming\mozilla\Firefox\Profiles\xiwt3nuq.default\extensions\en-US@dictionaries.addons.mozilla.org
[2009.12.08 21:16:11 | 000,000,000 | ---D | M] -- C:\Users\Junglette68\AppData\Roaming\mozilla\Firefox\Profiles\xiwt3nuq.default\extensions\pinkpaula-combo@pinktheme.com
[2008.11.07 19:27:22 | 000,000,000 | ---D | M] -- C:\Users\Junglette68\AppData\Roaming\mozilla\Firefox\Profiles\xiwt3nuq.default\extensions\toolbar_extras@de.yahoo.com
[2009.07.01 22:25:55 | 000,000,000 | ---D | M] -- C:\Users\Junglette68\AppData\Roaming\mozilla\Firefox\Profiles\xiwt3nuq.default\extensions\yasearch@yandex.ru
[2009.07.01 22:25:52 | 000,000,000 | ---D | M] -- C:\Users\Junglette68\AppData\Roaming\mozilla\Firefox\Profiles\xiwt3nuq.default\extensions\yasearch@yandex.ru\chrome\skin\extensions-hacks
[2009.06.26 11:41:28 | 000,002,321 | ---- | M] () -- C:\Users\Junglette68\AppData\Roaming\Mozilla\FireFox\Profiles\xiwt3nuq.default\searchplugins\dictcc.xml
[2010.06.20 14:14:59 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions
[2009.12.19 12:51:10 | 000,000,000 | ---D | M] (Seekapp) -- C:\Programme\Mozilla Firefox\extensions\{4548ECB8-DA60-439A-A00D-5C893F8E1F9A}
[2009.05.15 12:26:09 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2010.06.20 14:14:59 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2008.11.07 19:26:47 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions\toolbar_extras@de.yahoo.com
[2010.04.12 17:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll
[2010.03.14 20:34:37 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.03.14 20:34:37 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.03.14 20:34:37 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2009.08.12 12:28:23 | 000,002,382 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\seekapp145.xml
[2009.08.14 19:27:11 | 000,002,382 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\seekapp147.xml
[2009.08.26 10:02:10 | 000,002,382 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\seekapp149.xml
[2009.09.03 22:19:34 | 000,002,382 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\seekapp151.xml
[2009.09.22 16:20:25 | 000,002,382 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\seekapp153.xml
[2009.09.24 18:51:29 | 000,002,382 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\seekapp155.xml
[2009.10.25 12:48:36 | 000,002,382 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\seekapp159.xml
[2009.11.04 09:20:02 | 000,002,382 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\seekapp163.xml
[2009.11.06 08:52:45 | 000,002,382 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\seekapp165.xml
[2009.11.27 22:03:06 | 000,002,382 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\seekapp167.xml
[2010.03.14 20:34:38 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.03.14 20:34:38 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (IeMonitorBho Class) - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Programme\Megaupload\Mega Manager\MegaIEMn.dll (Megaupload Limited)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EEE6C35B-6118-11DC-9C72-001320C79847} - No CLSID value found.
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [ Malwarebytes Anti-Malware  (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Skytel] C:\Windows\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [WPCUMI] C:\Windows\System32\wpcumi.exe (Microsoft Corporation)
O4 - HKCU..\Run: [{849EADAE-6886-82F5-699F-9ECDB2FAEF81}] C:\Users\Junglette68\AppData\Roaming\Qefaku\ydez.exe ()
O4 - HKCU..\Run: [ISUSPM] C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe (Macrovision Corporation)
O4 - HKCU..\Run: [MySpaceIM] C:\Programme\MySpace\IM\MySpaceIM.exe ()
O4 - HKCU..\Run: [NSUFloatingUI] C:\Program Files\Sony\Network Utility\LANUtil.exe (Sony Corporation)
O4 - HKCU..\Run: [VMpTtray.exe] C:\Programme\Sony\VAIO Media plus\VMpTtray.exe (Sony Corporation)
O4 - HKCU..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab (Java Plug-in 1.6.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\VESWinlogon: DllName - VESWinlogon.dll - C:\Windows\System32\VESWinlogon.dll (Sony Corporation)
O24 - Desktop WallPaper: C:\Users\Junglette68\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Junglette68\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{120d4a23-abf2-11de-a551-b2c59f6053a3}\Shell - "" = AutoRun
O33 - MountPoints2\{120d4a23-abf2-11de-a551-b2c59f6053a3}\Shell\AutoRun\command - "" = H:\StartVMCLite.exe -- File not found
O33 - MountPoints2\{1296647a-5a70-11de-b08f-b58410160faf}\Shell - "" = AutoRun
O33 - MountPoints2\{1296647a-5a70-11de-b08f-b58410160faf}\Shell\AutoRun\command - "" = G:\StartVMCLite.exe -- File not found
O33 - MountPoints2\{12966482-5a70-11de-b08f-b58410160faf}\Shell - "" = AutoRun
O33 - MountPoints2\{12966482-5a70-11de-b08f-b58410160faf}\Shell\AutoRun\command - "" = H:\StartVMCLite.exe -- File not found
O33 - MountPoints2\{4db69f78-eebe-11de-b101-c330a305a9ad}\Shell - "" = AutoRun
O33 - MountPoints2\{4db69f78-eebe-11de-b101-c330a305a9ad}\Shell\AutoRun\command - "" = F:\StartVMCLite.exe -- File not found
O33 - MountPoints2\{4db69f7e-eebe-11de-b101-c330a305a9ad}\Shell - "" = AutoRun
O33 - MountPoints2\{4db69f7e-eebe-11de-b101-c330a305a9ad}\Shell\AutoRun\command - "" = F:\StartVMCLite.exe -- File not found
O33 - MountPoints2\{4db69f82-eebe-11de-b101-c330a305a9ad}\Shell - "" = AutoRun
O33 - MountPoints2\{4db69f82-eebe-11de-b101-c330a305a9ad}\Shell\AutoRun\command - "" = F:\StartVMCLite.exe -- File not found
O33 - MountPoints2\{4db69f84-eebe-11de-b101-c330a305a9ad}\Shell - "" = AutoRun
O33 - MountPoints2\{4db69f84-eebe-11de-b101-c330a305a9ad}\Shell\AutoRun\command - "" = F:\StartVMCLite.exe -- File not found
O33 - MountPoints2\{50979d93-de95-11de-85b9-fa6620b459b6}\Shell - "" = AutoRun
O33 - MountPoints2\{50979d93-de95-11de-85b9-fa6620b459b6}\Shell\AutoRun\command - "" = F:\StartVMCLite.exe -- File not found
O33 - MountPoints2\{5369f9b9-ac36-11dd-957d-00214f5537de}\Shell - "" = AutoRun
O33 - MountPoints2\{53c5aeae-eefa-11de-af40-da90780d2da0}\Shell - "" = AutoRun
O33 - MountPoints2\{53c5aeae-eefa-11de-af40-da90780d2da0}\Shell\AutoRun\command - "" = F:\StartVMCLite.exe -- File not found
O33 - MountPoints2\{53c5aeb4-eefa-11de-af40-da90780d2da0}\Shell - "" = AutoRun
O33 - MountPoints2\{53c5aeb4-eefa-11de-af40-da90780d2da0}\Shell\AutoRun\command - "" = F:\StartVMCLite.exe -- File not found
O33 - MountPoints2\{53c5aecf-eefa-11de-af40-da90780d2da0}\Shell - "" = AutoRun
O33 - MountPoints2\{53c5aecf-eefa-11de-af40-da90780d2da0}\Shell\AutoRun\command - "" = F:\StartVMCLite.exe -- File not found
O33 - MountPoints2\{545a3d1b-ef82-11de-a9ed-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{545a3d1b-ef82-11de-a9ed-806e6f6e6963}\Shell\AutoRun\command - "" = F:\StartVMCLite.exe -- File not found
O33 - MountPoints2\{55ed6b17-2d1d-11df-a1b7-9a83b96bd1fd}\Shell\AutoRun\command - "" = F:\Menu.exe -- File not found
O33 - MountPoints2\{6c864b07-6c68-11de-8012-84d8358694a8}\Shell - "" = AutoRun
O33 - MountPoints2\{6c864b07-6c68-11de-8012-84d8358694a8}\Shell\AutoRun\command - "" = F:\StartVMCLite.exe -- File not found
O33 - MountPoints2\{8b74bfef-59c9-11de-87cf-ec21ea1a8da1}\Shell - "" = AutoRun
O33 - MountPoints2\{8b74c008-59c9-11de-87cf-e57db8ae5204}\Shell - "" = AutoRun
O33 - MountPoints2\{8e093dad-de08-11de-8b03-d8e2d8fa20a2}\Shell - "" = AutoRun
O33 - MountPoints2\{8e093dad-de08-11de-8b03-d8e2d8fa20a2}\Shell\AutoRun\command - "" = F:\StartVMCLite.exe -- File not found
O33 - MountPoints2\{8e093db0-de08-11de-8b03-d8e2d8fa20a2}\Shell - "" = AutoRun
O33 - MountPoints2\{8e093db0-de08-11de-8b03-d8e2d8fa20a2}\Shell\AutoRun\command - "" = F:\StartVMCLite.exe -- File not found
O33 - MountPoints2\{920c72bf-ef84-11de-b2fd-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{920c72bf-ef84-11de-b2fd-806e6f6e6963}\Shell\AutoRun\command - "" = G:\StartVMCLite.exe -- File not found
O33 - MountPoints2\{93e5bce0-f169-11de-97c0-f2a31d565ba0}\Shell - "" = AutoRun
O33 - MountPoints2\{93e5bce0-f169-11de-97c0-f2a31d565ba0}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found
O33 - MountPoints2\{93e5bce2-f169-11de-97c0-f2a31d565ba0}\Shell - "" = AutoRun
O33 - MountPoints2\{93e5bce2-f169-11de-97c0-f2a31d565ba0}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found
O33 - MountPoints2\{a62779c4-e00b-11de-b86a-b0fbe8bd7335}\Shell - "" = AutoRun
O33 - MountPoints2\{a62779c4-e00b-11de-b86a-b0fbe8bd7335}\Shell\AutoRun\command - "" = F:\StartVMCLite.exe -- File not found
O33 - MountPoints2\{a77beb55-ab98-11de-97da-fc086036c1ee}\Shell - "" = AutoRun
O33 - MountPoints2\{a77beb55-ab98-11de-97da-fc086036c1ee}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found
O33 - MountPoints2\{a77beb7b-ab98-11de-97da-fc086036c1ee}\Shell - "" = AutoRun
O33 - MountPoints2\{a77beb7b-ab98-11de-97da-fc086036c1ee}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found
O33 - MountPoints2\{a8736f0f-ac35-11dd-90b5-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{ae2fb159-efb1-11de-9c97-950df9db2e98}\Shell - "" = AutoRun
O33 - MountPoints2\{ae2fb159-efb1-11de-9c97-950df9db2e98}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found
O33 - MountPoints2\{ae7c2728-e64e-11dd-9e98-a8e114512aad}\Shell - "" = AutoRun
O33 - MountPoints2\{ae7c272a-e64e-11dd-9e98-a8e114512aad}\Shell - "" = AutoRun
O33 - MountPoints2\{b54deec4-b0bf-11dd-809f-00214f5537de}\Shell - "" = AutoRun
O33 - MountPoints2\{b9b4b32d-c090-11de-9d52-a9890316a288}\Shell - "" = AutoRun
O33 - MountPoints2\{b9b4b32d-c090-11de-9d52-a9890316a288}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe -- File not found
O33 - MountPoints2\{b9b4b336-c090-11de-9d52-a9890316a288}\Shell - "" = AutoRun
O33 - MountPoints2\{b9b4b336-c090-11de-9d52-a9890316a288}\Shell\AutoRun\command - "" = F:\StartVMCLite.exe -- File not found
O33 - MountPoints2\{b9b4b33e-c090-11de-9d52-a9890316a288}\Shell - "" = AutoRun
O33 - MountPoints2\{b9b4b33e-c090-11de-9d52-a9890316a288}\Shell\AutoRun\command - "" = F:\StartVMCLite.exe -- File not found
O33 - MountPoints2\{cd2b13ae-5f4a-11de-a8ab-f846b4985bad}\Shell - "" = AutoRun
O33 - MountPoints2\{cd2b13ae-5f4a-11de-a8ab-f846b4985bad}\Shell\AutoRun\command - "" = F:\StartVMCLite.exe -- File not found
O33 - MountPoints2\{cd2b13b0-5f4a-11de-a8ab-f846b4985bad}\Shell - "" = AutoRun
O33 - MountPoints2\{cd2b13b0-5f4a-11de-a8ab-f846b4985bad}\Shell\AutoRun\command - "" = F:\StartVMCLite.exe -- File not found
O33 - MountPoints2\{f282a283-f253-11de-ac95-d37add1797a2}\Shell - "" = AutoRun
O33 - MountPoints2\{f282a283-f253-11de-ac95-d37add1797a2}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found
O33 - MountPoints2\{f282a285-f253-11de-ac95-d37add1797a2}\Shell - "" = AutoRun
O33 - MountPoints2\{f282a285-f253-11de-ac95-d37add1797a2}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- File not found
O33 - MountPoints2\{fa31c6cc-598d-11de-8d08-e7417045dbe4}\Shell - "" = AutoRun
O33 - MountPoints2\{fa31c6cc-598d-11de-8d08-e7417045dbe4}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- File not found
O33 - MountPoints2\{fa31c6da-598d-11de-8d08-9aa83c96c4a7}\Shell - "" = AutoRun
O33 - MountPoints2\{fe812c29-073f-11df-89e2-ba97f2d241ab}\Shell - "" = AutoRun
O33 - MountPoints2\{fe812c29-073f-11df-89e2-ba97f2d241ab}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found
O33 - MountPoints2\{fe812c2c-073f-11df-89e2-ba97f2d241ab}\Shell - "" = AutoRun
O33 - MountPoints2\{fe812c2c-073f-11df-89e2-ba97f2d241ab}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2010.07.22 17:28:29 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Users\Junglette68\Desktop\OTL.exe
[2010.07.22 08:49:46 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010.07.22 08:49:44 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010.07.22 08:49:44 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2010.07.22 08:47:50 | 006,153,648 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Users\Junglette68\Desktop\mbam-setup.exe
[2010.07.22 08:14:06 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2010.07.22 07:56:04 | 000,000,000 | ---D | C] -- C:\Users\Junglette68\Desktop\Registry check
[2010.07.22 07:51:45 | 000,000,000 | ---D | C] -- C:\Users\Junglette68\AppData\Roaming\Uniblue
[2010.07.22 07:25:37 | 005,124,960 | ---- | C] (Uniblue Systems Ltd                                         ) -- C:\Users\Junglette68\registrybooster.exe
[2010.07.22 07:08:36 | 006,153,648 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Users\Junglette68\mbam-setup.exe
[2010.07.22 06:32:34 | 000,000,000 | ---D | C] -- C:\Users\Junglette68\Desktop\sign-in-guest.aspx-Dateien
[2010.07.13 13:19:32 | 000,000,000 | ---D | C] -- C:\Windows\System32\WindowsPowerShell
[2010.07.13 13:17:28 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrsmgr.dll
[2010.07.13 13:17:17 | 000,040,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrs.exe
[2010.07.13 13:17:17 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrshost.exe
[2010.07.13 13:17:17 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wsmprovhost.exe
[2010.07.13 13:17:15 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wsmplpxy.dll
[2010.07.13 13:17:15 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrssrv.dll
[2010.07.13 13:17:13 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wevtfwd.dll
[2010.07.13 13:17:13 | 000,079,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wecutil.exe
[2010.07.13 13:17:13 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wecapi.dll
[2010.07.13 13:17:13 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WsmRes.dll
[2010.07.13 13:17:12 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pwrshplugin.dll
[2010.07.13 13:17:07 | 000,252,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WSManMigrationPlugin.dll
[2010.07.13 13:17:07 | 000,246,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WSManHTTPConfig.exe
[2010.07.13 13:17:07 | 000,241,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrscmd.dll
[2010.07.13 13:17:07 | 000,214,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WsmWmiPl.dll
[2010.07.13 13:17:07 | 000,145,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WsmAuto.dll
[2010.07.02 22:44:53 | 000,000,000 | ---D | C] -- C:\Users\Junglette68\Desktop\Chipmunks
[2010.06.30 10:00:48 | 000,295,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHost.exe
[2010.06.30 10:00:48 | 000,099,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHostProxy.dll
[2010.06.30 10:00:48 | 000,049,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netfxperf.dll
[2010.06.29 13:55:56 | 004,240,384 | ---- | C] (Microsoft) -- C:\Windows\System32\GameUXLegacyGDFs.dll
[2010.06.29 13:55:56 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Apphlpdm.dll
[2010.06.25 17:30:25 | 000,000,000 | RHSD | C] -- C:\RECYCLER
[2010.06.25 12:44:18 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft.NET
[2 C:\*.tmp files -> C:\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2010.07.22 17:47:53 | 002,883,584 | -HS- | M] () -- C:\Users\Junglette68\ntuser.dat
[2010.07.22 17:28:31 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Junglette68\Desktop\OTL.exe
[2010.07.22 17:24:12 | 000,010,037 | ---- | M] () -- C:\Users\Junglette68\Desktop\Rechnungseckdaten.ods
[2010.07.22 17:20:00 | 000,001,142 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1104546142-3598715235-1019025001-1000UA.job
[2010.07.22 17:20:00 | 000,001,090 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1104546142-3598715235-1019025001-1000Core.job
[2010.07.22 17:03:18 | 000,056,251 | ---- | M] () -- C:\ProgramData\nvModes.001
[2010.07.22 17:00:39 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010.07.22 17:00:39 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010.07.22 11:08:21 | 001,445,310 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010.07.22 11:08:21 | 000,628,742 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2010.07.22 11:08:21 | 000,595,996 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010.07.22 11:08:21 | 000,126,454 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2010.07.22 11:08:21 | 000,104,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010.07.22 11:03:19 | 000,056,251 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2010.07.22 11:00:42 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010.07.22 11:00:37 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.07.22 11:00:31 | 3218,059,264 | -HS- | M] () -- C:\hiberfil.sys
[2010.07.22 10:59:36 | 000,524,288 | -HS- | M] () -- C:\Users\Junglette68\ntuser.dat{0623095e-ffe8-11de-ad63-ca2569948b8a}.TMContainer00000000000000000001.regtrans-ms
[2010.07.22 10:59:36 | 000,065,536 | -HS- | M] () -- C:\Users\Junglette68\ntuser.dat{0623095e-ffe8-11de-ad63-ca2569948b8a}.TM.blf
[2010.07.22 10:59:15 | 000,001,076 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2010.07.22 10:59:12 | 002,233,800 | -H-- | M] () -- C:\Users\Junglette68\AppData\Local\IconCache.db
[2010.07.22 08:49:48 | 000,000,818 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.07.22 08:47:54 | 006,153,648 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Users\Junglette68\Desktop\mbam-setup.exe
[2010.07.22 08:42:50 | 000,339,991 | ---- | M] () -- C:\Users\Junglette68\Desktop\RSIT.exe
[2010.07.22 07:25:44 | 005,124,960 | ---- | M] (Uniblue Systems Ltd                                         ) -- C:\Users\Junglette68\registrybooster.exe
[2010.07.22 07:08:39 | 006,153,648 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Users\Junglette68\mbam-setup.exe
[2010.07.22 06:32:35 | 000,019,339 | ---- | M] () -- C:\Users\Junglette68\Desktop\sign-in-guest.aspx.htm
[2010.07.21 18:08:15 | 000,089,088 | ---- | M] () -- C:\Users\Junglette68\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.07.21 13:01:16 | 000,001,724 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010.07.19 17:09:40 | 000,000,012 | ---- | M] () -- C:\Users\Junglette68\AppData\Roaming\vdnxlf.dat
[2010.07.12 14:48:39 | 007,507,968 | ---- | M] () -- C:\Users\Junglette68\Desktop\Jah Cure What Will It Take.mp3
[2010.07.12 12:15:25 | 000,000,100 | --S- | M] () -- C:\Users\Junglette68\AppData\Local\1144520260.dat
[2010.07.02 15:40:14 | 000,010,610 | ---- | M] () -- C:\Users\Junglette68\Desktop\46074255_300.jpg
[2010.07.01 14:05:08 | 000,000,032 | ---- | M] () -- C:\Windows\Menu.INI
[2010.06.30 15:23:45 | 000,111,991 | ---- | M] () -- C:\Users\Junglette68\Desktop\watch.htm
[2 C:\*.tmp files -> C:\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2010.07.22 17:03:27 | 000,010,037 | ---- | C] () -- C:\Users\Junglette68\Desktop\Rechnungseckdaten.ods
[2010.07.22 08:49:48 | 000,000,818 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.07.22 08:42:49 | 000,339,991 | ---- | C] () -- C:\Users\Junglette68\Desktop\RSIT.exe
[2010.07.22 08:35:29 | 3218,059,264 | -HS- | C] () -- C:\hiberfil.sys
[2010.07.22 06:32:34 | 000,019,339 | ---- | C] () -- C:\Users\Junglette68\Desktop\sign-in-guest.aspx.htm
[2010.07.21 13:01:16 | 000,001,724 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010.07.13 13:17:08 | 000,201,184 | ---- | C] () -- C:\Windows\System32\winrm.vbs
[2010.07.13 13:17:08 | 000,004,675 | ---- | C] () -- C:\Windows\System32\wsmanconfig_schema.xml
[2010.07.13 13:17:08 | 000,002,426 | ---- | C] () -- C:\Windows\System32\WsmTxt.xsl
[2010.07.12 14:48:28 | 007,507,968 | ---- | C] () -- C:\Users\Junglette68\Desktop\Jah Cure What Will It Take.mp3
[2010.07.12 11:57:13 | 000,000,100 | --S- | C] () -- C:\Users\Junglette68\AppData\Local\1144520260.dat
[2010.07.12 11:57:10 | 000,000,012 | ---- | C] () -- C:\Users\Junglette68\AppData\Roaming\vdnxlf.dat
[2010.07.02 15:40:13 | 000,010,610 | ---- | C] () -- C:\Users\Junglette68\Desktop\46074255_300.jpg
[2010.06.30 15:23:44 | 000,111,991 | ---- | C] () -- C:\Users\Junglette68\Desktop\watch.htm
[2010.06.11 18:12:35 | 000,000,032 | ---- | C] () -- C:\Windows\Menu.INI
[2009.12.19 16:49:56 | 000,767,952 | ---- | C] () -- C:\Windows\BDTSupport.dll
[2009.09.17 18:08:52 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009.07.06 09:30:29 | 000,007,680 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2009.07.06 09:30:29 | 000,000,547 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll.manifest
[2008.09.16 03:55:04 | 000,000,000 | ---- | C] () -- C:\Windows\VAIOUpdt.INI
[2008.09.16 03:47:25 | 000,344,064 | ---- | C] () -- C:\Windows\System32\SSMSIppCustom.dll
[2008.07.28 21:59:09 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2000.01.07 02:00:00 | 000,024,448 | ---- | C] () -- C:\Windows\sysgtime.dll
[2000.01.07 02:00:00 | 000,024,448 | ---- | C] () -- C:\Windows\System32\proclsvr.drv
 
========== LOP Check ==========
 
[2009.10.21 17:13:04 | 000,000,000 | ---D | M] -- C:\Users\Junglette68\AppData\Roaming\Ableton
[2010.06.22 15:35:39 | 000,000,000 | ---D | M] -- C:\Users\Junglette68\AppData\Roaming\Facebook
[2010.01.27 17:38:53 | 000,000,000 | ---D | M] -- C:\Users\Junglette68\AppData\Roaming\ICQ
[2009.01.22 01:07:16 | 000,000,000 | ---D | M] -- C:\Users\Junglette68\AppData\Roaming\InterVideo
[2009.07.12 15:49:25 | 000,000,000 | ---D | M] -- C:\Users\Junglette68\AppData\Roaming\Megaupload
[2009.01.20 17:09:07 | 000,000,000 | ---D | M] -- C:\Users\Junglette68\AppData\Roaming\OpenOffice.org
[2009.01.11 00:12:13 | 000,000,000 | ---D | M] -- C:\Users\Junglette68\AppData\Roaming\Opera
[2008.11.11 18:02:34 | 000,000,000 | ---D | M] -- C:\Users\Junglette68\AppData\Roaming\Qefaku
[2010.07.22 17:31:00 | 000,000,000 | ---D | M] -- C:\Users\Junglette68\AppData\Roaming\Riigq
[2009.01.28 09:36:02 | 000,000,000 | ---D | M] -- C:\Users\Junglette68\AppData\Roaming\Template
[2009.04.05 03:27:06 | 000,000,000 | ---D | M] -- C:\Users\Junglette68\AppData\Roaming\Thunderbird
[2010.07.22 07:51:45 | 000,000,000 | ---D | M] -- C:\Users\Junglette68\AppData\Roaming\Uniblue
[2009.10.24 13:40:34 | 000,000,000 | ---D | M] -- C:\Users\Junglette68\AppData\Roaming\Vodafone
[2009.07.01 22:24:22 | 000,000,000 | ---D | M] -- C:\Users\Junglette68\AppData\Roaming\Yandex
[2010.07.22 10:59:15 | 000,032,580 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 72 bytes -> C:\Windows:A3C06F0E1AB8A404
@Alternate Data Stream - 158 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:A8ADE5D8
< End of report >
         

--- --- ---

--- --- ---

ok wie gesagt lass noch mal Malwarebytes nach update laufen und zeig uns das log

Code: Alles auswählenAufklappen

ATTFilter

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 4338

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18928

22.07.2010 20:26:14
mbam-log-2010-07-22 (20-26-14).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|F:\|)
Durchsuchte Objekte: 304936
Laufzeit: 2 Stunde(n), 18 Minute(n), 36 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 1

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
C:\Program Files\Avira\AntiVir Desktop\avcenter.exe (Trojan.Agent) -> No action taken.
         

...und ich verstehs net! Hab mal net gelöscht....
...vorerst...
seh aber auch grad dass das schirmchen vom antiVir auf war

...hey, so dankbar für die Hilfe!!

ja lass den fund erst mal unberührt

Fixen mit OTL

• Starte bitte die OTL.exe.
Vista-User mit Rechtsklick "als Administrator starten"
• Kopiere nun das Folgende in die Textbox.

:OTL
O4 - HKCU..\Run: [{849EADAE-6886-82F5-699F-9ECDB2FAEF81}] C:\Users\Junglette68\AppData\Roaming\Qefaku\ydez.exe ()
:Files
:Commands
[purity]
[EMPTYFLASH]
[emptytemp]
[Reboot]

• Schliesse bitte nun alle Programme.
• Klicke nun bitte auf den Fix Button.
• OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
• Nach dem Neustart findest Du ein Textdokument dieses posten

nutze den ccleaner, bereinige dateien + registry:
http://www.trojaner-board.de/51464-a...-ccleaner.html
bitte erstelle und poste ein combofix log.
Ein Leitfaden und Tutorium zur Nutzung von ComboFix

Malwarebytes sagt das ergebnis geht verloren wenn ich schliesse ??
...File ist ja gespeichert, kann trotz warnung schliessen!?
Denke OTL mach ich dann gleich noch und der rest folgt morgen, muss ich mich reinlesen

Code: Alles auswählenAufklappen

ATTFilter

All processes killed
========== OTL ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\{849EADAE-6886-82F5-699F-9ECDB2FAEF81} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{849EADAE-6886-82F5-699F-9ECDB2FAEF81}\ not found.
C:\Users\Junglette68\AppData\Roaming\Qefaku\ydez.exe moved successfully.
========== FILES ==========
========== COMMANDS ==========
 
[EMPTYFLASH]
 
User: Administrator
 
User: All Users
 
User: Default
->Flash cache emptied: 198 bytes
 
User: Default User
->Flash cache emptied: 0 bytes
 
User: Junglette68
->Flash cache emptied: 47674 bytes
 
User: Melissa
->Flash cache emptied: 198 bytes
 
User: Public
 
Total Flash Files Cleaned = 0,00 mb
 
 
[EMPTYTEMP]
 
User: Administrator
 
User: All Users
 
User: Default
->Temp folder emptied: 16384 bytes
->Flash cache emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Junglette68
->Temp folder emptied: 2265046 bytes
->Java cache emptied: 127596513 bytes
->FireFox cache emptied: 84195300 bytes
->Google Chrome cache emptied: 53862124 bytes
->Opera cache emptied: 206720 bytes
->Flash cache emptied: 0 bytes
 
User: Melissa
->Temp folder emptied: 288925 bytes
->FireFox cache emptied: 3214854 bytes
->Flash cache emptied: 0 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 891161 bytes
RecycleBin emptied: 186016328 bytes
 
Total Files Cleaned = 437,00 mb
 
 
OTL by OldTimer - Version 3.2.9.1 log created on 07222010_205633

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...
         

mmmhh..... user default und user user?? Also, wollt anmerken hier gibts eigentlich nur zwei Benutzer....Junglette und Melissa!
Naja, wer weiß was ich da raus les....

das ist schon ok so, nun versuche combofix

Combofix Logfile:

Code: Alles auswählenAufklappen

ATTFilter

ComboFix 10-07-22.01 - Junglette68 22.07.2010  21:49:19.1.2 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.49.1031.18.3068.1974 [GMT 2:00]
ausgeführt von:: c:\users\Junglette68\Desktop\ComboFix.exe
.
ADS - Windows: deleted 72 bytes in 1 streams. 
 
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
 
c:\system volume information\SystemRestore
c:\system volume information\SystemRestore\FRStaging\Windows\bthservsdp.dat
c:\system volume information\SystemRestore\FRStaging\Windows\inf\drvindex.dat
c:\system volume information\SystemRestore\FRStaging\Windows\inf\INFCACHE.1
c:\system volume information\SystemRestore\FRStaging\Windows\inf\infpub.dat
c:\system volume information\SystemRestore\FRStaging\Windows\inf\infstor.dat
c:\system volume information\SystemRestore\FRStaging\Windows\inf\infstrng.dat
c:\system volume information\SystemRestore\FRStaging\Windows\inf\setupapi.ev1
c:\system volume information\SystemRestore\FRStaging\Windows\inf\setupapi.ev2
c:\system volume information\SystemRestore\FRStaging\Windows\inf\setupapi.ev3
c:\system volume information\SystemRestore\FRStaging\Windows\inf\WmiApRpl\0007\WmiApRpl.ini
c:\system volume information\SystemRestore\FRStaging\Windows\inf\WmiApRpl\0009\WmiApRpl.ini
c:\system volume information\SystemRestore\FRStaging\Windows\inf\WmiApRpl\WmiApRpl.h
c:\system volume information\SystemRestore\FRStaging\Windows\System32\catroot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb
c:\system volume information\SystemRestore\FRStaging\Windows\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb
c:\system volume information\SystemRestore\FRStaging\Windows\System32\catroot2\edb.chk
c:\system volume information\SystemRestore\FRStaging\Windows\System32\drivers\monitor.sys
c:\system volume information\SystemRestore\FRStaging\Windows\System32\perfc007.dat
c:\system volume information\SystemRestore\FRStaging\Windows\System32\perfc009.dat
c:\system volume information\SystemRestore\FRStaging\Windows\System32\perfh007.dat
c:\system volume information\SystemRestore\FRStaging\Windows\System32\perfh009.dat
c:\system volume information\SystemRestore\FRStaging\Windows\System32\PerfStringBackup.INI
c:\system volume information\SystemRestore\FRStaging\Windows\System32\spool\spooler.xml
c:\system volume information\SystemRestore\FRStaging\Windows\System32\wbem\Performance\WmiApRpl.h
c:\system volume information\SystemRestore\FRStaging\Windows\System32\wbem\Performance\WmiApRpl.ini
c:\system volume information\SystemRestore\FRStaging\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1104546142-3598715235-1019025001-1000UA.job
c:\system volume information\SystemRestore\FRStaging\Windows\Tasks\SA.DAT
c:\system volume information\SystemRestore\FRStaging\Windows\Tasks\SCHEDLGU.TXT
c:\system volume information\SystemRestore\FRStaging\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.18928_none_123d88132fd4bb60\iexplore.exe
c:\users\Junglette68\AppData\Local\amstreame.exe
c:\windows\system32\Thumbs.db
 
.
(((((((((((((((((((((((((((((((((((((((   Treiber/Dienste   )))))))))))))))))))))))))))))))))))))))))))))))))
.
 
-------\Service_SeekappSrch Service
 
 
(((((((((((((((((((((((   Dateien erstellt von 2010-06-22 bis 2010-07-22  ))))))))))))))))))))))))))))))
.
 
2010-07-22 18:56 . 2010-07-22 18:56    --------    d-----w-    C:\_OTL
2010-07-22 06:49 . 2010-04-29 10:19    38224    ----a-w-    c:\windows\system32\drivers\mbamswissarmy.sys
2010-07-22 06:49 . 2010-07-22 06:49    --------    d-----w-    c:\program files\Malwarebytes' Anti-Malware
2010-07-22 06:49 . 2010-04-29 10:19    20952    ----a-w-    c:\windows\system32\drivers\mbam.sys
2010-07-22 05:51 . 2010-07-22 05:51    --------    d-----w-    c:\users\Junglette68\AppData\Roaming\Uniblue
2010-07-22 05:25 . 2010-07-22 05:25    5124960    ----a-w-    c:\users\Junglette68\registrybooster.exe
2010-07-22 05:08 . 2010-07-22 05:08    6153648    ----a-w-    c:\users\Junglette68\mbam-setup.exe
2010-07-12 09:57 . 2010-07-12 10:15    100    --s-a-w-    c:\users\Junglette68\AppData\Local\1144520260.dat
2010-06-30 08:00 . 2009-11-08 08:55    99176    ----a-w-    c:\windows\system32\PresentationHostProxy.dll
2010-06-30 08:00 . 2009-11-08 08:55    49472    ----a-w-    c:\windows\system32\netfxperf.dll
2010-06-30 08:00 . 2009-11-08 08:55    297808    ----a-w-    c:\windows\system32\mscoree.dll
2010-06-30 08:00 . 2009-11-08 08:55    295264    ----a-w-    c:\windows\system32\PresentationHost.exe
2010-06-30 08:00 . 2009-11-08 08:55    1130824    ----a-w-    c:\windows\system32\dfshim.dll
2010-06-30 04:04 . 2010-06-14 16:54    11776    ----a-w-    c:\users\Junglette68\AppData\Roaming\Mozilla\Firefox\Profiles\xiwt3nuq.default\extensions\{d9284e50-81fc-11da-a72b-0800200c9a66}\lib\WINNT_x86-msvc\1.9.1\yoono.dll
2010-06-29 11:55 . 2010-04-16 16:43    28672    ----a-w-    c:\windows\system32\Apphlpdm.dll
2010-06-29 11:55 . 2010-04-16 14:39    4240384    ----a-w-    c:\windows\system32\GameUXLegacyGDFs.dll
2010-06-25 10:44 . 2010-06-25 10:44    --------    d-----w-    c:\program files\Microsoft.NET
 
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-22 20:08 . 2008-07-28 10:57    56227    ----a-w-    c:\programdata\nvModes.dat
2010-07-22 20:07 . 2008-01-21 07:15    628742    ----a-w-    c:\windows\system32\perfh007.dat
2010-07-22 20:07 . 2008-01-21 07:15    126454    ----a-w-    c:\windows\system32\perfc007.dat
2010-07-22 19:58 . 2008-07-28 10:48    1076    ----a-w-    c:\windows\bthservsdp.dat
2010-07-22 18:56 . 2008-11-11 16:02    --------    d-----w-    c:\users\Junglette68\AppData\Roaming\Qefaku
2010-07-22 18:54 . 2009-07-28 00:09    --------    d-----w-    c:\users\Junglette68\AppData\Roaming\Riigq
2010-07-22 15:06 . 2009-01-20 15:10    1    ----a-w-    c:\users\Junglette68\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-07-22 09:04 . 2009-12-19 04:36    --------    d-----w-    c:\program files\trend micro
2010-07-22 06:03 . 2009-09-27 19:38    --------    d-----w-    c:\program files\Mobile Partner
2010-07-20 12:14 . 2008-11-29 16:25    --------    d-----w-    c:\users\Junglette68\AppData\Roaming\Winamp
2010-07-20 12:14 . 2006-11-02 11:18    --------    d-----w-    c:\program files\Windows Mail
2010-07-19 15:09 . 2010-07-12 09:57    12    ----a-w-    c:\users\Junglette68\AppData\Roaming\vdnxlf.dat
2010-06-22 13:35 . 2010-06-22 13:35    50354    ----a-w-    c:\users\Junglette68\AppData\Roaming\Facebook\uninstall.exe
2010-06-22 13:35 . 2010-06-22 13:35    --------    d-----w-    c:\users\Junglette68\AppData\Roaming\Facebook
2010-06-20 12:14 . 2008-07-28 12:56    --------    d-----w-    c:\program files\Java
2010-06-18 19:29 . 2008-11-06 19:17    1356    ----a-w-    c:\users\Junglette68\AppData\Local\d3d9caps.dat
2010-06-12 08:53 . 2009-04-23 00:51    --------    d-----w-    c:\program files\Microsoft Silverlight
2010-06-09 10:45 . 2010-06-09 10:45    5591040    ----a-w-    c:\users\Junglette68\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll
2010-05-26 17:06 . 2010-06-11 16:18    34304    ----a-w-    c:\windows\system32\atmlib.dll
2010-05-26 14:47 . 2010-06-11 16:18    289792    ----a-w-    c:\windows\system32\atmfd.dll
2010-05-21 12:14 . 2009-10-02 16:11    221568    ------w-    c:\windows\system32\MpSigStub.exe
2010-05-04 05:59 . 2010-06-11 16:16    916480    ----a-w-    c:\windows\system32\wininet.dll
2010-05-04 05:55 . 2010-06-11 16:16    109056    ----a-w-    c:\windows\system32\iesysprep.dll
2010-05-04 05:55 . 2010-06-11 16:16    71680    ----a-w-    c:\windows\system32\iesetup.dll
2010-05-04 04:31 . 2010-06-11 16:16    133632    ----a-w-    c:\windows\system32\ieUnatt.exe
2010-05-01 14:13 . 2010-06-11 16:16    2037248    ----a-w-    c:\windows\system32\win32k.sys
2010-04-05 18:52 . 2010-04-05 18:52    1059792    ----a-w-    c:\program files\moovida-setup.exe
2010-04-02 21:56 . 2010-04-02 21:55    33850672    ----a-w-    c:\program files\QuickTimeInstaller.exe
2010-03-03 13:42 . 2010-03-03 13:42    21603248    ----a-w-    c:\program files\DivXInstaller721.exe
2009-08-06 12:35 . 2009-08-06 12:27    27899032    ----a-w-    c:\program files\AdbeRdr910_de_DE.exe
.
 
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WindowsWelcomeCenter"="oobefldr.dll" [2009-04-11 2153472]
"NSUFloatingUI"="c:\program files\Sony\Network Utility\LANUtil.exe" [2008-06-27 262144]
"MsnMsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883840]
"MySpaceIM"="c:\program files\MySpace\IM\MySpaceIM.exe" [2009-09-29 9347072]
"ISUSPM"="c:\programdata\Macrovision\FLEXnet Connect\6\ISUSPM.exe" [2007-03-29 222128]
"VMpTtray.exe"="c:\program files\Sony\VAIO Media plus\VMpTtray.exe" [2008-05-24 86016]
"Google Update"="c:\users\Junglette68\AppData\Local\Google\Update\GoogleUpdate.exe" [2009-11-01 133104]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"RtHDVCpl"="RtHDVCpl.exe" [2008-06-23 6111232]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-07-04 1295656]
"WPCUMI"="c:\windows\system32\WpcUmi.exe" [2006-11-02 176128]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"Skytel"="Skytel.exe" [2008-06-23 1826816]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-06-07 13539872]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-06-07 92704]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-17 421888]
" Malwarebytes Anti-Malware  (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-04-29 1090952]
 
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"MySpaceIM"="c:\program files\MySpace\IM\MySpaceIM.exe" [2009-09-29 9347072]
 
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
 
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2008-07-15 16:04    98304    ----a-w-    c:\windows\System32\VESWinlogon.dll
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
 
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Acrobat - Schnellstart.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Acrobat - Schnellstart.lnk
backup=c:\windows\pss\Adobe Acrobat - Schnellstart.lnk.CommonStartup
backupExtension=.CommonStartup
 
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk
backup=c:\windows\pss\Adobe Reader Synchronizer.lnk.CommonStartup
backupExtension=.CommonStartup
 
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^BTTray.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\BTTray.lnk
backup=c:\windows\pss\BTTray.lnk.CommonStartup
backupExtension=.CommonStartup
 
[HKLM\~\startupfolder\C:^Users^Junglette68^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.0.lnk]
path=c:\users\Junglette68\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.0.lnk
backup=c:\windows\pss\OpenOffice.org 3.0.lnk.Startup
backupExtension=.Startup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VMCL
 
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISBMgr.exe]
2008-04-03 18:03    317280    ----a-w-    c:\program files\Sony\ISB Utility\ISBMgr.exe
 
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM]
2007-03-29 14:41    222128    ----a-w-    c:\programdata\Macrovision\FLEXnet Connect\6\ISUSPM.exe
 
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MarketingTools]
2008-09-16 01:45    24576    ----a-w-    c:\program files\Sony\Marketing Tools\MarketingTools.exe
 
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-03-17 19:53    421888    ----a-w-    c:\program files\QuickTime\QTTask.exe
 
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2009-07-01 16:37    37888    ----a-w-    c:\program files\Winamp\winampa.exe
 
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
 
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
"VistaSp2"=hex(b):b2,99,59,db,2b,5b,ca,01
 
R2 Browser Defender Update Service;Browser Defender Update Service;c:\users\Junglette68\Desktop\Spyware Doctor\BDT\BDTUpdateService.exe [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
R3 EverestDriver;Lavalys EVEREST Kernel Driver;c:\program files\Lavalys\EVEREST Ultimate Edition\kerneld.wnt [2010-03-30 27760]
R3 MHIKEY10;MHIKEY10;c:\windows\system32\Drivers\MHIKEY10.sys [2008-05-27 50560]
R3 sdAuxService;PC Tools Auxiliary Service;c:\users\Junglette68\Desktop\Spyware Doctor\pctsAuxs.exe [x]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R4 NSUService;NSUService;c:\program files\Sony\Network Utility\NSUService.exe [2008-06-27 299008]
R4 VCFw;VAIO Content Folder Watcher;c:\program files\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [2008-06-20 415744]
R4 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe [2008-06-11 83232]
S0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2009-11-09 207792]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2009-05-13 108289]
S2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-04-17 11032]
S2 SOHCImp;VAIO Media plus Content Importer;c:\program files\Sony\VAIO Media plus\SOHCImp.exe [2008-05-20 103712]
S2 SOHDms;VAIO Media plus Digital Media Server;c:\program files\Sony\VAIO Media plus\SOHDms.exe [2008-05-20 353568]
S2 SOHDs;VAIO Media plus Device Searcher;c:\program files\Sony\VAIO Media plus\SOHDs.exe [2008-05-20 62752]
S2 VAIO Power Management;VAIO Power Management;c:\program files\Sony\VAIO Power Management\SPMService.exe [2008-06-19 411488]
S3 NETw5v32;Intel(R) Wireless WiFi Link Adaptertreiber für Windows Vista 32-Bit;c:\windows\system32\DRIVERS\NETw5v32.sys [2008-04-28 3658752]
S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\DRIVERS\SFEP.sys [2008-03-10 9344]
S3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2008-06-11 337184]
 
 
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs    REG_MULTI_SZ       BthServ
LocalServiceAndNoImpersonation    REG_MULTI_SZ       FontCache
.
Inhalt des "geplante Tasks" Ordners
 
2010-07-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1104546142-3598715235-1019025001-1000Core.job
- c:\users\Junglette68\AppData\Local\Google\Update\GoogleUpdate.exe [2009-11-01 12:53]
 
2010-07-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1104546142-3598715235-1019025001-1000UA.job
- c:\users\Junglette68\AppData\Local\Google\Update\GoogleUpdate.exe [2009-11-01 12:53]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://start.icq.com/
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
LSP: c:\windows\system32\wpclsp.dll
FF - ProfilePath - c:\users\Junglette68\AppData\Roaming\Mozilla\Firefox\Profiles\xiwt3nuq.default\
FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampie7&query=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://home.myspace.com/index.cfm?fuseaction=home
FF - prefs.js: keyword.URL - hxxp://search.sweetim.com/search.asp?src=2&q=
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: c:\users\Junglette68\AppData\Local\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\users\Junglette68\AppData\Local\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\users\Junglette68\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
 
---- FIREFOX Richtlinien ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); 
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type",                  5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation",  false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
 
WebBrowser-{EEE6C35B-6118-11DC-9C72-001320C79847} - (no file)
MSConfigStartUp-Acrobat Assistant 8 - c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
MSConfigStartUp-ccleaner - c:\program files\CCleaner\CCleaner.exe
MSConfigStartUp-Google Desktop Search - c:\program files\Google\Google Desktop Search\GoogleDesktop.exe
MSConfigStartUp-iTunesHelper - c:\program files\iTunes\iTunesHelper.exe
MSConfigStartUp-mcagent_exe - c:\program files\McAfee.com\Agent\mcagent.exe
MSConfigStartUp-McENUI - c:\progra~1\McAfee\MHN\McENUI.exe
MSConfigStartUp-qkygyys - c:\users\junglette68\appdata\local\qkygyys.exe
MSConfigStartUp-swg - c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
AddRemove-{2460923D-1AA6-47FE-A375-76308780D20F} - c:\program files\InstallShield Installation Information\{2460923D-1AA6-47FE-A375-76308780D20F}\setup.exe
 
 
 
**************************************************************************
 
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2010-07-22 22:09
Windows 6.0.6002 Service Pack 2 NTFS
 
Scanne versteckte Prozesse... 
 
Scanne versteckte Autostarteinträge... 
 
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
  MsnMsgr = "c:\program files\Windows Live\Messenger\msnmsgr.exe" /background??s 
 
Scanne versteckte Dateien... 
 
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
 
**************************************************************************
 
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\EverestDriver]
"ImagePath"="\??\c:\program files\Lavalys\EVEREST Ultimate Edition\kerneld.wnt"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
 
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
 
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\WLANExt.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Intel\WiFi\bin\EvtEng.exe
c:\program files\Common Files\Intel\WirelessCommon\RegSrvc.exe
c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
c:\windows\system32\DRIVERS\xaudio.exe
c:\windows\system32\WUDFHost.exe
c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
c:\program files\Sony\VAIO Power Management\SPMgr.exe
c:\windows\system32\conime.exe
c:\program files\Sony\VAIO Update 4\VAIOUpdt.exe
c:\windows\System32\rundll32.exe
c:\program files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2010-07-22  22:13:14 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2010-07-22 20:13
 
Vor Suchlauf: 11 Verzeichnis(se), 195.084.894.208 Bytes frei
Nach Suchlauf: 16 Verzeichnis(se), 194.686.177.280 Bytes frei
 
Current=1 Default=1 Failed=0 LastKnownGood=50 Sets=1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50
- - End Of File - - B338415ECFFCF12F19DF96FC41280D5F
         

--- --- ---



so....nach CC cleaner hab ich auch den hier gemacht
mir fällt ein Seekapp (Datei, Programm o.Ä.) auf, welches vor ca 8 Monaten ein riesiges Trojanerproblem für mich war!
Auch hier im Board eigentlich, sicher entfernt!!

Ich verweisse gleich mal auf die Beiträge von damals

http://www.trojaner-board.de/80552-t...app-admin.html

vielleicht ist da auch ne verbindung odda so....
...hab halt echt kein plan

aaaaaaaaaaaaaber:

Bildschirm funktioniert ab dem zuletzt ausgeführten Combi ding wieder einwandfrei!!

Dafür schon mal vielen Dank!!

das könnte ein nicht mehr aktiever service gewesen sein. also keine gefahr.

Start, programme, zubehör, editor, kopiere rein:

Killall::
Rootkit::
c:\users\Junglette68\AppData\Local\1144520260.dat
Folder::
c:\users\Junglette68\AppData\Roaming\Qefaku
c:\users\Junglette68\AppData\Roaming\Riigq
c:\users\Junglette68\AppData\Roaming\vdnxlf.dat
datei speichern unter, typ, alle dateien.
name cfscript.txt
speichere es dort, wo sich combofix.exe befindet, ziehe cfscript auf combofix, programm startet, log posten