Trojaner_Clicker in sims 2 die Haustiere

LadyFreaky · 06.09.2010, 17:59

so ich wer jetzt soweit .... wie lange bist du heut noch im Forum online?!

cosinus · 06.09.2010, 19:32

Poste doch erstmal das Log

Und Deine Fragen sind nicht nachvollziehbar, es sei denn Du verwechselst ein Forum mit einem Chat

LadyFreaky · 06.09.2010, 19:36

ich wollt eben warten weil du gemeint hast kaspersky soll ich erst wieder aufdrehen wenn du es sagst .... und wollt ich eben dann net zu lange abgedreht lassen

das malewareprgrogramm ... arbeitet das selbstständig also muss ich das auch abdrehen?

LadyFreaky · 07.09.2010, 16:09

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows Vista Home Premium Edition
Windows Information: Service Pack 1 (build 6001), 32-bit
Base Board Manufacturer: Acer
BIOS Manufacturer: Phoenix Technologies, LTD
System Manufacturer: Acer
System Product Name: Aspire M3100
Logical Drives Mask: 0x000003fc

Kernel Drivers (total 144):
0x86A10000 \SystemRoot\system32\ntkrnlpa.exe
0x86DC9000 \SystemRoot\system32\hal.dll
0x80600000 \SystemRoot\system32\kdcom.dll
0x80608000 \SystemRoot\system32\PSHED.dll
0x80619000 \SystemRoot\system32\BOOTVID.dll
0x80621000 \SystemRoot\system32\CLFS.SYS
0x80662000 \SystemRoot\system32\CI.dll
0x80742000 \SystemRoot\system32\drivers\Wdf01000.sys
0x807BE000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x8E60B000 \SystemRoot\system32\drivers\acpi.sys
0x8E651000 \SystemRoot\system32\drivers\WMILIB.SYS
0x8E65A000 \SystemRoot\system32\drivers\msisadrv.sys
0x8E662000 \SystemRoot\system32\drivers\pci.sys
0x8E689000 \SystemRoot\System32\drivers\partmgr.sys
0x8E698000 \SystemRoot\system32\drivers\volmgr.sys
0x8E6A7000 \SystemRoot\System32\drivers\volmgrx.sys
0x8E6F1000 \SystemRoot\system32\drivers\pciide.sys
0x8E6F8000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0x8E706000 \SystemRoot\System32\drivers\mountmgr.sys
0x8E716000 \SystemRoot\system32\drivers\atapi.sys
0x8E71E000 \SystemRoot\system32\drivers\ataport.SYS
0x8E73C000 \SystemRoot\system32\drivers\fltmgr.sys
0x8E76E000 \SystemRoot\system32\drivers\fileinfo.sys
0x8E77E000 \SystemRoot\system32\DRIVERS\psdfilter.sys
0x8E787000 \SystemRoot\system32\drivers\klbg.sys
0x8E803000 \SystemRoot\System32\Drivers\ksecdd.sys
0x8E874000 \SystemRoot\system32\drivers\ndis.sys
0x8E97F000 \SystemRoot\system32\drivers\msrpc.sys
0x8E9AA000 \SystemRoot\system32\drivers\NETIO.SYS
0x8EA02000 \SystemRoot\System32\drivers\tcpip.sys
0x8EAEB000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x8EC08000 \SystemRoot\System32\Drivers\Ntfs.sys
0x8ED17000 \SystemRoot\system32\drivers\volsnap.sys
0x8ED50000 \SystemRoot\System32\Drivers\spldr.sys
0x8ED58000 \SystemRoot\system32\drivers\psdvdisk.sys
0x8ED6A000 \SystemRoot\system32\drivers\PSDNServ.sys
0x8ED73000 \SystemRoot\System32\Drivers\mup.sys
0x8ED82000 \SystemRoot\System32\drivers\ecache.sys
0x8EDA9000 \SystemRoot\system32\drivers\disk.sys
0x8EDBA000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x8EDDB000 \SystemRoot\system32\DRIVERS\AtiPcie.sys
0x8EDE3000 \SystemRoot\system32\drivers\crcdisk.sys
0x8EDEC000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x8EDF7000 \SystemRoot\system32\DRIVERS\tunmp.sys
0x8EB06000 \SystemRoot\system32\DRIVERS\processr.sys
0x96400000 \SystemRoot\system32\DRIVERS\atikmdag.sys
0x96B28000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x96BC7000 \SystemRoot\System32\drivers\watchdog.sys
0x96BD4000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x8EB15000 \SystemRoot\system32\DRIVERS\yk60x86.sys
0x96BE6000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x96BFE000 \SystemRoot\system32\DRIVERS\NTIDrvr.sys
0x8EB53000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0x8EB5D000 \SystemRoot\system32\DRIVERS\usbohci.sys
0x8EB67000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x8EBA5000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x8EBB4000 \SystemRoot\system32\DRIVERS\ohci1394.sys
0x8EBC4000 \SystemRoot\system32\DRIVERS\1394BUS.SYS
0x8EBD2000 \SystemRoot\system32\DRIVERS\fdc.sys
0x8EBDD000 \SystemRoot\system32\DRIVERS\serial.sys
0x8E9E4000 \SystemRoot\system32\DRIVERS\serenum.sys
0x8E792000 \SystemRoot\system32\DRIVERS\parport.sys
0x8E7AA000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x8EBF7000 \SystemRoot\system32\DRIVERS\klmouflt.sys
0x8E9EE000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x8E7BD000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x8E7C8000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0x94202000 \SystemRoot\system32\DRIVERS\storport.sys
0x94243000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x9424E000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x94265000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x94270000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x94293000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x942A2000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x942B6000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x942CB000 \SystemRoot\system32\DRIVERS\termdd.sys
0x942DB000 \SystemRoot\system32\DRIVERS\swenum.sys
0x942DD000 \SystemRoot\system32\DRIVERS\ks.sys
0x94307000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x94311000 \SystemRoot\system32\DRIVERS\umbus.sys
0x9431E000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x94352000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x94370000 \SystemRoot\system32\drivers\HdAudio.sys
0x943AF000 \SystemRoot\system32\drivers\portcls.sys
0x807CB000 \SystemRoot\system32\drivers\drmk.sys
0x97A09000 \SystemRoot\system32\drivers\RTKVHDA.sys
0x9820C000 \SystemRoot\system32\DRIVERS\klif.sys
0x98255000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x9825E000 \SystemRoot\System32\Drivers\Null.SYS
0x98265000 \SystemRoot\System32\Drivers\Beep.SYS
0x98275000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x9827C000 \SystemRoot\System32\drivers\vga.sys
0x98288000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x982A9000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x982B1000 \SystemRoot\system32\drivers\rdpencdd.sys
0x982B9000 \SystemRoot\System32\Drivers\Msfs.SYS
0x982C4000 \SystemRoot\System32\Drivers\Npfs.SYS
0x982D2000 \SystemRoot\System32\DRIVERS\rasacd.sys
0x982DB000 \SystemRoot\system32\DRIVERS\tdx.sys
0x982F1000 \SystemRoot\system32\DRIVERS\smb.sys
0x98401000 \SystemRoot\system32\DRIVERS\kl1.sys
0x98921000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0x98933000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x98935000 \SystemRoot\system32\drivers\afd.sys
0x9897D000 \SystemRoot\System32\DRIVERS\netbt.sys
0x989AF000 \SystemRoot\system32\DRIVERS\pacer.sys
0x989C5000 \SystemRoot\system32\DRIVERS\klim6.sys
0x989CC000 \SystemRoot\system32\DRIVERS\netbios.sys
0x989DA000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x98305000 \SystemRoot\System32\drivers\truecrypt.sys
0x9833D000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x989ED000 \SystemRoot\system32\drivers\nsiproxy.sys
0x98379000 \SystemRoot\System32\Drivers\dfsc.sys
0x98390000 \SystemRoot\System32\Drivers\fastfat.SYS
0x862E0000 \SystemRoot\System32\win32k.sys
0x983B8000 \SystemRoot\System32\drivers\Dxapi.sys
0x983C2000 \SystemRoot\system32\DRIVERS\monitor.sys
0x86500000 \SystemRoot\System32\TSDDD.dll
0x86520000 \SystemRoot\System32\cdd.dll
0x86530000 \SystemRoot\System32\ATMFD.DLL
0x983D1000 \SystemRoot\system32\drivers\luafv.sys
0x97BC9000 \SystemRoot\system32\drivers\WudfPf.sys
0xA300C000 \SystemRoot\system32\drivers\spsys.sys
0xA30BB000 \SystemRoot\system32\DRIVERS\lltdio.sys
0xA30CB000 \SystemRoot\system32\DRIVERS\rspndr.sys
0xA30DE000 \SystemRoot\system32\drivers\HTTP.sys
0xA314B000 \SystemRoot\System32\DRIVERS\srvnet.sys
0xA3168000 \SystemRoot\system32\DRIVERS\bowser.sys
0xA3181000 \SystemRoot\System32\drivers\mpsdrv.sys
0xA3196000 \SystemRoot\system32\drivers\mrxdav.sys
0xA31B6000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xA380D000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0xA3846000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0xA385E000 \SystemRoot\System32\DRIVERS\srv2.sys
0xA3885000 \SystemRoot\System32\DRIVERS\srv.sys
0xA38D3000 \SystemRoot\system32\DRIVERS\parvdm.sys
0xA38DA000 \??\C:\Acer\Empowering Technology\eRecovery\int15.sys
0xA38EB000 \SystemRoot\system32\drivers\peauth.sys
0xA39C9000 \SystemRoot\System32\Drivers\secdrv.SYS
0xA39D3000 \SystemRoot\System32\drivers\tcpipreg.sys
0xA39DF000 \??\C:\Program Files\Acer Arcade Live\Acer PlayMovie\000.fcl
0xA31D5000 \SystemRoot\system32\DRIVERS\WUDFRd.sys
0x97BE3000 \SystemRoot\system32\DRIVERS\cdfs.sys
0x779F0000 \Windows\System32\ntdll.dll

Processes (total 82):
0 System Idle Process
4 System
512 C:\Windows\System32\smss.exe
580 csrss.exe
636 C:\Windows\System32\wininit.exe
648 csrss.exe
680 C:\Windows\System32\services.exe
692 C:\Windows\System32\lsass.exe
704 C:\Windows\System32\lsm.exe
848 C:\Windows\System32\winlogon.exe
892 C:\Windows\System32\svchost.exe
952 C:\Windows\System32\svchost.exe
992 C:\Windows\System32\svchost.exe
1084 C:\Windows\System32\Ati2evxx.exe
1108 C:\Windows\System32\svchost.exe
1144 C:\Windows\System32\svchost.exe
1156 C:\Windows\System32\svchost.exe
1276 C:\Windows\System32\audiodg.exe
1304 C:\Windows\System32\svchost.exe
1324 C:\Windows\System32\SLsvc.exe
1380 C:\Windows\System32\svchost.exe
1568 C:\Windows\System32\svchost.exe
1580 C:\Windows\System32\Ati2evxx.exe
1748 C:\Windows\System32\spoolsv.exe
1772 C:\Windows\System32\svchost.exe
1516 C:\Windows\System32\dwm.exe
1656 C:\Windows\System32\taskeng.exe
1816 C:\Windows\explorer.exe
2052 C:\Program Files\Windows Defender\MSASCui.exe
2060 C:\Windows\RtHDVCpl.exe
2068 C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
2092 C:\Program Files\Acer Arcade Live\Acer PlayMovie\PMVService.exe
2256 C:\Program Files\iTunes\iTunesHelper.exe
2264 C:\Program Files\FreePDF_XP\fpassist.exe
2280 C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
2312 C:\Program Files\Common Files\Java\Java Update\jusched.exe
2332 C:\Program Files\Avanquest\Print Artist Platinum\ReminderApp.exe
2340 C:\Program Files\Common Files\Real\Update_OB\realsched.exe
2360 C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
2372 C:\Program Files\SweetIM\Messenger\SweetIM.exe
2380 C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe
2388 C:\Program Files\DivX\DivX Update\DivXUpdate.exe
2404 C:\Program Files\Windows Sidebar\sidebar.exe
2420 C:\Windows\ehome\ehtray.exe
2432 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
2440 C:\Program Files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe
2456 C:\Program Files\Windows Media Player\wmpnscfg.exe
2488 C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe
2496 C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
2560 C:\Windows\System32\taskeng.exe
2672 C:\Users\birgit\AppData\Local\Google\Update\1.2.183.29\GoogleCrashHandler.exe
2772 C:\Windows\ehome\ehmsas.exe
3132 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
3236 C:\Acer\Empowering Technology\Acer.Empowering.Framework.Supervisor.exe
3304 C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
3400 C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe
3428 C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
3524 C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
3544 C:\Program Files\Application Updater\ApplicationUpdater.exe
3564 C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
3576 C:\Program Files\Bonjour\mDNSResponder.exe
3600 C:\Windows\System32\svchost.exe
3620 C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
3664 C:\Program Files\CDBurnerXP\NMSAccessU.exe
3804 C:\Windows\System32\svchost.exe
3824 C:\Program Files\CyberLink\Shared Files\RichVideo.exe
3876 C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
3960 C:\Windows\System32\svchost.exe
4016 C:\Windows\System32\svchost.exe
4052 C:\Windows\System32\SearchIndexer.exe
1596 C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
2928 WUDFHost.exe
4260 C:\Program Files\Windows Media Player\wmpnetwk.exe
4288 C:\Program Files\iPod\bin\iPodService.exe
4488 C:\Windows\System32\mobsync.exe
5456 C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
5616 C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
5652 C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
5676 C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe
4808 C:\Program Files\Common Files\Nokia\NoA\nokiaaserver.exe
6076 C:\Windows\System32\wuauclt.exe
4136 C:\Users\birgit\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000001`f3947600 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x0000003b`3be4a400 (NTFS)

PhysicalDrive0 Model Number: ST3500830AS, Rev: 3.AAD

Size Device Name MBR Status
--------------------------------------------
465 GB \\.\PhysicalDrive0 Windows 2008 MBR code detected
SHA1: 8DF43F2BDE2D9451948FA14B5279969C777A7979

Done!

LadyFreaky · 06.09.2010, 19:37

was ich vergessen hab: wie lang dauert der scan im normal fall?

cosinus · 06.09.2010, 20:05

Zitat:

was ich vergessen hab: wie lang dauert der scan im normal fall?

Kann man so pauschal nicht beantworten. Und den Virenscanner kann man "abgedreht" lassen, denn Schädlinge fliegen nicht einfach so von allein auf dem PC. Ein Virenscanner ist nur ein Hilfsmittel mehr nicht, aber nicht die entscheidende Komponente, um einen Windows-PC sauber zu halten.

LadyFreaky · 06.09.2010, 20:36

sooo vollbracht

Combofix Logfile:

Code:

ATTFilter

ComboFix 10-09-06.01 - birgit 06.09.2010  20:59:40.1.3 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6001.1.1252.43.1031.18.3071.1215 [GMT 2:00]
ausgeführt von:: c:\users\birgit\Desktop\cofi.exe
SP: Windows-Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\programdata\aol.exe
c:\programdata\DivXInstaller.exe
c:\programdata\FFSetup230.exe
c:\programdata\flvplayer_setup.exe
c:\programdata\FreePDF4.02.EXE
c:\programdata\gs870w32.exe
c:\programdata\MoveMediaPlayer_071303000004.exe
c:\programdata\Pandora211Recovery.exe
c:\programdata\PDFBlenderSetup1.1.2.exe
c:\programdata\pro.exe
c:\programdata\setup.exe
c:\programdata\SoftonicDownloader50481.exe
c:\programdata\vdm328_free.exe
c:\programdata\wrar380d.exe

.
(((((((((((((((((((((((((((((((((((((((   Treiber/Dienste   )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_Boonty Games


(((((((((((((((((((((((   Dateien erstellt von 2010-08-06 bis 2010-09-06  ))))))))))))))))))))))))))))))
.

2010-09-06 19:13 . 2010-09-06 19:13	--------	d-----w-	c:\users\Default\AppData\Local\temp
2010-09-06 16:37 . 2010-09-06 16:37	--------	d-----w-	c:\program files\CCleaner
2010-09-05 19:19 . 2010-09-05 19:19	--------	d-----w-	C:\_OTL
2010-09-04 16:54 . 2010-09-04 16:54	--------	d-----w-	c:\users\birgit\AppData\Roaming\Malwarebytes
2010-09-04 16:53 . 2010-04-29 10:19	38224	----a-w-	c:\windows\system32\drivers\mbamswissarmy.sys
2010-09-04 16:53 . 2010-09-04 16:53	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2010-09-04 16:53 . 2010-09-04 16:53	--------	d-----w-	c:\programdata\Malwarebytes
2010-09-04 16:53 . 2010-04-29 10:19	20952	----a-w-	c:\windows\system32\drivers\mbam.sys
2010-09-02 20:49 . 2010-09-02 20:49	--------	d-----w-	c:\users\birgit\AppData\Roaming\TrojanHunter
2010-09-02 20:45 . 2010-09-04 14:40	--------	d-----w-	c:\program files\TrojanHunter 5.3
2010-08-29 12:12 . 2010-08-29 13:10	--------	d-----w-	c:\temp\dvd-out
2010-08-13 14:37 . 2010-05-27 19:16	81920	----a-w-	c:\windows\system32\iccvid.dll
2010-08-13 14:37 . 2010-06-11 15:31	274432	----a-w-	c:\windows\system32\schannel.dll
2010-08-13 14:37 . 2010-06-21 13:18	2036736	----a-w-	c:\windows\system32\win32k.sys
2010-08-13 14:37 . 2010-06-18 16:43	36352	----a-w-	c:\windows\system32\rtutils.dll
2010-08-13 14:37 . 2010-06-08 17:00	3598216	----a-w-	c:\windows\system32\ntkrnlpa.exe
2010-08-13 14:37 . 2010-06-08 17:00	3545992	----a-w-	c:\windows\system32\ntoskrnl.exe
2010-08-13 14:37 . 2010-06-11 15:30	1257472	----a-w-	c:\windows\system32\msxml3.dll
2010-08-13 14:37 . 2010-06-18 14:43	302080	----a-w-	c:\windows\system32\drivers\srv.sys
2010-08-13 14:37 . 2010-06-18 14:43	144896	----a-w-	c:\windows\system32\drivers\srv2.sys
2010-08-13 14:37 . 2010-06-16 15:59	898952	----a-w-	c:\windows\system32\drivers\tcpip.sys
2010-08-10 16:30 . 2010-08-10 16:52	--------	d-----w-	c:\programdata\VirtualFarm

.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-06 19:17 . 2008-05-14 18:00	--------	d-----w-	c:\programdata\Kaspersky Lab
2010-09-06 19:14 . 2010-02-18 15:45	12	----a-w-	c:\windows\bthservsdp.dat
2010-09-06 17:06 . 2006-11-02 15:33	628504	----a-w-	c:\windows\system32\perfh007.dat
2010-09-06 17:06 . 2006-11-02 15:33	126054	----a-w-	c:\windows\system32\perfc007.dat
2010-09-06 16:36 . 2010-09-06 16:36	3427248	----a-w-	c:\programdata\ccsetup235.exe
2010-09-06 16:36 . 2010-09-06 16:36	3427248	----a-w-	c:\programdata\ccsetup235.exe
2010-09-05 19:19 . 2010-04-17 13:53	--------	d-----w-	c:\program files\pdfforge Toolbar
2010-09-05 17:05 . 2009-04-09 17:08	--------	d-----w-	c:\program files\Common Files\DVDVideoSoft
2010-09-05 17:03 . 2008-10-28 17:38	--------	d-----w-	c:\programdata\GamesBar
2010-09-05 17:03 . 2008-06-18 17:42	--------	d-----w-	c:\program files\GamesBar
2010-09-05 16:55 . 2008-05-14 07:30	--------	d-----w-	c:\program files\Yahoo!
2010-09-04 16:52 . 2010-09-04 16:52	6153648	----a-w-	c:\programdata\mbam-setup.exe
2010-09-04 16:52 . 2010-09-04 16:52	6153648	----a-w-	c:\programdata\mbam-setup.exe
2010-09-02 20:44 . 2010-09-02 20:44	22489640	----a-w-	c:\programdata\TrojanHunter53Setup.exe
2010-09-02 20:44 . 2010-09-02 20:44	22489640	----a-w-	c:\programdata\TrojanHunter53Setup.exe
2010-08-28 07:54 . 2010-05-08 14:03	57344	----a-w-	c:\programdata\DivX\RunAsUser\RUNASUSERPROCESS.dll
2010-08-28 07:53 . 2010-08-28 07:53	56765	----a-w-	c:\programdata\DivX\DivXPlusShortcuts\Uninstaller.exe
2010-08-28 07:53 . 2010-05-08 14:01	--------	d-----w-	c:\programdata\DivX
2010-08-28 07:53 . 2008-11-01 12:32	--------	d-----w-	c:\program files\DivX
2010-08-28 07:53 . 2010-08-28 07:53	56997	----a-w-	c:\programdata\DivX\WebPlayer\Uninstaller.exe
2010-08-28 07:53 . 2010-08-28 07:53	53600	----a-w-	c:\programdata\DivX\Update\Uninstaller.exe
2010-08-28 07:53 . 2010-08-28 07:53	57691	----a-w-	c:\programdata\DivX\Player\Uninstaller.exe
2010-08-28 07:53 . 2010-08-28 07:53	84063	----a-w-	c:\programdata\DivX\TransferWizard\Uninstaller.exe
2010-08-28 07:53 . 2010-08-28 07:53	54153	----a-w-	c:\programdata\DivX\DFXPlugin\Uninstaller.exe
2010-08-28 07:52 . 2010-08-28 07:53	185640	----a-w-	c:\programdata\DivX\Setup\finishPlugin.dll
2010-08-28 07:52 . 2010-08-28 07:52	144696	----a-w-	c:\programdata\DivX\RunAsUser\RUNASUSERPROCESS.exe
2010-08-28 07:52 . 2010-05-08 14:02	1062184	----a-w-	c:\programdata\DivX\Setup\Resource.dll
2010-08-28 07:52 . 2010-05-08 14:02	850200	----a-w-	c:\programdata\DivX\Setup\DivXSetup.exe
2010-08-26 17:09 . 2009-04-09 16:48	--------	d-----w-	c:\users\birgit\AppData\Roaming\dvdcss
2010-08-25 15:09 . 2010-08-25 15:09	15376	----a-w-	c:\programdata\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\rollback\patch\AutoPatches\kav9exec\9.0.0.459\clldr.dll
2010-08-25 15:09 . 2010-08-25 15:09	15376	----a-w-	c:\programdata\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav9exec\9.0.0.459\clldr.dll
2010-08-24 15:13 . 2010-02-06 12:16	--------	d-----w-	c:\program files\ICQ7.0
2010-08-22 11:39 . 2010-07-25 11:08	--------	d-----w-	c:\users\birgit\AppData\Roaming\DVDVideoSoftIEHelpers
2010-08-22 11:38 . 2009-04-09 17:08	--------	d-----w-	c:\program files\DVDVideoSoft
2010-08-22 11:37 . 2010-08-22 11:37	18088968	----a-w-	c:\programdata\FreeYouTubeToMp3Converter.exe
2010-08-22 11:37 . 2010-08-22 11:37	18088968	----a-w-	c:\programdata\FreeYouTubeToMp3Converter.exe
2010-08-22 10:24 . 2008-05-15 18:04	--------	d-----w-	c:\users\birgit\AppData\Roaming\ICQ
2010-08-18 17:31 . 2010-08-18 17:31	170584	----a-w-	c:\programdata\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav9exec\9.0.0.459\prloader.dll
2010-08-18 17:31 . 2010-08-18 17:31	311680	----a-w-	c:\programdata\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav9exec\9.0.0.459\avp.exe
2010-08-15 17:24 . 2010-08-15 17:24	52224	----a-w-	c:\users\birgit\AppData\Roaming\Mozilla\Firefox\Profiles\wuaw9i8h.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\components\FFExternalAlert.dll
2010-08-15 17:24 . 2010-08-15 17:24	101376	----a-w-	c:\users\birgit\AppData\Roaming\Mozilla\Firefox\Profiles\wuaw9i8h.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\components\RadioWMPCore.dll
2010-08-14 08:03 . 2007-05-06 22:57	--------	d-----w-	c:\programdata\Microsoft Help
2010-08-14 08:02 . 2006-11-02 11:18	--------	d-----w-	c:\program files\Windows Mail
2010-08-10 16:30 . 2008-05-25 07:34	--------	d-----w-	c:\users\birgit\AppData\Roaming\Zylom
2010-08-09 16:55 . 2010-01-06 19:25	--------	d-----w-	c:\users\birgit\AppData\Roaming\NevoSoft Games
2010-08-07 07:52 . 2009-07-01 16:52	--------	d-----w-	c:\programdata\Skype
2010-08-07 07:50 . 2010-02-18 15:47	--------	d-----w-	c:\program files\Common Files\Nokia
2010-08-07 07:50 . 2010-02-18 15:40	--------	d-----w-	c:\program files\Nokia
2010-08-06 18:37 . 2010-08-06 18:37	11971973	----a-w-	c:\programdata\FreeVideoToMp3Converter40.exe
2010-08-06 18:37 . 2010-08-06 18:37	11971973	----a-w-	c:\programdata\FreeVideoToMp3Converter40.exe
2010-08-06 16:14 . 2009-12-20 18:09	--------	d-----w-	c:\program files\Messenger Plus! Live
2010-07-31 10:19 . 2010-05-05 15:49	97549	----a-w-	c:\windows\system32\drivers\klick.dat
2010-07-31 10:19 . 2010-05-05 15:49	113933	----a-w-	c:\windows\system32\drivers\klin.dat
2010-07-24 09:19 . 2010-01-29 19:15	--------	d-----w-	c:\users\birgit\AppData\Roaming\Nokia
2010-07-24 09:18 . 2010-07-24 09:18	--------	d-----w-	c:\programdata\Nokia
2010-07-24 09:11 . 2010-01-29 19:15	--------	d-----w-	c:\programdata\PC Suite
2010-07-24 09:11 . 2010-07-24 09:11	0	---ha-w-	c:\windows\system32\drivers\Msft_User_PCCSWpdDriver_01_09_00.Wdf
2010-07-24 09:02 . 2010-07-24 09:02	--------	d-----w-	c:\program files\PC Connectivity Solution
2010-07-24 08:53 . 2010-07-24 08:53	12212040	----a-w-	c:\programdata\NokiaInstallerCache\ProductCache\{D5878294-C113-43c5-A24F-FC333C52015A}\Installer\CommonCustomActions\WMFDist11-WindowsXP-X86-ENU.exe
2010-07-24 08:53 . 2010-07-24 08:53	13930312	----a-w-	c:\programdata\NokiaInstallerCache\ProductCache\{D5878294-C113-43c5-A24F-FC333C52015A}\Installer\CommonCustomActions\WMFDist11-WindowsXP-X64-ENU.exe
2010-07-24 08:53 . 2010-07-24 08:53	77824	----a-w-	c:\programdata\NokiaInstallerCache\ProductCache\{D5878294-C113-43c5-A24F-FC333C52015A}\Installer\CommonCustomActions\Run_XML6_SP1.exe
2010-07-24 08:53 . 2010-07-24 08:53	38912	----a-w-	c:\programdata\NokiaInstallerCache\ProductCache\{D5878294-C113-43c5-A24F-FC333C52015A}\Installer\CommonCustomActions\WMF11Runx86.exe
2010-07-24 08:53 . 2010-07-24 08:53	38912	----a-w-	c:\programdata\NokiaInstallerCache\ProductCache\{D5878294-C113-43c5-A24F-FC333C52015A}\Installer\CommonCustomActions\WMF11Runx64.exe
2010-07-24 08:53 . 2010-07-24 08:53	50000	----a-w-	c:\programdata\NokiaInstallerCache\ProductCache\{D5878294-C113-43c5-A24F-FC333C52015A}\Installer\CommonCustomActions\pcswpc.exe
2010-07-24 08:52 . 2010-07-24 08:52	--------	d-----w-	c:\programdata\NokiaInstallerCache
2010-07-24 08:49 . 2010-07-24 08:53	103412296	----a-w-	c:\programdata\NokiaInstallerCache\ProductCache\{D5878294-C113-43c5-A24F-FC333C52015A}\Installer.exe
2010-07-23 16:34 . 2010-01-29 19:15	--------	d-----w-	c:\users\birgit\AppData\Roaming\PC Suite
2010-07-13 15:41 . 2010-07-13 15:41	--------	d-----w-	c:\programdata\Kristanix Games
2010-07-13 15:32 . 2010-07-13 15:07	--------	d-----w-	c:\programdata\FarmFrenzy3_Arctica
2010-06-26 06:05 . 2010-08-13 14:38	916480	----a-w-	c:\windows\system32\wininet.dll
2010-06-26 06:02 . 2010-08-13 14:38	109056	----a-w-	c:\windows\system32\iesysprep.dll
2010-06-26 06:02 . 2010-08-13 14:38	71680	----a-w-	c:\windows\system32\iesetup.dll
2010-06-26 04:25 . 2010-08-13 14:38	133632	----a-w-	c:\windows\system32\ieUnatt.exe
2010-06-15 15:21 . 2010-06-15 15:21	129624	----a-w-	c:\programdata\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav9exec\9.0.0.459\mmpprtc.dll
2009-07-14 18:21 . 2009-07-14 18:20	347432	----a-w-	c:\program files\WINWORD.EXE
2010-05-05 15:51 . 2010-05-05 15:51	604140	--sha-w-	c:\windows\System32\drivers\ISwift3.dat
.

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{EEE6C35D-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll" [2010-03-18 187192]

[HKEY_CLASSES_ROOT\clsid\{eee6c35d-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"NokiaOviSuite2"="c:\program files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe" [2010-07-02 671608]
"Google Update"="c:\users\birgit\AppData\Local\Google\Update\GoogleUpdate.exe" [2010-08-06 136176]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NokiaMServer"="c:\program files\Common Files\Nokia\MPlatform\NokiaMServer" [X]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"RtHDVCpl"="RtHDVCpl.exe" [2007-07-06 4669440]
"eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2007-02-06 464168]
"Skytel"="Skytel.exe" [2007-06-15 1826816]
"PlayMovie"="c:\program files\Acer Arcade Live\Acer PlayMovie\PMVService.exe" [2007-07-13 178280]
"WarReg_PopUp"="c:\acer\WR_PopUp\WarReg_PopUp.exe" [2006-11-05 57344]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"Acer Tour Reminder"="c:\acer\AcerTour\Reminder.exe" [2007-02-15 151552]
"PicPick Start"="c:\screenshoots\Picpick\picpick.exe" [2009-04-14 914432]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-06-05 292136]
"FreePDF Assistant"="c:\program files\FreePDF_XP\fpassist.exe" [2009-09-05 385024]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"PrintArtist"="c:\program files\Avanquest\Print Artist Platinum\ReminderApp.exe" [2009-07-02 144664]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-03-08 202256]
"SearchSettings"="c:\program files\pdfforge Toolbar\SearchSettings.exe" [2010-01-07 974848]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe" [2010-08-18 311680]
"SweetIM"="c:\program files\SweetIM\Messenger\SweetIM.exe" [2010-04-19 106496]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-08-20 1164584]
" Malwarebytes Anti-Malware  (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-04-29 1090952]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Acer Tour Reminder"="c:\acer\AcerTour\Reminder.exe" [2007-02-15 151552]

c:\users\birgit\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Empowering Technology Launcher.lnk - c:\acer\Empowering Technology\eAPLauncher.exe [2007-5-7 528384]
PCM Media Sharing.lnk - c:\program files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe [2007-5-7 200812]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\KASPER~1\KASPER~2\mzvkbd3.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2008-12-15 33808]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [2009-05-15 21008]
S2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796};c:\program files\Acer Arcade Live\Acer PlayMovie\000.fcl [2007-08-31 39408]
S2 Acer HomeMedia Connect Service;Acer HomeMedia Connect Service;c:\program files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe [2007-04-04 266343]
S2 Application Updater;Application Updater;c:\program files\Application Updater\ApplicationUpdater.exe [2010-01-07 380928]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys [2009-05-16 19472]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper	REG_MULTI_SZ   	getPlusHelper
bthsvcs	REG_MULTI_SZ   	BthServ
.
Inhalt des "geplante Tasks" Ordners

2010-09-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-99989120-414168423-3571821316-1000Core.job
- c:\users\birgit\AppData\Local\Google\Update\GoogleUpdate.exe [2010-08-06 18:03]

2010-09-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-99989120-414168423-3571821316-1000UA.job
- c:\users\birgit\AppData\Local\Google\Update\GoogleUpdate.exe [2010-08-06 18:03]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://start.icq.com/
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mStart Page = hxxp://de.intl.acer.yahoo.com
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://de.rd.yahoo.com/customize/ycomp/defaults/su/*hxxp://de.yahoo.com
IE: Free YouTube Download - c:\users\birgit\AppData\Roaming\DVDVideoSoftIEHelpers\youtubedownload.htm
IE: Free YouTube to Mp3 Converter - c:\users\birgit\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm
IE: Hinzufügen zu Anti-Banner - c:\program files\Kaspersky Lab\Kaspersky Internet Security 2010\ie_banner_deny.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Save YouTube Video - c:\program files\Common Files\DVDVideoSoft\Dll\IEContextMenuY.dll/scriptY2MP4.htm
FF - ProfilePath - c:\users\birgit\AppData\Roaming\Mozilla\Firefox\Profiles\wuaw9i8h.default\
FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampie7&query=
FF - prefs.js: browser.search.selectedEngine - LEO Eng-Deu
FF - prefs.js: browser.startup.homepage - chello.at
FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampab&query=
FF - component: c:\program files\Common Files\DVDVideoSoft\Dll\FFContextMenuY\components\FFContextMenu.dll
FF - component: c:\program files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru\components\KavLinkFilter.dll
FF - component: c:\program files\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\components\FirefoxExtension.dll
FF - component: c:\program files\pdfforge Toolbar\FF\components\pdfforgeToolbarFF.dll
FF - component: c:\program files\pdfforge Toolbar\SSFF\components\SearchSettingsFF.dll
FF - component: c:\programdata\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\components\nprpffbrowserrecordext.dll
FF - component: c:\users\birgit\AppData\Roaming\Mozilla\Firefox\Profiles\wuaw9i8h.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}\components\WinampTBPlayer.dll
FF - component: c:\users\birgit\AppData\Roaming\Mozilla\Firefox\Profiles\wuaw9i8h.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\components\FFExternalAlert.dll
FF - component: c:\users\birgit\AppData\Roaming\Mozilla\Firefox\Profiles\wuaw9i8h.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\components\RadioWMPCore.dll
FF - component: c:\users\birgit\AppData\Roaming\Mozilla\Firefox\Profiles\wuaw9i8h.default\extensions\{9b339f6e-ddcd-401b-8764-230adbd01761}\components\FFExternalAlert.dll
FF - component: c:\users\birgit\AppData\Roaming\Mozilla\Firefox\Profiles\wuaw9i8h.default\extensions\{9b339f6e-ddcd-401b-8764-230adbd01761}\components\RadioWMPCore.dll
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: c:\users\birgit\AppData\Local\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\users\birgit\AppData\Roaming\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX Richtlinien ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true); 
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); 
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -

BHO-{ee1babcf-cbe2-4c07-8e18-dfe6fc08c30a}  - (no file)
HKCU-Run-ICQ - ~c:\program files\ICQ7.0\ICQ.exe
HKLM-Run-eRecoveryService - (no file)
SafeBoot-WudfPf
SafeBoot-WudfRd
AddRemove-{F37167DD-4436-4641-90B6-329D60632DDA} - c:\program files\InstallShield Installation Information\{F37167DD-4436-4641-90B6-329D60632DDA}\Setup.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2010-09-06 21:17
Windows 6.0.6001 Service Pack 1 NTFS

Scanne versteckte Prozesse... 

Scanne versteckte Autostarteinträge... 

Scanne versteckte Dateien... 

Scan erfolgreich abgeschlossen
versteckte Dateien: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{49DE1C67-83F8-4102-99E0-C16DCC7EEC796}]
"ImagePath"="\??\c:\program files\Acer Arcade Live\Acer PlayMovie\000.fcl"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------

[HKEY_USERS\S-1-5-21-99989120-414168423-3571821316-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:71,4c,3b,bf,56,80,50,02,79,f6,c1,d9,17,8a,65,0e,a8,b9,e0,d2,61,be,1b,
   bb,62,18,3c,a3,4c,8c,68,c5,c6,e7,3d,b0,59,81,f3,d3,ed,cb,e6,c7,cb,65,b6,33,\
"??"=hex:14,b9,de,e2,71,1e,77,00,99,62,bc,41,e8,7c,95,79

[HKEY_USERS\S-1-5-21-99989120-414168423-3571821316-1000\Software\SecuROM\License information*]
@Allowed: (Read) (RestrictedCode)
"datasecu"=hex:10,bc,2e,6b,8a,60,59,bb,af,c9,a8,85,a6,33,30,74,b5,97,c1,d7,2b,
   cc,cd,36,ba,00,25,86,ed,99,5b,94,30,4f,94,f6,5d,cb,58,fd,b8,cc,23,72,9e,de,\
"rkeysecu"=hex:b6,8a,44,25,46,c4,1b,56,d2,08,da,b3,29,f6,76,ef

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------

- - - - - - - > 'Explorer.exe'(5596)
c:\windows\system32\MsnChatHook.dll
c:\windows\system32\ShowErrMsg.dll
c:\windows\system32\sysenv.dll
c:\windows\system32\BatchCrypto.dll
c:\windows\system32\CryptoAPI.dll
c:\windows\system32\keyManager.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\acer\Empowering Technology\ePerformance\MemCheck.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\acer\Empowering Technology\eDataSecurity\eDSService.exe
c:\program files\CDBurnerXP\NMSAccessU.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\acer\Empowering Technology\eRecovery\eRecoveryService.exe
c:\windows\system32\WUDFHost.exe
c:\windows\RtHDVCpl.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
c:\program files\Common Files\Nokia\MPlatform\NokiaMServer.exe
c:\windows\ehome\ehmsas.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
c:\acer\Empowering Technology\eRecovery\ERAGENT.EXE
c:\users\birgit\AppData\Local\Google\Update\1.2.183.29\GoogleCrashHandler.exe
c:\program files\PC Connectivity Solution\ServiceLayer.exe
c:\program files\PC Connectivity Solution\Transports\NclUSBSrv.exe
c:\program files\PC Connectivity Solution\Transports\NclRSSrv.exe
c:\program files\PC Connectivity Solution\Transports\NclMSBTSrv.exe
c:\program files\Common Files\Nokia\NoA\nokiaaserver.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2010-09-06  21:26:48 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2010-09-06 19:26

Vor Suchlauf: 27 Verzeichnis(se), 129.272.082.432 Bytes frei
Nach Suchlauf: 32 Verzeichnis(se), 128.939.151.360 Bytes frei

- - End Of File - - B4CC859B5A2951D22968EF090C0D95C5

--- --- ---

nur hab ich jetzt geschafft dass ich in keinen meiner browser mehr am pc rein komm ... irgendwas mit registrierungsschlüssel ...

cosinus · 06.09.2010, 20:41

Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus

Anschließend den bootkit_remover herunterladen. Entpacke das Tool in einen eigenen Ordner auf dem Desktop und führe in diesem Ordner die Datei remove.exe aus.

Wenn Du Windows Vista oder Windows 7 verwendest, musst Du die remover.exe über ein Rechtsklick => als Administrator ausführen

Ein schwarzes Fenster wird sich öffnen und automatisch nach bösartigen Veränderungen im MBR suchen.
Poste dann bitte, ob es Veränderungen gibt und wenn ja in welchem device. Am besten alles posten was die remover.exe ausgibt.

LadyFreaky · 06.09.2010, 20:46

dazu müsst ich erstmal einen meiner browser öffnen können

ka was ich da verbockt hab aber es kommt:

Es wurde versucht ... einen registrierungsschlüssel einem unzuverlässigen Vorgang zu unterziehen, der zum löschen markiert wurde

kommt bei IE, firefox und chrome

cosinus · 06.09.2010, 20:52

Versuch es im abgesicherten Modus oder mit einem anderen Benutzerkonto, zB einem dass Du neu über die Systemsteuerung erstellst...

LadyFreaky · 06.09.2010, 21:01

ich habs geschafft dass ich auch nicht mehr in die systemsteuerung komm mit der gleichen meldung ... oh shit was ha ich da bitte vermasselt bei cccleaner

irgendwie geht gar nxi mehr wollt mir jetzt durch stick opera holen aber wenn ich öffne kommt auch das mit dem schlüssel

cosinus · 06.09.2010, 21:17

Abgesicherter Modus??

LadyFreaky · 06.09.2010, 21:23

und was mach ich dort dann?!

cosinus · 06.09.2010, 21:40

Waswohl, Du sollst es dort probieren!

LadyFreaky · 06.09.2010, 22:18

so hier erstmal das von osram

OSAM Logfile:

Code:

ATTFilter

Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 23:16:31 on 06.09.2010

OS: Windows Vista Home Premium Edition Service Pack 1 (Build 6001), 32-bit
Default Browser: Microsoft Corporation Internet Explorer 8.00.6001.18702

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[AppInit DLLs]
-----( HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows )-----
"AppInit_DLLs" - "Kaspersky Lab" - C:\PROGRA~1\KASPER~1\KASPER~2\mzvkbd3.dll

[Common]
-----( %SystemRoot%\Tasks )-----
"GoogleUpdateTaskUserS-1-5-21-99989120-414168423-3571821316-1000Core.job" - "Google Inc." - C:\Users\birgit\AppData\Local\Google\Update\GoogleUpdate.exe
"GoogleUpdateTaskUserS-1-5-21-99989120-414168423-3571821316-1000UA.job" - "Google Inc." - C:\Users\birgit\AppData\Local\Google\Update\GoogleUpdate.exe

[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"DivXControlPanelApplet.cpl" - "DivX, Inc." - C:\Windows\system32\DivXControlPanelApplet.cpl
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"QuickTime" - "Apple Inc." - C:\Program Files\QuickTime\QTSystem\QuickTime.cpl

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"adfs" (adfs) - ? - C:\Windows\system32\drivers\adfs.sys  (File not found)
"catchme" (catchme) - ? - C:\cofi\catchme.sys  (File not found)
"FssFltr" (fssfltr) - "Microsoft Corporation" - C:\Windows\System32\DRIVERS\fssfltr.sys
"int15" (int15) - ? - C:\Acer\Empowering Technology\eRecovery\int15.sys  (File found, but it contains no detailed information)
"IP in IP Tunnel Driver" (IpInIp) - ? - C:\Windows\System32\DRIVERS\ipinip.sys  (File not found)
"IPX Traffic Filter Driver" (NwlnkFlt) - ? - C:\Windows\System32\DRIVERS\nwlnkflt.sys  (File not found)
"IPX Traffic Forwarder Driver" (NwlnkFwd) - ? - C:\Windows\System32\DRIVERS\nwlnkfwd.sys  (File not found)
"Kaspersky Lab Driver" (KLIF) - "Kaspersky Lab" - C:\Windows\System32\DRIVERS\klif.sys
"kl1" (kl1) - "Kaspersky Lab" - C:\Windows\System32\DRIVERS\kl1.sys
"LGE Mobile Composite USB Device" (usbbus) - ? - C:\Windows\System32\DRIVERS\lgusbbus.sys  (File not found)
"LGE Mobile USB Modem" (USBModem) - ? - C:\Windows\System32\DRIVERS\lgusbmodem.sys  (File not found)
"LGE Mobile USB Serial Port" (UsbDiag) - ? - C:\Windows\System32\DRIVERS\lgusbdiag.sys  (File not found)
"PSDFilter" (PSDFilter) - "HiTRUST" - C:\Windows\System32\DRIVERS\psdfilter.sys
"PSDNSERVER" (PSDNServ) - "HiTRUST" - C:\Windows\System32\drivers\PSDNServ.sys
"psdvdisk" (psdvdisk) - "HiTRUST" - C:\Windows\System32\drivers\psdvdisk.sys
"truecrypt" (truecrypt) - "TrueCrypt Foundation" - C:\Windows\System32\drivers\truecrypt.sys
"Upper Class Filter Driver" (NTIDrvr) - "NewTech Infosystems, Inc." - C:\Windows\System32\DRIVERS\NTIDrvr.sys
"{49DE1C67-83F8-4102-99E0-C16DCC7EEC796}" ({49DE1C67-83F8-4102-99E0-C16DCC7EEC796}) - "Cyberlink Corp." - C:\Program Files\Acer Arcade Live\Acer PlayMovie\000.fcl

[Explorer]
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
-----( HKLM\Software\Classes\Protocols\Filter )-----
{807563E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
-----( HKLM\Software\Classes\Protocols\Handler )-----
{314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
{828030A1-22C1-4009-854F-8E305202313F} "livecall" - "Microsoft Corporation" - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
{0A9007C0-4076-11D3-8789-0000F8105754} "Microsoft Infotech Storage Protocol for IE 4.0" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll
{828030A1-22C1-4009-854F-8E305202313F} "msnim" - "Microsoft Corporation" - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
{03C514A3-1EFB-4856-9F99-10D7BE1653C0} "Windows Live Mail HTML Asynchronous Pluggable Protocol Handler" - "Microsoft Corporation" - C:\Program Files\Windows Live\Mail\mailcomm.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )-----
{AEB6717E-7E19-11d0-97EE-00C04FD91972} "{AEB6717E-7E19-11d0-97EE-00C04FD91972}" - ? -   (File not found | COM-object registry key not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{911051fa-c21c-4246-b470-070cd8df6dc4} ".cab or .zip files" - ? -   (File not found | COM-object registry key not found)
{1b24a030-9b20-49bc-97ac-1be4426f9e59} "ActiveDirectory Folder" - ? -   (File not found | COM-object registry key not found)
{34449847-FD14-4fc8-A75A-7432F5181EFB} "ActiveDirectory Folder" - ? -   (File not found | COM-object registry key not found)
{0563DB41-F538-4B37-A92D-4659049B7766} "CLSID_WLMCMimeFilter" - "Microsoft Corporation" - C:\Program Files\Windows Live\Mail\mailcomm.dll
{0F8604A5-4ECE-4DE1-BA7D-CF10F8AA4F48} "Contacts folder" - ? -   (File not found | COM-object registry key not found)
{2C2577C2-63A7-40e3-9B7F-586602617ECB} "Explorer Query Band" - ? -   (File not found | COM-object registry key not found)
{FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} "IE User Assist" - ? -   (File not found | COM-object registry key not found)
{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} "iTunes" - "Apple Inc." - C:\Program Files\iTunes\iTunesMiniPlayer.dll
{8D1636FD-CA49-4B4E-90E4-0A20E03A15E8} "JetFlExt Class" - "JetAudio" - C:\Program Files\JetAudio\JetFlExt.dll
{00020d75-0000-0000-c000-000000000046} "lnkfile" - ? -   (File not found | COM-object registry key not found)
{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\msohevi.dll
{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C} "Microsoft Office OneNote Namespace Extension for Windows Desktop Search" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\ONFILTER.DLL
{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} "RealOne Player Context Menu Class" - "RealNetworks, Inc." - c:\program files\real\realplayer\rpshell.dll
{C8494E42-ACDD-4739-B0FB-217361E4894F} "Sam Account Folder" - ? -   (File not found | COM-object registry key not found)
{E29F9716-5C08-4FCD-955A-119FDB5A522D} "Sam Account Folder" - ? -   (File not found | COM-object registry key not found)
{5E2121EE-0300-11D4-8D3B-444553540000} "SimpleShlExt Class" - ? - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\atiacmxx.dll
{BD88A479-9623-4897-8546-BC62B9628F44} "SPTHandler" - ? -   (File not found | COM-object registry key not found)
{2BE99FD4-A181-4996-BFA9-58C5FFD11F6C} "Windows Live Photo Gallery Autoplay Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe
{00F30F64-AC33-42F5-8FD1-5DC2D3FDE06C} "Windows Live Photo Gallery Editor Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe
{00F3712A-CA79-45B4-9E4D-D7891E7F8B9D} "Windows Live Photo Gallery Editor Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll
{00F30F90-3E96-453B-AFCD-D71989ECC2C7} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll
{00F33137-EE26-412F-8D71-F84E4C2C6625} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll
{00F374B7-B390-4884-B372-2FC349F2172B} "Windows Live Photo Gallery Viewer Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe
{00F346CB-35A4-465B-8B8F-65A29DBAB1F6} "Windows Live Photo Gallery Viewer Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll
{da67b8ad-e81b-4c70-9b91b417b5e33527} "Windows Search Shell Service" - ? -   (File not found | COM-object registry key not found)
{B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - ? - C:\Program Files\WinRAR\rarext.dll
{06A2568A-CED6-4187-BB20-400B8C02BE5A} "{06A2568A-CED6-4187-BB20-400B8C02BE5A}" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoAcquireWizard.exe

[Internet Explorer]
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
<binary data> "&Windows Live Toolbar" - "Microsoft Corporation" - C:\Program Files\Windows Live\Toolbar\wltcore.dll
<binary data> "Acer eDataSecurity Management" - "HiTRUST" - C:\Windows\system32\eDStoolbar.dll
ITBar7Height "ITBar7Height" - ? -   (File not found | COM-object registry key not found)
<binary data> "ITBar7Layout" - ? -   (File not found | COM-object registry key not found)
<binary data> "ITBarLayout" - ? -   (File not found | COM-object registry key not found)
-----( HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks )-----
{EEE6C35D-6118-11DC-9C72-001320C79847} "SweetIM ToolbarURLSearchHook Class" - "SweetIM Technologies Ltd." - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll
{EF99BD32-C1FB-11D2-892F-0090271D4F88} "Yahoo! Toolbar mit Pop-Up-Blocker" - ? -   (File not found | COM-object registry key not found)
{E312764E-7706-43F1-8DAB-FCDD2B1E416D} "{E312764E-7706-43F1-8DAB-FCDD2B1E416D}" - ? -   (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} "a-squared Scanner" - "Emsi Software GmbH" - C:\Windows\DOWNLO~1\asquared.ocx / hxxp://ax.emsisoft.com/asquared.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_20" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_20.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
{8FFBE65D-2C9C-4669-84BD-5829DC0B603C} "{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}" - ? -   (File not found | COM-object registry key not found) / hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
{E2883E8F-472F-4FB0-9522-AC9BF37916A7} "{E2883E8F-472F-4FB0-9522-AC9BF37916A7}" - ? -   (File not found | COM-object registry key not found) / hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
{4248FE82-7FCB-46AC-B270-339F08212110} "&Virtuelle Tastatur" - "Kaspersky Lab" - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
{48E73304-E1D6-4330-914C-F5F514E3486C} "An OneNote senden" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
"ICQ7" - "ICQ, LLC." - C:\Program Files\ICQ7.0\ICQ.exe
{5F7B1267-94A9-47F5-98DB-E99415F33AEC} "In Blog veröffentlichen" - "Microsoft Corporation" - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
{CCF151D8-D089-449F-A5A4-D9909053F20F} "Li&nks untersuchen" - "Kaspersky Lab" - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
{FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Research" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )-----
<binary data> "&Windows Live Toolbar" - "Microsoft Corporation" - C:\Program Files\Windows Live\Toolbar\wltcore.dll
<binary data> "Acer eDataSecurity Management" - "HiTRUST" - C:\Windows\system32\eDStoolbar.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
{E33CF602-D945-461A-83F0-819F76A199F8} "FilterBHO Class" - "Kaspersky Lab" - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
{59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} "IEVkbdBHO Class" - "Kaspersky Lab" - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\ievkbd.dll
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2ssv.dll
{3049C3E9-B461-4BC5-8870-4C09146192CA} "RealPlayer Download and Record Plugin for Internet Explorer" - "RealPlayer" - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
{6EBF7485-159F-4bff-A14F-B9E3AAC4465B} "Search Helper" - "Microsoft Corporation" - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
{83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} "ShowBarObj Class" - "HiTRUST" - C:\Windows\system32\ActiveToolBand.dll
{9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live Anmelde-Hilfsprogramm" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} "Windows Live Toolbar Helper" - "Microsoft Corporation" - C:\Program Files\Windows Live\Toolbar\wltcore.dll

[Logon]
-----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE  (Shortcut exists | File exists)
"desktop.ini" - ? - C:\Users\birgit\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
"Empowering Technology Launcher.lnk" - "Acer Inc." - C:\Acer\Empowering Technology\eAPLauncher.exe  (Shortcut exists | File exists)
"PCM Media Sharing.lnk" - ? - C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe  (Shortcut exists | File found, but it contains no detailed information | File exists)
-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----
"Google Update" - "Google Inc." - "C:\Users\birgit\AppData\Local\Google\Update\GoogleUpdate.exe" /c
"NokiaOviSuite2" - "Nokia" - C:\Program Files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe -tray
-----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )-----
"StartupPrograms" - ? - rdpclip  (File not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"Acer Tour Reminder" - "Acer Inc." - C:\Acer\AcerTour\Reminder.exe
"Adobe ARM" - "Adobe Systems Incorporated" - "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"Adobe Reader Speed Launcher" - "Adobe Systems Incorporated" - "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"AVP" - "Kaspersky Lab" - "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe"
"DivXUpdate" - ? - "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
"eDataSecurity Loader" - "HiTRUST" - C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
"FreePDF Assistant" - "shbox.de" - C:\Program Files\FreePDF_XP\fpassist.exe
"iTunesHelper" - "Apple Inc." - "C:\Program Files\iTunes\iTunesHelper.exe"
" Malwarebytes Anti-Malware  (reboot)" - "Malwarebytes Corporation" - "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
"NokiaMServer" - "Nokia" - C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles startup
"PicPick Start" - ? - C:\Screenshoots\Picpick\picpick.exe  (File found, but it contains no detailed information)
"PlayMovie" - "CyberLink Corp." - "C:\Program Files\Acer Arcade Live\Acer PlayMovie\PMVService.exe"
"PrintArtist" - ? - "C:\Program Files\Avanquest\Print Artist Platinum\ReminderApp.exe" PrintArtist
"QuickTime Task" - "Apple Inc." - "C:\Program Files\QuickTime\QTTask.exe" -atboottime
"SearchSettings" - "Spigot, Inc." - C:\Program Files\pdfforge Toolbar\SearchSettings.exe
"StartCCC" - ? - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe  (File found, but it contains no detailed information)
"SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
"SweetIM" - "SweetIM Technologies Ltd." - C:\Program Files\SweetIM\Messenger\SweetIM.exe
"TkBellExe" - "RealNetworks, Inc." - "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
"WarReg_PopUp" - "Acer Inc." - C:\Acer\WR_PopUp\WarReg_PopUp.exe

[Print Monitors]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----
"PDFCreator" - ? - C:\Windows\system32\pdfcmnnt.dll  (File found, but it contains no detailed information)
"Redirected Port" - ? - C:\Windows\system32\redmonnt.dll  (File found, but it contains no detailed information)
"Send To Microsoft OneNote Monitor" - "Microsoft Corporation" - C:\Windows\system32\msonpmon.dll

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"@C:\Program Files\NOS\bin\getPlus_Helper.dll,-101" (getPlusHelper) - "NOS Microsystems Ltd." - C:\Program Files\NOS\bin\getPlus_Helper.dll
"@C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100" (WPFFontCache_v0400) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
"Acer HomeMedia Connect Service" (Acer HomeMedia Connect Service) - "CyberLink" - C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe
"Apple Mobile Device" (Apple Mobile Device) - "Apple Inc." - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
"Application Updater" (Application Updater) - "Spigot, Inc." - C:\Program Files\Application Updater\ApplicationUpdater.exe
"Bonjour-Dienst" (Bonjour Service) - "Apple Inc." - C:\Program Files\Bonjour\mDNSResponder.exe
"Cyberlink RichVideo Service(CRVS)" (RichVideo) - ? - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
"eDSService.exe" (eDataSecurity Service) - "HiTRSUT" - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
"ePerformance Service" (AcerMemUsageCheckService) - ? - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
"eRecovery Service" (eRecoveryService) - "Acer Inc." - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
"InstallDriver Table Manager" (IDriverT) - "Macrovision Corporation" - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
"iPod-Dienst" (iPod Service) - "Apple Inc." - C:\Program Files\iPod\bin\iPodService.exe
"Kaspersky Internet Security" (AVP) - "Kaspersky Lab" - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
"Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
"Microsoft Office Diagnostics Service" (odserv) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
"NMSAccessU" (NMSAccessU) - ? - C:\Program Files\CDBurnerXP\NMSAccessU.exe  (File found, but it contains no detailed information)
"Office Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
"SeaPort" (SeaPort) - "Microsoft Corporation" - C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
"ServiceLayer" (ServiceLayer) - "Nokia" - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
"Symantec Lic NetConnect service" (CLTNetCnService) - ? - "c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon  (File not found)
"Windows Live Family Safety-Dienst" (fsssvc) - "Microsoft Corporation" - C:\Program Files\Windows Live\Family Safety\fsssvc.exe

[Winlogon]
-----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify )-----
"klogon" - "Kaspersky Lab" - C:\Windows\system32\klogon.dll

[Winsock Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )-----
"mdnsNSP" - "Apple Inc." - C:\Program Files\Bonjour\mdnsNSP.dll

===[ Logfile end ]=========================================[ Logfile end ]===

--- --- ---

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru

06.09.2010, 19:32	#2
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Trojaner_Clicker in sims 2 die Haustiere Poste doch erstmal das Log Und Deine Fragen sind nicht nachvollziehbar, es sei denn Du verwechselst ein Forum mit einem Chat __________________ __________________

06.09.2010, 20:52	#10
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Trojaner_Clicker in sims 2 die Haustiere Versuch es im abgesicherten Modus oder mit einem anderen Benutzerkonto, zB einem dass Du neu über die Systemsteuerung erstellst... __________________ Logfiles bitte immer in CODE-Tags posten

06.09.2010, 21:17	#12
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Trojaner_Clicker in sims 2 die Haustiere Abgesicherter Modus?? __________________ Logfiles bitte immer in CODE-Tags posten

06.09.2010, 21:40	#14
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Trojaner_Clicker in sims 2 die Haustiere Waswohl, Du sollst es dort probieren! __________________ Logfiles bitte immer in CODE-Tags posten

Trojaner_Clicker in sims 2 die Haustiere

Plagegeister aller Art und deren Bekämpfung: Trojaner_Clicker in sims 2 die Haustiere