Trojaner-Board - 'TR/Agent2.cqxj' auf 'C:\Windows\System32\saimr8y8.dll'

Trojaner-Board (https://www.trojaner-board.de/)

- Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)

- - 'TR/Agent2.cqxj' auf 'C:\Windows\System32\saimr8y8.dll' (https://www.trojaner-board.de/86768-tr-agent2-cqxj-c-windows-system32-saimr8y8-dll.html)

'TR/Agent2.cqxj' auf 'C:\Windows\System32\saimr8y8.dll'

Hallo mein AntiVir von AVIRA meldete heute den Trojaner 'TR/Agent2.cqxj' auf 'C:\Windows\System32\saimr8y8.dll'. Im Internet finde ich zu diesem Trojaner dazu gar nichts. Auch das löschen der Datei C:\Windows\System32\saimr8y8.dll bringt nichts.
Nach dem Neustart ist die Datei wieder da und der AntiVir bringt wieder die Trojanermeldung.
Wobei andere Mapwarescanner den Trojaner gar nicht entdecken.
Kann mir hierzu vielleicht jemand helfen.

flo

Hallo kann mir denn da niemand weiterhelfen?

Hier noch mein hijackthis Datei.

HiJackthis Logfile:

Code:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 23:48:25, on 05.06.2010

Platform: Windows Vista SP2 (WinNT 6.00.1906)

MSIE: Internet Explorer v8.00 (8.00.6001.18904)

Boot mode: Normal
 

Running processes:

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\taskeng.exe

C:\Program Files\Windows Defender\MSASCui.exe

C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe

C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe

C:\Program Files\Dell Support Center\bin\sprtcmd.exe

C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

C:\Windows\sttray.exe

C:\Windows\System32\rundll32.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\DellSupport\DSAgnt.exe

C:\Windows\ehome\ehtray.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe

C:\Windows\ehome\ehmsas.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\program files\avira\antivir desktop\avcenter.exe

C:\program files\avira\antivir desktop\avscan.exe

C:\Program Files\Nemetschek\Allplan\Prg\Allplan_2006.exe

c:\program files\nemetschek\allplan\prg\ava_mat2006.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Users\Florian\Desktop\HijackThis.exe
 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.de/ig/dell?hl=de&client=dell-row&channel=de&ibd=0070329

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer bereitgestellt von Dell

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 

R3 - URLSearchHook: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll

O1 - Hosts: ::1 localhost

O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: QuickStores-Toolbar - {10EDB994-47F8-43F7-AE96-F2EA63E9F90F} - mscoree.dll (file missing)

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll

O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll

O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll

O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll

O3 - Toolbar: QuickStores-Toolbar - {10EDB994-47F8-43F7-AE96-F2EA63E9F90F} - mscoree.dll (file missing)

O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"

O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"

O4 - HKLM\..\Run: [ECenter] c:\dell\E-Center\EULALauncher.exe

O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup

O4 - HKLM\..\Run: [MSConfig] "C:\Windows\system32\msconfig.exe" /auto

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"

O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter

O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min

O4 - HKLM\..\Run: [SigmatelSysTrayApp] sttray.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup

O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe

O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1

O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter

O4 - HKCU\..\Run: [Google Update] "C:\Users\Florian\AppData\Local\Google\Update\GoogleUpdate.exe" /c

O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST')

O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST')

O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST')

O4 - Global Startup: McAfee Security Scan Plus.lnk = ?

O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200

O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O13 - Gopher Prefix: 

O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll

O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll

O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe

O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe

O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\Windows\System32\bgsvcgen.exe

O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Google Update Service (gupdate1c8cdf3383e5d95) (gupdate1c8cdf3383e5d95) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe

O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe

O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe

O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe

O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe

O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe

O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe

O23 - Service: TeamViewer 3 (TeamViewer) - TeamViewer GmbH - C:\Program Files\TeamViewer3\TeamViewer_Service.exe
 

--

End of file - 9188 bytes

--- --- ---

Hallo und :hallo:

bitte nen Vollscan mit malwarebytes machen und Log posten. Danach OTL:

Systemscan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop

Doppelklick auf die OTL.exe
Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
Unter Extra Registry, wähle bitte Use SafeList
Klicke nun auf Run Scan links oben
Wenn der Scan beendet wurde werden 2 Logfiles erstellt
Poste die Logfiles hier in den Thread.

Hallo cosinus,
danke für deine schnelle Antwort. Ich bin jetzt genau nach deiner Anleitung vorgegangen.
Malware bytes ergab kein Ergebnis. hier das Protokoll.

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 4171

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18904

06.06.2010 10:34:05
mbam-log-2010-06-06 (10-34-05).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 399879
Laufzeit: 1 Stunde(n), 27 Minute(n), 55 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)

OTL ergab folgende Logfiles.
OTL.txt:
OTL Logfile:

Code:

OTL logfile created on: 06.06.2010 10:41:12 - Run 2

OTL by OldTimer - Version 3.2.5.3     Folder = C:\Users\Florian\Desktop

Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18904)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 44,00% Memory free

4,00 Gb Paging File | 3,00 Gb Available in Paging File | 67,00% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 288,04 Gb Total Space | 138,79 Gb Free Space | 48,18% Space Free | Partition Type: NTFS

Drive D: | 10,00 Gb Total Space | 5,95 Gb Free Space | 59,49% Space Free | Partition Type: NTFS

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

 

Computer Name: PC-FLORIAN

Current User Name: Florian

Logged in as Administrator.

 

Current Boot Mode: Normal

Scan Mode: Current user

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Minimal

 
 ========== Processes (SafeList) ==========

 

PRC - C:\Users\Florian\Desktop\OTL.exe (OldTimer Tools)

PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)

PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)

PRC - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe (McAfee, Inc.)

PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)

PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)

PRC - C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.)

PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH)

PRC - C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE (Microsoft Corporation)

PRC - C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)

PRC - C:\Windows\explorer.exe (Microsoft Corporation)

PRC - C:\Program Files\Dell Support Center\bin\sprtsvc.exe (SupportSoft, Inc.)

PRC - C:\Program Files\TeamViewer3\TeamViewer_Service.exe (TeamViewer GmbH)

PRC - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)

PRC - C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)

PRC - C:\Windows\sttray.exe (SigmaTel, Inc.)

PRC - C:\Windows\System32\bgsvcgen.exe (B.H.A Corporation)

PRC - C:\Program Files\DellSupport\DSAgnt.exe (Gteko Ltd.)

PRC - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe (Sonic Solutions)

PRC - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe (Sonic Solutions)

PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)

PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe (Intel Corporation)

 

 
 ========== Modules (SafeList) ==========

 

MOD - C:\Users\Florian\Desktop\OTL.exe (OldTimer Tools)

MOD - c:\PROGRA~1\mcafee\SITEAD~1\saHook.dll (McAfee, Inc.)

MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll (Microsoft Corporation)

MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation)

 

 
 ========== Win32 Services (SafeList) ==========

 

SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)

SRV - (McAfee SiteAdvisor Service) -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe (McAfee, Inc.)

SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)

SRV - (McComponentHostService) -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe (McAfee, Inc.)

SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation)

SRV - (sprtsvc_dellsupportcenter) SupportSoft Sprocket Service (dellsupportcenter) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe (SupportSoft, Inc.)

SRV - (TeamViewer) -- C:\Program Files\TeamViewer3\TeamViewer_Service.exe (TeamViewer GmbH)

SRV - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)

SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)

SRV - (bgsvcgen) -- C:\Windows\System32\bgsvcgen.exe (B.H.A Corporation)

SRV - (DSBrokerService) -- C:\Program Files\DellSupport\brkrsvc.exe ()

SRV - (IAANTMON) Intel(R) -- C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe (Intel Corporation)

 

 
 ========== Driver Services (SafeList) ==========

 

DRV - (MBAMSwissArmy) -- C:\Windows\System32\drivers\mbamswissarmy.sys (Malwarebytes Corporation)

DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)

DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)

DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)

DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)

DRV - (avgio) -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)

DRV - (tap0901) -- C:\Windows\System32\drivers\tap0901.sys (The OpenVPN Project)

DRV - (e1express) Intel(R) -- C:\Windows\System32\drivers\e1e6032.sys (Intel Corporation)

DRV - (CrystalSysInfo) -- C:\Program Files\MediaCoder\SysInfo.sys ()

DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)

DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)

DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)

DRV - (DRVNDDM) -- C:\Windows\System32\drivers\DRVNDDM.SYS (Roxio)

DRV - (DLARTL_M) -- C:\Windows\System32\drivers\DLARTL_M.SYS (Roxio)

DRV - (DLACDBHM) -- C:\Windows\System32\drivers\DLACDBHM.SYS (Roxio)

DRV - (STHDA) -- C:\Windows\System32\drivers\stwrt.sys (SigmaTel, Inc.)

DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)

DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)

DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)

DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)

DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)

DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)

DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)

DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)

DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)

DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)

DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)

DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)

DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)

DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)

DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)

DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)

DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)

DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)

DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)

DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)

DRV - (SiSRaid2) -- C:\Windows\system32\drivers\sisraid2.sys (Silicon Integrated Systems Corp.)

DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)

DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)

DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)

DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)

DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)

DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)

DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)

DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)

DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)

DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)

DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Logic Corporation)

DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)

DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)

DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)

DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)

DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)

DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)

DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)

DRV - (R300) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)

DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)

DRV - (DLADResM) -- C:\Windows\System32\DLA\DLADResM.SYS (Roxio)

DRV - (DLAUDFAM) -- C:\Windows\System32\DLA\DLAUDFAM.SYS (Roxio)

DRV - (DLABMFSM) -- C:\Windows\System32\DLA\DLABMFSM.SYS (Roxio)

DRV - (DLAUDF_M) -- C:\Windows\System32\DLA\DLAUDF_M.SYS (Roxio)

DRV - (DLAOPIOM) -- C:\Windows\System32\DLA\DLAOPIOM.SYS (Roxio)

DRV - (DLABOIOM) -- C:\Windows\System32\DLA\DLABOIOM.SYS (Roxio)

DRV - (DLAPoolM) -- C:\Windows\System32\DLA\DLAPoolM.SYS (Roxio)

DRV - (DLAIFS_M) -- C:\Windows\System32\DLA\DLAIFS_M.SYS (Roxio)

DRV - (DSproct) -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys (Gteko Ltd.)

DRV - (iaStor) -- C:\Windows\system32\drivers\iastor.sys (Intel Corporation)

DRV - (dsunidrv) -- C:\Program Files\DellSupport\Drivers\dsunidrv.sys (Gteko Ltd.)

DRV - (DRVMCDB) -- C:\Windows\System32\Drivers\DRVMCDB.SYS (Sonic Solutions)

DRV - (cdrbsdrv) -- C:\Windows\System32\drivers\cdrbsdrv.sys (B.H.A Corporation)

 

 
 ========== Standard Registry (SafeList) ==========

 

 
 ========== Internet Explorer ==========

 

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.de/ig/dell?hl=de&client=dell-row&channel=de&ibd=0070329

 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1

IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

 
 ========== FireFox ==========

 

FF - prefs.js..browser.search.useDBForOrder: true

FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.1

FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.7.3

FF - prefs.js..extensions.enabledItems: firebug@software.joehewitt.com:1.5.3

 

FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2010.06.01 22:59:49 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.04.04 21:16:45 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.04.17 09:31:51 | 000,000,000 | ---D | M]

 

[2010.01.27 22:44:52 | 000,000,000 | ---D | M] -- C:\Users\Florian\AppData\Roaming\mozilla\Extensions

[2009.09.06 10:50:55 | 000,000,000 | ---D | M] -- C:\Users\Florian\AppData\Roaming\mozilla\Extensions\MediaCoder

[2009.09.06 10:52:39 | 000,000,000 | ---D | M] -- C:\Users\Florian\AppData\Roaming\mozilla\Extensions\MediaCoder-Setup-Wizard

[2010.01.27 21:57:55 | 000,000,000 | ---D | M] -- C:\Users\Florian\AppData\Roaming\mozilla\Firefox\Profiles\a62dfdzu.default\extensions

[2010.01.27 21:57:55 | 000,000,000 | ---D | M] -- C:\Users\Florian\AppData\Roaming\mozilla\Firefox\Profiles\a62dfdzu.default\extensions\personas@christopher.beard

[2010.06.05 20:36:35 | 000,000,000 | ---D | M] -- C:\Users\Florian\AppData\Roaming\mozilla\Firefox\Profiles\knxx9kxs.default\extensions

[2010.05.02 23:51:48 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Florian\AppData\Roaming\mozilla\Firefox\Profiles\knxx9kxs.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

[2010.04.08 22:36:04 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Users\Florian\AppData\Roaming\mozilla\Firefox\Profiles\knxx9kxs.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}

[2010.04.15 23:46:25 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Florian\AppData\Roaming\mozilla\Firefox\Profiles\knxx9kxs.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}

[2010.03.16 23:46:12 | 000,000,000 | ---D | M] -- C:\Users\Florian\AppData\Roaming\mozilla\Firefox\Profiles\knxx9kxs.default\extensions\firebug@software.joehewitt.com

[2010.04.11 11:33:23 | 000,005,356 | ---- | M] () -- C:\Users\Florian\AppData\Roaming\Mozilla\FireFox\Profiles\knxx9kxs.default\searchplugins\bildde.xml

[2010.01.29 00:13:03 | 000,004,140 | ---- | M] () -- C:\Users\Florian\AppData\Roaming\Mozilla\FireFox\Profiles\knxx9kxs.default\searchplugins\youtube.xml

[2010.06.05 20:36:35 | 000,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions

[2007.04.02 22:43:00 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Program Files\mozilla firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}

[2010.03.28 18:47:46 | 000,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\quickstores@quickstores.de

[2008.02.04 19:49:18 | 000,663,072 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\npOGAPlugin.dll

[2010.01.16 03:15:29 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml

[2010.01.16 03:15:29 | 000,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml

[2010.01.16 03:15:29 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml

[2010.01.16 03:15:29 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml

[2010.01.16 03:15:29 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml

 

O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1       localhost

O1 - Hosts: ::1             localhost

O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll (Google Inc.)

O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)

O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll (Dell Inc.)

O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)

O4 - HKLM..\Run: []  File not found

O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)

O4 - HKLM..\Run: [DellSupportCenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)

O4 - HKLM..\Run: [dscactivate] C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe ( )

O4 - HKLM..\Run: [ECenter] c:\DELL\E-Center\EULALauncher.exe ( )

O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)

O4 - HKLM..\Run: [ISUSPM Startup] C:\Programme\Common Files\InstallShield\UpdateService\ISUSPM.exe File not found

O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (Macrovision Corporation)

O4 - HKLM..\Run: [MSConfig] C:\Windows\System32\msconfig.exe (Microsoft Corporation)

O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation)

O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.DLL (NVIDIA Corporation)

O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe (Sonic Solutions)

O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Windows\sttray.exe (SigmaTel, Inc.)

O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)

O4 - HKCU..\Run: [DellSupport] C:\Program Files\DellSupport\DSAgnt.exe (Gteko Ltd.)

O4 - HKCU..\Run: [DellSupportCenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)

O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)

O4 - HKCU..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe File not found

O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)

O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)

O13 - gopher Prefix: missing

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)

O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)

O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1

O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)

O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)

O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)

O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O24 - Desktop WallPaper: C:\Users\Florian\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg

O24 - Desktop BackupWallPaper: C:\Users\Florian\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *) -  File not found

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

 
 ========== Files/Folders - Created Within 30 Days ==========

 

[2010.06.06 09:09:36 | 000,571,904 | ---- | C] (OldTimer Tools) -- C:\Users\Florian\Desktop\OTL.exe

[2010.06.06 01:40:48 | 000,000,000 | ---D | C] -- C:\Users\Florian\AppData\Roaming\Malwarebytes

[2010.06.06 01:40:35 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys

[2010.06.06 01:40:34 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys

[2010.06.06 01:40:34 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[2010.06.06 01:40:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2010.06.04 20:28:03 | 000,000,000 | ---D | C] -- C:\Program Files\Trojancheck 6

[2010.05.25 21:50:42 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll

[2010.05.15 17:45:30 | 000,000,000 | ---D | C] -- C:\Users\Florian\AppData\Roaming\SuperFlexibleSynchronizer

[2007.04.04 00:15:35 | 000,018,944 | ---- | C] ( ) -- C:\Windows\System32\implode.dll

[1 C:\Windows\System32\drivers\*.tmp files -> C:\Windows\System32\drivers\*.tmp -> ]

[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

 
 ========== Files - Modified Within 30 Days ==========

 

[2010.06.06 10:40:14 | 000,000,422 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{ED465F8F-CA81-44C7-BD94-989FD94DBCF2}.job

[2010.06.06 10:40:04 | 004,980,736 | -HS- | M] () -- C:\Users\Florian\ntuser.dat

[2010.06.06 10:02:01 | 000,001,126 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1163913110-800224953-3621087410-1000UA.job

[2010.06.06 09:50:07 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2010.06.06 09:06:13 | 001,989,224 | ---- | M] () -- C:\Windows\System32\perfh007.dat

[2010.06.06 09:06:13 | 000,994,264 | ---- | M] () -- C:\Windows\System32\perfh009.dat

[2010.06.06 09:06:13 | 000,559,772 | ---- | M] () -- C:\Windows\System32\perfc007.dat

[2010.06.06 09:06:13 | 000,486,802 | ---- | M] () -- C:\Windows\System32\perfc009.dat

[2010.06.06 09:06:13 | 000,005,124 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI

[2010.06.06 09:03:45 | 000,001,052 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job

[2010.06.06 09:01:28 | 000,065,536 | ---- | M] () -- C:\Windows\System32\Ikeext.etl

[2010.06.06 09:01:26 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2010.06.06 09:01:21 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

[2010.06.06 09:01:21 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

[2010.06.06 09:01:17 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT

[2010.06.06 09:01:15 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2010.06.06 02:23:00 | 000,524,288 | -HS- | M] () -- C:\Users\Florian\NTUSER.DAT{3f57a3ce-41ee-11dc-a017-0019d1471cd0}.TMContainer00000000000000000002.regtrans-ms

[2010.06.06 02:23:00 | 000,065,536 | -HS- | M] () -- C:\Users\Florian\NTUSER.DAT{3f57a3ce-41ee-11dc-a017-0019d1471cd0}.TM.blf

[2010.06.06 02:22:48 | 003,772,304 | -H-- | M] () -- C:\Users\Florian\AppData\Local\IconCache.db

[2010.06.06 01:54:58 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Users\Florian\Desktop\OTL.exe

[2010.06.05 23:02:00 | 000,001,074 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1163913110-800224953-3621087410-1000Core.job

[2010.06.05 01:32:32 | 000,000,254 | ---- | M] () -- C:\Windows\win.ini

[2010.06.05 00:59:57 | 000,002,054 | ---- | M] () -- C:\Users\Florian\Desktop\Google Chrome.lnk

[2010.06.04 20:55:24 | 000,401,720 | ---- | M] (Trend Micro Inc.) -- C:\Users\Florian\Desktop\HijackThis.exe

[2010.06.04 19:24:11 | 000,000,036 | ---- | M] () -- C:\Users\Florian\AppData\Local\housecall.guid.cache

[2010.05.21 22:54:34 | 000,002,075 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk

[2010.05.18 23:43:58 | 000,011,455 | ---- | M] () -- C:\Users\Florian\Desktop\Essen.xlsx

[2010.05.15 15:53:00 | 000,065,536 | ---- | M] () -- C:\Users\Florian\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2010.05.15 12:31:22 | 177,487,889 | ---- | M] () -- C:\Windows\MEMORY.DMP

[2010.05.15 11:58:11 | 000,001,048 | ---- | M] () -- C:\Users\Florian\Documents\Wasserversorgung Höfen.kmz

[2010.05.12 11:21:16 | 000,221,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe

[2010.05.10 22:58:00 | 001,228,392 | R--- | M] () -- C:\Users\Florian\Desktop\CIMG1357.JPG

[1 C:\Windows\System32\drivers\*.tmp files -> C:\Windows\System32\drivers\*.tmp -> ]

[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

 
 ========== Files Created - No Company Name ==========

 

[2010.06.05 00:59:57 | 000,002,054 | ---- | C] () -- C:\Users\Florian\Desktop\Google Chrome.lnk

[2010.06.04 19:24:11 | 000,000,036 | ---- | C] () -- C:\Users\Florian\AppData\Local\housecall.guid.cache

[2010.05.21 22:54:34 | 000,002,075 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk

[2010.05.18 23:43:57 | 000,011,455 | ---- | C] () -- C:\Users\Florian\Desktop\Essen.xlsx

[2010.05.15 11:58:11 | 000,001,048 | ---- | C] () -- C:\Users\Florian\Documents\Wasserversorgung Höfen.kmz

[2010.05.10 23:55:35 | 001,228,392 | R--- | C] () -- C:\Users\Florian\Desktop\CIMG1357.JPG

[2010.03.13 22:40:58 | 000,000,008 | ---- | C] () -- C:\Windows\System32\PROTOCOL.INI

[2009.08.03 23:19:29 | 000,585,728 | ---- | C] () -- C:\Windows\System32\saimr8y8.dll

[2009.08.03 23:19:18 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll

[2007.10.01 20:10:03 | 000,598,016 | ---- | C] () -- C:\Windows\System32\viscomqtde.dll

[2007.10.01 20:10:03 | 000,262,144 | ---- | C] () -- C:\Windows\System32\lame_enc.dll

[2007.10.01 16:32:23 | 000,394,240 | ---- | C] () -- C:\Windows\System32\Smab.dll

[2007.10.01 16:32:23 | 000,027,648 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll

[2007.09.27 12:57:47 | 000,163,840 | ---- | C] () -- C:\Windows\System32\unrar.dll

[2007.09.27 12:57:45 | 001,559,040 | ---- | C] () -- C:\Windows\System32\xvidcore.dll

[2007.09.27 12:57:45 | 000,282,624 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll

[2007.09.27 12:57:44 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll

[2007.09.27 12:57:43 | 000,007,680 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll

[2007.09.27 12:57:43 | 000,000,547 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll.manifest

[2007.08.03 21:56:29 | 000,056,056 | ---- | C] () -- C:\Windows\System32\DLAAPI_W.DLL

[2007.05.26 15:18:13 | 000,002,059 | ---- | C] () -- C:\Windows\ALLRIGHT.INI

[2007.05.06 18:10:44 | 000,116,224 | ---- | C] () -- C:\Windows\System32\redmonnt.dll

[2007.04.04 00:15:38 | 000,338,944 | ---- | C] () -- C:\Windows\System32\lffpx7.dll

[2007.04.04 00:15:38 | 000,118,784 | ---- | C] () -- C:\Windows\System32\lfkodak.dll

[2007.04.03 22:52:53 | 000,000,342 | ---- | C] () -- C:\Windows\ODBC.INI

[2007.04.02 23:43:36 | 000,077,824 | ---- | C] () -- C:\Windows\System32\hpzids01.dll

[2007.03.28 22:29:59 | 000,000,228 | ---- | C] () -- C:\Windows\wininit.ini

[2006.11.07 21:25:58 | 000,000,000 | ---- | C] () -- C:\Windows\System32\px.ini

[2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll

[2006.11.02 12:25:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll

[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini

[2006.09.17 00:36:50 | 000,520,192 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Roxio.dll

[2006.09.17 00:36:50 | 000,204,800 | ---- | C] () -- C:\Windows\System32\CddbFileTaggerRoxio.dll

[2001.10.28 17:42:30 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll

[2000.01.11 15:21:32 | 000,014,336 | ---- | C] () -- C:\Windows\System32\DZPIPE32.DLL

[1999.03.22 13:59:16 | 000,031,744 | ---- | C] () -- C:\Windows\System32\dz_ez32.dll

 
 ========== Alternate Data Streams ==========

 

@Alternate Data Stream - 76 bytes -> C:\Users\Florian\Documents\My PSP Files:Roxio EMC Stream

@Alternate Data Stream - 76 bytes -> C:\Users\Florian\Documents\My Pictures:Roxio EMC Stream

@Alternate Data Stream - 76 bytes -> C:\Users\Florian\Documents\Eigene Google Gadgets:Roxio EMC Stream

@Alternate Data Stream - 76 bytes -> C:\Users\Florian\Documents\Eigene eBooks:Roxio EMC Stream

@Alternate Data Stream - 76 bytes -> C:\Users\Florian\Documents\Eigene Datenquellen:Roxio EMC Stream

@Alternate Data Stream - 76 bytes -> C:\Users\Florian\Documents\Corel User Files:Roxio EMC Stream

@Alternate Data Stream - 76 bytes -> C:\Users\Florian\Documents\Aufnahmen:Roxio EMC Stream

@Alternate Data Stream - 76 bytes -> C:\Users\Florian\Desktop\Alina-Fotos entwickelt:Roxio EMC Stream

< End of report >

--- --- ---

Extras.txt:
OTL Logfile:

Code:

OTL Extras logfile created on: 06.06.2010 10:41:12 - Run 2

OTL by OldTimer - Version 3.2.5.3     Folder = C:\Users\Florian\Desktop

Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18904)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 44,00% Memory free

4,00 Gb Paging File | 3,00 Gb Available in Paging File | 67,00% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 288,04 Gb Total Space | 138,79 Gb Free Space | 48,18% Space Free | Partition Type: NTFS

Drive D: | 10,00 Gb Total Space | 5,95 Gb Free Space | 59,49% Space Free | Partition Type: NTFS

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

 

Computer Name: PC-FLORIAN

Current User Name: Florian

Logged in as Administrator.

 

Current Boot Mode: Normal

Scan Mode: Current user

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Minimal

 
 ========== Extra Registry (SafeList) ==========

 

 
 ========== File Associations ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)

.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

.html [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found

 

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

 
 ========== Shell Spawning ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)

htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)

htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)

http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)

https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [Müller Foto] -- "C:\Program Files\Müller Foto\Müller Foto\Müller Foto.exe" "%1" ()

Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

 
 ========== Security Center Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]

"DisableMonitoring" = 1

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

"VistaSp1" = Reg Error: Unknown registry data type -- File not found

"VistaSp2" = Reg Error: Unknown registry data type -- File not found

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

"DoNotAllowExceptions" = 1

 
 ========== Authorized Applications List ==========

 

 
 ========== Vista Active Open Ports Exception List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

 
 ========== Vista Active Application Exception List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

 
 ========== HKEY_LOCAL_MACHINE Uninstall List ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148

"{0138F525-6C8A-333F-A105-14AE030B9A54}" = Visual C++ 9.0 CRT (x86) WinSXS MSM

"{0394CDC8-FABD-4ed8-B104-03393876DFDF}" = Roxio Creator Tools

"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3

"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu

"{0D397393-9B50-4c52-84D5-77E344289F87}" = Roxio Creator Data

"{1746EA69-DCB6-4408-B5A5-E75F55439CDF}" = Scan

"{179C56A4-F57F-4561-8BBF-F911D26EB435}" = WebReg

"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java(TM) 6 Update 18

"{2764CA82-DFB9-4498-AF85-719340BF5305}" = Dell Resource CD

"{2D87E961-577B-492B-AD54-1368680FB9A7}" = Bing Maps 3D

"{2F4C24E6-CBD4-4AAC-B56F-C9FD44DE5668}" = Roxio Drag-to-Disc

"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager

"{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Sonic Activation Module

"{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}" = McAfee SiteAdvisor

"{36A1E3D6-288A-4EEE-A081-30D9808B2BE3}" = Joe

"{3EE33958-7381-4E7B-A4F3-6E43098E9E9C}" = URL Assistant

"{40724630-C95F-449d-B71D-777CFDE9EA21}" = J5700

"{40BA976E-38B8-4C63-990C-50999C8C3521}" = BPD_Scan

"{41A96655-19FB-473c-AAB7-429E372527C8}" = ProductContext

"{49F2B650-2D7B-4F59-B33D-346F63776BD3}" = DocProc

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{5CD29180-A95E-11D3-A4EB-00C04F7BDB2C}" = Benutzerhandbuch

"{5D0F0C1F-46B0-4AA2-B8DC-02E5FE777C19}" = 5700_Help

"{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}" = Roxio Creator Copy

"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler

"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder

"{67D3F1A0-A1F2-49b7-B9EE-011277B170CD}" = HPProductAssistant

"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin

"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable

"{74EC78BC-B379-4E29-9006-8F161DCAABA6}" = Apple Software Update

"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

"{7A7DC702-DEDE-42A8-8722-B3BA724D546F}" = Fax

"{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}" = DellSupport

"{83FFCFC7-88C6-41c6-8752-958A45325C82}" = Roxio Creator Audio

"{84CE1208-B85F-4976-8718-52A91990A8A3}" = Global Mapper 9

"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder

"{880AF49C-34F7-4285-A8AD-8F7A3D1C33DC}" = Roxio Creator BDAV Plugin

"{8815F011-43AF-4F50-BBD8-D78ED3D6F5B9}" = VR-NetWorld

"{8BF2C401-02CE-424D-BC26-6C4F9FB446B6}" = Macromedia Flash 8 Video Encoder

"{8C6027FD-53DC-446D-BB75-CACD7028A134}" = HP Update

"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007

"{90120000-0016-0407-0000-0000000FF1CE}_BASICR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007

"{90120000-001A-0407-0000-0000000FF1CE}_BASICR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007

"{90120000-001B-0407-0000-0000000FF1CE}_BASICR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007

"{90120000-001F-0407-0000-0000000FF1CE}_BASICR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007

"{90120000-001F-0409-0000-0000000FF1CE}_BASICR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007

"{90120000-001F-040C-0000-0000000FF1CE}_BASICR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007

"{90120000-001F-0410-0000-0000000FF1CE}_BASICR_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007

"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007

"{90120000-006E-0407-0000-0000000FF1CE}_BASICR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-00B2-0409-0000-0000000FF1CE}" = Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs

"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel(R) Matrix Storage Manager

"{91120000-0013-0000-0000-0000000FF1CE}" = Microsoft Office Basic 2007

"{91120000-0013-0000-0000-0000000FF1CE}_BASICR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{91120000-0013-0000-0000-0000000FF1CE}_BASICR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)

"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)

"{95A890AA-B3B1-44B6-9C18-A8F7AB3EE7FC}" = QuickTime

"{978C25EE-5777-46e4-8988-732C297CBDBD}" = Status

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{9B1FD9CE-0776-4f0b-A6F5-C6AB7B650CDF}" = Destinations

"{A2CC286B-BFE9-4D1F-9EDA-AA3E8289CA12}" = BPDSoftware_Ini

"{A36CD345-625C-4d6c-B3E2-76E1248CB451}" = SolutionCenter

"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio

"{A49098C1-980A-4C99-A579-4D10409AD899}" = DVDfunSTUDIO 

"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder

"{AB8BDDBF-7965-4476-B9BC-ED8DFD603AA8}" = HP Officejet All-In-One Series

"{AC073452-EF2A-4333-9FE5-AA97C820813A}" = DirLister

"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings

"{AC76BA86-7AD7-1031-7B44-A81200000003}" = Adobe Reader 8.1.2 - Deutsch

"{AE585DDE-7230-4B57-926B-428C94AA5850}" = Adobe Setup

"{BC6332C4-60CD-4B71-B7FE-CE921D46ECC2}_is1" = DirReader 1.55

"{BE77A81F-B315-4666-9BF3-AE70C0ADB057}" = BufferChm

"{C716522C-3731-4667-8579-40B098294500}" = Toolbox

"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator DE

"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{D639085F-4B6E-4105-9F37-A0DBB023E2FB}" = Roxio MyDVD DE

"{E26C402E-01FE-4EF2-964A-AC54734539B7}" = DVD-MovieAlbumSE 4

"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center (Support Software)

"{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack

"{EB75DE50-5754-4F6F-875D-126EDF8E4CB3}" = HPSSupply

"{ECAD4F6A-0BF3-4028-9C81-E5D9F9606CBA}" = BPDSoftware

"{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}" = 32 Bit HP CIO Components Installer

"{F7B0939E-58DF-11DF-B3A6-005056806466}" = Google Earth

"{FD023F61-65E9-465C-B558-7C64EB2B97E6}" = Assistant zum Anpassen des Dell-Systems

"{FF075778-6E50-47ed-991D-3B07FD4E3250}" = TrayApp

"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin

"Adobe SVG Viewer" = Adobe SVG Viewer 3.0

"Avidemux 2.4" = Avidemux 2.4

"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus

"BASICR" = Microsoft Office Basic 2007

"doPDF 5  printer_is1" = doPDF 5.3  printer

"FileZilla" = FileZilla (remove only)

"FreePDF_XP" = FreePDF XP (Remove only)

"Google Updater" = Google Updater

"HijackThis" = HijackThis 2.0.2

"HP Imaging Device Functions" = HP Imaging Device Functions 8.0

"HP Solution Center & Imaging Support Tools" = HP Solution Center 8.0

"HPOCR" = HP OCR Software 8.0

"InstallShield_{1C63DD23-6554-4A1F-8D0D-B5A6B49D8015}" = Corel Graphics Suite 11

"KLiteCodecPack_is1" = K-Lite Codec Pack 3.4.0 Full

"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware

"McAfee Security Scan" = McAfee Security Scan Plus

"MediaCoder" = MediaCoder 0.7.1.4498

"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1

"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU

"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

"Move Networks Player - IE" = Move Networks Media Player for Internet Explorer

"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)

"Müller Foto" = Müller Foto

"Notepad++" = Notepad++

"NVIDIA Drivers" = NVIDIA Drivers

"phonostar3RadioPlayer_is1" = phonostar-Player Version 3.01.6

"Picasa 3" = Picasa 3

"QuickStores-Toolbar_is1" = QuickStores-Toolbar 1.0.0

"RealVNC_is1" = VNC Free Edition 4.1.2

"Redirection Port Monitor" = RedMon - Redirection Port Monitor

"TeamViewer 3" = TeamViewer 3

"VLC media player" = VideoLAN VLC media player 0.8.6f

"WinRAR archiver" = WinRAR

 
 ========== HKEY_CURRENT_USER Uninstall List ==========

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"Google Chrome" = Google Chrome

 
 ========== Last 10 Event Log Errors ==========

 

[ Application Events ]

Error - 03.10.2008 08:57:49 | Computer Name = PC-Florian | Source = Application Error | ID = 1000

Description = Fehlerhafte Anwendung MOVIEMK.exe, Version 6.0.6000.16386, Zeitstempel

 0x4549b5b6, fehlerhaftes Modul nvd3dum.dll, Version 7.15.11.6371, Zeitstempel 0x46ee44b8,

 Ausnahmecode 0xc0000005, Fehleroffset 0x0025e3c4,  Prozess-ID 0x1070, Anwendungsstartzeit

 01c9253212f689de.

 

Error - 25.10.2008 14:28:00 | Computer Name = PC-Florian | Source = Application Error | ID = 1000

Description = Fehlerhafte Anwendung MSASCui.exe, Version 1.1.1600.0, Zeitstempel

 0x47918de2, fehlerhaftes Modul COMCTL32.dll, Version 6.10.6001.18000, Zeitstempel

 0x4791a752, Ausnahmecode 0xc0000005, Fehleroffset 0x00038f45,  Prozess-ID 0xd68, 

Anwendungsstartzeit 01c936c821ece999.

 

Error - 15.11.2008 16:00:10 | Computer Name = PC-Florian | Source = Application Error | ID = 1000

Description = Fehlerhafte Anwendung Skype.exe, Version 3.8.0.139, Zeitstempel 0x2a425e19,

 fehlerhaftes Modul RPCRT4.dll, Version 6.0.6001.18051, Zeitstempel 0x48002c9c, 

Ausnahmecode 0xc0000005, Fehleroffset 0x00068d9e,  Prozess-ID 0x1598, Anwendungsstartzeit

 01c9475ca59a32e9.

 

Error - 22.11.2008 11:47:20 | Computer Name = PC-Florian | Source = Application Error | ID = 1000

Description = Fehlerhafte Anwendung spoolsv.exe, Version 6.0.6001.18000, Zeitstempel

 0x4791956c, fehlerhaftes Modul hpaiounifax.dll, Version 1.0.0.1, Zeitstempel 0x459b3eff,

 Ausnahmecode 0xc0000005, Fehleroffset 0x000049c0,  Prozess-ID 0x62c, Anwendungsstartzeit

 01c94c991a565011.

 

Error - 22.11.2008 15:45:27 | Computer Name = PC-Florian | Source = Application Error | ID = 1000

Description = Fehlerhafte Anwendung InDesign.exe, Version 5.0.0.463, Zeitstempel

 0x4607815b, fehlerhaftes Modul ntdll.dll, Version 6.0.6001.18000, Zeitstempel 0x4791a7a6,

 Ausnahmecode 0xc0000005, Fehleroffset 0x0003d13a,  Prozess-ID 0x6a0, Anwendungsstartzeit

 01c94cd3fce62cfb.

 

Error - 07.12.2008 07:33:56 | Computer Name = PC-Florian | Source = RasClient | ID = 20227

Description = 

 

Error - 07.12.2008 07:33:56 | Computer Name = PC-Florian | Source = RasClient | ID = 20227

Description = 

 

Error - 07.12.2008 07:33:56 | Computer Name = PC-Florian | Source = RasClient | ID = 20227

Description = 

 

Error - 14.12.2008 15:07:42 | Computer Name = PC-Florian | Source = Application Error | ID = 1000

Description = Fehlerhafte Anwendung RoxWatchTray9.exe, Version 9.0.1.64, Zeitstempel

 0x454e39e6, fehlerhaftes Modul unknown, Version 0.0.0.0, Zeitstempel 0x00000000,

 Ausnahmecode 0xc0000005, Fehleroffset 0x00000000,  Prozess-ID 0xf54, Anwendungsstartzeit

 01c95e1ef1cd4fe0.

 

Error - 20.12.2008 10:41:15 | Computer Name = PC-Florian | Source = Application Hang | ID = 1002

Description = Programm ps_radio.exe, Version 2.1.4.0 arbeitet nicht mehr mit Windows

 zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet "Lösungen

 für Probleme" in der Systemsteuerung, um nach weiteren Informationen über das Problem

 zu suchen.  Prozess-ID: 14e0  Anfangszeit: 01c962b0714739f7  Zeitpunkt der Beendigung:

 15

 

[ OSession Events ]

Error - 09.12.2007 15:56:07 | Computer Name = PC-Florian | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 0, Application Name: Microsoft Office Word, Application Version:

 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 17

 seconds with 0 seconds of active time.  This session ended with a crash.

 

Error - 24.03.2008 06:08:46 | Computer Name = PC-Florian | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:

 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 3311

 seconds with 2580 seconds of active time.  This session ended with a crash.

 

Error - 29.12.2009 17:43:37 | Computer Name = PC-Florian | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:

 12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 183

 seconds with 60 seconds of active time.  This session ended with a crash.

 

[ System Events ]

Error - 04.06.2010 19:30:08 | Computer Name = PC-Florian | Source = Service Control Manager | ID = 7001

Description = 

 

Error - 04.06.2010 19:30:08 | Computer Name = PC-Florian | Source = Service Control Manager | ID = 7001

Description = 

 

Error - 04.06.2010 19:30:08 | Computer Name = PC-Florian | Source = Service Control Manager | ID = 7001

Description = 

 

Error - 04.06.2010 19:30:08 | Computer Name = PC-Florian | Source = Service Control Manager | ID = 7001

Description = 

 

Error - 04.06.2010 19:30:08 | Computer Name = PC-Florian | Source = Service Control Manager | ID = 7001

Description = 

 

Error - 04.06.2010 19:30:08 | Computer Name = PC-Florian | Source = Service Control Manager | ID = 7001

Description = 

 

Error - 04.06.2010 19:30:08 | Computer Name = PC-Florian | Source = Service Control Manager | ID = 7001

Description = 

 

Error - 04.06.2010 19:30:08 | Computer Name = PC-Florian | Source = Service Control Manager | ID = 7001

Description = 

 

Error - 04.06.2010 19:30:08 | Computer Name = PC-Florian | Source = Service Control Manager | ID = 7026

Description = 

 

Error - 05.06.2010 19:27:32 | Computer Name = PC-Florian | Source = Service Control Manager | ID = 7022

Description = 

 

 

< End of report >

--- --- ---

Ok. Dann probier jetzt mal Logs mit GMER und OSAM zu erstellen. GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus.

Also GMEr stürtzt wirklich ständig ab.
Darum habe ich jetzt das OSM gemacht.

Hier das 1.Logfile:
OSAM Logfile:

Code:

Report of OSAM: Autorun Manager v5.0.11926.0

hxxp://www.online-solutions.ru/en/

Saved at 15:13:27 on 06.06.2010
 

OS: Windows Vista Home Premium Edition Service Pack 2 (Build 6002), 32-bit

Default Browser: Mozilla Corporation Firefox 3.6.3
 

Scanner Settings

[x] Rootkits detection (hidden registry)

[x] Rootkits detection (hidden files)

[x] Retrieve files information

[x] Check Microsoft signatures
 

Filters

[ ] Trusted entries

[ ] Empty entries

[x] Hidden registry entries (rootkit activity)

[x] Exclusively opened files

[x] Not found files

[x] Files without detailed information

[x] Existing files

[ ] Non-startable services

[ ] Non-startable drivers

[x] Active entries

[x] Disabled entries
 
 

[Common]

-----( %SystemRoot%\Tasks )-----

"GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe

"GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe

"GoogleUpdateTaskUserS-1-5-21-1163913110-800224953-3621087410-1000Core.job" - "Google Inc." - C:\Users\Florian\AppData\Local\Google\Update\GoogleUpdate.exe

"GoogleUpdateTaskUserS-1-5-21-1163913110-800224953-3621087410-1000UA.job" - "Google Inc." - C:\Users\Florian\AppData\Local\Google\Update\GoogleUpdate.exe

"Google Software Updater.job" - "Google" - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
 

[Control Panel Objects]

-----( %SystemRoot%\system32 )-----

"ISUSPM.cpl" - "InstallShield Software Corporation" - C:\Windows\system32\ISUSPM.cpl

"odbccp32.cpl" - "Microsoft Corporation" - C:\Windows\system32\odbccp32.cpl

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----

"mlcfg32.cpl" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\MLCFG32.CPL

"QuickTime" - "Apple Inc." - C:\Program Files\QuickTime\QTSystem\QuickTime.cpl
 

[Drivers]

-----( HKLM\SYSTEM\CurrentControlSet\Services )-----

"avgio" (avgio) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\avgio.sys

"avgntflt" (avgntflt) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avgntflt.sys

"avipbb" (avipbb) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avipbb.sys

"cdrbsdrv" (cdrbsdrv) - "B.H.A Corporation" - C:\Windows\system32\drivers\cdrbsdrv.sys

"CrystalSysInfo" (CrystalSysInfo) - ? - C:\Program Files\MediaCoder\SysInfo.sys  (File found, but it contains no detailed information)

"DLABMFSM" (DLABMFSM) - "Roxio" - C:\Windows\System32\DLA\DLABMFSM.SYS

"DLABOIOM" (DLABOIOM) - "Roxio" - C:\Windows\System32\DLA\DLABOIOM.SYS

"DLACDBHM" (DLACDBHM) - "Roxio" - C:\Windows\System32\Drivers\DLACDBHM.SYS

"DLADResM" (DLADResM) - "Roxio" - C:\Windows\System32\DLA\DLADResM.SYS

"DLAIFS_M" (DLAIFS_M) - "Roxio" - C:\Windows\System32\DLA\DLAIFS_M.SYS

"DLAOPIOM" (DLAOPIOM) - "Roxio" - C:\Windows\System32\DLA\DLAOPIOM.SYS

"DLAPoolM" (DLAPoolM) - "Roxio" - C:\Windows\System32\DLA\DLAPoolM.SYS

"DLARTL_M" (DLARTL_M) - "Roxio" - C:\Windows\System32\Drivers\DLARTL_M.SYS

"DLAUDFAM" (DLAUDFAM) - "Roxio" - C:\Windows\System32\DLA\DLAUDFAM.SYS

"DLAUDF_M" (DLAUDF_M) - "Roxio" - C:\Windows\System32\DLA\DLAUDF_M.SYS

"DRVMCDB" (DRVMCDB) - "Sonic Solutions" - C:\Windows\System32\Drivers\DRVMCDB.SYS

"DRVNDDM" (DRVNDDM) - "Roxio" - C:\Windows\System32\Drivers\DRVNDDM.SYS

"DSproct" (DSproct) - "Gteko Ltd." - C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys

"dsunidrv" (dsunidrv) - "Gteko Ltd." - C:\Program Files\DellSupport\Drivers\dsunidrv.sys

"IP in IP Tunnel Driver" (IpInIp) - ? - C:\Windows\System32\DRIVERS\ipinip.sys  (File not found)

"IPX Traffic Filter Driver" (NwlnkFlt) - ? - C:\Windows\System32\DRIVERS\nwlnkflt.sys  (File not found)

"IPX Traffic Forwarder Driver" (NwlnkFwd) - ? - C:\Windows\System32\DRIVERS\nwlnkfwd.sys  (File not found)

"PxHelp20" (PxHelp20) - "Sonic Solutions" - C:\Windows\System32\Drivers\PxHelp20.sys

"ssmdrv" (ssmdrv) - "Avira GmbH" - C:\Windows\System32\DRIVERS\ssmdrv.sys

"USB to IEEE-1284.4 Translation Driver HPZius12" (HPZius12) - "HP" - C:\Windows\System32\DRIVERS\HPZius12.sys

"vereoofn" (vereoofn) - "Verbatim Ltd." - C:\Windows\system32\drivers\vereoofn.sys
 

[Explorer]

-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----

{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll

-----( HKLM\Software\Classes\Protocols\Filter )-----

{807563E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL

-----( HKLM\Software\Classes\Protocols\Handler )-----

{314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll

{5513F07E-936B-4E52-9B00-067394E91CC5} "McAfee SACore Protocol Handler" - "McAfee, Inc." - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll

{5513F07E-936B-4E52-9B00-067394E91CC5} "McAfee SACore Protocol Handler" - "McAfee, Inc." - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----

{911051fa-c21c-4246-b470-070cd8df6dc4} ".cab or .zip files" - ? -   (File not found | COM-object registry key not found)

{1b24a030-9b20-49bc-97ac-1be4426f9e59} "ActiveDirectory Folder" - ? -   (File not found | COM-object registry key not found)

{34449847-FD14-4fc8-A75A-7432F5181EFB} "ActiveDirectory Folder" - ? -   (File not found | COM-object registry key not found)

{D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802} "Adobe.Acrobat.ContextMenu" - ? -   (File not found | COM-object registry key not found)

{0F8604A5-4ECE-4DE1-BA7D-CF10F8AA4F48} "Contacts folder" - ? -   (File not found | COM-object registry key not found)

 "CorelDRAW Shell Extension Component" - ? -   (File not found | COM-object registry key not found)

{4CCEFB41-18FA-11D3-9EF3-00A0C9E897FD} "CorelDRAW Shell Extension Component" - "Corel Corporation" - C:\Program Files\Corel\Corel Graphics 11\DRAW\CDRVIEWER\CrlShell110.dll

{2C2577C2-63A7-40e3-9B7F-586602617ECB} "Explorer Query Band" - ? -   (File not found | COM-object registry key not found)

{FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} "IE User Assist" - ? -   (File not found | COM-object registry key not found)

{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\msohevi.dll

{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll

{00020d75-0000-0000-c000-000000000046} "Microsoft Office Outlook" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\MLSHEXT.DLL

{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll

{0006F045-0000-0000-C000-000000000046} "Outlook File Icon Extension" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\OLKFSTUB.DLL

{5E44E225-A408-11CF-B581-008029601108} "Roxio DragToDisc Shell Extension" - "Roxio" - C:\Program Files\Roxio\Drag-to-Disc\Shellex.dll

{C8494E42-ACDD-4739-B0FB-217361E4894F} "Sam Account Folder" - ? -   (File not found | COM-object registry key not found)

{E29F9716-5C08-4FCD-955A-119FDB5A522D} "Sam Account Folder" - ? -   (File not found | COM-object registry key not found)

{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\shlext.dll

{da67b8ad-e81b-4c70-9b91b417b5e33527} "Windows Search Shell Service" - ? -   (File not found | COM-object registry key not found)

{B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - ? - C:\Program Files\WinRAR\rarext.dll  (File found, but it contains no detailed information)
 

[Internet Explorer]

-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----

ITBar7Height "ITBar7Height" - ? -   (File not found | COM-object registry key not found)

<binary data> "ITBar7Layout" - ? -   (File not found | COM-object registry key not found)

-----( HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks )-----

{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} "McAfee SiteAdvisor Toolbar" - "McAfee, Inc." - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll

-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----

{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_18" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab

{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} "Java Plug-in 1.6.0_18" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab

{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_18" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_18.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab

{8FFBE65D-2C9C-4669-84BD-5829DC0B603C} "{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}" - ? -   (File not found | COM-object registry key not found) / hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab

-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----

{FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Research" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )-----

{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} "McAfee SiteAdvisor Toolbar" - "McAfee, Inc." - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----

{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} "Adobe PDF Reader" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

{CA6319C0-31B7-401E-A518-A07C3DB8F777} "CBrowserHelperObject Object" - "Dell Inc." - C:\Program Files\BAE\BAE.dll

{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} "Google Toolbar Notifier BHO" - "Google Inc." - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll

{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2ssv.dll

{B164E929-A1B6-4A06-B104-2CD0E90A88FF} "McAfee SiteAdvisor BHO" - "McAfee, Inc." - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
 

[Logon]

-----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )-----

"desktop.ini" - ? - C:\Users\Florian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini

-----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )-----

"desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini

"McAfee Security Scan Plus.lnk" - "McAfee, Inc." - C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe  (Shortcut exists | File exists)

-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----

"DellSupport" - "Gteko Ltd." - "C:\Program Files\DellSupport\DSAgnt.exe" /startup

"DellSupportCenter" - "SupportSoft, Inc." - "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter

"Google Update" - "Google Inc." - "C:\Users\Florian\AppData\Local\Google\Update\GoogleUpdate.exe" /c

"swg" - "Google Inc." - "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

"updateMgr" - ? - "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1  (File not found)

-----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )-----

"StartupPrograms" - ? - rdpclip  (File not found)

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----

"Adobe Reader Speed Launcher" - "Adobe Systems Incorporated" - "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

"avgnt" - "Avira GmbH" - "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min

"DellSupportCenter" - "SupportSoft, Inc." - "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter

"dscactivate" - " " - "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"

"ECenter" - " " - c:\dell\E-Center\EULALauncher.exe

"IAAnotif" - "Intel Corporation" - "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"

"ISUSPM Startup" - "Macrovision Corporation" - C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup

"ISUSScheduler" - "Macrovision Corporation" - "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start

"RoxWatchTray" - "Sonic Solutions" - "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"

"SigmatelSysTrayApp" - "SigmaTel, Inc." - sttray.exe

"SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
 

[Print Monitors]

-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----

"Adobe PDF Port" - ? - C:\Windows\system32\AdobePDF.dll  (File not found)

"doPDF   5 Monitor" - "Softland" - C:\Windows\system32\dopdfmn5.dll

"HP DesignJet ECP Monitor" - "Hewlett-Packard Corporation, Microsoft Corporation" - C:\Windows\system32\HPLTLM5.DLL

"PCL Language Monitor" - "Hewlett-Packard Company" - C:\Windows\system32\hpz3l4sa.dll

"Redirected Port" - ? - C:\Windows\system32\redmonnt.dll  (File found, but it contains no detailed information)
 

[Services]

-----( HKLM\SYSTEM\CurrentControlSet\Services )-----

"##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##" (Bonjour Service) - "Apple Computer, Inc." - C:\Program Files\Bonjour\mDNSResponder.exe

"Avira AntiVir Guard" (AntiVirService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\avguard.exe

"Avira AntiVir Planer" (AntiVirSchedulerService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\sched.exe

"B's Recorder GOLD Library General Service" (bgsvcgen) - "B.H.A Corporation" - C:\Windows\System32\bgsvcgen.exe

"DSBrokerService" (DSBrokerService) - ? - C:\Program Files\DellSupport\brkrsvc.exe

"FLEXnet Licensing Service" (FLEXnet Licensing Service) - "Macrovision Europe Ltd." - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

"Google Software Updater" (gusvc) - "Google" - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

"Google Update Service (gupdate1c8cdf3383e5d95)" (gupdate1c8cdf3383e5d95) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe

"HP CUE DeviceDiscovery Service" (hpqddsvc) - "Hewlett-Packard Co." - C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll

"hpqcxs08" (hpqcxs08) - "Hewlett-Packard Co." - C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll

"InstallDriver Table Manager" (IDriverT) - "Macrovision Corporation" - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

"Intel(R) Matrix Storage Event Monitor" (IAANTMON) - "Intel Corporation" - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe

"McAfee Security Scan Component Host Service" (McComponentHostService) - "McAfee, Inc." - C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe

"McAfee SiteAdvisor Service" (McAfee SiteAdvisor Service) - "McAfee, Inc." - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe

"Microsoft Office Diagnostics Service" (odserv) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE

"Net Driver HPZ12" (Net Driver HPZ12) - "Hewlett-Packard" - C:\Windows\system32\HPZinw12.dll

"Office Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE

"Pml Driver HPZ12" (Pml Driver HPZ12) - "Hewlett-Packard" - C:\Windows\system32\HPZipm12.dll

"Roxio Hard Drive Watcher 9" (RoxWatch9) - "Sonic Solutions" - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe

"RoxMediaDB9" (RoxMediaDB9) - "Sonic Solutions" - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe

"stllssvr" (stllssvr) - "MicroVision Development, Inc." - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe

"SupportSoft Sprocket Service (dellsupportcenter)" (sprtsvc_dellsupportcenter) - "SupportSoft, Inc." - C:\Program Files\Dell Support Center\bin\sprtsvc.exe

"TeamViewer 3" (TeamViewer) - "TeamViewer GmbH" - C:\Program Files\TeamViewer3\TeamViewer_Service.exe
 

[Winsock Providers]

-----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )-----

"mdnsNSP" - "Apple Computer, Inc." - C:\Program Files\Bonjour\mdnsNSP.dll
 

===[ Logfile end ]=========================================[ Logfile end ]===

--- --- ---

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru

Welche Einträge ich jetzt dann deaktiviere sagst du mir, oder?

C:\Windows\system32\drivers\vereoofn.sys

Bitte diese Datei bei Virustotal auswerten lassen und den Ergebnislink posten. Falls Du die Datei nicht siehst, musst Du sie evtl. vorher sichtbar machen.
Wenn die Datei schon ausgewertet sein sollte, bitte eine weitere Auswertung starten.

Die Auswertung von Virustotal ergab folgendes Ergebnis:

Antivirus Version letzte aktualisierung Ergebnis
a-squared 5.0.0.26 2010.06.07 -
AhnLab-V3 2010.06.06.00 2010.06.06 -
AntiVir 8.2.2.6 2010.06.07 -
Antiy-AVL 2.0.3.7 2010.06.04 -
Authentium 5.2.0.5 2010.06.07 W32/Mediyes.A.gen!Eldorado
Avast 4.8.1351.0 2010.06.07 Win32:Trasec
Avast5 5.0.332.0 2010.06.07 Win32:Trasec
AVG 9.0.0.787 2010.06.07 BackDoor.Generic12.BQIA
BitDefender 7.2 2010.06.07 -
CAT-QuickHeal None 2010.06.07 -
ClamAV 0.96.0.3-git 2010.06.07 -
Comodo 5020 2010.06.07 -
DrWeb 5.0.2.03300 2010.06.07 -
eSafe 7.0.17.0 2010.06.06 -
eTrust-Vet 36.1.7615 2010.06.07 -
F-Prot 4.6.0.103 2010.06.07 W32/Mediyes.A.gen!Eldorado
F-Secure 9.0.15370.0 2010.06.07 -
Fortinet 4.1.133.0 2010.06.06 -
GData 21 2010.06.07 Win32:Trasec
Ikarus T3.1.1.84.0 2010.06.07 -
Jiangmin 13.0.900 2010.06.07 -
Kaspersky 7.0.0.125 2010.06.07 -
McAfee 5.400.0.1158 2010.06.07 -
McAfee-GW-Edition 2010.1 2010.06.07 -
Microsoft 1.5802 2010.06.07 -
NOD32 5180 2010.06.07 a variant of Win32/Mediyes.B
Norman 6.04.12 2010.06.07 -
nProtect 2010-06-07.01 2010.06.07 -
Panda 10.0.2.7 2010.06.06 -
PCTools 7.0.3.5 2010.06.07 -
Prevx 3.0 2010.06.07 -
Rising 22.51.00.04 2010.06.07 -
Sophos 4.53.0 2010.06.07 Sus/UnkPack-C
Sunbelt 6416 2010.06.07 -
Symantec 20101.1.0.89 2010.06.07 -
TheHacker 6.5.2.0.292 2010.06.04 -
TrendMicro 9.120.0.1004 2010.06.07 -
TrendMicro-HouseCall 9.120.0.1004 2010.06.07 -
VBA32 3.12.12.5 2010.06.07 -
ViRobot 2010.6.7.2341 2010.06.07 -
VirusBuster 5.0.27.0 2010.06.07 -
weitere Informationen
File size: 402944 bytes
MD5...: c581d4c9575fc244d35fce3f646eac36
SHA1..: 65cf1a8a0c506d7a7ef757579c5119ccabef310d
SHA256: 4cdea46ffe8f8c858ed940fee6e53bb473a17ed2af378c342faa5cf493efd0fb
ssdeep: 6144:wg0ZpBBO0B6ChZsKVou0O+ahBW+XqgEwmDnwEswhpATB7:iBOq6uZsKVdWf
DnCwhpATZ
PEiD..: -
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x60d3e
timedatestamp.....: 0x4bd8cacf (Wed Apr 28 23:54:55 2010)
machinetype.......: 0x14c (I386)

( 6 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x480 0xb43b 0xb480 6.60 dfbd8851f14faff1411d57ebc59710d0
.rdata 0xb900 0x546ac 0x54700 7.99 ac4ccba4a8d6ace3a5d90ad8c2f18395
.data 0x60000 0xcec 0xd00 0.25 750b4e3c7bf0edf122e7fab7cfd00eab
INIT 0x60d00 0x58c 0x600 5.37 7d30d15ccb2694c619522cc9a59a19d3
.rsrc 0x61300 0x308 0x380 2.96 3c3c64664c85c1a17296ae526c2da622
.reloc 0x61680 0xf78 0xf80 5.03 574293f57c10e0617bf2f74c72a71f2b

( 2 imports )
> ntoskrnl.exe: RtlInitUnicodeString, _allmul, _alldiv, ExRaiseStatus, ExAllocatePoolWithTagPriority, ExFreePoolWithTag, ZwQueryInformationProcess, RtlCompareUnicodeString, KeReleaseMutex, KeWaitForSingleObject, ZwEnumerateKey, ZwDeleteKey, ZwOpenKey, wcsncat, memset, IoDeleteDevice, KeDetachProcess, KeAttachProcess, PsLookupProcessByProcessId, ExAllocatePoolWithTag, KeInitializeMutex, memcpy, MmGetSystemRoutineAddress, RtlCopyUnicodeString, ZwOpenProcess, ZwQueryValueKey, ZwSetValueKey, ZwLoadDriver, ZwCreateKey, ZwReadFile, ZwCreateFile, ZwSetInformationFile, ZwWriteFile, ZwQueryInformationFile, ZwQueryVolumeInformationFile, IofCompleteRequest, IoCreateSymbolicLink, IoCreateDevice, swprintf, SeCreateClientSecurity, KeGetCurrentThread, KeQuerySystemTime, sprintf, RtlImageDirectoryEntryToData, RtlImageNtHeader, ZwUnmapViewOfSection, ZwMapViewOfSection, ZwCreateSection, KeTickCount, KeBugCheckEx, ObfDereferenceObject, ZwClose, RtlUnwind
> HAL.dll: KeGetCurrentIrql

( 0 exports )
RDS...: NSRL Reference Data Set
-
trid..: Win32 Executable Generic (68.0%)
Generic Win/DOS Executable (15.9%)
DOS Executable Generic (15.9%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
Symantec Reputation Network: Suspicious.Insight hxxp://www.symantec.com/security_response/writeup.jsp?docid=2010-021223-0550-99
pdfid.: -
sigcheck:
publisher....: Verbatim Ltd.
copyright....: Copyright (c) Verbatim Ltd.
product......: Verbatim SecureSave
description..: Verbatim SecureSave Transparent DVD Access Driver
original name: n/a
internal name: n/a
file version.: 2.5.1.3
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned

Bitte mal den Avenger anwenden:

1.) Lade Dir von hier Avenger:
Swandog46's Public Anti-Malware Tools (Download, linksseitig)

2.) Entpack das zip-Archiv, führe die Datei "avenger.exe" aus (unter Vista per Rechtsklick => als Administrator ausführen). Die Haken unten wie abgebildet setzen:

http://mitglied.lycos.de/efunction/tb123/avenger.png

3.) Kopiere Dir exakt die Zeilen aus dem folgenden Code-Feld:

Code:

files to delete:

C:\Windows\system32\drivers\vereoofn.sys
 

drivers to delete:

vereoofn

4.) Geh in "The Avenger" nun oben auf "Load Script", dort auf "Paste from Clipboard".

5.) Der Code-Text hier aus meinem Beitrag müsste nun unter "Input Script here" in "The Avenger" zu sehen sein.

6.) Falls dem so ist, klick unten rechts auf "Execute". Bestätige die nächste Abfrage mit "Ja", die Frage zu "Reboot now" (Neustart des Systems) ebenso.

7.) Nach dem Neustart erhältst Du ein LogFile von Avenger eingeblendet. Kopiere dessen Inhalt und poste ihn hier.

8.) Die Datei c:\avenger\backup.zip bei File-Upload.net hochladen und hier verlinken

Avengar Logfile:

Logfile of The Avenger Version 2.0, (c) by Swandog46
hxxp://swandog46.geekstogo.com

Platform: Windows Vista

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!

File "C:\Windows\system32\drivers\vereoofn.sys" deleted successfully.
Driver "vereoofn" deleted successfully.

Completed script processing.

*******************

Finished! Terminate.

Download-Link:

hxxp://www.file-upload.net/download-2582145/backup.zip.html

Hallo,
nachdem der Rechner hochgefahren war, wurde die betroffene Datei saimr8y8.dll nochmals angezeigt und von Antivir gelöscht. Ich startete den Rechner neu. Daraufhin kam keine Meldung mehr und Datei saimr8y8.dll war nicht mehr da.
Ich lasse jetzt noch einen Vollscan von meinem System laufen.

Ok, war wohl ein Volltreffer. Ich hab die Datei den Virenscannerherstellern gemailt. :)

Hallo,
ich habe jetzt den Komplettscan des AntiVir durchlaufen lassen.
Keine Funde mehr.

Nochmals vielen Dank für die schnelle und kompetente Hilfe

Flo

Ich würde aber noch nen Durchgang mit CF vorschlagen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix

Lade dir ComboFix hier herunter auf deinen Desktop. Benenne es beim Runterladen um in cofi.exe.

http://saved.im/mtm0nzyzmzd5/cofi.jpg

Dann folgende Anleitung durchlesen und abarbeiten -> CCleaner Systembereinigung

Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.

Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.

Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.

Wichtiger Hinweis:

Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Ist das wirklich notwendig das programm Combofix?

Das hört sich ja ziemlich riskant an.

Kann noch malware auf dem System sein, obwohl schon die verschiedensten Virusprogramme durchgelaufen sind?

Ja, kann. Bei richtiger Anwendung passiert mit CF nichts.

So nun habe ich alles durchlaufen lassen.
Hier das Protokoll

Combofix Logfile:

Code:

ComboFix 10-06-09.01 - Florian 09.06.2010  22:01:26.1.2 - x86

Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.49.1031.18.2045.1093 [GMT 2:00]

ausgeführt von:: c:\users\Florian\Desktop\cofi.exe

SP: Avira AntiVir PersonalEdition *enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

SP: Windows-Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

.
 

((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))

.
 

c:\windows\system32\win.ini
 

.

(((((((((((((((((((((((   Dateien erstellt von 2010-05-09 bis 2010-06-09  ))))))))))))))))))))))))))))))

.
 

2010-06-09 20:10 . 2010-06-09 20:10        --------        d-----w-        c:\users\Default\AppData\Local\temp

2010-06-09 19:26 . 2010-06-09 19:26        --------        d-----w-        c:\program files\CCleaner

2010-06-05 23:40 . 2010-06-05 23:40        --------        d-----w-        c:\users\Florian\AppData\Roaming\Malwarebytes

2010-06-05 23:40 . 2010-04-29 13:39        38224        ----a-w-        c:\windows\system32\drivers\mbamswissarmy.sys

2010-06-05 23:40 . 2010-06-05 23:40        --------        d-----w-        c:\program files\Malwarebytes' Anti-Malware

2010-06-05 23:40 . 2010-06-05 23:40        --------        d-----w-        c:\programdata\Malwarebytes

2010-06-05 23:40 . 2010-04-29 13:39        20952        ----a-w-        c:\windows\system32\drivers\mbam.sys

2010-06-04 18:28 . 2010-06-04 18:31        --------        d-----w-        c:\program files\Trojancheck 6

2010-05-25 19:50 . 2010-04-23 14:13        2048        ----a-w-        c:\windows\system32\tzres.dll

2010-05-15 15:45 . 2010-05-15 15:45        --------        d-----w-        c:\users\Florian\AppData\Roaming\SuperFlexibleSynchronizer

2010-05-15 15:45 . 2010-05-15 15:45        --------        d-----w-        c:\programdata\SuperFlexibleSynchronizer

2010-05-15 15:45 . 2010-05-15 16:02        --------        d-----w-        c:\program files\SuperFlexible

2010-05-13 08:35 . 2010-01-29 15:40        738816        ----a-w-        c:\windows\system32\inetcomm.dll
 

.

((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-06-09 19:23 . 2006-11-02 15:33        608892        ----a-w-        c:\windows\system32\perfc007.dat

2010-06-09 19:23 . 2006-11-02 15:33        2142624        ----a-w-        c:\windows\system32\perfh007.dat

2010-06-09 19:17 . 2008-06-14 11:40        --------        d-----w-        c:\programdata\Google Updater

2010-05-13 17:26 . 2006-11-02 11:18        --------        d-----w-        c:\program files\Windows Mail

2010-05-13 17:26 . 2007-03-28 20:31        --------        d-----w-        c:\programdata\Microsoft Help

2010-05-12 09:21 . 2009-10-02 19:04        221568        ------w-        c:\windows\system32\MpSigStub.exe

2010-05-05 18:00 . 2008-09-10 20:00        --------        d-----w-        c:\program files\McAfee

2010-04-27 20:01 . 2009-10-20 21:13        --------        d-----w-        c:\program files\phonostar-Player

2010-04-27 20:01 . 2010-03-07 14:13        10749840        ----a-w-        c:\users\florian\AppData\Roaming\phonostar GmbH\phonostar-Player\update.exe

2010-04-21 08:38 . 2009-10-20 21:13        1314816        ----a-w-        c:\users\florian\AppData\Roaming\phonostar GmbH\phonostar-Player\skins\phonostarSkin.dll

2010-04-20 18:56 . 2010-04-16 21:45        --------        d-----w-        c:\program files\McAfee Security Scan

2010-04-16 21:45 . 2010-04-16 21:45        --------        d-----w-        c:\programdata\McAfee Security Scan

2010-04-05 18:50 . 2009-07-02 20:02        1956808        ----a-w-        c:\users\florian\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\fpupdateax\fpupdateax.exe

2010-03-28 16:47 . 2010-03-28 16:47        704248        ----a-w-        c:\users\florian\AppData\Roaming\QuickStoresToolbar\unins000.exe

2010-03-26 08:33 . 2010-04-08 20:36        1496064        ----a-w-        c:\users\florian\AppData\Roaming\Mozilla\Firefox\Profiles\knxx9kxs.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll

2010-03-26 08:33 . 2010-04-08 20:36        43008        ----a-w-        c:\users\florian\AppData\Roaming\Mozilla\Firefox\Profiles\knxx9kxs.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbarloader.dll

2010-03-26 08:33 . 2010-04-08 20:36        339456        ----a-w-        c:\users\florian\AppData\Roaming\Mozilla\Firefox\Profiles\knxx9kxs.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff2.dll

2010-03-26 08:32 . 2010-04-08 20:36        346112        ----a-w-        c:\users\florian\AppData\Roaming\Mozilla\Firefox\Profiles\knxx9kxs.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff3.dll

2010-03-14 19:50 . 2007-04-02 18:25        101384        ----a-w-        c:\users\Florian\AppData\Local\GDIPFONTCACHEV1.DAT

2007-10-01 14:29 . 2007-10-01 17:44        28088869        ----a-w-        c:\program files\SUPERsetup.exe

2006-05-03 09:06 . 2007-10-01 18:58        163328        --sh--r-        c:\windows\System32\flvDX.dll

2007-02-21 10:47 . 2007-10-01 18:58        31232        --sh--r-        c:\windows\System32\msfDX.dll

2007-03-29 04:11 . 2007-03-29 04:10        8192        --sha-w-        c:\windows\Users\Default\NTUSER.DAT

.
 

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))

.

.

*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 

REGEDIT4
 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]

"DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2006-11-12 446976]

"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-18 125952]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-06-14 68856]

"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]

"Google Update"="c:\users\Florian\AppData\Local\Google\Update\GoogleUpdate.exe" [2010-03-18 136176]
 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-18 1008184]

"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2006-09-29 151552]

"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-10-03 81920]

"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2006-11-05 221184]

"ECenter"="c:\dell\E-Center\EULALauncher.exe" [2006-11-17 17920]

"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2006-10-03 221184]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]

"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]

"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]

"SigmatelSysTrayApp"="sttray.exe" [2007-02-08 303104]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-04-14 13687328]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-04-14 92704]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-01-11 246504]
 

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)
 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

@="Service"
 

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]

path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk

backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup

backupExtension=.CommonStartup
 

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^VR-NetWorld Auftragsprüfung.lnk]

path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\VR-NetWorld Auftragsprüfung.lnk

backup=c:\windows\pss\VR-NetWorld Auftragsprüfung.lnk.CommonStartup

backupExtension=.CommonStartup
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FreePDF Assistant]

2007-04-25 19:05        311296        ----a-w-        c:\program files\FreePDF_XP\fpassist.exe
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]

2006-12-10 19:52        49152        ----a-w-        c:\program files\HP\HP Software Update\hpwuSchd2.exe
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2007-06-29 04:24        286720        ----a-w-        c:\program files\QuickTime\QTTask.exe
 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]

"DisableMonitoring"=dword:00000001
 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]

"VistaSp2"=hex(b):7c,c6,be,25,84,14,ca,01
 

R2 gupdate1c8cdf3383e5d95;Google Update Service (gupdate1c8cdf3383e5d95);c:\program files\Google\Update\GoogleUpdate.exe [2008-08-29 133104]

R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]

S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [2010-03-26 93320]
 
 

--- Andere Dienste/Treiber im Speicher ---
 

*NewlyCreated* - ANTIVIRSCHEDULERSERVICE

*NewlyCreated* - ANTIVIRSERVICE

*Deregistered* - avgio

*Deregistered* - avipbb
 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

hpdevmgmt        REG_MULTI_SZ           hpqcxs08 hpqddsvc

HPZ12        REG_MULTI_SZ           Pml Driver HPZ12 Net Driver HPZ12

LocalServiceAndNoImpersonation        REG_MULTI_SZ           FontCache

.

Inhalt des "geplante Tasks" Ordners
 

2010-06-09 c:\windows\Tasks\Google Software Updater.job

- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-05-20 19:35]
 

2010-06-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2008-07-10 20:26]
 

2010-06-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2008-07-10 20:26]
 

2010-06-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1163913110-800224953-3621087410-1000Core.job

- c:\users\Florian\AppData\Local\Google\Update\GoogleUpdate.exe [2010-05-04 21:44]
 

2010-06-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1163913110-800224953-3621087410-1000UA.job

- c:\users\Florian\AppData\Local\Google\Update\GoogleUpdate.exe [2010-05-04 21:44]
 

2010-06-09 c:\windows\Tasks\User_Feed_Synchronization-{ED465F8F-CA81-44C7-BD94-989FD94DBCF2}.job

- c:\windows\system32\msfeedssync.exe [2010-03-30 04:54]

.

.

------- Zusätzlicher Suchlauf -------

.

uStart Page = hxxp://www.google.de/

uInternet Settings,ProxyOverride = *.local

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

FF - ProfilePath - c:\users\florian\AppData\Roaming\Mozilla\Firefox\Profiles\knxx9kxs.default\

FF - component: c:\program files\McAfee\SiteAdvisor\components\McFFPlg.dll

FF - component: c:\users\florian\AppData\Roaming\Mozilla\Firefox\Profiles\knxx9kxs.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll

FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll

FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll

FF - plugin: c:\program files\Google\Picasa3\npPicasa2.dll

FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll

FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\npOGAPlugin.dll

FF - plugin: c:\program files\Virtual Earth 3D\npVE3D.dll

FF - plugin: c:\users\Florian\AppData\Local\Google\Update\1.2.183.23\npGoogleOneClick8.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
 

---- FIREFOX Richtlinien ----

c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation",  false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);

.

- - - - Entfernte verwaiste Registrierungseinträge - - - -
 

MSConfigStartUp-Corel Photo Downloader - c:\program files\Corel\Corel Snapfire Plus\PhotoDownloader.exe

MSConfigStartUp-PhonostarAgent - c:\program files\phonostar\ps_agent.exe

MSConfigStartUp-PhonostarTimer - c:\program files\phonostar\ps_timer.exe

MSConfigStartUp-Picasa Media Detector - c:\program files\Picasa2\PicasaMediaDetector.exe
 
 
 

**************************************************************************
 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net

Rootkit scan 2010-06-09 22:10

Windows 6.0.6002 Service Pack 2 NTFS
 

Scanne versteckte Prozesse... 
 

Scanne versteckte Autostarteinträge... 
 

Scanne versteckte Dateien... 
 

Scan erfolgreich abgeschlossen

versteckte Dateien: 0
 

**************************************************************************

.

--------------------- Gesperrte Registrierungsschluessel ---------------------
 

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{0b313745-7c5a-4f34-bb3d-f1d46cb1c42c}]

@DACL=(02 0000)

"Dhcpv6Iaid"=dword:0c0019d1

"Dhcpv6State"=dword:00000000
 

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{294b689e-f136-4107-a481-4d9131633067}]

@DACL=(02 0000)

"Dhcpv6Iaid"=dword:07020054

"Dhcpv6State"=dword:00000000
 

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{9c642153-bfe0-4511-a0b6-e778ddd5ea9e}]

@DACL=(02 0000)

"Dhcpv6Iaid"=dword:07001422

"Dhcpv6State"=dword:00000000
 

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{c16056d0-d12e-4856-8b23-01b144b2e453}]

@DACL=(02 0000)

"Dhcpv6Iaid"=dword:0c001372

"Dhcpv6State"=dword:00000000
 

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{f50c0996-5b4a-4c6a-a322-6e991d4caa0e}]

@DACL=(02 0000)

"Dhcpv6Iaid"=dword:06001422

"Dhcpv6State"=dword:00000000

.

Zeit der Fertigstellung: 2010-06-09  22:13:29

ComboFix-quarantined-files.txt  2010-06-09 20:13
 

Vor Suchlauf: 16 Verzeichnis(se), 156.385.017.856 Bytes frei

Nach Suchlauf: 20 Verzeichnis(se), 157.285.203.968 Bytes frei
 

- - End Of File - - 1ACDEC431E329EA488402267489524FA

--- --- ---

Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SASW und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!

Hier erst mal der
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 4171

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18904

10.06.2010 20:37:55
mbam-log-2010-06-10 (20-37-55).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 387847
Laufzeit: 1 Stunde(n), 37 Minute(n), 16 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)

Der andere Scan mit der Super AntiSpyware läuft noch.

Der hat schon was gefunden :-(
Trojan.Agent/Gen-Kryptik

Der Rest sobald alles durchgelaufen ist

Das gestern war doch nichts. Ich hatte mich da verschaut.

Hier noch das Scanprotokoll:

SUPERAntiSpyware Scann-Protokoll
hxxp://www.superantispyware.com

Generiert 06/11/2010 bei 09:48 PM

Version der Applikation : 4.38.1004

Version der Kern-Datenbank : 5059
Version der Spur-Datenbank : 2871

Scan Art : kompletter Scann
Totale Scann-Zeit : 02:54:17

Gescannte Speicherelemente : 685
Erfasste Speicher-Bedrohungen : 0
Gescannte Register-Elemente : 8764
Erfasste Register-Bedrohungen : 0
Gescannte Datei-Elemente : 267638
Erfasste Datei-Elemente : 0

Nein,
nochmals vielen dank für deine schnelle und super Hilfe.

Gruß Flo

Gut. Dann bitte mit diesem Leitfaden mal die Updates prüfen:

Microsoftupdate

Windows XP: Besuch mit dem IE die MS-Updateseite und lass Dir alle wichtigen Updates installieren.

Windows Vista/7: Anleitung Windows-Update

PDF-Reader aktualisieren
Dein Adobe Reader ist nicht aktuell, was ein großes Sicherheitsrisiko darstellt. Du solltest daher besser die alte Version über Systemsteuerung => Software deinstallieren, indem Du dort auf "Adobe Reader x.0" klickst und das Programm entfernst.

Ich empfehle einen alternativen PDF-Reader wie SumatraPDF oder Foxit PDF Reader, beide sind sehr viel schlanker und flotter als der AdobeReader.

Bitte überprüf bei der Gelegenheit auch die Aktualität des Flashplayers, hier der direkte Downloadlink => http://filepony.de/?q=Flash+Player

Java-Update
Veraltete Java-Installationen sind ein Sicherheitsrisiko, daher solltest Du die alten Versionen löschen (falls vorhanden) und auf die neuste aktualisieren. Beende dazu alle Programme (v.a. die Browser), klick danach auf Start, Systemsteuerung, Software und deinstalliere darüber alle aufgelisteten Java-Versionen. Lad Dir danach von hier das aktuelle Java SE Runtime Environment (JRE) herunter und installiere es.