Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Unbekannte Meldung

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 05.09.2010, 20:00   #1
obelix98
 
Unbekannte Meldung - Standard

Unbekannte Meldung



Hi zusammen !

Bekomme nach dem Starten von Windows 7 folgende Meldung auf dem Desktop:

Probleme beim Starten von winfir32.rom. Das angegebene Modul wurde nicht gefunden.

Kennt jemand diese Meldung und was kann ich dagegen unternehmen?

Danke im Voraus

Alt 05.09.2010, 21:44   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Unbekannte Meldung - Standard

Unbekannte Meldung



Hallo und

Eine Bereinigung ist mitunter mit viel Arbeit für Dich verbunden.
  • Bitte arbeite alle Schritte der Reihe nach ab.
  • Lies die Anleitungen sorgfältig. Sollte es Probleme geben, bitte stoppen und hier so gut es geht beschreiben.
  • Nur Scanns durchführen zu denen Du von einem Helfer aufgefordert wirst.
  • Bitte kein Crossposting ( posten in mehreren Foren).
  • Installiere oder Deinstalliere während der Bereinigung keine Software ausser Du wurdest dazu aufgefordert.
  • Lese Dir die Anleitung zuerst vollständig durch. Sollte etwas unklar sein, frage bevor Du beginnst.
  • Poste die Logfiles direkt in deinen Thread. Nicht anhängen ausser ich fordere Dich dazu auf. Erschwert mir nämlich das auswerten.

Hinweis: Ich kann Dir niemals eine Garantie geben, dass ich auch alles finde. Eine Formatierung ist meist der Schnellere und immer der sicherste Weg.
Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis dir jemand vom Team sagt, dass Du clean bist.

Vista und Win7 User
Alle Tools mit Rechtsklick "als Administrator ausführen" starten.



Bitte routinemäßig einen Vollscan mit Malwarebytes machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Danach OTL:

Systemscan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles hier in den Thread.
__________________

__________________

Alt 06.09.2010, 19:13   #3
obelix98
 
Unbekannte Meldung - Standard

Unbekannte Meldung



Hier die Postes:

1. OTL.txtOTL Logfile:
Code:
ATTFilter
OTL logfile created on: 06.09.2010 20:00:34 - Run 1
OTL by OldTimer - Version 3.2.11.0     Folder = C:\Users\Peter Wichtel\Downloads
 An unknown product  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 73,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 82,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 249,60 Gb Total Space | 167,93 Gb Free Space | 67,28% Space Free | Partition Type: NTFS
Drive D: | 449,04 Gb Total Space | 400,96 Gb Free Space | 89,29% Space Free | Partition Type: NTFS
Drive E: | 666,67 Gb Total Space | 633,28 Gb Free Space | 94,99% Space Free | Partition Type: NTFS
Drive F: | 264,84 Gb Total Space | 230,99 Gb Free Space | 87,22% Space Free | Partition Type: NTFS
Drive G: | 931,28 Gb Total Space | 673,38 Gb Free Space | 72,31% Space Free | Partition Type: FAT32
H: Drive not present or media not loaded
Drive I: | 2,83 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
 
Computer Name: BENGELCHEN-1
Current User Name: Peter Wichtel
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Peter Wichtel\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
PRC - D:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Windows\System32\atieclxx.exe (AMD)
PRC - C:\Windows\System32\atiesrxx.exe (AMD)
PRC - D:\Program Files\Winamp\winampa.exe (Nullsoft, Inc.)
PRC - D:\Avira\AntiVir Desktop\avwebgrd.exe (Avira GmbH)
PRC - D:\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - D:\Avira\AntiVir Desktop\avmailc.exe (Avira GmbH)
PRC - C:\Programme\Nero\Update\NASvc.exe (Nero AG)
PRC - C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
PRC - D:\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - D:\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - D:\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH)
PRC - C:\Programme\Application Updater\ApplicationUpdater.exe (Spigot, Inc.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - D:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe (TuneUp Software)
PRC - D:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe (TuneUp Software)
PRC - C:\Programme\Logitech\Logitech WebCam Software\LWS.exe ()
PRC - C:\Programme\Common Files\logishrd\LQCVFX\COCIManager.exe ()
PRC - C:\Programme\Common Files\logishrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - c:\Programme\Windows Defender\MpCmdRun.exe (Microsoft Corporation)
PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation)
PRC - C:\Programme\Cyberlink\Shared Files\brs.exe (cyberlink)
PRC - D:\Program Files\CyberLink\PowerDVD9\PowerDVD9\PDVD9Serv.exe (CyberLink Corp.)
PRC - D:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
PRC - C:\Programme\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe (Pinnacle Systems GmbH)
PRC - C:\Programme\Common Files\microsoft shared\VS7DEBUG\mdm.exe (Microsoft Corporation)
PRC - C:\Programme\Adobe\Acrobat 8.0\Acrobat\acrotray.exe (Adobe Systems Inc.)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\Peter Wichtel\Downloads\OTL.exe (OldTimer Tools)
MOD - C:\Windows\System32\sspicli.dll (Microsoft Corporation)
MOD - C:\Windows\System32\sechost.dll (Microsoft Corporation)
MOD - C:\Windows\System32\samcli.dll (Microsoft Corporation)
MOD - C:\Windows\System32\profapi.dll (Microsoft Corporation)
MOD - C:\Windows\System32\netutils.dll (Microsoft Corporation)
MOD - C:\Windows\System32\KernelBase.dll (Microsoft Corporation)
MOD - C:\Windows\System32\dwmapi.dll (Microsoft Corporation)
MOD - C:\Windows\System32\devobj.dll (Microsoft Corporation)
MOD - C:\Windows\System32\cryptbase.dll (Microsoft Corporation)
MOD - C:\Windows\System32\cfgmgr32.dll (Microsoft Corporation)
MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (TuneUp.Defrag) -- D:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe (TuneUp Software)
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (AMD External Events Utility) -- C:\Windows\System32\atiesrxx.exe (AMD)
SRV - (AntiVirWebService) -- D:\Avira\AntiVir Desktop\AVWEBGRD.EXE (Avira GmbH)
SRV - (AntiVirService) -- D:\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirMailService) -- D:\Avira\AntiVir Desktop\avmailc.exe (Avira GmbH)
SRV - (NAUpdate) -- C:\Program Files\Nero\Update\NASvc.exe (Nero AG)
SRV - (ACDaemon) -- C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
SRV - (AntiVirSchedulerService) -- D:\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (Application Updater) -- C:\Program Files\Application Updater\ApplicationUpdater.exe (Spigot, Inc.)
SRV - (TuneUp.UtilitiesSvc) -- D:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe (TuneUp Software)
SRV - (UxTuneUp) -- C:\Windows\System32\uxtuneup.dll (TuneUp Software)
SRV - (LVPrcSrv) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
SRV - (WwanSvc) -- C:\Windows\System32\wwansvc.dll (Microsoft Corporation)
SRV - (WbioSrvc) -- C:\Windows\System32\wbiosrvc.dll (Microsoft Corporation)
SRV - (Power) -- C:\Windows\System32\umpo.dll (Microsoft Corporation)
SRV - (Themes) -- C:\Windows\System32\themeservice.dll (Microsoft Corporation)
SRV - (sppuinotify) -- C:\Windows\System32\sppuinotify.dll (Microsoft Corporation)
SRV - (StorSvc) -- C:\Windows\System32\StorSvc.dll (Microsoft Corporation)
SRV - (RpcEptMapper) -- C:\Windows\System32\RpcEpMap.dll (Microsoft Corporation)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)
SRV - (PNRPsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation)
SRV - (p2pimsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation)
SRV - (HomeGroupProvider) -- C:\Windows\System32\provsvc.dll (Microsoft Corporation)
SRV - (PNRPAutoReg) -- C:\Windows\System32\pnrpauto.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (HomeGroupListener) -- C:\Windows\System32\ListSvc.dll (Microsoft Corporation)
SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation)
SRV - (Dhcp) -- C:\Windows\System32\dhcpcore.dll (Microsoft Corporation)
SRV - (defragsvc) -- C:\Windows\System32\defragsvc.dll (Microsoft Corporation)
SRV - (BDESVC) -- C:\Windows\System32\bdesvc.dll (Microsoft Corporation)
SRV - (AxInstSV) ActiveX-Installer (AxInstSV) -- C:\Windows\System32\AxInstSv.dll (Microsoft Corporation)
SRV - (AppIDSvc) -- C:\Windows\System32\appidsvc.dll (Microsoft Corporation)
SRV - (sppsvc) -- C:\Windows\System32\sppsvc.exe (Microsoft Corporation)
SRV - (Microsoft Office Groove Audit Service) -- D:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (amdkmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (amdkmdap) -- C:\Windows\System32\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV - (AtiHdmiService) -- C:\Windows\System32\drivers\AtiHdmi.sys (ATI Technologies, Inc.)
DRV - (RTL8167) -- C:\Windows\System32\drivers\Rt86win7.sys (Realtek                                            )
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (KSecPkg) -- C:\Windows\System32\Drivers\ksecpkg.sys (Microsoft Corporation)
DRV - (mod7700) -- C:\Windows\System32\drivers\dvb7700all.sys (DiBcom)
DRV - (TuneUpUtilitiesDrv) -- D:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys (TuneUp Software)
DRV - (LVPr2Mon) -- C:\Windows\System32\drivers\LVPr2Mon.sys ()
DRV - (cmdide) -- C:\Windows\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.)
DRV - (adpahci) -- C:\Windows\system32\DRIVERS\adpahci.sys (Adaptec, Inc.)
DRV - (adp94xx) -- C:\Windows\system32\DRIVERS\adp94xx.sys (Adaptec, Inc.)
DRV - (amdsbs) -- C:\Windows\system32\DRIVERS\amdsbs.sys (AMD Technologies Inc.)
DRV - (adpu320) -- C:\Windows\system32\DRIVERS\adpu320.sys (Adaptec, Inc.)
DRV - (arcsas) -- C:\Windows\system32\DRIVERS\arcsas.sys (Adaptec, Inc.)
DRV - (amdsata) -- C:\Windows\system32\DRIVERS\amdsata.sys (Advanced Micro Devices)
DRV - (arc) -- C:\Windows\system32\DRIVERS\arc.sys (Adaptec, Inc.)
DRV - (amdxata) -- C:\Windows\system32\DRIVERS\amdxata.sys (Advanced Micro Devices)
DRV - (aliide) -- C:\Windows\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)
DRV - (nvstor) -- C:\Windows\system32\DRIVERS\nvstor.sys (NVIDIA Corporation)
DRV - (nvraid) -- C:\Windows\system32\DRIVERS\nvraid.sys (NVIDIA Corporation)
DRV - (nfrd960) -- C:\Windows\system32\DRIVERS\nfrd960.sys (IBM Corporation)
DRV - (LSI_SAS) -- C:\Windows\system32\DRIVERS\lsi_sas.sys (LSI Corporation)
DRV - (iaStorV) -- C:\Windows\system32\DRIVERS\iaStorV.sys (Intel Corporation)
DRV - (MegaSR) -- C:\Windows\system32\DRIVERS\MegaSR.sys (LSI Corporation, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\DRIVERS\lsi_scsi.sys (LSI Corporation)
DRV - (LSI_FC) -- C:\Windows\system32\DRIVERS\lsi_fc.sys (LSI Corporation)
DRV - (LSI_SAS2) -- C:\Windows\system32\DRIVERS\lsi_sas2.sys (LSI Corporation)
DRV - (iirsp) -- C:\Windows\system32\DRIVERS\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (megasas) -- C:\Windows\system32\DRIVERS\megasas.sys (LSI Corporation)
DRV - (hwpolicy) -- C:\Windows\System32\drivers\hwpolicy.sys (Microsoft Corporation)
DRV - (elxstor) -- C:\Windows\system32\DRIVERS\elxstor.sys (Emulex)
DRV - (aic78xx) -- C:\Windows\system32\DRIVERS\djsvs.sys (Adaptec, Inc.)
DRV - (HpSAMD) -- C:\Windows\system32\DRIVERS\HpSAMD.sys (Hewlett-Packard Company)
DRV - (FsDepends) -- C:\Windows\System32\drivers\fsdepends.sys (Microsoft Corporation)
DRV - (vsmraid) -- C:\Windows\system32\DRIVERS\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (vmbus) -- C:\Windows\system32\DRIVERS\vmbus.sys (Microsoft Corporation)
DRV - (vhdmp) -- C:\Windows\system32\DRIVERS\vhdmp.sys (Microsoft Corporation)
DRV - (storflt) -- C:\Windows\system32\DRIVERS\vmstorfl.sys (Microsoft Corporation)
DRV - (vdrvroot) -- C:\Windows\system32\DRIVERS\vdrvroot.sys (Microsoft Corporation)
DRV - (storvsc) -- C:\Windows\system32\DRIVERS\storvsc.sys (Microsoft Corporation)
DRV - (WIMMount) -- C:\Windows\System32\drivers\wimmount.sys (Microsoft Corporation)
DRV - (viaide) -- C:\Windows\system32\DRIVERS\viaide.sys (VIA Technologies, Inc.)
DRV - (ql2300) -- C:\Windows\system32\DRIVERS\ql2300.sys (QLogic Corporation)
DRV - (rdyboost) -- C:\Windows\System32\drivers\rdyboost.sys (Microsoft Corporation)
DRV - (ql40xx) -- C:\Windows\system32\DRIVERS\ql40xx.sys (QLogic Corporation)
DRV - (SiSRaid4) -- C:\Windows\system32\DRIVERS\sisraid4.sys (Silicon Integrated Systems)
DRV - (pcw) -- C:\Windows\System32\drivers\pcw.sys (Microsoft Corporation)
DRV - (SiSRaid2) -- C:\Windows\system32\DRIVERS\SiSRaid2.sys (Silicon Integrated Systems Corp.)
DRV - (stexstor) -- C:\Windows\system32\DRIVERS\stexstor.sys (Promise Technology)
DRV - (CNG) -- C:\Windows\System32\Drivers\cng.sys (Microsoft Corporation)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\System32\Drivers\Brserid.sys (Brother Industries Ltd.)
DRV - (rdpbus) -- C:\Windows\System32\drivers\rdpbus.sys (Microsoft Corporation)
DRV - (RDPREFMP) -- C:\Windows\System32\drivers\RDPREFMP.sys (Microsoft Corporation)
DRV - (RasAgileVpn) WAN Miniport (IKEv2) -- C:\Windows\System32\drivers\agilevpn.sys (Microsoft Corporation)
DRV - (WfpLwf) -- C:\Windows\System32\drivers\wfplwf.sys (Microsoft Corporation)
DRV - (NdisCap) -- C:\Windows\System32\drivers\ndiscap.sys (Microsoft Corporation)
DRV - (vwifibus) -- C:\Windows\System32\drivers\vwifibus.sys (Microsoft Corporation)
DRV - (1394ohci) -- C:\Windows\System32\drivers\1394ohci.sys (Microsoft Corporation)
DRV - (UmPass) -- C:\Windows\system32\DRIVERS\umpass.sys (Microsoft Corporation)
DRV - (usbaudio) USB-Audiotreiber (WDM) -- C:\Windows\System32\drivers\USBAUDIO.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (mshidkmdf) -- C:\Windows\System32\drivers\mshidkmdf.sys (Microsoft Corporation)
DRV - (MTConfig) -- C:\Windows\system32\DRIVERS\MTConfig.sys (Microsoft Corporation)
DRV - (CompositeBus) -- C:\Windows\System32\drivers\CompositeBus.sys (Microsoft Corporation)
DRV - (AppID) -- C:\Windows\system32\drivers\appid.sys (Microsoft Corporation)
DRV - (scfilter) -- C:\Windows\System32\drivers\scfilter.sys (Microsoft Corporation)
DRV - (s3cap) -- C:\Windows\system32\DRIVERS\vms3cap.sys (Microsoft Corporation)
DRV - (VMBusHID) -- C:\Windows\system32\DRIVERS\VMBusHID.sys (Microsoft Corporation)
DRV - (discache) -- C:\Windows\System32\drivers\discache.sys (Microsoft Corporation)
DRV - (HidBatt) -- C:\Windows\system32\DRIVERS\HidBatt.sys (Microsoft Corporation)
DRV - (AcpiPmi) -- C:\Windows\system32\DRIVERS\acpipmi.sys (Microsoft Corporation)
DRV - (AmdPPM) -- C:\Windows\System32\drivers\amdppm.sys (Microsoft Corporation)
DRV - (hcw85cir) -- C:\Windows\system32\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV - (BrUsbMdm) -- C:\Windows\System32\Drivers\BrUsbMdm.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\System32\Drivers\BrUsbSer.sys (Brother Industries Ltd.)
DRV - (BrSerWdm) -- C:\Windows\System32\Drivers\BrSerWdm.sys (Brother Industries Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\DRIVERS\BrFiltLo.sys (Brother Industries, Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\DRIVERS\BrFiltUp.sys (Brother Industries, Ltd.)
DRV - (b57nd60x) -- C:\Windows\System32\drivers\b57nd60x.sys (Broadcom Corporation)
DRV - (ebdrv) -- C:\Windows\system32\DRIVERS\evbdx.sys (Broadcom Corporation)
DRV - (b06bdrv) -- C:\Windows\system32\DRIVERS\bxvbdx.sys (Broadcom Corporation)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (AtiPcie) AMD PCI Express (3GIO) -- C:\Windows\system32\DRIVERS\AtiPcie.sys (Advanced Micro Devices Inc.)
DRV - (usbfilter) -- C:\Windows\System32\drivers\usbfilter.sys (Advanced Micro Devices)
DRV - ({B154377D-700F-42cc-9474-23858FBDF4BD}) -- d:\Program Files\CyberLink\PowerDVD9\PowerDVD9\000.fcl (CyberLink Corp.)
DRV - (LVUSBSta) -- C:\Windows\System32\drivers\LVUSBSta.sys (Logitech Inc.)
DRV - (LVRS) -- C:\Windows\System32\drivers\lvrs.sys (Logitech Inc.)
DRV - (PID_PEPI) Logitech QuickCam IM(PID_PEPI) -- C:\Windows\System32\drivers\LV302V32.SYS (Logitech Inc.)
DRV - (pepifilter) -- C:\Windows\System32\drivers\lv302af.sys (Logitech Inc.)
DRV - (PinnacleMarvinAVS) -- C:\Windows\System32\drivers\MarvinAVS.sys (Pinnacle a division of Avid Technology, Inc.)
DRV - (MarvinBus) -- C:\Windows\System32\drivers\MarvinBus.sys (Pinnacle Systems GmbH)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\URLSearchHook: {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Programme\Winamp Toolbar\winamptb.dll (AOL LLC.)
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = BB D8 02 03 90 34 begin_of_the_skype_highlighting**************02 03 90 34******end_of_the_skype_highlighting CB 01  [binary data]
IE - HKCU\..\URLSearchHook: {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Programme\Winamp Toolbar\winamptb.dll (AOL LLC.)
IE - HKCU\..\URLSearchHook: {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Programme\Search Settings\SearchSettings.dll (Spigot, Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Winamp Search"
FF - prefs.js..browser.search.defaultthis.engineName: "IsoBuster Web Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampie7&query="
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=867034"
FF - prefs.js..browser.search.selectedEngine: "Winamp Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/webhp?rls=ig&cplp=1283073759557"
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2.2
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198
FF - prefs.js..extensions.enabledItems: {B728AB94-9BC7-49b7-B76A-422BB31B2FD0}:2.0.0.8
FF - prefs.js..extensions.enabledItems: searchsettings@spigot.com:1.2.3
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: {872b5b88-9db5-4310-bdd0-ac189557e5f5}:2.7.2.0
FF - prefs.js..extensions.enabledItems: pdfforge@mybrowserbar.com:1.1.2
FF - prefs.js..extensions.enabledItems: {0b38152b-1b20-484d-a11f-5e04a9b0661f}:5.6.12.1
FF - prefs.js..extensions.enabledItems: dealio@mybrowserbar.com:4.0.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..keyword.URL: "hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampab&query="
 
FF - HKLM\software\mozilla\Firefox\Extensions\\{B728AB94-9BC7-49b7-B76A-422BB31B2FD0}: d:\Program Files\ArcSoft\Media Converter for Philips\Internet Video Downloader\Plugin_FireFox [2010.08.05 23:51:40 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: d:\Program Files\Mozilla Firefox\components [2010.08.05 13:23:06 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: d:\Program Files\Mozilla Firefox\plugins [2010.09.05 12:38:08 | 000,000,000 | ---D | M]
 
[2010.08.05 13:23:19 | 000,000,000 | ---D | M] -- C:\Users\Peter Wichtel\AppData\Roaming\mozilla\Extensions
[2010.08.22 22:35:13 | 000,000,000 | ---D | M] -- C:\Users\Peter Wichtel\AppData\Roaming\mozilla\Firefox\Profiles\5wao64zs.default\extensions
[2010.08.22 22:35:13 | 000,000,000 | ---D | M] (DVDVideoSoftTB Toolbar) -- C:\Users\Peter Wichtel\AppData\Roaming\mozilla\Firefox\Profiles\5wao64zs.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
[2010.08.22 22:23:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Peter Wichtel\AppData\Roaming\mozilla\Firefox\Profiles\5wao64zs.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2010.08.05 13:29:21 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Peter Wichtel\AppData\Roaming\mozilla\Firefox\Profiles\5wao64zs.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2010.08.05 13:27:14 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Peter Wichtel\AppData\Roaming\mozilla\Firefox\Profiles\5wao64zs.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010.09.06 19:37:07 | 000,000,000 | ---D | M] -- C:\Users\Peter Wichtel\AppData\Roaming\mozilla\Firefox\Profiles\7ns36sz1.default\extensions
[2010.08.28 21:25:53 | 000,000,000 | ---D | M] (Winamp Toolbar) -- C:\Users\Peter Wichtel\AppData\Roaming\mozilla\Firefox\Profiles\7ns36sz1.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}
[2010.08.24 20:39:18 | 000,000,000 | ---D | M] (DVDVideoSoftTB Toolbar) -- C:\Users\Peter Wichtel\AppData\Roaming\mozilla\Firefox\Profiles\7ns36sz1.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
[2010.08.22 22:23:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Peter Wichtel\AppData\Roaming\mozilla\Firefox\Profiles\7ns36sz1.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2010.08.05 13:43:53 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Peter Wichtel\AppData\Roaming\mozilla\Firefox\Profiles\7ns36sz1.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2010.08.20 21:32:04 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Peter Wichtel\AppData\Roaming\mozilla\Firefox\Profiles\7ns36sz1.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010.07.29 21:49:10 | 000,000,901 | ---- | M] () -- C:\Users\Peter Wichtel\AppData\Roaming\Mozilla\FireFox\Profiles\7ns36sz1.default\searchplugins\conduit.xml
[2010.08.28 21:27:06 | 000,001,196 | ---- | M] () -- C:\Users\Peter Wichtel\AppData\Roaming\Mozilla\FireFox\Profiles\7ns36sz1.default\searchplugins\winamp-search.xml
 
O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Dealio Toolbar) - {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - C:\Programme\Dealio Toolbar\IE\4.0.2\dealioToolbarIE.dll (Spigot, Inc.)
O2 - BHO: (IEPlugin Class) - {11222041-111B-46E3-BD29-EFB2449479B1} - d:\Program Files\ArcSoft\Media Converter for Philips\Internet Video Downloader\ArcURLRecord.dll (ArcSoft, Inc.)
O2 - BHO: (Winamp Toolbar Loader) - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Programme\Winamp Toolbar\winamptb.dll (AOL LLC.)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - D:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Programme\pdfforge Toolbar\IE\1.1.2\pdfforgeToolbarIE.dll (Spigot, Inc.)
O2 - BHO: (SearchSettings Class) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Programme\Search Settings\SearchSettings.dll (Spigot, Inc.)
O3 - HKLM\..\Toolbar: (Dealio Toolbar) - {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - C:\Programme\Dealio Toolbar\IE\4.0.2\dealioToolbarIE.dll (Spigot, Inc.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Programme\pdfforge Toolbar\IE\1.1.2\pdfforgeToolbarIE.dll (Spigot, Inc.)
O3 - HKLM\..\Toolbar: (Winamp Toolbar) - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Programme\Winamp Toolbar\winamptb.dll (AOL LLC.)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [avgnt] D:\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [BDRegion] C:\Programme\Cyberlink\Shared Files\brs.exe (cyberlink)
O4 - HKLM..\Run: [GrooveMonitor] D:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe ()
O4 - HKLM..\Run: [ Malwarebytes Anti-Malware  (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [PDVD9LanguageShortcut] d:\Program Files\CyberLink\PowerDVD9\PowerDVD9\Language\Language.exe (CyberLink Corp.)
O4 - HKLM..\Run: [RemoteControl9] d:\Program Files\CyberLink\PowerDVD9\PowerDVD9\PDVD9Serv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [SearchSettings] C:\Programme\Search Settings\SearchSettings.exe (Spigot, Inc.)
O4 - HKLM..\Run: [StartCCC] d:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [USB2Check] C:\Windows\System32\PCLECoInst.DLL (Pinnacle Systems)
O4 - HKLM..\Run: [USBToolTip] C:\Programme\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe (Pinnacle Systems GmbH)
O4 - HKLM..\Run: [WinampAgent] d:\Program Files\Winamp\winampa.exe (Nullsoft, Inc.)
O4 - Startup: C:\Users\Peter Wichtel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk = D:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O8 - Extra context menu item: &Winamp Search - C:\ProgramData\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html ()
O8 - Extra context menu item: An vorhandenes PDF anfügen - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Auswahl in Adobe PDF konvertieren - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Auswahl in vorhandene PDF-Datei konvertieren - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Verknüpfungsziel in Adobe PDF konvertieren - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - D:\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - D:\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - D:\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - D:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - D:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2010.09.06 19:31:11 | 000,000,000 | ---D | C] -- C:\Users\Peter Wichtel\AppData\Roaming\Malwarebytes
[2010.09.06 19:30:34 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010.09.06 19:30:32 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010.09.06 19:30:32 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2010.09.06 19:30:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010.09.05 12:38:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2010.09.05 12:38:20 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Java
[2010.09.05 12:38:08 | 000,423,656 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll
[2010.09.05 12:38:08 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2010.09.05 12:38:08 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2010.09.05 12:38:08 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2010.09.05 12:38:00 | 000,000,000 | ---D | C] -- C:\Programme\Java
[2010.08.28 21:51:37 | 000,000,000 | ---D | C] -- C:\Programme\Dealio Toolbar
[2010.08.28 21:38:15 | 000,000,000 | ---D | C] -- C:\Windows\System32\appmgmt
[2010.08.28 21:25:51 | 000,000,000 | ---D | C] -- C:\Programme\Winamp Toolbar
[2010.08.28 21:25:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Winamp Toolbar
[2010.08.28 21:25:44 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\PX Storage Engine
[2010.08.28 21:25:43 | 000,000,000 | ---D | C] -- C:\Users\Peter Wichtel\AppData\Roaming\Winamp
[2010.08.25 23:06:59 | 000,000,000 | ---D | C] -- C:\Users\Peter Wichtel\Documents\OJOsoft Corporation
[2010.08.25 20:18:45 | 000,000,000 | ---D | C] -- C:\Programme\pdfforge Toolbar
[2010.08.25 20:18:26 | 000,662,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSCOMCT2.OCX
[2010.08.25 20:18:26 | 000,158,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSCMCDE.DLL
[2010.08.25 20:18:26 | 000,137,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSMAPI32.OCX
[2010.08.25 20:18:26 | 000,125,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\VB6DE.DLL
[2010.08.25 20:18:25 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSCC2DE.DLL
[2010.08.25 20:18:25 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSMPIDE.DLL
[2010.08.25 20:18:25 | 000,000,000 | ---D | C] -- C:\Programme\PDFCreator
[2010.08.23 23:26:10 | 000,000,000 | ---D | C] -- C:\Users\Peter Wichtel\AppData\Roaming\Media Player Classic
[2010.08.22 22:23:06 | 000,000,000 | ---D | C] -- C:\Users\Peter Wichtel\AppData\Roaming\DVDVideoSoftIEHelpers
[2010.08.22 22:23:03 | 000,000,000 | ---D | C] -- C:\Users\Peter Wichtel\Documents\DVDVideoSoft
[2010.08.22 22:22:57 | 000,000,000 | ---D | C] -- C:\Programme\DVDVideoSoft
[2010.08.22 22:22:57 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\DVDVideoSoft
[2010.08.22 22:20:01 | 000,000,000 | ---D | C] -- C:\output media
[2010.08.22 22:19:27 | 000,000,000 | ---D | C] -- C:\Programme\Free Convert Youtube FLV to Audio MP3 Converter
[2010.08.20 22:52:33 | 000,000,000 | ---D | C] -- C:\ProgramData\vsosdk
[2010.08.20 21:22:55 | 000,197,632 | ---- | C] (Intel(R) Corporation) -- C:\Windows\System32\ir32_32.dll
[2010.08.20 21:22:55 | 000,082,944 | ---- | C] (Radius Inc.) -- C:\Windows\System32\iccvid.dll
[2010.08.20 21:22:54 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rtutils.dll
[2010.08.20 21:22:52 | 003,955,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2010.08.20 21:22:52 | 003,899,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2010.08.20 21:22:47 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2010.08.20 21:22:47 | 000,606,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2010.08.20 21:22:47 | 000,381,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2010.08.20 21:22:47 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2010.08.20 21:22:47 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2010.08.20 21:22:47 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2010.08.20 21:22:47 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2010.08.20 21:22:47 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2010.08.20 21:22:35 | 002,326,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2010.08.05 13:39:37 | 000,047,360 | ---- | C] (VSO Software) -- C:\Users\Peter Wichtel\AppData\Roaming\pcouffin.sys
 
========== Files - Modified Within 30 Days ==========
 
[2010.09.06 20:01:36 | 002,097,152 | -HS- | M] () -- C:\Users\Peter Wichtel\NTUSER.DAT
[2010.09.06 19:47:57 | 000,014,640 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010.09.06 19:47:57 | 000,014,640 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010.09.06 19:44:59 | 001,472,002 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010.09.06 19:44:59 | 000,643,628 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2010.09.06 19:44:59 | 000,606,992 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010.09.06 19:44:59 | 000,126,188 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2010.09.06 19:44:59 | 000,103,370 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010.09.06 19:40:40 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010.09.06 19:40:38 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.09.06 19:40:34 | 2616,057,856 | -HS- | M] () -- C:\hiberfil.sys
[2010.09.06 19:38:40 | 004,563,031 | -H-- | M] () -- C:\Users\Peter Wichtel\AppData\Local\IconCache.db
[2010.09.05 14:20:53 | 000,028,160 | ---- | M] () -- C:\Users\Peter Wichtel\Documents\becker und kries - hausgeld.doc
[2010.09.05 12:38:01 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll
[2010.09.05 12:38:01 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2010.09.05 12:38:01 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2010.09.05 12:38:01 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2010.09.04 20:56:54 | 000,021,504 | ---- | M] () -- C:\Users\Peter Wichtel\Documents\Arbeitszeit.xls
[2010.09.04 10:28:32 | 000,062,976 | ---- | M] () -- C:\Users\Peter Wichtel\Documents\öffnungszeiten bürgerämter.doc
[2010.08.31 20:51:23 | 000,031,744 | ---- | M] () -- C:\Users\Peter Wichtel\Documents\kündigung deutsche wohnen.doc
[2010.08.31 18:46:26 | 000,040,448 | ---- | M] () -- C:\Users\Peter Wichtel\Documents\otto.doc
[2010.08.28 21:56:08 | 005,470,282 | ---- | M] () -- C:\Status Quo - Anniversary Waltz Part 1.mp3
[2010.08.28 21:55:55 | 005,322,325 | ---- | M] () -- C:\Status Quo - Anniversary Waltz (part 2)-1.mp3
[2010.08.28 21:55:44 | 008,283,148 | ---- | M] () -- C:\7594551.mp3
[2010.08.28 21:54:16 | 003,645,473 | ---- | M] () -- C:\7634837.mp3
[2010.08.26 22:49:29 | 000,029,696 | ---- | M] () -- C:\Users\Peter Wichtel\Documents\Die einheitliche Behördenrufnummer.doc
[2010.08.25 19:26:27 | 000,002,067 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk
[2010.08.25 19:26:26 | 000,002,459 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Acrobat - Schnellstart.lnk
[2010.08.24 22:22:44 | 000,028,160 | ---- | M] () -- C:\Users\Peter Wichtel\Documents\finanzamt - auszug.doc
[2010.08.24 21:53:20 | 000,028,672 | ---- | M] () -- C:\Users\Peter Wichtel\Documents\brucker-kündigung.doc
[2010.08.22 22:19:34 | 000,000,034 | -H-- | M] () -- C:\Windows\System32\Converter_sysquict.dat
[2010.08.21 10:47:59 | 000,484,304 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010.08.20 06:03:43 | 000,000,164 | ---- | M] () -- C:\Users\Peter Wichtel\AppData\Roaming\default.rss
[2010.08.11 23:50:28 | 000,307,200 | ---- | M] (Koyote Soft - hxxp://www.koyotesoft.com) -- C:\Windows\System32\TubeFinder.exe
[2010.08.11 23:37:19 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2010.08.09 16:39:37 | 000,000,425 | ---- | M] () -- C:\Windows\BRWMARK.INI
[2010.08.09 16:39:37 | 000,000,027 | ---- | M] () -- C:\Windows\BRPP2KA.INI
 
========== Files Created - No Company Name ==========
 
[2010.09.05 14:20:53 | 000,028,160 | ---- | C] () -- C:\Users\Peter Wichtel\Documents\becker und kries - hausgeld.doc
[2010.08.31 19:39:45 | 000,031,744 | ---- | C] () -- C:\Users\Peter Wichtel\Documents\kündigung deutsche wohnen.doc
[2010.08.31 18:46:26 | 000,040,448 | ---- | C] () -- C:\Users\Peter Wichtel\Documents\otto.doc
[2010.08.28 21:55:55 | 005,470,282 | ---- | C] () -- C:\Status Quo - Anniversary Waltz Part 1.mp3
[2010.08.28 21:55:44 | 005,322,325 | ---- | C] () -- C:\Status Quo - Anniversary Waltz (part 2)-1.mp3
[2010.08.28 21:55:27 | 008,283,148 | ---- | C] () -- C:\7594551.mp3
[2010.08.28 21:54:08 | 003,645,473 | ---- | C] () -- C:\7634837.mp3
[2010.08.26 22:49:28 | 000,029,696 | ---- | C] () -- C:\Users\Peter Wichtel\Documents\Die einheitliche Behördenrufnummer.doc
[2010.08.25 20:18:26 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll
[2010.08.24 22:22:02 | 000,028,160 | ---- | C] () -- C:\Users\Peter Wichtel\Documents\finanzamt - auszug.doc
[2010.08.24 21:53:19 | 000,028,672 | ---- | C] () -- C:\Users\Peter Wichtel\Documents\brucker-kündigung.doc
[2010.08.22 22:19:34 | 000,000,034 | -H-- | C] () -- C:\Windows\System32\Converter_sysquict.dat
[2010.08.11 23:37:19 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2010.08.06 22:08:21 | 000,000,055 | ---- | C] () -- C:\Windows\maedn.ini
[2010.08.05 23:01:53 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010.08.05 20:45:04 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2010.08.05 16:25:59 | 000,000,229 | ---- | C] () -- C:\Windows\Brpfx04a.ini
[2010.08.05 16:25:59 | 000,000,093 | ---- | C] () -- C:\Windows\brpcfx.ini
[2010.08.05 16:25:41 | 000,000,425 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2010.08.05 16:25:41 | 000,000,027 | ---- | C] () -- C:\Windows\BRPP2KA.INI
[2010.08.05 13:39:37 | 000,087,608 | ---- | C] () -- C:\Users\Peter Wichtel\AppData\Roaming\inst.exe
[2010.08.05 13:39:37 | 000,007,887 | ---- | C] () -- C:\Users\Peter Wichtel\AppData\Roaming\pcouffin.cat
[2010.08.05 13:39:37 | 000,001,144 | ---- | C] () -- C:\Users\Peter Wichtel\AppData\Roaming\pcouffin.inf
[2010.08.05 13:39:37 | 000,000,033 | ---- | C] () -- C:\Users\Peter Wichtel\AppData\Roaming\pcouffin.log
[2010.08.05 13:39:37 | 000,000,000 | ---- | C] () -- C:\Users\Peter Wichtel\AppData\Roaming\downloads.m3u
[2010.08.05 13:39:36 | 000,000,164 | ---- | C] () -- C:\Users\Peter Wichtel\AppData\Roaming\default.rss
[2010.08.05 13:39:10 | 039,694,645 | -H-- | C] () -- C:\Users\Peter Wichtel\AppData\Local\IconCache (2).db
[2010.08.05 13:39:10 | 000,160,816 | ---- | C] () -- C:\Users\Peter Wichtel\AppData\Local\GDIPFONTCACHEV1 (2).DAT
[2010.08.05 13:39:10 | 000,013,312 | ---- | C] () -- C:\Users\Peter Wichtel\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.08.05 13:39:10 | 000,013,312 | ---- | C] () -- C:\Users\Peter Wichtel\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF (2).ini
[2010.08.05 13:39:10 | 000,000,108 | ---- | C] () -- C:\Users\Peter Wichtel\AppData\Local\Config_946EE51E.dat
[2010.08.05 13:39:10 | 000,000,108 | ---- | C] () -- C:\Users\Peter Wichtel\AppData\Local\Config_946EE51E (2).dat
[2010.08.05 13:39:10 | 000,000,038 | ---- | C] () -- C:\Users\Peter Wichtel\AppData\Local\Index_946EE51E.dat
[2010.08.05 13:39:10 | 000,000,038 | ---- | C] () -- C:\Users\Peter Wichtel\AppData\Local\Index_946EE51E (2).dat
[2009.10.07 01:46:36 | 000,025,752 | ---- | C] () -- C:\Windows\System32\drivers\LVPr2Mon.sys
[2009.10.07 01:23:08 | 000,013,584 | ---- | C] () -- C:\Windows\System32\drivers\iKeyLFT2.dll
[2009.07.14 01:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2008.07.26 14:42:52 | 000,066,482 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 143 bytes -> C:\Users\Peter Wichtel\AppData\Roaming\default.rss:OECustomProperty
< End of report >
         
--- --- ---


2. Extras.txtOTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 06.09.2010 20:00:34 - Run 1
OTL by OldTimer - Version 3.2.11.0     Folder = C:\Users\Peter Wichtel\Downloads
 An unknown product  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 73,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 82,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 249,60 Gb Total Space | 167,93 Gb Free Space | 67,28% Space Free | Partition Type: NTFS
Drive D: | 449,04 Gb Total Space | 400,96 Gb Free Space | 89,29% Space Free | Partition Type: NTFS
Drive E: | 666,67 Gb Total Space | 633,28 Gb Free Space | 94,99% Space Free | Partition Type: NTFS
Drive F: | 264,84 Gb Total Space | 230,99 Gb Free Space | 87,22% Space Free | Partition Type: NTFS
Drive G: | 931,28 Gb Total Space | 673,38 Gb Free Space | 72,31% Space Free | Partition Type: FAT32
H: Drive not present or media not loaded
Drive I: | 2,83 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
 
Computer Name: BENGELCHEN-1
Current User Name: Peter Wichtel
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- d:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "D:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "D:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- D:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "d:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "d:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "d:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{08C8666B-C502-4AB3-B4CB-D74AC42D14FE}" = Nero BackItUp 10 Help (CHM)
"{0FEA9A38-B993-0969-3A78-4D5CDDACEFEE}" = ATI Catalyst Install Manager
"{11083C7A-D0D6-4DA4-8C3A-74B8389EC07B}" = ATI Catalyst Registration
"{16987E99-C95C-4513-9239-7B44A0A71DB5}" = Nero SoundTrax 10 Help (CHM)
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F7FB68F-52F6-46A3-B42F-38CE46295AE5}" = Nero MediaHub 10
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{237CCB62-8454-43E3-B158-3ACD0134852E}" = High-Definition Video Playback 10
"{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10
"{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java(TM) 6 Update 21
"{277C1559-4CF7-44FF-8D07-98AA9C13AABD}" = Nero Multimedia Suite 10
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{31ECA0DA-4EE0-8C1E-484A-C304BAA9179A}" = Catalyst Control Center Graphics Previews Common
"{329411A0-19F3-4740-874F-17400B126F27}" = Nero Vision 10 Help (CHM)
"{33643918-7957-4839-92C7-EA96CB621A98}" = Nero Express 10 Help (CHM)
"{34490F4E-48D0-492E-8249-B48BECF0537C}" = Nero DiscSpeed 10
"{3878A9A3-2448-7607-01EA-0DB9E31B7242}" = Catalyst Control Center Graphics Previews Vista
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4FBCEA31-5D18-4212-9231-DE7CF1BE7DBB}" = Logitech Vid
"{523B2B1B-D8DB-4B41-90FF-C4D799E2758A}" = Nero ControlCenter 10 Help (CHM)
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{555868C6-49FB-484F-BB43-8980651A1B00}" = Nero BurnRights 10 Help (CHM)
"{5791B7D3-8B34-4218-9750-6A8E45D0AD32}" = pdfforge Toolbar v1.1.2
"{5F05C28D-DEA9-4AD6-A73A-064175988EAB}" = Search Settings v1.2.3
"{5F548A02-80BC-404D-BAE6-F05F9BF6B449}" = Nero DiscCopyGadget 10 Help (CHM)
"{6294CE03-1A16-4610-891E-FDAF9A585A54}" = SA52xx Device Manager
"{63AA3EAB-23BB-48B2-9AD0-44F878075604}" = Nero 10 Menu TemplatePack Basic
"{65173BC2-60E7-4DE8-A61D-A81FCB96EE93}" = Pinnacle Studio Ultimate Plugins
"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
"{66049135-9659-4AAD-9169-9CCA269EBB3E}" = Nero InfoTool 10 Help (CHM)
"{68AB6930-5BFF-4FF6-923B-516A91984FE6}" = Nero BackItUp 10
"{6DE721A5-5E89-4D74-994C-652BB3C0672E}" = Pinnacle Video Treiber
"{6DFB899F-17A2-48F0-A533-ED8D6866CF38}" = Nero Control Center 10
"{70550193-1C22-445C-8FA4-564E155DB1A7}" = Nero Express 10
"{71D5559C-85E5-5206-3B1C-A8A9DDDE4AC9}" = AMD Drag and Drop Transcoding
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{75670A63-A18E-5066-0A78-93F6865BA3AA}" = ccc-core-static
"{7A295D8F-484B-4FFB-89AB-C1FD497591FE}" = Nero WaveEditor 10 Help (CHM)
"{7A5D731D-B4B3-490E-B339-75685712BAAB}" = Nero Burning ROM 10
"{7EE873AF-46BB-4B5D-BA6F-CFE4B0566E22}" = TuneUp Utilities Language Pack (de-DE)
"{82809116-D1EE-443C-AE31-F19E709DDF7A}" = AMD USB Filter Driver
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{845FDC75-F31E-A75A-4300-593CAB195847}" = ccc-utility
"{87323561-58BA-4D5B-BADA-A791B69D1705}" = Catalyst Control Center - Branding
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows 7
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{8ECEC853-5C3D-4B10-B5C7-FF11FF724807}" = Nero Recode 10
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{92E25238-61A3-4ACD-A407-3C480EEF47A7}" = Nero RescueAgent 10 Help (CHM)
"{92EC1A84-7FFC-42DF-A8F6-79C21C4765A5}" = Nero DiscCopy Gadget 10
"{943CFD7D-5336-47AF-9418-E02473A5A517}" = Nero BurnRights 10
"{94FB5B63-A65F-7E5D-560D-A79FB29EA52F}" = Catalyst Control Center InstallProxy
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9699C9AA-8990-904D-FD1B-D931E437434D}" = CCC Help English
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A4297F3-2A51-4ED9-92CA-4BCB8380947E}" = Nero Vision 10
"{9B6B24BE-80E7-46C4-9FA5-B167D5E0F345}" = Nero BurningROM 10 Help (CHM)
"{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
"{AADD1C8F-D59F-4D55-A726-768C71A205A8}" = Pinnacle Studio 14
"{AC76BA86-1033-F400-7760-000000000003}" = Adobe Acrobat 8 Professional - English, Français, Deutsch
"{AC76BA86-7AD7-1031-7B44-A91000000001}" = Adobe Reader 9.1 - Deutsch
"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger
"{B6A24D2D-1ADB-4553-87FD-38F3FAADC18E}_is1" = The Book of Unwritten Tales 1.0.0.0
"{C18A0418-442A-4186-AF98-D08F5054A2FC}" = Nero DiscSpeed 10 Help (CHM)
"{C27BC2A2-30DD-4014-B22E-63EB0DB572F9}" = Logitech Webcam Software
"{C3273C55-E1E4-41FF-8D69-0158090DB8D8}" = Nero CoverDesigner 10 Help (CHM)
"{C3580AC4-C827-4332-B935-9A282ED5BB97}" = Nero Dolby Files 10
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{C878CD69-85DB-426B-81A3-E71175AAEB91}" = Dealio Toolbar v4.0.2
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}" = Microsoft Primary Interoperability Assemblies 2005
"{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}" = TuneUp Utilities
"{DB7C1D4A-08BA-4C7E-A8AA-B7F9BB372DCF}" = Nero Recode 10 Help (CHM)
"{E1EE5339-5D32-458F-BAAB-B19F6301BCE2}" = Nero SoundTrax 10
"{E337E787-CF61-4B7B-B84F-509202A54023}" = Nero RescueAgent 10
"{E623BB3F-F7ED-4148-BEB5-A0D1DB28B4DE}" = Media Converter for Philips
"{EDCDFAD5-DF80-4600-A493-E9DAD6810230}" = Nero WaveEditor 10
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F412B4AF-388C-4FF5-9B2F-33DB1C536953}" = Nero InfoTool 10
"{F467862A-D9CA-47ED-8D81-B4B3C9399272}" = Nero MediaHub 10 Help (CHM)
"{F5CB822F-B365-43D1-BCC0-4FDA1A2017A7}" = Nero 10 Movie ThemePack Basic
"{F6117F9C-ADB5-4590-9BE4-12C7BEC28702}" = Nero StartSmart 10 Help (CHM)
"{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}" = Nero StartSmart 10
"{FCF00A6E-FB58-477A-ABE9-232907105521}" = Nero CoverDesigner 10
"Adobe Acrobat 8 Professional - English, Français, Deutsch" = Adobe Acrobat 8 Professional - English, Français, Deutsch
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Applian FLV Player2.0.24" = Applian FLV Player
"Avira AntiVir Desktop" = Avira AntiVir Premium
"Deutschlands Brettspiele Deluxe" = Deutschlands Brettspiele Deluxe 1.0 
"eMusic Promotion" = 50 FREE MP3s +1 Free Audiobook!
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4
"Free FLV Converter_is1" = Free FLV Converter V 6.92.0
"Free PDF to Word Doc Converter_is1" = Free PDF to Word Doc Converter v1.1
"InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Metin2_is1" = Metin2
"Moraff's_Maximum_Mahjongg_1.0" = Moraff's Maximum MahJongg 1.0
"Mozilla Firefox (3.6.8)" = Mozilla Firefox (3.6.8)
"OpenAL" = OpenAL
"Red Giant ToonIt Studio" = Red Giant ToonIt Studio
"SolSuite_is1" = SolSuite 2010 v10.4
"TuneUp Utilities" = TuneUp Utilities
"Uninstall_is1" = Uninstall 1.0.0.1
"Winamp" = Winamp
"Winamp Toolbar" = Winamp Toolbar
"WinLiveSuite_Wave3" = Windows Live Essentials
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Monopoly Deluxe" = Monopoly Deluxe
"Winamp Detect" = Winamp Erkennungs-Plug-in
 
========== Last 10 Event Log Errors ==========
 
Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!
 
< End of report >
         
--- --- ---

3. mbam-log-2010-09-06 (19-38-33).txt

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 4556

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

06.09.2010 19:38:33
mbam-log-2010-09-06 (19-38-33).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 142533
Laufzeit: 4 Minute(n), 54 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 2
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 3
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 2

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
C:\Program Files\pdfforge Toolbar\FF\components\pdfforgeToolbarFF.dll (Adware.WidgiToolbar) -> Delete on reboot.
C:\Program Files\Dealio Toolbar\FF\components\dealioToolbarFF.dll (Adware.WidgiToolbar) -> Delete on reboot.

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\Program Files\pdfforge Toolbar\FF\components\pdfforgeToolbarFF.dll (Adware.WidgiToolbar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\Program Files\Dealio Toolbar\FF\components\dealioToolbarFF.dll (Adware.WidgiToolbar) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mssmsgs (Backdoor.Bot) -> Quarantined and deleted successfully.

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
C:\Program Files\pdfforge Toolbar\FF\components\pdfforgeToolbarFF.dll (Adware.WidgiToolbar) -> Delete on reboot.
C:\Program Files\Dealio Toolbar\FF\components\dealioToolbarFF.dll (Adware.WidgiToolbar) -> Delete on reboot.
__________________

Alt 06.09.2010, 19:15   #4
obelix98
 
Unbekannte Meldung - Standard

Unbekannte Meldung



Zusatz:

Nach dem Durchlauf von Malwarebytes hat sich die Meldung auf dem Desktop verabschiedet.

Schon mal tausend Dank !!!

Alt 06.09.2010, 19:53   #5
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Unbekannte Meldung - Standard

Unbekannte Meldung



Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Lade dir ComboFix hier herunter auf deinen Desktop. Benenne es beim Runterladen um in cofi.exe.
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 06.09.2010, 20:45   #6
obelix98
 
Unbekannte Meldung - Standard

Unbekannte Meldung



Hier das logfile von cofi.exe:

Combofix Logfile:
Code:
ATTFilter
ComboFix 10-09-06.02 - Peter Wichtel 06.09.2010  21:34:14.1.4 - x86
Microsoft Windows 7 Professional   6.1.7600.0.1252.49.1031.18.3326.2115 [GMT 2:00]
ausgeführt von:: c:\users\Peter Wichtel\Desktop\cofi.exe
.

((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\Search Settings
c:\program files\Search Settings\FF\chrome.manifest
c:\program files\Search Settings\FF\chrome\content\plugin.js
c:\program files\Search Settings\FF\chrome\content\plugin.xul
c:\program files\Search Settings\FF\chrome\content\protection.js
c:\program files\Search Settings\FF\chrome\content\utils.js
c:\program files\Search Settings\FF\chrome\locale\en-US\searchsettingsplugin.dtd
c:\program files\Search Settings\FF\chrome\locale\en-US\searchsettingsplugin.properties
c:\program files\Search Settings\FF\components\IFBHOSearch.xpt
c:\program files\Search Settings\FF\components\IFBHOSearchHelperEngine.xpt
c:\program files\Search Settings\FF\components\IFHelperPreferences.xpt
c:\program files\Search Settings\FF\components\SearchSettingsFF.dll
c:\program files\Search Settings\FF\install.rdf
c:\program files\Search Settings\SeARchsettings.dll
c:\program files\Search Settings\SearchSettings.exe
c:\program files\Search Settings\SearchSettingsRes409.dll
c:\users\Peter Wichtel\AppData\Roaming\inst.exe
c:\users\Peter Wichtel\AppData\Roaming\Microsoft\Windows\Recent\desktop_79819816.ico
c:\windows\TEMP\logishrd\LVPrcInj01.dll

.
(((((((((((((((((((((((   Dateien erstellt von 2010-08-06 bis 2010-09-06  ))))))))))))))))))))))))))))))
.

2010-09-06 19:37 . 2010-09-06 19:40	--------	d-----w-	c:\users\Peter Wichtel\AppData\Local\temp
2010-09-06 19:37 . 2010-09-06 19:37	--------	d-----w-	c:\users\Default\AppData\Local\temp
2010-09-06 19:25 . 2010-09-06 19:25	--------	d-----w-	c:\program files\CCleaner
2010-09-06 17:31 . 2010-09-06 17:31	--------	d-----w-	c:\users\Peter Wichtel\AppData\Roaming\Malwarebytes
2010-09-06 17:30 . 2010-04-29 10:19	38224	----a-w-	c:\windows\system32\drivers\mbamswissarmy.sys
2010-09-06 17:30 . 2010-09-06 17:30	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2010-09-06 17:30 . 2010-09-06 17:30	--------	d-----w-	c:\programdata\Malwarebytes
2010-09-06 17:30 . 2010-04-29 10:19	20952	----a-w-	c:\windows\system32\drivers\mbam.sys
2010-09-05 10:38 . 2010-09-05 10:38	--------	d-----w-	c:\program files\Common Files\Java
2010-09-05 10:38 . 2010-09-05 10:38	423656	----a-w-	c:\windows\system32\deployJava1.dll
2010-09-05 10:38 . 2010-09-05 10:38	--------	d-----w-	c:\program files\Java
2010-08-28 19:25 . 2010-08-28 19:25	--------	d-----w-	c:\programdata\Winamp Toolbar
2010-08-28 19:25 . 2010-08-28 19:25	--------	d-----w-	c:\program files\Winamp Toolbar
2010-08-28 19:25 . 2010-08-28 19:25	--------	d-----w-	c:\program files\Common Files\PX Storage Engine
2010-08-28 19:25 . 2010-09-06 18:37	--------	d-----w-	c:\users\Peter Wichtel\AppData\Roaming\Winamp
2010-08-25 18:18 . 2001-10-28 15:42	116224	----a-w-	c:\windows\system32\pdfcmnnt.dll
2010-08-25 18:18 . 1998-07-06 16:56	125712	----a-w-	c:\windows\system32\VB6DE.DLL
2010-08-25 18:18 . 1998-07-06 16:55	158208	----a-w-	c:\windows\system32\MSCMCDE.DLL
2010-08-25 18:18 . 2010-08-25 18:18	--------	d-----w-	c:\program files\PDFCreator
2010-08-25 18:18 . 1998-07-06 16:55	64512	----a-w-	c:\windows\system32\MSCC2DE.DLL
2010-08-25 18:18 . 1998-07-05 23:00	23552	----a-w-	c:\windows\system32\MSMPIDE.DLL
2010-08-25 05:53 . 2010-04-07 07:10	571904	----a-w-	c:\windows\system32\oleaut32.dll
2010-08-24 18:39 . 2010-08-18 15:12	52224	----a-w-	c:\users\Peter Wichtel\AppData\Roaming\Mozilla\Firefox\Profiles\7ns36sz1.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\components\FFExternalAlert.dll
2010-08-24 18:39 . 2010-08-18 15:12	101376	----a-w-	c:\users\Peter Wichtel\AppData\Roaming\Mozilla\Firefox\Profiles\7ns36sz1.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\components\RadioWMPCore.dll
2010-08-23 21:26 . 2010-08-23 21:26	--------	d-----w-	c:\users\Peter Wichtel\AppData\Roaming\Media Player Classic
2010-08-22 20:35 . 2010-08-22 20:35	52224	----a-w-	c:\users\Peter Wichtel\AppData\Roaming\Mozilla\Firefox\Profiles\5wao64zs.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\components\FFExternalAlert.dll
2010-08-22 20:35 . 2010-08-22 20:35	101376	----a-w-	c:\users\Peter Wichtel\AppData\Roaming\Mozilla\Firefox\Profiles\5wao64zs.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\components\RadioWMPCore.dll
2010-08-22 20:23 . 2010-08-22 20:23	--------	d-----w-	c:\users\Peter Wichtel\AppData\Roaming\DVDVideoSoftIEHelpers
2010-08-22 20:22 . 2010-08-28 19:37	--------	d-----w-	c:\program files\DVDVideoSoft
2010-08-22 20:22 . 2010-08-28 19:37	--------	d-----w-	c:\program files\Common Files\DVDVideoSoft
2010-08-22 20:20 . 2010-08-22 20:36	--------	d-----w-	C:\output media
2010-08-22 20:19 . 2010-08-22 20:19	34	---ha-w-	c:\windows\system32\Converter_sysquict.dat
2010-08-22 20:19 . 2010-08-22 20:22	--------	d-----w-	c:\program files\Free Convert Youtube FLV to Audio MP3 Converter
2010-08-20 20:52 . 2010-08-20 20:52	--------	d-----w-	c:\programdata\vsosdk
2010-08-20 19:24 . 2010-08-20 19:24	2300696	----a-w-	c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2010-08-20 19:24 . 2010-08-20 19:24	42776	----a-w-	c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
2010-08-20 19:24 . 2010-08-20 19:24	1127240	----a-w-	c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2010-08-20 19:23 . 2010-06-14 06:12	1286016	----a-w-	c:\windows\system32\drivers\tcpip.sys

.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-06 17:44 . 2009-07-14 08:47	643628	----a-w-	c:\windows\system32\perfh007.dat
2010-09-06 17:44 . 2009-07-14 08:47	126188	----a-w-	c:\windows\system32\perfc007.dat
2010-09-03 05:16 . 2010-08-05 11:39	--------	d-----w-	c:\users\Peter Wichtel\AppData\Roaming\Skype
2010-09-03 05:09 . 2010-08-05 11:39	--------	d-----w-	c:\users\Peter Wichtel\AppData\Roaming\skypePM
2010-08-28 19:54 . 2010-08-06 16:08	--------	d-----w-	c:\program files\Application Updater
2010-08-26 15:58 . 2010-08-05 20:32	1113408	----a-w-	c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2010-08-22 20:13 . 2010-08-05 21:51	--------	d--h--w-	c:\programdata\ArcSoft
2010-08-20 21:12 . 2010-08-05 12:03	--------	d-----w-	c:\programdata\Microsoft Help
2010-08-20 04:04 . 2010-08-05 11:39	--------	d-----w-	c:\users\Peter Wichtel\AppData\Roaming\SolSuite
2010-08-11 21:50 . 2010-08-06 16:08	307200	----a-w-	c:\windows\system32\TubeFinder.exe
2010-08-11 21:37 . 2010-08-11 21:37	0	---ha-w-	c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2010-08-09 14:36 . 2010-08-05 14:25	--------	d-----w-	c:\program files\Brother
2010-08-09 14:36 . 2010-08-05 14:25	--------	d--h--w-	c:\program files\InstallShield Installation Information
2010-08-06 22:02 . 2010-08-06 22:02	--------	d-----w-	c:\program files\MSXML 4.0
2010-08-06 20:32 . 2010-08-06 20:32	413696	----a-w-	c:\windows\system32\wrap_oal.dll
2010-08-06 20:32 . 2010-08-06 20:32	110592	----a-w-	c:\windows\system32\OpenAL32.dll
2010-08-06 20:32 . 2010-08-06 20:32	--------	d-----w-	c:\program files\OpenAL
2010-08-06 18:55 . 2010-08-06 18:55	--------	d-----w-	c:\programdata\McAfee
2010-08-06 18:23 . 2010-08-06 18:23	286720	----a-w-	c:\windows\iun506.exe
2010-08-06 17:56 . 2010-08-06 17:56	--------	d-----w-	c:\program files\Microsoft Silverlight
2010-08-06 15:56 . 2010-08-05 10:57	--------	d-----w-	c:\programdata\LogiShrd
2010-08-06 13:55 . 2010-08-06 12:43	--------	d-----w-	c:\programdata\CyberLink
2010-08-06 12:55 . 2010-08-06 12:55	--------	d-----w-	c:\program files\Cyberlink
2010-08-06 12:54 . 2010-08-06 12:42	29480	----a-w-	c:\windows\system32\msxml3a.dll
2010-08-06 12:54 . 2010-08-06 12:39	53319	----a-w-	c:\programdata\Temp\{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}\PostBuild.exe
2010-08-06 12:45 . 2010-08-06 12:44	--------	d-----w-	c:\users\Peter Wichtel\AppData\Roaming\CyberLink
2010-08-06 12:43 . 2010-08-06 12:43	--------	d-----w-	c:\program files\Common Files\CyberLink
2010-08-06 09:46 . 2010-08-05 21:47	--------	d-----w-	c:\program files\Windows Live
2010-08-06 09:45 . 2010-08-06 09:45	--------	d-----w-	c:\program files\Microsoft
2010-08-06 09:45 . 2010-08-06 09:45	--------	d-----w-	c:\program files\Windows Live SkyDrive
2010-08-06 09:40 . 2010-08-06 09:40	--------	d-----w-	c:\program files\Common Files\Windows Live
2010-08-06 09:37 . 2010-08-05 11:39	140976	----a-w-	c:\users\Peter Wichtel\AppData\Local\GDIPFONTCACHEV1.DAT
2010-08-06 09:34 . 2009-07-14 02:37	--------	d-----w-	c:\program files\Windows Mail
2010-08-06 06:41 . 2010-08-06 06:41	--------	d-----w-	c:\program files\Microsoft CAPICOM 2.1.0.2
2010-08-06 06:39 . 2010-08-05 15:21	--------	d-----w-	c:\program files\Microsoft Works
2010-08-05 22:51 . 2010-08-05 11:39	--------	d-----w-	c:\users\Peter Wichtel\AppData\Roaming\Downloaded Installations
2010-08-05 21:52 . 2010-08-05 21:52	2485883	----a-w-	c:\programdata\ArcSoft\Global Deploy\CheckUpdate\ArcConnect.exe
2010-08-05 21:51 . 2010-08-05 21:51	--------	d-----w-	c:\program files\Common Files\ArcSoft
2010-08-05 21:51 . 2010-08-05 21:51	--------	d-----w-	c:\program files\Common Files\InstallShield
2010-08-05 21:48 . 2010-08-05 21:47	--------	dcsh--w-	c:\program files\Common Files\WindowsLiveInstaller
2010-08-05 21:46 . 2010-08-05 21:46	--------	d-----w-	c:\programdata\WLInstaller
2010-08-05 21:02 . 2010-08-05 21:02	--------	d-----w-	c:\program files\Common Files\Skype
2010-08-05 21:01 . 2010-08-05 21:01	56	---ha-w-	c:\programdata\ezsidmv.dat
2010-08-05 21:00 . 2010-08-05 21:00	--------	d-----r-	c:\program files\Skype
2010-08-05 21:00 . 2010-08-05 21:00	--------	d-----w-	c:\programdata\Skype
2010-08-05 20:33 . 2010-08-05 20:33	2300696	----a-w-	c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2010-08-05 20:32 . 2010-08-05 20:32	--------	d-----w-	c:\program files\PlayReady
2010-08-05 20:32 . 2010-08-05 20:32	42776	----a-w-	c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2010-08-05 20:19 . 2010-08-05 11:39	--------	d-----w-	c:\users\Peter Wichtel\AppData\Roaming\Vso
2010-08-05 20:19 . 2010-08-05 11:39	47360	----a-w-	c:\users\Peter Wichtel\AppData\Roaming\pcouffin.sys
2010-08-05 20:19 . 2010-08-05 11:39	47360	----a-w-	c:\users\Peter Wichtel\AppData\Roaming\pcouffin.sys
2010-08-05 19:45 . 2010-08-05 19:39	--------	d-----w-	c:\program files\Pinnacle
2010-08-05 19:44 . 2010-08-05 19:44	--------	d-----w-	c:\program files\Common Files\Pinnacle
2010-08-05 19:44 . 2010-08-05 11:39	29926	----a-r-	c:\users\Peter Wichtel\AppData\Roaming\Microsoft\Installer\{6DE721A5-5E89-4D74-994C-652BB3C0672E}\ARPPRODUCTICON.exe
2010-08-05 19:43 . 2010-08-05 19:43	--------	d-----w-	c:\programdata\Pinnacle Studio Ultimate
2010-08-05 19:42 . 2010-08-05 19:36	--------	d-----w-	c:\programdata\Pinnacle
2010-08-05 19:39 . 2010-08-05 19:39	--------	d-----w-	c:\program files\Common Files\Pegasus Imaging
2010-08-05 19:39 . 2010-08-05 19:39	--------	d-----w-	c:\programdata\Studio 14
2010-08-05 19:39 . 2010-08-05 19:39	--------	d-----w-	c:\programdata\Pinnacle Studio Plus
2010-08-05 19:39 . 2010-08-05 19:39	--------	d-----w-	c:\program files\Common Files\Yahoo!
2010-08-05 19:28 . 2010-08-05 11:39	47360	----a-w-	c:\windows\system32\drivers\pcouffin.sys
2010-08-05 19:17 . 2010-08-05 19:17	--------	d-----w-	c:\programdata\Avira
2010-08-05 18:53 . 2010-08-05 18:53	--------	d-----w-	c:\programdata\TuneUp Software
2010-08-05 18:53 . 2010-08-05 18:53	--------	d-sh--w-	c:\programdata\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}
2010-08-05 18:51 . 2010-08-05 18:51	--------	d-----w-	c:\programdata\ATI
2010-08-05 18:48 . 2010-08-05 18:48	--------	d-----w-	c:\program files\Common Files\ATI Technologies
2010-08-05 18:48 . 2010-08-05 18:39	--------	d-----w-	c:\program files\ATI
2010-08-05 18:45 . 2010-08-05 18:45	--------	d-----w-	c:\program files\Realtek
2010-08-05 18:41 . 2010-08-05 18:41	--------	d-----w-	c:\program files\DIFX
2010-08-05 18:41 . 2010-08-05 18:41	--------	d-----w-	c:\program files\AMD
2010-08-05 17:44 . 2010-08-05 17:44	--------	d-----w-	c:\programdata\TreeCardGames
2010-08-05 17:27 . 2010-08-05 14:39	--------	d-----w-	c:\program files\Common Files\Adobe
2010-08-05 17:27 . 2010-08-05 17:27	--------	d-----w-	c:\program files\Common Files\Macrovision Shared
2010-08-05 16:59 . 2010-08-05 16:59	--------	d-----w-	c:\programdata\FLEXnet
2010-08-05 15:47 . 2010-08-05 15:43	--------	d-----w-	c:\programdata\Nero
2010-08-05 15:47 . 2010-08-05 15:47	--------	d-----w-	c:\program files\Nero
2010-08-05 15:43 . 2010-08-05 15:42	--------	d-----w-	c:\program files\Common Files\Nero
2010-08-05 15:21 . 2009-07-14 04:52	--------	d-----w-	c:\program files\MSBuild
2010-08-05 15:19 . 2010-08-05 15:19	--------	d-----w-	c:\program files\Microsoft Visual Studio 8
2010-08-05 14:25 . 2010-08-05 14:25	50	----a-w-	c:\windows\system32\bridf06a.dat
2010-08-05 14:24 . 2010-08-05 14:24	--------	d-----w-	c:\programdata\Brother
2010-08-05 14:12 . 2010-08-05 14:12	--------	d-----w-	c:\program files\Microsoft.NET
2010-08-05 10:57 . 2010-08-05 10:57	--------	d-----w-	c:\program files\Logitech
2010-08-05 10:57 . 2010-08-05 10:57	--------	d-----w-	c:\users\Peter Wichtel\AppData\Roaming\Leadertech
2010-08-05 10:57 . 2010-08-05 10:54	--------	d-----w-	c:\program files\Common Files\logishrd
2010-08-05 10:55 . 2010-08-05 10:55	--------	d-sh--we	c:\programdata\Vorlagen
2010-08-05 10:55 . 2010-08-05 10:55	--------	d-sh--we	c:\programdata\Startmenü
2010-08-05 10:55 . 2010-08-05 10:55	--------	d-sh--we	c:\programdata\Favoriten
2010-08-05 10:55 . 2010-08-05 10:55	--------	d-sh--we	c:\programdata\Dokumente
2010-08-05 10:55 . 2010-08-05 10:55	--------	d-sh--we	c:\programdata\Anwendungsdaten
2010-08-05 10:55 . 2010-08-05 10:55	--------	d-sh--we	c:\program files\Gemeinsame Dateien
2010-08-05 10:47 . 2010-08-05 10:47	0	----a-w-	c:\windows\ativpsrm.bin
2010-08-05 10:46 . 2010-08-05 10:46	0	---ha-w-	c:\windows\system32\drivers\Msft_User_WpdFs_01_09_00.Wdf
2010-07-29 06:30 . 2010-08-20 19:22	197632	----a-w-	c:\windows\system32\ir32_32.dll
2010-07-29 06:30 . 2010-08-20 19:22	82944	----a-w-	c:\windows\system32\iccvid.dll
2010-07-28 15:36 . 2010-07-28 15:36	180224	----a-w-	c:\programdata\Winamp Toolbar\ieToolbar\resources\en-US\winamptbres.dll
2010-07-17 09:20 . 2010-08-05 11:39	--------	d-----w-	c:\users\Peter Wichtel\AppData\Roaming\Dream Dale score lib
2010-07-16 20:03 . 2010-08-05 11:39	160816	----a-w-	c:\users\Peter Wichtel\AppData\Local\GDIPFONTCACHEV1 (2).DAT
2010-07-07 22:17 . 2010-08-05 11:39	38	----a-w-	c:\users\Peter Wichtel\AppData\Local\Index_946EE51E.dat
2010-07-07 22:17 . 2010-08-05 11:39	38	----a-w-	c:\users\Peter Wichtel\AppData\Local\Index_946EE51E (2).dat
2009-06-10 21:26 . 2009-07-14 02:04	9633792	--sha-r-	c:\windows\Fonts\StaticCache.dat
2009-07-14 01:14 . 2009-07-13 23:42	396800	--sha-w-	c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe
.

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{57BCA5FA-5DBB-45a2-B558-1755C3F6253B}"= "c:\program files\Winamp Toolbar\winamptb.dll" [2010-07-28 1267024]

[HKEY_CLASSES_ROOT\clsid\{57bca5fa-5dbb-45a2-b558-1755c3f6253b}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\\Phone\Skype.exe" [2010-05-13 26192168]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LogitechQuickCamRibbon"="c:\program files\Logitech\Logitech WebCam Software\LWS.exe" [2009-10-14 2793304]
"GrooveMonitor"="d:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2006-10-22 620152]
"StartCCC"="d:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-07-06 98304]
"avgnt"="d:\avira\AntiVir Desktop\avgnt.exe" [2010-03-02 282792]
"USBToolTip"="c:\progra~1\Pinnacle\SHARED~1\Programs\USBTip\USBTip.exe" [2007-02-20 199752]
"USB2Check"="c:\windows\system32\PCLECoInst.dll" [2007-02-20 81920]
"RemoteControl9"="d:\program files\CyberLink\PowerDVD9\PowerDVD9\PDVD9Serv.exe" [2009-02-16 87336]
"PDVD9LanguageShortcut"="d:\program files\CyberLink\PowerDVD9\PowerDVD9\Language\Language.exe" [2008-10-13 50472]
"BDRegion"="c:\program files\Cyberlink\Shared Files\brs.exe" [2009-02-28 75048]
"WinampAgent"="d:\program files\Winamp\winampa.exe" [2010-05-19 37888]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
" Malwarebytes Anti-Malware  (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-04-29 1090952]

c:\users\Peter Wichtel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk - d:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Acrobat - Schnellstart.lnk - c:\windows\Installer\{AC76BA86-1033-F400-7760-000000000003}\_SC_Acrobat.exe [2010-8-5 295606]
Adobe Reader Synchronizer.lnk - c:\program files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe [2006-10-23 734872]
Philips SA52XX Device Manager.lnk - c:\philips\SA52xx Device Manager\SA52xx_DeviceManager.exe [2010-8-5 1384448]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"ArcSoft Connection Service"=c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe

R3 PinnacleMarvinAVS;Pinnacle AVStream Service for MovieBox Deluxe, 500-USB and 700-USB;c:\windows\system32\DRIVERS\MarvinAVS.sys [2007-05-09 434176]
S2 {B154377D-700F-42cc-9474-23858FBDF4BD};Power Control [2010/08/06 14:55];d:\program files\CyberLink\PowerDVD9\PowerDVD9\000.fcl [2009-02-28 17:40 87536]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-07-07 176128]
S2 AntiVirMailService;Avira AntiVir MailGuard;d:\avira\AntiVir Desktop\avmailc.exe [2010-03-30 337064]
S2 AntiVirSchedulerService;Avira AntiVir Planer;d:\avira\AntiVir Desktop\sched.exe [2010-02-24 135336]
S2 AntiVirWebService;Avira AntiVir WebGuard;d:\avira\AntiVir Desktop\AVWEBGRD.EXE [2010-04-01 405672]
S2 Application Updater;Application Updater;c:\program files\Application Updater\ApplicationUpdater.exe [2010-01-07 380928]
S2 NAUpdate;Nero Update;c:\program files\Nero\Update\NASvc.exe [2010-03-25 490280]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;d:\program files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [2009-10-30 1021256]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2010-07-07 5882368]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2010-07-07 210944]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2010-03-22 278560]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;d:\program files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys [2009-10-14 10064]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2009-04-03 27320]


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
UxTuneUp
.
.
------- Zusätzlicher Suchlauf -------
.
IE: &Winamp Search - c:\programdata\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
IE: An vorhandenes PDF anfügen - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Auswahl in Adobe PDF konvertieren - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Auswahl in vorhandene PDF-Datei konvertieren - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: In Adobe PDF konvertieren - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
IE: Verknüpfungsziel in Adobe PDF konvertieren - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
LSP: d:\avira\AntiVir Desktop\avsda.dll
FF - ProfilePath - c:\users\Peter Wichtel\AppData\Roaming\Mozilla\Firefox\Profiles\7ns36sz1.default\
FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampie7&query=
FF - prefs.js: browser.search.selectedEngine - Winamp Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/webhp?rls=ig&cplp=1283073759557
FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampab&query=
FF - component: c:\users\Peter Wichtel\AppData\Roaming\Mozilla\Firefox\Profiles\7ns36sz1.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}\components\WinampTBPlayer.dll
FF - component: c:\users\Peter Wichtel\AppData\Roaming\Mozilla\Firefox\Profiles\7ns36sz1.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\components\FFExternalAlert.dll
FF - component: c:\users\Peter Wichtel\AppData\Roaming\Mozilla\Firefox\Profiles\7ns36sz1.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\components\RadioWMPCore.dll
FF - component: d:\program files\ArcSoft\Media Converter for Philips\Internet Video Downloader\Plugin_FireFox\components\nsURLRecordEx.dll
FF - component: d:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\components\SkypeFfComponent.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: d:\program files\Adobe\Reader 9.0\Reader\browser\nppdf32.dll
FF - plugin: d:\program files\Mozilla Firefox\plugins\npwachk.dll

---- FIREFOX Richtlinien ----
d:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true); 
d:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); 
d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -

BHO-{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - (no file)
Toolbar-{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - (no file)
HKLM-Run-SearchSettings - c:\program files\Search Settings\SearchSettings.exe



[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{B154377D-700F-42cc-9474-23858FBDF4BD}]
"ImagePath"="\??\d:\program files\CyberLink\PowerDVD9\PowerDVD9\000.fcl"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\system32\atieclxx.exe
c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
d:\avira\AntiVir Desktop\avguard.exe
c:\windows\system32\taskhost.exe
d:\avira\AntiVir Desktop\avshadow.exe
c:\windows\system32\conhost.exe
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
d:\program files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
c:\windows\system32\WUDFHost.exe
c:\windows\system32\conhost.exe
c:\program files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe
c:\program files\Common Files\Logishrd\LQCVFX\COCIManager.exe
d:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
d:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
c:\program files\Adobe\Acrobat 8.0\Acrobat\acrobat_sl.exe
c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\sppsvc.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2010-09-06  21:43:17 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2010-09-06 19:43

Vor Suchlauf: 7 Verzeichnis(se), 185.335.873.536 Bytes frei
Nach Suchlauf: 12 Verzeichnis(se), 184.954.372.096 Bytes frei

- - End Of File - - 05190ADBECF951EB5BE724DD0A3FA810
         
--- --- ---

Alt 06.09.2010, 20:51   #7
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Unbekannte Meldung - Standard

Unbekannte Meldung



Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus

Anschließend den bootkit_remover herunterladen. Entpacke das Tool in einen eigenen Ordner auf dem Desktop und führe in diesem Ordner die Datei remove.exe aus.

Wenn Du Windows Vista oder Windows 7 verwendest, musst Du die remover.exe über ein Rechtsklick => als Administrator ausführen

Ein schwarzes Fenster wird sich öffnen und automatisch nach bösartigen Veränderungen im MBR suchen.
Poste dann bitte, ob es Veränderungen gibt und wenn ja in welchem device. Am besten alles posten was die remover.exe ausgibt.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 06.09.2010, 22:13   #8
obelix98
 
Unbekannte Meldung - Standard

Unbekannte Meldung



Hier das OSAM-Log

OSAM Logfile:
Code:
ATTFilter
Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 23:10:39 on 06.09.2010

OS: Windows 7  (Build 7600), 32-bit
Default Browser: Mozilla Corporation Firefox 3.6.8

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Control Panel Objects]
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"mlcfg32.cpl" - "Microsoft Corporation" - D:\PROGRA~2\MICROS~1\Office12\MLCFG32.CPL
"Nero BurnRights 10" - "Nero AG" - D:\Program Files\Nero\Nero 10\Nero BurnRights\NeroBurnRights_10.cpl

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"avgntflt" (avgntflt) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avgntflt.sys
"avipbb" (avipbb) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avipbb.sys
"catchme" (catchme) - ? - C:\Users\PETERW~1\AppData\Local\Temp\catchme.sys  (File not found)
"Power Control [2010/08/06 14:55:52]" ({B154377D-700F-42cc-9474-23858FBDF4BD}) - ? - d:\Program Files\CyberLink\PowerDVD9\PowerDVD9\000.fcl
"ssmdrv" (ssmdrv) - "Avira GmbH" - C:\Windows\System32\DRIVERS\ssmdrv.sys
"TuneUpUtilitiesDrv" (TuneUpUtilitiesDrv) - "TuneUp Software" - D:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys

[Explorer]
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
-----( HKLM\Software\Classes\Protocols\Filter )-----
{807563E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
-----( HKLM\Software\Classes\Protocols\Handler )-----
{314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
{828030A1-22C1-4009-854F-8E305202313F} "livecall" - "Microsoft Corporation" - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL
{88FED34C-F0CA-4636-A375-3CB6248B04CD} "Local Groove Web Services Protocol" - "Microsoft Corporation" - D:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
{828030A1-22C1-4009-854F-8E305202313F} "msnim" - "Microsoft Corporation" - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL
{03C514A3-1EFB-4856-9F99-10D7BE1653C0} "Windows Live Mail HTML Asynchronous Pluggable Protocol Handler" - "Microsoft Corporation" - C:\Program Files\Windows Live\Mail\mailcomm.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )-----
{B5A7F190-DDA6-4420-B3BA-52453494E6CD} "Groove GFS Stub Execution Hook" - "Microsoft Corporation" - D:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{AEB6717E-7E19-11d0-97EE-00C04FD91972} "{AEB6717E-7E19-11d0-97EE-00C04FD91972}" - ? -   (File not found | COM-object registry key not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{79BC0345-1015-11D2-A299-006008312725} "///FAST project settings" - ? - D:\Program Files\Pinnacle\Studio 14\Programs\BlueShellExt.dll  (File found, but it contains no detailed information)
{D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802} "Acrobat Elements Context Menu" - "Adobe Systems Inc." - C:\Program Files\Adobe\Acrobat 8.0\Acrobat Elements\ContextMenu.dll
{0563DB41-F538-4B37-A92D-4659049B7766} "CLSID_WLMCMimeFilter" - "Microsoft Corporation" - C:\Program Files\Windows Live\Mail\mailcomm.dll
{872A9397-E0D6-4e28-B64D-52B8D0A7EA35} "DisplayCplExt Class" - "Advanced Micro Devices, Inc." - d:\Program Files\ATI Technologies\ATI.ACE\Core-Static\atiamaxx.dll
{99FD978C-D287-4F50-827F-B2C658EDA8E7} "Groove Explorer Icon Overlay 1 (GFS Unread Stub)" - "Microsoft Corporation" - D:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} "Groove Explorer Icon Overlay 2 (GFS Stub)" - "Microsoft Corporation" - D:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{920E6DB1-9907-4370-B3A0-BAFC03D81399} "Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)" - "Microsoft Corporation" - D:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{16F3DD56-1AF5-4347-846D-7C10C4192619} "Groove Explorer Icon Overlay 3 (GFS Folder)" - "Microsoft Corporation" - D:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{2916C86E-86A6-43FE-8112-43ABE6BF8DCC} "Groove Explorer Icon Overlay 4 (GFS Unread Mark)" - "Microsoft Corporation" - D:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{2A541AE1-5BF6-4665-A8A3-CFA9672E4291} "Groove Folder Synchronization" - "Microsoft Corporation" - D:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{72853161-30C5-4D22-B7F9-0BBC1D38A37E} "Groove GFS Browser Helper" - "Microsoft Corporation" - D:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{6C467336-8281-4E60-8204-430CED96822D} "Groove GFS Context Menu Handler" - "Microsoft Corporation" - D:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{B5A7F190-DDA6-4420-B3BA-52453494E6CD} "Groove GFS Stub Execution Hook" - "Microsoft Corporation" - D:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{A449600E-1DC6-4232-B948-9BD794D62056} "Groove GFS Stub Icon Handler" - "Microsoft Corporation" - D:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{387E725D-DC16-4D76-B310-2C93ED4752A0} "Groove XML Icon Handler" - "Microsoft Corporation" - D:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - D:\Program Files\Microsoft Office\Office12\msohevi.dll
{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C} "Microsoft Office OneNote Namespace Extension for Windows Desktop Search" - "Microsoft Corporation" - D:\PROGRA~2\MICROS~1\Office12\ONFILTER.DLL
{00020D75-0000-0000-C000-000000000046} "Microsoft Office Outlook" - "Microsoft Corporation" - D:\PROGRA~2\MICROS~1\Office12\MLSHEXT.DLL
{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{F764812A-132C-4013-9960-5CBBEB408A0E} "NeroShellExt Class" - "Nero AG" - C:\Program Files\Common Files\Nero\NeroShellExt\NeroShellExt.dll
{0006F045-0000-0000-C000-000000000046} "Outlook File Icon Extension" - "Microsoft Corporation" - D:\PROGRA~2\MICROS~1\Office12\OLKFSTUB.DLL
{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira GmbH" - D:\Avira\AntiVir Desktop\shlext.dll
{5E2121EE-0300-11D4-8D3B-444553540000} "SimpleShlExt Class" - "Advanced Micro Devices, Inc." - d:\Program Files\ATI Technologies\ATI.ACE\Core-Static\atiacmxx.dll
{4838CD50-7E5D-4811-9B17-C47A85539F28} "TuneUp Disk Space Explorer Shell Extension" - "TuneUp Software" - D:\Program Files\TuneUp Utilities 2010\DseShExt-x86.dll
{4858E7D9-8E12-45a3-B6A3-1CD128C9D403} "TuneUp Shredder Shell Extension" - "TuneUp Software" - D:\Program Files\TuneUp Utilities 2010\SDShelEx-win32.dll
{B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - "Alexander Roshal" - D:\Program Files\WinRAR\rarext.dll

[Internet Explorer]
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
<binary data> "Adobe PDF" - "Adobe Systems Incorporated" - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
ITBar7Height "ITBar7Height" - ? -   (File not found | COM-object registry key not found)
<binary data> "ITBar7Layout" - ? -   (File not found | COM-object registry key not found)
-----( HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks )-----
{57BCA5FA-5DBB-45a2-B558-1755C3F6253B} "Winamp Search Class" - "AOL LLC." - C:\Program Files\Winamp Toolbar\winamptb.dll
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_21" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} "Java Plug-in 1.6.0_21" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_21" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_21.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
{48E73304-E1D6-4330-914C-F5F514E3486C} "An OneNote senden" - "Microsoft Corporation" - D:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
{FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Research" - "Microsoft Corporation" - D:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )-----
<binary data> "Adobe PDF" - "Adobe Systems Incorporated" - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
{EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} "Winamp Toolbar" - "AOL LLC." - C:\Program Files\Winamp Toolbar\winamptb.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{AE7CD045-E861-484f-8273-0445EE161910} "Adobe PDF Conversion Toolbar Helper" - "Adobe Systems Incorporated" - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
{72853161-30C5-4D22-B7F9-0BBC1D38A37E} "Groove GFS Browser Helper" - "Microsoft Corporation" - D:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{11222041-111B-46E3-BD29-EFB2449479B1} "IEPlugin Class" - "ArcSoft, Inc." - d:\PROGRA~2\ArcSoft\MEDIAC~1\INTERN~1\ARCURL~1.DLL
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2ssv.dll
{25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} "Winamp Toolbar Loader" - "AOL LLC." - C:\Program Files\Winamp Toolbar\winamptb.dll
{9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live Anmelde-Hilfsprogramm" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

[Logon]
-----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk" - "Microsoft Corporation" - D:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE  (Shortcut exists | File exists)
"desktop.ini" - ? - C:\Users\Peter Wichtel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"Adobe Acrobat - Schnellstart.lnk" - "Adobe Systems Incorporated" - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrobat_sl.exe  (Shortcut exists | File exists)
"Adobe Reader Synchronizer.lnk" - "Adobe Systems Incorporated" - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe  (Shortcut exists | File exists)
"desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
"Philips SA52XX Device Manager.lnk" - "Philips" - C:\Philips\SA52xx Device Manager\SA52xx_DeviceManager.exe  (Shortcut exists | File exists)
-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----
"Skype" - "Skype Technologies S.A." - "C:\Program Files\Skype\\Phone\Skype.exe" /nosplash /minimized
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"Acrobat Assistant 8.0" - "Adobe Systems Inc." - "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
"avgnt" - "Avira GmbH" - "D:\Avira\AntiVir Desktop\avgnt.exe" /min
"BDRegion" - "cyberlink" - C:\Program Files\Cyberlink\Shared Files\brs.exe
"GrooveMonitor" - "Microsoft Corporation" - "D:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
"LogitechQuickCamRibbon" - "Logitech Inc." - "C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe" /hide
" Malwarebytes Anti-Malware  (reboot)" - "Malwarebytes Corporation" - "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
"PDVD9LanguageShortcut" - "CyberLink Corp." - "d:\Program Files\CyberLink\PowerDVD9\PowerDVD9\Language\Language.exe"
"RemoteControl9" - "CyberLink Corp." - "d:\Program Files\CyberLink\PowerDVD9\PowerDVD9\PDVD9Serv.exe"
"StartCCC" - "Advanced Micro Devices, Inc." - "d:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
"SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
"USBToolTip" - "Pinnacle Systems GmbH" - C:\PROGRA~1\Pinnacle\SHARED~1\Programs\USBTip\USBTip.exe
"WinampAgent" - "Nullsoft, Inc." - "d:\Program Files\Winamp\winampa.exe"

[Print Monitors]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----
"Microsoft Document Imaging Writer Monitor" - "Microsoft Corporation" - C:\Windows\system32\mdimon.dll
"PDFCreator" - ? - C:\Windows\system32\pdfcmnnt.dll  (File found, but it contains no detailed information)
"Send To Microsoft OneNote Monitor" - "Microsoft Corporation" - C:\Windows\system32\msonpmon.dll

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"@%SystemRoot%\System32\uxtuneup.dll,-4096" (UxTuneUp) - "TuneUp Software" - C:\Windows\System32\uxtuneup.dll
"@C:\Program Files\Nero\Update\NASvc.exe,-200" (NAUpdate) - "Nero AG" - C:\Program Files\Nero\Update\NASvc.exe
"@D:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe,-1" (TuneUp.Defrag) - "TuneUp Software" - D:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe
"Application Updater" (Application Updater) - "Spigot, Inc." - C:\Program Files\Application Updater\ApplicationUpdater.exe
"ArcSoft Connect Daemon" (ACDaemon) - "ArcSoft Inc." - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
"Avira AntiVir Guard" (AntiVirService) - "Avira GmbH" - D:\Avira\AntiVir Desktop\avguard.exe
"Avira AntiVir MailGuard" (AntiVirMailService) - "Avira GmbH" - D:\Avira\AntiVir Desktop\avmailc.exe
"Avira AntiVir Planer" (AntiVirSchedulerService) - "Avira GmbH" - D:\Avira\AntiVir Desktop\sched.exe
"Avira AntiVir WebGuard" (AntiVirWebService) - "Avira GmbH" - D:\Avira\AntiVir Desktop\AVWEBGRD.EXE
"FLEXnet Licensing Service" (FLEXnet Licensing Service) - "Macrovision Europe Ltd." - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
"Machine Debug Manager" (MDM) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
"Microsoft Office Diagnostics Service" (odserv) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
"Microsoft Office Groove Audit Service" (Microsoft Office Groove Audit Service) - "Microsoft Corporation" - D:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
"Office Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
"Process Monitor" (LVPrcSrv) - "Logitech Inc." - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
"TuneUp Utilities Service" (TuneUp.UtilitiesSvc) - "TuneUp Software" - D:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe

[Winsock Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries )-----
"AVSDA" - "Avira GmbH" - D:\Avira\AntiVir Desktop\avsda.dll

===[ Logfile end ]=========================================[ Logfile end ]===
         
--- --- ---

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru

Alt 06.09.2010, 22:17   #9
obelix98
 
Unbekannte Meldung - Standard

Unbekannte Meldung



Meldung bootkit remover:

PhysicalDrive 1

MBR-Status OK

Alt 06.09.2010, 22:20   #10
obelix98
 
Unbekannte Meldung - Standard

Unbekannte Meldung



Hau mich aufs Ohr, bis morgen und vielen Dank bis dahin


Alt 06.09.2010, 22:28   #11
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Unbekannte Meldung - Standard

Unbekannte Meldung



Bitte die meldung komplett und nicht halbherzig posten!
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 07.09.2010, 21:46   #12
obelix98
 
Unbekannte Meldung - Standard

Unbekannte Meldung



Hier die Meldung von bootkit remover:

Bootkit Remover
(c) 2009 eSage Lab
www.esagelab.com

Program version: 1.2.0.0
OS Version: Microsoft Windows 7 (build 7600), 32-bit

System volume is \\.\C:
\\.\C: -> \\.\PhysicalDrive1 at offset 0x00000000`00007e00
Boot sector MD5 is: bb4f1627d8b9beda49ac0d010229f3ff

Size Device Name MBR Status
--------------------------------------------
698 GB \\.\PhysicalDrive1 OK (DOS/Win32 Boot code found)


Done;
Press any key to quit...

Alt 08.09.2010, 12:29   #13
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Unbekannte Meldung - Standard

Unbekannte Meldung



Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 08.09.2010, 20:37   #14
obelix98
 
Unbekannte Meldung - Standard

Unbekannte Meldung



Hier die beiden logs:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 4572

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

08.09.2010 20:11:40
mbam-log-2010-09-08 (20-11-40).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 138959
Laufzeit: 3 Minute(n), 30 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)


SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com

Generated 09/08/2010 at 09:19 PM

Application Version : 4.42.1000

Core Rules Database Version : 5472
Trace Rules Database Version: 3284

Scan type : Complete Scan
Total Scan Time : 00:56:47

Memory items scanned : 889
Memory threats detected : 0
Registry items scanned : 10178
Registry threats detected : 0
File items scanned : 169033
File threats detected : 20

Adware.Tracking Cookie
C:\Users\Peter Wichtel\AppData\Roaming\Microsoft\Windows\Cookies\peter_wichtel@atdmt[2].txt
C:\Users\Peter Wichtel\AppData\Roaming\Microsoft\Windows\Cookies\peter_wichtel@content.yieldmanager[1].txt
C:\Users\Peter Wichtel\AppData\Roaming\Microsoft\Windows\Cookies\peter_wichtel@ad.yieldmanager[2].txt
cdn-www.pornhub.com [ F:\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\C8W58ZSU ]
mediathek.daserste.de [ F:\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\C8W58ZSU ]
naiadsystems.com [ F:\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\C8W58ZSU ]
www.oneclicktube.com [ F:\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\C8W58ZSU ]
wwwstatic.megaporn.com [ F:\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\C8W58ZSU ]

Trojan.VXGame-Variant/D
E:\SPIELE\ANNO\ANNO 1503\ANNO.1503.SETTING.OUT.FOR.A.NEW.WORLD.V10.GER.CHEATER98.NOCD\ANNO1503 1[1].0 GERMAN NOCD CRACK BY CHEATER98.EXE

Unclassified.Unknown Origin
E:\SPIELE\MAGIC BALL\MAGICBALL2CRACKAHTEAM\KEYGEN.NFO
E:\SPIELE\MAGIC BALL\MAGICBALL2V1.0GERMANUNLOCKERTNT\KEYGEN.NFO
F:\SOFTWARE\FONTTWISTERV1.2CRACKOSA\KEYGEN.NFO

Trojan.Agent/Gen-Cryptor[Egun]
F:\VISUAL BASIC\VISUAL BASIC\VBE\CODE\BEGINNING VISUAL BASIC 6 OBJECTS\BEGOBJ\CHAPTER5\PAGE158\EXESERVERTEST.EXE
F:\VISUAL BASIC\VISUAL BASIC\VBE\CODE\BEGINNING VISUAL BASIC 6 OBJECTS\BEGOBJ\CHAPTER5\PAGE166\EXESERVERTEST.EXE
F:\VISUAL BASIC\VISUAL BASIC\VBE\CODE\PROFESSIONAL VISUAL BASIC 6 MTS PROGRAMMING\WROX\CODE\CASE STUDY\SIMPLEORDER\SIMPLEORDER.EXE
F:\VISUAL BASIC\VISUAL BASIC\VBE\CODE\PROFESSIONAL VISUAL BASIC 6 DATABASES\CHAPTER16\3-TIER SECURITY\CLIENT.EXE
F:\VISUAL BASIC\VISUAL BASIC\VBE\CODE\PROFESSIONAL VISUAL BASIC 6 DATABASES\CHAPTER16\3-TIER SECURITY\MTSCODE\CLIENT.EXE
F:\VISUAL BASIC\VISUAL BASIC\VBE\PROGRAMMING VB6\CODE\IV. ACTIVEX PROGRAMMING\CHAPTER16\CALLBACK\SERVER\PRINTSERVER.EXE
F:\VISUAL BASIC\VISUAL BASIC\VBE\PROGRAMMING VB6\CODE\IV. ACTIVEX PROGRAMMING\CHAPTER16\CALLBACK\SERVER\PRINTSERVER_REF.EXE
F:\VISUAL BASIC\VISUAL BASIC\VBE\PROGRAMMING VB6\CODE\V. INTERNET PROGRAMMING\CHAPTER19\DHTMLED\DHTMLED.EXE

Alt 08.09.2010, 21:00   #15
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Unbekannte Meldung - Standard

Unbekannte Meldung



Zitat:
E:\SPIELE\MAGIC BALL\MAGICBALL2CRACKAHTEAM\KEYGEN.NFO
E:\SPIELE\MAGIC BALL\MAGICBALL2V1.0GERMANUNLOCKERTNT\KEYGEN.NFO
F:\SOFTWARE\FONTTWISTERV1.2CRACKOSA\KEYGEN.NFO


Die (Be)nutzung von Cracks, Serials und Keygens ist illegal, somit gibt es im Trojaner-Board keinen weiteren Support mehr.

Für Dich geht es hier weiter => Neuaufsetzen des Systems
Bitte auch alle Passwörter abändern (für E-Mail-Konten, StudiVZ, Ebay...einfach alles!) da nicht selten in dieser dubiosen Software auch Keylogger und Backdoorfunktionen stecken.

Danach nie wieder sowas anrühren!
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Antwort

Themen zu Unbekannte Meldung
arten, beim starten, bekannte, desktop, folge, folgende, gefunde, meldung, modul, probleme, probleme beim starten, starte, starten, unbekannte, unternehmen, windows, windows 7, zusammen



Ähnliche Themen: Unbekannte Meldung


  1. unbekannte updater.exe
    Plagegeister aller Art und deren Bekämpfung - 19.01.2015 (3)
  2. Unbekannte Dateien im Downloadordner und unbekannte Programme auf dem Desktop
    Plagegeister aller Art und deren Bekämpfung - 01.12.2013 (11)
  3. unbekannte Antiviren Programm Meldung
    Plagegeister aller Art und deren Bekämpfung - 29.12.2010 (7)
  4. unbekannte Prozesse
    Plagegeister aller Art und deren Bekämpfung - 08.11.2009 (1)
  5. Unbekannte Dateiordner
    Plagegeister aller Art und deren Bekämpfung - 24.07.2009 (3)
  6. Unbekannte dll's
    Log-Analyse und Auswertung - 30.04.2009 (43)
  7. unbekannte Druckaufträge
    Log-Analyse und Auswertung - 03.04.2009 (5)
  8. 2 unbekannte .exe-files
    Plagegeister aller Art und deren Bekämpfung - 29.01.2009 (0)
  9. Unbekannte .exe Datei
    Plagegeister aller Art und deren Bekämpfung - 25.12.2008 (12)
  10. Unbekannte .exe Datei
    Mülltonne - 24.12.2008 (0)
  11. Unbekannte .scr datei
    Plagegeister aller Art und deren Bekämpfung - 23.12.2008 (12)
  12. Unbekannte Zeile
    Log-Analyse und Auswertung - 19.12.2005 (2)
  13. Unbekannte Dateien
    Log-Analyse und Auswertung - 23.11.2005 (1)
  14. HIIFE: Meldung "Veränderung im Startmenü - Dialer?" Wer kennt diese Meldung?
    Plagegeister aller Art und deren Bekämpfung - 03.04.2005 (3)
  15. Unbekannte Datei: JET*.tmp
    Plagegeister aller Art und deren Bekämpfung - 04.03.2005 (4)
  16. Unbekannte Dateien
    Plagegeister aller Art und deren Bekämpfung - 10.02.2005 (10)
  17. Unbekannte Dateien
    Plagegeister aller Art und deren Bekämpfung - 09.02.2005 (1)

Zum Thema Unbekannte Meldung - Hi zusammen ! Bekomme nach dem Starten von Windows 7 folgende Meldung auf dem Desktop: Probleme beim Starten von winfir32.rom. Das angegebene Modul wurde nicht gefunden. Kennt jemand diese Meldung - Unbekannte Meldung...
Archiv
Du betrachtest: Unbekannte Meldung auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.