Trojaner-Board
Seite 1 von 3 1 23
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Kazy.merkml1, fakeSysdef.A.313, usw. (https://www.trojaner-board.de/98752-kazy-merkml1-fakesysdef-a-313-usw.html)

minniemaus 06.05.2011 14:39
Kazy.merkml1, fakeSysdef.A.313, usw.
 
Hallo, ihr Lieben!
Ich habe/hatte diverese Trojaner, wie die oben genannten, an Bord. Aktuell ist mein Problem folgendes:
Ich habe kein sichtbares Laufwerk C mehr! Ich hatte bis vor kurzem noch die Avira AntiVir Vollversion an Bord und wollte diese durch den download von Kaspersky ersetzten, nachdem ich hier gelesen hatte, dass der wohl sehr wirkunsvoll sei. Vorgang: Download v. Kaspersky - Vollversion Avira runter - Installation Kaspersky gestartet - Neue Meldung: Wegen McAfee kann Kaspersky nicht installiert werden. Mit dem "löschen" Button kann ich McAfee aber nicht entfernen. Ich hatte McAfee nie aktiv. Möglicherweise ist das ein leerer Ordner in "C:" der alles blockiert? Ich bin jetzt ohne Virenschutz online und kann somit momentan auch keine genaueren Angaben mehr zu meinen Trojanern machen. :-(( Unter pers. Anleitung habe ich mit meinem Bruder in DOS (dir) mal geschaut, ob wenigstens da noch Dateien auf C: angezeigt werden - Fehlanzeige! (jedoch belegter Speicherplatz unter "Eigenschaften") Wenigstens konnten wir die Fehlermeldungen bzgl. beschädigter Festplatten-Cluster und beschädigtem RAM abstellen (fakeSysdef). Ich füge mal die OTL-Berichte usw. an und hoffe, dass ihr mir bei meinem Problem helfen könnt. Vielen Dank schon mal!
VLG
minniemaus

OTL:OTL Logfile:
Code:
OTL logfile created on: 06.05.2011 14:25:14 - Run 1
OTL by OldTimer - Version 3.2.22.3    Folder = C:\Users\minnie\Desktop
 Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 67,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 82,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 266,99 Gb Total Space | 178,20 Gb Free Space | 66,74% Space Free | Partition Type: NTFS
Drive D: | 30,00 Gb Total Space | 20,20 Gb Free Space | 67,32% Space Free | Partition Type: NTFS
 
Computer Name: MINNIE-PC | User Name: minnie | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2011.05.06 14:09:39 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\minnie\Desktop\OTL.exe
PRC - [2011.05.06 14:00:56 | 000,003,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\Temp\YYY8767.exe
PRC - [2011.04.28 12:15:17 | 001,010,232 | ---- | M] (Google Inc.) -- C:\Programme\Google\Chrome\Application\chrome.exe
PRC - [2011.03.24 01:37:35 | 000,910,296 | -H-- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\firefox.exe
PRC - [2010.03.03 20:16:06 | 000,013,336 | -H-- | M] (Intel Corporation) -- C:\Programme\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2009.12.10 08:48:26 | 002,320,920 | -H-- | M] (Intel Corporation) -- C:\Programme\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2009.12.10 08:48:24 | 000,268,824 | -H-- | M] (Intel Corporation) -- C:\Programme\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2009.11.07 03:46:52 | 000,020,480 | -H-- | M] (X10) -- C:\Programme\Common Files\X10\Common\X10nets.exe
PRC - [2009.10.31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009.10.22 17:05:40 | 000,118,560 | -H-- | M] (Wistron Corp.) -- C:\Programme\Launch Manager\WisLMSvc.exe
PRC - [2009.07.14 03:14:47 | 001,121,280 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
PRC - [2009.05.19 11:36:18 | 000,240,512 | -H-- | M] (Microsoft Corporation) -- C:\Programme\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2007.07.24 11:15:14 | 000,185,632 | -H-- | M] (Protexis Inc.) -- c:\Programme\Common Files\Protexis\License Service\PsiService_2.exe
 
 
========== Modules (SafeList) ==========
 
MOD - [2011.05.06 14:09:39 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\minnie\Desktop\OTL.exe
MOD - [2011.02.24 07:29:55 | 000,163,328 | ---- | M] (Microsoft Corporation) -- C:\Programme\Internet Explorer\ieproxy.dll
MOD - [2010.08.21 07:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll
MOD - [2009.07.14 03:16:16 | 000,348,160 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\ink\tiptsf.dll
MOD - [2009.07.14 03:15:27 | 000,009,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\IconCodecService.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2010.03.03 20:16:06 | 000,013,336 | -H-- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel(R)
SRV - [2009.12.10 08:48:26 | 002,320,920 | -H-- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R)
SRV - [2009.12.10 08:48:24 | 000,268,824 | -H-- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R)
SRV - [2009.11.07 03:46:52 | 000,020,480 | -H-- | M] (X10) [Auto | Running] -- C:\Programme\Common Files\X10\Common\X10nets.exe -- (x10nets)
SRV - [2009.10.22 17:05:40 | 000,118,560 | -H-- | M] (Wistron Corp.) [On_Demand | Running] -- C:\Program Files\Launch Manager\WisLMSvc.exe -- (WisLMSvc)
SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009.02.03 14:53:00 | 001,155,072 | -H-- | M] (MAGIX AG) [Unknown | Stopped] -- C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe -- (Fabs)
SRV - [2008.08.07 10:10:02 | 003,276,800 | -H-- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance)
SRV - [2007.07.24 11:15:14 | 000,185,632 | -H-- | M] (Protexis Inc.) [Auto | Running] -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2010.04.01 10:13:38 | 001,009,184 | -H-- | M] (Realtek Semiconductor Corporation                          ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rtl8192se.sys -- (rtl8192se)
DRV - [2010.03.24 17:57:16 | 000,191,008 | -H-- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV - [2010.03.04 17:53:08 | 000,067,624 | -H-- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\L1C62x86.sys -- (L1C)
DRV - [2010.02.10 15:01:10 | 000,132,352 | -H-- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\system32\DRIVERS\Impcd.sys -- (Impcd)
DRV - [2010.02.04 13:54:32 | 001,558,368 | -H-- | M] (NXP Semiconductors Germany GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NxpCap.sys -- (NxpCap)
DRV - [2010.02.03 05:36:34 | 000,232,960 | -H-- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntcDAud.sys -- (IntcDAud) Intel(R)
DRV - [2009.09.18 04:54:14 | 000,041,088 | -H-- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\system32\DRIVERS\HECI.sys -- (HECI) Intel(R)
DRV - [2009.08.13 17:39:40 | 000,786,400 | -H-- | M] (DiBcom SA) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mod7700.sys -- (mod7700)
DRV - [2009.05.13 12:47:30 | 000,027,160 | -H-- | M] (X10 Wireless Technology, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\x10ufx2.sys -- (XUIF)
DRV - [2009.05.13 12:26:26 | 000,013,720 | -H-- | M] (X10 Wireless Technology, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\x10hid.sys -- (X10Hid)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://medion.msn.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://medion.msn.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.aldi.com
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "www.google.de"
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.3
FF - prefs.js..extensions.enabledItems: {0b457cAA-602d-484a-8fe7-c1d894a011ba}:0.88
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198
FF - prefs.js..extensions.enabledItems: {184AA5E6-741D-464a-820E-94B3ABC2F3B4}:1.0
 
FF - HKLM\software\mozilla\Firefox\Extensions\\{184AA5E6-741D-464a-820E-94B3ABC2F3B4}: C:\Users\minnie\AppData\Roaming\5015 [2011.04.28 15:03:23 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.18\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.04.24 14:22:29 | 000,000,000 | -H-D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.18\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.04.24 14:22:29 | 000,000,000 | -H-D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.9\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011.04.24 14:22:29 | 000,000,000 | -H-D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.9\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
 
[2010.06.23 00:59:21 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\minnie\AppData\Roaming\mozilla\Extensions
[2010.06.23 00:44:34 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\minnie\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2011.05.06 14:23:01 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\minnie\AppData\Roaming\mozilla\Firefox\Profiles\k003e2dl.default\extensions
[2011.04.24 14:22:11 | 000,000,000 | -H-D | M] (FireShot) -- C:\Users\minnie\AppData\Roaming\mozilla\Firefox\Profiles\k003e2dl.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}
[2011.04.24 14:22:11 | 000,000,000 | -H-D | M] (DownloadHelper) -- C:\Users\minnie\AppData\Roaming\mozilla\Firefox\Profiles\k003e2dl.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011.05.06 14:23:01 | 000,000,000 | -H-D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2011.04.24 14:22:29 | 000,000,000 | -H-D | M] (Skype extension for Firefox) -- C:\Programme\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2011.04.24 14:22:29 | 000,000,000 | -H-D | M] (Skype extension for Firefox) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{AB2CE124-6272-4B12-94A9-7303C7397BD1}
[2011.04.28 15:03:23 | 000,000,000 | ---D | M] (Java String Helper) -- C:\USERS\MINNIE\APPDATA\ROAMING\5015
[2009.10.26 16:45:36 | 000,102,400 | -H-- | M] (Zylom) -- C:\Programme\Mozilla Firefox\plugins\npzylomgamesplayer.dll
[2010.10.22 20:44:30 | 000,001,392 | -H-- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.10.22 20:44:30 | 000,002,344 | -H-- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.10.22 20:44:31 | 000,006,805 | -H-- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.10.22 20:44:31 | 000,001,178 | -H-- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.10.22 20:44:31 | 000,000,801 | -H-- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | -H-- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Programme\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (FireShot) - {6E6E744E-4D20-4ce3-9A7A-26DFFFE22F68} -  File not found
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O4 - HKLM..\Run: [CLMLServer] C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [HotKey] C:\Windows\twain_32\FlatBed\HotKey.Exe (Pmx. Electronics Ltd.)
O4 - HKLM..\Run: [HotkeyApp] C:\Program Files\Launch Manager\HotkeyApp.exe (Wistron)
O4 - HKLM..\Run: [LexwareInfoService] C:\Program Files\Common Files\Lexware\Update Manager\LxUpdateManager.exe (Haufe-Lexware GmbH & Co. KG)
O4 - HKLM..\Run: [LMgrOSD]  File not found
O4 - HKLM..\Run: [LMgrVolOSD] C:\Program Files\Launch Manager\OSD.exe (Wistron Corp.)
O4 - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Wbutton] C:\Program Files\Launch Manager\Wbutton.exe (Wistron Corp.)
O4 - Startup: C:\Users\minnie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: add to &BOM - C:\\PROGRA~1\\BIET-O~1\\\\AddToBOM.hta ()
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} -  File not found
O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} -  File not found
O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: fritz.box ([]* in Lokales Intranet)
O15 - HKCU\..Trusted Ranges: Range1 ([*] in Lokales Intranet)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Users\minnie\AppData\Roaming\appconf32.exe) - C:\Users\minnie\AppData\Roaming\appconf32.exe ()
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | -H-- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{20cc694c-7df9-11df-ba53-1c4bd6e57822}\Shell - "" = AutoRun
O33 - MountPoints2\{20cc694c-7df9-11df-ba53-1c4bd6e57822}\Shell\AutoRun\command - "" = F:\pushinst.exe
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias -  File not found
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
MsConfig - StartUpReg: HotKeysCmds - hkey= - key= -  File not found
MsConfig - StartUpReg: IgfxTray - hkey= - key= -  File not found
MsConfig - StartUpReg: msnmsgr - hkey= - key= -  File not found
MsConfig - StartUpReg: Persistence - hkey= - key= -  File not found
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 2

 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.05.06 14:18:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
[2011.05.06 14:09:31 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\minnie\Desktop\OTL.exe
[2011.05.06 14:09:31 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Users\minnie\Desktop\TFC.exe
[2011.05.06 14:09:30 | 000,791,393 | ---- | C] (Lars Hederer                                                ) -- C:\Users\minnie\Desktop\Erunt-setup.exe
[2011.04.28 15:42:09 | 000,000,000 | ---D | C] -- C:\Users\minnie\AppData\Roaming\UAs
[2011.04.28 15:03:26 | 000,236,496 | ---- | C] (Adobe Systems, Incorporated) -- C:\Users\minnie\AppData\Roaming\AcroIEHelpe.dll
[2011.04.28 15:03:23 | 000,000,000 | ---D | C] -- C:\Users\minnie\AppData\Roaming\5015
[2011.04.28 15:03:19 | 000,000,000 | ---D | C] -- C:\xmldm
[2011.04.28 15:03:19 | 000,000,000 | ---D | C] -- C:\kock
[2011.04.28 15:03:12 | 000,000,000 | ---D | C] -- C:\Users\minnie\AppData\Roaming\xmldm
[2011.04.28 15:03:11 | 000,000,000 | ---D | C] -- C:\Users\minnie\AppData\Roaming\kock
[2011.04.28 14:53:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab Setup Files
[2011.04.26 23:39:14 | 000,000,000 | ---D | C] -- C:\Eigene Dateien zusatz
[2011.04.25 15:52:20 | 000,000,000 | -H-D | C] -- C:\Windows\pss
[2011.04.24 16:06:01 | 000,000,000 | -H-D | C] -- C:\Users\minnie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Recovery
[2011.04.10 22:57:55 | 000,000,000 | -H-D | C] -- C:\Users\minnie\AppData\Local\S2
[2011.04.10 22:56:59 | 000,098,304 | -H-- | C] (Sony DADC Austria AG.) -- C:\Windows\System32\CmdLineExt.dll
[2011.04.10 22:56:59 | 000,000,000 | RH-D | C] -- C:\Users\minnie\AppData\Roaming\SecuROM
[2011.04.10 13:38:36 | 000,000,000 | -H-D | C] -- C:\Users\minnie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
[2011.04.10 13:33:54 | 000,000,000 | -H-D | C] -- C:\Programme\THQ
[2011.04.10 13:33:49 | 000,000,000 | -H-D | C] -- C:\Users\minnie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\THQ
[2011.04.10 13:33:49 | 000,000,000 | -H-D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\THQ
[2010.08.25 19:59:08 | 000,004,096 | -H-- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll
[1 C:\Users\minnie\AppData\Roaming\*.tmp files -> C:\Users\minnie\AppData\Roaming\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011.05.06 14:18:47 | 000,000,624 | ---- | M] () -- C:\Users\minnie\Desktop\NTREGOPT.lnk
[2011.05.06 14:18:46 | 000,000,611 | ---- | M] () -- C:\Users\minnie\Desktop\ERUNT.lnk
[2011.05.06 14:10:00 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA1cc0771fb166348.job
[2011.05.06 14:09:45 | 000,302,080 | ---- | M] () -- C:\Users\minnie\Desktop\g2m3e4r.exe
[2011.05.06 14:09:40 | 000,791,393 | ---- | M] (Lars Hederer                                                ) -- C:\Users\minnie\Desktop\Erunt-setup.exe
[2011.05.06 14:09:39 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\minnie\Desktop\OTL.exe
[2011.05.06 14:09:36 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Users\minnie\Desktop\TFC.exe
[2011.05.06 13:56:46 | 000,009,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011.05.06 13:56:46 | 000,009,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011.05.06 13:48:50 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore1cc0771faeb8a83.job
[2011.05.06 13:48:32 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.05.06 13:48:27 | 2307,862,528 | -HS- | M] () -- C:\hiberfil.sys
[2011.04.26 23:38:54 | 000,008,866 | ---- | M] () -- C:\Users\minnie\wo wird gespeichert.odt
[2011.04.25 16:38:06 | 000,003,224 | -H-- | M] () -- C:\bootsqm.dat
[2011.04.24 16:08:14 | 000,000,400 | -H-- | M] () -- C:\ProgramData\33087240
[2011.04.24 16:06:02 | 000,000,120 | -H-- | M] () -- C:\ProgramData\~33087240
[2011.04.24 16:06:01 | 000,000,635 | -H-- | M] () -- C:\Users\minnie\Desktop\Windows Recovery.lnk
[2011.04.24 16:06:01 | 000,000,136 | -H-- | M] () -- C:\ProgramData\~33087240r
[2011.04.22 21:15:18 | 000,654,166 | -H-- | M] () -- C:\Windows\System32\perfh007.dat
[2011.04.22 21:15:18 | 000,616,008 | -H-- | M] () -- C:\Windows\System32\perfh009.dat
[2011.04.22 21:15:18 | 000,130,006 | -H-- | M] () -- C:\Windows\System32\perfc007.dat
[2011.04.22 21:15:18 | 000,106,388 | -H-- | M] () -- C:\Windows\System32\perfc009.dat
[2011.04.17 21:07:19 | 000,396,544 | -H-- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011.04.10 22:56:59 | 000,098,304 | -H-- | M] (Sony DADC Austria AG.) -- C:\Windows\System32\CmdLineExt.dll
[2011.04.10 13:37:44 | 000,001,971 | -H-- | M] () -- C:\Users\Public\Desktop\Findet Nemo.lnk
[1 C:\Users\minnie\AppData\Roaming\*.tmp files -> C:\Users\minnie\AppData\Roaming\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011.05.06 14:18:47 | 000,000,624 | ---- | C] () -- C:\Users\minnie\Desktop\NTREGOPT.lnk
[2011.05.06 14:18:46 | 000,000,611 | ---- | C] () -- C:\Users\minnie\Desktop\ERUNT.lnk
[2011.05.06 14:09:30 | 000,302,080 | ---- | C] () -- C:\Users\minnie\Desktop\g2m3e4r.exe
[2011.04.30 22:05:41 | 000,001,098 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA1cc0771fb166348.job
[2011.04.30 22:05:40 | 000,001,094 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore1cc0771faeb8a83.job
[2011.04.26 23:37:51 | 000,008,866 | ---- | C] () -- C:\Users\minnie\wo wird gespeichert.odt
[2011.04.25 16:38:06 | 000,003,224 | -H-- | C] () -- C:\bootsqm.dat
[2011.04.24 16:06:01 | 000,000,635 | -H-- | C] () -- C:\Users\minnie\Desktop\Windows Recovery.lnk
[2011.04.24 16:06:01 | 000,000,136 | -H-- | C] () -- C:\ProgramData\~33087240r
[2011.04.24 16:06:01 | 000,000,120 | -H-- | C] () -- C:\ProgramData\~33087240
[2011.04.24 16:05:55 | 000,000,400 | -H-- | C] () -- C:\ProgramData\33087240
[2011.04.10 13:37:44 | 000,001,971 | -H-- | C] () -- C:\Users\Public\Desktop\Findet Nemo.lnk
[2011.03.18 11:33:19 | 000,005,120 | -H-- | C] () -- C:\Users\minnie\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.01.17 19:33:00 | 000,000,952 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
[2010.12.09 21:23:19 | 000,015,873 | -H-- | C] () -- C:\Windows\System32\Inetde.dll
[2010.08.25 20:30:02 | 000,127,868 | -H-- | C] () -- C:\Windows\System32\igcompkrng575.bin
[2010.08.25 20:30:00 | 000,104,796 | -H-- | C] () -- C:\Windows\System32\igfcg575m.bin
[2010.07.22 22:30:45 | 000,000,019 | -H-- | C] () -- C:\Users\minnie\AppData\Roaming\mdbu.bin
[2010.07.04 00:35:44 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat
[2010.06.23 00:44:34 | 000,000,000 | -H-- | C] () -- C:\Windows\nsreg.dat
[2010.05.05 06:13:49 | 000,072,017 | -H-- | C] () -- C:\Windows\System32\Uninstall ALDI SÜD Mah Jong.exe
[2010.05.01 10:04:19 | 000,120,200 | -H-- | C] () -- C:\Windows\System32\DLLDEV32i.dll
[2010.04.22 16:06:52 | 000,127,184 | -H-- | C] () -- C:\Windows\Unwise.exe
[2010.04.22 16:06:50 | 000,149,504 | -H-- | C] () -- C:\Windows\unwise32_setup.exe
[2010.04.22 16:04:02 | 000,451,072 | -H-- | C] () -- C:\Windows\System32\ISSRemoveSP.exe
[2010.04.22 13:11:09 | 000,870,560 | -H-- | C] () -- C:\Windows\System32\igkrng575.bin
[2010.04.22 13:11:09 | 000,208,896 | -H-- | C] () -- C:\Windows\System32\iglhsip32.dll
[2010.04.22 13:11:09 | 000,143,360 | -H-- | C] () -- C:\Windows\System32\iglhcp32.dll
[2010.04.22 13:11:06 | 000,000,151 | -H-- | C] () -- C:\Windows\System32\GfxUI.exe.config
[2010.04.14 12:32:50 | 000,007,648 | -H-- | C] () -- C:\Windows\System32\716xCoInstaller.dll
[2009.08.03 15:07:42 | 000,403,816 | -H-- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009.08.03 15:07:42 | 000,230,768 | -H-- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2009.07.14 10:47:43 | 000,654,166 | -H-- | C] () -- C:\Windows\System32\perfh007.dat
[2009.07.14 10:47:43 | 000,295,922 | -H-- | C] () -- C:\Windows\System32\perfi007.dat
[2009.07.14 10:47:43 | 000,130,006 | -H-- | C] () -- C:\Windows\System32\perfc007.dat
[2009.07.14 10:47:43 | 000,038,104 | -H-- | C] () -- C:\Windows\System32\perfd007.dat
[2009.07.14 06:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009.07.14 06:33:53 | 000,396,544 | -H-- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009.07.14 04:05:48 | 000,616,008 | -H-- | C] () -- C:\Windows\System32\perfh009.dat
[2009.07.14 04:05:48 | 000,291,294 | -H-- | C] () -- C:\Windows\System32\perfi009.dat
[2009.07.14 04:05:48 | 000,106,388 | -H-- | C] () -- C:\Windows\System32\perfc009.dat
[2009.07.14 04:05:48 | 000,031,548 | -H-- | C] () -- C:\Windows\System32\perfd009.dat
[2009.07.14 04:05:05 | 000,000,741 | -H-- | C] () -- C:\Windows\System32\NOISE.DAT
[2009.07.14 04:04:11 | 000,215,943 | -H-- | C] () -- C:\Windows\System32\dssec.dat
[2009.07.14 01:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009.07.14 01:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009.06.10 23:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2008.12.09 17:23:13 | 000,046,080 | RHS- | C] () -- C:\Users\minnie\AppData\Roaming\appconf32.exe
[2006.04.21 10:08:22 | 000,253,952 | -H-- | C] () -- C:\Windows\System32\HtmlHelp.dll
[2000.08.29 15:40:10 | 000,006,137 | -H-- | C] () -- C:\Windows\System32\E1.ini
[2000.08.02 21:47:20 | 000,026,112 | -H-- | C] () -- C:\Windows\RunUnDrv.exe
 
========== LOP Check ==========
 
[2011.04.28 15:03:23 | 000,000,000 | ---D | M] -- C:\Users\minnie\AppData\Roaming\5015
[2011.01.22 01:55:53 | 000,000,000 | -H-D | M] -- C:\Users\minnie\AppData\Roaming\Ashampoo
[2011.04.24 14:22:11 | 000,000,000 | -H-D | M] -- C:\Users\minnie\AppData\Roaming\BOM
[2011.04.24 14:22:11 | 000,000,000 | -H-D | M] -- C:\Users\minnie\AppData\Roaming\IrfanView
[2011.04.28 15:03:11 | 000,000,000 | ---D | M] -- C:\Users\minnie\AppData\Roaming\kock
[2010.08.12 21:59:31 | 000,000,000 | -H-D | M] -- C:\Users\minnie\AppData\Roaming\Lexware
[2011.04.24 14:22:11 | 000,000,000 | -H-D | M] -- C:\Users\minnie\AppData\Roaming\MAGIX
[2010.06.26 23:14:34 | 000,000,000 | -H-D | M] -- C:\Users\minnie\AppData\Roaming\OpenOffice.org
[2010.07.26 16:20:47 | 000,000,000 | -H-D | M] -- C:\Users\minnie\AppData\Roaming\TeamViewer
[2011.04.24 14:22:10 | 000,000,000 | -H-D | M] -- C:\Users\minnie\AppData\Roaming\Thunderbird
[2011.04.28 15:42:09 | 000,000,000 | ---D | M] -- C:\Users\minnie\AppData\Roaming\UAs
[2011.03.18 22:30:10 | 000,000,000 | -H-D | M] -- C:\Users\minnie\AppData\Roaming\wxMozBrowserLib
[2011.04.28 15:47:02 | 000,000,000 | ---D | M] -- C:\Users\minnie\AppData\Roaming\xmldm
[2010.12.22 11:45:27 | 000,000,000 | -H-D | M] -- C:\Users\minnie\AppData\Roaming\YoudaGames
[2010.12.22 11:45:23 | 000,000,000 | -H-D | M] -- C:\Users\minnie\AppData\Roaming\Zylom
[2011.04.08 21:55:30 | 000,032,632 | -H-- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %SYSTEMDRIVE%\*. >
[2010.10.31 09:02:14 | 000,000,000 | -HSD | M] -- C:\$RECYCLE.BIN
[2010.09.29 00:03:51 | 000,000,000 | -H-D | M] -- C:\8a364a0cc8ca466192c17e
[2010.06.22 14:42:19 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen
[2011.04.26 23:40:15 | 000,000,000 | ---D | M] -- C:\Eigene Dateien zusatz
[2011.04.24 14:22:50 | 000,000,000 | -H-D | M] -- C:\Intel
[2011.04.28 15:03:19 | 000,000,000 | ---D | M] -- C:\kock
[2011.04.24 14:22:50 | 000,000,000 | -H-D | M] -- C:\Medion
[2010.04.23 12:51:02 | 000,000,000 | RH-D | M] -- C:\MSOCache
[2011.04.28 14:58:46 | 000,000,000 | RH-D | M] -- C:\Programme
[2011.04.28 14:58:46 | 000,000,000 | -H-D | M] -- C:\ProgramData
[2010.06.22 14:42:19 | 000,000,000 | -HSD | M] -- C:\Programme
[2010.06.22 14:42:19 | 000,000,000 | -HSD | M] -- C:\Recovery
[2011.04.26 21:26:20 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2010.06.23 12:14:09 | 000,000,000 | RH-D | M] -- C:\Users
[2011.05.06 14:11:45 | 000,000,000 | -H-D | M] -- C:\Windows
[2011.04.28 15:03:19 | 000,000,000 | ---D | M] -- C:\xmldm
 
< %PROGRAMFILES%\*.exe >
 
< %LOCALAPPDATA%\*.exe >
 
< %systemroot%\*. /mp /s >
 
 
< MD5 for: EXPLORER.EXE  >
[2009.07.14 03:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe
[2009.10.31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\explorer.exe
[2009.10.31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe
[2009.08.03 07:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe
[2009.08.03 07:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe
[2009.10.31 08:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe
 
< MD5 for: REGEDIT.EXE  >
[2009.07.14 03:14:30 | 000,398,336 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\regedit.exe
[2009.07.14 03:14:30 | 000,398,336 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\winsxs\x86_microsoft-windows-registry-editor_31bf3856ad364e35_6.1.7600.16385_none_f4050b883d2c3c08\regedit.exe
 
< MD5 for: USERINIT.EXE  >
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\System32\userinit.exe
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\System32\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2009.10.28 08:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\System32\winlogon.exe
[2009.10.28 08:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe
[2009.10.28 07:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe
[2009.07.14 03:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2011-04-25 05:08:15
 
<          >

< End of report >
--- --- ---


SCAN:
activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
/md5start
explorer.exe
regedit.exe
winlogon.exe
wininit.exe
userinit.exe
/md5stop
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
CREATERESTOREPOINT

EXTRAS:OTL Logfile:
Code:
OTL Extras logfile created on: 06.05.2011 14:25:14 - Run 1
OTL by OldTimer - Version 3.2.22.3    Folder = C:\Users\minnie\Desktop
 Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 67,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 82,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 266,99 Gb Total Space | 178,20 Gb Free Space | 66,74% Space Free | Partition Type: NTFS
Drive D: | 30,00 Gb Total Space | 20,20 Gb Free Space | 67,32% Space Free | Partition Type: NTFS
 
Computer Name: MINNIE-PC | User Name: minnie | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~3\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{C0237AA4-1BFB-46EA-860D-7B0EB365CA13}" = CorelDRAW Essentials 4
"_{CF0ADC18-6D8F-4353-8EAA-DF45456B7853}" = CorelDRAW Essentials 4 - Windows Shell Extension
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{07B62101-7EBD-434A-94B1-B38063BE5516}" = CorelDRAW Essentials 4 - PHOTO-PAINT
"{0ED4216F-3540-4D6B-8199-1C8DDEA3924B}" = CorelDRAW Essentials 4 - Lang DE
"{0EDBEB2B-7C8D-42E6-8312-0F84394A3223}" = Windows Media Center Add-in for Silverlight
"{15B2BC56-D179-4450-84B9-7A8D7F4CE1B9}" = Lexware Info Service
"{19AC095C-3520-4999-AA15-93B6D0248A50}" = CorelDRAW Essentials 4 - Content
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = Medion Home Cinema
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 20
"{27CC6AB1-E72B-4179-AF1A-EAE507EBAF51}_is1" = ConvertHelper 2.2
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
"{34A9406E-1994-4C20-AC72-04CFA2B24545}" = CorelDRAW Essentials 4 - Lang EN
"{3576C335-958D-4D60-A812-F68F9A2796AF}" = CorelDRAW Essentials 4 - Lang IT
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{3E6F0CAD-EE38-42A5-9EEA-AE17A55BF2D4}" = Firebird SQL Server - MAGIX Edition
"{3EFEF049-23D4-4B46-8903-4592FEA51018}" = Windows Live Movie Maker
"{406A89D6-09E6-4550-B370-8D376DDB56BE}" = Adobe Flash Player 10 ActiveX
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"{410AB9BC-B057-4D39-9260-660EE1B4BED2}" = Steuer 2009
"{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B526075-AF27-47A2-860D-3DA92928A051}" = Steuer 2010
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{5500BB35-1C21-4328-9F16-F894B860FADE}" = CorelDRAW Essentials 4 - Lang NL
"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{70B7A167-0B88-445D-A3EA-97C73AA88CAC}" = Windows Live Toolbar
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{76E852ED-1B06-4BC8-9D6A-625DB95FB7E5}" = CorelDRAW Essentials 4 - IPM - No VBA
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{9043B9A0-9505-405B-8202-E7167A38A89C}" = CorelDRAW Essentials 4
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{97C82B44-D408-4F14-9252-47FC1636D23E}_is1" = IZArc 4.1
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9D318C86-AF4C-409F-A6AC-7183FF4CF424}" = Internet-TV für Windows Media Center
"{9D3D8C60-A55F-4fed-B2B9-173F09590E16}" = REALTEK Wireless LAN Driver
"{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{ABD8B955-1C69-4AF3-949B-13CD587C175F}" = CorelDRAW Essentials 4 - Lang BR
"{AC76BA86-7AD7-1031-7B44-A94000000001}" = Adobe Reader 9.4.2 - Deutsch
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B9FA9F15-A1F3-4DB1-AD49-0B9351843FAA}" = CorelDRAW Essentials 4 - Draw
"{BA9319FE-BCEF-4C99-8039-F464648D046E}" = CorelDRAW Essentials 4 - Lang FR
"{BAC80EF3-E106-4AEA-8C57-F217F9BC7358}" = Microsoft SQL Server 2005 Compact Edition [DEU]
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C0237AA4-1BFB-46EA-860D-7B0EB365CA13}" = CorelDRAW Essentials 4 - ICA
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"{C682F3F0-00A6-4379-B083-4F3273624D7B}" = CorelDRAW Essentials 4 - Lang ES
"{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86
"{CE480239-DC94-4A5D-9CBE-415D24D2F6AD}" = Findet Nemo
"{CF0ADC18-6D8F-4353-8EAA-DF45456B7853}" = CorelDRAW Essentials 4 - Windows Shell Extension
"{D0846526-66DD-4DC9-A02C-98F9A2806812}" = Launch Manager V1.5.0.8
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{DFFC0648-BC4B-47D1-93D2-6CA6B9457641}" = OpenOffice.org 3.2
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{E3D04529-6EDB-11D8-A372-0050BAE317E1}" = CyberLink PowerDVD Copy
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{EC2F8A30-787F-4DA5-9A8F-8E7DFE777CC2}" = Servicepack Datumsaktualisierung
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Graphics Media Accelerator Driver
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F16841F6-5F0F-4DBE-B318-63CEB916F21D}" = CorelDRAW Essentials 4 - Filters
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"ALDI Süd Foto Manager Free D" = ALDI Süd Foto Manager Free
"ALDI Süd Foto Service D" = ALDI Süd Foto Service
"Aldi Süd Fotoservice_is1" = Aldi Süd Fotoservice
"ALDI SÜD Mah Jong" = ALDI SÜD Mah Jong
"ALDI Süd Online Druck Service D" = ALDI Süd Online Druck Service
"Ashampoo Burning Studio_is1" = Ashampoo Burning Studio
"Ashampoo Photo Commander_is1" = Ashampoo Photo Commander
"Ashampoo Snap_is1" = Ashampoo Snap
"Biet-O-Matic v2.14.8" = Biet-O-Matic v2.14.8
"ERUNT_is1" = ERUNT 1.1j
"Google Chrome" = Google Chrome
"Hardcopy(C__Program Files_Hardcopy)" = Hardcopy (C:\Program Files\Hardcopy)
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = Medion Home Cinema
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"InstallShield_{CE480239-DC94-4A5D-9CBE-415D24D2F6AD}" = Findet Nemo
"InstallShield_{E3D04529-6EDB-11D8-A372-0050BAE317E1}" = CyberLink PowerDVD Copy
"IrfanView" = IrfanView (remove only)
"MEDION Fotos auf CD & DVD SE Sued D" = MEDION Fotos auf CD & DVD SE Sued
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox (3.5.18)" = Mozilla Firefox (3.5.18)
"Mozilla Thunderbird (3.1.9)" = Mozilla Thunderbird (3.1.9)
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"USB Scanner" = USB Scanner
"Vokabelcheck Spanisch" = Vokabelcheck Spanisch
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"WinLiveSuite_Wave3" = Windows Live Essentials
"X10Hardware" = X10 Hardware(TM)
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 30.04.2011 16:17:45 | Computer Name = minnie-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: wmpnscfg.exe, Version: 12.0.7600.16385,
 Zeitstempel: 0x4a5bccbc  Name des fehlerhaften Moduls: kernel32.dll, Version: 6.1.7600.16481,
 Zeitstempel: 0x4b1e3897  Ausnahmecode: 0xc0000005  Fehleroffset: 0x000506ab  ID des fehlerhaften
 Prozesses: 0xebc  Startzeit der fehlerhaften Anwendung: 0x01cc0773a83c4fc4  Pfad der
 fehlerhaften Anwendung: C:\Program Files\Windows Media Player\wmpnscfg.exe  Pfad
des fehlerhaften Moduls: C:\Windows\system32\kernel32.dll  Berichtskennung: e8ba1b97-7366-11e0-82d9-00262dbf66c7
 
Error - 30.04.2011 16:27:06 | Computer Name = minnie-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: WLXPGSS.SCR, Version: 14.0.8081.709,
 Zeitstempel: 0x4a57911d  Name des fehlerhaften Moduls: kernel32.dll, Version: 6.1.7600.16481,
 Zeitstempel: 0x4b1e3897  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00050cf9  ID des fehlerhaften
 Prozesses: 0x500  Startzeit der fehlerhaften Anwendung: 0x01cc0774f8205830  Pfad der
 fehlerhaften Anwendung: C:\Windows\WLXPGSS.SCR  Pfad des fehlerhaften Moduls: C:\Windows\system32\kernel32.dll
Berichtskennung:
 37097a15-7368-11e0-82d9-00262dbf66c7
 
Error - 04.05.2011 18:42:36 | Computer Name = minnie-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: svchost.exe, Version: 6.1.7600.16385,
 Zeitstempel: 0x4a5bc100  Name des fehlerhaften Moduls: kernel32.dll, Version: 6.1.7600.16481,
 Zeitstempel: 0x4b1e3897  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00050d43  ID des fehlerhaften
 Prozesses: 0x5b4  Startzeit der fehlerhaften Anwendung: 0x01cc0aac9012d866  Pfad der
 fehlerhaften Anwendung: C:\Windows\system32\svchost.exe  Pfad des fehlerhaften Moduls:
 C:\Windows\system32\kernel32.dll  Berichtskennung: ce4bd476-769f-11e0-bd43-00262dbf66c7
 
Error - 06.05.2011 07:49:17 | Computer Name = minnie-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: svchost.exe, Version: 6.1.7600.16385,
 Zeitstempel: 0x4a5bc100  Name des fehlerhaften Moduls: kernel32.dll, Version: 6.1.7600.16481,
 Zeitstempel: 0x4b1e3897  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00050d43  ID des fehlerhaften
 Prozesses: 0x15b0  Startzeit der fehlerhaften Anwendung: 0x01cc0be39ef5af86  Pfad der
 fehlerhaften Anwendung: C:\Windows\system32\svchost.exe  Pfad des fehlerhaften Moduls:
 C:\Windows\system32\kernel32.dll  Berichtskennung: de798add-77d6-11e0-89bc-00262dbf66c7
 
Error - 06.05.2011 07:58:57 | Computer Name = minnie-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: explorer.exe, Version: 6.1.7600.16450,
 Zeitstempel: 0x4aeba271  Name des fehlerhaften Moduls: kernel32.dll, Version: 6.1.7600.16481,
 Zeitstempel: 0x4b1e3897  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00050878  ID des fehlerhaften
 Prozesses: 0x1664  Startzeit der fehlerhaften Anwendung: 0x01cc0be4fa956844  Pfad der
 fehlerhaften Anwendung: C:\Windows\explorer.exe  Pfad des fehlerhaften Moduls: C:\Windows\system32\kernel32.dll
Berichtskennung:
 38a38b8f-77d8-11e0-89bc-00262dbf66c7
 
Error - 06.05.2011 07:58:57 | Computer Name = minnie-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: FlashUtil10i_ActiveX.exe, Version:
 10.1.82.76, Zeitstempel: 0x4c4fd88f  Name des fehlerhaften Moduls: kernel32.dll,
Version: 6.1.7600.16481, Zeitstempel: 0x4b1e3897  Ausnahmecode: 0xc0000005  Fehleroffset:
 0x00050bc7  ID des fehlerhaften Prozesses: 0xaec  Startzeit der fehlerhaften Anwendung:
 0x01cc0be4faf23dee  Pfad der fehlerhaften Anwendung: C:\Windows\System32\Macromed\Flash\FlashUtil10i_ActiveX.exe
Pfad
 des fehlerhaften Moduls: C:\Windows\system32\kernel32.dll  Berichtskennung: 38aaafb0-77d8-11e0-89bc-00262dbf66c7
 
Error - 06.05.2011 07:59:20 | Computer Name = minnie-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: explorer.exe, Version: 6.1.7600.16450,
 Zeitstempel: 0x4aeba271  Name des fehlerhaften Moduls: kernel32.dll, Version: 6.1.7600.16481,
 Zeitstempel: 0x4b1e3897  Ausnahmecode: 0xc0000005  Fehleroffset: 0x000506ab  ID des fehlerhaften
 Prozesses: 0x1d88  Startzeit der fehlerhaften Anwendung: 0x01cc0be5083e2db6  Pfad der
 fehlerhaften Anwendung: C:\Windows\explorer.exe  Pfad des fehlerhaften Moduls: C:\Windows\system32\kernel32.dll
Berichtskennung:
 45fdc399-77d8-11e0-89bc-00262dbf66c7
 
Error - 06.05.2011 07:59:20 | Computer Name = minnie-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: WerFault.exe, Version: 6.1.7600.16385,
 Zeitstempel: 0x4a5bc2d9  Name des fehlerhaften Moduls: kernel32.dll, Version: 6.1.7600.16481,
 Zeitstempel: 0x4b1e3897  Ausnahmecode: 0xc0000005  Fehleroffset: 0x000505d7  ID des fehlerhaften
 Prozesses: 0x173c  Startzeit der fehlerhaften Anwendung: 0x01cc0be5085138b8  Pfad der
 fehlerhaften Anwendung: C:\Windows\system32\WerFault.exe  Pfad des fehlerhaften Moduls:
 C:\Windows\system32\kernel32.dll  Berichtskennung: 460e6d3b-77d8-11e0-89bc-00262dbf66c7
 
Error - 06.05.2011 08:22:08 | Computer Name = minnie-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: wmpnscfg.exe, Version: 12.0.7600.16385,
 Zeitstempel: 0x4a5bccbc  Name des fehlerhaften Moduls: kernel32.dll, Version: 6.1.7600.16481,
 Zeitstempel: 0x4b1e3897  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00050af2  ID des fehlerhaften
 Prozesses: 0x130c  Startzeit der fehlerhaften Anwendung: 0x01cc0be8367c3c4f  Pfad der
 fehlerhaften Anwendung: C:\Program Files\Windows Media Player\wmpnscfg.exe  Pfad
des fehlerhaften Moduls: C:\Windows\system32\kernel32.dll  Berichtskennung: 756aaa5f-77db-11e0-89bc-00262dbf66c7
 
Error - 06.05.2011 08:24:03 | Computer Name = minnie-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: SkypeNames2.exe, Version: 4.2.0.4823,
 Zeitstempel: 0x4b06ab4c  Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7600.16695,
 Zeitstempel: 0x4cc7ab44  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00075c8c  ID des fehlerhaften
 Prozesses: 0x13f8  Startzeit der fehlerhaften Anwendung: 0x01cc0be87c5051af  Pfad der
 fehlerhaften Anwendung: C:\Program Files\Skype\Toolbars\Shared\SkypeNames2.exe  Pfad
 des fehlerhaften Moduls: C:\Windows\SYSTEM32\ntdll.dll  Berichtskennung: ba0eeddb-77db-11e0-89bc-00262dbf66c7
 
[ System Events ]
Error - 03.01.2011 06:38:28 | Computer Name = minnie-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR2 gefunden.
 
Error - 03.01.2011 06:38:29 | Computer Name = minnie-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR2 gefunden.
 
Error - 03.01.2011 06:38:29 | Computer Name = minnie-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR2 gefunden.
 
Error - 10.01.2011 14:49:46 | Computer Name = minnie-PC | Source = Microsoft-Windows-Application-Experience | ID = 205
Description = Der Dienst "Programmkompatibilitäts-Assistent" konnte Phase 2 nicht
 initialisieren.
 
Error - 17.01.2011 10:21:07 | Computer Name = minnie-PC | Source = WMPNetworkSvc | ID = 866333
Description =
 
Error - 20.01.2011 20:17:43 | Computer Name = minnie-PC | Source = DCOM | ID = 10010
Description =
 
Error - 24.01.2011 14:39:08 | Computer Name = minnie-PC | Source = DCOM | ID = 10010
Description =
 
Error - 26.01.2011 15:18:32 | Computer Name = minnie-PC | Source = DCOM | ID = 10010
Description =
 
Error - 27.01.2011 09:05:49 | Computer Name = minnie-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?27.?01.?2011 um 14:03:06 unerwartet heruntergefahren.
 
Error - 31.01.2011 15:29:17 | Computer Name = minnie-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?31.?01.?2011 um 20:27:12 unerwartet heruntergefahren.
 
 
< End of report >
--- --- ---

cosinus 06.05.2011 19:42
Gibt es noch weitere Logs von Malwarebytes? Wenn ja bitte alle posten, die in Malwarebytes im Reiter Logdateien sichtbar sind.

minniemaus 06.05.2011 23:04
Hallo, Arne!
Danke für dein Interesse! Ich hab heute noch versucht, die Gmer-Datei anzuhängen und hab das zippen nicht hingekriegt... Ich versuchs jetzt nochmal und hab auch die Anti-Maleware Geschichte schon runtergeladen und laufen lassen.
Die Gmer-Sache muß ich noch erledigen -irgendwie ;-)
juhu!!! Ich hab die Gmer-Zip reingebracht! :-))):daumenhoc
Gruß
Myrjam

Malwarebytes' Anti-Malware 1.50.1.1100
Malwarebytes : Free anti-malware, anti-virus and spyware removal download

Datenbank Version: 6521

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

06.05.2011 23:54:53
mbam-log-2011-05-06 (23-54-53).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 277832
Laufzeit: 40 Minute(n), 44 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 3
Infizierte Verzeichnisse: 2
Infizierte Dateien: 5

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop\NoChangingWallPaper (PUM.Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Hijack.UserInit) -> Bad: (C:\Windows\system32\userinit.exe,C:\Users\minnie\AppData\Roaming\appconf32.exe,) Good: (userinit.exe) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (PUM.Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Infizierte Verzeichnisse:
c:\Users\minnie\AppData\Roaming\microsoft\Windows\start menu\Programs\windows recovery (Trojan.FakeAV) -> Quarantined and deleted successfully.
c:\recycle.bin (Trojan.Spyeyes) -> Delete on reboot.

Infizierte Dateien:
c:\Users\minnie\Desktop\windows recovery.lnk (Trojan.FakeAV) -> Quarantined and deleted successfully.
c:\Users\minnie\AppData\Roaming\microsoft\Windows\start menu\Programs\windows recovery\uninstall windows recovery.lnk (Trojan.FakeAV) -> Quarantined and deleted successfully.
c:\Users\minnie\AppData\Roaming\microsoft\Windows\start menu\Programs\windows recovery\windows recovery.lnk (Trojan.FakeAV) -> Quarantined and deleted successfully.
c:\recycle.bin\recycle.bin.exe (Trojan.SpyEyes) -> Quarantined and deleted successfully.
c:\recycle.bin\config.bin (Trojan.Spyeyes) -> Quarantined and deleted successfully.

minniemaus 07.05.2011 07:29
Hallo, nochmal!
Heute Nacht hab ich´s geschafft, den Kaspersky zu installieren und hab den mal gründlich laufen lassen. Mann, hat der noch einen Haufen Zeugs gefunden...
Mein letztes, großes Problem wäre jetzt, dass ich über die (alten) Dateien und Programme von C: nicht mehr verfügen kann und mein Desktop und Bildschirmschoner schwarz sind. Sollte ich die OTL, ERUNT und Gmer nochmal neu er- und hier einstellen?
Viele Grüße
Myrjam

cosinus 07.05.2011 15:03
Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:
:OTL
PRC - [2011.05.06 14:00:56 | 000,003,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\Temp\YYY8767.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | -H-- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{20cc694c-7df9-11df-ba53-1c4bd6e57822}\Shell - "" = AutoRun
O33 - MountPoints2\{20cc694c-7df9-11df-ba53-1c4bd6e57822}\Shell\AutoRun\command - "" = F:\pushinst.exe
[2011.04.28 15:03:23 | 000,000,000 | ---D | C] -- C:\Users\minnie\AppData\Roaming\5015
[2011.04.28 15:03:19 | 000,000,000 | ---D | C] -- C:\xmldm
[2011.04.28 15:03:19 | 000,000,000 | ---D | C] -- C:\kock
[2011.04.24 16:08:14 | 000,000,400 | -H-- | M] () -- C:\ProgramData\33087240
[2011.04.24 16:06:02 | 000,000,120 | -H-- | M] () -- C:\ProgramData\~33087240
[2011.04.24 16:06:01 | 000,000,635 | -H-- | M] () -- C:\Users\minnie\Desktop\Windows Recovery.lnk
[2011.04.24 16:06:01 | 000,000,136 | -H-- | M] () -- C:\ProgramData\~33087240r
:Commands
[purity]
[resethosts]
[emptytemp]
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

minniemaus 07.05.2011 22:41
Hallo, Arne!
Danke dir, erst mal! Hab ich gemacht. Hier der Bericht:
All processes killed
========== OTL ==========
No active process named YYY8767.exe was found!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\autoexec.bat moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{20cc694c-7df9-11df-ba53-1c4bd6e57822}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{20cc694c-7df9-11df-ba53-1c4bd6e57822}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{20cc694c-7df9-11df-ba53-1c4bd6e57822}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{20cc694c-7df9-11df-ba53-1c4bd6e57822}\ not found.
File F:\pushinst.exe not found.
C:\Users\minnie\AppData\Roaming\5015\components folder moved successfully.
C:\Users\minnie\AppData\Roaming\5015 folder moved successfully.
C:\xmldm folder moved successfully.
C:\kock folder moved successfully.
C:\ProgramData\33087240 moved successfully.
C:\ProgramData\~33087240 moved successfully.
File C:\Users\minnie\Desktop\Windows Recovery.lnk not found.
C:\ProgramData\~33087240r moved successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Fleischi
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: minnie
->Temp folder emptied: 13103191 bytes
->Temporary Internet Files folder emptied: 13864162 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 38593026 bytes
->Google Chrome cache emptied: 6199460 bytes
->Flash cache emptied: 709 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 1526766 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1588622 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 71,00 mb


OTL by OldTimer - Version 3.2.22.3 log created on 05072011_233820

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

cosinus 07.05.2011 23:29
Bitte nun dieses Tool von Kaspersky ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, bitte unhide ausführen:
Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop.
Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )
http://www.trojaner-board.de/images/icons/icon4.gif Vista und 7 User müssen das Tool per Rechtsklick als Administrator ausführen! http://www.trojaner-board.de/images/icons/icon4.gif

minniemaus 08.05.2011 00:22
Also, den TDSSKiller hab ich ausgeführt und den Malwarescan laufen lassen.
Hier das Ergebnis:

Malwarebytes' Anti-Malware 1.50.1.1100
Malwarebytes : Free anti-malware, anti-virus and spyware removal download

Datenbank Version: 6521

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

08.05.2011 01:16:22
mbam-log-2011-05-08 (01-16-22).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 161211
Laufzeit: 3 Minute(n), 47 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 1
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\4E3E0230AEBB4E96 (Trojan.SpyEyes) -> Value: 4E3E0230AEBB4E96 -> Quarantined and deleted successfully.

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)


unhide.exe hab ich auch laufen lassen, und sieh einer an!
Meine Desktop Icons sind wieder da!
Da muss ich gleich mal mein C: checken, hi, hi!

cosinus 08.05.2011 00:24
Das Log vom tdsskiller bräuchte ich noch. Liegt direkt auf C:

minniemaus 08.05.2011 00:35
WOW!!!
Herzlichen Dank!!!:bussi:
Alles ist wieder da!
Danke, dass du dir so viel Zeit für mich genommen hast, du bist mein Held! - Jetzt weiß ich auch, warum du den:kaffee: ausgewählt hast ...
Kann ich irgendwie herausfinden, wo ich mir das ganze Zeug eingefangen hab?
Viele Grüße
Myrjam :singsing:

cosinus 08.05.2011 01:44
Liest du irgendwie an meinen Postings vorbei? :stirn:

minniemaus 08.05.2011 14:00
Jawohl!
Tschuldigung!
Hab ich tatsächlich "überlesen" ;-)

Nix desto trotz, hier ist es:

2011/05/08 01:04:50.0120 2380 TDSS rootkit removing tool 2.5.0.0 May 1 2011 14:20:16
2011/05/08 01:04:50.0354 2380 ================================================================================
2011/05/08 01:04:50.0354 2380 SystemInfo:
2011/05/08 01:04:50.0370 2380
2011/05/08 01:04:50.0370 2380 OS Version: 6.1.7600 ServicePack: 0.0
2011/05/08 01:04:50.0370 2380 Product type: Workstation
2011/05/08 01:04:50.0370 2380 ComputerName: MINNIE-PC
2011/05/08 01:04:50.0370 2380 UserName: minnie
2011/05/08 01:04:50.0370 2380 Windows directory: C:\Windows
2011/05/08 01:04:50.0370 2380 System windows directory: C:\Windows
2011/05/08 01:04:50.0370 2380 Processor architecture: Intel x86
2011/05/08 01:04:50.0370 2380 Number of processors: 4
2011/05/08 01:04:50.0370 2380 Page size: 0x1000
2011/05/08 01:04:50.0370 2380 Boot type: Normal boot
2011/05/08 01:04:50.0370 2380 ================================================================================
2011/05/08 01:04:50.0682 2380 Initialize success
2011/05/08 01:05:08.0809 3928 ================================================================================
2011/05/08 01:05:08.0809 3928 Scan started
2011/05/08 01:05:08.0809 3928 Mode: Manual;
2011/05/08 01:05:08.0809 3928 ================================================================================
2011/05/08 01:05:10.0525 3928 1394ohci (6d2aca41739bfe8cb86ee8e85f29697d) C:\Windows\system32\DRIVERS\1394ohci.sys
2011/05/08 01:05:10.0556 3928 ACPI (f0e07d144c8685b8774bc32fc8da4df0) C:\Windows\system32\DRIVERS\ACPI.sys
2011/05/08 01:05:10.0603 3928 AcpiPmi (98d81ca942d19f7d9153b095162ac013) C:\Windows\system32\DRIVERS\acpipmi.sys
2011/05/08 01:05:10.0728 3928 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
2011/05/08 01:05:10.0852 3928 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
2011/05/08 01:05:10.0915 3928 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
2011/05/08 01:05:11.0040 3928 AFD (ddc040fdb01ef1712a6b13e52afb104c) C:\Windows\system32\drivers\afd.sys
2011/05/08 01:05:11.0086 3928 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\DRIVERS\agp440.sys
2011/05/08 01:05:11.0196 3928 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
2011/05/08 01:05:11.0336 3928 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\DRIVERS\aliide.sys
2011/05/08 01:05:11.0383 3928 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\DRIVERS\amdagp.sys
2011/05/08 01:05:11.0523 3928 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\DRIVERS\amdide.sys
2011/05/08 01:05:11.0570 3928 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
2011/05/08 01:05:11.0679 3928 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
2011/05/08 01:05:11.0726 3928 amdsata (2101a86c25c154f8314b24ef49d7fbc2) C:\Windows\system32\DRIVERS\amdsata.sys
2011/05/08 01:05:11.0835 3928 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
2011/05/08 01:05:11.0866 3928 amdxata (b81c2b5616f6420a9941ea093a92b150) C:\Windows\system32\DRIVERS\amdxata.sys
2011/05/08 01:05:11.0976 3928 AppID (feb834c02ce1e84b6a38f953ca067706) C:\Windows\system32\drivers\appid.sys
2011/05/08 01:05:12.0022 3928 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
2011/05/08 01:05:12.0116 3928 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
2011/05/08 01:05:12.0147 3928 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/05/08 01:05:12.0272 3928 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\DRIVERS\atapi.sys
2011/05/08 01:05:12.0444 3928 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
2011/05/08 01:05:12.0584 3928 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
2011/05/08 01:05:12.0709 3928 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
2011/05/08 01:05:12.0849 3928 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
2011/05/08 01:05:12.0990 3928 bowser (9a5c671b7fbae4865149bb11f59b91b2) C:\Windows\system32\DRIVERS\bowser.sys
2011/05/08 01:05:13.0052 3928 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
2011/05/08 01:05:13.0161 3928 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
2011/05/08 01:05:13.0208 3928 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
2011/05/08 01:05:13.0302 3928 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
2011/05/08 01:05:13.0348 3928 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
2011/05/08 01:05:13.0458 3928 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
2011/05/08 01:05:13.0504 3928 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
2011/05/08 01:05:13.0645 3928 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
2011/05/08 01:05:13.0707 3928 cdrom (ba6e70aa0e6091bc39de29477d866a77) C:\Windows\system32\DRIVERS\cdrom.sys
2011/05/08 01:05:13.0832 3928 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
2011/05/08 01:05:13.0879 3928 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
2011/05/08 01:05:14.0050 3928 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/05/08 01:05:14.0082 3928 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\DRIVERS\cmdide.sys
2011/05/08 01:05:14.0191 3928 CNG (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys
2011/05/08 01:05:14.0238 3928 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
2011/05/08 01:05:14.0347 3928 CompositeBus (f1724ba27e97d627f808fb0ba77a28a6) C:\Windows\system32\DRIVERS\CompositeBus.sys
2011/05/08 01:05:14.0394 3928 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
2011/05/08 01:05:14.0534 3928 CSCrySec (5cbf20674be8364febb6a13451a42f0a) C:\Windows\system32\DRIVERS\CSCrySec.sys
2011/05/08 01:05:14.0737 3928 CSVirtualDiskDrv (2c3f213eddd231099fb779a45d7680e0) C:\Windows\system32\DRIVERS\CSVirtualDiskDrv.sys
2011/05/08 01:05:14.0924 3928 DfsC (8e09e52ee2e3ceb199ef3dd99cf9e3fb) C:\Windows\system32\Drivers\dfsc.sys
2011/05/08 01:05:15.0018 3928 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
2011/05/08 01:05:15.0174 3928 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
2011/05/08 01:05:15.0236 3928 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
2011/05/08 01:05:15.0376 3928 DXGKrnl (1679a4669326cb1a67cc95658d273234) C:\Windows\System32\drivers\dxgkrnl.sys
2011/05/08 01:05:15.0595 3928 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
2011/05/08 01:05:15.0844 3928 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
2011/05/08 01:05:15.0954 3928 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\DRIVERS\errdev.sys
2011/05/08 01:05:16.0032 3928 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
2011/05/08 01:05:16.0141 3928 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
2011/05/08 01:05:16.0266 3928 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
2011/05/08 01:05:16.0312 3928 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
2011/05/08 01:05:16.0344 3928 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
2011/05/08 01:05:16.0453 3928 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/05/08 01:05:16.0515 3928 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
2011/05/08 01:05:16.0640 3928 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
2011/05/08 01:05:16.0671 3928 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
2011/05/08 01:05:16.0780 3928 fvevol (dafbd9fe39197495aed6d51f3b85b5d2) C:\Windows\system32\DRIVERS\fvevol.sys
2011/05/08 01:05:16.0843 3928 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
2011/05/08 01:05:17.0014 3928 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
2011/05/08 01:05:17.0061 3928 HdAudAddService (3530cad25deba7dc7de8bb51632cbc5f) C:\Windows\system32\drivers\HdAudio.sys
2011/05/08 01:05:17.0186 3928 HDAudBus (717a2207fd6f13ad3e664c7d5a43c7bf) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/05/08 01:05:17.0233 3928 HECI (a88485dc6a7136c10d9a6c7e38fdfe3c) C:\Windows\system32\DRIVERS\HECI.sys
2011/05/08 01:05:17.0342 3928 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
2011/05/08 01:05:17.0389 3928 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
2011/05/08 01:05:17.0498 3928 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
2011/05/08 01:05:17.0623 3928 HidUsb (25072fb35ac90b25f9e4e3bacf774102) C:\Windows\system32\DRIVERS\hidusb.sys
2011/05/08 01:05:17.0763 3928 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\DRIVERS\HpSAMD.sys
2011/05/08 01:05:17.0826 3928 HTTP (c531c7fd9e8b62021112787c4e2c5a5a) C:\Windows\system32\drivers\HTTP.sys
2011/05/08 01:05:17.0919 3928 hwpolicy (8305f33cde89ad6c7a0763ed0b5a8d42) C:\Windows\system32\drivers\hwpolicy.sys
2011/05/08 01:05:17.0950 3928 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/05/08 01:05:18.0075 3928 iaStor (26541a068572f650a2fa490726fe81be) C:\Windows\system32\DRIVERS\iaStor.sys
2011/05/08 01:05:18.0200 3928 iaStorV (934af4d7c5f457b9f0743f4299b77b67) C:\Windows\system32\DRIVERS\iaStorV.sys
2011/05/08 01:05:18.0434 3928 igfx (8266ae06df974e5ba047b3e9e9e70b3f) C:\Windows\system32\DRIVERS\igdkmd32.sys
2011/05/08 01:05:18.0730 3928 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
2011/05/08 01:05:18.0793 3928 Impcd (03c0d99bc2913226f1cea7cb0d984659) C:\Windows\system32\DRIVERS\Impcd.sys
2011/05/08 01:05:18.0949 3928 IntcAzAudAddService (f4427e5df32cde359b2e2e5512d18001) C:\Windows\system32\drivers\RTKVHDA.sys
2011/05/08 01:05:19.0152 3928 IntcDAud (bf31740828a26ab451803e3b35432651) C:\Windows\system32\DRIVERS\IntcDAud.sys
2011/05/08 01:05:19.0198 3928 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\DRIVERS\intelide.sys
2011/05/08 01:05:19.0308 3928 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
2011/05/08 01:05:19.0370 3928 IPMIDRV (e4454b6c37d7ffd5649611f6496308a7) C:\Windows\system32\DRIVERS\IPMIDrv.sys
2011/05/08 01:05:19.0479 3928 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
2011/05/08 01:05:19.0526 3928 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
2011/05/08 01:05:19.0557 3928 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\DRIVERS\isapnp.sys
2011/05/08 01:05:19.0666 3928 iScsiPrt (ed46c223ae46c6866ab77cdc41c404b7) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/05/08 01:05:19.0713 3928 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/05/08 01:05:19.0838 3928 kbdhid (3d9f0ebf350edcfd6498057301455964) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/05/08 01:05:19.0994 3928 kl1 (ce3958f58547454884e97bda78cd7040) C:\Windows\system32\DRIVERS\kl1.sys
2011/05/08 01:05:20.0041 3928 KLBG (53eedab3f0511321ac3ae8bc968b158c) C:\Windows\system32\DRIVERS\klbg.sys
2011/05/08 01:05:20.0197 3928 KLIF (723f185c945c0a6d2e21c2bb26a46fe7) C:\Windows\system32\DRIVERS\klif.sys
2011/05/08 01:05:20.0368 3928 KLIM6 (892cc162dc88ab084c86485879526c59) C:\Windows\system32\DRIVERS\klim6.sys
2011/05/08 01:05:20.0400 3928 klmouflt (aa63a815876a76987b5dbce6af7478e9) C:\Windows\system32\DRIVERS\klmouflt.sys
2011/05/08 01:05:20.0431 3928 KSecDD (e36a061ec11b373826905b21be10948f) C:\Windows\system32\Drivers\ksecdd.sys
2011/05/08 01:05:20.0540 3928 KSecPkg (365c6154bbbc5377173f1ca7bfb6cc59) C:\Windows\system32\Drivers\ksecpkg.sys
2011/05/08 01:05:20.0680 3928 L1C (4566fd5f4416e7fef3600e4b30d086c3) C:\Windows\system32\DRIVERS\L1C62x86.sys
2011/05/08 01:05:20.0743 3928 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
2011/05/08 01:05:20.0899 3928 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
2011/05/08 01:05:20.0946 3928 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
2011/05/08 01:05:21.0070 3928 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
2011/05/08 01:05:21.0117 3928 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
2011/05/08 01:05:21.0289 3928 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
2011/05/08 01:05:21.0367 3928 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
2011/05/08 01:05:21.0648 3928 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
2011/05/08 01:05:21.0835 3928 mod7700 (5b9ca81817e046666e7abf8b9b101545) C:\Windows\system32\DRIVERS\mod7700.sys
2011/05/08 01:05:22.0131 3928 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
2011/05/08 01:05:22.0381 3928 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
2011/05/08 01:05:22.0552 3928 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
2011/05/08 01:05:22.0896 3928 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
2011/05/08 01:05:23.0005 3928 mountmgr (921c18727c5920d6c0300736646931c2) C:\Windows\system32\drivers\mountmgr.sys
2011/05/08 01:05:23.0098 3928 mpio (2af5997438c55fb79d33d015c30e1974) C:\Windows\system32\DRIVERS\mpio.sys
2011/05/08 01:05:23.0348 3928 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
2011/05/08 01:05:23.0644 3928 MRxDAV (b1be47008d20e43da3adc37c24cdb89d) C:\Windows\system32\drivers\mrxdav.sys
2011/05/08 01:05:23.0820 3928 mrxsmb (b4c76ef46322a9711c7b0f4e21ef6ea5) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/05/08 01:05:24.0040 3928 mrxsmb10 (e593d45024a3fdd11e93cc4a6ca91101) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/05/08 01:05:24.0280 3928 mrxsmb20 (a9f86c82c9cc3b679cc3957e1183a30f) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/05/08 01:05:24.0470 3928 msahci (4326d168944123f38dd3b2d9c37a0b12) C:\Windows\system32\DRIVERS\msahci.sys
2011/05/08 01:05:24.0620 3928 msdsm (455029c7174a2dbb03dba8a0d8bddd9a) C:\Windows\system32\DRIVERS\msdsm.sys
2011/05/08 01:05:24.0850 3928 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
2011/05/08 01:05:25.0020 3928 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
2011/05/08 01:05:25.0080 3928 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\DRIVERS\msisadrv.sys
2011/05/08 01:05:25.0310 3928 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
2011/05/08 01:05:25.0500 3928 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/05/08 01:05:25.0680 3928 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
2011/05/08 01:05:25.0740 3928 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
2011/05/08 01:05:25.0900 3928 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/05/08 01:05:26.0150 3928 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
2011/05/08 01:05:26.0410 3928 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
2011/05/08 01:05:26.0640 3928 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
2011/05/08 01:05:26.0907 3928 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
2011/05/08 01:05:27.0126 3928 NDIS (23759d175a0a9baaf04d05047bc135a8) C:\Windows\system32\drivers\ndis.sys
2011/05/08 01:05:27.0297 3928 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
2011/05/08 01:05:27.0484 3928 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/05/08 01:05:27.0578 3928 Ndisuio (b30ae7f2b6d7e343b0df32e6c08fce75) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/05/08 01:05:27.0750 3928 NdisWan (267c415eadcbe53c9ca873dee39cf3a4) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/05/08 01:05:27.0890 3928 NDProxy (af7e7c63dcef3f8772726f86039d6eb4) C:\Windows\system32\drivers\NDProxy.sys
2011/05/08 01:05:27.0952 3928 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
2011/05/08 01:05:28.0186 3928 NetBT (dd52a733bf4ca5af84562a5e2f963b91) C:\Windows\system32\DRIVERS\netbt.sys
2011/05/08 01:05:28.0389 3928 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
2011/05/08 01:05:28.0576 3928 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
2011/05/08 01:05:28.0717 3928 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
2011/05/08 01:05:28.0795 3928 Ntfs (3795dcd21f740ee799fb7223234215af) C:\Windows\system32\drivers\Ntfs.sys
2011/05/08 01:05:28.0857 3928 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
2011/05/08 01:05:29.0013 3928 nvraid (3f3d04b1d08d43c16ea7963954ec768d) C:\Windows\system32\DRIVERS\nvraid.sys
2011/05/08 01:05:29.0200 3928 nvstor (c99f251a5de63c6f129cf71933aced0f) C:\Windows\system32\DRIVERS\nvstor.sys
2011/05/08 01:05:29.0310 3928 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\DRIVERS\nv_agp.sys
2011/05/08 01:05:29.0403 3928 NxpCap (6ed44348ca155a86a5b9802db2cebc69) C:\Windows\system32\DRIVERS\NxpCap.sys
2011/05/08 01:05:29.0559 3928 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\DRIVERS\ohci1394.sys
2011/05/08 01:05:29.0622 3928 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
2011/05/08 01:05:29.0793 3928 partmgr (ff4218952b51de44fe910953a3e686b9) C:\Windows\system32\drivers\partmgr.sys
2011/05/08 01:05:29.0965 3928 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
2011/05/08 01:05:30.0090 3928 pci (c858cb77c577780ecc456a892e7e7d0f) C:\Windows\system32\DRIVERS\pci.sys
2011/05/08 01:05:30.0152 3928 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\DRIVERS\pciide.sys
2011/05/08 01:05:30.0277 3928 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
2011/05/08 01:05:30.0433 3928 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
2011/05/08 01:05:30.0589 3928 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
2011/05/08 01:05:30.0776 3928 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
2011/05/08 01:05:30.0838 3928 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
2011/05/08 01:05:30.0994 3928 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
2011/05/08 01:05:31.0213 3928 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
2011/05/08 01:05:31.0338 3928 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
2011/05/08 01:05:31.0494 3928 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
2011/05/08 01:05:31.0634 3928 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
2011/05/08 01:05:31.0806 3928 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
2011/05/08 01:05:32.0008 3928 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/05/08 01:05:32.0196 3928 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/05/08 01:05:32.0336 3928 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
2011/05/08 01:05:32.0383 3928 rdbss (835d7e81bf517a3b72384bdcc85e1ce6) C:\Windows\system32\DRIVERS\rdbss.sys
2011/05/08 01:05:32.0617 3928 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
2011/05/08 01:05:32.0773 3928 RDPCDD (1e016846895b15a99f9a176a05029075) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/05/08 01:05:33.0007 3928 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
2011/05/08 01:05:33.0178 3928 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
2011/05/08 01:05:33.0319 3928 RDPWD (801371ba9782282892d00aadb08ee367) C:\Windows\system32\drivers\RDPWD.sys
2011/05/08 01:05:33.0584 3928 rdyboost (4ea225bf1cf05e158853f30a99ca29a7) C:\Windows\system32\drivers\rdyboost.sys
2011/05/08 01:05:33.0756 3928 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
2011/05/08 01:05:33.0896 3928 RSUSBSTOR (a633399432491bb173bb3cf3b41b9c55) C:\Windows\System32\Drivers\RtsUStor.sys
2011/05/08 01:05:34.0036 3928 rtl8192se (b5e9979fbb26fc059bd87a81f763d5da) C:\Windows\system32\DRIVERS\rtl8192se.sys
2011/05/08 01:05:34.0208 3928 sbp2port (34ee0c44b724e3e4ce2eff29126de5b5) C:\Windows\system32\DRIVERS\sbp2port.sys
2011/05/08 01:05:34.0286 3928 scfilter (a95c54b2ac3cc9c73fcdf9e51a1d6b51) C:\Windows\system32\DRIVERS\scfilter.sys
2011/05/08 01:05:34.0520 3928 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2011/05/08 01:05:34.0707 3928 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
2011/05/08 01:05:34.0785 3928 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
2011/05/08 01:05:34.0910 3928 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
2011/05/08 01:05:35.0113 3928 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\DRIVERS\sffdisk.sys
2011/05/08 01:05:35.0253 3928 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\DRIVERS\sffp_mmc.sys
2011/05/08 01:05:35.0394 3928 sffp_sd (a0708bbd07d245c06ff9de549ca47185) C:\Windows\system32\DRIVERS\sffp_sd.sys
2011/05/08 01:05:35.0581 3928 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
2011/05/08 01:05:35.0784 3928 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\DRIVERS\sisagp.sys
2011/05/08 01:05:35.0940 3928 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
2011/05/08 01:05:35.0971 3928 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
2011/05/08 01:05:36.0127 3928 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
2011/05/08 01:05:36.0408 3928 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
2011/05/08 01:05:36.0501 3928 srv (4a9b0f215de2519e2363f91df25c1e97) C:\Windows\system32\DRIVERS\srv.sys
2011/05/08 01:05:36.0610 3928 srv2 (14c44875518ae1c982e54ea8c5f7fe28) C:\Windows\system32\DRIVERS\srv2.sys
2011/05/08 01:05:36.0782 3928 srvnet (07a14223b0a50e76ade003fdf95d4fec) C:\Windows\system32\DRIVERS\srvnet.sys
2011/05/08 01:05:36.0922 3928 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
2011/05/08 01:05:37.0063 3928 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\DRIVERS\swenum.sys
2011/05/08 01:05:37.0203 3928 SynTP (d776eb85a20696d9d43129ccf6e703e2) C:\Windows\system32\DRIVERS\SynTP.sys
2011/05/08 01:05:37.0312 3928 Tcpip (bb7f39c31c4a4417fd318e7cd184e225) C:\Windows\system32\drivers\tcpip.sys
2011/05/08 01:05:37.0468 3928 TCPIP6 (bb7f39c31c4a4417fd318e7cd184e225) C:\Windows\system32\DRIVERS\tcpip.sys
2011/05/08 01:05:37.0687 3928 tcpipreg (e64444523add154f86567c469bc0b17f) C:\Windows\system32\drivers\tcpipreg.sys
2011/05/08 01:05:37.0874 3928 TDPIPE (1875c1490d99e70e449e3afae9fcbadf) C:\Windows\system32\drivers\tdpipe.sys
2011/05/08 01:05:37.0952 3928 TDTCP (7551e91ea999ee9a8e9c331d5a9c31f3) C:\Windows\system32\drivers\tdtcp.sys
2011/05/08 01:05:38.0139 3928 tdx (cb39e896a2a83702d1737bfd402b3542) C:\Windows\system32\DRIVERS\tdx.sys
2011/05/08 01:05:38.0264 3928 TermDD (c36f41ee20e6999dbf4b0425963268a5) C:\Windows\system32\DRIVERS\termdd.sys
2011/05/08 01:05:38.0560 3928 tssecsrv (98ae6fa07d12cb4ec5cf4a9bfa5f4242) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/05/08 01:05:38.0732 3928 tunnel (3e461d890a97f9d4c168f5fda36e1d00) C:\Windows\system32\DRIVERS\tunnel.sys
2011/05/08 01:05:38.0826 3928 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
2011/05/08 01:05:38.0950 3928 udfs (09cc3e16f8e5ee7168e01cf8fcbe061a) C:\Windows\system32\DRIVERS\udfs.sys
2011/05/08 01:05:39.0122 3928 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\DRIVERS\uliagpkx.sys
2011/05/08 01:05:39.0278 3928 umbus (049b3a50b3d646baeeee9eec9b0668dc) C:\Windows\system32\DRIVERS\umbus.sys
2011/05/08 01:05:39.0340 3928 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
2011/05/08 01:05:39.0481 3928 usbccgp (8455c4ed038efd09e99327f9d2d48ffa) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/05/08 01:05:39.0528 3928 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\DRIVERS\usbcir.sys
2011/05/08 01:05:39.0684 3928 usbehci (ff32d4f3ec3c68b2ca61782c7964f54e) C:\Windows\system32\DRIVERS\usbehci.sys
2011/05/08 01:05:39.0777 3928 usbhub (b0dfc7b484e0ca0c27bda5433b82d94a) C:\Windows\system32\DRIVERS\usbhub.sys
2011/05/08 01:05:39.0886 3928 usbohci (a6fb7957ea7afb1165991e54ce934b74) C:\Windows\system32\DRIVERS\usbohci.sys
2011/05/08 01:05:40.0011 3928 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
2011/05/08 01:05:40.0105 3928 usbscan (576096ccbc07e7c4ea4f5e6686d6888f) C:\Windows\system32\DRIVERS\usbscan.sys
2011/05/08 01:05:40.0276 3928 USBSTOR (d8889d56e0d27e57ed4591837fe71d27) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/05/08 01:05:40.0401 3928 usbuhci (78780c3ebce17405b1ccd07a3a8a7d72) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/05/08 01:05:40.0510 3928 usbvideo (b5f6a992d996282b7fae7048e50af83a) C:\Windows\System32\Drivers\usbvideo.sys
2011/05/08 01:05:40.0635 3928 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\DRIVERS\vdrvroot.sys
2011/05/08 01:05:40.0729 3928 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/05/08 01:05:40.0838 3928 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
2011/05/08 01:05:40.0900 3928 vhdmp (3be6e1f3a4f1afec8cee0d7883f93583) C:\Windows\system32\DRIVERS\vhdmp.sys
2011/05/08 01:05:41.0025 3928 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\DRIVERS\viaagp.sys
2011/05/08 01:05:41.0072 3928 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
2011/05/08 01:05:41.0166 3928 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\DRIVERS\viaide.sys
2011/05/08 01:05:41.0212 3928 volmgr (384e5a2aa49934295171e499f86ba6f3) C:\Windows\system32\DRIVERS\volmgr.sys
2011/05/08 01:05:41.0244 3928 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
2011/05/08 01:05:41.0353 3928 volsnap (58df9d2481a56edde167e51b334d44fd) C:\Windows\system32\DRIVERS\volsnap.sys
2011/05/08 01:05:41.0431 3928 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
2011/05/08 01:05:41.0540 3928 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\system32\DRIVERS\vwifibus.sys
2011/05/08 01:05:41.0602 3928 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\Windows\system32\DRIVERS\vwififlt.sys
2011/05/08 01:05:41.0696 3928 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
2011/05/08 01:05:41.0758 3928 WANARP (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
2011/05/08 01:05:41.0774 3928 Wanarpv6 (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
2011/05/08 01:05:41.0868 3928 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
2011/05/08 01:05:41.0914 3928 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
2011/05/08 01:05:42.0070 3928 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
2011/05/08 01:05:42.0102 3928 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
2011/05/08 01:05:42.0273 3928 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\DRIVERS\wmiacpi.sys
2011/05/08 01:05:42.0429 3928 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
2011/05/08 01:05:42.0492 3928 WudfPf (6f9b6c0c93232cff47d0f72d6db1d21e) C:\Windows\system32\drivers\WudfPf.sys
2011/05/08 01:05:42.0616 3928 WUDFRd (f91ff1e51fca30b3c3981db7d5924252) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/05/08 01:05:42.0772 3928 X10Hid (1f93fcb5bab3a921ecba522f63586f4a) C:\Windows\System32\Drivers\x10hid.sys
2011/05/08 01:05:42.0897 3928 XUIF (378dc1b0b1f62a7488ee8d31a3c6e949) C:\Windows\System32\Drivers\x10ufx2.sys
2011/05/08 01:05:43.0038 3928 ================================================================================
2011/05/08 01:05:43.0038 3928 Scan finished
2011/05/08 01:05:43.0038 3928 ================================================================================
2011/05/08 01:06:20.0166 2320 Deinitialize success

cosinus 08.05.2011 14:35
Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Lade dir ComboFix hier herunter auf deinen Desktop. Benenne es beim Runterladen um in cofi.exe.
http://saved.im/mtm0nzyzmzd5/cofi.jpg
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

minniemaus 09.05.2011 22:28
Ei, ei, ei!
Geschafft!
Hatte so meine Probleme damit..
Hier ist das Ergebnis:

Combofix Logfile:
Code:
ComboFix 11-05-09.01 - minnie 09.05.2011  23:02:27.3.4 - x86
Microsoft Windows 7 Home Premium  6.1.7600.0.1252.49.1031.18.2935.2087 [GMT 2:00]
ausgeführt von:: c:\users\minnie\Desktop\cofi.exe
AV: Kaspersky PURE *Disabled/Updated* {56547CC9-C9B2-849D-8FEF-A496150D6A06}
FW: Kaspersky PURE *Disabled* {6E6FFDEC-83DD-85C5-A4B0-0DA3EBDE2D7D}
SP: Kaspersky PURE *Disabled/Updated* {ED359D2D-EF88-8B13-B55F-9FE46E8A20BB}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((  Dateien erstellt von 2011-04-09 bis 2011-05-09  ))))))))))))))))))))))))))))))
.
.
2011-05-09 21:07 . 2011-05-09 21:07        --------        d-----w-        c:\users\Fleischi\AppData\Local\temp
2011-05-09 21:07 . 2011-05-09 21:07        --------        d-----w-        c:\users\Default\AppData\Local\temp
2011-05-09 20:49 . 2011-05-09 20:49        --------        d-----w-        c:\program files\CCleaner
2011-05-09 19:55 . 2011-05-09 20:05        --------        d-----w-        C:\cofi
2011-05-09 19:31 . 2011-05-09 19:55        --------        d-----w-        C:\ComboFix
2011-05-08 12:56 . 2011-02-18 05:33        31232        ----a-w-        c:\windows\system32\prevhost.exe
2011-05-08 12:56 . 2011-03-11 05:44        146304        ----a-w-        c:\windows\system32\drivers\storport.sys
2011-05-08 12:56 . 2011-03-11 05:44        143744        ----a-w-        c:\windows\system32\drivers\nvstor.sys
2011-05-08 12:56 . 2011-03-11 05:44        1210240        ----a-w-        c:\windows\system32\drivers\ntfs.sys
2011-05-08 12:56 . 2011-03-11 05:44        117120        ----a-w-        c:\windows\system32\drivers\nvraid.sys
2011-05-08 12:56 . 2011-03-11 05:43        332160        ----a-w-        c:\windows\system32\drivers\iaStorV.sys
2011-05-08 12:56 . 2011-03-11 05:43        80256        ----a-w-        c:\windows\system32\drivers\amdsata.sys
2011-05-08 12:56 . 2011-03-11 05:43        22400        ----a-w-        c:\windows\system32\drivers\amdxata.sys
2011-05-08 12:56 . 2011-03-11 05:39        1686016        ----a-w-        c:\windows\system32\esent.dll
2011-05-08 12:56 . 2011-03-11 05:37        74240        ----a-w-        c:\windows\system32\fsutil.exe
2011-05-08 12:55 . 2011-03-12 11:31        442880        ----a-w-        c:\windows\system32\XpsPrint.dll
2011-05-08 12:55 . 2011-02-26 05:33        2614784        ----a-w-        c:\windows\explorer.exe
2011-05-07 21:38 . 2011-05-07 21:38        --------        d-----w-        C:\_OTL
2011-05-07 07:04 . 2009-07-14 01:19        245328        ----a-w-        c:\windows\system32\drivers\volsnap.sys
2011-05-06 23:36 . 2010-10-01 20:05        162392 begin_of_the_skype_highlighting**************05 162392******end_of_the_skype_highlighting        ----a-w-        c:\program files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru\components\KavLinkFilter.dll
2011-05-06 23:36 . 2011-05-06 23:48        115267        ----a-w-        c:\windows\system32\drivers\klin.dat
2011-05-06 23:36 . 2011-05-06 23:48        97859        ----a-w-        c:\windows\system32\drivers\klick.dat
2011-05-06 23:36 . 2011-05-06 23:36        --------        dc----w-        c:\windows\system32\DRVSTORE
2011-05-06 23:36 . 2009-12-14 10:44        88632        ----a-w-        c:\windows\system32\drivers\CSCrySec.sys
2011-05-06 23:36 . 2009-12-14 10:44        39352        ----a-w-        c:\windows\system32\drivers\CSVirtualDiskDrv.sys
2011-05-06 23:35 . 2011-05-09 20:22        --------        d-----w-        c:\programdata\Kaspersky Lab
2011-05-06 23:35 . 2011-05-06 23:35        --------        d-----w-        c:\program files\Kaspersky Lab
2011-05-06 23:35 . 2011-05-06 23:35        --------        d-----w-        c:\program files\Common Files\InfoWatch
2011-05-06 23:27 . 2011-04-11 07:04        7071056        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{3C4A0EA7-C23A-49CB-AFA5-DCEBCFC4102D}\mpengine.dll
2011-05-06 20:54 . 2011-05-06 20:54        --------        d-----w-        c:\users\minnie\AppData\Roaming\Malwarebytes
2011-05-06 20:47 . 2010-12-20 16:09        38224        ----a-w-        c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-06 20:47 . 2011-05-06 20:47        --------        d-----w-        c:\programdata\Malwarebytes
2011-04-28 13:42 . 2011-04-28 13:42        --------        d-----w-        c:\users\minnie\AppData\Roaming\UAs
2011-04-28 13:03 . 2011-04-28 13:03        112        ----a-w-        c:\users\minnie\AppData\Roaming\srvblck2.tmp
2011-04-28 13:03 . 2011-04-28 13:47        --------        d-----w-        c:\users\minnie\AppData\Roaming\xmldm
2011-04-28 13:03 . 2011-04-28 13:03        --------        d-----w-        c:\users\minnie\AppData\Roaming\kock
2011-04-28 12:53 . 2011-04-28 12:53        --------        d-----w-        c:\programdata\Kaspersky Lab Setup Files
2011-04-26 21:39 . 2011-04-26 21:40        --------        d-----w-        C:\Eigene Dateien zusatz
2011-04-16 18:23 . 2011-03-03 03:31        2331136        ----a-w-        c:\windows\system32\win32k.sys
2011-04-16 18:23 . 2011-02-24 05:32        288256        ----a-w-        c:\windows\system32\XpsGdiConverter.dll
2011-04-16 18:22 . 2011-03-08 05:38        740864        ----a-w-        c:\windows\system32\inetcomm.dll
2011-04-16 18:22 . 2011-03-11 05:40        1137664        ----a-w-        c:\windows\system32\mfc42.dll
2011-04-16 18:22 . 2011-03-11 05:40        1164288        ----a-w-        c:\windows\system32\mfc42u.dll
2011-04-16 18:22 . 2011-02-23 05:05        221696        ----a-w-        c:\windows\system32\drivers\mrxsmb10.sys
2011-04-16 18:22 . 2011-02-23 05:05        95744        ----a-w-        c:\windows\system32\drivers\mrxsmb20.sys
2011-04-16 18:22 . 2011-02-23 05:05        123392        ----a-w-        c:\windows\system32\drivers\mrxsmb.sys
2011-04-16 18:22 . 2011-02-23 05:05        69632        ----a-w-        c:\windows\system32\drivers\bowser.sys
2011-04-10 20:57 . 2011-04-10 21:31        --------        d-----w-        c:\users\minnie\AppData\Local\S2
2011-04-10 20:56 . 2011-04-10 20:56        98304        ----a-w-        c:\windows\system32\CmdLineExt.dll
2011-04-10 20:56 . 2011-04-10 20:56        --------        d-----r-        c:\users\minnie\AppData\Roaming\SecuROM
2011-04-10 12:10 . 2005-05-26 13:34        2297552        ----a-w-        c:\windows\system32\d3dx9_26.dll
2011-04-10 11:33 . 2011-04-10 11:33        --------        d-----w-        c:\program files\THQ
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-02-19 05:33 . 2011-03-08 22:23        802304        ----a-w-        c:\windows\system32\FntCache.dll
2011-02-19 05:32 . 2011-03-08 22:23        1074176        ----a-w-        c:\windows\system32\DWrite.dll
2011-02-19 05:32 . 2011-03-08 22:23        739840        ----a-w-        c:\windows\system32\d2d1.dll
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\KAVOverlayIcon]
@="{dd230880-495a-11d1-b064-008048ec2fc5}"
[HKEY_CLASSES_ROOT\CLSID\{dd230880-495a-11d1-b064-008048ec2fc5}]
2010-10-01 20:05        129624        ----a-w-        c:\program files\Kaspersky Lab\Kaspersky PURE\shellex.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\\Phone\Skype.exe" [2010-09-02 13351304]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Wbutton"="c:\program files\Launch Manager\Wbutton.exe" [2010-01-13 413696]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-12-11 1594664]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2010-04-06 8555040]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RtHDVBg.exe" [2010-04-06 694816]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-17 421888]
"LMgrVolOSD"="c:\program files\Launch Manager\OSD.exe" [2009-12-11 348960]
"LexwareInfoService"="c:\program files\Common Files\Lexware\Update Manager\LxUpdateManager.exe" [2010-09-15 339312]
"HotkeyApp"="c:\program files\Launch Manager\HotkeyApp.exe" [2009-12-14 200704]
"CLMLServer"="c:\program files\CyberLink\Power2Go\CLMLSvc.exe" [2009-11-02 103720]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky PURE\avp.exe" [2010-10-01 348760]
.
c:\users\minnie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.2.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-5-20 1195008]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Hardcopy.LNK - c:\program files\Hardcopy\hardcopy.exe [2010-6-23 1725440]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\KASPER~1\KASPER~1\kloehk.dll c:\progra~1\KASPER~1\KASPER~1\mzvkbd3.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2010-08-25 18:45        171032        ----a-w-        c:\windows\System32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2010-08-25 18:45        136216        ----a-w-        c:\windows\System32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2010-08-25 18:45        170520        ----a-w-        c:\windows\System32\igfxpers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-08-04 136176]
R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\Common Files\MAGIX Services\Database\bin\fbserver.exe [2008-08-07 3276800]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-08-04 136176]
R3 NxpCap;CTX capture service;c:\windows\system32\DRIVERS\NxpCap.sys [2010-02-04 1558368]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\System32\Drivers\RtsUStor.sys [2010-03-24 191008]
S0 CSCrySec;InfoWatch Encrypt Sector Library driver;c:\windows\system32\DRIVERS\CSCrySec.sys [2009-12-14 88632]
S0 KLBG;Kaspersky Lab Boot Guard Driver;c:\windows\system32\DRIVERS\klbg.sys [2009-10-14 36880]
S1 CSVirtualDiskDrv;InfoWatch Virtual Disk driver;c:\windows\system32\DRIVERS\CSVirtualDiskDrv.sys [2009-12-14 39352]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [2009-09-14 21520]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 CSObjectsSrv;Verwaltungsservice vom CryproStorage-System;c:\program files\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe [2009-12-21 743992]
S2 Fabs;FABS - Helping agent for MAGIX media database;c:\program files\Common Files\MAGIX Services\Database\bin\FABS.exe [2009-02-03 1155072]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-03-03 13336]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2009-12-10 2320920]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2010-02-10 132352]
S3 IntcDAud;Intel(R) Display-Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-02-03 232960]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys [2009-10-02 19472]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x86.sys [2010-03-04 67624]
S3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\DRIVERS\rtl8192se.sys [2010-04-01 1009184]
S3 WisLMSvc;WisLMSvc;c:\program files\Launch Manager\WisLMSvc.exe [2009-10-22 118560]
S3 X10Hid;X10 Hid Device;c:\windows\System32\Drivers\x10hid.sys [2009-05-13 13720]
.
.
Inhalt des "geplante Tasks" Ordners
.
2011-05-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore1cc0771faeb8a83.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-04 19:54]
.
2011-05-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA1cc0771fb166348.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-04 19:54]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.aldi.com
IE: add to &BOM - c:\\PROGRA~1\\BIET-O~1\\\\AddToBOM.hta
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: {{0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - eBay - eine der größten deutschen Shopping-Websites
FF - ProfilePath - c:\users\minnie\AppData\Roaming\Mozilla\Firefox\Profiles\k003e2dl.default\
FF - prefs.js: browser.startup.homepage - Google
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Skype extension for Firefox: {AB2CE124-6272-4b12-94A9-7303C7397BD1} - c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
FF - Ext: Kaspersky URL Advisor: linkfilter@kaspersky.ru - c:\program files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru
FF - Ext: DownloadHelper: {b9db16a4-6edc-47ec-a1f4-b86292ed211d} - %profile%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF - Ext: FireShot: {0b457cAA-602d-484a-8fe7-c1d894a011ba} - %profile%\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-487931405-2085747511-1338590169-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:c2,0a,96,f9,55,87,36,ca,dd,77,16,cb,2d,21,ce,6a,83,b1,e8,d6,70,3d,1b,
  8a,11,32,9c,11,df,27,0f,51,eb,a6,44,64,60,1a,68,54,74,6a,38,22,54,79,6d,90,\
"??"=hex:5f,15,55,1b,22,37,ef,8f,49,77,48,76,f9,7c,3c,d5
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2011-05-09  23:09:07
ComboFix-quarantined-files.txt  2011-05-09 21:09
ComboFix2.txt  2011-05-09 20:04
ComboFix3.txt  2011-05-09 19:39
.
Vor Suchlauf: 14 Verzeichnis(se), 191.843.864.576 Bytes frei
Nach Suchlauf: 15 Verzeichnis(se), 191.816.458.240 Bytes frei
.
- - End Of File - - BD3D12ED31E748289214D5C87C7F13D5
--- --- ---


Wenn ich Firefox aufrufen wollte bekam ich irgendeine Meldung von einem unzulässigen Vorgang bezgl. der Registrierungsdatei ...
Nach einem Neustart kein Problem mehr. ?? Firefox war bei combofix-Lauf evtl noch aktiv :wtf: Sorry!

cosinus 10.05.2011 11:02
Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.


Downloade Dir danach bitte MBRCheck (by a_d_13) und speichere die Datei auf dem Desktop.
  • Doppelklick auf die MBRCheck.exe.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Das Tool braucht nur wenige Sekunden.
  • Danach solltest du eine MBRCheck_<Datum>_<Uhrzeit>.txt auf dem Desktop finden.
Poste mir bitte den Inhalt des .txt Dokumentes


Alle Zeitangaben in WEZ +1. Es ist jetzt 08:53 Uhr.
Seite 1 von 3 1 23
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55