Leerer Desktop nach Entfernung von Windows Recovery durch Malewarebytes

michaelgerol · 28.04.2011, 16:08

Hallo,

nachdem ich den Trojaner nach der Verwendung des Programmes Malwarebytes entfernt habe bleibt mein Desktop leider noch leer.

Ich habe gemäß der Anleitung im Forum die Funtion versteckte Dateien anzeigen ausgewählt und konnte sehen, daß Programme und Dateien noch vorhanden sind. Nur die Symbole auf dem Desktop bzw. Taskleiste fehlen mir nun.

Hier der log aus Malwarebytes:

Malwarebytes' Anti-Malware 1.50
www.malwarebytes.org

Datenbank Version: 6463

Windows 5.1.2600 Service Pack 3, v.3244
Internet Explorer 7.0.5730.13

28.04.2011 14:44:27
mbam-log-2011-04-28 (14-44-27).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 141876
Laufzeit: 2 Minute(n), 52 Sekunde(n)

Infizierte Speicherprozesse: 1
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 1
Infizierte Dateiobjekte der Registrierung: 5
Infizierte Verzeichnisse: 1
Infizierte Dateien: 5

Infizierte Speicherprozesse:
c:\dokumente und einstellungen\all users\anwendungsdaten\kmqvqcusbfwijhv.exe (Trojan.FakeAlert) -> 2172 -> Unloaded process successfully.

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\kmQvQcUSBfWiJhv (Trojan.FakeAlert) -> Value: kmQvQcUSBfWiJhv -> Quarantined and deleted successfully.

Infizierte Dateiobjekte der Registrierung:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop\NoChangingWallPaper (PUM.Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (PUM.Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (PUM.Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Infizierte Verzeichnisse:
c:\dokumente und einstellungen\administrator\startmenü\programme\windows recovery (Trojan.FakeAV) -> Quarantined and deleted successfully.

Infizierte Dateien:
c:\dokumente und einstellungen\all users\anwendungsdaten\kmqvqcusbfwijhv.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\cmdow.exe (PUP.Tool) -> Not selected for removal.
c:\dokumente und einstellungen\administrator\Desktop\windows recovery.lnk (Trojan.FakeAV) -> Quarantined and deleted successfully.
c:\dokumente und einstellungen\administrator\startmenü\programme\windows recovery\uninstall windows recovery.lnk (Trojan.FakeAV) -> Quarantined and deleted successfully.
c:\dokumente und einstellungen\administrator\startmenü\programme\windows recovery\windows recovery.lnk (Trojan.FakeAV) -> Quarantined and deleted successfully.

cosinus · 29.04.2011, 13:53

Hallo und

Bitte routinemäßig einen Vollscan mit Malwarebytes machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!

Danach OTL:

Systemscan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop

Doppelklick auf die OTL.exe
Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
Unter Extra Registry, wähle bitte Use SafeList
Klicke nun auf Run Scan links oben
Wenn der Scan beendet wurde werden 2 Logfiles erstellt
Poste die Logfiles hier in den Thread.

michaelgerol · 29.04.2011, 15:47

Hallo,

hier die Dateien:

Egebniss des Vollscans aus Malwarebytes:

Malwarebytes' Anti-Malware 1.50
www.malwarebytes.org

Datenbank Version: 6463

Windows 5.1.2600 Service Pack 3, v.3244
Internet Explorer 7.0.5730.13

29.04.2011 16:34:39
mbam-log-2011-04-29 (16-34-39).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 226495
Laufzeit: 45 Minute(n), 44 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 1

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
c:\WINDOWS\system32\cmdow.exe (PUP.Tool) -> Not selected for removal.

Und nun die Ergebnisse von OTL:OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 29.04.2011 16:38:44 - Run 1
OTL by OldTimer - Version 3.2.22.3     Folder = C:\Dokumente und Einstellungen\Administrator\Eigene Dateien\Downloads
Windows XP Professional Edition Service Pack 3, v.3244 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 62,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 83,00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 160,00 Gb Total Space | 134,43 Gb Free Space | 84,02% Space Free | Partition Type: NTFS
Drive D: | 138,09 Gb Total Space | 88,26 Gb Free Space | 63,92% Space Free | Partition Type: NTFS
Drive H: | 482,74 Mb Total Space | 12,74 Mb Free Space | 2,64% Space Free | Partition Type: FAT
 
Computer Name: 965P | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Dokumente und Einstellungen\Administrator\Eigene Dateien\Downloads\OTL(2).exe (OldTimer Tools)
PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Programme\Mozilla Thunderbird\thunderbird.exe (Mozilla Messaging)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
PRC - C:\Programme\Verbindungsassistent\WTGService.exe ()
PRC - C:\Programme\Gemeinsame Dateien\Lexware\Update Manager\LxUpdateManager.exe (Haufe-Lexware GmbH & Co. KG)
PRC - C:\Programme\Gemeinsame Dateien\Lexware\LxWebAccess\LxWebAccess.exe (Lexware GmbH & Co. KG)
PRC - C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
PRC - C:\Programme\HP\ToolboxFX\bin\HPTLBXFX.exe (HP)
PRC - C:\Programme\OpenOffice.org 3\program\soffice.bin (OpenOffice.org)
PRC - C:\Programme\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)
PRC - C:\Programme\OpenOffice.org 3\program\scalc.exe ()
PRC - C:\Programme\FreePDF_XP\fpassist.exe (shbox.de)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMIndexStoreSvr.exe (Nero AG)
PRC - C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMIndexingService.exe (Nero AG)
PRC - C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMBgMonitor.exe (Nero AG)
PRC - C:\Programme\HP\ScheduledLaunch\HP Color LaserJet CM2320 MFP Series\bin\hppschlnch.exe (Hewlett-Packard)
PRC - C:\Programme\Acronis\TrueImageHome\TimounterMonitor.exe (Acronis)
PRC - C:\Programme\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
PRC - C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedhlp.exe (Acronis)
PRC - C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedul2.exe (Acronis)
PRC - C:\Programme\Faktura32\Firebird\bin\fbserver.exe (The Firebird Project)
PRC - C:\Programme\Faktura32\Firebird\bin\fbguard.exe (The Firebird Project)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Dokumente und Einstellungen\Administrator\Eigene Dateien\Downloads\OTL(2).exe (OldTimer Tools)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.3244_x-ww_d74fff41\comctl32.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (HidServ) --  File not found
SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (WTGService) -- C:\Programme\Verbindungsassistent\WTGService.exe ()
SRV - (easyjob4TaskScheduler) -- C:\Programme\protonic software\easyjob 4.0\protonic.easyjob.TaskScheduler.Service.exe ()
SRV - (easyjob4MobileService) -- C:\Programme\protonic software\easyjob 4.0\protonic.easyjob.mobile.server.service.exe (uIT)
SRV - (easyjob4ScannerService) -- C:\Programme\protonic software\easyjob 4.0\easyjobscannerservice.exe ()
SRV - (NMIndexingService) -- C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMIndexingService.exe (Nero AG)
SRV - (AcrSch2Svc) -- C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedul2.exe (Acronis)
SRV - (FirebirdServerDefaultInstance) -- C:\Programme\Faktura32\Firebird\bin\fbserver.exe (The Firebird Project)
SRV - (FirebirdGuardianDefaultInstance) -- C:\Programme\Faktura32\Firebird\bin\fbguard.exe (The Firebird Project)
SRV - (TUWinStylerThemeSvc) -- C:\Programme\TuneUpUtilities2006\WinStylerThemeSvc.exe (TuneUp Software GmbH)
SRV - (IDriverT) -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe (Macrovision Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH)
DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (timounter) -- C:\WINDOWS\system32\DRIVERS\timntr.sys (Acronis)
DRV - (tifsfilter) -- C:\WINDOWS\system32\drivers\tifsfilt.sys (Acronis)
DRV - (snapman) -- C:\WINDOWS\system32\DRIVERS\snapman.sys (Acronis)
DRV - (gdrv) -- C:\WINDOWS\gdrv.sys (Windows (R) Codename Longhorn DDK provider)
DRV - (hwdatacard) -- C:\WINDOWS\system32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
DRV - (MPE) -- C:\WINDOWS\system32\drivers\MPE.sys (Microsoft Corporation)
DRV - (HPFXFAX) -- C:\WINDOWS\system32\drivers\hpfxfax.sys (Hewlett Packard)
DRV - (HPFXBULK) -- C:\WINDOWS\system32\drivers\hpfxbulk.sys (Hewlett Packard)
DRV - (yukonwxp) -- C:\WINDOWS\system32\drivers\yk51x86.sys (Marvell)
DRV - (JRAID) -- C:\WINDOWS\system32\DRIVERS\jraid.sys (JMicron Technology Corp.)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys (Realtek Semiconductor Corp.)
DRV - (RT73) -- C:\WINDOWS\system32\drivers\rt73.sys (Ralink Technology, Corp.)
DRV - (3xHybrid) -- C:\WINDOWS\system32\drivers\3xHybrid.sys (Philips Semiconductors GmbH)
DRV - (JGOGO) -- C:\WINDOWS\system32\DRIVERS\JGOGO.sys (JMicron )
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Components: C:\Programme\Mozilla Firefox\components [2011.03.24 15:32:26 | 000,000,000 | -H-D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2011.04.28 16:46:23 | 000,000,000 | -H-D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.9\extensions\\Components: C:\Programme\Mozilla Thunderbird\components [2011.03.16 10:40:16 | 000,000,000 | -H-D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.9\extensions\\Plugins: C:\Programme\Mozilla Thunderbird\plugins
 
[2011.01.14 17:30:22 | 000,000,000 | -H-D | M] (No name found) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Extensions
[2010.12.14 18:18:36 | 000,000,000 | -H-D | M] (No name found) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2011.01.14 17:30:22 | 000,000,000 | -H-D | M] (No name found) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Extensions\ideskbrowser@haufe.de
[2011.04.29 12:34:51 | 000,000,000 | -H-D | M] (No name found) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\o38e3xqq.default\extensions
[2010.09.09 08:51:51 | 000,000,000 | -H-D | M] (IE Tab) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\o38e3xqq.default\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}
[2011.04.29 12:34:51 | 000,000,000 | -H-D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2010.11.11 22:51:08 | 000,000,000 | -H-D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011.01.08 14:26:51 | 000,000,000 | -H-D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011.04.28 16:46:23 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011.02.02 21:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll
[2010.12.08 13:48:02 | 000,001,392 | -H-- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.12.08 13:48:02 | 000,002,344 | -H-- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.12.08 13:48:02 | 000,006,805 | -H-- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.12.08 13:48:02 | 000,001,178 | -H-- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.12.08 13:48:02 | 000,001,105 | -H-- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.02.18 11:10:36 | 000,000,867 | RHS- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: 127.0.0.1 mpa.one.microsoft.com
O2 - BHO: (Yahoo! Companion BHO) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Programme\Yahoo!\Companion\Installs\cpn\ycomp5_6_0_1.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (&Yahoo! Companion) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\ycomp5_6_0_1.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (&Yahoo! Companion) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\ycomp5_6_0_1.dll (Yahoo! Inc.)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [36X Raid Configurer] C:\WINDOWS\System32\JMRaidSetup.exe (Gigabyte Technology Corp.)
O4 - HKLM..\Run: [Acronis Scheduler2 Service] C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedhlp.exe (Acronis)
O4 - HKLM..\Run: [AcronisTimounterMonitor] C:\Programme\Acronis\TrueImageHome\TimounterMonitor.exe (Acronis)
O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [FreePDF Assistant] C:\Programme\FreePDF_XP\fpassist.exe (shbox.de)
O4 - HKLM..\Run: [HPPQVideo]  File not found
O4 - HKLM..\Run: [HPUsageTracking] C:\Programme\HP\HP UT\bin\hppusg.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [JMB36X IDE Setup] C:\WINDOWS\JM\JMInsIDE.exe ()
O4 - HKLM..\Run: [LexwareInfoService] C:\Programme\Gemeinsame Dateien\Lexware\Update Manager\LxUpdateManager.exe (Haufe-Lexware GmbH & Co. KG)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [ToolBoxFX] C:\Programme\HP\ToolBoxFX\bin\HPTLBXFX.exe (HP)
O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Programme\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMBgMonitor.exe (Nero AG)
O4 - Startup: C:\Dokumente und Einstellungen\Administrator\Startmenü\Programme\Autostart\OpenOffice.org 3.0.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe ()
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Zahlungserinnerung.lnk = C:\Programme\Profi cash\wzed.exe ()
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 1
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\haufereader - No CLSID value found
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O30 - LSA: Authentication Packages - (relog_ap) - C:\WINDOWS\System32\relog_ap.dll (Acronis)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.02.18 10:39:24 | 000,000,000 | -H-- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{2e15c2e2-efff-11df-a7b6-0012bfc4a4d9}\Shell - "" = AutoRun
O33 - MountPoints2\{2e15c2e2-efff-11df-a7b6-0012bfc4a4d9}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{2e15c2e2-efff-11df-a7b6-0012bfc4a4d9}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{b7f2ac87-0524-11df-a7a6-0012bfc4a4d9}\Shell - "" = AutoRun
O33 - MountPoints2\{b7f2ac87-0524-11df-a7a6-0012bfc4a4d9}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{b7f2ac87-0524-11df-a7a6-0012bfc4a4d9}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\{b7f2ac8a-0524-11df-a7a6-0012bfc4a4d9}\Shell - "" = AutoRun
O33 - MountPoints2\{b7f2ac8a-0524-11df-a7a6-0012bfc4a4d9}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{b7f2ac8a-0524-11df-a7a6-0012bfc4a4d9}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\{ceb06650-3e01-11de-a776-0012bfc4a4d9}\Shell - "" = AutoRun
O33 - MountPoints2\{ceb06650-3e01-11de-a776-0012bfc4a4d9}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{ceb06650-3e01-11de-a776-0012bfc4a4d9}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -a
O33 - MountPoints2\{f82f6f81-710f-11de-a77f-0012bfc4a4d9}\Shell\AutoRun\command - "" = setupSNK.exe
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.04.28 16:46:23 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\Adobe
[2011.04.28 14:52:39 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2011.04.28 14:52:39 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2011.04.28 14:52:39 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2011.04.28 14:42:30 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\Administrator\Recent
[2011.04.28 14:40:51 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Malwarebytes
[2011.04.28 14:40:48 | 000,038,224 | -H-- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011.04.28 14:40:48 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Malwarebytes' Anti-Malware
[2011.04.28 14:40:46 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
[2011.04.28 14:40:44 | 000,020,952 | -H-- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011.04.28 14:40:44 | 000,000,000 | -H-D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2011.04.28 13:57:00 | 000,000,000 | -H-D | C] -- C:\WINDOWS\System32\NtmsData
[2011.04.28 13:53:21 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Avira
[2011.04.28 13:33:40 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Avira
[2011.04.28 13:33:18 | 000,028,520 | -H-- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys
[2011.04.28 13:33:15 | 000,137,656 | -H-- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2011.04.28 13:33:15 | 000,061,960 | -H-- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2011.04.28 13:33:15 | 000,045,416 | -H-- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntdd.sys
[2011.04.28 13:33:15 | 000,022,360 | -H-- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntmgr.sys
[2011.04.28 13:32:59 | 000,000,000 | -H-D | C] -- C:\Programme\Avira
[2011.04.28 13:32:59 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Avira
[2011.04.21 10:03:40 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\Administrator\Desktop\Bilder Kamine
[2011.04.05 11:49:00 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\Administrator\Desktop\Bilder Voba
[2011.03.30 20:01:15 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\elsterformular
[2009.12.21 20:54:33 | 000,127,059 | -H-- | C] ( ) -- C:\WINDOWS\System32\DSLLK189.dll
[2004.09.08 10:47:52 | 000,053,248 | -H-- | C] ( ) -- C:\WINDOWS\System32\RCCOLLAB.DLL
[31 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011.04.29 16:35:00 | 000,001,104 | -H-- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011.04.29 16:35:00 | 000,001,100 | -H-- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011.04.29 12:31:56 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011.04.28 14:40:48 | 000,000,756 | -H-- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.04.28 14:35:57 | 000,000,184 | -H-- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\~18538292
[2011.04.28 14:35:57 | 000,000,144 | -H-- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\~18538292r
[2011.04.28 14:33:33 | 000,000,336 | -H-- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\18538292
[2011.04.28 13:59:01 | 000,001,709 | -H-- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Adobe Reader 9.lnk
[2011.04.28 13:33:40 | 000,001,671 | -H-- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Avira AntiVir Control Center.lnk
[2011.04.28 13:29:20 | 000,002,206 | -H-- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011.04.26 12:01:05 | 000,212,942 | -H-- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Rechnung.odt
[2011.04.25 09:13:03 | 000,212,641 | -H-- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2011.04.22 17:15:41 | 000,000,408 | -H-- | M] () -- C:\WINDOWS\tasks\1-Klick-Wartung.job
[2011.04.20 09:02:29 | 000,004,033 | -H-- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\74162693.KEY
[2011.04.14 15:41:58 | 000,259,354 | -H-- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Der Detze rockt.pdf
[2011.04.05 11:18:40 | 000,516,617 | -H-- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\20010721SVLISSINGEN.SAV
[2011.04.05 10:57:13 | 000,199,317 | -H-- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Profi cash  1000 0404.sav
[2011.04.01 17:07:25 | 000,137,656 | -H-- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2011.04.01 17:07:25 | 000,061,960 | -H-- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2011.03.30 20:01:01 | 000,000,711 | -H-- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ElsterFormular.lnk
[2011.03.30 17:27:46 | 000,002,581 | -H-- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Steuer 2010.lnk
[2011.03.30 16:53:13 | 000,002,581 | -H-- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Steuer 2009.lnk
[31 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011.04.28 14:40:48 | 000,000,756 | -H-- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.04.28 14:35:57 | 000,000,144 | -H-- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\~18538292r
[2011.04.28 14:35:56 | 000,000,184 | -H-- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\~18538292
[2011.04.28 14:33:33 | 000,000,336 | -H-- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\18538292
[2011.04.28 13:57:45 | 000,002,347 | -H-- | C] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Adobe Reader 9.lnk
[2011.04.28 13:57:45 | 000,001,709 | -H-- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Adobe Reader 9.lnk
[2011.04.28 13:33:40 | 000,001,671 | -H-- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Avira AntiVir Control Center.lnk
[2011.04.14 15:44:39 | 000,259,354 | -H-- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Der Detze rockt.pdf
[2011.04.05 11:18:40 | 000,516,617 | -H-- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\20010721SVLISSINGEN.SAV
[2011.04.05 10:57:13 | 000,199,317 | -H-- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Profi cash  1000 0404.sav
[2011.03.30 20:01:01 | 000,000,711 | -H-- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ElsterFormular.lnk
[2010.12.31 16:34:44 | 000,199,668 | -H-- | C] () -- C:\WINDOWS\hppins12.dat.temp
[2010.12.31 15:29:11 | 000,000,608 | -HS- | C] () -- C:\WINDOWS\System32\winzvprt5.sys
[2010.12.31 15:27:14 | 000,000,665 | RH-- | C] () -- C:\WINDOWS\System32\hppapr12.dat
[2010.12.31 13:10:57 | 000,194,608 | -H-- | C] () -- C:\WINDOWS\hppins12.dat
[2010.12.31 13:10:57 | 000,007,855 | -H-- | C] () -- C:\WINDOWS\hppmdl12.dat
[2010.10.19 20:52:33 | 000,000,025 | -H-- | C] () -- C:\WINDOWS\steuer2008.INI
[2010.09.06 14:46:39 | 000,071,384 | -H-- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\FontCache3.0.0.0.dat
[2010.02.03 21:14:21 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\OpPrintServer.INI
[2009.12.02 00:04:15 | 000,009,741 | -H-- | C] () -- C:\WINDOWS\unins000.dat
[2009.06.02 09:49:26 | 000,037,888 | -H-- | C] () -- C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.05.16 00:09:08 | 000,000,069 | -H-- | C] () -- C:\WINDOWS\NeroDigital.ini
[2009.03.24 12:47:56 | 000,003,072 | RH-- | C] () -- C:\WINDOWS\System32\34CoInstaller.dll
[2009.03.24 12:47:53 | 000,363,520 | -H-- | C] () -- C:\WINDOWS\System32\PsisDecd.dll
[2009.03.24 12:30:29 | 000,315,392 | -H-- | C] () -- C:\WINDOWS\System32\AegisI5.exe
[2009.03.24 12:30:29 | 000,295,018 | -H-- | C] () -- C:\WINDOWS\System32\Install7x.dll
[2009.03.24 12:30:29 | 000,002,048 | -H-- | C] () -- C:\WINDOWS\System32\drivers\rt73.bin
[2009.03.20 18:22:32 | 000,000,010 | -H-- | C] () -- C:\WINDOWS\WININIT.INI
[2009.02.18 15:44:00 | 001,724,416 | -H-- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2009.02.18 15:44:00 | 001,657,376 | -H-- | C] () -- C:\WINDOWS\System32\nwiz.exe
[2009.02.18 15:44:00 | 001,507,328 | -H-- | C] () -- C:\WINDOWS\System32\nview.dll
[2009.02.18 15:44:00 | 001,346,080 | -H-- | C] () -- C:\WINDOWS\System32\nvdspsch.exe
[2009.02.18 15:44:00 | 001,101,824 | -H-- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2009.02.18 15:44:00 | 000,466,944 | -H-- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2009.02.18 15:44:00 | 000,449,056 | -H-- | C] () -- C:\WINDOWS\System32\nvappbar.exe
[2009.02.18 15:44:00 | 000,436,768 | -H-- | C] () -- C:\WINDOWS\System32\keystone.exe
[2009.02.18 11:15:06 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\nsreg.dat
[2009.02.18 11:14:36 | 000,116,224 | -H-- | C] () -- C:\WINDOWS\System32\redmonnt.dll
[2009.02.18 11:14:36 | 000,045,056 | -H-- | C] () -- C:\WINDOWS\System32\unredmon.exe
[2009.02.18 10:58:52 | 000,049,152 | RH-- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2009.02.18 10:42:39 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2009.02.18 10:37:14 | 000,021,740 | -H-- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2009.02.18 10:33:23 | 000,004,161 | -H-- | C] () -- C:\WINDOWS\ODBCINST.INI
[2009.02.18 10:32:28 | 000,177,056 | -H-- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2006.05.16 08:05:30 | 000,079,397 | -H-- | C] () -- C:\WINDOWS\unins000.exe
[2006.02.23 13:11:50 | 000,013,778 | -H-- | C] () -- C:\WINDOWS\System32\SELF32.INI
[2004.11.11 13:00:00 | 013,107,200 | -H-- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004.11.11 13:00:00 | 000,673,088 | -H-- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004.11.11 13:00:00 | 000,495,956 | -H-- | C] () -- C:\WINDOWS\System32\perfh007.dat
[2004.11.11 13:00:00 | 000,479,700 | -H-- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004.11.11 13:00:00 | 000,272,128 | -H-- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004.11.11 13:00:00 | 000,269,480 | -H-- | C] () -- C:\WINDOWS\System32\perfi007.dat
[2004.11.11 13:00:00 | 000,218,003 | -H-- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004.11.11 13:00:00 | 000,097,990 | -H-- | C] () -- C:\WINDOWS\System32\perfc007.dat
[2004.11.11 13:00:00 | 000,085,218 | -H-- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004.11.11 13:00:00 | 000,046,258 | -H-- | C] () -- C:\WINDOWS\System32\mib.bin
[2004.11.11 13:00:00 | 000,034,478 | -H-- | C] () -- C:\WINDOWS\System32\perfd007.dat
[2004.11.11 13:00:00 | 000,028,626 | -H-- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004.11.11 13:00:00 | 000,027,440 | -H-- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
[2004.11.11 13:00:00 | 000,004,569 | -H-- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004.11.11 13:00:00 | 000,004,463 | -H-- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004.11.11 13:00:00 | 000,001,788 | -H-- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004.11.11 13:00:00 | 000,000,741 | -H-- | C] () -- C:\WINDOWS\System32\noise.dat
[2003.08.18 20:45:18 | 000,031,232 | -H-- | C] () -- C:\WINDOWS\System32\cmdow.exe

< End of report >

--- --- ---
OTL Logfile:

Code:

ATTFilter

OTL Extras logfile created on: 29.04.2011 16:38:44 - Run 1
OTL by OldTimer - Version 3.2.22.3     Folder = C:\Dokumente und Einstellungen\Administrator\Eigene Dateien\Downloads
Windows XP Professional Edition Service Pack 3, v.3244 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 62,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 83,00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 160,00 Gb Total Space | 134,43 Gb Free Space | 84,02% Space Free | Partition Type: NTFS
Drive D: | 138,09 Gb Total Space | 88,26 Gb Free Space | 63,92% Space Free | Partition Type: NTFS
Drive H: | 482,74 Mb Total Space | 12,74 Mb Free Space | 2,64% Space Free | Partition Type: FAT
 
Computer Name: 965P | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /k "cd %L" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{04830D0F-F980-4EC0-89F1-594F2FD2A1B5}" = ElsterFormular 2008/2009
"{04B45310-A5FE-4425-BFCA-1A6D8920DE74}" = OpenOffice.org 3.0
"{0F32914F-A633-4516-B531-7084C8F19F93}" = Haufe iDesk-Browser
"{106AB011-06EE-4EFB-A5F0-C3EFD25D3A69}" = QuickVerein Plus 2010
"{11B83AD3-7A46-4C2E-A568-9505981D4C6F}" = HP Update
"{15095BF3-A3D7-4DDF-B193-3A496881E003}" = Microsoft .NET Framework 3.0
"{15B2BC56-D179-4450-84B9-7A8D7F4CE1B9}" = Lexware Info Service
"{16480125-0428-4097-9A2A-74464004D169}" = EOS Capture 1.3
"{18669FF9-C8FE-407a-9F70-E674896B1DB4}" = GPBaseService
"{20A2D522-7639-4951-8AC4-6C90A82B83B2}" = hpzTLBXFX
"{218BBBE3-FE63-4BB2-81A8-7435575A84FA}" = PhotoStitch
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 24
"{2750B389-A2D2-4953-99CA-27C1F2A8E6FD}" = Microsoft SQL Server 2005 Tools Express Edition
"{27F10580-E040-11DF-8C28-005056B12123}" = Haufe iDesk-Service
"{28291BD5-92D2-4685-82DC-CCA925C53CCA}" = RemoteCapture Task 1.1
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (EASYJOB4)
"{33CF7CDF-9805-4500-9CC7-D19D52AD63C4}" = Canon Camera WIA Driver
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{36FDBE6E-6684-462b-AE98-9A39A1B200CC}" = HPProductAssistant
"{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}" = Gigabyte Raid Configurer
"{3BEFC315-7F74-4F71-B704-2CAF4DC046BB}" = Steuer-Hilfesammlung 2010
"{410AB9BC-B057-4D39-9260-660EE1B4BED2}" = Steuer 2009
"{419CF344-3D94-4DAD-99C8-EA7B00E5EA8B}" = Acronis*True*Image*Home
"{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth
"{473C1ACB-EB1B-4899-AEC7-DE8815758C18}" = Faktura32
"{491DD792-AD81-429C-9EB4-86DD3D22E333}" = Windows Communication Foundation
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B526075-AF27-47A2-860D-3DA92928A051}" = Steuer 2010
"{501E4F62-257C-4FCE-960C-ABA85DC60AB0}" = hppTLBXFXCM2320
"{52A69E11-7CEB-4a7d-9607-68BA4F39A89B}" = DeviceDiscovery
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{5662C158-CA24-4228-BF6C-596FADA08682}" = Camera Support Core Library
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{58BAA8D0-404E-4585-9FD3-ED1BB72AC2EE}" = Adobe Flash Player 9 ActiveX
"{5ACE69F0-A3E8-44eb-88C1-0A841E700180}" = TrayApp
"{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}" = Windows Genuine Advantage v1.3.0254.0
"{65EBFCFA-B015-4E4C-AD4D-DE65B4F62C4D}" = hppPQVideoCM2320
"{66AED2E9-E9E3-4894-B656-FD552800551F}" = hppManualsCM2320
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{679EC478-3FF9-4987-B2FF-C2C2B27532A2}" = DocProc
"{687FEF8A-8597-40b4-832C-297EA3F35817}" = BufferChm
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{75A79BA0-4317-4CE6-924C-B0B3175EBEF9}" = hppscanCM2320
"{77697747-7567-428D-8394-2287586F6974}" = hppusgCM2320
"{789CF5F1-3326-4B7B-9D01-31047E0F5651}" = Canon Utilities Digital Photo Professional 1.6.1
"{7B847C9D-6758-45E6-B598-3BD8F43EAE9E}" = Camera Window DS
"{7D1B85BD-AA07-48B8-808D-67A4067FC6BD}" = Windows Workflow Foundation
"{7FEA5EEA-91C7-4387-9585-682A98DE5EB3}" = CAPS
"{80533B67-C407-485D-8B5D-63BB8ED9D878}" = Scan
"{862983D7-FA08-493E-A9ED-6B7859E069D3}" = Canon PhotoRecord
"{868D7896-99D4-4513-BC62-2B3AD3E24926}" = TuneUp Utilities 2006
"{954BF446-BBC9-42CC-87A6-EBF0D55CA19A}" = Internet Library
"{995F2783-8311-49BF-833E-DB659774B4F6}" = hppFonts
"{99EE30D2-A7EA-486C-9AD4-57C8583375BF}" = hppSendFaxCM2320
"{9DE3F260-B88E-42CE-90E7-73C78C37D95E}" = 32 Bit HP BiDi Channel Components Installer
"{A0F34E4E-25F0-4B68-AE8F-EF0C15CB1FED}" = RAW Image Task 2.0
"{A20A58C4-6784-4B4B-86CC-94E2E3671031}" = Nero 7 Ultra Edition
"{A43BF6A5-D5F0-4AAA-BF41-65995063EC44}" = MSXML 6.0 Parser
"{A5AB9D5E-52E2-440e-A3ED-9512E253C81A}" = SolutionCenter
"{A70D14C6-FF2C-4B8E-A643-7E74EC607614}" = Camera Window DVC
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1031-7B44-A94000000001}" = Adobe Reader 9.4.4 - Deutsch
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{B226235F-51A4-4090-B5DB-5482A28D1B0F}" = hppFaxDrvCM2320
"{B508B3F1-A24A-32C0-B310-85786919EF28}" = Microsoft .NET Framework 2.0 Service Pack 1
"{B8DBED1E-8BC3-4d08-B94A-F9D7D88E9BBF}" = HPSSupply
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{BF0C558D-BB2C-4819-88E1-1921D2BA7E00}" = hppCLJCM2320
"{C1D76D7A-F3BB-47EA-A746-5B1E2FFC1DF2}" = Canon ZoomBrowser EX
"{C92CE7AF-B104-4710-8F5C-9F833976D308}" = Schrankplaner
"{C950420B-4182-49EA-850A-A6A2ABF06C6B}" = Marvell Miniport Driver
"{CCB9B81A-167F-4832-B305-D2A0430840B3}" = WebReg
"{D142FE39-3386-4d82-9AD3-36D4A92AC3C2}" = DocMgr
"{D1901237-60AE-4659-8A07-073588714967}" = hppScanToCM2320
"{D2E0F0CC-6BE0-490b-B08B-9267083E34C9}" = MarketResearch
"{D99A8E3A-AE5A-4692-8B19-6F16D454E240}" = Destination Component
"{E73534D5-CC93-4C63-9072-5A9734255C74}" = Camera Window MC
"{E91E8912-769D-42F0-8408-0E329443BABC}" = Ralink Wireless LAN-Karte
"{E9F44C98-B8B6-480F-AF7B-E42A0A46F4E3}" = Microsoft SQL Server VSS Writer
"{ECF3E482-9188-4e29-9C31-E02FD8DC74C0}" = HP Color LaserJet CM2320 MFP Series 3.0
"{EF94DF68-3144-4503-8F11-D022D2176E32}" = hppFaxUtilityCM2320
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F6C08117-E8A9-401D-BF1F-7F99D6B48D59}" = easyjob 4.0
"{F9B3DD02-B0B3-42E9-8650-030DFF0D133D}" = Microsoft SQL Server Native Client
"{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}" = HighMAT-Erweiterung für den Microsoft Windows XP-Assistenten zum Schreiben von CDs
"{FF841249-0D6B-41D7-8013-953EE3A33263}" = hppQFolderCM2320
"7-Zip" = 7-Zip 4.65
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"ElsterFormular für Unternehmer 12.1.1.6214u" = ElsterFormular für Unternehmer
"EVEREST Home Edition_is1" = EVEREST Home Edition v2.20
"F32_is1" = Faktura32 - Auftragsverwaltung
"FreePDF_XP" = FreePDF XP (Remove only)
"Google Chrome" = Google Chrome
"GPL Ghostscript 8.62" = GPL Ghostscript 8.62
"GPL Ghostscript Fonts" = GPL Ghostscript Fonts
"HP Document Manager" = HP Document Manager 1.0
"HP Imaging Device Functions" = HP Imaging Device Functions 10.0
"HP Solution Center & Imaging Support Tools" = HP Solution Center 10.0
"HPExtendedCapabilities" = HP Customer Participation Program 10.0
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"InstallShield_{16480125-0428-4097-9A2A-74464004D169}" = Canon Utilities EOS Capture 1.3
"InstallShield_{218BBBE3-FE63-4BB2-81A8-7435575A84FA}" = Canon Utilities PhotoStitch 3.1
"InstallShield_{28291BD5-92D2-4685-82DC-CCA925C53CCA}" = Canon RemoteCapture Task for ZoomBrowser EX
"InstallShield_{33CF7CDF-9805-4500-9CC7-D19D52AD63C4}" = Canon EOS Kiss_N REBEL_XT 350D WIA-Treiber
"InstallShield_{5662C158-CA24-4228-BF6C-596FADA08682}" = Canon Camera Support Core Library
"InstallShield_{789CF5F1-3326-4B7B-9D01-31047E0F5651}" = Canon Utilities Digital Photo Professional 1.6.1
"InstallShield_{7B847C9D-6758-45E6-B598-3BD8F43EAE9E}" = Canon Camera Window DS for ZoomBrowser EX
"InstallShield_{954BF446-BBC9-42CC-87A6-EBF0D55CA19A}" = Canon Internet Library for ZoomBrowser EX
"InstallShield_{A0F34E4E-25F0-4B68-AE8F-EF0C15CB1FED}" = Canon RAW Image Task for ZoomBrowser EX
"InstallShield_{A70D14C6-FF2C-4B8E-A643-7E74EC607614}" = Canon Camera Window DVC for ZoomBrowser EX
"InstallShield_{E73534D5-CC93-4C63-9072-5A9734255C74}" = Canon Camera Window for ZoomBrowser EX
"InstallShield_{F6C08117-E8A9-401D-BF1F-7F99D6B48D59}" = easyjob 4.0
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.0" = Microsoft .NET Framework 3.0
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Mozilla Firefox (3.6.16)" = Mozilla Firefox (3.6.16)
"Mozilla Thunderbird (3.1.9)" = Mozilla Thunderbird (3.1.9)
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"Profi cash" = Profi cash
"Redirection Port Monitor" = RedMon - Redirection Port Monitor
"Shop for HP Supplies" = Shop for HP Supplies
"sv.net" = sv.net
"Tweak UI 2.10" = Tweak UI
"Verbindungsassistent" = Verbindungsassistent
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows Media Player" = Windows Media Player 10
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR Archivierer
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"Yahoo! Companion" = Yahoo! Companion
 
========== Last 10 Event Log Errors ==========
 
Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!
 
< End of report >

--- --- ---

cosinus · 29.04.2011, 20:41

Gibt es noch weitere Logs von Malwarebytes? Wenn ja bitte alle posten, die in Malwarebytes im Reiter Logdateien sichtbar sind.

michaelgerol · 29.04.2011, 21:56

Im Order Logdateien finden sich nur die beiden hier geposteteten Dateien.

cosinus · 30.04.2011, 02:15

Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:

ATTFilter

:OTL
[2011.04.28 14:35:57 | 000,000,144 | -H-- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\~18538292r
[2011.04.28 14:35:56 | 000,000,184 | -H-- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\~18538292
[2011.04.28 14:33:33 | 000,000,336 | -H-- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\18538292
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.02.18 10:39:24 | 000,000,000 | -H-- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{2e15c2e2-efff-11df-a7b6-0012bfc4a4d9}\Shell - "" = AutoRun
O33 - MountPoints2\{2e15c2e2-efff-11df-a7b6-0012bfc4a4d9}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{2e15c2e2-efff-11df-a7b6-0012bfc4a4d9}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{b7f2ac87-0524-11df-a7a6-0012bfc4a4d9}\Shell - "" = AutoRun
O33 - MountPoints2\{b7f2ac87-0524-11df-a7a6-0012bfc4a4d9}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{b7f2ac87-0524-11df-a7a6-0012bfc4a4d9}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\{b7f2ac8a-0524-11df-a7a6-0012bfc4a4d9}\Shell - "" = AutoRun
O33 - MountPoints2\{b7f2ac8a-0524-11df-a7a6-0012bfc4a4d9}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{b7f2ac8a-0524-11df-a7a6-0012bfc4a4d9}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\{ceb06650-3e01-11de-a776-0012bfc4a4d9}\Shell - "" = AutoRun
O33 - MountPoints2\{ceb06650-3e01-11de-a776-0012bfc4a4d9}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{ceb06650-3e01-11de-a776-0012bfc4a4d9}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -a
O33 - MountPoints2\{f82f6f81-710f-11de-a77f-0012bfc4a4d9}\Shell\AutoRun\command - "" = setupSNK.exe
O4 - HKLM..\Run: []  File not found
:Commands
[purity]
[resethosts]
[emptytemp]

Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

michaelgerol · 30.04.2011, 07:00

All processes killed
========== OTL ==========
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\~18538292r moved successfully.
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\~18538292 moved successfully.
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\18538292 moved successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\AUTOEXEC.BAT moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2e15c2e2-efff-11df-a7b6-0012bfc4a4d9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2e15c2e2-efff-11df-a7b6-0012bfc4a4d9}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2e15c2e2-efff-11df-a7b6-0012bfc4a4d9}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2e15c2e2-efff-11df-a7b6-0012bfc4a4d9}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2e15c2e2-efff-11df-a7b6-0012bfc4a4d9}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2e15c2e2-efff-11df-a7b6-0012bfc4a4d9}\ not found.
File G:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b7f2ac87-0524-11df-a7a6-0012bfc4a4d9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b7f2ac87-0524-11df-a7a6-0012bfc4a4d9}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b7f2ac87-0524-11df-a7a6-0012bfc4a4d9}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b7f2ac87-0524-11df-a7a6-0012bfc4a4d9}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b7f2ac87-0524-11df-a7a6-0012bfc4a4d9}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b7f2ac87-0524-11df-a7a6-0012bfc4a4d9}\ not found.
File H:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b7f2ac8a-0524-11df-a7a6-0012bfc4a4d9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b7f2ac8a-0524-11df-a7a6-0012bfc4a4d9}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b7f2ac8a-0524-11df-a7a6-0012bfc4a4d9}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b7f2ac8a-0524-11df-a7a6-0012bfc4a4d9}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b7f2ac8a-0524-11df-a7a6-0012bfc4a4d9}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b7f2ac8a-0524-11df-a7a6-0012bfc4a4d9}\ not found.
File H:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ceb06650-3e01-11de-a776-0012bfc4a4d9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ceb06650-3e01-11de-a776-0012bfc4a4d9}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ceb06650-3e01-11de-a776-0012bfc4a4d9}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ceb06650-3e01-11de-a776-0012bfc4a4d9}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ceb06650-3e01-11de-a776-0012bfc4a4d9}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ceb06650-3e01-11de-a776-0012bfc4a4d9}\ not found.
File H:\LaunchU3.exe -a not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f82f6f81-710f-11de-a77f-0012bfc4a4d9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f82f6f81-710f-11de-a77f-0012bfc4a4d9}\ not found.
File setupSNK.exe not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 12379159 bytes
->Temporary Internet Files folder emptied: 44752305 bytes
->Java cache emptied: 525020 bytes
->FireFox cache emptied: 49147621 bytes
->Google Chrome cache emptied: 6354091 bytes
->Flash cache emptied: 50304 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: LocalService

cosinus · 01.05.2011, 12:04

Bitte nun dieses Tool von Kaspersky ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, bitte unhide ausführen:
Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop.
Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )

Vista und 7 User müssen das Tool per Rechtsklick als Administrator ausführen!

29.04.2011, 20:41	#4
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Leerer Desktop nach Entfernung von Windows Recovery durch Malewarebytes Gibt es noch weitere Logs von Malwarebytes? Wenn ja bitte alle posten, die in Malwarebytes im Reiter Logdateien sichtbar sind. __________________ Logfiles bitte immer in CODE-Tags posten

Leerer Desktop nach Entfernung von Windows Recovery durch Malewarebytes

Log-Analyse und Auswertung: Leerer Desktop nach Entfernung von Windows Recovery durch Malewarebytes