Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung
Windows security alert - dateien vesteckt und online banking laeuft nicht mehr....

Windows security alert - dateien vesteckt und online banking laeuft nicht mehr....


Log-Analyse und Auswertung: Windows security alert - dateien vesteckt und online banking laeuft nicht mehr....

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

Antwort
Alt 18.04.2011, 19:53   #1
hippy
 
Windows security alert - dateien vesteckt und online banking laeuft nicht mehr.... - Standard

Windows security alert - dateien vesteckt und online banking laeuft nicht mehr....


Hallo Zusammen,
ich hatte gestern einen "Windows security alert" Virus und habe ihn wohl mit Malbyteware auf externem USB stick gefunden und geloescht...dachte ich. Nun sind saemtliche Dateien immer noch "versteckt" und das online banking programm meiner Bank laeuft auch nicht mehr....ich hoffe Ihr koennt mir helfen!!!!!

ich poste gleich den Hijack Logfile...


Besten Gruss und Danke

Alex

hier der HijackThis log....

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\HPQ\IAM\bin\asghost.exe
C:\Program Files\Ahnlab\Smart Update Utility\Ahnsdsv.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\HPQ\HP ProtectTools Security Manager\PTHOSTTR.EXE
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\Ahnlab\Smart Update Utility\AhnSD.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\Wcescomm.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\PROGRA~1\MICROS~4\rapimgr.exe
C:\PROGRA~1\HPQ\Shared\HPQTOA~1.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\trend micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Sign In
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN, Messenger und Hotmail sowie Nachrichten, Unterhaltung, Video, Sport, Lifestyle, Finanzen, Auto uvm. bei MSN
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN, Messenger und Hotmail sowie Nachrichten, Unterhaltung, Video, Sport, Lifestyle, Finanzen, Auto uvm. bei MSN
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = HP® - Laptops, Desktops, Printers, Servers and more
O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: HP Credential Manager for ProtectTools - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - C:\Program Files\HPQ\IAM\Bin\ItIeAddIN.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Athens Toolbar - {2E560504-B9C8-48AA-982A-08B79C3FD40E} - C:\Program Files\Eduserv Technologies Limited\Athens Toolbar\AthensToolbar.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [PTHOSTTR] C:\Program Files\HPQ\HP ProtectTools Security Manager\PTHOSTTR.EXE /Start
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [CognizanceTS] rundll32.exe C:\PROGRA~1\HPQ\IAM\Bin\AsTsVcc.dll,RegisterModule
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\Sminst\Recguard.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [WatchDog] C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [AHNSD] "C:\Program Files\Ahnlab\Smart Update Utility\AhnSD.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\Wcescomm.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Global Startup: DVD Check.lnk = C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Add to AMV Converter... - C:\Program Files\MP3 Player Utilities 4.15\AMVConverter\grab.html
O8 - Extra context menu item: Add to Media Manager... - C:\Program Files\MP3 Player Utilities 4.15\MediaManager\grab.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=hxxp://www.hp.com
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - hxxp://download.bitdefender.com/resources/scanner/sources/de/scan8/oscan8.cab
O18 - Protocol: x-owacid - {0215258F-F0A8-49DE-BF1B-0FF02EDA8807} - C:\Program Files\Microsoft\Outlook Web Access SMIME Client\mimectl.dll
O20 - Winlogon Notify: OneCard - C:\Program Files\HPQ\IAM\Bin\AsWlnPkg.dll
O23 - Service: Ahnlab Task Scheduler - AhnLab, Inc. - C:\Program Files\Ahnlab\Smart Update Utility\Ahnsdsv.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: PC Angel (PCA) - SoftThinks - C:\WINDOWS\SMINST\PCAngel.exe

hier die OTL logs:

Extras:OTL EXTRAS Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 4/18/2011 9:00:41 PM - Run 1
OTL by OldTimer - Version 3.2.22.3     Folder = C:\Documents and Settings\user\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
503.00 Mb Total Physical Memory | 200.00 Mb Available Physical Memory | 40.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 62.00% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 47.63 Gb Total Space | 14.72 Gb Free Space | 30.90% Space Free | Partition Type: NTFS
Drive E: | 8.25 Gb Total Space | 2.70 Gb Free Space | 32.78% Space Free | Partition Type: FAT32
Drive F: | 1.93 Gb Total Space | 1.81 Gb Free Space | 93.57% Space Free | Partition Type: FAT32
 
Computer Name: YOUR-4105E587B6 | User Name: user | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger
"C:\Program Files\Windows Live\Messenger\livecall.exe" = C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\WINDOWS\SMINST\Scheduler.exe" = C:\WINDOWS\SMINST\Scheduler.exe:*:Enabled:Scheduler  -- ()
"C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" = C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe:*:Enabled:Malwarebytes' Anti-Malware -- (Malwarebytes Corporation)
"C:\Program Files\SopCast\adv\SopAdver.exe" = C:\Program Files\SopCast\adv\SopAdver.exe:*:Disabled:SopCast Adver -- (SopCast - Free P2P internet TV | live football, NBA, cricket)
"C:\Program Files\SopCast\SopCast.exe" = C:\Program Files\SopCast\SopCast.exe:*:Disabled:SopCast Main Application -- (SopCast - Free P2P internet TV | live football, NBA, cricket)
"D:\DVD-Start.exe" = D:\DVD-Start.exe:*:Enabled:Schnellstart-DVD
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{075473F5-846A-448B-BCB3-104AA1760205}" = Sonic Data Module
"{07FD685C-32DC-4BEA-ACE7-91B703073B12}" = SPSS Data Access Pack 4.0 for Windows
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA
"{1424D162-C162-11D4-AE6E-00105A877C32}" = Smart Update Utility
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Sonic MyDVD Plus
"{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}" = QuickTime
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216010FF}" = Java(TM) 6 Update 15
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3F9F7336-6DF8-476F-ABF6-C70A17FAF619}" = HP Backup and Recovery Manager Installer
"{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth
"{4302B2DD-D958-40E3-BAF3-B07FFE1978CE}" = HP Wireless Assistant 2.00 E1
"{48CF6549-B45D-4313-9927-EFCCC8A3493F}" = TIPCI
"{49FC50FC-F965-40D9-89B4-CBFF80941031}" = Windows Movie Maker 2.0
"{512FA709-D3E8-4094-A1B5-39A2A08A8400}" = Microsoft Outlook Web Access S/MIME (2007)
"{5D97A4A7-C274-4B63-86D9-07A33435F505}" = InterVideo DVD Check
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Sonic Express Labeler
"{6CF08AD2-00C5-4A63-B74B-2EFFFAFEBE1A}" = Microsoft Outlook Web Access S/MIME
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7C6999B2-1A35-4F2C-8DB7-3CB46B640CC9}" = ConsumerUpdate
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8736C276-6B2E-4E42-85CF-E372CFF97F08}" = SPSS 14.0 for Windows Integrated Student Version
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel(R) Graphics Media Accelerator Driver
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90280409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional with FrontPage
"{914E1AB1-DCA0-4A7D-935F-B58C4B887A2B}" = HP ProtectTools Security Manager 2.00 C3
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD
"{99052DB7-9592-4522-A558-5417BBAD48EE}" = Microsoft ActiveSync
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Sonic Audio Module
"{ABB2901A-3D0A-4F21-8324-2F13C3EFE163}" = LightScribe  1.4.62.1
"{AC76BA86-7AD7-1031-7B44-A91000000001}" = Adobe Reader 9.1.2 - Deutsch
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{AE052EF7-2640-48D7-8915-69B810D975CB}" = HP BIOS Configuration for ProtectTools 2.00 E1
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Sonic Copy Module
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B9F4C05D-E42F-4E9A-A73F-FDD9355319FB}" = HP Credential Manager for ProtectTools
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240B8}" = WinZip 12.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{DB0781F5-06D2-49BB-87B5-00F3B834FC3B}" = HP User Guides 0015
"{DB518BA6-CB74-4EB6-9ABD-880B6D6E1F38}" = HpSdpAppCoreApp
"{E0DBC47C-ED3F-4A1B-A929-9A26DAAA14B3}" = Application Installer 4.00.B5
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E79734B1-B505-42E6-B6AF-65D049C503B0}" = Athens Toolbar
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Agere Systems Soft Modem" = Agere Systems HDA Modem
"Ashampoo Burning Studio 6" = Ashampoo Burning Studio 6
"AVGantiRootkit" = AVG Anti-Rootkit Free
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"CCleaner" = CCleaner (remove only)
"CD Audio Reader Filter" = CD Audio Reader Filter (remove only)
"DirectVobSub" = DirectVobSub (remove only)
"DScaler 5 Mpeg Decoders_is1" = DScaler 5 Mpeg Decoders
"DS-MP3 Source" = DS-MP3 Source 1.30
"Embanet_is1" = Embanet 8.0 Offline
"HijackThis" = HijackThis 2.0.2
"HP-LaserJet 1020 series" = LaserJet 1020 series
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{48CF6549-B45D-4313-9927-EFCCC8A3493F}" = Texas Instruments PCIxx21/x515/xx12 drivers.
"iriver plus 3" = iriver plus 3 (remove only)
"LrcEdit_is1" = LrcEdit 1.0
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"OpenSource Flash Video Splitter" = OpenSource Flash Video Splitter (remove only)
"Purge_is1" = Purge 2.0.0.477 [BETA1]
"RealAlt_is1" = Real Alternative 1.9.0
"RealMedia" = RealMedia (remove only)
"RealPlayer 12.0" = RealPlayer
"SHOUTcast Source" = SHOUTcast Source (remove only)
"SoftcampSCSK" = SoftCamp Secure KeyStroke 4.0
"SopCast" = SopCast 3.0.3
"Spybot - Search & Destroy_is1" = Spybot - Search & Destroy 1.5.2.20
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"VP Bank e-banking" = VP Bank e-banking
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinGimp-2.0_is1" = GIMP 2.6.7
"WinRAR archiver" = WinRAR Archivierer
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XecureWeb Control" = XecureWeb Control
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 4/17/2011 4:47:04 AM | Computer Name = YOUR-4105E587B6 | Source = oto.exe | ID = 0
Description = 
 
Error - 4/17/2011 6:15:24 AM | Computer Name = YOUR-4105E587B6 | Source = MSDTC | ID = 4404
Description = MS DTC Tracing infrastructure : the initialization of the tracing 
infrastructure failed. Internal Information : msdtc_trace : File: d:\comxp_sp3\com\com1x\dtc\dtc\trace\src\tracelib.cpp,
 Line: 1115, StartTrace Failed, hr=0x800700a1  
 
Error - 4/18/2011 2:40:25 AM | Computer Name = YOUR-4105E587B6 | Source = Application Error | ID = 1000
Description = Faulting application sdupdate.exe, version 1.6.0.12, faulting module
 kernel32.dll, version 5.1.2600.5781, fault address 0x00012afb.
 
Error - 4/18/2011 2:40:50 AM | Computer Name = YOUR-4105E587B6 | Source = Application Error | ID = 1000
Description = Faulting application sdupdate.exe, version 1.6.0.12, faulting module
 kernel32.dll, version 5.1.2600.5781, fault address 0x00012afb.
 
Error - 4/18/2011 4:46:09 AM | Computer Name = YOUR-4105E587B6 | Source = Application Hang | ID = 1002
Description = Hanging application javaw.exe, version 0.0.0.0, hang module hungapp,
 version 0.0.0.0, hang address 0x00000000.
 
Error - 4/18/2011 6:04:19 AM | Computer Name = YOUR-4105E587B6 | Source = Application Hang | ID = 1002
Description = Hanging application javaw.exe, version 0.0.0.0, hang module hungapp,
 version 0.0.0.0, hang address 0x00000000.
 
Error - 4/18/2011 6:09:35 AM | Computer Name = YOUR-4105E587B6 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
 hungapp, version 0.0.0.0, hang address 0x00000000.
 
Error - 4/18/2011 6:09:36 AM | Computer Name = YOUR-4105E587B6 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
 hungapp, version 0.0.0.0, hang address 0x00000000.
 
Error - 4/18/2011 9:12:10 AM | Computer Name = YOUR-4105E587B6 | Source = MSDTC | ID = 4404
Description = MS DTC Tracing infrastructure : the initialization of the tracing 
infrastructure failed. Internal Information : msdtc_trace : File: d:\comxp_sp3\com\com1x\dtc\dtc\trace\src\tracelib.cpp,
 Line: 1115, StartTrace Failed, hr=0x800700a1  
 
Error - 4/18/2011 2:40:04 PM | Computer Name = YOUR-4105E587B6 | Source = Application Hang | ID = 1002
Description = Hanging application javaw.exe, version 0.0.0.0, hang module hungapp,
 version 0.0.0.0, hang address 0x00000000.
 
[ System Events ]
Error - 4/18/2011 9:12:20 AM | Computer Name = YOUR-4105E587B6 | Source = Removable Storage Service | ID = 262255
Description = RSM could not load media in drive Drive 0 of library USB Flash Disk
 USB Device.
 
Error - 4/18/2011 9:12:23 AM | Computer Name = YOUR-4105E587B6 | Source = Removable Storage Service | ID = 262255
Description = RSM could not load media in drive Drive 0 of library USB Flash Disk
 USB Device.
 
Error - 4/18/2011 9:16:44 AM | Computer Name = YOUR-4105E587B6 | Source = Removable Storage Service | ID = 262255
Description = RSM could not load media in drive Drive 0 of library USB Flash Disk
 USB Device.
 
Error - 4/18/2011 9:16:44 AM | Computer Name = YOUR-4105E587B6 | Source = Removable Storage Service | ID = 262255
Description = RSM could not load media in drive Drive 0 of library USB Flash Disk
 USB Device.
 
Error - 4/18/2011 9:22:03 AM | Computer Name = YOUR-4105E587B6 | Source = Removable Storage Service | ID = 262255
Description = RSM could not load media in drive Drive 0 of library USB Flash Disk
 USB Device.
 
Error - 4/18/2011 9:22:07 AM | Computer Name = YOUR-4105E587B6 | Source = Removable Storage Service | ID = 262255
Description = RSM could not load media in drive Drive 0 of library USB Flash Disk
 USB Device.
 
Error - 4/18/2011 9:36:40 AM | Computer Name = YOUR-4105E587B6 | Source = Removable Storage Service | ID = 262255
Description = RSM could not load media in drive Drive 0 of library USB Flash Disk
 USB Device.
 
Error - 4/18/2011 9:36:41 AM | Computer Name = YOUR-4105E587B6 | Source = Removable Storage Service | ID = 262255
Description = RSM could not load media in drive Drive 0 of library USB Flash Disk
 USB Device.
 
Error - 4/18/2011 10:33:42 AM | Computer Name = YOUR-4105E587B6 | Source = Removable Storage Service | ID = 262255
Description = RSM could not load media in drive Drive 0 of library USB Flash Disk
 USB Device.
 
Error - 4/18/2011 10:33:45 AM | Computer Name = YOUR-4105E587B6 | Source = Removable Storage Service | ID = 262255
Description = RSM could not load media in drive Drive 0 of library USB Flash Disk
 USB Device.
 
 
< End of report >
--- --- ---


OTL:OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 4/18/2011 9:00:41 PM - Run 1
OTL by OldTimer - Version 3.2.22.3     Folder = C:\Documents and Settings\user\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
503.00 Mb Total Physical Memory | 200.00 Mb Available Physical Memory | 40.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 62.00% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 47.63 Gb Total Space | 14.72 Gb Free Space | 30.90% Space Free | Partition Type: NTFS
Drive E: | 8.25 Gb Total Space | 2.70 Gb Free Space | 32.78% Space Free | Partition Type: FAT32
Drive F: | 1.93 Gb Total Space | 1.81 Gb Free Space | 93.57% Space Free | Partition Type: FAT32
 
Computer Name: YOUR-4105E587B6 | User Name: user | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Documents and Settings\user\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH)
PRC - C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Ahnlab\Smart Update Utility\AhnSD.exe (AhnLab, Inc.)
PRC - C:\Program Files\Ahnlab\Smart Update Utility\AhnSDsv.exe (AhnLab, Inc.)
PRC - C:\Program Files\HPQ\HP ProtectTools Security Manager\pthosttr.exe (Hewlett-Packard Development Company, L.P.)
PRC - C:\Program Files\HPQ\Shared\HpqToaster.exe ()
PRC - C:\WINDOWS\system32\DLA\DLACTRLW.EXE (Sonic Solutions)
PRC - C:\Program Files\HPQ\IAM\Bin\asghost.exe (Cognizance Corporation)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Documents and Settings\user\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (AppMgmt) --  File not found
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (Ahnlab Task Scheduler) -- C:\Program Files\Ahnlab\Smart Update Utility\Ahnsdsv.exe (AhnLab, Inc.)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH)
DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (avgio) -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (JRSUKD24) -- C:\WINDOWS\system32\JRSUKD24.sys (SoftForum Corporation)
DRV - (JRSKD24) -- C:\WINDOWS\system32\JRSKD24.sys (SoftForum Corporation)
DRV - (AVG Anti-Rootkit) -- C:\WINDOWS\System32\DRIVERS\avgarkt.sys (GRISOFT, s.r.o.)
DRV - (AvgArCln) -- C:\WINDOWS\system32\drivers\AvgArCln.sys (GRISOFT, s.r.o.)
DRV - (ATSWPDRV) AuthenTec TruePrint USB Driver (AES2500) -- C:\WINDOWS\system32\drivers\atswpdrv.sys (AuthenTec, Inc.)
DRV - (b57w2k) Broadcom NetLink (TM) -- C:\WINDOWS\system32\drivers\b57xp32.sys (Broadcom Corporation)
DRV - (bcm4sbxp) -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys (Broadcom Corporation)
DRV - (AgereSoftModem) -- C:\WINDOWS\system32\drivers\AGRSM.sys (Agere Systems)
DRV - (w39n51) Intel(R) -- C:\WINDOWS\system32\drivers\w39n51.sys (Intel® Corporation)
DRV - (BCM43XX) -- C:\WINDOWS\system32\drivers\BCMWL5.SYS (Broadcom Corporation)
DRV - (BTWUSB) -- C:\WINDOWS\system32\drivers\btwusb.sys (Broadcom Corporation.)
DRV - (eabusb) -- C:\WINDOWS\system32\drivers\EabUsb.sys (Hewlett-Packard Development Company, L.P.)
DRV - (HBtnKey) -- C:\WINDOWS\system32\drivers\CPQBttn.sys (Hewlett-Packard Development Company, L.P.)
DRV - (eabfiltr) -- C:\WINDOWS\system32\drivers\eabfiltr.sys (Hewlett-Packard Development Company, L.P.)
DRV - (DLAUDFAM) -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS (Sonic Solutions)
DRV - (DLAUDF_M) -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS (Sonic Solutions)
DRV - (DLAIFS_M) -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS (Sonic Solutions)
DRV - (DLABOIOM) -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS (Sonic Solutions)
DRV - (DLAOPIOM) -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS (Sonic Solutions)
DRV - (DLAPoolM) -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS (Sonic Solutions)
DRV - (DLADResN) -- C:\WINDOWS\system32\DLA\DLADResN.SYS (Sonic Solutions)
DRV - (DLACDBHM) -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS (Sonic Solutions)
DRV - (DLARTL_N) -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS (Sonic Solutions)
DRV - (SMCIRDA) -- C:\WINDOWS\system32\drivers\smcirda.sys (SMC)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = Google Toolbar
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Sign In
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
[2010/05/20 15:32:59 | 000,000,000 | -H-D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
 
O1 HOSTS File: ([2008/10/17 20:26:18 | 000,000,027 | -H-- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\DLA\DLASHX_W.DLL (Sonic Solutions)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)
O2 - BHO: (HP Credential Manager for ProtectTools) - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - C:\Program Files\HPQ\IAM\Bin\ItIeAddIN.dll (Infineon Technologies AG)
O3 - HKLM\..\Toolbar: (Athens Toolbar) - {2E560504-B9C8-48AA-982A-08B79C3FD40E} - C:\Program Files\Eduserv Technologies Limited\Athens Toolbar\AthensToolbar.dll (Eduserv Technologies Limited)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {A6F74643-242A-A7A4-8DD5-AB40B9E25345} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Athens Toolbar) - {2E560504-B9C8-48AA-982A-08B79C3FD40E} - C:\Program Files\Eduserv Technologies Limited\Athens Toolbar\AthensToolbar.dll (Eduserv Technologies Limited)
O4 - HKLM..\Run: [AHNSD] C:\Program Files\Ahnlab\Smart Update Utility\AhnSD.exe (AhnLab, Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [CognizanceTS] C:\Program Files\HPQ\IAM\Bin\AsTsVcc.dll (Cognizance Corporation)
O4 - HKLM..\Run: [DLA] C:\WINDOWS\system32\DLA\DLACTRLW.EXE (Sonic Solutions)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [KernelFaultCheck]  File not found
O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe ()
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PTHOSTTR] C:\Program Files\HPQ\HP ProtectTools Security Manager\PTHOSTTR.EXE (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\Recguard.exe ()
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [WatchDog] C:\Program Files\InterVideo\DVD Check\DVDCheck.exe (InterVideo Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\DVD Check.lnk = C:\Program Files\InterVideo\DVD Check\DVDCheck.exe (InterVideo Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 227
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLegacyLogonScripts = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLogoffScripts = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunLogonScriptSync = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunStartupScriptSync = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideStartupScripts = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLegacyLogonScripts = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLogoffScripts = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideStartupScripts = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunLogonScriptSync = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunStartupScriptSync = 0
O16 - DPF: {00000055-9980-0010-8000-00AA00389B71} hxxp://codecs.microsoft.com/codecs/i386/fhg.CAB (Reg Error: Key error.)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} hxxp://download.bitdefender.com/resources/scanner/sources/de/scan8/oscan8.cab (BDSCANONLINE Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\x-excid {9D6CC632-1337-4a33-9214-2DA092E776F4} - c:\WINDOWS\Downloaded Program Files\mimectl.dll ()
O18 - Protocol\Handler\x-owacid {0215258f-f0a8-49de-bf1b-0ff02eda8807} - C:\Program Files\Microsoft\Outlook Web Access SMIME Client\mimectl.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\OneCard: DllName - C:\Program Files\HPQ\IAM\Bin\AsWlnPkg.dll - C:\Program Files\HPQ\IAM\Bin\AsWlnPkg.dll (Cognizance Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2001/07/27 23:07:00 | 000,000,000 | -HS- | M] () - E:\AUTOEXEC.BAT -- [ FAT32 ]
O33 - MountPoints2\{b88ed172-76c6-11db-bfeb-001560c9f0a5}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{b88ed172-76c6-11db-bfeb-001560c9f0a5}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycled\ctfmon.exe
O33 - MountPoints2\{b88ed172-76c6-11db-bfeb-001560c9f0a5}\Shell\Open(0)\command - "" = Recycled\ctfmon.exe
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011/04/18 20:59:36 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\user\Desktop\OTL.exe
[2011/04/18 11:31:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\BDOSCAN8
[2011/04/18 11:31:46 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2011/04/17 16:32:48 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\user\Recent
[2011/04/17 13:10:16 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\user\Desktop\New Folder (2)
[2011/04/17 12:30:06 | 007,734,208 | -H-- | C] (Malwarebytes Corporation                                    ) -- C:\helmut.exe
[2011/04/17 11:08:07 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\user\Start Menu\Programs\Windows Recovery
[2011/04/17 10:46:47 | 000,809,296 | ---- | C] (Safer Networking Ltd.) -- C:\Program Files\oto.exe
[2011/04/14 17:56:43 | 000,021,504 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hidserv.dll
[2011/04/14 17:56:07 | 000,032,128 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbccgp.sys
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011/04/18 20:59:35 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\user\Desktop\OTL.exe
[2011/04/18 20:47:00 | 000,000,882 | -H-- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/04/18 08:47:03 | 000,000,878 | -H-- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/04/18 08:34:41 | 000,001,158 | -H-- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/04/18 08:32:50 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/04/18 08:32:42 | 527,880,192 | -HS- | M] () -- C:\hiberfil.sys
[2011/04/17 12:30:06 | 007,734,208 | -H-- | M] (Malwarebytes Corporation                                    ) -- C:\helmut.exe
[2011/04/17 11:09:08 | 000,000,160 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\~18538292r
[2011/04/17 11:09:08 | 000,000,120 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\~18538292
[2011/04/17 11:07:33 | 000,000,336 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\18538292
[2011/04/15 18:58:46 | 000,627,340 | ---- | M] () -- C:\Documents and Settings\user\Desktop\NZZ FAZ 0311.pdf
[2011/04/14 22:14:36 | 000,002,481 | ---- | M] () -- C:\Documents and Settings\user\Desktop\Microsoft Excel.lnk
[2011/04/14 22:04:15 | 000,220,040 | -H-- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/04/14 21:51:28 | 000,442,140 | -H-- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/04/14 21:51:28 | 000,071,910 | -H-- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/04/05 09:51:01 | 000,468,002 | ---- | M] () -- C:\Documents and Settings\user\Desktop\ZBBZ74.pdf
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011/04/17 14:05:20 | 527,880,192 | -HS- | C] () -- C:\hiberfil.sys
[2011/04/17 11:09:08 | 000,000,160 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~18538292r
[2011/04/17 11:09:08 | 000,000,120 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~18538292
[2011/04/17 11:07:33 | 000,000,336 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\18538292
[2011/04/15 18:58:43 | 000,627,340 | ---- | C] () -- C:\Documents and Settings\user\Desktop\NZZ FAZ 0311.pdf
[2011/04/05 09:50:54 | 000,468,002 | ---- | C] () -- C:\Documents and Settings\user\Desktop\ZBBZ74.pdf
[2011/03/03 11:00:05 | 000,124,448 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/02/23 04:24:17 | 000,000,111 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2009/09/10 15:24:02 | 000,116,224 | -H-- | C] () -- C:\WINDOWS\System32\pdfcmnnt.dll
[2009/08/06 14:35:39 | 000,077,824 | -H-- | C] () -- C:\WINDOWS\System32\csdlocalmon.dll
[2009/01/05 14:44:10 | 000,053,248 | ---- | C] () -- C:\WINDOWS\bdoscandel.exe
[2009/01/05 14:44:10 | 000,000,483 | ---- | C] () -- C:\WINDOWS\bdoscandellang.ini
[2008/10/22 16:31:27 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2008/10/17 20:20:01 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2008/10/17 20:20:01 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2008/10/17 20:20:01 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2008/10/17 20:20:01 | 000,049,152 | ---- | C] () -- C:\WINDOWS\VFIND.exe
[2008/09/19 23:57:34 | 003,596,288 | -H-- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008/09/19 23:54:18 | 000,012,288 | -H-- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
[2008/08/18 17:34:16 | 000,000,796 | ---- | C] () -- C:\WINDOWS\gnuchess.ini
[2008/05/18 03:43:43 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\user\Application Data\$_hpcst$.hpc
[2008/02/18 16:59:42 | 000,691,545 | ---- | C] () -- C:\WINDOWS\unins000.exe
[2008/02/18 16:59:42 | 000,003,451 | ---- | C] () -- C:\WINDOWS\unins000.dat
[2007/09/02 17:21:46 | 000,000,020 | ---- | C] () -- C:\WINDOWS\powerplayer.ini
[2007/09/02 17:21:42 | 000,000,342 | ---- | C] () -- C:\WINDOWS\psnetwork.ini
[2007/07/04 12:44:37 | 000,001,025 | -H-- | C] () -- C:\WINDOWS\System32\sysprs7.dll
[2007/07/04 12:44:37 | 000,000,342 | -H-- | C] () -- C:\WINDOWS\System32\lsprst7.dll
[2007/06/30 04:01:12 | 000,001,024 | -H-- | C] () -- C:\WINDOWS\System32\clauth2.dll
[2007/06/30 04:01:12 | 000,001,024 | -H-- | C] () -- C:\WINDOWS\System32\clauth1.dll
[2007/06/30 04:01:12 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\ssprs.dll
[2007/05/15 10:07:10 | 000,069,632 | -H-- | C] () -- C:\WINDOWS\System32\CSD_IRIVER_GEN.DLL
[2006/12/14 15:03:53 | 000,108,330 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\firstlsp.reg.dat
[2006/12/02 08:36:26 | 000,136,192 | -H-- | C] () -- C:\Documents and Settings\user\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/11/17 04:34:40 | 000,091,848 | ---- | C] () -- C:\WINDOWS\HPBroker.dll
[2006/11/03 13:05:56 | 000,442,368 | RH-- | C] () -- C:\WINDOWS\System32\ZSHP1020.EXE
[2006/11/03 13:05:56 | 000,106,496 | RH-- | C] () -- C:\WINDOWS\System32\VSHP1020.DLL
[2006/10/27 12:18:16 | 000,000,112 | ---- | C] () -- C:\WINDOWS\ActiveSkin.INI
[2006/10/25 11:52:44 | 000,000,305 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\addr_file.html
[2006/10/23 14:18:42 | 000,000,067 | ---- | C] () -- C:\WINDOWS\FCSPRA.INI
[2006/10/02 12:43:51 | 000,204,800 | -H-- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2006/10/02 12:43:51 | 000,200,704 | -H-- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2006/10/02 12:43:51 | 000,192,512 | -H-- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2006/10/02 12:43:51 | 000,192,512 | -H-- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2006/10/02 12:43:51 | 000,188,416 | -H-- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2006/10/02 12:43:50 | 000,020,480 | -H-- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2006/10/02 12:42:37 | 000,000,127 | -H-- | C] () -- C:\Documents and Settings\user\Local Settings\Application Data\fusioncache.dat
[2006/10/02 07:38:06 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/04/29 12:04:47 | 000,000,172 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2005/11/03 03:13:46 | 000,028,672 | -H-- | C] () -- C:\WINDOWS\System32\UnSCSK.exe
[2005/08/26 07:28:34 | 000,143,360 | ---- | C] () -- C:\WINDOWS\unzip.exe
[2005/08/26 07:27:58 | 000,045,056 | ---- | C] () -- C:\WINDOWS\devenum.exe
[2004/08/07 15:16:54 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2004/08/07 15:16:44 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/08/07 15:10:30 | 000,442,140 | -H-- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/07 15:10:30 | 000,071,910 | -H-- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/07 15:10:08 | 000,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/07 15:02:54 | 000,220,040 | -H-- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/08/07 14:57:54 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/08/07 14:54:58 | 000,021,640 | -H-- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/08/04 10:00:00 | 000,673,088 | -H-- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/04 10:00:00 | 000,272,128 | -H-- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/04 10:00:00 | 000,218,003 | -H-- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/04 10:00:00 | 000,046,258 | -H-- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/04 10:00:00 | 000,028,626 | -H-- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/04 10:00:00 | 000,004,569 | -H-- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/04 10:00:00 | 000,001,804 | -H-- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/04 10:00:00 | 000,000,741 | -H-- | C] () -- C:\WINDOWS\System32\noise.dat
[2002/05/28 10:55:42 | 013,107,200 | -H-- | C] () -- C:\WINDOWS\System32\oembios.bin
[2002/05/28 10:54:40 | 000,004,605 | -H-- | C] () -- C:\WINDOWS\System32\oembios.dat
[1998/05/07 04:10:00 | 000,069,632 | -H-- | C] () -- C:\WINDOWS\System32\ODMA32.dll
 
< End of report >
--- --- ---


und hier das log von Malwarebytes

Malwarebytes' Anti-Malware 1.50.1.1100
Malwarebytes

Datenbank Version: 6388

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

4/18/2011 9:14:22 PM
mbam-log-2011-04-18 (21-14-22).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 159990
Laufzeit: 4 Minute(n), 44 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)

Alt 18.04.2011, 20:55   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Windows security alert - dateien vesteckt und online banking laeuft nicht mehr.... - Standard

Windows security alert - dateien vesteckt und online banking laeuft nicht mehr....


Zitat:
Art des Suchlaufs: Quick-Scan
Hallo und

Bitte routinemäßig einen Vollscan mit Malwarebytes machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!
__________________

__________________
Antwort

Themen zu Windows security alert - dateien vesteckt und online banking laeuft nicht mehr....
alert, avgntflt.sys, banking, c:\windows\system32\rundll32.exe, dateien, e-banking, fontcache, gefunde, gestern, hallo zusammen, hijack, hoffe, location, nodrives, oldtimer, online, online banking, otl.exe, plug-in, poste, programm, safer networking, saver, security, security alert, shell32.dll, start menu, stick, studio, usb, usb stick, versteckt, virus, windows, windows internet, windows security, windows security alert, zusammen


« BP-Trojaner | OTL Logfileauswertung - Ich habe das ungute Gefühl, dass mein System infiziert ist »


Ähnliche Themen: Windows security alert - dateien vesteckt und online banking laeuft nicht mehr....


  1. Infektion mit Live Security Platinum: Dateien lassen sich nicht mehr ausführen inkl. F8
    Plagegeister aller Art und deren Bekämpfung - 15.07.2012 (33)
  2. Live Security Platinum - evtl. Gefahr für Online-Banking? Bin ahnungslos...
    Log-Analyse und Auswertung - 09.07.2012 (1)
  3. Windows Security Alert Scareware auf dem PC, load.exe kann nicht ausgeführt werden
    Plagegeister aller Art und deren Bekämpfung - 07.06.2011 (50)
  4. AntiVirus Software Alert / Windows Security Alert
    Plagegeister aller Art und deren Bekämpfung - 15.01.2011 (19)
  5. Windows Security Alert / AV Security Suite / Antivirus Software Alert
    Plagegeister aller Art und deren Bekämpfung - 08.01.2011 (1)
  6. Online-Banking u. mehr gesperrt - wo ist der Übeltäter?
    Plagegeister aller Art und deren Bekämpfung - 15.12.2010 (15)
  7. Mehr Betrugsfälle bei Online-Banking in Sachsen
    Nachrichten - 09.12.2010 (0)
  8. Meldung Windows Security Alert / AV Security Suite / Antivirus Software Alert
    Plagegeister aller Art und deren Bekämpfung - 17.09.2010 (26)
  9. Windows Security Alert / AV Security Suite / Antivirus Software Alert / gefakter AV lähmt PC
    Plagegeister aller Art und deren Bekämpfung - 09.09.2010 (3)
  10. selbe problem mit Windows Security Alert - Antivirus Software Alert
    Plagegeister aller Art und deren Bekämpfung - 15.08.2010 (3)
  11. Windows Security Alert / AV Security Suite / Antivirus Software Alert
    Plagegeister aller Art und deren Bekämpfung - 26.07.2010 (21)
  12. Windows Security Alert / AV Security Suite / Antivirus Software Alert// Ohne Internet
    Plagegeister aller Art und deren Bekämpfung - 21.07.2010 (1)
  13. mein Pc funktioniert nicht mehr -> Windows Alert?
    Antiviren-, Firewall- und andere Schutzprogramme - 28.06.2010 (5)
  14. IE geht nicht mehr auf oder kackt ab..online banking bei mozilla->absturz
    Alles rund um Windows - 13.04.2010 (6)
  15. Windows Security Alert Virus - Neuaufsetzen des Systems nicht möglich!
    Plagegeister aller Art und deren Bekämpfung - 25.01.2010 (7)
  16. system alert, windows security alert und fremde antiviren programme
    Plagegeister aller Art und deren Bekämpfung - 01.01.2010 (51)
  17. Windows Security Alert geht nicht weg.
    Plagegeister aller Art und deren Bekämpfung - 01.01.2008 (7)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Windows security alert - dateien vesteckt und online banking laeuft nicht mehr.... - Hallo Zusammen, ich hatte gestern einen "Windows security alert" Virus und habe ihn wohl mit Malbyteware auf externem USB stick gefunden und geloescht...dachte ich. Nun sind saemtliche Dateien immer noch - Windows security alert - dateien vesteckt und online banking laeuft nicht mehr.......
Archiv
Du betrachtest: Windows security alert - dateien vesteckt und online banking laeuft nicht mehr.... auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55