Trojaner-Board - BKA Österreich Trojaner auf Win XP - leider noch ein infizierter Rechner

Trojaner-Board (https://www.trojaner-board.de/)

- Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)

- - BKA Österreich Trojaner auf Win XP - leider noch ein infizierter Rechner (https://www.trojaner-board.de/120777-bka-osterreich-trojaner-win-xp-leider-noch-infizierter-rechner.html)

BKA Österreich Trojaner auf Win XP - leider noch ein infizierter Rechner

Nachdem das ja letztens bei dem anderen Rechner wieder so gut geklappt hat, hoffe ich erneut auf die Hilfe in dem Forum:

hier das OTLog:

OTL Logfile:

Code:

OTL logfile created on: 28.07.2012 03:28:37 - Run 1

OTL by OldTimer - Version 3.2.54.1     Folder = C:\Dokumente und Einstellungen\Herbert\Desktop

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 6.0.2900.5512)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

1,99 Gb Total Physical Memory | 1,52 Gb Available Physical Memory | 76,20% Memory free

3,84 Gb Paging File | 3,50 Gb Available in Paging File | 91,07% Paging File free

Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme

Drive C: | 149,04 Gb Total Space | 122,76 Gb Free Space | 82,37% Space Free | Partition Type: NTFS

Drive F: | 3,61 Gb Total Space | 1,19 Gb Free Space | 32,96% Space Free | Partition Type: FAT32

 

Computer Name: NOTEBOOK | User Name: Herbert | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Processes (SafeList) ==========

 

PRC - [2012.07.23 23:41:00 | 000,061,952 | ---- | M] () -- C:\temp\npkglqqllbg.exe

PRC - [2012.07.23 01:01:15 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Herbert\Desktop\OTL.exe

PRC - [2012.01.23 06:43:08 | 000,247,728 | ---- | M] (TomTom) -- C:\Programme\TomTom HOME 2\TomTomHOMERunner.exe

PRC - [2012.01.23 06:43:08 | 000,092,592 | ---- | M] (TomTom) -- C:\Programme\TomTom HOME 2\TomTomHOMEService.exe

PRC - [2011.12.06 12:17:56 | 001,694,608 | ---- | M] (Bandoo Media, inc) -- C:\Programme\Windows iLivid Toolbar\Datamngr\datamngrUI.exe

PRC - [2011.06.09 14:06:06 | 000,254,696 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe

PRC - [2010.03.16 03:58:36 | 000,718,208 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Office\Office14\MSOSYNC.EXE

PRC - [2010.01.15 14:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Programme\McAfee Security Scan\2.0.181\SSScheduler.exe

PRC - [2008.05.07 10:33:54 | 000,524,288 | ---- | M] () -- C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe

PRC - [2008.04.14 04:22:45 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

PRC - [2007.04.26 11:30:24 | 000,192,512 | ---- | M] (Wistron) -- C:\Programme\Launch Manager\HotkeyApp.exe

PRC - [2006.11.17 21:45:26 | 000,118,784 | ---- | M] (Wistron Corp.) -- C:\Programme\Launch Manager\WisLMSvc.exe

PRC - [2003.06.20 00:25:00 | 000,322,120 | ---- | M] (Microsoft Corporation) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE

PRC - [2003.01.21 14:26:00 | 000,098,304 | ---- | M] () -- C:\Programme\NewSoft\Smart Start UP\PnPDetect.exe

 

 
 ========== Modules (No Company Name) ==========

 

MOD - [2012.07.23 23:41:00 | 000,061,952 | ---- | M] () -- C:\temp\npkglqqllbg.exe

MOD - [2012.04.04 07:53:56 | 000,301,056 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.DEU

MOD - [2010.01.30 03:41:12 | 004,254,560 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF

MOD - [2008.05.07 10:33:54 | 000,524,288 | ---- | M] () -- C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe

MOD - [2008.04.14 04:22:16 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll

MOD - [2007.08.13 11:39:15 | 000,022,723 | ---- | M] () -- C:\WINDOWS\system32\cl31cl3.dll

MOD - [2003.01.21 14:26:00 | 000,098,304 | ---- | M] () -- C:\Programme\NewSoft\Smart Start UP\PnPDetect.exe

 

 
 ========== Win32 Services (SafeList) ==========

 

SRV - [2012.07.17 22:00:33 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)

SRV - [2012.01.23 06:43:08 | 000,092,592 | ---- | M] (TomTom) [Auto | Running] -- C:\Programme\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)

SRV - [2010.03.25 11:25:22 | 030,969,208 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)

SRV - [2010.01.15 14:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Programme\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)

SRV - [2010.01.09 22:37:50 | 004,640,000 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)

SRV - [2010.01.09 22:18:00 | 000,149,352 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE -- (ose)

SRV - [2008.04.14 04:22:13 | 000,164,746 | RHS- | M] () [Auto | Stopped] -- C:\WINDOWS\system32\rqmlkdi.dll -- (qlkvz)

SRV - [2006.11.17 21:45:26 | 000,118,784 | ---- | M] (Wistron Corp.) [On_Demand | Running] -- C:\Programme\Launch Manager\WisLMSvc.exe -- (WisLMSvc)

SRV - [2003.06.20 00:25:00 | 000,322,120 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE -- (MDM)

 

 
 ========== Driver Services (SafeList) ==========

 

DRV - File not found [Kernel | On_Demand | Stopped] --  -- (WDICA)

DRV - File not found [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\Drivers\SSPORT.sys -- (SSPORT)

DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRFRAME)

DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRELI)

DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDFRAME)

DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDCOMP)

DRV - File not found [Kernel | System | Stopped] --  -- (PCIDump)

DRV - File not found [Kernel | System | Stopped] --  -- (mailKmd)

DRV - File not found [Kernel | System | Stopped] --  -- (lbrtfdc)

DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\ANDROIDUSB.sys -- (HTCAND32)

DRV - File not found [Kernel | System | Stopped] --  -- (Changer)

DRV - [2009.09.10 14:55:52 | 000,102,528 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ewusbmdm.sys -- (hwdatacard)

DRV - [2009.07.24 18:33:24 | 000,100,736 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ewusbdev.sys -- (hwusbdev)

DRV - [2008.06.20 13:08:27 | 000,225,856 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tcpip6.sys -- (Tcpip6)

DRV - [2007.08.13 04:48:57 | 000,041,984 | ---- | M] (Samsung Electronics Co., Ltd.) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\DGIVECP.SYS -- (DgiVecp)

DRV - [2007.05.01 11:11:54 | 000,630,272 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CHDAud.sys -- (HdAudAddService)

DRV - [2007.02.25 08:05:24 | 002,203,520 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NETw4x32.sys -- (NETw4x32)

DRV - [2007.02.07 01:43:26 | 000,090,880 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)

DRV - [2004.08.03 23:29:52 | 000,166,912 | ---- | M] (S3 Graphics, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s3gnbm.sys -- (S3SavageNB)

DRV - [2003.04.28 12:27:06 | 000,009,867 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\HOTKEY.sys -- (Hotkey)

 

 
 ========== Standard Registry (SafeList) ==========

 

 
 ========== Internet Explorer ==========

 

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.at/

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 
 ========== FireFox ==========

 

FF - prefs.js..browser.startup.homepage: "google.at"

FF - user.js - File not found

 

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_3_300_265.dll ()

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Programme\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Programme\Microsoft Silverlight\2.0.31005.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Programme\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Dokumente und Einstellungen\Herbert\Lokale Einstellungen\Anwendungsdaten\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Dokumente und Einstellungen\Herbert\Lokale Einstellungen\Anwendungsdaten\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)

FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Dokumente und Einstellungen\Herbert\Lokale Einstellungen\Anwendungsdaten\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

 

 

[2012.04.14 20:53:50 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Herbert\Anwendungsdaten\Mozilla\Extensions

[2012.04.14 20:53:50 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Herbert\Anwendungsdaten\Mozilla\Extensions\home2@tomtom.com

[2012.07.21 04:52:05 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions

[2011.10.03 06:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\mozilla firefox\plugins\npdeployJava1.dll

[2012.02.20 12:56:20 | 000,000,158 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\Search the web.src

[2012.01.24 17:03:03 | 000,002,519 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\Search_Results.xml

 
 ========== Chrome  ==========

 

CHR - homepage: 

CHR - default_search_provider: Google (Enabled)

CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}

CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}

CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer

CHR - plugin: Native Client (Enabled) = C:\Dokumente und Einstellungen\Herbert\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\Application\20.0.1132.57\ppGoogleNaClPluginChrome.dll

CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Dokumente und Einstellungen\Herbert\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\Application\20.0.1132.57\pdf.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\Dokumente und Einstellungen\Herbert\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\Application\20.0.1132.57\gcswf32.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll

CHR - plugin: Adobe Acrobat (Enabled) = C:\Programme\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll

CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Programme\Java\jre6\bin\new_plugin\npdeployJava1.dll

CHR - plugin: Java(TM) Platform SE 6 U29 (Enabled) = C:\Programme\Java\jre6\bin\new_plugin\npjp2.dll

CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Programme\Windows Media Player\npdrmv2.dll

CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Programme\Windows Media Player\npwmsdrm.dll

CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Programme\Windows Media Player\npdsplay.dll

CHR - plugin: Google Update (Enabled) = C:\Dokumente und Einstellungen\Herbert\Lokale Einstellungen\Anwendungsdaten\Google\Update\1.3.21.111\npGoogleUpdate3.dll

CHR - plugin: Unity Player (Enabled) = C:\Dokumente und Einstellungen\Herbert\Lokale Einstellungen\Anwendungsdaten\Unity\WebPlayer\loader\npUnity3D32.dll

CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL

CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL

CHR - plugin: Shockwave for Director (Enabled) = C:\WINDOWS\system32\Adobe\Director\np32dsw.dll

CHR - plugin: Silverlight Plug-In (Enabled) = c:\Programme\Microsoft Silverlight\2.0.31005.0\npctrl.dll

CHR - Extension: Build with Chrome = C:\Dokumente und Einstellungen\Herbert\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\lbbbhbjeecagnlfgggogfclkdjamoapf\0.0.0.2_0\

 

O1 HOSTS File: ([2004.08.04 14:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1       localhost

O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)

O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)

O2 - BHO: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\Programme\Windows iLivid Toolbar\Datamngr\ToolBar\searchqudtx.dll ()

O2 - BHO: (DataMngr) - {9D717F81-9148-4f12-8568-69135F087DB0} - C:\Programme\Windows iLivid Toolbar\Datamngr\BrowserConnection.dll (Bandoo Media, inc)

O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)

O3 - HKLM\..\Toolbar: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\Programme\Windows iLivid Toolbar\Datamngr\ToolBar\searchqudtx.dll ()

O3 - HKLM\..\Toolbar: (toolplugin) - {DFEFCDEE-CF1A-4FC8-89AF-189327213627} - C:\Dokumente und Einstellungen\Herbert\Anwendungsdaten\toolplugin\toolbar.dll ()

O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.

O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [CtrlVol] C:\Programme\Launch Manager\CtrlVol.exe File not found

O4 - HKLM..\Run: [DATAMNGR] C:\Programme\Windows iLivid Toolbar\Datamngr\datamngrUI.exe (Bandoo Media, inc)

O4 - HKLM..\Run: [HotkeyApp] C:\Programme\Launch Manager\HotkeyApp.exe (Wistron)

O4 - HKLM..\Run: [LaunchAp] C:\Programme\Launch Manager\LaunchAp.exe File not found

O4 - HKLM..\Run: [Samsung PanelMgr] C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe ()

O4 - HKLM..\Run: [Smart Start UP] C:\Programme\NewSoft\Smart Start UP\PnPDetect.exe ()

O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)

O4 - HKLM..\Run: [Wbutton] C:\Programme\Launch Manager\WButton.exe File not found

O4 - HKCU..\Run: [] C:\temp\npkglqqllbg.exe ()

O4 - HKCU..\Run: [2H1XUE6D9XZY9J2UYYZBVVKWYB] C:\Acrotreta-W\AC479530BB3.exe /q File not found

O4 - HKCU..\Run: [2H1XUE7E9XZY9J2UKSLHDGRQIM] C:\Acrotreta-W\AC479530BB3.exe /q File not found

O4 - HKCU..\Run: [8YWHVYZHXW3Y8HXAXVWLFUU] C:\AcrotrebarW\AE87BAB0BB3.exe ()

O4 - HKCU..\Run: [8YXCVHZH1XZY9J1BGKTLVSEKOQTC] C:\Acrotreta1W\AC479B30BB3.exe (From unruly retrievers to pampered pugs)

O4 - HKCU..\Run: [8YXCVYZHXW3Y8HXABZCLFOW] C:\AcrotrebarW\AE87BAB0BB3.exe ()

O4 - HKCU..\Run: [OfficeSyncProcess] C:\Programme\Microsoft Office\Office14\MSOSYNC.EXE (Microsoft Corporation)

O4 - HKCU..\Run: [TomTomHOME.exe] C:\Programme\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)

O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\McAfee Security Scan Plus.lnk = C:\Programme\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.)

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: Netscape = C:\Dokumente und Einstellungen\Herbert\Anwendungsdaten\B50B7C.exe (The Red Stick International Animation Festival is pleased to announce that the deadline for entries in their 2012 Best of the Fest competition has been extended)

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: DataMngr_Toolbar = C:\Dokumente und Einstellungen\Herbert\Anwendungsdaten\C224D2.exe ()

O8 - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)

O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 File not found

O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)

O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)

O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CACAF8D2-19CE-46C4-9606-D4479DA0718F}: DhcpNameServer = 195.16.241.140 195.16.241.241

O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)

O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)

O20 - AppInit_DLLs: (C:\PROGRA~1\WINDOW~4\Datamngr\datamngr.dll) - C:\Programme\Windows iLivid Toolbar\Datamngr\datamngr.dll (Bandoo Media, inc)

O20 - AppInit_DLLs: (C:\PROGRA~1\WINDOW~4\Datamngr\IEBHO.dll) - C:\Programme\Windows iLivid Toolbar\Datamngr\IEBHO.dll (Bandoo Media, inc)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)

O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home

O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\Herbert\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp

O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\Herbert\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp

O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)

O29 - HKLM SecurityProviders - (UblavrAtliky.dll) - C:\WINDOWS\System32\UblavrAtliky.dll ()

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2007.07.24 19:03:40 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O32 - AutoRun File - [2008.04.14 04:22:14 | 000,059,310 | RHS- | M] () - F:\autorun.inf -- [ FAT32 ]

O33 - MountPoints2\{01ac006e-bd11-11e1-ac1a-0016d3860ac1}\Shell - "" = AutoRun

O33 - MountPoints2\{01ac006e-bd11-11e1-ac1a-0016d3860ac1}\Shell\AutoRun - "" = Auto&Play

O33 - MountPoints2\{01ac006e-bd11-11e1-ac1a-0016d3860ac1}\Shell\AutoRun\command - "" = F:\AutoRun.exe

O33 - MountPoints2\{1754fa1a-3e9a-11e1-aae9-0016d3860ac1}\Shell - "" = AutoRun

O33 - MountPoints2\{1754fa1a-3e9a-11e1-aae9-0016d3860ac1}\Shell\AutoRun - "" = Auto&Play

O33 - MountPoints2\{1754fa1a-3e9a-11e1-aae9-0016d3860ac1}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RuNdLl32.EXE      .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn

O33 - MountPoints2\{1754fa1b-3e9a-11e1-aae9-0016d3860ac1}\Shell - "" = AutoRun

O33 - MountPoints2\{1754fa1b-3e9a-11e1-aae9-0016d3860ac1}\Shell\AutoRun - "" = Auto&Play

O33 - MountPoints2\{1754fa1b-3e9a-11e1-aae9-0016d3860ac1}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RuNdLl32.EXE      .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn

O33 - MountPoints2\{1aab6dd3-6a65-11e0-a894-0016d3860ac1}\Shell - "" = AutoRun

O33 - MountPoints2\{1aab6dd3-6a65-11e0-a894-0016d3860ac1}\Shell\AutoRun - "" = Auto&Play

O33 - MountPoints2\{1aab6dd3-6a65-11e0-a894-0016d3860ac1}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RuNdLl32.EXE      .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn

O33 - MountPoints2\{1f12d06c-0a77-11de-a62b-0016d3860ac1}\Shell - "" = AutoRun

O33 - MountPoints2\{1f12d06c-0a77-11de-a62b-0016d3860ac1}\Shell\AutoRun - "" = Auto&Play

O33 - MountPoints2\{1f12d06c-0a77-11de-a62b-0016d3860ac1}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RUNdLl32.ExE  .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn

O33 - MountPoints2\{25fb9bfe-69cf-11e1-ab51-0016d3860ac1}\Shell - "" = AutoRun

O33 - MountPoints2\{25fb9bfe-69cf-11e1-ab51-0016d3860ac1}\Shell\AutoRun - "" = Auto&Play

O33 - MountPoints2\{25fb9bfe-69cf-11e1-ab51-0016d3860ac1}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RuNdLl32.EXE      .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn

O33 - MountPoints2\{2d56062a-3ac5-11e1-aae0-0016d3860ac1}\Shell - "" = AutoRun

O33 - MountPoints2\{2d56062a-3ac5-11e1-aae0-0016d3860ac1}\Shell\AutoRun - "" = Auto&Play

O33 - MountPoints2\{2d56062a-3ac5-11e1-aae0-0016d3860ac1}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RuNdLl32.EXE      .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn

O33 - MountPoints2\{42dbb088-0522-11df-a639-0016d3860ac1}\Shell - "" = AutoRun

O33 - MountPoints2\{42dbb088-0522-11df-a639-0016d3860ac1}\Shell\AutoRun - "" = Auto&Play

O33 - MountPoints2\{42dbb088-0522-11df-a639-0016d3860ac1}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RuNdLl32.EXE      .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn

O33 - MountPoints2\{71079f11-abd7-11e1-abf6-0016d3860ac1}\Shell - "" = AutoRun

O33 - MountPoints2\{71079f11-abd7-11e1-abf6-0016d3860ac1}\Shell\AutoRun - "" = Auto&Play

O33 - MountPoints2\{71079f11-abd7-11e1-abf6-0016d3860ac1}\Shell\AutoRun\command - "" = F:\AutoRun.exe

O33 - MountPoints2\{73f8cf54-afaa-11e1-abff-0016d3860ac1}\Shell - "" = AutoRun

O33 - MountPoints2\{73f8cf54-afaa-11e1-abff-0016d3860ac1}\Shell\AutoRun - "" = Auto&Play

O33 - MountPoints2\{73f8cf54-afaa-11e1-abff-0016d3860ac1}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RuNdLl32.EXE      .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn

O33 - MountPoints2\{768f4c7e-dab3-11e0-a9d9-0016d3860ac1}\Shell - "" = AutoRun

O33 - MountPoints2\{768f4c7e-dab3-11e0-a9d9-0016d3860ac1}\Shell\AutoRun - "" = Auto&Play

O33 - MountPoints2\{768f4c7e-dab3-11e0-a9d9-0016d3860ac1}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RuNdLl32.EXE      .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn

O33 - MountPoints2\{9320b652-2222-11df-a63e-0016d3860ac1}\Shell - "" = AutoRun

O33 - MountPoints2\{9320b652-2222-11df-a63e-0016d3860ac1}\Shell\AutoRun - "" = Auto&Play

O33 - MountPoints2\{9320b652-2222-11df-a63e-0016d3860ac1}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RuNdLl32.EXE      .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn

O33 - MountPoints2\{d2155f94-9bd0-11de-a635-0016d3860ac1}\Shell - "" = AutoRun

O33 - MountPoints2\{d2155f94-9bd0-11de-a635-0016d3860ac1}\Shell\AutoRun - "" = Auto&Play

O33 - MountPoints2\{d2155f94-9bd0-11de-a635-0016d3860ac1}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RuNdLl32.EXE      .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn

O33 - MountPoints2\{d4ab9844-437e-11e1-aaef-0016d3860ac1}\Shell - "" = AutoRun

O33 - MountPoints2\{d4ab9844-437e-11e1-aaef-0016d3860ac1}\Shell\AutoRun - "" = Auto&Play

O33 - MountPoints2\{d4ab9844-437e-11e1-aaef-0016d3860ac1}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RuNdLl32.EXE      .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn

O33 - MountPoints2\{da3518ba-d852-11e1-ac5f-0016d3860ac1}\Shell - "" = AutoRun

O33 - MountPoints2\{da3518ba-d852-11e1-ac5f-0016d3860ac1}\Shell\AutoRun - "" = Auto&Play

O33 - MountPoints2\{da3518ba-d852-11e1-ac5f-0016d3860ac1}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RuNdLl32.EXE      .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

 
 ========== Files/Folders - Created Within 30 Days ==========

 

[2012.07.23 01:19:02 | 003,889,704 | ---- | C] (Piriform Ltd) -- C:\Dokumente und Einstellungen\Herbert\Desktop\ccsetup320.exe

[2012.07.23 01:01:07 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Herbert\Desktop\OTL.exe

[2012.07.18 01:44:16 | 016,648,408 | ---- | C] (Mozilla) -- C:\Dokumente und Einstellungen\Herbert\Desktop\Firefox Setup 14.0.1.exe

[2012.07.17 21:15:12 | 000,426,184 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe

[2012.07.11 19:50:18 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Herbert\Startmenü\Programme\Google Chrome

[2007.07.24 18:45:29 | 000,042,046 | -HS- | C] (The Red Stick International Animation Festival is pleased to announce that the deadline for entries in their 2012 Best of the Fest competition has been extended) -- C:\Dokumente und Einstellungen\Herbert\Anwendungsdaten\B50B7C.exe

[1 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ]

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

 
 ========== Files - Modified Within 30 Days ==========

 

[2012.07.28 03:18:43 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2012.07.28 03:18:27 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2012.07.28 03:18:25 | 2137,444,352 | -HS- | M] () -- C:\hiberfil.sys

[2012.07.25 00:08:55 | 000,398,440 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat

[2012.07.25 00:08:55 | 000,386,856 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat

[2012.07.25 00:08:55 | 000,066,890 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat

[2012.07.25 00:08:55 | 000,055,964 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

[2012.07.24 22:00:15 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job

[2012.07.24 21:59:16 | 000,001,218 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3129675875-673297077-2773509995-1005UA.job

[2012.07.24 10:20:26 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat

[2012.07.24 03:01:42 | 000,002,489 | ---- | M] () -- C:\Dokumente und Einstellungen\Herbert\Desktop\Microsoft Word 2010.lnk

[2012.07.24 01:59:00 | 000,001,166 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3129675875-673297077-2773509995-1005Core.job

[2012.07.23 01:19:08 | 003,889,704 | ---- | M] (Piriform Ltd) -- C:\Dokumente und Einstellungen\Herbert\Desktop\ccsetup320.exe

[2012.07.23 01:01:15 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Herbert\Desktop\OTL.exe

[2012.07.21 04:50:21 | 000,002,386 | ---- | M] () -- C:\Dokumente und Einstellungen\Herbert\Desktop\Google Chrome.lnk

[2012.07.18 01:44:32 | 016,648,408 | ---- | M] (Mozilla) -- C:\Dokumente und Einstellungen\Herbert\Desktop\Firefox Setup 14.0.1.exe

[2012.07.17 22:00:32 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe

[2012.07.17 22:00:32 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl

[2012.06.29 15:07:49 | 000,049,152 | ---- | M] () -- C:\WINDOWS\System32\PIE_DUMP.DAT

[2012.06.28 19:59:44 | 000,098,816 | ---- | M] () -- C:\Dokumente und Einstellungen\Herbert\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[1 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ]

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

 
 ========== Files Created - No Company Name ==========

 

[2012.07.18 01:36:41 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat

[2012.07.17 21:15:13 | 000,000,884 | ---- | C] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job

[2012.07.11 19:50:18 | 000,002,386 | ---- | C] () -- C:\Dokumente und Einstellungen\Herbert\Desktop\Google Chrome.lnk

[2012.07.11 19:49:17 | 000,001,218 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3129675875-673297077-2773509995-1005UA.job

[2012.07.11 19:49:17 | 000,001,166 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3129675875-673297077-2773509995-1005Core.job

[2012.06.22 15:16:30 | 000,003,776 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini

[2012.06.18 08:12:25 | 000,019,968 | ---- | C] () -- C:\WINDOWS\Installer\{898963ff-8fd7-41e4-e50f-b211e20e61f4}\U\800000cb.@

[2012.06.18 08:12:25 | 000,013,312 | ---- | C] () -- C:\WINDOWS\Installer\{898963ff-8fd7-41e4-e50f-b211e20e61f4}\U\80000000.@

[2012.06.18 08:12:25 | 000,001,712 | ---- | C] () -- C:\WINDOWS\Installer\{898963ff-8fd7-41e4-e50f-b211e20e61f4}\U\00000001.@

[2012.06.18 08:12:10 | 000,013,824 | ---- | C] () -- C:\WINDOWS\System32\UblavrAtliky.dll

[2012.02.20 10:34:04 | 000,000,046 | ---- | C] () -- C:\Dokumente und Einstellungen\Herbert\Anwendungsdaten\B50B7C.dat

[2011.12.07 14:33:00 | 000,000,000 | ---- | C] () -- C:\WINDOWS\WpsC3Nsm.INI

[2011.03.11 15:39:39 | 000,000,062 | ---- | C] () -- C:\WINDOWS\civ.ini

[2011.01.09 15:31:52 | 000,479,232 | ---- | C] () -- C:\WINDOWS\ssndii.exe

[2011.01.09 15:30:26 | 000,022,723 | ---- | C] () -- C:\WINDOWS\System32\cl31cl3.dll

[2011.01.09 15:30:25 | 000,172,032 | ---- | C] () -- C:\WINDOWS\System32\SecSNMP.dll

[2010.09.22 02:35:16 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\PIE_DUMP.DAT

[2010.09.22 02:35:13 | 000,143,360 | R--- | C] () -- C:\WINDOWS\System32\PF1800LC.dll

[2010.09.22 02:35:13 | 000,049,152 | R--- | C] () -- C:\WINDOWS\System32\PWiaExt.dll

[2010.09.22 02:32:37 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\daspi32u.dll

[2010.09.22 02:32:37 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\IO_PORT.DLL

[2010.09.22 02:32:37 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\FVC.DLL

[2010.09.22 02:32:37 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\SQ1394.DLL

[2010.09.22 02:32:37 | 000,010,624 | ---- | C] () -- C:\WINDOWS\System32\GENEUSB.SYS

[2010.09.22 02:32:37 | 000,010,624 | ---- | C] () -- C:\WINDOWS\System32\drivers\GENEUSB.SYS

[2010.09.22 02:32:37 | 000,000,234 | ---- | C] () -- C:\WINDOWS\Scanner.ini

[2010.09.22 02:22:12 | 000,001,796 | ---- | C] () -- C:\WINDOWS\If42le.ini

[2010.09.22 02:22:12 | 000,000,296 | ---- | C] () -- C:\WINDOWS\Pexplore.ini

[2010.09.22 02:21:28 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\IPPCPUID.DLL

[2010.08.21 22:13:48 | 000,002,366 | ---- | C] () -- C:\Dokumente und Einstellungen\Herbert\Anwendungsdaten\mdbu.bin

[2009.07.05 09:47:38 | 000,098,816 | ---- | C] () -- C:\Dokumente und Einstellungen\Herbert\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2009.01.22 14:50:13 | 000,000,140 | ---- | C] () -- C:\Dokumente und Einstellungen\Herbert\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat

[2007.07.24 18:45:59 | 000,002,048 | -HS- | C] () -- C:\WINDOWS\Installer\{898963ff-8fd7-41e4-e50f-b211e20e61f4}\@

[2007.07.24 18:45:59 | 000,002,048 | -HS- | C] () -- C:\Dokumente und Einstellungen\Herbert\Lokale Einstellungen\Anwendungsdaten\{898963ff-8fd7-41e4-e50f-b211e20e61f4}\@

[2007.07.24 18:45:29 | 000,011,776 | -HS- | C] () -- C:\Dokumente und Einstellungen\Herbert\Anwendungsdaten\C224D2.exe
 

< End of report >

--- --- ---

:hallo:

Fixen mit OTL

Lade (falls noch nicht vorhanden) OTL von Oldtimer herunter und speichere es auf Deinem Desktop (nicht woanders hin).

Deaktiviere etwaige Virenscanner wie Avira, Kaspersky etc.
Starte die OTL.exe.
Vista- und Windows 7-User starten mit Rechtsklick auf das Programm-Icon und wählen "Als Administrator ausführen".
Kopiere folgendes Skript in das Textfeld unterhalb von Benuterdefinierte Scans/Fixes:

Code:

:OTL

PRC - [2012.07.23 23:41:00 | 000,061,952 | ---- | M] () -- C:\temp\npkglqqllbg.exe 

MOD - [2012.07.23 23:41:00 | 000,061,952 | ---- | M] () -- C:\temp\npkglqqllbg.exe 

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA) 

DRV - File not found [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\Drivers\SSPORT.sys -- (SSPORT) 

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME) 

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI) 

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME) 

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP) 

DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump) 

DRV - File not found [Kernel | System | Stopped] -- -- (mailKmd) 

DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc) 

DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\ANDROIDUSB.sys -- (HTCAND32) 

DRV - File not found [Kernel | System | Stopped] -- -- (Changer) 

DRV - [2003.04.28 12:27:06 | 000,009,867 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\HOTKEY.sys -- (Hotkey) 

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 

FF - prefs.js..browser.startup.homepage: "google.at" 

FF - user.js - File not found 

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Dokumente und Einstellungen\Herbert\Lokale Einstellungen\Anwendungsdaten\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) 

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Dokumente und Einstellungen\Herbert\Lokale Einstellungen\Anwendungsdaten\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) 

CHR - plugin: Google Update (Enabled) = C:\Dokumente und Einstellungen\Herbert\Lokale Einstellungen\Anwendungsdaten\Google\Update\1.3.21.111\npGoogleUpdate3.dll 

O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) 

O2 - BHO: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\Programme\Windows iLivid Toolbar\Datamngr\ToolBar\searchqudtx.dll () 

O3 - HKLM\..\Toolbar: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\Programme\Windows iLivid Toolbar\Datamngr\ToolBar\searchqudtx.dll () 

O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found. 

O4 - HKLM..\Run: [CtrlVol] C:\Programme\Launch Manager\CtrlVol.exe File not found 

O4 - HKLM..\Run: [LaunchAp] C:\Programme\Launch Manager\LaunchAp.exe File not found 

O4 - HKLM..\Run: [Wbutton] C:\Programme\Launch Manager\WButton.exe File not found 

O4 - HKCU..\Run: [] C:\temp\npkglqqllbg.exe () 

O4 - HKCU..\Run: [2H1XUE6D9XZY9J2UYYZBVVKWYB] C:\Acrotreta-W\AC479530BB3.exe /q File not found 

O4 - HKCU..\Run: [2H1XUE7E9XZY9J2UKSLHDGRQIM] C:\Acrotreta-W\AC479530BB3.exe /q File not found 

O4 - HKCU..\Run: [8YWHVYZHXW3Y8HXAXVWLFUU] C:\AcrotrebarW\AE87BAB0BB3.exe () 

O4 - HKCU..\Run: [8YXCVYZHXW3Y8HXABZCLFOW] C:\AcrotrebarW\AE87BAB0BB3.exe () 

O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\McAfee Security Scan Plus.lnk = C:\Programme\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.) 

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: Netscape = C:\Dokumente und Einstellungen\Herbert\Anwendungsdaten\B50B7C.exe (The Red Stick International Animation Festival is pleased to announce that the deadline for entries in their 2012 Best of the Fest competition has been extended) 

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: DataMngr_Toolbar = C:\Dokumente und Einstellungen\Herbert\Anwendungsdaten\C224D2.exe () 

O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 File not found 

O32 - HKLM CDRom: AutoRun - 1 

O32 - AutoRun File - [2007.07.24 19:03:40 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] 

O32 - AutoRun File - [2008.04.14 04:22:14 | 000,059,310 | RHS- | M] () - F:\autorun.inf -- [ FAT32 ] 

O33 - MountPoints2\{01ac006e-bd11-11e1-ac1a-0016d3860ac1}\Shell - "" = AutoRun 

O33 - MountPoints2\{01ac006e-bd11-11e1-ac1a-0016d3860ac1}\Shell\AutoRun - "" = Auto&Play 

O33 - MountPoints2\{01ac006e-bd11-11e1-ac1a-0016d3860ac1}\Shell\AutoRun\command - "" = F:\AutoRun.exe 

O33 - MountPoints2\{1754fa1a-3e9a-11e1-aae9-0016d3860ac1}\Shell - "" = AutoRun 

O33 - MountPoints2\{1754fa1a-3e9a-11e1-aae9-0016d3860ac1}\Shell\AutoRun - "" = Auto&Play 

O33 - MountPoints2\{1754fa1a-3e9a-11e1-aae9-0016d3860ac1}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RuNdLl32.EXE .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn 

O33 - MountPoints2\{1754fa1b-3e9a-11e1-aae9-0016d3860ac1}\Shell - "" = AutoRun 

O33 - MountPoints2\{1754fa1b-3e9a-11e1-aae9-0016d3860ac1}\Shell\AutoRun - "" = Auto&Play 

O33 - MountPoints2\{1754fa1b-3e9a-11e1-aae9-0016d3860ac1}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RuNdLl32.EXE .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn 

O33 - MountPoints2\{1aab6dd3-6a65-11e0-a894-0016d3860ac1}\Shell - "" = AutoRun 

O33 - MountPoints2\{1aab6dd3-6a65-11e0-a894-0016d3860ac1}\Shell\AutoRun - "" = Auto&Play 

O33 - MountPoints2\{1aab6dd3-6a65-11e0-a894-0016d3860ac1}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RuNdLl32.EXE .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn 

O33 - MountPoints2\{1f12d06c-0a77-11de-a62b-0016d3860ac1}\Shell - "" = AutoRun 

O33 - MountPoints2\{1f12d06c-0a77-11de-a62b-0016d3860ac1}\Shell\AutoRun - "" = Auto&Play 

O33 - MountPoints2\{1f12d06c-0a77-11de-a62b-0016d3860ac1}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RUNdLl32.ExE .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn 

O33 - MountPoints2\{25fb9bfe-69cf-11e1-ab51-0016d3860ac1}\Shell - "" = AutoRun 

O33 - MountPoints2\{25fb9bfe-69cf-11e1-ab51-0016d3860ac1}\Shell\AutoRun - "" = Auto&Play 

O33 - MountPoints2\{25fb9bfe-69cf-11e1-ab51-0016d3860ac1}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RuNdLl32.EXE .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn 

O33 - MountPoints2\{2d56062a-3ac5-11e1-aae0-0016d3860ac1}\Shell - "" = AutoRun 

O33 - MountPoints2\{2d56062a-3ac5-11e1-aae0-0016d3860ac1}\Shell\AutoRun - "" = Auto&Play 

O33 - MountPoints2\{2d56062a-3ac5-11e1-aae0-0016d3860ac1}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RuNdLl32.EXE .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn 

O33 - MountPoints2\{42dbb088-0522-11df-a639-0016d3860ac1}\Shell - "" = AutoRun 

O33 - MountPoints2\{42dbb088-0522-11df-a639-0016d3860ac1}\Shell\AutoRun - "" = Auto&Play 

O33 - MountPoints2\{42dbb088-0522-11df-a639-0016d3860ac1}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RuNdLl32.EXE .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn 

O33 - MountPoints2\{71079f11-abd7-11e1-abf6-0016d3860ac1}\Shell - "" = AutoRun 

O33 - MountPoints2\{71079f11-abd7-11e1-abf6-0016d3860ac1}\Shell\AutoRun - "" = Auto&Play 

O33 - MountPoints2\{71079f11-abd7-11e1-abf6-0016d3860ac1}\Shell\AutoRun\command - "" = F:\AutoRun.exe 

O33 - MountPoints2\{73f8cf54-afaa-11e1-abff-0016d3860ac1}\Shell - "" = AutoRun 

O33 - MountPoints2\{73f8cf54-afaa-11e1-abff-0016d3860ac1}\Shell\AutoRun - "" = Auto&Play 

O33 - MountPoints2\{73f8cf54-afaa-11e1-abff-0016d3860ac1}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RuNdLl32.EXE .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn 

O33 - MountPoints2\{768f4c7e-dab3-11e0-a9d9-0016d3860ac1}\Shell - "" = AutoRun 

O33 - MountPoints2\{768f4c7e-dab3-11e0-a9d9-0016d3860ac1}\Shell\AutoRun - "" = Auto&Play 

O33 - MountPoints2\{768f4c7e-dab3-11e0-a9d9-0016d3860ac1}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RuNdLl32.EXE .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn 

O33 - MountPoints2\{9320b652-2222-11df-a63e-0016d3860ac1}\Shell - "" = AutoRun 

O33 - MountPoints2\{9320b652-2222-11df-a63e-0016d3860ac1}\Shell\AutoRun - "" = Auto&Play 

O33 - MountPoints2\{9320b652-2222-11df-a63e-0016d3860ac1}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RuNdLl32.EXE .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn 

O33 - MountPoints2\{d2155f94-9bd0-11de-a635-0016d3860ac1}\Shell - "" = AutoRun 

O33 - MountPoints2\{d2155f94-9bd0-11de-a635-0016d3860ac1}\Shell\AutoRun - "" = Auto&Play 

O33 - MountPoints2\{d2155f94-9bd0-11de-a635-0016d3860ac1}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RuNdLl32.EXE .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn 

O33 - MountPoints2\{d4ab9844-437e-11e1-aaef-0016d3860ac1}\Shell - "" = AutoRun 

O33 - MountPoints2\{d4ab9844-437e-11e1-aaef-0016d3860ac1}\Shell\AutoRun - "" = Auto&Play 

O33 - MountPoints2\{d4ab9844-437e-11e1-aaef-0016d3860ac1}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RuNdLl32.EXE .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn 

O33 - MountPoints2\{da3518ba-d852-11e1-ac5f-0016d3860ac1}\Shell - "" = AutoRun 

O33 - MountPoints2\{da3518ba-d852-11e1-ac5f-0016d3860ac1}\Shell\AutoRun - "" = Auto&Play 

O33 - MountPoints2\{da3518ba-d852-11e1-ac5f-0016d3860ac1}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RuNdLl32.EXE .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn 
 

[2007.07.24 18:45:29 | 000,011,776 | -HS- | C] () -- C:\Dokumente und Einstellungen\Herbert\Anwendungsdaten\C224D2.exe 

 

[2007.07.24 18:45:59 | 000,002,048 | -HS- | C] () -- C:\WINDOWS\Installer\{898963ff-8fd7-41e4-e50f-b211e20e61f4}\@ 

[2007.07.24 18:45:59 | 000,002,048 | -HS- | C] () -- C:\Dokumente und Einstellungen\Herbert\Lokale Einstellungen\Anwendungsdaten\{898963ff-8fd7-41e4-e50f-b211e20e61f4}\@ 

[2012.07.24 22:00:15 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job 

[2012.07.24 21:59:16 | 000,001,218 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3129675875-673297077-2773509995-1005UA.job 

[2012.07.24 01:59:00 | 000,001,166 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3129675875-673297077-2773509995-1005Core.job 

 

[2012.06.18 08:12:25 | 000,019,968 | ---- | C] () -- C:\WINDOWS\Installer\{898963ff-8fd7-41e4-e50f-b211e20e61f4}\U\800000cb.@ 

[2012.06.18 08:12:25 | 000,013,312 | ---- | C] () -- C:\WINDOWS\Installer\{898963ff-8fd7-41e4-e50f-b211e20e61f4}\U\80000000.@ 

[2012.06.18 08:12:25 | 000,001,712 | ---- | C] () -- C:\WINDOWS\Installer\{898963ff-8fd7-41e4-e50f-b211e20e61f4}\U\00000001.@ 

[2012.06.18 08:12:10 | 000,013,824 | ---- | C] () -- C:\WINDOWS\System32\UblavrAtliky.dll 

:Files

C:\temp\npkglqqllbg.exe
 

ipconfig /flushdns /c

:Commands

[purity]

[emptytemp]

[emptyflash]

Schließe alle Programme.
Klicke auf den Fix Button.
Wenn OTL einen Neustart verlangt, bitte zulassen.
Kopiere den Inhalt des Logfiles hier in Code-Tags in Deinen Thread.
Nachträglich kannst Du das Logfile hier einsehen => C:\_OTL\MovedFiles\

Hinweis für Mitleser: Obiges OTL-Script ist ausschließlich für diesen User in dieser Situtation erstellt worden.
Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen!

Hier das Log. danke soweit schon mal.

Code:

All processes killed

========== OTL ==========

No active process named npkglqqllbg.exe was found!

Service WDICA stopped successfully!

Service WDICA deleted successfully!

Service SSPORT stopped successfully!

Service SSPORT deleted successfully!

File C:\WINDOWS\system32\Drivers\SSPORT.sys not found.

Service PDRFRAME stopped successfully!

Service PDRFRAME deleted successfully!

Service PDRELI stopped successfully!

Service PDRELI deleted successfully!

Service PDFRAME stopped successfully!

Service PDFRAME deleted successfully!

Service PDCOMP stopped successfully!

Service PDCOMP deleted successfully!

Service PCIDump stopped successfully!

Service PCIDump deleted successfully!

Service mailKmd stopped successfully!

Service mailKmd deleted successfully!

Service lbrtfdc stopped successfully!

Service lbrtfdc deleted successfully!

Service HTCAND32 stopped successfully!

Service HTCAND32 deleted successfully!

File System32\Drivers\ANDROIDUSB.sys not found.

Service Changer stopped successfully!

Service Changer deleted successfully!

Error: Unable to stop service Hotkey!

Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Hotkey deleted successfully.

C:\WINDOWS\system32\drivers\HOTKEY.sys moved successfully.

HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!

Prefs.js: "google.at" removed from browser.startup.homepage

Registry key HKEY_CURRENT_USER\Software\MozillaPlugins\@tools.google.com/Google Update;version=3\ deleted successfully.

C:\Dokumente und Einstellungen\Herbert\Lokale Einstellungen\Anwendungsdaten\Google\Update\1.3.21.115\npGoogleUpdate3.dll moved successfully.

Registry key HKEY_CURRENT_USER\Software\MozillaPlugins\@tools.google.com/Google Update;version=9\ deleted successfully.

File C:\Dokumente und Einstellungen\Herbert\Lokale Einstellungen\Anwendungsdaten\Google\Update\1.3.21.115\npGoogleUpdate3.dll not found.

File C:\Dokumente und Einstellungen\Herbert\Lokale Einstellungen\Anwendungsdaten\Google\Update\1.3.21.111\npGoogleUpdate3.dll not found.

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}\ deleted successfully.

C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll moved successfully.

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{99079a25-328f-4bd4-be04-00955acaa0a7}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99079a25-328f-4bd4-be04-00955acaa0a7}\ deleted successfully.

C:\Programme\Windows iLivid Toolbar\Datamngr\ToolBar\searchqudtx.dll moved successfully.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{99079a25-328f-4bd4-be04-00955acaa0a7} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99079a25-328f-4bd4-be04-00955acaa0a7}\ not found.

File C:\Programme\Windows iLivid Toolbar\Datamngr\ToolBar\searchqudtx.dll not found.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\10 deleted successfully.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\CtrlVol deleted successfully.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\LaunchAp deleted successfully.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Wbutton deleted successfully.

Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.

C:\temp\npkglqqllbg.exe moved successfully.

Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\2H1XUE6D9XZY9J2UYYZBVVKWYB deleted successfully.

Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\2H1XUE7E9XZY9J2UKSLHDGRQIM deleted successfully.

Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\8YWHVYZHXW3Y8HXAXVWLFUU deleted successfully.

C:\AcrotrebarW\AE87BAB0BB3.exe moved successfully.

Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\8YXCVYZHXW3Y8HXABZCLFOW deleted successfully.

File C:\AcrotrebarW\AE87BAB0BB3.exe not found.

C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\McAfee Security Scan Plus.lnk moved successfully.

C:\Programme\McAfee Security Scan\2.0.181\SSScheduler.exe moved successfully.

Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.

Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\\Netscape deleted successfully.

File move failed. C:\Dokumente und Einstellungen\Herbert\Anwendungsdaten\B50B7C.exe scheduled to be moved on reboot.

Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\\DataMngr_Toolbar deleted successfully.

File move failed. C:\Dokumente und Einstellungen\Herbert\Anwendungsdaten\C224D2.exe scheduled to be moved on reboot.

Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Nach Microsoft &Excel exportieren\ deleted successfully.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!

C:\AUTOEXEC.BAT moved successfully.

File F:\autorun.inf not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{01ac006e-bd11-11e1-ac1a-0016d3860ac1}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{01ac006e-bd11-11e1-ac1a-0016d3860ac1}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{01ac006e-bd11-11e1-ac1a-0016d3860ac1}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{01ac006e-bd11-11e1-ac1a-0016d3860ac1}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{01ac006e-bd11-11e1-ac1a-0016d3860ac1}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{01ac006e-bd11-11e1-ac1a-0016d3860ac1}\ not found.

File F:\AutoRun.exe not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1754fa1a-3e9a-11e1-aae9-0016d3860ac1}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1754fa1a-3e9a-11e1-aae9-0016d3860ac1}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1754fa1a-3e9a-11e1-aae9-0016d3860ac1}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1754fa1a-3e9a-11e1-aae9-0016d3860ac1}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1754fa1a-3e9a-11e1-aae9-0016d3860ac1}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1754fa1a-3e9a-11e1-aae9-0016d3860ac1}\ not found.

File C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RuNdLl32.EXE .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1754fa1b-3e9a-11e1-aae9-0016d3860ac1}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1754fa1b-3e9a-11e1-aae9-0016d3860ac1}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1754fa1b-3e9a-11e1-aae9-0016d3860ac1}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1754fa1b-3e9a-11e1-aae9-0016d3860ac1}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1754fa1b-3e9a-11e1-aae9-0016d3860ac1}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1754fa1b-3e9a-11e1-aae9-0016d3860ac1}\ not found.

File C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RuNdLl32.EXE .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1aab6dd3-6a65-11e0-a894-0016d3860ac1}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1aab6dd3-6a65-11e0-a894-0016d3860ac1}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1aab6dd3-6a65-11e0-a894-0016d3860ac1}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1aab6dd3-6a65-11e0-a894-0016d3860ac1}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1aab6dd3-6a65-11e0-a894-0016d3860ac1}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1aab6dd3-6a65-11e0-a894-0016d3860ac1}\ not found.

File C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RuNdLl32.EXE .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1f12d06c-0a77-11de-a62b-0016d3860ac1}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1f12d06c-0a77-11de-a62b-0016d3860ac1}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1f12d06c-0a77-11de-a62b-0016d3860ac1}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1f12d06c-0a77-11de-a62b-0016d3860ac1}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1f12d06c-0a77-11de-a62b-0016d3860ac1}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1f12d06c-0a77-11de-a62b-0016d3860ac1}\ not found.

File C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RUNdLl32.ExE .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{25fb9bfe-69cf-11e1-ab51-0016d3860ac1}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{25fb9bfe-69cf-11e1-ab51-0016d3860ac1}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{25fb9bfe-69cf-11e1-ab51-0016d3860ac1}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{25fb9bfe-69cf-11e1-ab51-0016d3860ac1}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{25fb9bfe-69cf-11e1-ab51-0016d3860ac1}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{25fb9bfe-69cf-11e1-ab51-0016d3860ac1}\ not found.

File C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RuNdLl32.EXE .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2d56062a-3ac5-11e1-aae0-0016d3860ac1}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2d56062a-3ac5-11e1-aae0-0016d3860ac1}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2d56062a-3ac5-11e1-aae0-0016d3860ac1}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2d56062a-3ac5-11e1-aae0-0016d3860ac1}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2d56062a-3ac5-11e1-aae0-0016d3860ac1}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2d56062a-3ac5-11e1-aae0-0016d3860ac1}\ not found.

File C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RuNdLl32.EXE .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{42dbb088-0522-11df-a639-0016d3860ac1}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42dbb088-0522-11df-a639-0016d3860ac1}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{42dbb088-0522-11df-a639-0016d3860ac1}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42dbb088-0522-11df-a639-0016d3860ac1}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{42dbb088-0522-11df-a639-0016d3860ac1}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42dbb088-0522-11df-a639-0016d3860ac1}\ not found.

File C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RuNdLl32.EXE .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{71079f11-abd7-11e1-abf6-0016d3860ac1}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{71079f11-abd7-11e1-abf6-0016d3860ac1}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{71079f11-abd7-11e1-abf6-0016d3860ac1}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{71079f11-abd7-11e1-abf6-0016d3860ac1}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{71079f11-abd7-11e1-abf6-0016d3860ac1}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{71079f11-abd7-11e1-abf6-0016d3860ac1}\ not found.

File F:\AutoRun.exe not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{73f8cf54-afaa-11e1-abff-0016d3860ac1}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73f8cf54-afaa-11e1-abff-0016d3860ac1}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{73f8cf54-afaa-11e1-abff-0016d3860ac1}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73f8cf54-afaa-11e1-abff-0016d3860ac1}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{73f8cf54-afaa-11e1-abff-0016d3860ac1}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73f8cf54-afaa-11e1-abff-0016d3860ac1}\ not found.

File C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RuNdLl32.EXE .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{768f4c7e-dab3-11e0-a9d9-0016d3860ac1}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{768f4c7e-dab3-11e0-a9d9-0016d3860ac1}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{768f4c7e-dab3-11e0-a9d9-0016d3860ac1}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{768f4c7e-dab3-11e0-a9d9-0016d3860ac1}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{768f4c7e-dab3-11e0-a9d9-0016d3860ac1}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{768f4c7e-dab3-11e0-a9d9-0016d3860ac1}\ not found.

File C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RuNdLl32.EXE .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9320b652-2222-11df-a63e-0016d3860ac1}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9320b652-2222-11df-a63e-0016d3860ac1}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9320b652-2222-11df-a63e-0016d3860ac1}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9320b652-2222-11df-a63e-0016d3860ac1}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9320b652-2222-11df-a63e-0016d3860ac1}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9320b652-2222-11df-a63e-0016d3860ac1}\ not found.

File C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RuNdLl32.EXE .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d2155f94-9bd0-11de-a635-0016d3860ac1}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d2155f94-9bd0-11de-a635-0016d3860ac1}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d2155f94-9bd0-11de-a635-0016d3860ac1}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d2155f94-9bd0-11de-a635-0016d3860ac1}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d2155f94-9bd0-11de-a635-0016d3860ac1}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d2155f94-9bd0-11de-a635-0016d3860ac1}\ not found.

File C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RuNdLl32.EXE .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d4ab9844-437e-11e1-aaef-0016d3860ac1}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d4ab9844-437e-11e1-aaef-0016d3860ac1}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d4ab9844-437e-11e1-aaef-0016d3860ac1}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d4ab9844-437e-11e1-aaef-0016d3860ac1}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d4ab9844-437e-11e1-aaef-0016d3860ac1}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d4ab9844-437e-11e1-aaef-0016d3860ac1}\ not found.

File C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RuNdLl32.EXE .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{da3518ba-d852-11e1-ac5f-0016d3860ac1}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{da3518ba-d852-11e1-ac5f-0016d3860ac1}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{da3518ba-d852-11e1-ac5f-0016d3860ac1}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{da3518ba-d852-11e1-ac5f-0016d3860ac1}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{da3518ba-d852-11e1-ac5f-0016d3860ac1}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{da3518ba-d852-11e1-ac5f-0016d3860ac1}\ not found.

File C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RuNdLl32.EXE .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn not found.

File move failed. C:\Dokumente und Einstellungen\Herbert\Anwendungsdaten\C224D2.exe scheduled to be moved on reboot.

C:\WINDOWS\Installer\{898963ff-8fd7-41e4-e50f-b211e20e61f4}\@ moved successfully.

C:\Dokumente und Einstellungen\Herbert\Lokale Einstellungen\Anwendungsdaten\{898963ff-8fd7-41e4-e50f-b211e20e61f4}\@ moved successfully.

C:\WINDOWS\tasks\Adobe Flash Player Updater.job moved successfully.

C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3129675875-673297077-2773509995-1005UA.job moved successfully.

C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3129675875-673297077-2773509995-1005Core.job moved successfully.

C:\WINDOWS\Installer\{898963ff-8fd7-41e4-e50f-b211e20e61f4}\U\800000cb.@ moved successfully.

C:\WINDOWS\Installer\{898963ff-8fd7-41e4-e50f-b211e20e61f4}\U\80000000.@ moved successfully.

C:\WINDOWS\Installer\{898963ff-8fd7-41e4-e50f-b211e20e61f4}\U\00000001.@ moved successfully.

C:\WINDOWS\system32\UblavrAtliky.dll moved successfully.

========== FILES ==========

File\Folder C:\temp\npkglqqllbg.exe not found.
 < ipconfig /flushdns /c >

Windows-IP-Konfiguration

Der DNS-Auflösungscache wurde geleert.

C:\Dokumente und Einstellungen\Herbert\Desktop\cmd.bat deleted successfully.

C:\Dokumente und Einstellungen\Herbert\Desktop\cmd.txt deleted successfully.

========== COMMANDS ==========

 

[EMPTYTEMP]

 

User: Administrator

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 32768 bytes

 

User: All Users

 

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 32768 bytes

 

User: Herbert

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 67950252 bytes

->Java cache emptied: 8946680 bytes

->FireFox cache emptied: 5569612 bytes

->Google Chrome cache emptied: 381659777 bytes

->Flash cache emptied: 340636605 bytes

 

User: LocalService

->Temp folder emptied: 65984 bytes

->Temporary Internet Files folder emptied: 32902 bytes

 

User: NetworkService

->Temp folder emptied: 65984 bytes

->Temporary Internet Files folder emptied: 33170 bytes

->Java cache emptied: 25 bytes

->Flash cache emptied: 4247 bytes

 

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 19569 bytes

%systemroot%\System32 .tmp files removed: 2951 bytes

%systemroot%\System32\dllcache .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 12400 bytes

Windows Temp folder emptied: 7657633 bytes

RecycleBin emptied: 4633935 bytes

 

Total Files Cleaned = 779,00 mb

 

 

[EMPTYFLASH]

 

User: Administrator

 

User: All Users

 

User: Default User

 

User: Herbert

->Flash cache emptied: 0 bytes

 

User: LocalService

 

User: NetworkService

->Flash cache emptied: 0 bytes

 

Total Flash Files Cleaned = 0,00 mb

 

 

OTL by OldTimer - Version 3.2.54.1 log created on 07282012_055449
 

Files\Folders moved on Reboot...

C:\Dokumente und Einstellungen\Herbert\Anwendungsdaten\B50B7C.exe moved successfully.

C:\Dokumente und Einstellungen\Herbert\Anwendungsdaten\C224D2.exe moved successfully.
 

PendingFileRenameOperations files...

File C:\Dokumente und Einstellungen\Herbert\Anwendungsdaten\B50B7C.exe not found!

File C:\Dokumente und Einstellungen\Herbert\Anwendungsdaten\C224D2.exe not found!
 

Registry entries deleted on Reboot...

Sehr gut! :daumenhoc

Wie laeuft der Rechner?

1. Schritt

Bitte einen Vollscan mit Malwarebytes Anti-Malware machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Malwarebytes Anti-Malware
- Anwendbar auf Windows 2000, XP, Vista und 7.
- Installiere das Programm in den vorgegebenen Pfad.
- Aktiviere "Komplett Scan durchführen" => Scan.
- Wähle alle verfügbaren Laufwerke (ausser CD/DVD) aus und starte den Scan.
- Funde bitte löschen lassen oder in Quarantäne.
- Wenn der Scan beendet ist, klicke auf "Zeige Resultate".

danach:

2. Schritt

Downloade Dir bitte AdwCleaner auf deinen Desktop.

Starte die adwcleaner.exe mit einem Doppelklick.
Klicke auf Search.
Nach Ende des Suchlaufs öffnet sich eine Textdatei.
Poste mir den Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner[R1].txt.

System scheint stabil, wage ich zu behaupten! :glaskugel:

Code:

Malwarebytes Anti-Malware 1.62.0.1300

www.malwarebytes.org
 

Datenbank Version: v2012.07.31.03
 

Windows XP Service Pack 3 x86 NTFS

Internet Explorer 6.0.2900.5512

Herbert :: NOTEBOOK [Administrator]
 

28.07.2012 20:12:46

mbam-log-2012-07-28 (20-12-46).txt
 

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)

Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM

Deaktivierte Suchlaufeinstellungen: P2P

Durchsuchte Objekte: 272646

Laufzeit: 28 Minute(n), 19 Sekunde(n)
 

Infizierte Speicherprozesse: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Speichermodule: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungsschlüssel: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungswerte: 2

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|8YXCVHZH1XZY9J1BGKTLVSEKOQTC (Trojan.Agent) -> Daten: C:\Acrotreta1W\AC479B30BB3.exe /q -> Erfolgreich gelöscht und in Quarantäne gestellt.

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run|Netscape (Backdoor.Agent) -> Daten: C:\Dokumente und Einstellungen\Herbert\Anwendungsdaten\B50B7C.exe -> Erfolgreich gelöscht und in Quarantäne gestellt.
 

Infizierte Dateiobjekte der Registrierung: 5

HKCR\CLSID\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32| (Trojan.Zaccess) -> Bösartig: (\\.\globalroot\systemroot\Installer\{898963ff-8fd7-41e4-e50f-b211e20e61f4}\n.) Gut: (wbemess.dll) -> Erfolgreich ersetzt und in Quarantäne gestellt.

HKLM\SOFTWARE\Microsoft\Security Center|AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bösartig: (1) Gut: (0) -> Erfolgreich ersetzt und in Quarantäne gestellt.

HKLM\SOFTWARE\Microsoft\Security Center|FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bösartig: (1) Gut: (0) -> Erfolgreich ersetzt und in Quarantäne gestellt.

HKLM\SOFTWARE\Microsoft\Security Center|UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bösartig: (1) Gut: (0) -> Erfolgreich ersetzt und in Quarantäne gestellt.

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL|CheckedValue (PUM.Hijack.System.Hidden) -> Bösartig: (0) Gut: (1) -> Erfolgreich ersetzt und in Quarantäne gestellt.
 

Infizierte Verzeichnisse: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateien: 14

C:\Acrotreta1W\AC479B30BB3.exe (Trojan.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt.

C:\WINDOWS\system32\rqmlkdi.dll (Worm.Conficker) -> Löschen bei Neustart.

C:\ACROTR~2\AC4795~1.EXE (Spyware.Zbot.ES) -> Erfolgreich gelöscht und in Quarantäne gestellt.

C:\Dokumente und Einstellungen\Herbert\Lokale Einstellungen\Anwendungsdaten\{898963ff-8fd7-41e4-e50f-b211e20e61f4}\n (Trojan.Dropper.PE4) -> Löschen bei Neustart.

C:\System Volume Information\_restore{02F74226-ADAD-4233-BA14-8748A46718E6}\RP523\A0025361.exe (Spyware.Passwords.XGen) -> Erfolgreich gelöscht und in Quarantäne gestellt.

C:\temp\3.tmp (Trojan.Dropper) -> Erfolgreich gelöscht und in Quarantäne gestellt.

C:\temp\kptufvtqtdyevqli.exe (Trojan.Agent.2D) -> Erfolgreich gelöscht und in Quarantäne gestellt.

C:\WINDOWS\Installer\{898963ff-8fd7-41e4-e50f-b211e20e61f4}\n (Trojan.Dropper.PE4) -> Löschen bei Neustart.

C:\_OTL\MovedFiles\07282012_055449\C_AcrotrebarW\AE87BAB0BB3.exe (Spyware.Passwords.XGen) -> Erfolgreich gelöscht und in Quarantäne gestellt.

C:\_OTL\MovedFiles\07282012_055449\C_Dokumente und Einstellungen\Herbert\Anwendungsdaten\B50B7C.exe (Trojan.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt.

C:\_OTL\MovedFiles\07282012_055449\C_Dokumente und Einstellungen\Herbert\Anwendungsdaten\C224D2.exe (Trojan.Downloader.RO) -> Erfolgreich gelöscht und in Quarantäne gestellt.

C:\_OTL\MovedFiles\07282012_055449\C_temp\npkglqqllbg.exe (Trojan.Agent.2D) -> Erfolgreich gelöscht und in Quarantäne gestellt.

C:\_OTL\MovedFiles\07282012_055449\C_WINDOWS\Installer\{898963ff-8fd7-41e4-e50f-b211e20e61f4}\U\800000cb.@ (Rootkit.0Access) -> Erfolgreich gelöscht und in Quarantäne gestellt.

C:\_OTL\MovedFiles\07282012_055449\C_WINDOWS\system32\UblavrAtliky.dll (Trojan.Passwords) -> Erfolgreich gelöscht und in Quarantäne gestellt.
 

(Ende)

Code:

# AdwCleaner v1.703 - Logfile created 07/28/2012 at 19:59:58

# Updated 20/07/2012 by Xplode

# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)

# User : Herbert - NOTEBOOK

# Running from : F:\adwcleaner.exe

# Option [Search]
 
 

***** [Services] *****
 
 

***** [Files / Folders] *****
 

Folder Found : C:\Dokumente und Einstellungen\Herbert\Anwendungsdaten\searchquband

Folder Found : C:\Dokumente und Einstellungen\Herbert\Anwendungsdaten\Searchqutoolbar

Folder Found : C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\boost_interprocess

Folder Found : C:\Programme\Windows iLivid Toolbar

File Found : C:\Programme\Mozilla FireFox\searchplugins\Search_Results.xml
 

***** [Registry] *****
 

Key Found : HKCU\Software\DataMngr

Key Found : HKCU\Software\DataMngr_Toolbar

Key Found : HKCU\Software\ilivid

Key Found : HKCU\Software\searchqutoolbar

Key Found : HKLM\SOFTWARE\Classes\SearchQUIEHelper.DNSGuard

Key Found : HKLM\SOFTWARE\Classes\SearchQUIEHelper.DNSGuard.1

Key Found : HKLM\SOFTWARE\DataMngr

Key Found : HKLM\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Windows Searchqu Toolbar

Key Found : HKLM\SOFTWARE\SearchquMediabarTb

Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [DataMngr]
 

***** [Registre - GUID] *****
 

Key Found : HKLM\SOFTWARE\Classes\CLSID\{9D717F81-9148-4F12-8568-69135F087DB0}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{A40DC6C5-79D0-4CA8-A185-8FF989AF1115}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{CC1AC828-BB47-4361-AFB5-96EEE259DD87}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{DFEFCDEE-CF1A-4FC8-89AF-189327213627}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{FEFD3AF5-A346-4451-AA23-A3AD54915515}

Key Found : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}

Key Found : HKLM\SOFTWARE\Classes\TypeLib\{5B4144E1-B61D-495A-9A50-CD1A95D86D15}

Key Found : HKLM\SOFTWARE\Classes\TypeLib\{6A4BCABA-C437-4C76-A54E-AF31B8A76CB9}

Key Found : HKLM\SOFTWARE\Classes\TypeLib\{841D5A49-E48D-413C-9C28-EB3D9081D705}

Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{99079A25-328F-4BD4-BE04-00955ACAA0A7}

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9D717F81-9148-4F12-8568-69135F087DB0}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{DFEFCDEE-CF1A-4FC8-89AF-189327213627}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{99079A25-328F-4BD4-BE04-00955ACAA0A7}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9D717F81-9148-4F12-8568-69135F087DB0}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DFEFCDEE-CF1A-4FC8-89AF-189327213627}

Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{DFEFCDEE-CF1A-4FC8-89AF-189327213627}]
 

***** [Internet Browsers] *****
 

-\\ Internet Explorer v6.0.2900.5512
 

[OK] Registry is clean.
 

*************************
 

AdwCleaner[R1].txt - [3079 octets] - [28/07/2012 19:59:58]
 

########## EOF - C:\AdwCleaner[R1].txt - [3207 octets] ##########

Avast Starzeitüberprüfung und Spybot haben auch noch ein paar Fehlerchen entdeckt und gefixt.

Schlechte Nachrichten.

Dein Rechner hat mehrere schwere Infektionen mit Rootkits.
Du musst dein System neuaufsetzen.

http://www.trojaner-board.de/51262-a...sicherung.html

oh mist :(

kannst du mir zum verständnis dazu noch ein paar genauere infos geben?

danke

http://www.trojaner-board.de/56634-rootkits.html

In deinem System gibt es Hintertueren um es in einem Botnet zu verwenden und deine Daten (Passwoerter, Accounts etc.) zu stehlen.

Daten sichern und alle Passwoerter aendern. Bei Online-Banking Konto pruefen!

Wenn du neu aufgesetzt hast, melde Dich wieder hier, dann sichern wir ab.