Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung
Trojaner - TrojanASPX.JS.Win32.It

Trojaner - TrojanASPX.JS.Win32.It


Plagegeister aller Art und deren Bekämpfung: Trojaner - TrojanASPX.JS.Win32.It

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 31.07.2010, 00:52   #1
Snibbel
 
Trojaner - TrojanASPX.JS.Win32.It - Standard

Trojaner - TrojanASPX.JS.Win32.It


Hallo !
Ich hab auch große Probleme mit diesem Sch.... Trojaner.

Habe Malware ausgeführt.

Hier mein Bericht :

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 4372

Windows 6.0.6002 Service Pack 2 (Safe Mode)
Internet Explorer 8.0.6001.18928

31.07.2010 01:43:43
mbam-log-2010-07-31 (01-43-43).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 136283
Laufzeit: 5 Minute(n), 54 Sekunde(n)

Infizierte Speicherprozesse: 2
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 3
Infizierte Registrierungswerte: 3
Infizierte Dateiobjekte der Registrierung: 2
Infizierte Verzeichnisse: 0
Infizierte Dateien: 32

Infizierte Speicherprozesse:
C:\Users\Snibbel\AppData\Local\Temp\wmsdk64_32.exe (Trojan.FakeAlert) -> Unloaded process successfully.
C:\Users\Snibbel\AppData\Local\Temp\wscsvc32.exe (Trojan.FakeAlert) -> Unloaded process successfully.

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{100eb1fd-d03e-47fd-81f3-ee91287f9465} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{a7cddcdc-beeb-4685-a062-978f5e07ceee} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\seekmo (Adware.Seekmo) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\rundll32 (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\24d1ca9a-a864-4f7b-86fe-495eb56529d8 (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\7bde84a2-f58f-46ec-9eac-f1f90fead080 (Malware.Trace) -> Quarantined and deleted successfully.

Infizierte Dateiobjekte der Registrierung:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\.exe\(default) (Hijacked.exeFile) -> Bad: (secfile) Good: (exefile) -> Quarantined and deleted successfully.

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
C:\Users\Snibbel\rundll32.exe (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
C:\Users\Snibbel\AppData\Local\Temp\wmsdk64_32.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Users\Snibbel\AppData\Local\Temp\wscsvc32.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Users\Snibbel\AppData\Local\Temp\tmp43A2.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Users\Snibbel\AppData\Local\Temp\tmp475A.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Users\Snibbel\AppData\Local\Temp\tmp55FA.tmp.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully.
C:\Users\Snibbel\AppData\Local\Temp\tmpCB4A.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Users\Snibbel\AppData\Local\Temp\tmpDA74.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Users\Snibbel\AppData\Local\Temp\asd3429.tmp.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Users\Snibbel\AppData\Local\Temp\asd400B.tmp.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Users\Snibbel\AppData\Local\Temp\asd4383.tmp.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Users\Snibbel\AppData\Local\Temp\asd474A.tmp.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Users\Snibbel\AppData\Local\Temp\asd7B37.tmp.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Users\Snibbel\AppData\Local\Temp\asd976E.tmp.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Users\Snibbel\AppData\Local\Temp\asdCAFC.tmp.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Users\Snibbel\AppData\Local\Temp\tmpF537.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Users\Snibbel\AppData\Local\Temp\dhdhtrdhdrtr5y (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Users\Snibbel\AppData\Local\Temp\topwesitjh (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Users\Snibbel\AppData\Local\Temp\asdD72C.tmp.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Users\Snibbel\AppData\Local\Temp\asdF1C.tmp.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Users\Snibbel\AppData\Local\Temp\asdF601.tmp.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Users\Snibbel\Desktop\AntiVirus.lnk (Rogue.AntiVirus) -> Quarantined and deleted successfully.
C:\Users\Snibbel\Desktop\nudetube.com.lnk (Rogue.Link) -> Quarantined and deleted successfully.
C:\Users\Snibbel\Desktop\pornotube.com.lnk (Rogue.Link) -> Quarantined and deleted successfully.
C:\Users\Snibbel\Desktop\spam001.exe (Malware.Trace) -> Quarantined and deleted successfully.
C:\Users\Snibbel\Desktop\spam003.exe (Malware.Trace) -> Quarantined and deleted successfully.
C:\Users\Snibbel\Desktop\troj000.exe (Malware.Trave) -> Quarantined and deleted successfully.
C:\Users\Snibbel\Desktop\youporn.com.lnk (Rogue.Link) -> Quarantined and deleted successfully.
C:\Users\Snibbel\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Antivirus.lnk (Rogue.AntiVirus) -> Quarantined and deleted successfully.
C:\Users\Snibbel\AppData\Local\Temp\0.6085354555064393.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Users\Snibbel\AppData\Local\Temp\e.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Users\Snibbel\ntload.dll (Trojan.Agent) -> Quarantined and deleted successfully.





Hier jetzt mein OTL.txt :

OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 31.07.2010 01:57:22 - Run 1
OTL by OldTimer - Version 3.2.9.1     Folder = C:\Users\Snibbel\Desktop\virus
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18928)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 39,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 71,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 221,19 Gb Total Space | 4,24 Gb Free Space | 1,92% Space Free | Partition Type: NTFS
Drive D: | 11,70 Gb Total Space | 2,17 Gb Free Space | 18,55% Space Free | Partition Type: NTFS
Drive E: | 177,03 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive F: | 1,87 Gb Total Space | 0,84 Gb Free Space | 45,01% Space Free | Partition Type: FAT
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: ***
Current User Name: ***
Logged in as Administrator.
 
Cannot determine boot mode.
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Snibbel\Desktop\virus\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Microsoft Office\OFFICE11\OUTLOOK.EXE (Microsoft Corporation)
PRC - C:\Programme\Internet Explorer\iexplore.exe (Microsoft Corporation)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
PRC - C:\Programme\Microsoft Office\OFFICE11\WINWORD.EXE (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\System32\conime.exe (Microsoft Corporation)
PRC - C:\Programme\TeamViewer\Version4\TeamViewer_Service.exe (TeamViewer GmbH)
PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
PRC - C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
PRC - C:\Programme\Adobe\Reader 8.0\Reader\AcroRd32.exe (Adobe Systems Incorporated)
PRC - C:\Programme\Common Files\InterVideo\DeviceService\DevSvc.exe (InterVideo Inc.)
PRC - C:\Programme\WinTV\EPG Services\System\EPGService.exe (Hauppauge Computer Works)
PRC - C:\Programme\Common Files\microsoft shared\VS7DEBUG\MDM.EXE (Microsoft Corporation)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\Snibbel\Desktop\virus\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll (Microsoft Corporation)
MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (WPFFontCache_v0400) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe (Microsoft Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation)
SRV - (TeamViewer4) -- C:\Program Files\TeamViewer\Version4\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (IAANTMON) Intel(R) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
SRV - (Capture Device Service) -- C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe (InterVideo Inc.)
SRV - (Com4Qlb) -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe (Hewlett-Packard Development Company, L.P.)
SRV - (EPGService) -- C:\Programme\WinTV\EPG Services\System\EPGService.exe (Hauppauge Computer Works)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (SymIMMP) -- C:\Windows\System32\DRIVERS\SymIM.sys File not found
DRV - (NwlnkFwd) -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- C:\Windows\System32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- C:\Windows\System32\DRIVERS\ipinip.sys File not found
DRV - (InCDRm) -- C:\Windows\System32\drivers\InCDRm.sys File not found
DRV - (InCDPass) -- C:\Windows\System32\drivers\InCDPass.sys File not found
DRV - (InCDFs) -- C:\Windows\System32\drivers\InCDFs.sys File not found
DRV - (blbdrive) -- C:\Windows\System32\drivers\blbdrive.sys File not found
DRV - (MBAMSwissArmy) -- C:\Windows\System32\drivers\mbamswissarmy.sys (Malwarebytes Corporation)
DRV - (smserial) -- C:\Windows\System32\drivers\smserial.sys (Motorola Inc.)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (usbaudio) USB-Audiotreiber (WDM) -- C:\Windows\System32\drivers\USBAUDIO.sys (Microsoft Corporation)
DRV - (NETw5v32) Intel(R) -- C:\Windows\System32\drivers\NETw5v32.sys (Intel Corporation)
DRV - (KMWDFILTER) -- C:\Windows\System32\drivers\KMWDFILTER.sys (Windows (R) Codename Longhorn DDK provider)
DRV - (SynTP) -- C:\Windows\System32\drivers\SynTP.sys (Synaptics, Inc.)
DRV - (hcw66xxx) -- C:\Windows\System32\drivers\hcw66xxx.sys (Hauppauge Computer Works, Inc.)
DRV - (MODEMCSA) -- C:\Windows\System32\drivers\MODEMCSA.sys (Microsoft Corporation)
DRV - ({22D78859-9CE9-4B77-BF18-AC83E81A9263}) -- C:\Programme\Hp\QuickPlay\000.fcl (Cyberlink Corp.)
DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation                                            )
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.)
DRV - (iaStor) -- C:\Windows\system32\DRIVERS\iaStor.sys (Intel Corporation)
DRV - (HpqRemHid) -- C:\Windows\System32\drivers\HpqRemHid.sys (Hewlett-Packard Development Company, L.P.)
DRV - (NETw4v32) Intel(R) -- C:\Windows\System32\drivers\NETw4v32.sys (Intel Corporation)
DRV - (s117obex) -- C:\Windows\System32\drivers\s117obex.sys (MCCI Corporation)
DRV - (s117mdm) -- C:\Windows\System32\drivers\s117mdm.sys (MCCI Corporation)
DRV - (s117mgmt) Sony Ericsson Device 117 USB WMC Device Management Drivers (WDM) -- C:\Windows\System32\drivers\s117mgmt.sys (MCCI Corporation)
DRV - (s117unic) Sony Ericsson Device 117 USB Ethernet Emulation SEMC117 (WDM) -- C:\Windows\System32\drivers\s117unic.sys (MCCI Corporation)
DRV - (s117nd5) Sony Ericsson Device 117 USB Ethernet Emulation SEMC117 (NDIS) -- C:\Windows\System32\drivers\s117nd5.sys (MCCI Corporation)
DRV - (s117mdfl) -- C:\Windows\System32\drivers\s117mdfl.sys (MCCI Corporation)
DRV - (s117bus) Sony Ericsson Device 117 driver (WDM) -- C:\Windows\System32\drivers\s117bus.sys (MCCI Corporation)
DRV - (HpqKbFiltr) -- C:\Windows\System32\drivers\HpqKbFiltr.sys (Hewlett-Packard Development Company, L.P.)
DRV - (rismxdp) -- C:\Windows\System32\drivers\rixdptsk.sys (REDC)
DRV - (rimmptsk) -- C:\Windows\System32\drivers\rimmptsk.sys (REDC)
DRV - (rimsptsk) -- C:\Windows\System32\drivers\rimsptsk.sys (REDC)
DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (SiSRaid2) -- C:\Windows\system32\drivers\sisraid2.sys (Silicon Integrated Systems Corp.)
DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Logic Corporation)
DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (HSF_DPV) -- C:\Windows\System32\drivers\VSTDPV3.SYS (Conexant Systems, Inc.)
DRV - (HSFHWAZL) -- C:\Windows\System32\drivers\VSTAZL3.SYS (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\Windows\System32\drivers\VSTCNXT3.SYS (Conexant Systems, Inc.)
DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)
DRV - (BCM43XV) -- C:\Windows\System32\drivers\BCMWL6.SYS (Broadcom Corporation)
DRV - (ialm) -- C:\Windows\System32\drivers\igdkmd32.sys (Intel Corporation)
DRV - (FWLANUSB) -- C:\Windows\System32\drivers\fwlanusb.sys (AVM GmbH)
DRV - (ElbyDelay) -- C:\Windows\System32\drivers\ElbyDelay.sys (Elaborate Bytes AG)
DRV - (ElbyCDIO) -- C:\Windows\System32\drivers\ElbyCDIO.sys (Elaborate Bytes AG)
DRV - (Nsynas32) -- C:\Windows\System32\drivers\NSynas32.sys (Syncrosoft Hard- und Software GmbH)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=81&bd=Pavilion&pf=laptop
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=81&bd=Pavilion&pf=laptop
IE - HKLM\..\URLSearchHook: {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Programme\Winamp Toolbar\winamptb.dll (AOL LLC.)
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.wetteronline.de/cgi-bin/regframe?3&LANG=de&PLZ=21635&PLZN=Jork&PROG=citybild&PRG=citybild
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Programme\Winamp Toolbar\winamptb.dll (AOL LLC.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
 
 
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Programme\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (Winamp Toolbar Loader) - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Programme\Winamp Toolbar\winamptb.dll (AOL LLC.)
O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No CLSID value found.
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Winamp Toolbar) - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Programme\Winamp Toolbar\winamptb.dll (AOL LLC.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Winamp Toolbar) - {EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} - C:\Programme\Winamp Toolbar\winamptb.dll (AOL LLC.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Programme\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [EPGServiceTool] C:\Programme\WinTV\EPG Services\System\EPGClient.exe (Hauppauge Inc.)
O4 - HKLM..\Run: [Google Quick Search Box] C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe (Google Inc.)
O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Programme\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [IAAnotif] C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Windows\System32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NWEReboot]  File not found
O4 - HKLM..\Run: [PSDrvCheck] C:\Windows\System32\PSDrvCheck.exe ()
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [rundll32] C:\Windows\System32\ntload.exe ()
O4 - HKLM..\Run: [SMSERIAL] C:\Programme\Motorola\SMSERIAL\sm56hlpr.exe (Motorola Inc.)
O4 - HKLM..\Run: [SynTPStart] C:\Programme\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [UCam_Menu] C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UVS11 Preload] C:\Programme\Ulead Systems\Ulead VideoStudio 11\uvPL.exe (InterVideo Digital Technology Corporation)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe ()
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
O4 - HKCU..\Run: [eMuleAutoStart] C:\Program Files\eMule\emule.exe (hxxp://www.emule-project.net)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKCU..\RunOnce: [Shockwave Updater] C:\Windows\System32\Adobe\Shockwave 11\SwHelper_1151601.exe -Update -1151601 -Mozilla\4.0 (compatible; MSIE 8.0; Windows NT 6.0; Trident\4.0;  File not found
O4 - Startup: C:\Users\Snibbel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Product Registration.lnk = C:\Users\Snibbel\AppData\Local\Temp\is-TAENE.tmp\ATR1.exe File not found
O8 - Extra context menu item: &Winamp Search - C:\ProgramData\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html ()
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll (Google Inc.)
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Programme\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programme\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Ranges: Range1 ([http] in Lokales Intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Snibbel\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Snibbel\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2005.09.11 17:18:54 | 000,000,340 | -HS- | M] () - D:\AUTOMODE -- [ NTFS ]
O32 - AutoRun File - [2005.09.16 13:09:26 | 000,628,224 | R--- | M] () - E:\Autorun.exe -- [ CDFS ]
O32 - AutoRun File - [2005.09.16 12:49:27 | 000,000,035 | R--- | M] () - E:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{477fd04d-902b-11df-8aab-001e6830c4f2}\Shell\AutoRun\command - "" = G:\pccompanion\Startme.exe -- File not found
O33 - MountPoints2\{477fd04d-902b-11df-8aab-001e6830c4f2}\Shell\menu1\command - "" = G:\pccompanion\Startme.exe -- File not found
O33 - MountPoints2\{559223c6-b3c6-11dd-9e54-001e6830c4f2}\Shell - "" = AutoRun
O33 - MountPoints2\{559223c6-b3c6-11dd-9e54-001e6830c4f2}\Shell\AutoRun\command - "" = H:\pushinst.exe -- File not found
O33 - MountPoints2\{d83e3dfa-0fd1-11dd-9171-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{d83e3dfa-0fd1-11dd-9171-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Autorun.exe -- [2005.09.16 13:09:26 | 000,628,224 | R--- | M] ()
O33 - MountPoints2\{dddce3d2-180e-11dd-bcb5-001e6830c4f2}\Shell - "" = AutoRun
O33 - MountPoints2\{dddce3d2-180e-11dd-bcb5-001e6830c4f2}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -- File not found
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found
 
========== Files/Folders - Created Within 30 Days ==========
 
[2010.07.31 01:27:06 | 000,000,000 | ---D | C] -- C:\Users\Snibbel\AppData\Roaming\Malwarebytes
[2010.07.31 01:26:50 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010.07.31 01:26:49 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010.07.31 01:26:49 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2010.07.31 01:26:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010.07.31 01:16:25 | 000,000,000 | ---D | C] -- C:\Programme\CCleaner
[2010.07.31 01:14:44 | 000,000,000 | ---D | C] -- C:\Users\Snibbel\Desktop\virus
[2010.07.31 00:57:04 | 000,000,000 | ---D | C] -- C:\Programme\AnVi
[2010.07.31 00:39:09 | 000,000,000 | -HSD | C] -- C:\found.000
[2010.07.30 21:47:55 | 000,000,000 | ---D | C] -- C:\Neueinsteiger_vom_02.08.2010
[2010.07.29 17:46:31 | 000,061,952 | ---- | C] (SEIKO EPSON CORP.) -- C:\Windows\System32\escwiad.dll
[2010.07.29 17:46:31 | 000,000,000 | ---D | C] -- C:\Programme\epson
[2010.07.06 21:21:07 | 000,000,000 | ---D | C] -- C:\Blaupunkt.Teleatlas.Alpen.DX.2009-2010.GERMAN
[2010.07.03 22:49:29 | 000,000,000 | ---D | C] -- C:\Neueinsteiger_vom_05.07.2010
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2010.07.31 01:58:25 | 003,670,016 | -HS- | M] () -- C:\Users\Snibbel\NTUSER.DAT
[2010.07.31 01:38:37 | 000,104,344 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010.07.31 01:38:37 | 000,064,600 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2010.07.31 01:38:37 | 000,016,418 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010.07.31 01:38:37 | 000,016,202 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2010.07.31 01:38:37 | 000,008,168 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010.07.31 01:26:52 | 000,000,818 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.07.31 01:16:26 | 000,000,804 | ---- | M] () -- C:\Users\Snibbel\Desktop\CCleaner.lnk
[2010.07.31 01:15:00 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010.07.31 01:13:41 | 000,001,601 | ---- | M] () -- C:\Users\Snibbel\Desktop\Antivirus Support.lnk
[2010.07.31 01:05:49 | 044,151,368 | ---- | M] () -- C:\Users\Snibbel\Desktop\avira_antivir_personal_de.exe
[2010.07.31 01:03:29 | 000,001,052 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2010.07.31 01:01:39 | 000,000,069 | ---- | M] () -- C:\Windows\NeroDigital.ini
[2010.07.31 00:59:52 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010.07.31 00:59:49 | 000,164,189 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2010.07.31 00:59:49 | 000,164,189 | ---- | M] () -- C:\ProgramData\nvModes.001
[2010.07.31 00:59:36 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010.07.31 00:59:17 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.07.31 00:58:49 | 000,464,416 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010.07.31 00:58:45 | 2145,837,056 | -HS- | M] () -- C:\hiberfil.sys
[2010.07.31 00:57:09 | 000,524,288 | -HS- | M] () -- C:\Users\Snibbel\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2010.07.31 00:57:09 | 000,065,536 | -HS- | M] () -- C:\Users\Snibbel\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2010.07.31 00:53:23 | 000,001,356 | ---- | M] () -- C:\Users\Snibbel\AppData\Local\d3d9caps.dat
[2010.07.31 00:40:51 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010.07.31 00:40:51 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010.07.31 00:33:25 | 000,000,163 | ---- | M] () -- C:\Users\Public\Documents\hpqp.ini
[2010.07.30 23:55:03 | 042,341,360 | ---- | M] () -- C:\Users\Snibbel\Documents\avira_antivir_personal_de.exe
[2010.07.30 22:48:35 | 000,036,864 | ---- | M] () -- C:\Users\Snibbel\Documents\LAS VEGAS.doc
[2010.07.30 19:22:33 | 000,000,422 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{29D99BA3-B254-4D65-9F55-61E2E2BD38DC}.job
[2010.07.29 17:46:31 | 000,000,765 | ---- | M] () -- C:\Users\Public\Desktop\EPSON Scan.lnk
[2010.07.29 17:45:55 | 020,093,440 | ---- | M] () -- C:\Users\Snibbel\Documents\epson31775eu.exe
[2010.07.28 13:15:26 | 000,001,971 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2010.07.24 20:21:47 | 000,008,327 | ---- | M] () -- C:\Windows\System32\hpasset.xml
[2010.07.22 22:14:56 | 000,016,384 | ---- | M] () -- C:\Users\Snibbel\Desktop\Lennis Panninis.xls
[2010.07.21 22:13:35 | 000,179,200 | ---- | M] () -- C:\Users\Snibbel\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.07.20 12:07:24 | 000,062,199 | ---- | M] () -- C:\Users\Snibbel\Desktop\mario
[2010.07.18 22:24:54 | 000,018,432 | ---- | M] () -- C:\Users\Snibbel\Desktop\Las Vegas.xls
[2010.07.10 23:12:57 | 000,008,327 | ---- | M] () -- C:\Windows\System32\hpasset.xml.bkp
[2010.07.05 22:26:09 | 004,965,389 | ---- | M] () -- C:\Users\Snibbel\Documents\velile_
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2010.07.31 01:26:52 | 000,000,818 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.07.31 01:16:26 | 000,000,804 | ---- | C] () -- C:\Users\Snibbel\Desktop\CCleaner.lnk
[2010.07.31 01:13:41 | 000,001,601 | ---- | C] () -- C:\Users\Snibbel\Desktop\Antivirus Support.lnk
[2010.07.31 00:58:45 | 2145,837,056 | -HS- | C] () -- C:\hiberfil.sys
[2010.07.31 00:28:40 | 044,151,368 | ---- | C] () -- C:\Users\Snibbel\Desktop\avira_antivir_personal_de.exe
[2010.07.30 23:55:03 | 042,341,360 | ---- | C] () -- C:\Users\Snibbel\Documents\avira_antivir_personal_de.exe
[2010.07.29 22:34:08 | 000,036,864 | ---- | C] () -- C:\Users\Snibbel\Documents\LAS VEGAS.doc
[2010.07.29 17:46:31 | 000,000,765 | ---- | C] () -- C:\Users\Public\Desktop\EPSON Scan.lnk
[2010.07.29 17:45:48 | 020,093,440 | ---- | C] () -- C:\Users\Snibbel\Documents\epson31775eu.exe
[2010.07.22 22:14:56 | 000,016,384 | ---- | C] () -- C:\Users\Snibbel\Desktop\Lennis Panninis.xls
[2010.07.20 12:07:24 | 000,062,199 | ---- | C] () -- C:\Users\Snibbel\Desktop\mario
[2010.07.18 13:21:24 | 000,018,432 | ---- | C] () -- C:\Users\Snibbel\Desktop\Las Vegas.xls
[2010.07.05 22:26:09 | 004,965,389 | ---- | C] () -- C:\Users\Snibbel\Documents\velile_
[2010.05.16 15:48:19 | 000,045,056 | ---- | C] () -- C:\Windows\System32\bgspmnt.dll
[2010.05.16 15:47:57 | 000,000,571 | ---- | C] () -- C:\Windows\System32\FeMakro.ini
[2010.05.16 15:47:57 | 000,000,497 | ---- | C] () -- C:\Windows\System32\FeAnim.ini
[2010.01.22 19:50:20 | 000,043,520 | ---- | C] () -- C:\Windows\System32\CmdLineExt03.dll
[2009.11.15 22:41:06 | 000,000,125 | ---- | C] () -- C:\Windows\HSCOUNT.INI
[2009.10.23 17:25:45 | 000,197,120 | ---- | C] () -- C:\Windows\patchw32.dll
[2009.09.04 22:53:54 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2009.07.16 12:03:39 | 000,000,118 | ---- | C] () -- C:\Windows\System32\MRT.INI
[2009.06.04 17:57:57 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009.05.19 22:26:25 | 000,000,000 | ---- | C] () -- C:\Windows\PROTOCOL.INI
[2008.11.09 17:29:45 | 000,210,456 | ---- | C] () -- C:\Windows\System32\IVIresizeW7.dll
[2008.11.09 17:29:45 | 000,206,360 | ---- | C] () -- C:\Windows\System32\IVIresizeA6.dll
[2008.11.09 17:29:45 | 000,198,168 | ---- | C] () -- C:\Windows\System32\IVIresizeP6.dll
[2008.11.09 17:29:45 | 000,198,168 | ---- | C] () -- C:\Windows\System32\IVIresizeM6.dll
[2008.11.09 17:29:45 | 000,194,072 | ---- | C] () -- C:\Windows\System32\IVIresizePX.dll
[2008.11.09 17:29:45 | 000,026,136 | ---- | C] () -- C:\Windows\System32\IVIresize.dll
[2008.11.01 21:33:06 | 000,000,321 | ---- | C] () -- C:\Windows\System32\XMLConfig_SYSID.ini
[2008.05.30 17:17:37 | 000,000,399 | ---- | C] () -- C:\Windows\vtplus32.ini
[2008.05.30 17:16:44 | 000,000,030 | ---- | C] () -- C:\Windows\System32\UNWISE.INI
[2008.05.30 17:15:38 | 000,032,133 | ---- | C] () -- C:\Windows\Irremote.ini
[2008.05.30 17:15:27 | 000,065,536 | ---- | C] () -- C:\Windows\System32\dmcrypto.dll
[2008.05.30 17:14:28 | 000,000,507 | ---- | C] () -- C:\Windows\ODBC.INI
[2008.05.30 17:14:26 | 000,163,840 | ---- | C] () -- C:\Windows\System32\hcwChDB.dll
[2008.05.30 17:13:02 | 000,004,527 | ---- | C] () -- C:\Windows\HCWPNP.INI
[2008.03.18 02:38:33 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll
[2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 12:25:21 | 000,061,440 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.03.10 00:58:00 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2004.10.27 00:39:05 | 003,375,104 | ---- | C] () -- C:\Windows\System32\qt-mt331.dll
[2004.03.01 09:43:09 | 000,077,824 | ---- | C] () -- C:\Windows\System32\MMSwitch.dll
[2004.03.01 07:53:21 | 000,679,936 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2003.09.30 11:47:47 | 000,921,600 | ---- | C] () -- C:\Windows\System32\VorbisEnc.dll
[2003.09.30 11:47:47 | 000,344,064 | ---- | C] () -- C:\Windows\System32\xvid.dll
[2003.09.30 11:47:47 | 000,188,416 | ---- | C] () -- C:\Windows\System32\vorbis.dll
[2003.09.30 11:47:47 | 000,155,136 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2003.09.30 11:47:46 | 000,237,568 | ---- | C] () -- C:\Windows\System32\OggDS.dll
[2003.09.30 11:47:46 | 000,045,056 | ---- | C] () -- C:\Windows\System32\ogg.dll
[2003.02.20 18:53:42 | 000,005,702 | ---- | C] () -- C:\Windows\System32\OUTLPERF.INI
 
========== LOP Check ==========
 
[2009.11.15 22:59:44 | 000,000,000 | ---D | M] -- C:\Users\Snibbel\AppData\Roaming\aborange
[2009.10.23 17:15:32 | 000,000,000 | ---D | M] -- C:\Users\Snibbel\AppData\Roaming\Atari
[2010.01.22 19:49:59 | 000,000,000 | ---D | M] -- C:\Users\Snibbel\AppData\Roaming\Leadertech
[2008.05.25 21:41:24 | 000,000,000 | ---D | M] -- C:\Users\Snibbel\AppData\Roaming\Opera
[2010.05.16 15:48:17 | 000,000,000 | ---D | M] -- C:\Users\Snibbel\AppData\Roaming\pdfMachine
[2009.10.07 21:19:39 | 000,000,000 | ---D | M] -- C:\Users\Snibbel\AppData\Roaming\SCHLECKERFotobuch
[2009.05.19 22:32:01 | 000,000,000 | ---D | M] -- C:\Users\Snibbel\AppData\Roaming\Steinberg
[2009.05.31 14:54:04 | 000,000,000 | ---D | M] -- C:\Users\Snibbel\AppData\Roaming\TeamViewer
[2008.05.25 21:59:34 | 000,000,000 | ---D | M] -- C:\Users\Snibbel\AppData\Roaming\Thunderbird
[2008.11.09 16:44:36 | 000,000,000 | ---D | M] -- C:\Users\Snibbel\AppData\Roaming\Ulead Systems
[2010.07.31 00:40:39 | 000,032,530 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2010.07.30 19:22:33 | 000,000,422 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{29D99BA3-B254-4D65-9F55-61E2E2BD38DC}.job
 
========== Purity Check ==========
 
 
< End of report >
--- --- ---






Und hier jetzt mein Extras.txt :

OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 31.07.2010 01:57:22 - Run 1
OTL by OldTimer - Version 3.2.9.1     Folder = C:\Users\Snibbel\Desktop\virus
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18928)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 39,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 71,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 221,19 Gb Total Space | 4,24 Gb Free Space | 1,92% Space Free | Partition Type: NTFS
Drive D: | 11,70 Gb Total Space | 2,17 Gb Free Space | 18,55% Space Free | Partition Type: NTFS
Drive E: | 177,03 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive F: | 1,87 Gb Total Space | 0,84 Gb Free Space | 45,01% Space Free | Partition Type: FAT
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: ***
Current User Name: ***
Logged in as Administrator.
 
Cannot determine boot mode.
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.exe [@ = exefile] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Meine Penny Fotowelt] -- "C:\Program Files\Penny\Meine Penny Fotowelt\Meine Penny Fotowelt.exe" "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
"UacDisableNotify" = 0
"InternetSettingsDisableNotify" = 0
"AutoUpdateDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{014C1D79-1537-4539-876E-FE818550974A}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{1B66CB4F-FC65-4FF1-B449-0504A5B833B2}" = rport=445 | protocol=6 | dir=out | app=system | 
"{2243A42E-B520-4EF5-B28E-944AFCA868BD}" = lport=139 | protocol=6 | dir=in | app=system | 
"{2570A2B4-E95C-45CF-B71A-B3951F9AE58E}" = lport=138 | protocol=17 | dir=in | app=system | 
"{2B3F72B8-A661-4CCC-AEFA-07D53D048421}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{3459CFA7-83D8-4C55-9381-3D49138B5F15}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{3F2A2F29-02BC-439A-9A7E-22D45545B66F}" = lport=19978 | protocol=17 | dir=in | name=e2 | 
"{3FBD5BF4-416A-4696-955A-5A7153C58EFE}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{409A2710-43E6-405E-8999-4F46C156F18A}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{467D69EE-7C9C-452E-B1E8-B524BE2A7898}" = lport=54031 | protocol=6 | dir=in | name=e1 | 
"{47F017B6-AA7D-4C0B-A5E8-3471C3270C7E}" = lport=137 | protocol=17 | dir=in | app=system | 
"{613F1883-B0F7-4734-A2AE-0F4BC989EE3F}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{635AF67F-3ADF-45E5-A395-590258CD3839}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{687726C4-C1B5-44EC-B8EA-2C244C3B8867}" = rport=137 | protocol=17 | dir=out | app=system | 
"{7B482964-F990-4410-8A04-BB6737847C10}" = rport=139 | protocol=6 | dir=out | app=system | 
"{8D7E6628-EA4D-4C42-878C-4581D7E3DC26}" = lport=445 | protocol=6 | dir=in | app=system | 
"{C4A31432-AC7E-48F1-9B18-F3CB5437A16D}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{C4DFB0E7-D5FB-4C33-BC8C-7D38E0AB107A}" = rport=138 | protocol=17 | dir=out | app=system | 
"{E24C4C7E-802E-47FC-B00A-DB136BB76B03}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{E5734721-BB4B-46BB-8849-4FEBC0AF855B}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{EE3187A0-8E87-4588-B1D3-E2FB6BAD72D8}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{F6C0C335-E337-46E7-991E-318DC084649A}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0CE7FC23-FA0B-4827-BBFB-D927CD96987E}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{125962B0-34BD-41B2-BA8A-34D197DC9831}" = dir=in | app=c:\program files\msn messenger\livecall.exe | 
"{16D06006-78B7-4840-9A6A-E38308877A7A}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{24A99777-C5D0-4625-AA51-32551F487C2A}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{33D51F77-7241-4CB0-9380-7116DE50D445}" = dir=in | app=c:\program files\msn messenger\msnmsgr.exe | 
"{6031C75C-D32C-4764-A9AF-86A4C22C59AE}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe | 
"{7B88591F-7DCC-4130-863B-B26BA121BE2F}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{7E24A5A6-C5A0-426A-ADF9-9069A229C5A1}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe | 
"{8446AA56-3AF4-4A1F-AEF8-9673959C0E18}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{873F6E8B-106C-4D8F-B1AA-2EC1325C432E}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe | 
"{89BB1231-205F-480A-A8E1-CE3490E60FCE}" = dir=in | app=c:\program files\hp\quickplay\qpservice.exe | 
"{9E583995-34FA-4D24-B879-2C68D96E794A}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe | 
"{B0EA7CAB-79BB-4E61-8C52-194751D99F3A}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{BB0AF04C-F38E-42A4-A1FC-84144F89E9BB}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe | 
"{C10DF016-4331-4672-A1BC-39FE242B2CC8}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{C589D846-7A21-4FA4-AF21-73F454AAF32F}" = dir=in | app=c:\program files\hp\quickplay\qp.exe | 
"{C9CFA69C-CD36-4096-A1AC-E0630EC9D68D}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{D1306AE5-1904-449E-891D-C71BBBC9A5FD}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{D36AE76E-05AD-4FCA-ACBE-D837FC9E2A60}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"TCP Query User{14B08E7C-B604-4C1A-AAD9-BA76C67F58B6}C:\program files\emule\emule.exe" = protocol=6 | dir=in | app=c:\program files\emule\emule.exe | 
"TCP Query User{29B6D3E7-A1BB-47D8-B791-AD5990953DAC}C:\users\snibbel\rundll32.exe" = protocol=6 | dir=in | app=c:\users\snibbel\rundll32.exe | 
"TCP Query User{9E982BF9-E8E2-469C-86D1-AD17D74A58CB}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"TCP Query User{B90BA416-B7C2-4559-BCD2-A38356A19985}C:\users\snibbel\temp\teamviewer\version4\teamviewer.exe" = protocol=6 | dir=in | app=c:\users\snibbel\temp\teamviewer\version4\teamviewer.exe | 
"TCP Query User{D39AD851-43DC-47BF-8E5F-38FC16FA41DD}C:\program files\dream media player\webvid.exe" = protocol=6 | dir=in | app=c:\program files\dream media player\webvid.exe | 
"TCP Query User{D3F6B752-6BBD-44C4-90BC-8B59C36A12D3}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"TCP Query User{D5227F5D-D3B6-42C0-AC04-A63A5711BE1F}C:\program files\emule\emule.exe" = protocol=6 | dir=in | app=c:\program files\emule\emule.exe | 
"TCP Query User{E708910C-59DE-436A-A5C6-50DF487FA64A}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe | 
"UDP Query User{040A3451-559D-4AFE-9BC3-7CB4F4B0582E}C:\users\snibbel\temp\teamviewer\version4\teamviewer.exe" = protocol=17 | dir=in | app=c:\users\snibbel\temp\teamviewer\version4\teamviewer.exe | 
"UDP Query User{1553A919-E1F5-4EF5-89D9-1DF7D8FC6F46}C:\program files\emule\emule.exe" = protocol=17 | dir=in | app=c:\program files\emule\emule.exe | 
"UDP Query User{3A545485-A9AC-46AC-991B-41F7DCCE4278}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"UDP Query User{3A78071D-069A-411A-87B1-EF31161FAC71}C:\users\snibbel\rundll32.exe" = protocol=17 | dir=in | app=c:\users\snibbel\rundll32.exe | 
"UDP Query User{5DFA0F24-5781-4CE2-88D9-7E822A6AB7CB}C:\program files\dream media player\webvid.exe" = protocol=17 | dir=in | app=c:\program files\dream media player\webvid.exe | 
"UDP Query User{602530B8-049E-4080-9747-12F792FA517B}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"UDP Query User{6EF193E8-71DC-4022-AADD-6F55C049456C}C:\program files\emule\emule.exe" = protocol=17 | dir=in | app=c:\program files\emule\emule.exe | 
"UDP Query User{CE3622ED-5FF2-4516-ADA1-AF2CC07109E8}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{082702D5-5DD8-4600-BCE5-48B15174687F}" = HP Doc Viewer
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1BDC9633-895B-4842-BCB6-8FA1EC2A3C5A}" = Adobe Shockwave Player
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = DVD Suite
"{2227E1FA-01F5-483C-AB0E-2A308E900B3D}" = InterVideo FilterSDK for Hauppauge
"{228C6B46-64E2-404E-898A-EF0830603EF4}" = HPNetworkAssistant
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{254C37AA-6B72-4300-84F6-98A82419187E}" = Hewlett-Packard Active Check for Health Check
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 16
"{2CA6B50B-EA91-43AF-9347-6E85F16D0329}" = enter3D
"{31216452-5540-4C96-B754-94890A63D5AB}" = HP Help and Support
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java(TM) 6 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.30 E1
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{3AC54383-31D1-4907-961B-B12CBB1D0AE8}" = MobileMe Control Panel
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D356AA9-2D0C-4373-A762-B42F1A289233}" = MSCU for Microsoft Vista
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP QuickPlay 3.6
"{4781569D-5404-1F26-4B2B-6DF444441031}" = Nero 7 Premium
"{4D49757C-367A-4333-BDB3-68966162B14E}" = HP User Guides 0087
"{521AAD14-5030-44BB-8B0E-5CE65FCE57E0}" = InterVideo DeviceService
"{55BE8D91-90FA-4CC2-8BFD-A5A28E9999A4}" = ArCon 2005
"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01
"{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}" = Skype™ 3.8
"{5DAA9C36-8F8B-462F-8CCA-E205BC3751F5}" = HP Active Support Library
"{65AA10FF-6F32-48AE-881F-FC96E7BF3A5E}" = ESU for Microsoft Vista
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = Hewlett-Packard Asset Agent for Health Check
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{7059BDA7-E1DB-442C-B7A1-6144596720A4}" = HP Update
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{729E66B3-1B80-4F9F-8D59-342A89633E0A}_is1" = Dream Media Player 1.0
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7DC4A410-9986-4329-9E5D-687B2C42CA39}" = HP QuickTouch 1.00 C4
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{907B4640-266B-4A21-92FB-CD1A86CD0F63}" = RollerCoaster Tycoon 3
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{9885A11E-60E4-417C-B58B-8B31B21C0B8A}" = HP Easy Setup - Frontend
"{990036E7-D647-45A4-8F7F-1CB277EF0ABD}" = RollerCoaster Tycoon 3 Demo
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AC76BA86-7AD7-1031-7B44-A81300000003}" = Adobe Reader 8.1.5 - Deutsch
"{AC76BA86-7AD7-1031-7B44-A81300000003}_814" = KB408682
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{b02df929-29a7-4fd2-9a70-81a644b635f7}" = HP Total Care Advisor
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{BD0E2B92-3814-46F0-893B-4612EA010C7E}" = HP Customer Experience Enhancements
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CBAE4F50-9FC9-4557-AB36-9826DF3C103C}" = HP Wireless Assistant
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow!
"{D6E4E5D6-7693-4BB4-95BA-21F38FAFEE90}" = Safari
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F439D7AF-03F3-4F8E-AEC4-571BFE977C61}" = iTunes
"{F7B0939E-58DF-11DF-B3A6-005056806466}" = Google Earth
"{F99F9E24-EE2F-47FD-AEB0-FDB82859B5C9}" = VideoStudio
"aborange DayDisplay_is1" = aborange DayDisplay - Deinstallation
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Alcatech BPM Studio Professional v4.9.1" = Alcatech BPM Studio Professional v4.9.1
"BPM-Studio 4 Profi" = BPM-Studio 4 Profi
"CCleaner" = CCleaner
"CloneDVD2" = CloneDVD2
"Cool's_Codec_pack_4.12" = Codec Pack - All In 1 6.0.2.4
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"eMule" = eMule
"EPSON Scanner" = EPSON Scan
"GIOCD-SE" = get it on CD
"Google Chrome" = Google Chrome
"Google Updater" = Google Updater
"Hauppauge MCE2005 Software Encoder" = Hauppauge MCE XP/Vista Software Encoder (2.0.26057)
"Hauppauge WinTV" = Hauppauge WinTV
"Hauppauge WinTV DVB-T EPG Service" = Hauppauge WinTV DVB-T EPG Service
"Hauppauge WinTV Infrared Remote" = Hauppauge WinTV Infrared Remote
"Hauppauge WinTV Scheduler" = Hauppauge WinTV Scheduler
"Hauppauge WinTV Soft PVR" = Hauppauge WinTV Soft PVR
"HS Minicounter" = HS Minicounter
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"InstallShield_{F99F9E24-EE2F-47FD-AEB0-FDB82859B5C9}" = Ulead VideoStudio 11
"LabelEditor" = LabelEditor
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Media Markt Fotoservice_is1" = Media Markt Fotoservice 2.6
"Meine Penny Fotowelt" = Meine Penny Fotowelt
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"MJ Studio" = MJ Studio
"NVIDIA Drivers" = NVIDIA Drivers
"Photo Dose_is1" = Photo Dose
"RollerCoaster Tycoon 3_is1" = RollerCoaster Tycoon 3
"SCHLECKERFotobuch" = SCHLECKERFotobuch 3.65
"SlingMedia.QPSlingPlayer_is1" = QuickPlay SlingPlayer 0.4.4
"SMSERIAL" = Motorola SM56 Speakerphone Modem
"Steinberg MyMp3PRO V5.0" = Steinberg MyMp3PRO V5.0
"Syncrosoft's License Control" = Syncrosofts Lizenz Kontrolle
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TeamViewer 4" = TeamViewer 4
"Virtual DJ - Atomix Productions" = Virtual DJ - Atomix Productions
"VTPlus32 für WinTV (German)" = VTPlus32 für WinTV (German)
"WildTangent hp Master Uninstall" = My HP Games
"Winamp" = Winamp
"Winamp Toolbar" = Winamp Toolbar
"WinRAR archiver" = WinRAR archiver
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Move Media Player" = Move Media Player
 
========== Last 10 Event Log Errors ==========
 
Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!
 
< End of report >
--- --- ---



Wie geht es jetzt weiter ??

Bitte helft mir !!
Geändert von Snibbel (31.07.2010 um 01:14 Uhr)

Alt 31.07.2010, 15:45   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Trojaner - TrojanASPX.JS.Win32.It - Standard

Trojaner - TrojanASPX.JS.Win32.It


Zitat:
Art des Suchlaufs: Quick-Scan
Mach bitte einen Vollscan mit Malwarebytes.
__________________

__________________
Alt 31.07.2010, 20:43   #3
Snibbel
 
Trojaner - TrojanASPX.JS.Win32.It - Standard

Trojaner - TrojanASPX.JS.Win32.It


Hier der vollständige Scan :

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 4372

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18928

31.07.2010 21:38:51
mbam-log-2010-07-31 (21-38-51).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|F:\|)
Durchsuchte Objekte: 387638
Laufzeit: 1 Stunde(n), 53 Minute(n), 16 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 1
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 1
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 7

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
C:\Users\Snibbel\ntload.dll (Trojan.Agent) -> Delete on reboot.

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\rundll32 (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
C:\Users\Snibbel\rundll32.exe (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
C:\maggi\Progs\1000 genuine Serials Of Microsoft Products\1000.genuine.serials\Office 2007 Keygen\Microsoft Office 2007 - Keygen.exe (RiskWare.Tool.CK) -> Quarantined and deleted successfully.
C:\maggi\Progs\O&O Komplettpaket 10 in 1\O&O PartitionManager 2 Professional Edition\Keygen\keygen.exe (Backdoor.RBot) -> Quarantined and deleted successfully.
C:\maggi\Progs\O&O Komplettpaket 10 in 1\O&O PartitionManager 2 Professional Edition (x32x64) 2.7.740_Deutsch\Keygen\keygen.exe (Backdoor.RBot) -> Quarantined and deleted successfully.
C:\maggi\Progs\TuneUp 09\TuneUp Utilities 2009 V8.0.3000.20\KG\TuneUp.Utilities.2009-keygen.exe (Trojan.Agent.CK) -> Quarantined and deleted successfully.
C:\maggi\Progs\TuneUp Utilities 2010\Keygen\keygen.exe (Trojan.Agent.CK) -> Quarantined and deleted successfully.
C:\Users\Snibbel\ntload.dll (Trojan.Agent) -> Delete on reboot.
__________________
Alt 31.07.2010, 20:53   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Trojaner - TrojanASPX.JS.Win32.It - Daumen runter

Trojaner - TrojanASPX.JS.Win32.It


Zitat:
C:\maggi\Progs\1000 genuine Serials Of Microsoft Products\1000.genuine.serials\Office 2007 Keygen\Microsoft Office 2007 - Keygen.exe (RiskWare.Tool.CK) -> Quarantined and deleted successfully.
C:\maggi\Progs\O&O Komplettpaket 10 in 1\O&O PartitionManager 2 Professional Edition\Keygen\keygen.exe (Backdoor.RBot) -> Quarantined and deleted successfully.
C:\maggi\Progs\O&O Komplettpaket 10 in 1\O&O PartitionManager 2 Professional Edition (x32x64) 2.7.740_Deutsch\Keygen\keygen.exe (Backdoor.RBot) -> Quarantined and deleted successfully.
C:\maggi\Progs\TuneUp 09\TuneUp Utilities 2009 V8.0.3000.20\KG\TuneUp.Utilities.2009-keygen.exe (Trojan.Agent.CK) -> Quarantined and deleted successfully.
C:\maggi\Progs\TuneUp Utilities 2010\Keygen\keygen.exe (Trojan.Agent.CK) -> Quarantined and deleted successfully.

Die (Be)nutzung von Cracks, Serials und Keygens ist illegal, somit gibt es im Trojaner-Board keinen weiteren Support mehr.

Für Dich geht es hier weiter => Neuaufsetzen des Systems
Bitte auch alle Passwörter abändern (für E-Mail-Konten, StudiVZ, Ebay...einfach alles!) da nicht selten in dieser dubiosen Software auch Keylogger und Backdoorfunktionen stecken.

Danach nie wieder sowas anrühren!
__________________
Logfiles bitte immer in CODE-Tags posten

Antwort

Themen zu Trojaner - TrojanASPX.JS.Win32.It
0x00000001, acroiehelper.dll, adware.seekmo, adware.shopperreports, anti-malware, appdata, bericht, components, corp./icp, dateien, desktop, disabletaskmgr, dll, excel.exe, explorer, extras.txt, home premium, iastor.sys, install.exe, intranet, launch, load.exe, local\temp, location, malware, microsoft, nvlddmkm.sys, nvstor.sys, oldtimer, otl.exe, otl.txt, plug-in, probleme, process, programdata, roaming, rundll, rundll32, rundll32.exe, saver, service, service pack 2, shell32.dll, skype.exe, software, spam, start menu, system, temp, tmp, trojan.agent.ge, trojan.fakealert, trojaner, trojaner durch antivirusprogramm ??!!??, version


« Antimalware Doctor - mehrere Fragen (infizierte Datei ausfindig machen) | Entfernung von diverser Adware »


Ähnliche Themen: Trojaner - TrojanASPX.JS.Win32.It


  1. ESETLog:Win32/OpenCandy Anwendung; Win32/Toolbar.Zugo Anwendung; Var. von: Win32/Bundled.Toolbar.Ask Anwendung; Win32/Injector.AIBG Trojaner
    Log-Analyse und Auswertung - 17.06.2013 (7)
  2. Trojaner Pws:win32 - virtool:win32/ceeinject.gen!id - Fehler 0x81000037
    Log-Analyse und Auswertung - 06.03.2013 (16)
  3. Trojaner Win32/InstalleRex.A.Gen, Win32/Adware.MultiPlug.D, Win32/InstalleRex.A.Gen
    Plagegeister aller Art und deren Bekämpfung - 08.11.2012 (15)
  4. Trojaner Win32:Cybota und Win32:Konar
    Plagegeister aller Art und deren Bekämpfung - 07.12.2011 (10)
  5. Wurm Cekar.d und trojaner Win32:Injected AZ + Trojan.win32 gen.
    Log-Analyse und Auswertung - 26.08.2011 (2)
  6. Win32.Agent.tdd / Win32.Delf.uv Trojaner
    Log-Analyse und Auswertung - 15.06.2011 (3)
  7. Win32/Provis!rts, Win32/Ragterneb.A, Win32/Meredrop, Win32/VB.RC, TrojanDropper:Win32/Bamital.C
    Plagegeister aller Art und deren Bekämpfung - 30.08.2010 (7)
  8. TrojanASPX.JS.Win32.It - Trojan:Win32/FakeCog
    Plagegeister aller Art und deren Bekämpfung - 13.04.2010 (4)
  9. TrojanASPX.JS.Win32.It - Trojan:Win32/FakeCog
    Plagegeister aller Art und deren Bekämpfung - 05.04.2010 (8)
  10. trojanaspx.js.win32.it
    Plagegeister aller Art und deren Bekämpfung - 31.03.2010 (14)
  11. Komischer Trojaner - TrojanASPX.JS.Win32.It - Trojan:Win32/FakeCog
    Plagegeister aller Art und deren Bekämpfung - 22.03.2010 (3)
  12. Probleme mit Trojaner WIN32.delf -MGZ & Win32.zbot -MKK
    Plagegeister aller Art und deren Bekämpfung - 03.12.2009 (5)
  13. Packed.Win32.TDSS.y Trojaner Win32/Alureon.BF
    Plagegeister aller Art und deren Bekämpfung - 08.10.2009 (3)
  14. Trojaner: win32.generic & win32.monderd.gen
    Mülltonne - 06.12.2008 (0)
  15. eventuell noch trojaner? Trojan-PSW.Win32.Delf.cqp, Backdoor.Win32.Poison.jmo
    Log-Analyse und Auswertung - 21.11.2008 (0)
  16. Trojaner: Win32.KeyLogger, Win32.GreenScreen,Win32.Agent, Win32Tiny, HTML.Bankfraud
    Log-Analyse und Auswertung - 29.09.2008 (1)
  17. Trojaner-Verdacht: Win32:Agent-PBF + Win32:Zlob-AJG
    Log-Analyse und Auswertung - 05.01.2008 (1)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Trojaner - TrojanASPX.JS.Win32.It - Hallo ! Ich hab auch große Probleme mit diesem Sch.... Trojaner. Habe Malware ausgeführt. Hier mein Bericht : Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Datenbank Version: 4372 Windows 6.0.6002 Service Pack 2 - Trojaner - TrojanASPX.JS.Win32.It...
Archiv
Du betrachtest: Trojaner - TrojanASPX.JS.Win32.It auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129