opachki. ru von spybot gefunden, ...und jetzt?

huhu77 · 07.03.2011, 13:03

Hallo allerseits...

mich hats nun auch getrofen, der Trojaner opachki.ru.

Spybot hats gefunden.OTL Logfile:

Code:

ATTFilter

OTL Extras logfile created on: 07.03.2011 12:49:34 - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\...\Desktop
Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18904)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 57,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 80,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 216,41 Gb Total Space | 114,94 Gb Free Space | 53,11% Space Free | Partition Type: NTFS
Drive D: | 107,22 Gb Total Space | 101,95 Gb Free Space | 95,08% Space Free | Partition Type: NTFS
 
Computer Name: ...-PC | User Name: ... | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- C:\Program Files\Opera\Opera.exe (Opera Software)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [CEWE FOTOSCHAU] -- "C:\Program Files\SCHLECKER\SCHLECKER Foto Digital Service\CEWE FOTOSCHAU.exe" -d "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [SCHLECKER Foto Digital Service] -- "C:\Program Files\SCHLECKER\SCHLECKER Foto Digital Service\SCHLECKER Foto Digital Service.exe" "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent
"C:\Program Files\PPMate\ppmate.exe" = C:\Program Files\PPMate\ppmate.exe:*:Enabled:PPMate
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{010D6E21-624C-49C8-A185-7E3915746DC4}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{0CBB024B-A5BF-4CDE-A37C-06A32DAB1F7A}" = rport=138 | protocol=17 | dir=out | app=system | 
"{172D672D-7469-43D2-9D1A-5E79182BA05B}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{468F5A57-D086-4170-ACED-85514F2B843D}" = lport=445 | protocol=6 | dir=in | app=system | 
"{6AC1E57E-59E9-49A0-B37C-F7CBBD2C192D}" = lport=138 | protocol=17 | dir=in | app=system | 
"{6F23C55F-7637-495D-8E30-321269013A9F}" = rport=137 | protocol=17 | dir=out | app=system | 
"{78901B26-88E4-4CB2-B8B2-3ACD86FD695F}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{79E81E19-0CE0-4E94-AF59-FEADE1877EA5}" = rport=445 | protocol=6 | dir=out | app=system | 
"{98EC0149-C06C-4C19-BB08-DEC5A4ADC26E}" = rport=2869 | protocol=6 | dir=out | app=system | 
"{9A83A274-B035-43D1-850F-C5271D685859}" = lport=137 | protocol=17 | dir=in | app=system | 
"{A7DC0CC3-29CA-4099-9464-A655F6CC63D0}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{BC0811D3-F316-47A6-A02C-52988F3AA1A1}" = rport=139 | protocol=6 | dir=out | app=system | 
"{C99D8325-F544-4DA5-868D-AF6EA774A772}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{D2FDBC22-B0AF-41D3-B2A9-D70B9402B9A5}" = lport=139 | protocol=6 | dir=in | app=system | 
"{D3ACE1C2-EA7F-47AB-A65C-FC2051E6289A}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{F1E5CB36-B121-48FB-AB0A-EBF841B2AD31}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{F50F1EA9-29DD-4F0F-A452-14CC723963DC}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{FCB6270B-2E62-45C3-A957-30C623F41973}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{010EEE23-306B-4C54-BA0E-0105A63946CC}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{0758B5B6-BEF5-4C43-87C6-BF1A36884742}" = protocol=17 | dir=in | app=c:\program files\bittorrent\bittorrent.exe | 
"{08266D55-35CE-4E8F-AF0E-BC8013B87E9B}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{1B674786-924D-4523-B88C-C1F4F36AC3CF}" = protocol=17 | dir=in | app=c:\program files\dna\btdna.exe | 
"{39B5BDCB-7686-4C33-BC5C-1C99D82F8D1E}" = protocol=6 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsvsvr.exe | 
"{4D9FAD1F-2B3B-4549-A826-4631013534AB}" = protocol=17 | dir=in | app=c:\program files\dna\btdna.exe | 
"{516B0454-19E6-4E9E-8A06-844055B9174A}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{52930E3F-F52F-428C-A5B1-25F6F4AEA63B}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{57F6A2EC-1EE6-4AEE-806F-3B7850C966E1}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe | 
"{7BC98420-D6F7-4E5E-B5EB-44F883875D4E}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe | 
"{7FF79F4E-0279-4736-A8BE-12B639691605}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{81D24256-0E59-4AD8-961C-75AAD75C31AD}" = protocol=6 | dir=in | app=c:\program files\dna\btdna.exe | 
"{84B82576-D60F-4BA2-A37F-F9B7CF26FCE8}" = protocol=17 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsasvr.exe | 
"{8E8732F7-CA2F-4CE3-89C1-B63AA51AD866}" = protocol=6 | dir=in | app=c:\program files\dna\btdna.exe | 
"{A05BF75F-12A4-4527-B586-F144E776DFCE}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{AA887DB9-684E-45EC-AC9C-13FEE26DBD37}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{ACE45AF4-4860-4B0A-9315-D0397DBC7EDB}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{B546A9DB-350F-4124-B413-A2793CDECC1A}" = protocol=17 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsvsvr.exe | 
"{B5A7970A-6ED6-4FBE-9943-E9E327043C32}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 | 
"{D1276383-FD7E-47E4-A7FF-E1EF8DC6DE74}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{D4791408-DD27-4D6D-947F-CD76B302F7BD}" = protocol=6 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsasvr.exe | 
"{D85A4693-3816-4372-BEE9-2A7D491ED95D}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{EA4D7B6E-5D29-4A43-827D-09581FAB802A}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{EA924993-4F40-4C75-8C6A-4BD5FE75772E}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{FBA072CD-9B21-4077-93DD-45D73F2BB8D0}" = protocol=6 | dir=in | app=c:\program files\bittorrent\bittorrent.exe | 
"TCP Query User{0C382028-11DE-4859-97F4-D7E329222621}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"TCP Query User{1F636255-F48C-4C5A-862A-4A3CA30A6AA1}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe | 
"TCP Query User{227A41E3-98CF-4F62-9348-B0B5E61F1168}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"TCP Query User{3605DED0-C96C-4B83-80D9-BE2B5EDC32F9}C:\users\...\program files\dna\btdna.exe" = protocol=6 | dir=in | app=c:\users\...\program files\dna\btdna.exe | 
"TCP Query User{4DA1766C-96B9-414E-8FDA-786493B2A55B}C:\program files\real\realplayer\realplay.exe" = protocol=6 | dir=in | app=c:\program files\real\realplayer\realplay.exe | 
"TCP Query User{5EFE78A8-F5C5-4523-881F-CBBCA6883D29}C:\program files\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\sopcast.exe | 
"TCP Query User{6A43044B-0913-476E-B4CE-739995181E16}C:\program files\java\jre6\launch4j-tmp\jdownloader.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\launch4j-tmp\jdownloader.exe | 
"TCP Query User{73B009B5-88FB-4C96-8582-7BEF54B29A45}C:\users\...\program files\dna\btdna.exe" = protocol=6 | dir=in | app=c:\users\...\program files\dna\btdna.exe | 
"TCP Query User{87349566-A720-40FA-B923-25BA43A2B6A2}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
"TCP Query User{94A203CE-8553-429F-933C-1DF74469F5D8}C:\program files\bittorrent\bittorrent.exe" = protocol=6 | dir=in | app=c:\program files\bittorrent\bittorrent.exe | 
"TCP Query User{96B0D737-0446-473F-8084-64A8DFF72CB9}C:\program files\opera\opera.exe" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe | 
"TCP Query User{AC2C487D-A865-4DA7-983E-245EC99A7CF7}C:\program files\microsoft office\office12\powerpnt.exe" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\powerpnt.exe | 
"TCP Query User{C0B9C698-1E59-47E7-9067-D84FF60B2CCD}C:\program files\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe | 
"TCP Query User{F7B2F724-1CD1-40AD-AAC3-695D67315933}C:\program files\opera\opera.exe" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe | 
"TCP Query User{FF9D9A83-D3C4-4930-9223-9FF01621E951}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"UDP Query User{0518C303-1910-4D55-8DFD-C6BF85617506}C:\program files\bittorrent\bittorrent.exe" = protocol=17 | dir=in | app=c:\program files\bittorrent\bittorrent.exe | 
"UDP Query User{06BE8B76-BF85-4EB0-8275-F9FC8F312DE5}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
"UDP Query User{19C83AC7-AD28-46C7-A947-C50999221E82}C:\program files\opera\opera.exe" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe | 
"UDP Query User{2F582C81-254D-413D-BBFD-BD5E5F68050B}C:\users\...\program files\dna\btdna.exe" = protocol=17 | dir=in | app=c:\users\...\program files\dna\btdna.exe | 
"UDP Query User{2FFBF651-3226-4F3C-91D2-C887C71DE76E}C:\program files\opera\opera.exe" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe | 
"UDP Query User{3F8CECC7-E1D0-4151-B4D6-C92308E4D26A}C:\program files\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\sopcast.exe | 
"UDP Query User{61AB306E-D522-4BB4-B5B7-5AFD947ECAF6}C:\program files\microsoft office\office12\powerpnt.exe" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\powerpnt.exe | 
"UDP Query User{7D6A8E49-9D0B-4A9E-B3C4-DD330AC3EE6C}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"UDP Query User{88E6709F-ADED-4E74-80CB-5588AB3E0310}C:\users\...\program files\dna\btdna.exe" = protocol=17 | dir=in | app=c:\users\...\program files\dna\btdna.exe | 
"UDP Query User{90ED0211-19A8-429D-BBCF-ACF19BD495F0}C:\program files\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe | 
"UDP Query User{A969896E-D34C-4E5F-AB41-0988B0A361C4}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"UDP Query User{BAA9EC1E-830E-4BD8-9D60-510F88E085CD}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"UDP Query User{D560EDA1-51B3-46D1-A671-CAE50F991844}C:\program files\real\realplayer\realplay.exe" = protocol=17 | dir=in | app=c:\program files\real\realplayer\realplay.exe | 
"UDP Query User{F0F2EC9C-127C-4B2A-816E-FB6594CC3256}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe | 
"UDP Query User{FED1303B-15D2-4BAD-ABF2-763248A59BC7}C:\program files\java\jre6\launch4j-tmp\jdownloader.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\launch4j-tmp\jdownloader.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{09298F26-A95C-31E2-9D95-2C60F586F075}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP630_series" = Canon MP630 series MP Drivers
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 18
"{2B7E4354-0492-460A-BDB1-1F59EE141025}" = AirPlus XtremeG DWL-G122
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4C590030-7469-453E-8589-D15DA9D03F52}" = ANIWZCS2 Service
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5F753314-628E-4C13-B8AE-BFA7FD514CBE}" = D-Link Wireless G DWL-G122_DWA-110
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6CA1F93A-C651-4BED-8867-9385DC8D82B5}" = GoGear SA19xx Device Manager
"{70AB1576-7883-2313-C650-7A71270B1031}" = Nero 7 Ultra Edition
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{774088D4-0777-4D78-904D-E435B318F5D2}" = Microsoft Antimalware
"{7782916E-3D46-4F1F-AC4B-3FB9D17049F4}" = Microsoft Antimalware Service DE-DE Language Pack
"{77A776C4-D10F-416D-88F0-53F2D9DCD9B3}" = Microsoft Security Client
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{81063354-9060-42B2-A000-1EBE96778AA9}" = iTunes
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{859B9BCA-5376-4566-9F88-C6C9DAA7A925}" = Microsoft Security Client DE-DE Language Pack
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0045-0000-0000-0000000FF1CE}" = Microsoft Expression Web 2
"{90120000-0045-0000-0000-0000000FF1CE}_XWeb_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0045-0407-0000-0000000FF1CE}" = Microsoft Expression Web 2 MUI (German)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{94D66D71-12F0-48A5-B46A-D4B835A0F1B7}" = FirstSteps Diagnostics
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A0B139A7-E8D5-49E8-A7BF-12421E652208}" = pdfforge Toolbar v4.3
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AC76BA86-7AD7-1031-7B44-A82000000003}" = Adobe Reader 8.2.6 - Deutsch
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B8281D46-D846-4BB9-BC84-F1115A7BF820}" = Maxtor Manager
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CF35000B-8247-449B-85C9-D9C2A5936683}" = GoGear SA19xx Device Manager
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Anti-Twin 2009-04-12 06.58.41" = Anti-Twin (Installation 14.07.2009)
"AviSynth" = AviSynth 2.5
"Canon MP630 series Benutzerregistrierung" = Canon MP630 series Benutzerregistrierung
"CanonMyPrinter" = Canon Utilities My Printer
"CanonSolutionMenu" = Canon Utilities Solution Menu
"CCleaner" = CCleaner
"ElsterFormular 11.5.1.4843" = ElsterFormular
"FLV Player" = FLV Player 2.0 (build 25)
"Google Updater" = Google Updater
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{B8281D46-D846-4BB9-BC84-F1115A7BF820}" = Maxtor Manager
"McAfee Security Scan" = McAfee Security Scan Plus
"MediaNavigation.CDLabelPrint" = CD-LabelPrint
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Security Client" = Microsoft Security Essentials
"Mozilla Firefox (3.6.15)" = Mozilla Firefox (3.6.15)
"MP Navigator EX 2.0" = Canon MP Navigator EX 2.0
"NVIDIA Drivers" = NVIDIA Drivers
"Opera 11.01.1190" = Opera 11.01
"PeerGuardian_is1" = PeerGuardian 2.0
"Recuva" = Recuva
"SCHLECKER Foto Digital Service" = SCHLECKER Foto Digital Service
"Universal Document Converter_is1" = Universal Document Converter (Demo)
"VLC media player" = VideoLAN VLC media player 0.8.6f
"VN_VUIns_Rhine_VIA" = VIA Rhine Family Fast Ethernet Adapter
"WinPcapInst" = WinPcap 4.0.2
"WinRAR archiver" = WinRAR
"XWeb" = Microsoft Expression Web 2
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
 
========== Last 10 Event Log Errors ==========
 
Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!
 
< End of report >

--- --- ---

OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 07.03.2011 12:49:34 - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\...\Desktop
Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18904)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 57,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 80,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 216,41 Gb Total Space | 114,94 Gb Free Space | 53,11% Space Free | Partition Type: NTFS
Drive D: | 107,22 Gb Total Space | 101,95 Gb Free Space | 95,08% Space Free | Partition Type: NTFS
 
Computer Name: ...-PC | User Name: ... | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\...\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Programme\Common Files\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.)
PRC - C:\Programme\Application Updater\ApplicationUpdater.exe (Spigot, Inc.)
PRC - C:\Programme\Microsoft Security Client\msseces.exe (Microsoft Corporation)
PRC - c:\Programme\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
PRC - C:\Programme\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.)
PRC - C:\Programme\ANI\ANIWZCS2 Service\WZCSLDR2.exe (Wireless Service)
PRC - C:\Programme\D-Link\DWL-G122_DWA-110\AirGCFG.exe (D-Link Corp.)
PRC - C:\Windows\System32\ANIWConnService.exe ()
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Spybot - Search & Destroy\SpybotSD.exe (Safer Networking Limited)
PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation)
PRC - C:\Programme\Canon\MyPrinter\BJMYPRT.EXE (CANON INC.)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Programme\Maxtor\Sync\SyncServices.exe (Seagate Technology LLC)
PRC - C:\Programme\Maxtor\OneTouch Status\MaxMenuMgr.exe (Maxtor Corporation)
PRC - C:\FirstSteps\OnlineDiagnostic\TestManager\TestHandler.exe (Fujitsu Siemens Computers)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\...\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6000.20656_none_463680b8218be5a3\comctl32.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (Application Updater) -- C:\Program Files\Application Updater\ApplicationUpdater.exe (Spigot, Inc.)
SRV - (MsMpSvc) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
SRV - (McComponentHostService) -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe (McAfee, Inc.)
SRV - (ANIWConnService) -- C:\Windows\System32\ANIWConnService.exe ()
SRV - (rpcapd) Remote Packet Capture Protocol v.0 (experimental) -- C:\Program Files\WinPcap\rpcapd.exe (CACE Technologies)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (Maxtor Sync Service) -- C:\Program Files\Maxtor\Sync\SyncServices.exe (Seagate Technology LLC)
SRV - (TestHandler) -- C:\FirstSteps\OnlineDiagnostic\TestManager\TestHandler.exe (Fujitsu Siemens Computers)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (MpKsldd376f87) -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{7BD7A274-BA1E-4B66-9E80-F8BE619C0C8E}\MpKsldd376f87.sys (Microsoft Corporation)
DRV - (MpNWMon) -- C:\Windows\System32\drivers\MpNWMon.sys (Microsoft Corporation)
DRV - (StarOpen) -- C:\Windows\System32\drivers\StarOpen.sys ()
DRV - (FsUsbExDisk) -- C:\Windows\System32\FsUsbExDisk.Sys ()
DRV - (anodlwf) -- C:\Windows\System32\drivers\anodlwf.sys ()
DRV - (RT73) -- C:\Windows\System32\drivers\Dr71WU.sys (Ralink Technology, Corp.)
DRV - (FETND6V) -- C:\Windows\System32\drivers\fetnd6v.sys (VIA Technologies, Inc. )
DRV - (NPF) -- C:\Windows\System32\drivers\npf.sys (CACE Technologies)
DRV - (nvrd32) -- C:\Windows\system32\drivers\nvrd32.sys (NVIDIA Corporation)
DRV - (nvstor32) -- C:\Windows\system32\drivers\nvstor32.sys (NVIDIA Corporation)
DRV - (JRAID) -- C:\Windows\system32\drivers\jraid.sys (JMicron Technology Corp.)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (MXOPSWD) -- C:\Windows\System32\drivers\mxopswd.sys (Maxtor Corp.)
DRV - (ViPrt) -- C:\Windows\system32\DRIVERS\ViPrt.sys (VIA Technologies, Inc.)
DRV - (ViBus) -- C:\Windows\system32\DRIVERS\ViBus.sys (VIA Technologies, Inc.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = FA 75 24 3C B2 B7 CB 01 [binary data]
IE - HKCU\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Programme\pdfforge Toolbar\IE\4.3\pdfforgeToolbarIE.dll (Spigot, Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:8893
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=302398"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2.2
FF - prefs.js..extensions.enabledItems: pdfforge@mybrowserbar.com:4.3
FF - prefs.js..extensions.enabledItems: wtxpcom@mybrowserbar.com:4.3
FF - prefs.js..keyword.URL: "hxxp://de.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=302398&p="
FF - prefs.js..network.proxy.http: "hxxp://www.schule-boettcherkamp.de"
FF - prefs.js..network.proxy.no_proxies_on: "*.local"
FF - prefs.js..network.proxy.type: 1
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.15\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.03.06 18:28:29 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.15\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.03.06 18:28:29 | 000,000,000 | ---D | M]
 
[2010.06.04 06:53:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\...\AppData\Roaming\mozilla\Extensions
[2011.03.07 11:14:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\...\AppData\Roaming\mozilla\Firefox\Profiles\j808tbs7.default\extensions
[2010.06.25 04:38:16 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\...\AppData\Roaming\mozilla\Firefox\Profiles\j808tbs7.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.10.29 05:46:52 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\...\AppData\Roaming\mozilla\Firefox\Profiles\j808tbs7.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2011.02.24 15:13:29 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2011.02.24 15:13:29 | 000,000,000 | ---D | M] (Widgi Toolbar Platform) -- C:\PROGRAM FILES\COMMON FILES\SPIGOT\WTXPCOM
[2008.08.27 12:12:20 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
[2008.12.20 10:50:28 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
[2009.04.13 05:20:10 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
[2009.08.30 10:09:50 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
[2009.12.10 06:42:10 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
[2011.02.24 15:13:29 | 000,000,000 | ---D | M] (pdfforge Toolbar) -- C:\PROGRAM FILES\PDFFORGE TOOLBAR\FF
[2011.03.06 18:28:27 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2011.03.06 18:28:27 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2011.03.06 18:28:27 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2011.03.06 18:28:27 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2011.03.06 18:28:27 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2011.01.20 19:15:32 | 000,427,779 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1    www.007guard.com
O1 - Hosts: 127.0.0.1    007guard.com
O1 - Hosts: 127.0.0.1    008i.com
O1 - Hosts: 127.0.0.1    www.008k.com
O1 - Hosts: 127.0.0.1    008k.com
O1 - Hosts: 127.0.0.1    www.00hq.com
O1 - Hosts: 127.0.0.1    00hq.com
O1 - Hosts: 127.0.0.1    010402.com
O1 - Hosts: 127.0.0.1    www.032439.com
O1 - Hosts: 127.0.0.1    032439.com
O1 - Hosts: 127.0.0.1    www.0scan.com
O1 - Hosts: 127.0.0.1    0scan.com
O1 - Hosts: 127.0.0.1    1000gratisproben.com
O1 - Hosts: 127.0.0.1    www.1000gratisproben.com
O1 - Hosts: 127.0.0.1    www.1001namen.com
O1 - Hosts: 127.0.0.1    1001namen.com
O1 - Hosts: 127.0.0.1    100888290cs.com
O1 - Hosts: 127.0.0.1    www.100888290cs.com
O1 - Hosts: 127.0.0.1    100sexlinks.com
O1 - Hosts: 127.0.0.1    www.100sexlinks.com
O1 - Hosts: 127.0.0.1    10sek.com
O1 - Hosts: 127.0.0.1    www.10sek.com
O1 - Hosts: 127.0.0.1    www.123haustiereundmehr.com
O1 - Hosts: 14736 more lines...
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll (Google Inc.)
O2 - BHO: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Programme\pdfforge Toolbar\IE\4.3\pdfforgeToolbarIE.dll (Spigot, Inc.)
O3 - HKLM\..\Toolbar: (no name) - {0124123D-61B4-456f-AF86-78C53A0790C5} - No CLSID value found.
O3 - HKLM\..\Toolbar: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Programme\pdfforge Toolbar\IE\4.3\pdfforgeToolbarIE.dll (Spigot, Inc.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [ANIWZCS2Service] C:\Programme\ANI\ANIWZCS2 Service\WZCSLDR2.exe (Wireless Service)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4 - HKLM..\Run: [D-Link D-Link Wireless G DWL-G122_DWA-110] C:\Programme\D-Link\DWL-G122_DWA-110\AirGCFG.exe (D-Link Corp.)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [mxomssmenu] C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe (Maxtor Corporation)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Programme\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SearchSettings] C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [bootstartx.exe] File not found
O4 - HKCU..\Run: [portwexexe.exe] File not found
O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O4 - Startup: C:\Users\...\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk = C:\Programme\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\...\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\...\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{09179297-3121-11df-b78f-0019dbfa02b5}\Shell\AutoRun\command - "" = L:\installer.exe
O33 - MountPoints2\{09179297-3121-11df-b78f-0019dbfa02b5}\Shell\verb\command - "" = L:\installer.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.03.07 12:48:34 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\...\Desktop\OTL.exe
[2011.02.24 15:13:29 | 000,000,000 | ---D | C] -- C:\Programme\pdfforge Toolbar
[2011.02.24 15:13:29 | 000,000,000 | ---D | C] -- C:\Programme\Application Updater
[2011.02.11 11:19:07 | 000,000,000 | ---D | C] -- C:\Programme\Opera
[2011.02.07 10:53:19 | 001,833,232 | ---- | C] (Microsoft Corporation) -- C:\Users\...\Desktop\vc6redistsetup_enu.exe
[2011.02.05 18:21:06 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft Security Client
[2008.10.17 18:05:54 | 015,083,520 | ---- | C] (Safer Networking Limited ) -- C:\Programme\spybotsd160.exe
[2000.08.30 15:46:18 | 001,807,072 | ---- | C] (Microsoft Corporation) -- C:\Programme\vcredist.exe
[4 C:\Users\...\Documents\*.tmp files -> C:\Users\...\Documents\*.tmp -> ]
[1 C:\Users\...\Desktop\*.tmp files -> C:\Users\...\Desktop\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011.03.07 12:50:19 | 000,000,392 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{953E2184-6F80-40EC-AB19-5F9BCB3A3695}.job
[2011.03.07 12:48:43 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\...\Desktop\OTL.exe
[2011.03.07 12:44:04 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011.03.07 12:08:28 | 000,003,284 | ---- | M] () -- C:\Windows\System32\ANIWZCS{014E6000-DFE2-46D8-91C4-9C2C138AA072}
[2011.03.07 12:08:28 | 000,003,284 | ---- | M] () -- C:\Users\...\AppData\Roaming\ANIWZCS{014E6000-DFE2-46D8-91C4-9C2C138AA072}
[2011.03.07 12:07:47 | 012,385,574 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.03.07 12:07:47 | 004,202,180 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.03.07 12:07:47 | 003,904,176 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.03.07 12:07:47 | 003,549,274 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.03.07 12:06:22 | 000,001,052 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2011.03.07 12:06:00 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011.03.07 12:02:44 | 000,003,072 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011.03.07 12:02:43 | 000,003,072 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011.03.07 12:02:35 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.03.04 11:13:27 | 000,374,935 | ---- | M] () -- C:\Users\...Desktop\Mad_Men.mp3
[2011.03.04 11:00:56 | 000,060,416 | ---- | M] () -- C:\Users\...\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.03.03 16:45:49 | 224,213,013 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011.02.11 11:14:06 | 000,001,893 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 8.lnk
[2011.02.07 11:01:47 | 000,274,770 | ---- | M] () -- C:\Users\...\Documents\cc_20110207_110134.reg
[2011.02.07 10:53:23 | 001,833,232 | ---- | M] (Microsoft Corporation) -- C:\Users\...\Desktop\vc6redistsetup_enu.exe
[2011.02.05 18:21:34 | 000,001,912 | ---- | M] () -- C:\Windows\epplauncher.mif
[4 C:\Users\...\Documents\*.tmp files -> C:\Users\...\Documents\*.tmp -> ]
[1 C:\Users\...\Desktop\*.tmp files -> C:\Users\...\Desktop\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
 
[2011.03.03 16:45:16 | 224,213,013 | ---- | C] () -- C:\Windows\MEMORY.DMP
 
[2011.02.11 11:19:09 | 000,001,632 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
[2011.02.07 11:01:39 | 000,274,770 | ---- | C] () -- C:\Users\...\Documents\cc_20110207_110134.reg
[2011.02.05 18:21:34 | 000,001,912 | ---- | C] () -- C:\Windows\epplauncher.mif
[2011.02.05 18:21:07 | 000,001,814 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2010.11.14 14:00:03 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll
[2010.07.12 10:57:24 | 000,003,284 | ---- | C] () -- C:\Users\...\AppData\Roaming\ANIWZCS{21D09D53-45FE-4A0E-A3E6-CE73DF5FF17B}
[2010.03.07 08:32:49 | 000,007,168 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen.sys
[2010.01.26 08:43:29 | 000,003,284 | ---- | C] () -- C:\Users\...\AppData\Roaming\ANIWZCS{014E6000-DFE2-46D8-91C4-9C2C138AA072}
[2010.01.26 08:42:33 | 000,151,552 | ---- | C] () -- C:\Windows\System32\ANIWConnService.exe
[2010.01.26 08:42:22 | 000,258,048 | ---- | C] () -- C:\Windows\System32\wlanapp.dll
[2010.01.26 08:42:22 | 000,217,088 | ---- | C] () -- C:\Windows\System32\aIPH.dll
[2010.01.26 08:42:22 | 000,049,152 | ---- | C] () -- C:\Windows\System32\AQCKGen.dll
[2010.01.26 08:42:22 | 000,045,115 | ---- | C] () -- C:\Windows\System32\ANICtl.dll
[2010.01.26 08:42:04 | 000,315,392 | ---- | C] () -- C:\Windows\System32\ANIOApi.dll
[2010.01.26 08:41:52 | 000,733,184 | ---- | C] () -- C:\Windows\System32\ANIOWPS.dll
[2010.01.26 08:41:52 | 000,237,568 | ---- | C] () -- C:\Windows\System32\ANIWPS.exe
[2010.01.26 08:39:38 | 000,012,800 | ---- | C] () -- C:\Windows\System32\drivers\anodlwf.sys
[2010.01.26 08:39:38 | 000,002,048 | ---- | C] () -- C:\Windows\System32\rt73.bin
[2010.01.02 12:01:17 | 000,110,592 | ---- | C] () -- C:\Windows\System32\FsUsbExDevice.Dll
[2010.01.02 12:01:17 | 000,036,608 | ---- | C] () -- C:\Windows\System32\FsUsbExDisk.Sys
[2009.12.01 07:54:24 | 000,000,128 | ---- | C] () -- C:\Users\...\AppData\Roaming\default.rss
[2009.10.08 13:48:51 | 000,000,000 | ---- | C] () -- C:\ProgramData\LauncherAccess.dt
[2009.08.28 12:07:04 | 000,000,067 | ---- | C] () -- C:\Windows\AVIConverter.INI
[2009.07.03 06:15:27 | 000,000,104 | ---- | C] () -- C:\Windows\wiso.ini
[2009.04.30 15:48:02 | 000,007,592 | ---- | C] () -- C:\Users\...\AppData\Local\d3d9caps.dat
[2008.10.17 09:35:36 | 000,001,982 | ---- | C] () -- C:\Program Files\Google Earth.lnk
[2008.10.17 09:34:50 | 001,109,200 | ---- | C] () -- C:\Programme\Google Updater.exe
[2008.09.05 07:17:17 | 000,313,344 | ---- | C] () -- C:\Programme\hjsplit.exe
[2008.08.11 10:09:59 | 000,001,841 | ---- | C] () -- C:\Program Files\D-Link AirPlus Utility.lnk
[2008.08.10 15:11:13 | 025,093,328 | ---- | C] () -- C:\Programme\antivir_workstation810_winu_de_h.exe
[2008.04.29 06:48:41 | 000,060,416 | ---- | C] () -- C:\Users\...\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.04.28 16:48:30 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2007.12.18 14:11:40 | 000,069,632 | ---- | C] () -- C:\Windows\System32\vuins32.dll
[2007.11.06 21:19:28 | 000,053,299 | ---- | C] () -- C:\Windows\System32\pthreadVC.dll
[2006.11.02 16:33:31 | 012,385,574 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2006.11.02 16:33:31 | 003,904,176 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2006.11.02 16:33:31 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2006.11.02 16:33:31 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2006.11.02 13:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 13:47:37 | 000,270,056 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006.11.02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 11:33:01 | 004,202,180 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006.11.02 11:33:01 | 003,549,274 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006.11.02 11:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006.11.02 11:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006.11.02 11:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006.11.02 09:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006.11.02 09:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.11.02 08:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006.11.02 08:22:43 | 000,099,999 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2006.11.02 08:22:43 | 000,018,271 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2006.08.11 09:52:02 | 000,012,288 | ---- | C] () -- C:\Windows\System32\EvOnlDiag.dll
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:DFC5A2B2
 
< End of report >

--- --- ---

Was kann ich jetzt machen? Hab kaum Ahnung, eine möglichst genaue Erklärung wäre toll. Danke!

markusg · 07.03.2011, 13:34

Machst du onlinebanking einkäufe oder sonst was wichtiges mit dem pc?

huhu77 · 07.03.2011, 14:30

nein, nur ein paar office anwedungen und im internet surfen.

markusg · 07.03.2011, 15:44

ok.
bitte erstelle und poste ein combofix log.
Ein Leitfaden und Tutorium zur Nutzung von ComboFix

huhu77 · 07.03.2011, 16:38

vielen dank soweit....

Combofix Logfile:

Code:

ATTFilter

ComboFix 11-03-06.06 - Jan 07.03.2011  16:20:21.1.2 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6000.0.1252.49.1031.18.3070.1962 [GMT 1:00]
ausgeführt von:: c:\users\Jan\Desktop\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\bootstartx.exe
c:\bootstartx.exe\bootstartx.exe
c:\bootstartx.exe\config.bin
c:\firststeps\FirstSteps.exe
C:\Install.exe
C:\portwexexe.exe
c:\portwexexe.exe\config.bin
c:\portwexexe.exe\portwexexe.exe
c:\program files\pdfforge Toolbar\IE\4.3\pdFForgetoolbarie.dll
c:\users\Jan\AntiTwin_Setup.exe
c:\users\Jan\AppData\Roaming\AD ON Multimedia
c:\users\Jan\AppData\Roaming\AD ON Multimedia\eBay Shortcuts\config.ini
c:\users\Jan\vcredist.exe
c:\users\Jan\wrar371d.exe
c:\windows\system32\LogFiles\HTTPERR\httperr1.log
c:\windows\system32\LogFiles\Scm\SCM.EVM
c:\windows\system32\LogFiles\Scm\SCM.EVM.1
c:\windows\system32\LogFiles\Scm\SCM.EVM.2
c:\windows\system32\LogFiles\Scm\SCM.EVM.3
c:\windows\system32\LogFiles\Scm\SCM.EVM.4
c:\windows\system32\LogFiles\Scm\SCM.EVM.5
c:\windows\system32\LogFiles\Srt\SrtTrail.txt
c:\windows\system32\LogFiles\Srt\StartupRepair.etl
c:\windows\system32\LogFiles\WMI\tscore1.etl
c:\windows\system32\LogFiles\WMI\tscore2.etl
c:\windows\system32\LogFiles\WUDF\WUDFTrace.etl
c:\windows\system32\LogFiles . . . . Nicht in der Lage zu löschen
.
.
(((((((((((((((((((((((   Dateien erstellt von 2011-02-07 bis 2011-03-07  ))))))))))))))))))))))))))))))
.
.
2011-03-07 15:28 . 2011-03-07 15:28	28752	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{5560C8B6-46D2-4BA8-BE4F-715E21BD04A2}\MpKsldfdcd58e.sys
2011-03-07 14:45 . 2011-02-11 06:54	5943120	------w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{5560C8B6-46D2-4BA8-BE4F-715E21BD04A2}\mpengine.dll
2011-02-24 14:13 . 2011-02-24 14:13	--------	d-----w-	c:\program files\Application Updater
2011-02-24 14:13 . 2011-02-24 14:13	--------	d-----w-	c:\program files\pdfforge Toolbar
2011-02-11 10:19 . 2011-02-11 10:19	--------	d-----w-	c:\program files\Opera
2011-02-07 05:25 . 2010-11-30 09:43	439632	------w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{967F22B9-F54E-4CF6-A27B-E6B615248BCB}\gapaengine.dll
2011-02-05 17:27 . 2011-02-11 06:54	5943120	------w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-02-05 17:21 . 2011-02-05 17:21	--------	d-----w-	c:\program files\Microsoft Security Client
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-01-13 09:41 . 2011-02-05 12:00	5890896	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{E83BE439-561F-489B-8D7B-6F5B4D15E20A}\mpengine.dll
2010-12-25 09:03 . 2010-12-25 09:03	1222408	----a-w-	c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2008-10-17 17:06 . 2008-10-17 17:05	15083520	----a-w-	c:\program files\spybotsd160.exe
2008-10-17 08:34 . 2008-10-17 08:34	1109200	----a-w-	c:\program files\Google Updater.exe
2008-08-10 14:11 . 2008-08-10 14:11	25093328	----a-w-	c:\program files\antivir_workstation810_winu_de_h.exe
2007-02-01 16:02 . 2008-09-05 06:17	313344	----a-w-	c:\program files\hjsplit.exe
2000-08-30 14:46 . 2000-08-30 14:46	1807072	------w-	c:\program files\vcredist.exe
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-04-28 1232896]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2006-11-02 125440]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-10-17 39408]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 201728]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-06-01 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-06-01 8429568]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-06-01 81920]
"RtHDVCpl"="RtHDVCpl.exe" [2007-10-01 4702208]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2011-01-22 40368]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"ANIWZCS2Service"="c:\program files\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2009-08-21 98304]
"D-Link D-Link Wireless G DWL-G122_DWA-110"="c:\program files\D-Link\DWL-G122_DWA-110\AirGCFG.exe" [2009-08-14 1708032]
"mxomssmenu"="c:\program files\Maxtor\OneTouch Status\maxmenumgr.exe" [2007-09-06 169264]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-10 417792]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-02-15 141608]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2008-03-10 689488]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2008-03-17 1848648]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 997408]
"SearchSettings"="c:\program files\Common Files\Spigot\Search Settings\SearchSettings.exe" [2011-01-28 526336]
.
c:\users\Jan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
Philips SA19xx Gere-Manager.lnk - c:\program files\Philips\GoGear SA19xx Device Manager\main.exe [2010-3-16 124816]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"NeroFilterCheck"=c:\program files\Common Files\Nero\Lib\NeroCheck.exe
.
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2009-12-27 135664]
R3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.SYS [2009-03-31 36608]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
R3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007-11-06 34064]
S0 ViBus;ViBus;c:\windows\system32\DRIVERS\ViBus.sys [2007-03-26 16896]
S0 ViPrt;VIA SATA IDE Device Driver;c:\windows\system32\DRIVERS\ViPrt.sys [2007-03-26 52224]
S1 anodlwf;ANOD Network Security Filter driver;c:\windows\system32\DRIVERS\anodlwf.sys [2009-03-06 12800]
S1 MpKsldfdcd58e;MpKsldfdcd58e;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{5560C8B6-46D2-4BA8-BE4F-715E21BD04A2}\MpKsldfdcd58e.sys [2011-03-07 28752]
S2 ANIWConnService;ANIWConn Service;c:\windows\system32\ANIWConnService.exe [2009-07-07 151552]
S2 Application Updater;Application Updater;c:\program files\Application Updater\ApplicationUpdater.exe [2011-01-28 387072]
S3 FETND6V;VIA Rhine Family Fast Ethernet Adapter Driver;c:\windows\system32\DRIVERS\fetnd6v.sys [2008-09-22 43520]
S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2010-10-24 43392]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - MPKSLDFDCD58E
.
Inhalt des "geplante Tasks" Ordners
.
2011-03-07 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-08-27 08:03]
.
2011-03-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-27 17:45]
.
2011-03-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-27 17:45]
.
2011-03-07 c:\windows\Tasks\User_Feed_Synchronization-{953E2184-6F80-40EC-AB19-5F9BCB3A3695}.job
- c:\windows\system32\msfeedssync.exe [2010-03-31 04:54]
.
.
------- Zusätzlicher Suchlauf -------
.
uInternet Settings,ProxyServer = http=127.0.0.1:8893
uInternet Settings,ProxyOverride = <local>
FF - ProfilePath - c:\users\Jan\AppData\Roaming\Mozilla\Firefox\Profiles\j808tbs7.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: keyword.URL - hxxp://de.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=302398&p=
FF - prefs.js: network.proxy.http - hxxp://www.schule-boettcherkamp.de
FF - prefs.js: network.proxy.type - 1
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKCU-Run-bootstartx.exe - c:\bootstartx.exe\bootstartx.exe
HKCU-Run-portwexexe.exe - c:\portwexexe.exe\portwexexe.exe
.
.
.
**************************************************************************
Scanne versteckte Prozesse... 
.
Scanne versteckte Autostarteinträge... 
.
Scanne versteckte Dateien... 
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 
.
**************************************************************************
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files\Microsoft Security Client\Antimalware\MsMpEng.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Maxtor\Sync\SyncServices.exe
c:\firststeps\OnlineDiagnostic\TestManager\TestHandler.exe
c:\windows\system32\WUDFHost.exe
c:\windows\system32\conime.exe
c:\windows\System32\rundll32.exe
c:\windows\RtHDVCpl.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\ehome\ehmsas.exe
c:\windows\system32\WerFault.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe
c:\windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2011-03-07  16:33:48 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2011-03-07 15:33
.
Vor Suchlauf: 16 Verzeichnis(se), 125.822.005.248 Bytes frei
Nach Suchlauf: 21 Verzeichnis(se), 127.552.020.480 Bytes frei
.
- - End Of File - - BABD3C37A67763AAE178C1A338970D03

--- --- ---

markusg · 07.03.2011, 17:00

öffne computer öffne c:
öffne qoobox, rechtsklick auf quarantain.
mit winrar oder zip packen, hochladen:
http://www.trojaner-board.de/54791-a...ner-board.html

huhu77 · 07.03.2011, 17:48

danke, hab ich gemacht.

markusg · 07.03.2011, 18:05

download malwarebytes:
Malwarebytes
instalieren, öffnen, registerkarte aktualisierung, programm updaten.
schalte alle laufenden programme ab, trenne die internetverbindung.
registerkarte scanner, komplett scan, funde entfernen, log posten.

huhu77 · 07.03.2011, 19:15

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Datenbank Version: 5981

Windows 6.0.6000
Internet Explorer 8.0.6001.18904

07.03.2011 19:11:21
mbam-log-2011-03-07 (19-11-21).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 269509
Laufzeit: 54 Minute(n), 54 Sekunde(n)

Infizierte Speicherprozesse: 2
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 1
Infizierte Registrierungswerte: 5
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 5

Infizierte Speicherprozesse:
c:\program files\application updater\applicationupdater.exe (PUP.Dealio) -> 2008 -> Unloaded process successfully.
c:\program files\common files\Spigot\search settings\searchsettings.exe (PUP.Dealio) -> 3984 -> Unloaded process successfully.

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Application Updater (PUP.Dealio) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\PROGRAM FILES\APPLICATION UPDATER\APPLICATIONUPDATER.EXE (PUP.Dealio) -> Value: APPLICATIONUPDATER.EXE -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\PROGRAM FILES\COMMON FILES\SPIGOT\WTXPCOM\COMPONENTS\WIDGITOOLBARFF.DLL (Adware.WidgiToolbar) -> Value: WIDGITOOLBARFF.DLL -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyServer (PUM.Bad.Proxy) -> Value: ProxyServer -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\SearchSettings (PUP.Dealio) -> Value: SearchSettings -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\PROGRAM FILES\COMMON FILES\SPIGOT\SEARCH SETTINGS\SEARCHSETTINGS.EXE (PUP.Dealio) -> Value: SEARCHSETTINGS.EXE -> Quarantined and deleted successfully.

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
c:\program files\application updater\applicationupdater.exe (PUP.Dealio) -> Quarantined and deleted successfully.
c:\program files\common files\Spigot\wtxpcom\components\widgitoolbarff.dll (Adware.WidgiToolbar) -> Quarantined and deleted successfully.
c:\program files\pdfforge toolbar\widgihelper.exe (PUP.Dealio) -> Quarantined and deleted successfully.
c:\Qoobox\quarantine\C\program files\pdfforge toolbar\IE\4.3\pdfforgetoolbarie.dll.vir (PUP.Dealio) -> Quarantined and deleted successfully.
c:\program files\common files\Spigot\search settings\searchsettings.exe (PUP.Dealio) -> Quarantined and deleted successfully.

markusg · 07.03.2011, 19:18

lade den CCleaner slim:
Piriform - Builds
falls der CCleaner bereits instaliert, überspringen.
instalieren, öffnen, extras, liste der instalierten programme, als txt speichern. öffnen.
hinter, jedes von dir benötigte programm, schreibe notwendig.
hinter, jedes, von dir nicht benötigte, unnötig.
hinter, dir unbekannte, unbekannt.
liste posten.

huhu77 · 07.03.2011, 19:35

Adobe Flash Player 10 ActiveX Adobe Systems Incorporated 21.09.2010 10.1.85.3 notwendig
Adobe Flash Player 10 Plugin Adobe Systems Incorporated 27.11.2010 10.1.102.64 unbekannt
Adobe Reader 8.2.6 - Deutsch Adobe Systems Incorporated 10.02.2011 102,0MB 8.2.6 notwendig
AirPlus XtremeG DWL-G122 D-Link 15.09.2009 2,16MB 1.0.30 unbekannt
ANIWZCS2 Service 25.01.2010 0,71MB unbekannt
Anti-Twin (Installation 14.07.2009) Joerg Rosenthal, Germany 13.07.2009 0,86MB unnötig
Apple Application Support Apple Inc. 03.12.2009 32,4MB 1.1.0 unnötig
Apple Mobile Device Support Apple Inc. 02.03.2010 40,4MB 2.6.0.32 unnötig
Apple Software Update Apple Inc. 05.02.2009 2,16MB 2.1.1.116 unnötig
AviSynth 2.5 27.11.2009 0,23MB unbekannt
Bonjour Apple Inc. 02.03.2010 0,49MB 1.0.106 unbekannt
Canon MP Navigator EX 2.0 09.03.2010 69,6MB notwendig
Canon MP630 series Benutzerregistrierung 09.03.2010 0,52MB notwendig
Canon MP630 series MP Drivers 09.03.2010 notwendig
Canon Utilities My Printer 09.03.2010 2,39MB notwendig
Canon Utilities Solution Menu 09.03.2010 1,93MB notwendig
CCleaner Piriform 30.11.2009 2,53MB notwendig
CD-LabelPrint 09.03.2010 11,7MB unbekannt
CDBurnerXP CDBurnerXP 10.12.2010 11,9MB 4.3.8.2474 notwendig
D-Link Wireless G DWL-G122_DWA-110 D-Link 25.01.2010 23,4MB notwendig
ElsterFormular Landesfinanzdirektion Thüringen 25.11.2010 141,7MB 11.5.1.4843 notwendig
FirstSteps Diagnostics Fujitsu Siemens Computers 17.12.2007 4,67MB 1.00 unbekannt
FLV Player 2.0 (build 25) Martijn de Visser 25.03.2010 1,91MB 2.0 (build 25) unnötig
GoGear SA19xx Device Manager Philips 15.03.2010 16,5MB 0.1 unbekannt
Google Toolbar for Internet Explorer Google Inc. 28.10.2010 3,00MB 6.6.1015.36 unnötig
Google Updater Google Inc. 23.03.2009 3,96MB 2.4.1536.6592 unnötig
iTunes Apple Inc. 02.03.2010 146,3MB 9.0.3.15 unnötig
Java(TM) 6 Update 18 Sun Microsystems, Inc. 19.12.2008 94,4MB 6.0.180 unbekannt
Java(TM) 6 Update 7 Sun Microsystems, Inc. 26.08.2008 136,2MB 1.6.0.70 unbekannt
Malwarebytes' Anti-Malware Malwarebytes Corporation 06.03.2011 4,80MB notwendig
Maxtor Manager Seagate Technology 06.04.2009 54,6MB 4.01.0227 unbekannt
McAfee Security Scan Plus McAfee, Inc. 15.03.2010 2,33MB 2.0.181.2 unbekannt
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU Microsoft Corporation 16.04.2009 37,0MB unbekannt
Microsoft .NET Framework 3.5 SP1 Microsoft Corporation 09.04.2009 37,0MB unbekannt
Microsoft Expression Web 2 Microsoft Corporation 15.10.2009 118,1MB 12.0.4518.1088 unbekannt
Microsoft Office Home and Student 2007 Microsoft Corporation 22.05.2009 294,7MB 12.0.6425.1000 notwendig
Microsoft Security Essentials Microsoft Corporation 04.02.2011 16,8MB 2.0.657.0 notwendig
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Corporation 28.07.2009 0,25MB 8.0.50727.4053 unbekannt
Microsoft Visual C++ 2005 Redistributable Microsoft Corporation 29.11.2009 0,33MB 8.0.59193 unbekannt
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 Microsoft Corporation 28.07.2009 0,19MB 9.0.30729.4148 unbekannt
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 Microsoft Corporation 21.05.2010 0,61MB 9.0.21022 unbekannt
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Corporation 28.06.2009 0,58MB 9.0.30729 unbekannt
Mozilla Firefox (3.6.15) Mozilla 05.03.2011 39,1MB 3.6.15 (de) notwendig
MSXML 4.0 SP2 (KB941833) Microsoft Corporation 17.12.2007 1,27MB 4.20.9849.0 unbekannt
MSXML 4.0 SP2 (KB954430) Microsoft Corporation 11.11.2008 1,28MB 4.20.9870.0 unbekannt
MSXML 4.0 SP2 (KB973688) Microsoft Corporation 24.11.2009 1,34MB 4.20.9876.0 unbekannt
Nero 7 Ultra Edition Nero AG 28.11.2009 401,8MB 7.01.0735 unnötig
NVIDIA Drivers 17.12.2007 unbekannt
Opera 11.01 Opera Software ASA 10.02.2011 28,2MB 11.01.1190 unnötig
PDFCreator Frank Heindörfer, Philip Chinery 13.11.2010 25,2MB 1.0.2 unbekannt
pdfforge Toolbar v4.3 Spigot, Inc. 23.02.2011 2,55MB 4.3 unbekannt
PeerGuardian 2.0 Methlabs Productions 27.04.2008 10,6MB 2.0.6.4 unnötig
QuickTime Apple Inc. 03.12.2009 77,3MB 7.65.17.80 unnötig
Realtek High Definition Audio Driver 17.12.2007 unbekannt
Recuva Piriform 22.08.2010 1,97MB 1.38 unbekannt
SCHLECKER Foto Digital Service 21.05.2010 167,9MB unnötig
Spybot - Search & Destroy Safer Networking Limited 16.10.2008 52,3MB 1.6.0 notwendig (?)
Universal Document Converter (Demo) fCoder Group, Inc. 13.11.2010 10,8MB 5.1 unbekannt
VIA Rhine Family Fast Ethernet Adapter 20.01.2010 unbekannt
VideoLAN VLC media player 0.8.6f VideoLAN Team 27.04.2008 32,6MB 0.8.6f notwendig
Windows Media Player Firefox Plugin Microsoft Corp 07.08.2008 0,29MB 1.0.0.8 notwendig
WinPcap 4.0.2 CACE Technologies 24.11.2008 0,19MB 4.0.0.1040 unbekannt
WinRAR 02.05.2008 3,66MB notwendig

huhu77 · 07.03.2011, 19:42

doppel gepostet

markusg · 07.03.2011, 20:17

deinstaliere:

Adobe Reader 8.2.6
Adobe - Adobe Reader herunterladen - Alle Versionen
lade die neueste version.
bitte ohne mcafee virus scan!
öffne den adobe reader, bearbeiten, voreinstellungen, javascript, dort den haken raus, internet, ebenfalls alle haken raus.
so werden keine pdfs mehr automatisch geladen und es kann dir kein schadcode mehr auf diese weise untergeschoben werden.
unter allgemein, nur zertifizierte zusatzmodule verwenden anhaken.
unter update, auf instalieren stellen.
klicke übernehmen /ok
deinstaliere.
AirPlus
Anti-Twin (Installation
Bonjour
CD-LabelPrint
FLV Player
Google Toolbar
Java beide.
Java SE Downloads
klicke auf download jre.
deinstaliere weiter
McAfee Security Scan
Nero
PDFCreator
pdfforge Toolbar
PeerGuardian
QuickTime
Recuva
SCHLECKER
Spybot nicht nötig...
Universal Document Converter
VideoLAN VLC
updaten:
VideoLAN - Official download of VLC media player for Windows
WinPcap

bereinige jetzt mit dem ccleaner.

huhu77 · 07.03.2011, 20:53

super, danke. lief alles reibungslos. ist jetzt wieder alles in ordnung?
muss ich noch irgendeinen schutz installieren?

markusg · 07.03.2011, 21:28

servicepack 1
Detail Seite Windows Vista Service Pack 1 Five Language Standalone (KB936330)

internet explorer 8:
Mit Sicherheit ins Internet.
windows update:
Microsoft Windows Update
hier instalierst du so lange updates, bis es keine neuen mehr gibt.
windows updates automatisch laden/instalieren:
Aktivieren oder Deaktivieren von automatischen Updates
damit dein system ab sofort immer aktuell bleibt.

07.03.2011, 13:34	#2
markusg /// Malware-holic	opachki. ru von spybot gefunden, ...und jetzt? Machst du onlinebanking einkäufe oder sonst was wichtiges mit dem pc? __________________ __________________

07.03.2011, 17:00	#6
markusg /// Malware-holic	opachki. ru von spybot gefunden, ...und jetzt? öffne computer öffne c: öffne qoobox, rechtsklick auf quarantain. mit winrar oder zip packen, hochladen: http://www.trojaner-board.de/54791-a...ner-board.html __________________ --> opachki. ru von spybot gefunden, ...und jetzt?

opachki. ru von spybot gefunden, ...und jetzt?

Log-Analyse und Auswertung: opachki. ru von spybot gefunden, ...und jetzt?