Da ich in der Suche nix gefunden habe schildere ich mein Problem mal. Benutze iGoogle als personalisierte Startseite. Wenn ich www.google.de so in der Taskleiste eingebe --> kommt immer eine Seite Gondors Armee der Hoffnung obwohl oben Google drin steht. Habe diese Problem im IE und im Mozilla Browser. Habe Antvir durchlaufen lassen und er fand dieses hier JAVA/C-2009-3867.EH. Was soll ich tun??

Zitat:

Habe Antvir durchlaufen lassen und er fand dieses hier JAVA/C-2009-3867.EH. Was soll ich tun??

Immer die genauen Schädlingsnamen und Pfadangaben notieren und posten!

Aus den Regeln:

5. Beschreibe Dein Problem in einigen Sätzen und arbeite diese Anleitung ab Punkt 2. durch
Auch Funde von deiner Sicherheitssoftware bitte im Thema nennen: (z.B. c:\windows\virus.exe)
Fehlen diese Angaben, kann und wird dir hier niemand helfen.

Habe nicht gewusst wo es steht. Habe diese beiden Sachen drauf:

Die Datei 'C:\Users\Rene\AppData\Local\Temp\asdf.exe'
enthielt einen Virus oder unerwünschtes Programm 'TR/Dropper.Gen' [trojan].
Durchgeführte Aktion(en):
Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '4d03542b.qua' verschoben!

Die Datei 'C:\Users\Rene\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\10\78d6980a-5194cd44'
enthielt einen Virus oder unerwünschtes Programm 'JAVA/C-2009-3867.EH' [virus].
Durchgeführte Aktion(en):
Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '4d0353f0.qua' verschoben!

Wie bekomme ich denn mein Browser wieder hin?? Ist onlinebanking und so weiter jetzt unsicher?

Bitte routinemäßig einen Vollscan mit Malwarebytes machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Danach OTL:

Systemscan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop

• Doppelklick auf die OTL.exe
• Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
• Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
• Unter Extra Registry, wähle bitte Use SafeList
• Klicke nun auf Run Scan links oben
• Wenn der Scan beendet wurde werden 2 Logfiles erstellt
• Poste die Logfiles hier in den Thread.

So Malewarebytes hat dies:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 4701

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18943

27.09.2010 12:06:04
mbam-log-2010-09-27 (12-06-04).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 368737
Laufzeit: 1 Stunde(n), 28 Minute(n), 13 Sekunde(n)

Infizierte Speicherprozesse: 1
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 1
Infizierte Registrierungswerte: 2
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 2
Infizierte Dateien: 4

Infizierte Speicherprozesse:
C:\Users\Rene\AppData\Roaming\install\server.exe (Backdoor.Bot.M) -> No action taken.

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5vm4dn43-s76d-7xdo-rl61-cc6pjq8ktbi1} (Generic.Bot.H) -> No action taken.

Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\policies (Backdoor.Bot.M) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\policies (Backdoor.Bot.M) -> No action taken.

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
C:\directory\CyberGate (Trojan.PWS) -> No action taken.
C:\directory\CyberGate\install (Trojan.PWS) -> No action taken.

Infizierte Dateien:
C:\Users\Rene\AppData\Roaming\install\server.exe (Generic.Bot.H) -> No action taken.
C:\Users\Rene\Desktop\Prototype Trainer.exe (Trojan.Dropper) -> No action taken.
C:\directory\CyberGate\install\server.exe (Trojan.PWS) -> No action taken.
C:\Users\Rene\AppData\Roaming\cglogs.dat (Malware.Trace) -> No action taken.


Und OTL dies:OTL Logfile:

Code: Alles auswählenAufklappen

ATTFilter

OTL logfile created on: 27.09.2010 13:02:34 - Run 1
OTL by OldTimer - Version 3.2.14.1     Folder = C:\René\Software
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18943)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 41,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 72,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 223,90 Gb Total Space | 127,44 Gb Free Space | 56,92% Space Free | Partition Type: NTFS
Drive D: | 8,98 Gb Total Space | 1,66 Gb Free Space | 18,47% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: RENE-PC
Current User Name: Rene
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Processes (SafeList) ==========
 
PRC - C:\René\Software\Oldtimer.exe (OldTimer Tools)
PRC - C:\Windows\System32\Macromed\Flash\FlashUtil10i_ActiveX.exe (Adobe Systems, Inc.)
PRC - C:\Program Files\Winamp\winampa.exe (Nullsoft, Inc.)
PRC - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia)
PRC - C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe (Nokia)
PRC - C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe (Nokia)
PRC - C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe (Nokia)
PRC - C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe (Nokia)
PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe (Nokia)
PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
PRC - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
PRC - C:\Program Files\phonostar\ps_timer.exe (phonostar)
PRC - C:\Windows\SMINST\BLService.exe ()
PRC - C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE (CANON INC.)
PRC - C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
PRC - C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation)
PRC - C:\Windows\System32\CNAB4RPK.EXE (CANON INC.)
PRC - C:\Users\Rene\AppData\Roaming\install\server.exe (Twain Working Group)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\René\Software\Oldtimer.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll (Microsoft Corporation)
MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (ServiceLayer) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia)
SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (SBSDWSCService) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
SRV - (Recovery Service for Windows) -- C:\Windows\SMINST\BLService.exe ()
SRV - (ezSharedSvc) -- C:\Windows\System32\ezsvc7.dll (EasyBits Sofware AS)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation)
SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (NwlnkFwd) -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- C:\Windows\System32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- C:\Windows\System32\DRIVERS\ipinip.sys File not found
DRV - (cpuz132) -- C:\Users\Rene\AppData\Local\Temp\cpuz132\cpuz132_x32.sys File not found
DRV - (UsbserFilt) -- C:\Windows\System32\drivers\usbser_lowerfltj.sys (Nokia)
DRV - (upperdev) -- C:\Windows\System32\drivers\usbser_lowerflt.sys (Nokia)
DRV - (nmwcdc) -- C:\Windows\System32\drivers\ccdcmbo.sys (Nokia)
DRV - (nmwcd) -- C:\Windows\System32\drivers\ccdcmb.sys (Nokia)
DRV - (nmwcdnsu) -- C:\Windows\System32\drivers\nmwcdnsu.sys (Nokia)
DRV - (nmwcdnsuc) -- C:\Windows\System32\drivers\nmwcdnsuc.sys (Nokia)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (winusb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (avgio) -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (hwdatacard) -- C:\Windows\System32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
DRV - (KMWDFILTER) -- C:\Windows\System32\drivers\KMWDFILTER.sys (Windows (R) Codename Longhorn DDK provider)
DRV - (CnxtHdAudService) -- C:\Windows\System32\drivers\CHDRT32.sys (Conexant Systems Inc.)
DRV - (pccsmcfd) -- C:\Windows\System32\drivers\pccsmcfd.sys (Nokia)
DRV - (RTSTOR) -- C:\Windows\System32\drivers\RTSTOR.sys (Realtek Semiconductor Corp.)
DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation                                            )
DRV - (NVHDA) -- C:\Windows\System32\drivers\nvhda32v.sys (NVIDIA Corporation)
DRV - (SynTP) -- C:\Windows\System32\drivers\SynTP.sys (Synaptics, Inc.)
DRV - (MegaSR) -- C:\Windows\system32\drivers\megasr.sys (LSI Corporation, Inc.)
DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Corporation)
DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)
DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (HSFHWAZL) -- C:\Windows\System32\drivers\VSTAZL3.SYS (Conexant Systems, Inc.)
DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (HSF_DPV) -- C:\Windows\System32\drivers\HSX_DPV.sys (Conexant Systems, Inc.)
DRV - (HSXHWAZL) -- C:\Windows\System32\drivers\HSXHWAZL.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\Windows\System32\drivers\HSX_CNXT.sys (Conexant Systems, Inc.)
DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio.sys (Conexant Systems, Inc.)
DRV - (HpqKbFiltr) -- C:\Windows\System32\drivers\HpqKbFiltr.sys (Hewlett-Packard Development Company, L.P.)
DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
DRV - (NVENETFD) -- C:\Windows\System32\drivers\nvm60x32.sys (NVIDIA Corporation)
DRV - (BCM43XV) -- C:\Windows\System32\drivers\BCMWL6.SYS (Broadcom Corporation)
DRV - (GT680xNT) -- C:\Windows\System32\drivers\Gt680x.sys (   )
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=83&bd=Presario&pf=cnnb
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=83&bd=Presario&pf=cnnb
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=83&bd=Presario&pf=cnnb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ig?hl=de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.selectedEngine: "ICQ Search"
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8
FF - prefs.js..extensions.enabledItems: fastYoutubeDownloader@yevgenyandrov.net:1.2.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: bkmrksync@nokia.com:1.0.0.723
FF - prefs.js..extensions.enabledItems: youtube2mp3@mondayx.de:1.0.7
FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=2.0.0.1&q="
 
FF - HKLM\software\mozilla\Firefox\Extensions\\bkmrksync@nokia.com: C:\Program Files\Nokia\Nokia PC Suite 7\bkmrksync\ [2010.05.15 17:35:22 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.09.23 09:27:57 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.09.23 09:27:57 | 000,000,000 | ---D | M]
 
[2009.12.15 12:44:28 | 000,000,000 | ---D | M] -- C:\Users\Rene\AppData\Roaming\mozilla\Extensions
[2010.09.26 16:41:54 | 000,000,000 | ---D | M] -- C:\Users\Rene\AppData\Roaming\mozilla\Firefox\Profiles\6ttrhcwv.default\extensions
[2010.08.11 19:19:28 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Rene\AppData\Roaming\mozilla\Firefox\Profiles\6ttrhcwv.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2010.07.12 19:50:42 | 000,000,000 | ---D | M] -- C:\Users\Rene\AppData\Roaming\mozilla\Firefox\Profiles\6ttrhcwv.default\extensions\fastYoutubeDownloader@yevgenyandrov.net
[2010.05.13 11:34:23 | 000,000,000 | ---D | M] -- C:\Users\Rene\AppData\Roaming\mozilla\Firefox\Profiles\6ttrhcwv.default\extensions\youtube2mp3@mondayx.de
[2010.09.22 11:27:02 | 000,000,961 | ---- | M] () -- C:\Users\Rene\AppData\Roaming\Mozilla\FireFox\Profiles\6ttrhcwv.default\searchplugins\icqplugin-1.xml
[2010.06.15 14:53:37 | 000,000,961 | ---- | M] () -- C:\Users\Rene\AppData\Roaming\Mozilla\FireFox\Profiles\6ttrhcwv.default\searchplugins\icqplugin-2.xml
[2010.04.16 19:41:18 | 000,000,955 | ---- | M] () -- C:\Users\Rene\AppData\Roaming\Mozilla\FireFox\Profiles\6ttrhcwv.default\searchplugins\icqplugin.xml
[2010.08.11 17:35:38 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2008.12.18 15:42:41 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2010.05.10 20:36:58 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010.08.11 17:35:38 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010.07.17 05:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2010.07.12 18:33:56 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npwachk.dll
[2010.09.23 09:27:48 | 000,001,392 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.09.23 09:27:48 | 000,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.09.23 09:27:48 | 000,006,805 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.09.23 09:27:48 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.09.23 09:27:48 | 000,000,801 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2007.12.11 13:50:52 | 000,000,847 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 81.169.180.144 www.google.de
O1 - Hosts: 81.169.180.144 google.de
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (WinAVI FLVSense) - {E8DF67A1-B618-4F3F-9E7C-CBE175ADEF5B} - C:\Program Files\WinAVI FLV Converter\FLVTune.dll (ZJMedia)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [Nokia FastStart] C:\Program Files\Nokia\Nokia Music\NokiaMusic.exe (Nokia)
O4 - HKLM..\Run: [NokiaMServer] C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe (Nokia)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [Performance Center] C:\Program Files\Ascentive\Performance Center\APCMain.exe File not found
O4 - HKLM..\Run: [UCam_Menu] C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe (Nullsoft, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation)
O4 - HKCU..\Run: [fsm]  File not found
O4 - HKCU..\Run: [ICQ] C:\Program Files\ICQ7.0\ICQ.exe (ICQ, LLC.)
O4 - HKCU..\Run: [msnmsgr] C:\Program Files\MSN Messenger\msnmsgr.exe File not found
O4 - HKCU..\Run: [PC Suite Tray] C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe (Nokia)
O4 - HKCU..\Run: [PhonostarTimer] C:\Program Files\phonostar\ps_timer.exe (phonostar)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
O4 - HKCU..\Run: [Uniblue RegistryBooster 2009] c:\program files\uniblue\registrybooster\StartRegistryBooster.exe File not found
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - Startup: C:\Users\Rene\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote Inhaltsverzeichnis.onetoc2 ()
O4 - Startup: C:\Users\Rene\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SendTo [2010.08.04 19:26:29 | 000,000,000 | ---D | M]
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: Policies = C:\Users\Rene\AppData\Roaming\install\server.exe (Twain Working Group)
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: Policies = C:\Users\Rene\AppData\Roaming\install\server.exe (Twain Working Group)
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files\ICQ7.0\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files\ICQ7.0\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: WinAVI FLV Manager - {DE365254-2F9B-4908-9E3A-7AAA6EC90BCC} - C:\Program Files\WinAVI FLV Converter\FLVTune.dll (ZJMedia)
O9 - Extra 'Tools' menuitem : WinAVI FLV Manager - {DE365254-2F9B-4908-9E3A-7AAA6EC90BCC} - C:\Program Files\WinAVI FLV Converter\FLVTune.dll (ZJMedia)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {888078C6-70B2-4F88-8EE7-1F50DDEA6120} https://as.photoprintit.de/ips-opdata/activex/ImageUploader6.cab (CeWe Color AG & Co. OHG Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAC677B6-4963-4305-9066-0BD135CD9233} https://as.photoprintit.de/ips-opdata/layout/default_cms01/activex/IPSUploader4.cab (IPSUploader4 Control)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} hxxp://icq.oberon-media.com/Gameshell/GameHost/1.0/OberonGameHost.cab (Oberon Flash Game Host)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Rene\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Rene\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{260268fc-ff78-11de-b175-001d7270c6ba}\Shell - "" = AutoRun
O33 - MountPoints2\{260268fc-ff78-11de-b175-001d7270c6ba}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found
O33 - MountPoints2\{2602694e-ff78-11de-b175-001d7270c6ba}\Shell - "" = AutoRun
O33 - MountPoints2\{2602694e-ff78-11de-b175-001d7270c6ba}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found
O33 - MountPoints2\{26026973-ff78-11de-b175-001d7270c6ba}\Shell - "" = AutoRun
O33 - MountPoints2\{26026973-ff78-11de-b175-001d7270c6ba}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found
O33 - MountPoints2\{26026975-ff78-11de-b175-001d7270c6ba}\Shell - "" = AutoRun
O33 - MountPoints2\{26026975-ff78-11de-b175-001d7270c6ba}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found
O33 - MountPoints2\{3e88c4be-29dc-11de-9cfb-001d7270c6ba}\Shell - "" = AutoRun
O33 - MountPoints2\{3e88c4be-29dc-11de-9cfb-001d7270c6ba}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -- File not found
O33 - MountPoints2\{640ae9f7-ff8a-11de-865c-001d7270c6ba}\Shell - "" = AutoRun
O33 - MountPoints2\{640ae9f7-ff8a-11de-865c-001d7270c6ba}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found
O33 - MountPoints2\{640aea0c-ff8a-11de-865c-001d7270c6ba}\Shell - "" = AutoRun
O33 - MountPoints2\{640aea0c-ff8a-11de-865c-001d7270c6ba}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found
O33 - MountPoints2\{640aea0e-ff8a-11de-865c-001d7270c6ba}\Shell - "" = AutoRun
O33 - MountPoints2\{640aea0e-ff8a-11de-865c-001d7270c6ba}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2010.09.27 09:57:44 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2010.09.27 09:43:13 | 000,000,000 | ---D | C] -- C:\Users\Rene\AppData\Roaming\Malwarebytes
[2010.09.27 09:43:06 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010.09.27 09:43:04 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010.09.27 09:43:04 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010.09.27 09:43:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010.09.26 17:41:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2010.09.26 17:41:41 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2010.09.26 16:13:38 | 012,049,864 | ---- | C] (Microsoft Corporation) -- C:\Users\Rene\Desktop\windows-kb890830-v3.10.exe
[2010.09.22 11:01:42 | 000,000,000 | ---D | C] -- C:\Program Files\LeechGet 2009 Downloadmanager
[2010.09.21 15:26:52 | 000,000,000 | ---D | C] -- C:\Users\Rene\AppData\Roaming\Software Informer
[2010.09.21 15:26:52 | 000,000,000 | ---D | C] -- C:\Program Files\Software Informer
[2010.09.19 17:04:33 | 000,000,000 | ---D | C] -- C:\Program Files\Plus!
[2010.09.19 17:00:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Driver Mender
[2010.09.16 09:59:13 | 000,000,000 | ---D | C] -- C:\Users\Rene\AppData\Roaming\install
[2010.09.15 15:58:30 | 000,317,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MP4SDECD.DLL
[2010.09.11 16:19:55 | 000,000,000 | ---D | C] -- C:\directory
[2008.11.15 11:20:03 | 000,017,932 | R--- | C] (   ) -- C:\Windows\System32\drivers\Gt680x.sys
 
========== Files - Modified Within 30 Days ==========
 
[2010.09.27 13:01:40 | 003,932,160 | -HS- | M] () -- C:\Users\Rene\NTUSER.DAT
[2010.09.27 12:56:17 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010.09.27 12:53:55 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010.09.27 12:53:55 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010.09.27 09:43:08 | 000,000,778 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.09.26 20:12:00 | 000,001,088 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010.09.26 19:00:05 | 000,000,249 | ---- | M] () -- C:\Users\Public\Documents\hpqp.ini
[2010.09.26 18:59:58 | 000,243,628 | ---- | M] () -- C:\ProgramData\nvModes.001
[2010.09.26 18:59:52 | 000,243,628 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2010.09.26 18:53:59 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010.09.26 18:53:53 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.09.26 18:53:51 | 3218,284,544 | -HS- | M] () -- C:\hiberfil.sys
[2010.09.26 18:52:47 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2010.09.26 18:52:40 | 000,524,288 | -HS- | M] () -- C:\Users\Rene\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regtrans-ms
[2010.09.26 18:52:40 | 000,065,536 | -HS- | M] () -- C:\Users\Rene\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2010.09.26 18:52:34 | 003,748,373 | -H-- | M] () -- C:\Users\Rene\AppData\Local\IconCache.db
[2010.09.26 17:41:50 | 000,001,015 | ---- | M] () -- C:\Users\Rene\Desktop\Spybot - Search & Destroy.lnk
[2010.09.26 16:18:52 | 012,049,864 | ---- | M] (Microsoft Corporation) -- C:\Users\Rene\Desktop\windows-kb890830-v3.10.exe
[2010.09.26 14:26:18 | 000,000,424 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{36FF05EA-DA5C-4CA9-B1B8-91A9A37F64D5}.job
[2010.09.17 18:05:24 | 000,118,272 | ---- | M] () -- C:\Users\Rene\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.09.16 14:38:28 | 001,472,816 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010.09.16 14:38:28 | 000,630,116 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2010.09.16 14:38:28 | 000,598,246 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010.09.16 14:38:28 | 000,127,146 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2010.09.16 14:38:28 | 000,105,388 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010.09.16 13:48:54 | 000,000,306 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2010.09.16 10:51:57 | 000,019,030 | -H-- | M] () -- C:\Users\Rene\AppData\Roaming\cglogs.dat
[2010.08.31 20:22:59 | 000,000,162 | -H-- | M] () -- C:\Users\Rene\Desktop\~$mplettlösung Prototype.docx
 
========== Files Created - No Company Name ==========
 
[2010.09.27 09:43:08 | 000,000,778 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.09.26 17:41:50 | 000,001,015 | ---- | C] () -- C:\Users\Rene\Desktop\Spybot - Search & Destroy.lnk
[2010.09.11 18:09:21 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2010.08.31 20:22:59 | 000,000,162 | -H-- | C] () -- C:\Users\Rene\Desktop\~$mplettlösung Prototype.docx
[2010.05.15 12:13:49 | 000,307,200 | ---- | C] () -- C:\Windows\System32\AscSQLite.dll
[2010.04.10 11:00:26 | 000,000,567 | ---- | C] () -- C:\Windows\wiso.ini
[2009.09.17 15:26:32 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009.08.03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009.06.22 15:12:58 | 000,000,632 | ---- | C] () -- C:\Windows\Sof2.INI
[2009.02.04 13:41:40 | 000,027,648 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll
[2009.02.03 19:13:50 | 000,010,871 | ---- | C] () -- C:\Users\Rene\AppData\Roaming\UserTile.png
[2009.01.23 19:42:36 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2008.12.27 16:17:47 | 000,000,196 | ---- | C] () -- C:\Windows\ulead32.ini
[2008.12.11 15:51:37 | 000,007,592 | ---- | C] () -- C:\Users\Rene\AppData\Local\d3d9caps.dat
[2008.11.20 16:02:49 | 000,138,184 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2008.11.19 19:40:46 | 000,043,520 | ---- | C] () -- C:\Windows\System32\CmdLineExt03.dll
[2008.11.15 11:20:03 | 000,000,114 | ---- | C] () -- C:\Windows\SCNDRVU.INI
[2008.11.15 11:20:01 | 000,011,776 | ---- | C] () -- C:\Windows\System32\pmsbfn32.dll
[2008.11.15 11:19:54 | 000,000,403 | ---- | C] () -- C:\Windows\umxaddin.ini
[2008.11.02 15:11:34 | 000,118,272 | ---- | C] () -- C:\Users\Rene\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.10.31 22:02:23 | 000,000,000 | ---- | C] () -- C:\Users\Rene\AppData\Local\FnF4.txt
[2008.10.30 18:41:55 | 000,000,274 | ---- | C] () -- C:\Users\Rene\AppData\Roaming\wklnhst.dat
[2008.10.30 18:34:28 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
[2008.10.30 15:17:18 | 000,000,000 | ---- | C] () -- C:\Users\Rene\AppData\Local\QSwitch.txt
[2008.10.30 15:17:18 | 000,000,000 | ---- | C] () -- C:\Users\Rene\AppData\Local\DSwitch.txt
[2008.10.30 15:17:18 | 000,000,000 | ---- | C] () -- C:\Users\Rene\AppData\Local\AtStart.txt
[2008.09.16 04:36:34 | 000,243,628 | ---- | C] () -- C:\ProgramData\nvModes.001
[2008.09.16 04:36:06 | 000,243,628 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.03.09 11:58:00 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2005.04.08 04:16:43 | 000,019,030 | -H-- | C] () -- C:\Users\Rene\AppData\Roaming\cglogs.dat
[2002.10.31 20:12:16 | 000,049,152 | R--- | C] () -- C:\Windows\AutoSet.dll
[2002.10.06 20:42:57 | 000,237,568 | ---- | C] () -- C:\Windows\System32\OggDS.dll
[2002.10.05 01:04:25 | 000,921,600 | ---- | C] () -- C:\Windows\System32\vorbisenc.dll
[2002.10.05 01:04:24 | 000,188,416 | ---- | C] () -- C:\Windows\System32\vorbis.dll
[2002.10.05 01:04:17 | 000,045,056 | ---- | C] () -- C:\Windows\System32\ogg.dll
< End of report >
         

--- --- ---

Hast Du alle Funde mit Malwarebytes auch entfernt?

Suchlauf nochmals gemacht und jetztschaut es so aus:


27.09.2010 16:42:28
mbam-log-2010-09-27 (16-42-28).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 368245
Laufzeit: 1 Stunde(n), 27 Minute(n), 1 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 1
Infizierte Registrierungswerte: 2
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 2
Infizierte Dateien: 4

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5vm4dn43-s76d-7xdo-rl61-cc6pjq8ktbi1} (Generic.Bot.H) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\policies (Backdoor.Bot.M) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\policies (Backdoor.Bot.M) -> Quarantined and deleted successfully.

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
C:\directory\CyberGate (Trojan.PWS) -> Quarantined and deleted successfully.
C:\directory\CyberGate\install (Trojan.PWS) -> Quarantined and deleted successfully.

Infizierte Dateien:
C:\Users\Rene\AppData\Roaming\install\server.exe (Generic.Bot.H) -> Quarantined and deleted successfully.
C:\Users\Rene\Desktop\Prototype Trainer.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\directory\CyberGate\install\server.exe (Trojan.PWS) -> Quarantined and deleted successfully.
C:\Users\Rene\AppData\Roaming\cglogs.dat (Malware.Trace) -> Quarantined and deleted successfully.

Dann brauch ich auch ein frisches OTL.txt

Hier das neue OTL:OTL Logfile:

Code: Alles auswählenAufklappen

ATTFilter

OTL logfile created on: 27.09.2010 18:11:23 - Run 1
OTL by OldTimer - Version 3.2.14.1     Folder = C:\René\Software
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18943)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 57,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 78,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 223,90 Gb Total Space | 127,44 Gb Free Space | 56,92% Space Free | Partition Type: NTFS
Drive D: | 8,98 Gb Total Space | 1,66 Gb Free Space | 18,47% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: RENE-PC
Current User Name: Rene
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Processes (SafeList) ==========
 
PRC - C:\René\Software\OTL.exe (OldTimer Tools)
PRC - C:\Windows\System32\Macromed\Flash\FlashUtil10i_ActiveX.exe (Adobe Systems, Inc.)
PRC - C:\Program Files\ICQ7.0\ICQ.exe (ICQ, LLC.)
PRC - C:\Program Files\Winamp\winampa.exe (Nullsoft, Inc.)
PRC - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia)
PRC - C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe (Nokia)
PRC - C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe (Nokia)
PRC - C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe (Nokia)
PRC - C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe (Nokia)
PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe (Nokia)
PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
PRC - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
PRC - C:\Program Files\phonostar\ps_timer.exe (phonostar)
PRC - C:\Windows\SMINST\BLService.exe ()
PRC - C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE (CANON INC.)
PRC - C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
PRC - C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation)
PRC - C:\Windows\System32\CNAB4RPK.EXE (CANON INC.)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\René\Software\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll (Microsoft Corporation)
MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (ServiceLayer) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia)
SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (SBSDWSCService) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
SRV - (Recovery Service for Windows) -- C:\Windows\SMINST\BLService.exe ()
SRV - (ezSharedSvc) -- C:\Windows\System32\ezsvc7.dll (EasyBits Sofware AS)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation)
SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (NwlnkFwd) -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- C:\Windows\System32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- C:\Windows\System32\DRIVERS\ipinip.sys File not found
DRV - (cpuz132) -- C:\Users\Rene\AppData\Local\Temp\cpuz132\cpuz132_x32.sys File not found
DRV - (UsbserFilt) -- C:\Windows\System32\drivers\usbser_lowerfltj.sys (Nokia)
DRV - (upperdev) -- C:\Windows\System32\drivers\usbser_lowerflt.sys (Nokia)
DRV - (nmwcdc) -- C:\Windows\System32\drivers\ccdcmbo.sys (Nokia)
DRV - (nmwcd) -- C:\Windows\System32\drivers\ccdcmb.sys (Nokia)
DRV - (nmwcdnsu) -- C:\Windows\System32\drivers\nmwcdnsu.sys (Nokia)
DRV - (nmwcdnsuc) -- C:\Windows\System32\drivers\nmwcdnsuc.sys (Nokia)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (winusb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (avgio) -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (hwdatacard) -- C:\Windows\System32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
DRV - (KMWDFILTER) -- C:\Windows\System32\drivers\KMWDFILTER.sys (Windows (R) Codename Longhorn DDK provider)
DRV - (CnxtHdAudService) -- C:\Windows\System32\drivers\CHDRT32.sys (Conexant Systems Inc.)
DRV - (pccsmcfd) -- C:\Windows\System32\drivers\pccsmcfd.sys (Nokia)
DRV - (RTSTOR) -- C:\Windows\System32\drivers\RTSTOR.sys (Realtek Semiconductor Corp.)
DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation                                            )
DRV - (NVHDA) -- C:\Windows\System32\drivers\nvhda32v.sys (NVIDIA Corporation)
DRV - (SynTP) -- C:\Windows\System32\drivers\SynTP.sys (Synaptics, Inc.)
DRV - (MegaSR) -- C:\Windows\system32\drivers\megasr.sys (LSI Corporation, Inc.)
DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Corporation)
DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)
DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (HSFHWAZL) -- C:\Windows\System32\drivers\VSTAZL3.SYS (Conexant Systems, Inc.)
DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (HSF_DPV) -- C:\Windows\System32\drivers\HSX_DPV.sys (Conexant Systems, Inc.)
DRV - (HSXHWAZL) -- C:\Windows\System32\drivers\HSXHWAZL.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\Windows\System32\drivers\HSX_CNXT.sys (Conexant Systems, Inc.)
DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio.sys (Conexant Systems, Inc.)
DRV - (HpqKbFiltr) -- C:\Windows\System32\drivers\HpqKbFiltr.sys (Hewlett-Packard Development Company, L.P.)
DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
DRV - (NVENETFD) -- C:\Windows\System32\drivers\nvm60x32.sys (NVIDIA Corporation)
DRV - (BCM43XV) -- C:\Windows\System32\drivers\BCMWL6.SYS (Broadcom Corporation)
DRV - (GT680xNT) -- C:\Windows\System32\drivers\Gt680x.sys (   )
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = Compaq Notebook | MSN
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Compaq Notebook | MSN
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = Compaq Notebook | MSN
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = iGoogle
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.selectedEngine: "ICQ Search"
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8
FF - prefs.js..extensions.enabledItems: fastYoutubeDownloader@yevgenyandrov.net:1.2.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: bkmrksync@nokia.com:1.0.0.723
FF - prefs.js..extensions.enabledItems: youtube2mp3@mondayx.de:1.0.7
FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=2.0.0.1&q="
 
FF - HKLM\software\mozilla\Firefox\Extensions\\bkmrksync@nokia.com: C:\Program Files\Nokia\Nokia PC Suite 7\bkmrksync\ [2010.05.15 17:35:22 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.09.23 09:27:57 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.09.23 09:27:57 | 000,000,000 | ---D | M]
 
[2009.12.15 12:44:28 | 000,000,000 | ---D | M] -- C:\Users\Rene\AppData\Roaming\mozilla\Extensions
[2010.09.26 16:41:54 | 000,000,000 | ---D | M] -- C:\Users\Rene\AppData\Roaming\mozilla\Firefox\Profiles\6ttrhcwv.default\extensions
[2010.08.11 19:19:28 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Rene\AppData\Roaming\mozilla\Firefox\Profiles\6ttrhcwv.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2010.07.12 19:50:42 | 000,000,000 | ---D | M] -- C:\Users\Rene\AppData\Roaming\mozilla\Firefox\Profiles\6ttrhcwv.default\extensions\fastYoutubeDownloader@yevgenyandrov.net
[2010.05.13 11:34:23 | 000,000,000 | ---D | M] -- C:\Users\Rene\AppData\Roaming\mozilla\Firefox\Profiles\6ttrhcwv.default\extensions\youtube2mp3@mondayx.de
[2010.09.22 11:27:02 | 000,000,961 | ---- | M] () -- C:\Users\Rene\AppData\Roaming\Mozilla\FireFox\Profiles\6ttrhcwv.default\searchplugins\icqplugin-1.xml
[2010.06.15 14:53:37 | 000,000,961 | ---- | M] () -- C:\Users\Rene\AppData\Roaming\Mozilla\FireFox\Profiles\6ttrhcwv.default\searchplugins\icqplugin-2.xml
[2010.04.16 19:41:18 | 000,000,955 | ---- | M] () -- C:\Users\Rene\AppData\Roaming\Mozilla\FireFox\Profiles\6ttrhcwv.default\searchplugins\icqplugin.xml
[2010.08.11 17:35:38 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2008.12.18 15:42:41 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2010.05.10 20:36:58 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010.08.11 17:35:38 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010.07.17 05:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2010.07.12 18:33:56 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npwachk.dll
[2010.09.23 09:27:48 | 000,001,392 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.09.23 09:27:48 | 000,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.09.23 09:27:48 | 000,006,805 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.09.23 09:27:48 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.09.23 09:27:48 | 000,000,801 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2007.12.11 13:50:52 | 000,000,847 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 81.169.180.144 Google
O1 - Hosts: 81.169.180.144 google.de
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (WinAVI FLVSense) - {E8DF67A1-B618-4F3F-9E7C-CBE175ADEF5B} - C:\Program Files\WinAVI FLV Converter\FLVTune.dll (ZJMedia)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [ Malwarebytes Anti-Malware  (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [Nokia FastStart] C:\Program Files\Nokia\Nokia Music\NokiaMusic.exe (Nokia)
O4 - HKLM..\Run: [NokiaMServer] C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe (Nokia)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [Performance Center] C:\Program Files\Ascentive\Performance Center\APCMain.exe File not found
O4 - HKLM..\Run: [UCam_Menu] C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe (Nullsoft, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation)
O4 - HKCU..\Run: [fsm]  File not found
O4 - HKCU..\Run: [ICQ] C:\Program Files\ICQ7.0\ICQ.exe (ICQ, LLC.)
O4 - HKCU..\Run: [msnmsgr] C:\Program Files\MSN Messenger\msnmsgr.exe File not found
O4 - HKCU..\Run: [PC Suite Tray] C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe (Nokia)
O4 - HKCU..\Run: [PhonostarTimer] C:\Program Files\phonostar\ps_timer.exe (phonostar)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
O4 - HKCU..\Run: [Uniblue RegistryBooster 2009] c:\program files\uniblue\registrybooster\StartRegistryBooster.exe File not found
O4 - Startup: C:\Users\Rene\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote Inhaltsverzeichnis.onetoc2 ()
O4 - Startup: C:\Users\Rene\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SendTo [2010.08.04 19:26:29 | 000,000,000 | ---D | M]
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files\ICQ7.0\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files\ICQ7.0\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: WinAVI FLV Manager - {DE365254-2F9B-4908-9E3A-7AAA6EC90BCC} - C:\Program Files\WinAVI FLV Converter\FLVTune.dll (ZJMedia)
O9 - Extra 'Tools' menuitem : WinAVI FLV Manager - {DE365254-2F9B-4908-9E3A-7AAA6EC90BCC} - C:\Program Files\WinAVI FLV Converter\FLVTune.dll (ZJMedia)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {888078C6-70B2-4F88-8EE7-1F50DDEA6120} https://as.photoprintit.de/ips-opdata/activex/ImageUploader6.cab (CeWe Color AG & Co. OHG Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAC677B6-4963-4305-9066-0BD135CD9233} https://as.photoprintit.de/ips-opdata/layout/default_cms01/activex/IPSUploader4.cab (IPSUploader4 Control)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} hxxp://icq.oberon-media.com/Gameshell/GameHost/1.0/OberonGameHost.cab (Oberon Flash Game Host)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Rene\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Rene\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{260268fc-ff78-11de-b175-001d7270c6ba}\Shell - "" = AutoRun
O33 - MountPoints2\{260268fc-ff78-11de-b175-001d7270c6ba}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found
O33 - MountPoints2\{2602694e-ff78-11de-b175-001d7270c6ba}\Shell - "" = AutoRun
O33 - MountPoints2\{2602694e-ff78-11de-b175-001d7270c6ba}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found
O33 - MountPoints2\{26026973-ff78-11de-b175-001d7270c6ba}\Shell - "" = AutoRun
O33 - MountPoints2\{26026973-ff78-11de-b175-001d7270c6ba}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found
O33 - MountPoints2\{26026975-ff78-11de-b175-001d7270c6ba}\Shell - "" = AutoRun
O33 - MountPoints2\{26026975-ff78-11de-b175-001d7270c6ba}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found
O33 - MountPoints2\{3e88c4be-29dc-11de-9cfb-001d7270c6ba}\Shell - "" = AutoRun
O33 - MountPoints2\{3e88c4be-29dc-11de-9cfb-001d7270c6ba}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -- File not found
O33 - MountPoints2\{640ae9f7-ff8a-11de-865c-001d7270c6ba}\Shell - "" = AutoRun
O33 - MountPoints2\{640ae9f7-ff8a-11de-865c-001d7270c6ba}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found
O33 - MountPoints2\{640aea0c-ff8a-11de-865c-001d7270c6ba}\Shell - "" = AutoRun
O33 - MountPoints2\{640aea0c-ff8a-11de-865c-001d7270c6ba}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found
O33 - MountPoints2\{640aea0e-ff8a-11de-865c-001d7270c6ba}\Shell - "" = AutoRun
O33 - MountPoints2\{640aea0e-ff8a-11de-865c-001d7270c6ba}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2010.09.27 09:57:44 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2010.09.27 09:43:13 | 000,000,000 | ---D | C] -- C:\Users\Rene\AppData\Roaming\Malwarebytes
[2010.09.27 09:43:06 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010.09.27 09:43:04 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010.09.27 09:43:04 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010.09.27 09:43:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010.09.26 17:41:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2010.09.26 17:41:41 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2010.09.26 16:13:38 | 012,049,864 | ---- | C] (Microsoft Corporation) -- C:\Users\Rene\Desktop\windows-kb890830-v3.10.exe
[2010.09.22 11:01:42 | 000,000,000 | ---D | C] -- C:\Program Files\LeechGet 2009 Downloadmanager
[2010.09.21 15:26:52 | 000,000,000 | ---D | C] -- C:\Users\Rene\AppData\Roaming\Software Informer
[2010.09.21 15:26:52 | 000,000,000 | ---D | C] -- C:\Program Files\Software Informer
[2010.09.19 17:04:33 | 000,000,000 | ---D | C] -- C:\Program Files\Plus!
[2010.09.19 17:00:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Driver Mender
[2010.09.16 09:59:13 | 000,000,000 | ---D | C] -- C:\Users\Rene\AppData\Roaming\install
[2010.09.15 15:58:30 | 000,317,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MP4SDECD.DLL
[2010.09.11 16:19:55 | 000,000,000 | ---D | C] -- C:\directory
[2008.11.15 11:20:03 | 000,017,932 | R--- | C] (   ) -- C:\Windows\System32\drivers\Gt680x.sys
 
========== Files - Modified Within 30 Days ==========
 
[2010.09.27 18:12:00 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010.09.27 18:11:42 | 003,932,160 | -HS- | M] () -- C:\Users\Rene\NTUSER.DAT
[2010.09.27 17:49:27 | 000,243,628 | ---- | M] () -- C:\ProgramData\nvModes.001
[2010.09.27 17:49:26 | 000,000,249 | ---- | M] () -- C:\Users\Public\Documents\hpqp.ini
[2010.09.27 17:49:25 | 000,243,628 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2010.09.27 17:49:18 | 000,001,088 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010.09.27 17:48:51 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.09.27 16:45:40 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010.09.27 16:45:40 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010.09.27 16:45:37 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010.09.27 16:45:30 | 3218,284,544 | -HS- | M] () -- C:\hiberfil.sys
[2010.09.27 16:44:27 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2010.09.27 16:44:21 | 000,524,288 | -HS- | M] () -- C:\Users\Rene\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regtrans-ms
[2010.09.27 16:44:21 | 000,065,536 | -HS- | M] () -- C:\Users\Rene\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2010.09.27 16:44:20 | 006,291,456 | -H-- | M] () -- C:\Users\Rene\AppData\Local\IconCache.db
[2010.09.27 15:07:23 | 000,000,424 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{36FF05EA-DA5C-4CA9-B1B8-91A9A37F64D5}.job
[2010.09.27 13:20:14 | 000,107,056 | ---- | M] () -- C:\Users\Rene\AppData\Local\GDIPFONTCACHEV1.DAT
[2010.09.27 13:18:31 | 000,391,616 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010.09.27 09:43:08 | 000,000,778 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.09.26 17:41:50 | 000,001,015 | ---- | M] () -- C:\Users\Rene\Desktop\Spybot - Search & Destroy.lnk
[2010.09.26 16:18:52 | 012,049,864 | ---- | M] (Microsoft Corporation) -- C:\Users\Rene\Desktop\windows-kb890830-v3.10.exe
[2010.09.17 18:05:24 | 000,118,272 | ---- | M] () -- C:\Users\Rene\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.09.16 14:38:28 | 001,472,816 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010.09.16 14:38:28 | 000,630,116 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2010.09.16 14:38:28 | 000,598,246 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010.09.16 14:38:28 | 000,127,146 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2010.09.16 14:38:28 | 000,105,388 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010.09.16 13:48:54 | 000,000,306 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2010.08.31 20:22:59 | 000,000,162 | -H-- | M] () -- C:\Users\Rene\Desktop\~$mplettlösung Prototype.docx
 
========== Files Created - No Company Name ==========
 
[2010.09.27 09:43:08 | 000,000,778 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.09.26 17:41:50 | 000,001,015 | ---- | C] () -- C:\Users\Rene\Desktop\Spybot - Search & Destroy.lnk
[2010.09.11 18:09:21 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2010.08.31 20:22:59 | 000,000,162 | -H-- | C] () -- C:\Users\Rene\Desktop\~$mplettlösung Prototype.docx
[2010.05.15 12:13:49 | 000,307,200 | ---- | C] () -- C:\Windows\System32\AscSQLite.dll
[2010.04.10 11:00:26 | 000,000,567 | ---- | C] () -- C:\Windows\wiso.ini
[2009.09.17 15:26:32 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009.08.03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009.06.22 15:12:58 | 000,000,632 | ---- | C] () -- C:\Windows\Sof2.INI
[2009.02.04 13:41:40 | 000,027,648 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll
[2009.02.03 19:13:50 | 000,010,871 | ---- | C] () -- C:\Users\Rene\AppData\Roaming\UserTile.png
[2009.01.23 19:42:36 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2008.12.27 16:17:47 | 000,000,196 | ---- | C] () -- C:\Windows\ulead32.ini
[2008.12.11 15:51:37 | 000,007,592 | ---- | C] () -- C:\Users\Rene\AppData\Local\d3d9caps.dat
[2008.11.20 16:02:49 | 000,138,184 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2008.11.19 19:40:46 | 000,043,520 | ---- | C] () -- C:\Windows\System32\CmdLineExt03.dll
[2008.11.15 11:20:03 | 000,000,114 | ---- | C] () -- C:\Windows\SCNDRVU.INI
[2008.11.15 11:20:01 | 000,011,776 | ---- | C] () -- C:\Windows\System32\pmsbfn32.dll
[2008.11.15 11:19:54 | 000,000,403 | ---- | C] () -- C:\Windows\umxaddin.ini
[2008.11.02 15:11:34 | 000,118,272 | ---- | C] () -- C:\Users\Rene\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.10.31 22:02:23 | 000,000,000 | ---- | C] () -- C:\Users\Rene\AppData\Local\FnF4.txt
[2008.10.30 18:41:55 | 000,000,274 | ---- | C] () -- C:\Users\Rene\AppData\Roaming\wklnhst.dat
[2008.10.30 18:34:28 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
[2008.10.30 15:17:18 | 000,000,000 | ---- | C] () -- C:\Users\Rene\AppData\Local\QSwitch.txt
[2008.10.30 15:17:18 | 000,000,000 | ---- | C] () -- C:\Users\Rene\AppData\Local\DSwitch.txt
[2008.10.30 15:17:18 | 000,000,000 | ---- | C] () -- C:\Users\Rene\AppData\Local\AtStart.txt
[2008.09.16 04:36:34 | 000,243,628 | ---- | C] () -- C:\ProgramData\nvModes.001
[2008.09.16 04:36:06 | 000,243,628 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.03.09 11:58:00 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2002.10.31 20:12:16 | 000,049,152 | R--- | C] () -- C:\Windows\AutoSet.dll
[2002.10.06 20:42:57 | 000,237,568 | ---- | C] () -- C:\Windows\System32\OggDS.dll
[2002.10.05 01:04:25 | 000,921,600 | ---- | C] () -- C:\Windows\System32\vorbisenc.dll
[2002.10.05 01:04:24 | 000,188,416 | ---- | C] () -- C:\Windows\System32\vorbis.dll
[2002.10.05 01:04:17 | 000,045,056 | ---- | C] () -- C:\Windows\System32\ogg.dll
< End of report >
         

--- --- ---

Beende alle Programme, starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code: Alles auswählenAufklappen

ATTFilter

:OTL
O4 - HKCU..\Run: [fsm]  File not found
O33 - MountPoints2\{260268fc-ff78-11de-b175-001d7270c6ba}\Shell - "" = AutoRun
O33 - MountPoints2\{260268fc-ff78-11de-b175-001d7270c6ba}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found
O33 - MountPoints2\{2602694e-ff78-11de-b175-001d7270c6ba}\Shell - "" = AutoRun
O33 - MountPoints2\{2602694e-ff78-11de-b175-001d7270c6ba}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found
O33 - MountPoints2\{26026973-ff78-11de-b175-001d7270c6ba}\Shell - "" = AutoRun
O33 - MountPoints2\{26026973-ff78-11de-b175-001d7270c6ba}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found
O33 - MountPoints2\{26026975-ff78-11de-b175-001d7270c6ba}\Shell - "" = AutoRun
O33 - MountPoints2\{26026975-ff78-11de-b175-001d7270c6ba}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found
O33 - MountPoints2\{3e88c4be-29dc-11de-9cfb-001d7270c6ba}\Shell - "" = AutoRun
O33 - MountPoints2\{3e88c4be-29dc-11de-9cfb-001d7270c6ba}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -- File not found
O33 - MountPoints2\{640ae9f7-ff8a-11de-865c-001d7270c6ba}\Shell - "" = AutoRun
O33 - MountPoints2\{640ae9f7-ff8a-11de-865c-001d7270c6ba}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found
O33 - MountPoints2\{640aea0c-ff8a-11de-865c-001d7270c6ba}\Shell - "" = AutoRun
O33 - MountPoints2\{640aea0c-ff8a-11de-865c-001d7270c6ba}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found
O33 - MountPoints2\{640aea0e-ff8a-11de-865c-001d7270c6ba}\Shell - "" = AutoRun
O33 - MountPoints2\{640aea0e-ff8a-11de-865c-001d7270c6ba}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found
[2008.11.15 11:20:01 | 000,011,776 | ---- | C] () -- C:\Windows\System32\pmsbfn32.dll
:Commands
[purity]
[resethosts]
[emptytemp]
         

Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Also kann google.de wiieder eintippen und es funktioniert. Hier die Logdatei. Wie kann ich mich am besten vor sowas wieder schützen? Habe Antivir immer laufen und den Windowsdefender.

All processes killed
========== OTL ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\fsm deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{260268fc-ff78-11de-b175-001d7270c6ba}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{260268fc-ff78-11de-b175-001d7270c6ba}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{260268fc-ff78-11de-b175-001d7270c6ba}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{260268fc-ff78-11de-b175-001d7270c6ba}\ not found.
File F:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2602694e-ff78-11de-b175-001d7270c6ba}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2602694e-ff78-11de-b175-001d7270c6ba}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2602694e-ff78-11de-b175-001d7270c6ba}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2602694e-ff78-11de-b175-001d7270c6ba}\ not found.
File F:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{26026973-ff78-11de-b175-001d7270c6ba}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{26026973-ff78-11de-b175-001d7270c6ba}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{26026973-ff78-11de-b175-001d7270c6ba}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{26026973-ff78-11de-b175-001d7270c6ba}\ not found.
File F:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{26026975-ff78-11de-b175-001d7270c6ba}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{26026975-ff78-11de-b175-001d7270c6ba}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{26026975-ff78-11de-b175-001d7270c6ba}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{26026975-ff78-11de-b175-001d7270c6ba}\ not found.
File F:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3e88c4be-29dc-11de-9cfb-001d7270c6ba}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3e88c4be-29dc-11de-9cfb-001d7270c6ba}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3e88c4be-29dc-11de-9cfb-001d7270c6ba}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3e88c4be-29dc-11de-9cfb-001d7270c6ba}\ not found.
File G:\LaunchU3.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{640ae9f7-ff8a-11de-865c-001d7270c6ba}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{640ae9f7-ff8a-11de-865c-001d7270c6ba}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{640ae9f7-ff8a-11de-865c-001d7270c6ba}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{640ae9f7-ff8a-11de-865c-001d7270c6ba}\ not found.
File F:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{640aea0c-ff8a-11de-865c-001d7270c6ba}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{640aea0c-ff8a-11de-865c-001d7270c6ba}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{640aea0c-ff8a-11de-865c-001d7270c6ba}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{640aea0c-ff8a-11de-865c-001d7270c6ba}\ not found.
File F:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{640aea0e-ff8a-11de-865c-001d7270c6ba}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{640aea0e-ff8a-11de-865c-001d7270c6ba}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{640aea0e-ff8a-11de-865c-001d7270c6ba}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{640aea0e-ff8a-11de-865c-001d7270c6ba}\ not found.
File F:\AutoRun.exe not found.
C:\Windows\System32\pmsbfn32.dll moved successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Gast
->Temp folder emptied: 10892884 bytes
->Temporary Internet Files folder emptied: 13204291 bytes
->Java cache emptied: 43573243 bytes
->FireFox cache emptied: 32632114 bytes
->Flash cache emptied: 5239 bytes

User: Public

User: Rene
->Temp folder emptied: 21805056 bytes
->Temporary Internet Files folder emptied: 690520929 bytes
->Java cache emptied: 67734618 bytes
->FireFox cache emptied: 90232072 bytes
->Opera cache emptied: 5404880 bytes
->Flash cache emptied: 57288 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 123103837 bytes
RecycleBin emptied: 5623391535 bytes

Total Files Cleaned = 6.411,00 mb


OTL by OldTimer - Version 3.2.14.1 log created on 09282010_172626

Files\Folders moved on Reboot...
C:\Users\Rene\AppData\Local\Temp\ehmsas.txt moved successfully.
C:\Users\Rene\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\XRL9RRAV\ads[1].htm moved successfully.
C:\Users\Rene\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\L8FHLMF3\91160-antivir-fund-java-c-2009-3867-eh[1].html moved successfully.
C:\Users\Rene\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\G0J9D1NV\ads[1].htm moved successfully.
C:\Users\Rene\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\42AYDT2R\ads[1].htm moved successfully.
C:\Users\Rene\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat moved successfully.

Registry entries deleted on Reboot...

Ich brauch den Quarantäneordner von OTL. Bitte folgendes machen:

1.) GANZ WICHTIG!! Virenscanner deaktivieren, der darf da nicht rummurksen!
2.) Ordner C:\_OTL in eine Datei zippen
3.) Die erstellte ZIP-Datei hier hochladen => http://www.trojaner-board.de/54791-a...ner-board.html
4.) Wenns erfolgreich war Bescheid sagen
5.) Erst dann wieder den Virenscanner einschalten

So OTL Datei is auf dem Server drauf.

Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix

• Lade dir ComboFix hier herunter auf deinen Desktop. Benenne es beim Runterladen um in cofi.exe.

• Dann folgende Anleitung durchlesen und abarbeiten -> CCleaner Systembereinigung

• Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.

• Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
  Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.

• Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.

Wichtiger Hinweis:

Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Das kam heraus:

Combofix Logfile:

Code: Alles auswählenAufklappen

ATTFilter

ComboFix 10-09-29.04 - Rene 30.09.2010  18:08:36.1.2 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.49.1031.18.3068.1796 [GMT 2:00]
ausgeführt von:: c:\users\Rene\Desktop\cofi.exe
SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\Rene\AppData\Roaming\Desktopicon

.
(((((((((((((((((((((((   Dateien erstellt von 2010-08-28 bis 2010-09-30  ))))))))))))))))))))))))))))))
.

2010-09-30 16:15 . 2010-09-30 16:15	--------	d-----w-	c:\users\Gast\AppData\Local\temp
2010-09-30 16:15 . 2010-09-30 16:15	--------	d-----w-	c:\users\Default\AppData\Local\temp
2010-09-29 13:37 . 2010-06-22 13:30	2048	----a-w-	c:\windows\system32\tzres.dll
2010-09-28 15:26 . 2010-09-28 15:26	--------	d-----w-	C:\_OTL
2010-09-27 07:43 . 2010-09-27 07:43	--------	d-----w-	c:\users\Rene\AppData\Roaming\Malwarebytes
2010-09-27 07:43 . 2010-04-29 10:19	38224	----a-w-	c:\windows\system32\drivers\mbamswissarmy.sys
2010-09-27 07:43 . 2010-09-27 07:43	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2010-09-27 07:43 . 2010-09-27 07:43	--------	d-----w-	c:\programdata\Malwarebytes
2010-09-27 07:43 . 2010-04-29 10:19	20952	----a-w-	c:\windows\system32\drivers\mbam.sys
2010-09-26 15:41 . 2010-09-26 16:48	--------	d-----w-	c:\programdata\Spybot - Search & Destroy
2010-09-26 15:41 . 2010-09-26 15:41	--------	d-----w-	c:\program files\Spybot - Search & Destroy
2010-09-22 09:01 . 2010-09-23 07:22	--------	d-----w-	c:\program files\LeechGet 2009 Downloadmanager
2010-09-21 13:26 . 2010-09-21 13:26	--------	d-----w-	c:\users\Rene\AppData\Roaming\Software Informer
2010-09-21 13:26 . 2010-09-21 13:26	--------	d-----w-	c:\program files\Software Informer
2010-09-19 15:04 . 2010-09-19 15:27	--------	d-----w-	c:\program files\Plus!
2010-09-19 15:00 . 2010-09-19 15:00	--------	d-----w-	c:\programdata\Driver Mender
2010-09-16 07:59 . 2010-09-27 14:42	--------	d-----w-	c:\users\Rene\AppData\Roaming\install
2010-09-15 13:58 . 2010-08-17 14:11	128000	----a-w-	c:\windows\system32\spoolsv.exe
2010-09-15 13:58 . 2010-04-16 16:46	502272	----a-w-	c:\windows\system32\usp10.dll
2010-09-15 13:58 . 2010-05-27 20:08	739328	----a-w-	c:\windows\system32\inetcomm.dll
2010-09-15 13:58 . 2010-04-05 17:02	317952	----a-w-	c:\windows\system32\MP4SDECD.DLL
2010-09-11 14:19 . 2010-09-27 14:42	--------	d-----w-	C:\directory

.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-30 16:06 . 2008-10-30 13:31	--------	d-----w-	c:\users\Rene\AppData\Roaming\ICQ
2010-09-30 13:40 . 2008-09-16 02:36	243628	----a-w-	c:\programdata\nvModes.dat
2010-09-29 18:16 . 2010-05-21 22:40	12	----a-w-	c:\windows\bthservsdp.dat
2010-09-29 15:50 . 2008-12-26 16:21	--------	d-----w-	c:\program files\Microsoft Silverlight
2010-09-29 13:47 . 2009-05-15 16:04	--------	d-----w-	c:\users\Rene\AppData\Roaming\Winamp
2010-09-28 13:22 . 2009-11-02 12:46	--------	d-----w-	c:\program files\Google
2010-09-28 13:21 . 2008-10-30 13:17	107056	----a-w-	c:\users\Rene\AppData\Local\GDIPFONTCACHEV1.DAT
2010-09-27 07:57 . 2010-03-17 19:22	--------	d-----r-	c:\program files\Skype
2010-09-27 07:33 . 2008-07-08 03:42	--------	d--h--w-	c:\program files\InstallShield Installation Information
2010-09-21 12:43 . 2009-12-29 13:15	--------	d-----w-	c:\program files\JDownloader
2010-09-18 16:03 . 2009-01-23 17:35	--------	d-----w-	c:\users\Rene\AppData\Roaming\phonostar-Player
2010-09-16 12:38 . 2008-07-08 13:14	630116	----a-w-	c:\windows\system32\perfh007.dat
2010-09-16 12:38 . 2008-07-08 13:14	127146	----a-w-	c:\windows\system32\perfc007.dat
2010-09-15 13:59 . 2006-11-02 11:18	--------	d-----w-	c:\program files\Windows Mail
2010-09-06 20:25 . 2010-03-17 19:23	--------	d-----w-	c:\users\Rene\AppData\Roaming\Skype
2010-09-06 20:24 . 2010-03-17 19:25	--------	d-----w-	c:\users\Rene\AppData\Roaming\skypePM
2010-08-24 13:28 . 2010-02-14 11:44	--------	d-----w-	c:\program files\ICQ7.0
2010-08-11 15:40 . 2008-07-08 04:25	--------	d-----w-	c:\program files\Microsoft Works
2010-08-11 15:39 . 2008-07-08 04:37	--------	d-----w-	c:\programdata\Microsoft Help
2010-08-11 15:36 . 2008-07-08 04:59	--------	d-----w-	c:\program files\Common Files\Java
2010-08-11 15:35 . 2008-07-08 04:59	--------	d-----w-	c:\program files\Java
2010-08-08 09:23 . 2010-08-08 09:23	--------	d-----w-	c:\program files\Common Files\Windows Live
2010-08-08 09:17 . 2010-08-08 08:53	--------	d-----w-	c:\program files\Avidemux 2.5
2010-08-06 16:49 . 2006-11-02 10:25	51200	----a-w-	c:\windows\Inf\infpub.dat
2010-08-06 16:49 . 2006-11-02 10:25	143360	----a-w-	c:\windows\Inf\infstrng.dat
2010-08-05 14:13 . 2010-08-05 14:02	--------	d-----w-	c:\program files\NCH Software
2010-08-05 14:05 . 2010-08-05 14:02	--------	d-----w-	c:\users\Rene\AppData\Roaming\NCH Software
2010-08-05 13:54 . 2010-08-05 13:54	--------	d-----w-	c:\programdata\VideoConverter
2010-08-04 17:26 . 2009-02-04 12:04	--------	d-----w-	c:\program files\AVS4YOU
2010-08-04 17:26 . 2009-02-04 12:04	--------	d-----w-	c:\program files\Common Files\AVSMedia
2010-08-03 17:08 . 2010-08-03 17:05	--------	d-----w-	c:\users\Rene\AppData\Roaming\avidemux
2010-08-03 16:52 . 2008-10-30 18:47	--------	d-----w-	c:\program files\Common Files\DVDVideoSoft
2010-07-24 08:44 . 2010-07-24 08:44	257257	----a-w-	c:\users\Rene\AppData\Roaming\OpenCandy\OpenCandy_9CD2E6BDA6E9487584F3CE67F1A0E577\DLMgr3WrapperUniBlue.exe
2010-07-17 03:00 . 2010-05-10 18:36	423656	----a-w-	c:\windows\system32\deployJava1.dll
2010-07-11 07:43 . 2009-01-25 11:23	680	----a-w-	c:\users\Gast\AppData\Local\d3d9caps.dat
2008-07-08 13:17 . 2008-07-08 13:17	8192	--sha-w-	c:\windows\Users\Default\NTUSER.DAT
.

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-02-26 2289664]
"PhonostarTimer"="c:\program files\phonostar\ps_timer.exe" [2008-09-19 126976]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2009-11-11 1451520]
"ICQ"="c:\program files\ICQ7.0\ICQ.exe" [2010-08-22 133432]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NokiaMServer"="c:\program files\Common Files\Nokia\MPlatform\NokiaMServer" [X]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-04-17 1049896]
"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2007-12-24 222504]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2008-06-11 468264]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-05-12 202032]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-04-15 70912]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2008-04-15 488752]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdSync.exe" [2008-01-21 215552]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2008-03-10 689488]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2008-03-03 1848648]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2010-07-12 74752]
"Nokia FastStart"="c:\program files\Nokia\Nokia Music\NokiaMusic.exe" [2009-02-26 2376992]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-10-03 13826664]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
" Malwarebytes Anti-Malware  (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-04-29 1090952]

c:\users\Rene\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote Inhaltsverzeichnis.onetoc2 [2010-4-2 3656]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Action Manager 32.lnk - c:\program files\ScannerU\AM32.exe [2008-11-15 69632]
Canon LBP2900 Statusfenster.lnk - c:\windows\System32\spool\drivers\w32x86\3\CNAB4LAK.EXE [2008-10-31 50848]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2009-11-02 133104]
R3 GT680xNT;USB Scanner Driver;c:\windows\system32\drivers\gt680x.sys [2002-10-04 17932]
R3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2010-02-26 137344]
R3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [2010-02-26 8320]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2009-06-09 108289]
S2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe [2008-01-21 21504]
S2 Recovery Service for Windows;Recovery Service for Windows;c:\windows\SMINST\BLService.exe [2008-04-25 361808]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2008-04-03 193840]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2008-06-09 43040]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WindowsMobile	REG_MULTI_SZ   	wcescomm rapimgr
LocalServiceRestricted	REG_MULTI_SZ   	WcesComm RapiMgr
LocalServiceAndNoImpersonation	REG_MULTI_SZ   	FontCache
bthsvcs	REG_MULTI_SZ   	BthServ

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
ezSharedSvc

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-02-26 12:06	451872	----a-w-	c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Inhalt des "geplante Tasks" Ordners

2010-09-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-11-02 12:45]

2010-09-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-11-02 12:45]

2010-09-29 c:\windows\Tasks\User_Feed_Synchronization-{36FF05EA-DA5C-4CA9-B1B8-91A9A37F64D5}.job
- c:\windows\system32\msfeedssync.exe [2010-08-11 04:24]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.com/ig?hl=de
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=83&bd=Presario&pf=cnnb
IE: &Download FLV by WinAVI... - c:\program files\WinAVI FLV Converter\flv_link.htm
IE: Mit dem LeechGet Wizard laden - file://c:\program files\LeechGet 2009 Downloadmanager\\Wizard.html
IE: Mit LeechGet herunterladen - file://c:\program files\LeechGet 2009 Downloadmanager\\AddUrl.html
IE: Mit LeechGet parsen - file://c:\program files\LeechGet 2009 Downloadmanager\\Parser.html
IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~3\Office10\EXCEL.EXE/3000
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
DPF: {888078C6-70B2-4F88-8EE7-1F50DDEA6120} - hxxps://as.photoprintit.de/ips-opdata/activex/ImageUploader6.cab
FF - ProfilePath - c:\users\Rene\AppData\Roaming\Mozilla\Firefox\Profiles\6ttrhcwv.default\
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=2.0.0.1&q=
FF - component: c:\program files\Nokia\Nokia PC Suite 7\bkmrksync\components\BkMrkExt.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npwachk.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX Richtlinien ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true); 
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); 
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -

HKCU-Run-Uniblue RegistryBooster 2009 - c:\program files\uniblue\registrybooster\StartRegistryBooster.exe
HKCU-Run-msnmsgr - c:\program files\MSN Messenger\msnmsgr.exe
HKLM-Run-Performance Center - c:\program files\Ascentive\Performance Center\APCMain.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2010-09-30 18:16
Windows 6.0.6002 Service Pack 2 NTFS

Scanne versteckte Prozesse... 

Scanne versteckte Autostarteinträge... 

HKCU\Software\Microsoft\Windows\CurrentVersion\Run
  msnmsgr = "c:\program files\MSN Messenger\msnmsgr.exe" /background???e 

Scanne versteckte Dateien... 

Scan erfolgreich abgeschlossen
versteckte Dateien: 0

**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------

[HKEY_USERS\S-1-5-21-962925252-1113572991-733572080-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
"??"=hex:06,bd,d6,3e,76,54,b6,11,ee,4e,46,ad,c6,3e,f7,04,ad,8e,a1,cc,ad,2b,6f,
   0c,c3,42,31,9e,bc,ad,be,d9,81,8f,32,c5,f2,28,9d,e5,0e,97,2d,31,24,24,cb,5c,\
"??"=hex:77,58,89,ab,98,83,9b,fa,55,92,e3,09,b9,ee,72,ad

[HKEY_USERS\S-1-5-21-962925252-1113572991-733572080-1000\Software\SecuROM\License information*]
@Allowed: (Read) (RestrictedCode)
"datasecu"=hex:5f,91,a6,76,3c,1f,a1,26,3e,36,84,c1,bf,d9,11,7f,3a,dd,f0,36,ab,
   10,b9,7d,6a,ce,01,62,b1,74,0c,33,58,94,c6,78,85,7e,8c,37,24,e7,ba,83,dd,cb,\
"rkeysecu"=hex:c1,7f,04,6a,c6,b8,c2,2f,ba,59,ac,4e,07,b0,24,b1

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Zeit der Fertigstellung: 2010-09-30  18:19:57
ComboFix-quarantined-files.txt  2010-09-30 16:19

Vor Suchlauf: 14 Verzeichnis(se), 144.488.185.856 Bytes frei
Nach Suchlauf: 19 Verzeichnis(se), 144.423.591.936 Bytes frei

- - End Of File - - 83748C7EA2913CF2A53B87D87C0E2C38
         

--- --- ---