Hallo zusammen,

jahrelange hatte ich nichts mir Viren und Trojanern am Hut und seit heute meldet mein Antivir kontinuierlich den "TR/Alureon.BF.2"...

======================================
In der Datei 'C:\Windows\Temp\UAC73b9.tmp'
wurde ein Virus oder unerwünschtes Programm 'TR/Alureon.BF.2' [trojan] gefunden.
Ausgeführte Aktion: Datei löschen
======================================

Wer kann helfen, was kann ich tun? Welche Tools muss ich downloaden um euch Informationen zukommen zu lassen?

Danke im Voraus.

realdojo

die Malwarebytes Anti-Malware lade ich gerade runter... dann gibt's infos

CClean hat funktioniert, aber leieder kann ich kann das Tool " Malwarebytes Anti-Malware " nicht installieren. Egal ob als Admin oder normaler Benutzer, es erscheint kurz im Taskmanager und beendet sich dann wieder ;-(

Komisch, ich habe das Setup umbenannt, jetzt lies es sich installieren. Es scheint so, als ob ein Programm den Setupprozess gekillt hat...

auch das mbam.exe musste ich umbennen, da es sonst immer wieder im taskmanager verschwindet, jetzt läuft er durch...

hier die Infos
=======

Malwarebytes' Anti-Malware 1.40
Datenbank Version: 2551
Windows 6.0.6002 Service Pack 2

14.08.2009 18:30:40
mbam-log-2009-08-14 (18-30-27).txt

Scan-Methode: Quick-Scan
Durchsuchte Objekte: 118363
Laufzeit: 4 minute(s), 48 second(s)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 5
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 1
Infizierte Dateien: 6

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_CLASSES_ROOT\urlsearchhook.toolbarurlsearchhook (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\urlsearchhook.toolbarurlsearchhook.1 (Trojan.BHO) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\UAC (Rootkit.Trace) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\AV Care (Rogue.AVCare) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AV Care (Rogue.AVCare) -> No action taken.

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
C:\Users\Jochen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AV Care (Rogue.AVCare) -> No action taken.

Infizierte Dateien:
C:\Windows\system32\uacinit.dll (Trojan.Agent) -> No action taken.
C:\Users\#####\Desktop\AV Care.lnk (Rogue.AVCare) -> No action taken.
C:\Users\oooooo\Desktop\AV Care.lnk (Rogue.AVCare) -> No action taken.
C:\Users\++++\Desktop\AV Care.lnk (Rogue.AVCare) -> No action taken.
C:\Users\Schulung\Desktop\AV Care.lnk (Rogue.AVCare) -> No action taken.
C:\Users\spuepple\Desktop\AV Care.lnk (Rogue.AVCare) -> No action taken.

nach dem boot:

Meldung : google updater wurde beendet

orginal Malewarebytes Anti-Maleware lässt sich immer noch nicht starten, nur die umbenannte Version. Der Prozess mbam.exe wird sofort von einem anderen Prozess gekillt ;-(

Du machst hier ja den Alleinunterhalter!

Das ist an sich ein sehr hartnaeckiger Trojaner, wie du schon bemerkt hast. Was ich dir anbeten kann ist die Nutzung von Combofix, es ist sehr effektiv, allerdings besteht auch die, in meinen Augen geringe, Moeglichkeit, das es deine installation beschaedigt.
Also ist, wie generell eigentlich, sinnvoll vorher evtl. wichtige DAten zu sichern....

Lade es von http://download.bleepingcomputer.com/sUBs/ComboFix.exe und speichere es als cofi.exe auf den Desktop
Danach schliesse alle Fenster, deaktiviere alle Hintergrundwaechter (AV und z.B. Spybots Tea-Timer) starte die combofix.exe, lies die Informationen auf den auftauchenden Fenstern und beantworte sie danach mit Ja.

Der Scan mit Combofix kann einige Zeit in Anspruch nehmen, also habe etwas Geduld. Waehrend des Scans bitte nichts am Rechner unternehmen
Es kann moeglich sein, das der Rechner zwischendurch neu gestartet wird.
Nach Scanende wird ein Report angezeigt, den bitte kopieren und in deinem Thread einfuegen.
Ein Leitfaden und Tutorium zur Nutzung von ComboFix

Nutze immer eine aktuelle Version von Combofix, auch wenn du "deine" erst vor einem Tag heruntergeladen hast.

Um Combofix unter Vista(32 Bit) nutzen zu koennen muss man es als Administrator starten. Also rechte Maustaste auf die Combofix.exe und "Als Administrator ausfuehren" waehlen.

Danke, Meldung kommt nicht mehr, auch nicht bei Antivir...

wobei ich musste die EXE ebenfalls umbenennen, da sonst das Programm automatisch beendet wurde.....

hier das LogFile... Was mich wundert - ich hatte noch nie einen BIT-Torrent installiert?!?

ComboFix 09-08-10.06 - xxxxxx 14.08.2009 20:07.1.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.49.1031.18.2046.1119 [GMT 2:00]
ausgeführt von:: c:\users\xxxxxx\Downloads\ComboFix-.exe
.

(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\emMON.exe
c:\windows\Installer\8f9054.msi
c:\windows\system32\drivers\UACewmcqtqyin.sys
c:\windows\system32\UACcvxqimtbfy.dll
c:\windows\system32\uacinit.dll
c:\windows\system32\UACnevodvfyqk.db
c:\windows\system32\UACospcbvbvfw.dll
c:\windows\system32\UACpstruklnrm.dat
c:\windows\system32\UACpxyipqvnmn.dll


.
((((((((((((((((((((((((((((((((((((((( Treiber/Dienste )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_UACd.sys
-------\Legacy_UACd.sys


((((((((((((((((((((((( Dateien erstellt von 2009-07-14 bis 2009-08-14 ))))))))))))))))))))))))))))))
.

2009-08-14 20:40 . 2009-08-14 20:44 -------- d-----w- c:\users\xxxxxx\AppData\Local\temp
2009-08-14 20:40 . 2009-08-14 20:40 -------- d-----w- c:\users\xxxxx\AppData\Local\temp
2009-08-14 20:40 . 2009-08-14 20:40 -------- d-----w- c:\users\xxxx\AppData\Local\temp
2009-08-14 20:40 . 2009-08-14 20:40 -------- d-----w- c:\users\Default\AppData\Local\temp
2009-08-14 20:40 . 2009-08-14 20:40 -------- d-----w- c:\users\xxx\AppData\Local\temp
2009-08-14 20:40 . 2009-08-14 20:40 -------- d-----w- c:\users\xx\AppData\Local\temp
2009-08-14 18:03 . 2009-08-14 18:03 -------- d-sh--w- C:\found.001
2009-08-14 16:20 . 2009-08-14 16:20 -------- d-----w- c:\users\xxxxxx\AppData\Roaming\Malwarebytes
2009-08-14 16:17 . 2009-08-03 11:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-14 16:17 . 2009-08-14 16:20 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-08-14 16:17 . 2009-08-14 16:17 -------- d-----w- c:\progra~2\Malwarebytes
2009-08-14 16:17 . 2009-08-03 11:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-08-14 15:39 . 2009-08-14 15:33 3942048 ----a-w- c:\temp\msetup.exe
2009-08-14 15:13 . 2009-08-14 15:13 -------- d-sh--w- C:\found.000
2009-08-14 09:54 . 2009-08-14 09:54 -------- d-----w- c:\users\xxxxxx\AppData\Local\ESET
2009-08-14 07:25 . 2009-08-14 07:25 54784 ----a-w- c:\windows\system32\drivers\UACetetrxvmry.sys
2009-08-12 07:54 . 2009-08-12 08:20 -------- d-----w- c:\temp\tzz
2009-08-12 06:26 . 2009-07-17 13:54 71680 ----a-w- c:\windows\system32\atl.dll
2009-08-12 06:26 . 2009-06-10 11:42 160256 ----a-w- c:\windows\system32\wkssvc.dll
2009-08-12 06:26 . 2009-06-04 12:07 2066432 ----a-w- c:\windows\system32\mstscax.dll
2009-08-12 06:26 . 2009-06-10 11:38 91136 ----a-w- c:\windows\system32\avifil32.dll
2009-08-12 06:26 . 2009-06-10 09:43 71168 ----a-w- c:\windows\system32\telnet.exe
2009-08-12 06:26 . 2009-07-15 12:39 313344 ----a-w- c:\windows\system32\wmpdxm.dll
2009-08-12 06:26 . 2009-07-15 12:39 4096 ----a-w- c:\windows\system32\dxmasf.dll
2009-08-12 06:26 . 2009-07-15 12:40 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2009-08-12 06:26 . 2009-07-15 12:39 7680 ----a-w- c:\windows\system32\spwmp.dll
2009-08-11 12:48 . 2009-08-11 12:48 113808 ---ha-w- c:\windows\system32\mlfcache.dat
2009-08-11 12:48 . 2009-08-11 12:48 -------- d-----w- c:\users\xxxxxx\AppData\Roaming\Apple Computer
2009-08-11 12:45 . 2009-08-11 12:45 -------- d-----w- c:\program files\Safari
2009-08-11 12:44 . 2009-08-11 12:44 -------- d-----w- c:\program files\Apple Software Update
2009-08-10 17:43 . 2009-08-10 17:43 -------- d-----w- c:\program files\CoffeeCup Software
2009-08-10 05:21 . 2009-08-10 05:21 -------- d-----w- c:\program files\Common Files\Skype
2009-08-05 21:00 . 2009-08-05 21:00 -------- d-----w- c:\users\spuepple\AppData\Roaming\TuneUp Software
2009-07-22 12:27 . 2009-07-22 12:27 -------- d-----w- c:\users\Schulung\AppData\Roaming\TuneUp Software
2009-07-21 18:37 . 2008-02-25 20:23 45056 ----a-w- c:\windows\system32\unredmon.exe
2009-07-21 18:37 . 2008-02-25 20:23 116224 ----a-w- c:\windows\system32\redmonnt.dll
2009-07-21 18:37 . 2009-07-21 18:37 -------- d-----w- c:\program files\FreePDF_XP
2009-07-20 16:02 . 2009-07-20 16:02 -------- d-----w- c:\program files\Elaborate Bytes
2009-07-18 22:44 . 2009-07-18 22:44 604416 ----a-w- c:\windows\system32\TUProgSt.exe
2009-07-18 22:44 . 2009-04-27 12:21 28928 ----a-w- c:\windows\system32\uxtuneup.dll
2009-07-18 22:44 . 2009-04-27 12:21 17152 ----a-w- c:\windows\system32\authuitu.dll
2009-07-18 22:44 . 2009-07-18 22:44 361216 ----a-w- c:\windows\system32\TuneUpDefragService.exe
2009-07-18 22:43 . 2009-07-18 22:44 -------- d-----w- c:\program files\TuneUp Utilities 2009

.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-14 16:43 . 2008-09-28 16:49 -------- d-----w- c:\progra~2\Google Updater
2009-08-14 08:12 . 2007-11-14 16:50 -------- d-----w- c:\users\xxxxxx\AppData\Roaming\Skype
2009-08-14 07:00 . 2009-05-21 22:07 -------- d-----w- c:\users\xxxxxx\AppData\Roaming\skypePM
2009-08-13 07:18 . 2009-05-21 22:06 -------- d-----w- c:\users\xxxxxx\AppData\Roaming\Sony Corporation
2009-08-12 14:52 . 2007-11-20 14:43 952 --sha-w- c:\windows\system32\KGyGaAvL.sys
2009-08-12 09:54 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-08-10 05:21 . 2007-05-24 13:18 -------- d-----r- c:\program files\Skype
2009-08-10 05:21 . 2007-05-24 13:18 -------- d-----w- c:\progra~2\Skype
2009-08-09 18:31 . 2007-11-14 18:07 -------- d-----w- c:\progra~2\Roxio
2009-08-09 17:11 . 2008-10-05 19:48 -------- d-----w- c:\progra~2\DVD Shrink
2009-08-08 20:39 . 2008-06-01 13:38 -------- d-----w- c:\users\spuepple\AppData\Roaming\Skype
2009-08-05 21:04 . 2007-11-14 19:06 87896 ----a-w- c:\users\spuepple\AppData\Local\GDIPFONTCACHEV1.DAT
2009-08-05 17:49 . 2009-07-09 20:14 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-08-05 06:10 . 2006-11-02 15:33 736560 ----a-w- c:\windows\system32\perfh007.dat
2009-08-05 06:10 . 2006-11-02 15:33 172584 ----a-w- c:\windows\system32\perfc007.dat
2009-07-31 20:34 . 2008-12-10 21:41 -------- d-----w- c:\program files\Microsoft Silverlight
2009-07-21 21:52 . 2009-07-29 14:38 915456 ----a-w- c:\windows\system32\wininet.dll
2009-07-21 21:47 . 2009-07-29 14:38 109056 ----a-w- c:\windows\system32\iesysprep.dll
2009-07-21 21:47 . 2009-07-29 14:38 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-07-21 20:13 . 2009-07-29 14:38 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-07-19 07:24 . 2008-09-29 16:20 -------- d-----w- c:\progra~2\VMware
2009-07-15 20:04 . 2009-07-15 20:04 -------- d-----w- c:\program files\CCleaner
2009-07-10 06:19 . 2007-11-21 16:59 -------- d-----w- c:\program files\Avira
2009-07-09 20:14 . 2009-07-09 20:14 -------- d-----w- c:\progra~2\Avira
2009-06-23 20:56 . 2007-11-15 15:50 -------- d-----w- c:\program files\Mozilla Thunderbird
2009-06-15 18:10 . 2009-06-15 18:10 1621 ----a-w- c:\progra~2\xml6912.tmp
2009-06-15 18:10 . 2009-06-15 18:10 13539 ----a-w- c:\progra~2\xml68B3.tmp
2009-06-15 18:10 . 2009-06-15 18:10 7972 ----a-w- c:\progra~2\xml67E8.tmp
2009-06-15 14:53 . 2009-07-14 19:28 156672 ----a-w- c:\windows\system32\t2embed.dll
2009-06-15 14:52 . 2009-07-14 19:28 23552 ----a-w- c:\windows\system32\lpk.dll
2009-06-15 14:52 . 2009-07-14 19:28 72704 ----a-w- c:\windows\system32\fontsub.dll
2009-06-15 14:51 . 2009-07-14 19:28 10240 ----a-w- c:\windows\system32\dciman32.dll
2009-06-15 12:42 . 2009-07-14 19:28 289792 ----a-w- c:\windows\system32\atmfd.dll
2009-05-27 20:55 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-05-27 20:45 . 2006-11-02 12:37 37665 ----a-w- c:\windows\Fonts\GlobalUserInterface.CompositeFont
2009-05-25 12:16 . 2009-05-25 12:16 134312 ----a-w- c:\windows\system32\ElbyVCD.dll
2009-05-25 12:01 . 2009-05-25 12:01 89256 ----a-w- c:\windows\system32\ElbyCDIO.dll
2009-05-22 23:08 . 2009-05-22 23:08 29696 ----a-w- c:\windows\system32\drivers\VClone.sys
.

(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.

und der Rest des LogFiles (musste Splitten)

*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-18 125952]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-18 202240]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-09-28 39408]
"Skype"="c:\program files\Skype\\Phone\Skype.exe" [2009-07-16 25604904]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-03-08 835584]
"VAIOCameraUtility"="c:\program files\Sony\VAIO Camera Utility\VCUServe.exe" [2007-04-02 411768]
"ISBMgr.exe"="c:\program files\Sony\ISB Utility\ISBMgr.exe" [2007-04-16 321656]
"ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2006-07-19 65536]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"VirtualCloneDrive"="c:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2009-05-26 85160]
"FreePDF Assistant"="c:\program files\FreePDF_XP\fpassist.exe" [2008-07-22 357376]
"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2007-04-06 4423680]

c:\users\Buecher\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
CCC.lnk - c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [2006-9-29 49152]

c:\users\Diplomarbeit\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
CCC.lnk - c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [2006-9-29 49152]

c:\users\Schulung\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
CCC.lnk - c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [2006-9-29 49152]

c:\users\spuepple\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
CCC.lnk - c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [2006-9-29 49152]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\NetIdentity Notification]
2005-09-08 15:14 24576 ----a-w- c:\windows\System32\Novell\xtnotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2007-02-13 13:19 98304 ----a-w- c:\windows\System32\VESWinlogon.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^NewShortcut1.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\NewShortcut1.lnk
backup=c:\windows\pss\NewShortcut1.lnk.CommonStartup
backupExtension=.CommonStartup

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"WMPNSCFG"=c:\program files\Windows Media Player\WMPNSCFG.exe
"ehTray.exe"=c:\windows\ehome\ehTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"VMware hqtray"="c:\program files\VMware\VMware Player\hqtray.exe"
"BrMfcWnd"=c:\program files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
"Persistence"=c:\windows\system32\igfxpers.exe
"IgfxTray"=c:\windows\system32\igfxtray.exe
"HotKeysCmds"=c:\windows\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):fc,52,a8,d9,0e,df,c9,01

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{3E8C76E0-F959-4456-8503-6C437934430B}"= UDP:c:\program files\Google\Google Talk\googletalk.exe:Google Talk
"{3166F857-65DC-4495-A58E-2A65D9C960D3}"= TCP:c:\program files\Google\Google Talk\googletalk.exe:Google Talk
"TCP Query User{F3574F6F-120B-43BA-9546-C0D4884246DD}c:\\program files\\skype\\phone\\skype.exe"= UDP:c:\program files\skype\phone\skype.exe:Skype. The whole world can talk for free.
"UDP Query User{CA78D670-FC2E-41CD-A647-DE8F56C3EF66}c:\\program files\\skype\\phone\\skype.exe"= TCP:c:\program files\skype\phone\skype.exe:Skype. The whole world can talk for free.
"{B7D63644-72FF-4B3E-8B6E-32DC22FB60DB}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{A592080B-368F-4E07-A8B5-023E68520446}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{CC433C45-9A02-4711-9304-765DC6F42903}"= Disabled:UDP:c:\program files\Adobe\Photoshop Elements 5.0\AdobePhotoshopElementsMediaServer.exe:Adobe Photoshop Elements Media Server
"{A99A2D88-C7C4-4DCC-84D0-8ECEBB6ACD1B}"= Disabled:TCP:c:\program files\Adobe\Photoshop Elements 5.0\AdobePhotoshopElementsMediaServer.exe:Adobe Photoshop Elements Media Server
"TCP Query User{56E50883-49D7-4486-8605-C2F8957389A2}g:\\backup\\c\\programme\\unrealtournament\\system\\unrealtournament.exe"= UDP:g:\backup\c\programme\unrealtournament\system\unrealtournament.exe:UnrealTournament
"UDP Query User{EEEEA231-954D-4CAC-A8A3-B60C5BE4D850}g:\\backup\\c\\programme\\unrealtournament\\system\\unrealtournament.exe"= TCP:g:\backup\c\programme\unrealtournament\system\unrealtournament.exe:UnrealTournament
"{66ED086C-DC0D-4EF0-B5FE-7E8D6DB4BF17}"= UDP:c:\program files\sony\VAIO Media 6.0\Vc.exe:[VAIO Media] VAIO Media
"{B6529A19-B8D3-4007-AF73-8D33209DB7EB}"= TCP:c:\program files\sony\VAIO Media 6.0\Vc.exe:[VAIO Media] VAIO Media
"TCP Query User{301ED68C-FCC5-4B2D-B6F7-0BB45C2770B8}c:\\program files\\microsoft visual studio\\vb98\\vb6.exe"= UDP:c:\program files\microsoft visual studio\vb98\vb6.exe:Visual Basic
"UDP Query User{F220E4EA-A64D-41FE-BDE1-43437FA13E1A}c:\\program files\\microsoft visual studio\\vb98\\vb6.exe"= TCP:c:\program files\microsoft visual studio\vb98\vb6.exe:Visual Basic
"TCP Query User{C2E57F14-F769-4490-97E9-6973E8415217}c:\\program files\\skype\\phone\\skype.exe"= UDP:c:\program files\skype\phone\skype.exe:Skype. Take a deep breath
"UDP Query User{0900C5CB-DCA6-43B7-9832-F1316C522024}c:\\program files\\skype\\phone\\skype.exe"= TCP:c:\program files\skype\phone\skype.exe:Skype. Take a deep breath
"TCP Query User{52B09EAA-8783-4609-A00F-2B5EAA3EE8CF}c:\\program files\\ws_ftp\\ws_ftp95.exe"= UDP:c:\program files\ws_ftp\ws_ftp95.exe:WS_FTP 95
"UDP Query User{3FD53AE9-4162-4D3D-9CBD-FB35B47190F0}c:\\program files\\ws_ftp\\ws_ftp95.exe"= TCP:c:\program files\ws_ftp\ws_ftp95.exe:WS_FTP 95
"TCP Query User{ECC6BAD4-D82C-4503-A37C-930EF7559DFD}c:\\program files\\microsoft visual studio\\vb98\\vb6.exe"= UDP:c:\program files\microsoft visual studio\vb98\vb6.exe:Visual Basic
"UDP Query User{59685ADA-9EF2-4EF8-BAC9-7B2BC1D019BD}c:\\program files\\microsoft visual studio\\vb98\\vb6.exe"= TCP:c:\program files\microsoft visual studio\vb98\vb6.exe:Visual Basic
"TCP Query User{E3878FAF-54A1-4EAC-A706-E887F2AD4030}c:\\backup\\c\\programme\\unrealtournament\\system\\unrealtournament.exe"= UDP:c:\backup\c\programme\unrealtournament\system\unrealtournament.exe:UnrealTournament
"UDP Query User{FAB007ED-5F9A-421F-869A-698AA5F76979}c:\\backup\\c\\programme\\unrealtournament\\system\\unrealtournament.exe"= TCP:c:\backup\c\programme\unrealtournament\system\unrealtournament.exe:UnrealTournament
"TCP Query User{7C5B6C94-D428-496D-A138-F4909B1FA5D6}c:\\program files\\mozilla firefox\\firefox.exe"= UDP:c:\program files\mozilla firefox\firefox.exe:Firefox
"UDP Query User{18DC9939-A123-4715-8B6F-5D78A3563C8D}c:\\program files\\mozilla firefox\\firefox.exe"= TCP:c:\program files\mozilla firefox\firefox.exe:Firefox
"TCP Query User{61431990-7498-4387-8D57-53002C0096D6}c:\\program files\\ffwowebmaker\\ffwo_maker.exe"= UDP:c:\program files\ffwowebmaker\ffwo_maker.exe:FFWO_Maker
"UDP Query User{958C3FD4-BAF1-4A75-9FBE-04E1CFA9A00E}c:\\program files\\ffwowebmaker\\ffwo_maker.exe"= TCP:c:\program files\ffwowebmaker\ffwo_maker.exe:FFWO_Maker
"TCP Query User{6C3EFEF4-A51D-48E6-B39A-1B1BCDEBFBD2}c:\\users\\xxxxxx\\desktop\\webmaker\\ffwo_maker.exe"= UDP:c:\users\xxxxxx\desktop\webmaker\ffwo_maker.exe:ffwo_maker.exe
"UDP Query User{13B81592-AFA3-4B64-80A5-D492E453F8CE}c:\\users\\xxxxxx\\desktop\\webmaker\\ffwo_maker.exe"= TCP:c:\users\xxxxxx\desktop\webmaker\ffwo_maker.exe:ffwo_maker.exe
"TCP Query User{1358AE95-622C-49EB-9E05-5C26F46C5139}c:\\program files\\ea games\\command & conquer die ersten 10 jahre\\command & conquer(tm) tiberian sun(tm)\\sun\\game.exe"= UDP:c:\program files\ea games\command & conquer die ersten 10 jahre\command & conquer(tm) tiberian sun(tm)\sun\game.exe:Main executable for Tiberian Sun
"UDP Query User{56393223-5C03-4991-9D20-6E0B9893ED39}c:\\program files\\ea games\\command & conquer die ersten 10 jahre\\command & conquer(tm) tiberian sun(tm)\\sun\\game.exe"= TCP:c:\program files\ea games\command & conquer die ersten 10 jahre\command & conquer(tm) tiberian sun(tm)\sun\game.exe:Main executable for Tiberian Sun
"TCP Query User{3898670C-1812-4AE9-898A-D9694DA8F074}c:\\program files\\ea games\\command & conquer die ersten 10 jahre\\command & conquer red alert(tm) ii\\ar2\\game.exe"= UDP:c:\program files\ea games\command & conquer die ersten 10 jahre\command & conquer red alert(tm) ii\ar2\game.exe:Main executable for Red Alert 2
"UDP Query User{C228432F-7495-4D1D-A0AD-109FB080C24E}c:\\program files\\ea games\\command & conquer die ersten 10 jahre\\command & conquer red alert(tm) ii\\ar2\\game.exe"= TCP:c:\program files\ea games\command & conquer die ersten 10 jahre\command & conquer red alert(tm) ii\ar2\game.exe:Main executable for Red Alert 2
"{16180C0A-2082-4695-9F83-56FC86EBCCA4}"= UDP:c:\program files\sony\VAIO Media 6.0\Vc.exe:[VAIO Media] VAIO Media
"{142C21A8-A059-48EF-A579-5DD37DBB0D32}"= TCP:c:\program files\sony\VAIO Media 6.0\Vc.exe:[VAIO Media] VAIO Media
"TCP Query User{702F1786-874D-4917-98DC-85D45AAFB10E}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{B4884F21-805E-4B53-BE61-B135C027E5CF}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"TCP Query User{8C0183CF-2D62-4C4C-9BE9-F49785F196A5}c:\\program files\\zattoo\\zattoo.exe"= UDP:c:\program files\zattoo\zattoo.exe:
"UDP Query User{26B564E8-6B47-4AAE-ACF9-155D321FF571}c:\\program files\\zattoo\\zattoo.exe"= TCP:c:\program files\zattoo\zattoo.exe:
"TCP Query User{90C685A8-FD59-4E42-81F3-704D28F91B3C}c:\\program files\\zattoo\\zattood.exe"= UDP:c:\program files\zattoo\zattood.exe:zattood
"UDP Query User{C5B6C660-277D-471B-8B91-4049CF3A5820}c:\\program files\\zattoo\\zattood.exe"= TCP:c:\program files\zattoo\zattood.exe:zattood
"{51B3E78A-86DD-4BE7-BF58-C25B424344ED}"= UDP:c:\program files\Bertelsmann Fotowelt\Bertelsmann Fotowelt\Bertelsmann Fotowelt.exe:Bertelsmann Fotowelt Starten
"{91862EEC-9A92-47F6-B7F3-ADD26568B58A}"= TCP:c:\program files\Bertelsmann Fotowelt\Bertelsmann Fotowelt\Bertelsmann Fotowelt.exe:Bertelsmann Fotowelt Starten
"{6F0E8EE3-B050-40AF-8007-639CBFD66CE8}"= c:\program files\Skype\Phone\Skype.exe:Skype
"TCP Query User{7ADF3DAF-1D06-4BA5-B965-0872FB06ACEC}c:\\program files\\ea games\\command & conquer die ersten 10 jahre\\command & conquer red alert(tm) ii\\ar2\\game.exe"= UDP:c:\program files\ea games\command & conquer die ersten 10 jahre\command & conquer red alert(tm) ii\ar2\game.exe:Main executable for Red Alert 2
"UDP Query User{3F0B1E24-F3FF-4653-A759-8DBC1276AC7F}c:\\program files\\ea games\\command & conquer die ersten 10 jahre\\command & conquer red alert(tm) ii\\ar2\\game.exe"= TCP:c:\program files\ea games\command & conquer die ersten 10 jahre\command & conquer red alert(tm) ii\ar2\game.exe:Main executable for Red Alert 2
"TCP Query User{ABD2037A-99D9-4530-8403-27A3C89BF6C2}c:\\backup\\c\\programme\\unrealtournament\\system\\unrealtournament.exe"= UDP:c:\backup\c\programme\unrealtournament\system\unrealtournament.exe:UnrealTournament
"UDP Query User{FA110323-8A4A-43F3-A498-C95825870141}c:\\backup\\c\\programme\\unrealtournament\\system\\unrealtournament.exe"= TCP:c:\backup\c\programme\unrealtournament\system\unrealtournament.exe:UnrealTournament
"TCP Query User{B5B093D6-ACA2-43F2-AB35-5BD57A85FD99}c:\\program files\\real alternative\\media player classic\\mplayerc.exe"= UDP:c:\program files\real alternative\media player classic\mplayerc.exe:Media Player Classic
"UDP Query User{916B5310-350B-40DB-8204-CA2DF10BF42A}c:\\program files\\real alternative\\media player classic\\mplayerc.exe"= TCP:c:\program files\real alternative\media player classic\mplayerc.exe:Media Player Classic
"{92D480D5-E29B-4954-ADD9-4EB8223841D5}"= UDP:c:\program files\VMware\VMware Player\vmware-authd.exe:VMware Authd
"{E500ADE0-053D-4CCE-A43F-4DC0590BD9A5}"= TCP:c:\program files\VMware\VMware Player\vmware-authd.exe:VMware Authd
"TCP Query User{D9C11BCA-05A6-4248-8F1D-CFB3E1A5C104}c:\\program files\\zattoo\\zattoo.exe"= UDP:c:\program files\zattoo\zattoo.exe:
"UDP Query User{2D7AF4D7-2CC6-4620-A5E0-EF26FB64C8E1}c:\\program files\\zattoo\\zattoo.exe"= TCP:c:\program files\zattoo\zattoo.exe:
"TCP Query User{1A339014-1C87-4A3A-ADA3-8569DDEDFA6B}c:\\program files\\ws_ftp\\ws_ftp32.exe"= UDP:c:\program files\ws_ftp\ws_ftp32.exe:WS_FTP32
"UDP Query User{BEB728F9-508A-406B-9B4B-37317C165B73}c:\\program files\\ws_ftp\\ws_ftp32.exe"= TCP:c:\program files\ws_ftp\ws_ftp32.exe:WS_FTP32
"{D639C276-F9FA-42E1-B8DE-1FA3D5E94680}"= UDP:c:\users\xxxxxx\AppData\Local\Apps\2.0\BQBQRO34.3H6\D733KVPQ.NTC\frit..tion_f8d772dfbb3f7453_0002.0001_0db5bf149dd7a141\fritzbox-usb-fernanschluss.exe:FRITZ!Box USB-Fernanschluss
"{99A5F536-A210-49A9-ABC4-84367627E6ED}"= TCP:c:\users\xxxxxx\AppData\Local\Apps\2.0\BQBQRO34.3H6\D733KVPQ.NTC\frit..tion_f8d772dfbb3f7453_0002.0001_0db5bf149dd7a141\fritzbox-usb-fernanschluss.exe:FRITZ!Box USB-Fernanschluss
"{9A280739-0359-4380-BB99-2234BCF63E84}"= UDP:c:\users\xxxxxx\AppData\Local\Apps\2.0\BQBQRO34.3H6\D733KVPQ.NTC\frit..tion_f8d772dfbb3f7453_0002.0001_0db5bf149dd7a141\fritzbox-usb-fernanschluss.exe:FRITZ!Box USB-Fernanschluss
"{525977C3-2F1B-4B6C-8EC5-CEECBA2ADC72}"= TCP:c:\users\xxxxxx\AppData\Local\Apps\2.0\BQBQRO34.3H6\D733KVPQ.NTC\frit..tion_f8d772dfbb3f7453_0002.0001_0db5bf149dd7a141\fritzbox-usb-fernanschluss.exe:FRITZ!Box USB-Fernanschluss
"TCP Query User{A28622FF-EB03-4D17-B51D-E51E84C89475}c:\\program files\\orbitdownloader\\orbitnet.exe"= UDP:c:\program files\orbitdownloader\orbitnet.exe:P2P service of Orbit Downloader
"UDP Query User{86B15990-6CEE-4096-9F83-3BB33B190C1F}c:\\program files\\orbitdownloader\\orbitnet.exe"= TCP:c:\program files\orbitdownloader\orbitnet.exe:P2P service of Orbit Downloader
"{A9230227-989E-4977-A99B-9E0105CCCA99}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{71517920-81C6-4873-B5D4-BDA4E1132544}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{DCFD7976-61F0-4E8B-B0E0-84DDC134C148}"= UDP:Profile=Public|c:\program files\Tobit ClipInc\Server\ClipInc-Server.exe:ClipInc Server
"{87F05720-D37E-4072-9182-D7C2461F802A}"= TCP:Profile=Public|c:\program files\Tobit ClipInc\Server\ClipInc-Server.exe:ClipInc Server
"{53769E4C-5D31-4104-A4DC-27AEDD1527A2}"= UDP:Profile=Public|c:\program files\Tobit ClipInc\Player\ClipInc-Player.exe:ClipInc Player
"{AD791727-8934-4DBC-BDD1-8C5A9968F538}"= TCP:Profile=Public|c:\program files\Tobit ClipInc\Player\ClipInc-Player.exe:ClipInc Player
"{F60BBE0F-2D4E-49EB-A15F-E98DA11668EB}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{134C89F6-6C82-4FE3-9829-024654B643C6}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{2AF46FA2-BAA2-44DE-9772-67F1CAC349AB}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{5133F708-2354-489B-A3EA-BE44DAF8B1E5}"= c:\program files\Skype\Phone\Skype.exe:Skype
[...]

Ich hab ja geschrieben, das du Cf umbenennen sollst. Mich wundert, das das nachtraegliche umbenennen funktioniert hat! Der Report ist nicht komplett. reiche den Rest bitte noch nach.Was meinst du mit Bit-Torrent?

Lade die Datei c:\windows\system32\drivers\UACetetrxvmry.sys bitte bei Virustotal.com hoch und poste den Link zum Ergebniss.

Lade die Datei bitte auch hier hoch und poste dort den Link zu diesem Thema:

http://www.bleepingcomputer.com/submit-malware.php?channel=4

So einen wunderschönen guten Morgen,

da war ich wohl zu schnell.

c:\windows\system32\drivers\UACetetrxvmry.sys geht nicht mehr, da die Datei von Malwarebytes' Anti-Malware 1.40 nach einem zweiten Durchlauf gefunden und gelöscht wurde...



GMER.EXE stürzt mitten im Scan ab, nach dem zweiten öffnen erscheint folgendes Log

GMER 1.0.15.15020 [hh2h5sn6.exe] - http://www.gmer.net
Rootkit quick scan 2009-08-15 09:43:48
Windows 6.0.6002 Service Pack 2


---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Dateisystem-Filter-Manager/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 VMkbd.sys
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 VMkbd.sys
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----

Autostart macht er...

Teil 1

GMER 1.0.15.15020 - http://www.gmer.net
Autostart scan 2009-08-15 10:03:50
Windows 6.0.6002 Service Pack 2


HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems@Windows = %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,12288,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon@Userinit = C:\Windows\system32\userinit.exe,

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ >>>
igfxcui@DLLName = igfxdev.dll
NetIdentity Notification@DLLName = C:\Windows\system32\Novell\XtNotify.dll
VESWinlogon@DLLName = VESWinlogon.dll

HKLM\SYSTEM\CurrentControlSet\Services\ >>>
AntiVirSchedulerService@ = "C:\Program Files\Avira\AntiVir Desktop\sched.exe"
AntiVirService@ = "C:\Program Files\Avira\AntiVir Desktop\avguard.exe"
Ati External Event Utility@ = %SystemRoot%\system32\Ati2evxx.exe
Brother XP spl Service@ = C:\Windows\system32\brsvc01a.exe
CLTNetCnService@ = "C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon /*file not found*/
IviRegMgr@ = C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
ProtexisLicensing@ = C:\Windows\system32\PSIService.exe
SeaPort@ = "C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe"
simptcp@ = %SystemRoot%\System32\tcpsvcs.exe
slsvc@ = %SystemRoot%\system32\SLsvc.exe
TomTomHOMEService@ = C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
TOSHIBA Bluetooth Service@ = C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
VAIO Event Service@ = C:\Program Files\sony\VAIO Event Service\VESMgr.exe
VzCdbSvc@ = "C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe"
VzFw@ = C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
wlidsvc@ = "C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE"
XAudioService@ = %SystemRoot%\system32\DRIVERS\xaudio.exe
XTAgent@ = %SystemRoot%\System32\Novell\XTAgent.exe

HKLM\Software\Microsoft\Windows\CurrentVersion\Run >>>
@RtHDVCplRtHDVCpl.exe = RtHDVCpl.exe
@SynTPEnhC:\Program Files\Synaptics\SynTP\SynTPEnh.exe = C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
@VAIOCameraUtility"C:\Program Files\Sony\VAIO Camera Utility\VCUServe.exe" = "C:\Program Files\Sony\VAIO Camera Utility\VCUServe.exe"
@ISBMgr.exe"C:\Program Files\Sony\ISB Utility\ISBMgr.exe" = "C:\Program Files\Sony\ISB Utility\ISBMgr.exe"
@ControlCenter3C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun /*file not found*/ = C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun /*file not found*/
@avgnt"C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min = "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
@VirtualCloneDrive"C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s = "C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
@FreePDF AssistantC:\Program Files\FreePDF_XP\fpassist.exe = C:\Program Files\FreePDF_XP\fpassist.exe

HKCU\Software\Microsoft\Windows\CurrentVersion\Run >>>
@ehTray.exeC:\Windows\ehome\ehTray.exe = C:\Windows\ehome\ehTray.exe
@WMPNSCFGC:\Program Files\Windows Media Player\WMPNSCFG.exe = C:\Program Files\Windows Media Player\WMPNSCFG.exe
@Skype"C:\Program Files\Skype\\Phone\Skype.exe" /nosplash /minimized = "C:\Program Files\Skype\\Phone\Skype.exe" /nosplash /minimized

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks@{AEB6717E-7E19-11d0-97EE-00C04FD91972} =

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved >>>
@{F02C1A0D-BE21-4350-88B0-7367FC96EF3C} /*Computers and Devices*/%systemroot%\system32\NetworkExplorer.dll = %systemroot%\system32\NetworkExplorer.dll
@{4A1E5ACD-A108-4100-9E26-D2FAFA1BA486} /*IGD Property Sheet Handler*/%SystemRoot%\System32\icsigd.dll = %SystemRoot%\System32\icsigd.dll
@{92dbad9f-5025-49b0-9078-2d78f935e341} /*Microsoft Windows Mail Html Preview Handler*/%SystemRoot%\system32\inetcomm.dll = %SystemRoot%\system32\inetcomm.dll
@{b9815375-5d7f-4ce2-9245-c9d4da436930} /*Microsoft Windows Mail Html Preview Handler*/%SystemRoot%\system32\inetcomm.dll = %SystemRoot%\system32\inetcomm.dll
@{f8b8412b-dea3-4130-b36c-5e8be73106ac} /*Microsoft Windows Mail Html Preview Handler*/%SystemRoot%\system32\inetcomm.dll = %SystemRoot%\system32\inetcomm.dll
@{5FA29220-36A1-40f9-89C6-F4B384B7642E} /*Shell Message Handler*/%SystemRoot%\system32\inetcomm.dll = %SystemRoot%\system32\inetcomm.dll
@{E7E4BC40-E76A-11CE-A9BB-00AA004AE837} /*Shell DocObject Viewer*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{FBF23B40-E3F0-101B-8488-00AA003E56F8} /*InternetShortcut*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{3C374A40-BAE4-11CF-BF7D-00AA006946EE} /*Microsoft Url History Service*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{FF393560-C2A7-11CF-BFF4-444553540000} /*History*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{7BD29E00-76C1-11CF-9DD0-00A0C9034933} /*Temporary Internet Files*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{7BD29E01-76C1-11CF-9DD0-00A0C9034933} /*Temporary Internet Files*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{CFBFAE00-17A6-11D0-99CB-00C04FD64497} /*Microsoft Url Search Hook*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{3DC7A020-0ACD-11CF-A9BB-00AA004AE837} /*The Internet*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{73CFD649-CD48-4fd8-A272-2070EA56526B} /*IE BandProxy*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{07C45BB1-4A8C-4642-A1F5-237E7215FF66} /*IE Microsoft BrowserBand*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{43886CD5-6529-41c4-A707-7B3C92C05E68} /*IE Navigation Bar*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{30D02401-6A81-11d0-8274-00C04FD5AE38} /*IE Search Band*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{F83DAC1C-9BB9-4f2b-B619-09819DA81B0E} /*IE Registry Tree Options Utility*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{3028902F-6374-48b2-8DC6-9725E775B926} /*IE AutoComplete*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{98FF6D4B-6387-4b0a-8FBD-C5C4BB17B4F8} /*IE MRU AutoComplete List*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{FDE7673D-2E19-4145-8376-BBD58C4BC7BA} /*IE Custom MRU AutoCompleted List*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{6038EF75-ABFC-4e59-AB6F-12D397F6568D} /*IE Microsoft History AutoComplete List*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{9D958C62-3954-4b44-8FAB-C4670C1DB4C2} /*IE Microsoft Shell Folder AutoComplete List*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{B31C5FAE-961F-415b-BAF0-E697A5178B94} /*IE Microsoft Multiple AutoComplete List Container*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{E6EE9AAC-F76B-4947-8260-A9F136138E11} /*IE Shell Band Site Menu*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{BFAD62EE-9D54-4b2a-BF3B-76F90697BD2A} /*IE Shell Rebar BandSite*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} /*IE User Assist*/(null) =
@{4B78D326-D922-44f9-AF2A-07805C2A3560} /*IE Menu Band*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{6CF48EF8-44CD-45d2-8832-A16EA016311B} /*IE IShellFolderBand*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{F2CF5485-4E02-4f68-819C-B92DE9277049} /*&Links*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{1C1EDB47-CE22-4bbb-B608-77B48F83C823} /*IE Fade Task*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{6B4ECC4F-16D1-4474-94AB-5A763F2A54AE} /*IE Tracking Shell Menu*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{44C76ECD-F7FA-411c-9929-1B77BA77F524} /*IE Menu Site*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{205D7A97-F16D-4691-86EF-F3075DCCA57D} /*IE Menu Desk Bar*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{871C5380-42A0-1069-A2EA-08002B30309D} /*Internet Name Space*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{9A096BB5-9DC3-4D1C-8526-C3CBF991EA4E} /*IE RSS Feeder Folder*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{8856f961-340a-11d0-a96b-00c04fd705a2} /*Microsoft Web Browser*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{00020d75-0000-0000-c000-000000000046} /*lnkfile*/(null) =
@{CC6EEFFB-43F6-46c5-9619-51D571967F7D} /*Web Publishing Wizard*/%SystemRoot%\System32\shwebsvc.dll = %SystemRoot%\System32\shwebsvc.dll
@{add36aa8-751a-4579-a266-d66f5202ccbb} /*Print Ordering via the Web*/%SystemRoot%\System32\shwebsvc.dll = %SystemRoot%\System32\shwebsvc.dll
@{6b33163c-76a5-4b6c-bf21-45de9cd503a1} /*Shell Publishing Wizard Object*/%SystemRoot%\System32\shwebsvc.dll = %SystemRoot%\System32\shwebsvc.dll
@{176d6597-26d3-11d1-b350-080036a75b03} /*ICM Scanner Management*/%SystemRoot%\System32\colorui.dll = %SystemRoot%\System32\colorui.dll
@{5DB2625A-54DF-11D0-B6C4-0800091AA605} /*ICM Monitor Management*/%SystemRoot%\System32\colorui.dll = %SystemRoot%\System32\colorui.dll
@{675F097E-4C4D-11D0-B6C1-0800091AA605} /*ICM Printer Management*/%SystemRoot%\system32\colorui.dll = %SystemRoot%\system32\colorui.dll
@{DBCE2480-C732-101B-BE72-BA78E9AD5B27} /*ICC Profile*/%SystemRoot%\system32\colorui.dll = %SystemRoot%\system32\colorui.dll
@{b2c761c6-29bc-4f19-9251-e6195265baf1} /*Color Control Panel Applet*/(null) =
@{74246bfc-4c96-11d0-abef-0020af6b0b7a} /*Device Manager*/%SystemRoot%\System32\devmgr.dll = %SystemRoot%\System32\devmgr.dll
@{7A979262-40CE-46ff-AEEE-7884AC3B6136} /*Add New Hardware*/(null) =
@{3e7efb4c-faf1-453d-89eb-56026875ef90} /*Get Programs Online*/(null) =
@{1b24a030-9b20-49bc-97ac-1be4426f9e59} /*ActiveDirectory Folder*/(null) =
@{34449847-FD14-4fc8-A75A-7432F5181EFB} /*ActiveDirectory Folder*/(null) =
@{C8494E42-ACDD-4739-B0FB-217361E4894F} /*Sam Account Folder*/(null) =
@{E29F9716-5C08-4FCD-955A-119FDB5A522D} /*Sam Account Folder*/(null) =
@{5399E694-6CE5-4D6C-8FCE-1D8870FDCBA0} /*Control Panel command object for Start menu*/(null) =
@{E44E5D18-0652-4508-A4E2-8A090067BCB0} /*Default Programs command object for Start menu*/(null) =
@{6dfd7c5c-2451-11d3-a299-00c04f8ef6af} /*Folder Options*/(null) =
@{97e467b4-98c6-4f19-9588-161b7773d6f6} /*Office Document Property Handler*/%SystemRoot%\system32\propsys.dll = %SystemRoot%\system32\propsys.dll
@{2C2577C2-63A7-40e3-9B7F-586602617ECB} /*Explorer Query Band*/(null) =
@{DC1C5A9C-E88A-4dde-A5A1-60F82A20AEF7} /*File Open Dialog*/%SystemRoot%\System32\comdlg32.dll = %SystemRoot%\System32\comdlg32.dll
@{C0B4E2F3-BA21-4773-8DBA-335EC946EB8B} /*File Save Dialog*/%SystemRoot%\System32\comdlg32.dll = %SystemRoot%\System32\comdlg32.dll
@{E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} /*Shell Icon Handler for Application References*/C:\Windows\system32\dfshim.dll = C:\Windows\system32\dfshim.dll
@{e82a2d71-5b2f-43a0-97b8-81be15854de8} /*ShellLink for Application References*/C:\Windows\system32\dfshim.dll = C:\Windows\system32\dfshim.dll
@{92337A8C-E11D-11D0-BE48-00C04FC30DF6} /*OlePrn.PrinterURL*/%SystemRoot%\system32\oleprn.dll = %SystemRoot%\system32\oleprn.dll
@{45670FA8-ED97-4F44-BC93-305082590BFB} /*Microsoft XPS Properties*/%SystemRoot%\system32\XPSSHHDR.DLL = %SystemRoot%\system32\XPSSHHDR.DLL
@{44121072-A222-48f2-A58A-6D9AD51EBBE9} /*Microsoft XPS Thumbnail*/%SystemRoot%\system32\XPSSHHDR.DLL = %SystemRoot%\system32\XPSSHHDR.DLL
@{38a98528-6cbf-4ca9-8dc0-b1e1d10f7b1b} /*View Available Networks*/(null) =
@{13D3C4B8-B179-4ebb-BF62-F704173E7448} /*Windows Contact Preview Handler*/%CommonProgramFiles%\System\wab32.dll = %CommonProgramFiles%\System\wab32.dll
@{0F8604A5-4ECE-4DE1-BA7D-CF10F8AA4F48} /*Contacts folder*/(null) =
@{4F58F63F-244B-4c07-B29F-210BE59BE9B4} /*.group shell extension handler*/%CommonProgramFiles%\System\wab32.dll = %CommonProgramFiles%\System\wab32.dll
@{8082C5E6-4C27-48ec-A809-B8E1122E8F97} /*.contact shell extension handler*/%CommonProgramFiles%\System\wab32.dll = %CommonProgramFiles%\System\wab32.dll
@{16C2C29D-0E5F-45f3-A445-03E03F587B7D} /*group_wab_auto_file*/%CommonProgramFiles%\System\wab32.dll = %CommonProgramFiles%\System\wab32.dll
@{CF67796C-F57F-45F8-92FB-AD698826C602} /*contact_wab_auto_file*/%CommonProgramFiles%\System\wab32.dll = %CommonProgramFiles%\System\wab32.dll
@{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8} /*Compatibility Property Page*/%windir%\system32\acppage.dll = %windir%\system32\acppage.dll
@{4026492f-2f69-46b8-b9bf-5654fc07e423} /*Windows Firewall*/(null) =
@{fcfeecae-ee1b-4849-ae50-685dcf7717ec} /*Problem Reports and Solutions*/(null) =
@{a304259d-52b8-4526-8b1a-a1d6cecc8243} /*iSCSI Initiator*/(null) =
@{11dbb47c-a525-400b-9e80-a54615a090c0} /*Execute Folder*/ExplorerFrame.dll = ExplorerFrame.dll
@{90b9bce2-b6db-4fd3-8451-35917ea1081b} /*Search Execute Command*/ExplorerFrame.dll = ExplorerFrame.dll
@{911051fa-c21c-4246-b470-070cd8df6dc4} /*.cab or .zip files*/(null) =
@{da67b8ad-e81b-4c70-9b91b417b5e33527} /*Windows Search Shell Service*/(null) =
@{a38b883c-1682-497e-97b0-0a3a9e801682} /*IPropertyStore Handler for Images*/C:\Windows\system32\PhotoMetadataHandler.dll = C:\Windows\system32\PhotoMetadataHandler.dll
@{C7657C4A-9F68-40fa-A4DF-96BC08EB3551} /*Photo Thumbnail Provider*/C:\Windows\system32\PhotoMetadataHandler.dll = C:\Windows\system32\PhotoMetadataHandler.dll
@{3F30C968-480A-4C6C-862D-EFC0897BB84B} /*Photo Thumbnail Extractor*/C:\Windows\system32\PhotoMetadataHandler.dll = C:\Windows\system32\PhotoMetadataHandler.dll
@{BC65FB43-1958-4349-971A-210290480130} /*Network Explorer Property Sheet Handler*/%SystemRoot%\System32\NcdProp.dll = %SystemRoot%\System32\NcdProp.dll
@{d3e34b21-9d75-101a-8c3d-00aa001a1652} /*Bitmap Image*/(null) =
@{40C3D757-D6E4-4b49-BB41-0E5BBEA28817} /*Video Media Properties Handler*/%SystemRoot%\System32\mediametadatahandler.dll = %SystemRoot%\System32\mediametadatahandler.dll
@{E598560B-28D5-46aa-A14A-8A3BEA34B576} /*Windows Photo Gallery Viewer Video Verbs*/%ProgramFiles%\Windows Photo Gallery\PhotoViewer.dll /*file not found*/ = %ProgramFiles%\Windows Photo Gallery\PhotoViewer.dll /*file not found*/
@{00f2886f-cd64-4fc9-8ec5-30ef6cdbe8c3} /*Microsoft.ScannersAndCameras*/(null) =
@{0a4286ea-e355-44fb-8086-af3df7645bd9} /*Windows Media Player*/C:\PROGRA~1\WI4EB4~1\wmpband.dll = C:\PROGRA~1\WI4EB4~1\wmpband.dll
@{BB6B2374-3D79-41DB-87F4-896C91846510} /*EMDFileProperties*/emdmgmt.dll = emdmgmt.dll
@{875CB1A1-0F29-45de-A1AE-CFB4950D0B78} /*Audio Media Properties Handler*/%SystemRoot%\System32\mediametadatahandler.dll = %SystemRoot%\System32\mediametadatahandler.dll
@{89D83576-6BD1-4c86-9454-BEB04E94C819} /*MAPI Search Namespace Extension*/%systemroot%\system32\mssvp.dll = %systemroot%\system32\mssvp.dll

Teil 2, ansonsten schmiert das Teil wie gesagt immer ab...

@{7A0F6AB7-ED84-46B6-B47E-02AA159A152B} /*Sync Center Simple Conflict Presenter*/%SystemRoot%\System32\SyncCenter.dll = %SystemRoot%\System32\SyncCenter.dll
@{9D687A4C-1404-41ef-A089-883B6FBECDE6} /*Windows Photo Gallery Viewer Autoplay Handler*/(null) =
@{37efd44d-ef8d-41b1-940d-96973a50e9e0} /*Windows Sidebar Properties*/(null) =
@{00f20eb5-8fd6-4d9d-b75e-36801766c8f1} /*PhotoAcqDropTarget*/%ProgramFiles%\Windows Photo Gallery\PhotoAcq.dll /*file not found*/ = %ProgramFiles%\Windows Photo Gallery\PhotoAcq.dll /*file not found*/
@{BC48B32F-5910-47F5-8570-5074A8A5636A} /*Sync Results Delegate Folder*/%SystemRoot%\System32\SyncCenter.dll = %SystemRoot%\System32\SyncCenter.dll
@{ED228FDF-9EA8-4870-83B1-96B02CFE0D52} /*Games Folder*/C:\Windows\System32\gameux.dll = C:\Windows\System32\gameux.dll
@{E413D040-6788-4C22-957E-175D1C513A34} /*Sync Center Conflict Delegate Folder*/%SystemRoot%\System32\SyncCenter.dll = %SystemRoot%\System32\SyncCenter.dll
@{67718415-c450-4f3c-bf8a-b487642dc39b} /*Windows Features*/(null) =
@{91ADC906-6722-4B05-A12B-471ADDCCE132} /*Touch Band*/%SystemRoot%\System32\TouchX.dll = %SystemRoot%\System32\TouchX.dll
@{2781761E-28E0-4109-99FE-B9D127C57AFE} /*Windows Defender IOfficeAntiVirus implementation*/%ProgramFiles%\Windows Defender\MpOav.dll /*file not found*/ = %ProgramFiles%\Windows Defender\MpOav.dll /*file not found*/
@{FFE2A43C-56B9-4bf5-9A79-CC6D4285608A} /*Windows Photo Gallery Viewer Image Verbs*/%ProgramFiles%\Windows Photo Gallery\PhotoViewer.dll /*file not found*/ = %ProgramFiles%\Windows Photo Gallery\PhotoViewer.dll /*file not found*/
@{4B534112-3AF6-4697-A77C-D62CE9B9E7CF} /*Sync Center Event Properties Extension*/%SystemRoot%\System32\SyncCenter.dll = %SystemRoot%\System32\SyncCenter.dll
@{F1390A9A-A3F4-4E5D-9C5F-98F3BD8D935C} /*Sync Setup Delegate Folder*/%SystemRoot%\System32\SyncCenter.dll = %SystemRoot%\System32\SyncCenter.dll
@{4E5BFBF8-F59A-4e87-9805-1F9B42CC254A} /*GameUX.RichGameMediaThumbnail*/C:\Windows\System32\gameux.dll = C:\Windows\System32\gameux.dll
@{d8559eb9-20c0-410e-beda-7ed416aecc2a} /*Windows Defender*/(null) =
@{576C9E85-1300-4EF5-BF6B-D00509F4EDCD} /*Sync Center Handler Properties Extension*/%SystemRoot%\System32\SyncCenter.dll = %SystemRoot%\System32\SyncCenter.dll
@{5ea4f148-308c-46d7-98a9-49041b1dd468} /*Mobility Center Control Panel*/(null) =
@{289978AC-A101-4341-A817-21EBA7FD046D} /*Sync Center Conflict Folder*/%SystemRoot%\System32\SyncCenter.dll = %SystemRoot%\System32\SyncCenter.dll
@{877ca5ac-cb41-4842-9c69-9136e42d47e2} /*File Backup Index*/%systemroot%\system32\sdshext.dll = %systemroot%\system32\sdshext.dll
@{71D99464-3B6B-475C-B241-E15883207529} /*Sync Results Folder*/%SystemRoot%\System32\SyncCenter.dll = %SystemRoot%\System32\SyncCenter.dll
@{B32D3949-ED98-4DBB-B347-17A144969BBA} /*Sync Center Item Properties Extension*/%SystemRoot%\System32\SyncCenter.dll = %SystemRoot%\System32\SyncCenter.dll
@{D6791A63-E7E2-4fee-BF52-5DED8E86E9B8} /*Portable Devices Menu*/%SystemRoot%\system32\wpdshext.dll = %SystemRoot%\system32\wpdshext.dll
@{2E9E59C0-B437-4981-A647-9C34B9B90891} /*Sync Setup Folder*/%SystemRoot%\System32\SyncCenter.dll = %SystemRoot%\System32\SyncCenter.dll
@{9C73F5E5-7AE7-4E32-A8E8-8D23B85255BF} /*Sync Center Folder*/%SystemRoot%\System32\SyncCenter.dll = %SystemRoot%\System32\SyncCenter.dll
@{CB1B7F8C-C50A-4176-B604-9E24DEE8D4D1} /*Welcome Center*/oobefldr.dll = oobefldr.dll
@{15D633E2-AD00-465b-9EC7-F56B7CDF8E27} /*Tablet PC Input Panel*/%CommonProgramFiles%\microsoft shared\ink\TipBand.dll /*file not found*/ = %CommonProgramFiles%\microsoft shared\ink\TipBand.dll /*file not found*/
@{F04CC277-03A2-4277-96A9-77967471BDFF} /*Sync Center Conflict Properties Extension*/%SystemRoot%\System32\SyncCenter.dll = %SystemRoot%\System32\SyncCenter.dll
@{53BEDF0B-4E5B-4183-8DC9-B844344FA104} /*Microsoft Windows MAPI Preview Handler*/%SystemRoot%\system32\mssvp.dll = %SystemRoot%\system32\mssvp.dll
@{6b9228da-9c15-419e-856c-19e768a13bdc} /*Windows gadget DropTarget*/%ProgramFiles%\Windows Sidebar\sbdrop.dll /*file not found*/ = %ProgramFiles%\Windows Sidebar\sbdrop.dll /*file not found*/
@{8E25992B-373E-486E-80E5-BD23AE417E66} /*Sync Center Device Notification Sink*/%SystemRoot%\System32\SyncCenter.dll = %SystemRoot%\System32\SyncCenter.dll
@{35786D3C-B075-49b9-88DD-029876E11C01} /*Portable Devices*/%SystemRoot%\system32\wpdshext.dll = %SystemRoot%\system32\wpdshext.dll
@{031EE060-67BC-460d-8847-E4A7C5E45A27} /*Windows Media Player Rich Preview Handler*/(null) =
@{1FA9085F-25A2-489B-85D4-86326EEDCD87} /*Manage Wireless Networks*/%SystemRoot%\system32\wlanpref.dll = %SystemRoot%\system32\wlanpref.dll
@{ECDD6472-2B9B-4b4b-AE36-F316DF3C8D60} /*RichGameMediaPropertyStore Class*/C:\Windows\System32\gameux.dll = C:\Windows\System32\gameux.dll
@{BD7A2E7B-21CB-41b2-A086-B309680C6B7E} /*Client Side Cache Namespace Extension*/%systemroot%\system32\mssvp.dll = %systemroot%\system32\mssvp.dll
@{c5a40261-cd64-4ccf-84cb-c394da41d590} /*Video Thumbnail Extractor*/%SystemRoot%\System32\mediametadatahandler.dll = %SystemRoot%\System32\mediametadatahandler.dll
@{2F603045-309F-11CF-9774-0020AFD0CFF6} /*Synaptics Control Panel*/C:\Program Files\Synaptics\SynTP\SynTPCpl.dll = C:\Program Files\Synaptics\SynTP\SynTPCpl.dll
@{ED58A35B-B554-42AF-A26C-6F3D424200D3} /*Sony Power Management Extensiond*/C:\Program Files\Sony\VAIO Power Management\SPMPanel.dll = C:\Program Files\Sony\VAIO Power Management\SPMPanel.dll
@{45AC2688-0253-4ED8-97DE-B5370FA7D48A} /*Shell Extension for Malware scanning*/C:\Program Files\Avira\AntiVir Desktop\shlext.dll = C:\Program Files\Avira\AntiVir Desktop\shlext.dll
@{5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C} /*Microsoft Office OneNote Namespace Extension for Windows Desktop Search*/C:\PROGRA~1\MICROS~3\Office12\ONFILTER.DLL = C:\PROGRA~1\MICROS~3\Office12\ONFILTER.DLL
@{42042206-2D85-11D3-8CFF-005004838597} /*Microsoft Office HTML Icon Handler*/C:\Program Files\Microsoft Office\Office12\msohevi.dll = C:\Program Files\Microsoft Office\Office12\msohevi.dll
@{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} /*Microsoft Office Metadata Handler*/C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll = C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
@{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} /*Microsoft Office Thumbnail Handler*/C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll = C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
@{5E2121EE-0300-11D4-8D3B-444553540000} /*Catalyst Context Menu extension*/C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\atiacmxx.dll = C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\atiacmxx.dll
@{62DF97A2-3635-4412-AE30-80B164BC88AD} /*ShellContextMenuHandler extension*/C:\Program Files\1&1\1&1 Upload-Manager\SHNDLERS.DLL = C:\Program Files\1&1\1&1 Upload-Manager\SHNDLERS.DLL
@{0563DB41-F538-4B37-A92D-4659049B7766} /*WLMD Message Handler*/C:\Program Files\Windows Live\Mail\mailcomm.dll = C:\Program Files\Windows Live\Mail\mailcomm.dll
@{06A2568A-CED6-4187-BB20-400B8C02BE5A} /**/(null) =
@{00F33137-EE26-412F-8D71-F84E4C2C6625} /**/C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll = C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll
@{2BE99FD4-A181-4996-BFA9-58C5FFD11F6C} /*Windows Live Photo Gallery Autoplay Drop Target*/(null) =
@{00F30F64-AC33-42F5-8FD1-5DC2D3FDE06C} /*Windows Live Photo Gallery Viewer Drop Target*/(null) =
@{00F374B7-B390-4884-B372-2FC349F2172B} /*Windows Live Photo Gallery Editor Drop Target*/(null) =
@{00F346CB-35A4-465B-8B8F-65A29DBAB1F6} /*Windows Live Photo Gallery Viewer Drop Target Shim*/C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll = C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll
@{00F3712A-CA79-45B4-9E4D-D7891E7F8B9D} /*Windows Live Photo Gallery Editor Drop Target Shim*/C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll = C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll
@{00F30F90-3E96-453B-AFCD-D71989ECC2C7} /*Windows Live Photo Gallery Autoplay Drop Target Shim*/C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll = C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll
@{11016101-E366-4D22-BC06-4ADA335C892B} /*IE History and Feeds Shell Data Source for Windows Search*/C:\Windows\System32\ieframe.dll = C:\Windows\System32\ieframe.dll
@{28803F59-3A75-4058-995F-4EE5503B023C} /*Wireless Devices*/%systemroot%\system32\FunctionDiscoveryFolder.dll = %systemroot%\system32\FunctionDiscoveryFolder.dll
@{9113A02D-00A3-46B9-BC5F-9C04DADDD5D7} /*Enhanced Storage Data Source*/%SystemRoot%\system32\EhStorShell.dll = %SystemRoot%\system32\EhStorShell.dll
@{B7056B8E-4F99-44f8-8CBD-282390FE5428} /*VirtualCloneDrive*/C:\Program Files\Elaborate Bytes\VirtualCloneDrive\ElbyVCDShell.dll = C:\Program Files\Elaborate Bytes\VirtualCloneDrive\ElbyVCDShell.dll

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\ >>>
Shell Extension for Malware scanning@{45AC2688-0253-4ED8-97DE-B5370FA7D48A} = C:\Program Files\Avira\AntiVir Desktop\shlext.dll
VirtualCloneDrive@{B7056B8E-4F99-44f8-8CBD-282390FE5428} = C:\Program Files\Elaborate Bytes\VirtualCloneDrive\ElbyVCDShell.dll

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ >>>
MBAMShlExt@{57CE581A-0CB6-4266-9CA0-19364C90A0B3} = C:\Program Files\Malwarebytes' Anti-Malware\mbamext.dll
Shell Extension for Malware scanning@{45AC2688-0253-4ED8-97DE-B5370FA7D48A} = C:\Program Files\Avira\AntiVir Desktop\shlext.dll

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects >>>
@{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll = C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
@{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll = C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
@{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}C:\Program Files\Java\jre1.6.0\bin\ssv.dll = C:\Program Files\Java\jre1.6.0\bin\ssv.dll
@{9030D464-4C02-4ABF-8ECC-5164760863C6}C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll = C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
@{CA6319C0-31B7-401E-A518-A07C3DB8F777}C:\PROGRA~1\GOOGLE~1\BAE.dll = C:\PROGRA~1\GOOGLE~1\BAE.dll
@{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}C:\Program Files\Windows Live\Toolbar\wltcore.dll = C:\Program Files\Windows Live\Toolbar\wltcore.dll

HKLM\Software\Microsoft\Internet Explorer\Main >>>
@Default_Page_URLhttp://go.microsoft.com/fwlink/?LinkId=69157 = http://go.microsoft.com/fwlink/?LinkId=69157
@Start Pagehttp://go.microsoft.com/fwlink/?LinkId=69157 = http://go.microsoft.com/fwlink/?LinkId=69157
@Local PageC:\Windows\System32\blank.htm = C:\Windows\System32\blank.htm

HKCU\Software\Microsoft\Internet Explorer\Main >>>
@Start Pagehttp://www.google.de/ = http://www.google.de/
@Local PageC:\Windows\system32\blank.htm = C:\Windows\system32\blank.htm

HKLM\Software\Classes\PROTOCOLS\Filter\text/xml@CLSID = C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL

HKLM\Software\Classes\PROTOCOLS\Handler\ >>>
dvd@CLSID = C:\Windows\System32\msvidctl.dll
its@CLSID = %SystemRoot%\System32\itss.dll
livecall@CLSID = C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
mhtml@CLSID = %SystemRoot%\system32\inetcomm.dll
ms-help@CLSID = C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
ms-its@CLSID = %SystemRoot%\System32\itss.dll
msnim@CLSID = C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
skype4com@CLSID = C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
tv@CLSID = C:\Windows\System32\msvidctl.dll
wlmailhtml@CLSID = C:\Program Files\Windows Live\Mail\mailcomm.dll
x-excid@CLSID = c:\Windows\Downloaded Program Files\mimectl.dll

HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{016aee53-2788-489c-a505-d59137520c92} /*LAN-Verbindung 4*/ >>>
@IPAddress172.16.164.1 = 172.16.164.1
@NameServer =
@Domain =

HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{BC19BA40-BBE6-4C21-B62D-874126A0688A} /*Drahtlosnetzwerkverbindung*/ >>>
@IPAddress =
@NameServer =
@Domain =

HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ >>>
000000000001@LibraryPath = %SystemRoot%\system32\NLAapi.dll
000000000002@LibraryPath = %SystemRoot%\system32\napinsp.dll
000000000003@LibraryPath = %SystemRoot%\system32\pnrpnsp.dll
000000000004@LibraryPath = %SystemRoot%\system32\pnrpnsp.dll

HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\ >>>
000000000014@PackedCatalogItem = C:\Program Files\VMware\VMware Player\vsocklib.dll

HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000015@PackedCatalogItem = C:\Program Files\VMware\VMware Player\vsocklib.dll

---- EOF - GMER 1.0.15 ----

Bevor ich es vergesse, du solltest noch einen Scan mit GMER machen und den Report posten!