Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Silly Gen und andere Viren

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 24.11.2010, 16:57   #1
JaninaW
 
Silly Gen und andere Viren - Standard

Silly Gen und andere Viren



Hallo allerseits,
ich habe ein Problem mit einem Virus. Ich habe bereits Malwarebytes heruntergeladen und laufen lassen mit vorgendem Report:
(falls auch Log von HijackThis gebraucht wird, poste ich sie noch)

Infizierte Registrierungsschlüssel:
HKEY_CURRENT_USER\Software\Schmidt-Pro (Trojan.Agent) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\updata (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\vgt (Trojan.Dialer) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\windowsxp (Malware.Trace) -> Quarantined and deleted successfully.

Infizierte Dateiobjekte der Registrierung:
HKEY_CLASSES_ROOT\scrfile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: ("C:\Programme\Internet Explorer\Iexplore.exe" %1) Good: ("%1" /S) -> Quarantined and deleted successfully.

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
C:\WINDOWS\system32\Kennel32.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\kernel22.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mfc22.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\speicher-66.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\WINDOWS\speicher-88.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\WINDOWS\speicher-k2.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\WINDOWS\win1.bat (Trojan.BAT.DriveBy) -> Quarantined and deleted successfully.

Ich habe alle infizierten Dateine gelöscht, wie es bei euch in der Anleitung steht. Was nun? An den Symptomen hat sich nichts geändert.
Symptome: PC ist sehr langsam (6 min zum hochfahren), auf den Arbeitsplatz kann man nur noch über den Desktop zugreifen, abspielen von Videos macht er gar nicht mehr oder der PC hängt sich auf. Der Virus kopiert sich selbst auf alle Datenträger, die ich an den PC hänge innerhalb weniger Sekunden und nennt sich: EIGENERNAME.vbs

ps: es gibt bereits ein Thema zu diesem Virus auf dieser Seite:
trojaner-board.de/69746-html-silly-gen-virenmeldung-im-minutentakt.html

Ich bin dankbar für jede Hilfe.
Liebe Grüße
Janina

Geändert von JaninaW (24.11.2010 um 17:05 Uhr)

Alt 24.11.2010, 21:58   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Silly Gen und andere Viren - Standard

Silly Gen und andere Viren



Was sollen wir mit so halben Logfiles anfangen? Poste sie vollständig oder lass es ganz bleiben
__________________

__________________

Alt 25.11.2010, 20:55   #3
JaninaW
 
Silly Gen und andere Viren - Standard

Silly Gen und andere Viren



Kein Problem, ich bin unwissend ! Bitteschön

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|F:\|)
Durchsuchte Objekte: 240321
Laufzeit: 3 Stunde(n), 48 Minute(n), 33 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 1
Infizierte Registrierungswerte: 3
Infizierte Dateiobjekte der Registrierung: 1
Infizierte Verzeichnisse: 0
Infizierte Dateien: 7

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_CURRENT_USER\Software\Schmidt-Pro (Trojan.Agent) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\updata (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\vgt (Trojan.Dialer) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\windowsxp (Malware.Trace) -> Quarantined and deleted successfully.

Infizierte Dateiobjekte der Registrierung:
HKEY_CLASSES_ROOT\scrfile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: ("C:\Programme\Internet Explorer\Iexplore.exe" %1) Good: ("%1" /S) -> Quarantined and deleted successfully.

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
C:\WINDOWS\system32\Kennel32.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\kernel22.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mfc22.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\speicher-66.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\WINDOWS\speicher-88.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\WINDOWS\speicher-k2.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\WINDOWS\win1.bat (Trojan.BAT.DriveBy) -> Quarantined and deleted successfully.


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:03:08, on 24.11.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Gemeinsame Dateien\ArcSoft\Connection Service\Bin\ACService.exe
C:\Programme\Cisco Systems\VPN Client\cvpnd.exe
C:\Programme\ICQ6Toolbar\ICQ Service.exe
C:\Programme\Canon\IJPLM\IJPLMSVC.EXE
C:\Programme\Java\jre6\bin\jqs.exe
C:\Programme\System Control Manager\MSIService.exe
C:\WINDOWS\system32\PSIService.exe
C:\Programme\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Dokumente und Einstellungen\Nina\Anwendungsdaten\OCS\SM\SearchAnonymizerHelper.exe
C:\WINDOWS\system32\svchost.exe
C:\Programme\XSManager\WTGService.exe
C:\WINDOWS\service4g.exe
C:\Programme\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Programme\System Control Manager\MGSysCtrl.exe
C:\Programme\SweetIM\Messenger\SweetIM.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Programme\Canon\MyPrinter\BJMyPrt.exe
C:\Programme\Cyberlink\Power2Go\CLMLSvc.exe
C:\Programme\CyberLink\PowerDVD8\PDVD8Serv.exe
C:\Programme\ICQ7.2\ICQ.exe
C:\Programme\lg_fwupdate\fwupdate.exe
C:\Programme\Gemeinsame Dateien\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Programme\Gemeinsame Dateien\ArcSoft\Connection Service\Bin\ArcCon.ac
C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\starter4g.exe
C:\WINDOWS\System32\WScript.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\DAEMON Tools Lite\DTLite.exe
C:\Programme\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Programme\Cisco Systems\VPN Client\vpngui.exe
C:\Programme\OpenOffice.org 3\program\soffice.exe
C:\Programme\OpenOffice.org 3\program\soffice.bin
C:\WINDOWS\System32\svchost.exe
C:\Programme\Mozilla Firefox\firefox.exe
C:\Dokumente und Einstellungen\Nina\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://home.sweetim.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Hacked by JANINA
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy:3128
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: SweetIM ToolbarURLSearchHook Class - {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Programme\SweetIM\Toolbars\Internet Explorer\mgHelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Programme\AskBarDis\bar\bin\askBar.dll
O2 - BHO: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Programme\Canon\Easy-WebPrint EX\ewpexbho.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Programme\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Programme\Windows Live\Toolbar\wltcore.dll
O2 - BHO: kikin Plugin - {E601996F-E400-41CA-804B-CD6373A7EEE2} - C:\Programme\kikin\ie_kikin.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SWEETIE - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Programme\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programme\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: SweetIM Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Programme\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O3 - Toolbar: Foxit Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Programme\AskBarDis\bar\bin\askBar.dll
O3 - Toolbar: Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Programme\Canon\Easy-WebPrint EX\ewpexhlp.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Programme\DAEMON Tools Toolbar\DTToolbar.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll
O4 - HKLM\..\Run: [StartCCC] "C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [MGSysCtrl] C:\Programme\System Control Manager\MGSysCtrl.exe
O4 - HKLM\..\Run: [Ocs_SM] C:\Dokumente und Einstellungen\Nina\Anwendungsdaten\OCS\SM\SearchAnonymizer.exe
O4 - HKLM\..\Run: [avgnt] "C:\Windows\svschost-xx.exe" /min
O4 - HKLM\..\Run: [Windows Defender] "C:\Programme\Windows-Defender\svschost-xx.exe" /min
O4 - HKLM\..\Run: [SweetIM] C:\Programme\SweetIM\Messenger\SweetIM.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\svschost-xx.exe /auto
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Programme\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [UpdateLBPShortCut] "C:\Programme\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Programme\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
O4 - HKLM\..\Run: [CLMLServer] "C:\Programme\Cyberlink\Power2Go\CLMLSvc.exe"
O4 - HKLM\..\Run: [UpdateP2GoShortCut] "C:\Programme\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Programme\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
O4 - HKLM\..\Run: [RemoteControl8] C:\Programme\CyberLink\PowerDVD8\PDVD8Serv.exe
O4 - HKLM\..\Run: [PDVD8LanguageShortcut] C:\Programme\CyberLink\PowerDVD8\Language\Language.exe
O4 - HKLM\..\Run: [UpdatePPShortCut] "C:\Programme\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe" "C:\Programme\CyberLink\PowerProducer" UpdateWithCreateOnce "Software\CyberLink\PowerProducer\5.0"
O4 - HKLM\..\Run: [UCam_Menu] "C:\Programme\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Programme\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\2.0"
O4 - HKLM\..\Run: [LGODDFU] C:\Programme\lg_fwupdate\fwupdate.exe blrun
O4 - HKLM\..\Run: [UpdatePSTShortCut] "C:\Programme\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" "C:\Programme\CyberLink\DVD Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"
O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Programme\Gemeinsame Dateien\ArcSoft\Connection Service\Bin\ACDaemon.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Programme\Canon\SolutionMenu\CNSLMAIN.exe /logon
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [starter4g] C:\WINDOWS\starter4g.exe
O4 - HKLM\..\Run: [JANINA] C:\WINDOWS\SYSTEM32\JANINA.vbs
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] ~"C:\Programme\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Programme\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [ICQ] ~"C:\Programme\ICQ7.2\ICQ.exe" silent loginmode=4
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OpenOffice.org 3.1.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: VPN Client.lnk = ?
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Senden an &Bluetooth-Gerät... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Senden an Bluetooth - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-25/4 (file missing)
O9 - Extra 'Tools' menuitem: eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-25/4 (file missing)
O9 - Extra button: (no name) - {0F7195C2-6713-4d93-A1BC-DA5FA33F0A65} - C:\Programme\kikin\ie_kikin.dll
O9 - Extra 'Tools' menuitem: My kikin - {0F7195C2-6713-4d93-A1BC-DA5FA33F0A65} - C:\Programme\kikin\ie_kikin.dll
O9 - Extra button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-25/4 (file missing) (HKCU)
O9 - Extra 'Tools' menuitem: eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-25/4 (file missing) (HKCU)
O12 - Plugin for .csm: C:\Programme\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .csml: C:\Programme\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .cub: C:\Programme\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .cube: C:\Programme\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .dx: C:\Programme\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .emb: C:\Programme\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .embl: C:\Programme\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .gau: C:\Programme\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .jdx: C:\Programme\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .mol: C:\Programme\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .mop: C:\Programme\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .pdb: C:\Programme\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .rxn: C:\Programme\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .scr: C:\Programme\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .skc: C:\Programme\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .spt: C:\Programme\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .tgf: C:\Programme\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .xyz: C:\Programme\Internet Explorer\Plugins\npchime.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1243230124750
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1243239631578
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Programme\Gemeinsame Dateien\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Planer (AntiVirScheduler) - Unknown owner - C:\Programme\Avira\AntiVir PersonalEdition Classic\sched.exe (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Programme\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Programme\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: ICQ Service - Unknown owner - C:\Programme\ICQ6Toolbar\ICQ Service.exe
O23 - Service: Canon Inkjet Printer/Scanner/Fax Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Programme\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programme\Java\jre6\bin\jqs.exe
O23 - Service: Micro Star SCM - Micro-Star Int'l Co., Ltd. - C:\Programme\System Control Manager\MSIService.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Programme\Cyberlink\Shared files\RichVideo.exe (file missing)
O23 - Service: SearchAnonymizer - Unknown owner - C:\Dokumente und Einstellungen\Nina\Anwendungsdaten\OCS\SM\SearchAnonymizerHelper.exe
O23 - Service: WTGService - Unknown owner - C:\Programme\XSManager\WTGService.exe
O23 - Service: XS Stick Service - 4G Systems GmbH & Co. KG - C:\WINDOWS\service4g.exe

--
__________________

Geändert von JaninaW (25.11.2010 um 21:04 Uhr)

Alt 26.11.2010, 19:05   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Silly Gen und andere Viren - Standard

Silly Gen und andere Viren



Das Log von MBAM ist immer noch unvollständig.
Wenn du das mit dem markieren und einfügen nicht hinbekommst, kannst du dieLogs als Textdatei hier auch anhängen.
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 29.11.2010, 20:44   #5
JaninaW
 
Silly Gen und andere Viren - Standard

Silly Gen und andere Viren



Der alte Report:
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 5168

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

22.11.2010 17:56:06
mbam-log-2010-11-22 (17-56-06).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|F:\|)
Durchsuchte Objekte: 240321
Laufzeit: 3 Stunde(n), 48 Minute(n), 33 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 1
Infizierte Registrierungswerte: 3
Infizierte Dateiobjekte der Registrierung: 1
Infizierte Verzeichnisse: 0
Infizierte Dateien: 7

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_CURRENT_USER\Software\Schmidt-Pro (Trojan.Agent) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\updata (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\vgt (Trojan.Dialer) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\windowsxp (Malware.Trace) -> Quarantined and deleted successfully.

Infizierte Dateiobjekte der Registrierung:
HKEY_CLASSES_ROOT\scrfile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: ("C:\Programme\Internet Explorer\Iexplore.exe" %1) Good: ("%1" /S) -> Quarantined and deleted successfully.

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
C:\WINDOWS\system32\Kennel32.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\kernel22.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mfc22.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\speicher-66.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\WINDOWS\speicher-88.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\WINDOWS\speicher-k2.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\WINDOWS\win1.bat (Trojan.BAT.DriveBy) -> Quarantined and deleted successfully.



So, das ist der neue Report von Maleware:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 5168

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

29.12.2010 20:41:39
mbam-log-2010-12-29 (20-41-39).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|F:\|)
Durchsuchte Objekte: 239419
Laufzeit: 3 Stunde(n), 22 Minute(n), 20 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)

Soll ich die Dateien, die sich jetzt in der Quarantäne befinden löschen?
Obwohl das Programm anscheinend nichts mehr findet, hab ich immer noch die selben Probleme, die ich oben beschrieben habe.


Geändert von JaninaW (29.11.2010 um 20:55 Uhr)

Alt 29.11.2010, 21:08   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Silly Gen und andere Viren - Standard

Silly Gen und andere Viren



Zitat:
Datenbank Version: 5168
Du hast Malwarebytes offensichtlich vorher nicht aktualisiert. Bitte updaten und nochmal einen Vollscan machen.
__________________
--> Silly Gen und andere Viren

Alt 29.11.2010, 22:41   #7
JaninaW
 
Silly Gen und andere Viren - Standard

Silly Gen und andere Viren



Oh nein, alles klar, wird gemacht... Danke für deine Geduld mit mir

Alt 01.12.2010, 22:18   #8
JaninaW
 
Silly Gen und andere Viren - Standard

Silly Gen und andere Viren



Malwarebytes' Anti-Malware 1.50
www.malwarebytes.org

Datenbank Version: 5227

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

31.12.2010 21:15:36
mbam-log-2010-12-31 (21-15-36).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|F:\|)
Durchsuchte Objekte: 234502
Laufzeit: 2 Stunde(n), 53 Minute(n), 19 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)

Soll ich die Dateien, die sich jetzt in der Quarantäne befinden löschen?

Obwohl das Programm anscheinend nichts mehr findet, hab ich immer noch die selben Probleme, die ich oben beschrieben habe.

Geändert von JaninaW (01.12.2010 um 22:44 Uhr)

Alt 02.12.2010, 12:35   #9
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Silly Gen und andere Viren - Standard

Silly Gen und andere Viren



Systemscan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles hier in den Thread.
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 02.12.2010, 21:01   #10
JaninaW
 
Silly Gen und andere Viren - Standard

Silly Gen und andere Viren



OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 01.01.2011 20:50:11 - Run 1
OTL by OldTimer - Version 3.2.17.3     Folder = C:\Dokumente und Einstellungen\Nina\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
895,00 Mb Total Physical Memory | 425,00 Mb Available Physical Memory | 47,00% Memory free
2,00 Gb Paging File | 2,00 Gb Available in Paging File | 83,00% Paging File free
Paging file location(s): C:\pagefile.sys 1344 2688 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 133,27 Gb Total Space | 106,23 Gb Free Space | 79,72% Space Free | Partition Type: NTFS
Drive D: | 15,76 Gb Total Space | 8,63 Gb Free Space | 54,76% Space Free | Partition Type: FAT32
 
Computer Name: JANINA | User Name: Nina | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Dokumente und Einstellungen\Nina\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Programme\ICQ6Toolbar\ICQ Service.exe ()
PRC - C:\Programme\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
PRC - C:\Programme\lg_fwupdate\fwupdate.exe (BitLeader)
PRC - C:\Programme\Cisco Systems\VPN Client\vpngui.exe (Cisco Systems, Inc.)
PRC - C:\Programme\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.)
PRC - C:\Programme\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
PRC - C:\Programme\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.)
PRC - C:\Dokumente und Einstellungen\Nina\Anwendungsdaten\OCS\SM\SearchAnonymizerHelper.exe ()
PRC - C:\Programme\Gemeinsame Dateien\ArcSoft\Connection Service\Bin\ArcCon.ac (ArcSoft Inc.)
PRC - C:\Programme\Gemeinsame Dateien\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
PRC - C:\Programme\Gemeinsame Dateien\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
PRC - C:\Programme\XSManager\WTGService.exe ()
PRC - C:\WINDOWS\starter4g.exe (4G Systems GmbH & Co. KG)
PRC - C:\WINDOWS\service4g.exe (4G Systems GmbH & Co. KG)
PRC - C:\Programme\OpenOffice.org 3\program\soffice.bin (OpenOffice.org)
PRC - C:\Programme\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)
PRC - C:\Programme\Canon\MyPrinter\BJMYPRT.EXE (CANON INC.)
PRC - C:\Programme\Cyberlink\Power2Go\CLMLSvc.exe (CyberLink)
PRC - C:\Programme\System Control Manager\MGSysCtrl.exe (Micro-Star International Co., Ltd.)
PRC - C:\Programme\Cyberlink\PowerDVD8\PDVD8Serv.exe (CyberLink Corp.)
PRC - C:\Programme\Canon\IJPLM\ijplmsvc.exe ()
PRC - C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
PRC - C:\Programme\System Control Manager\MSIService.exe (Micro-Star Int'l Co., Ltd.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\PSIService.exe ()
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Dokumente und Einstellungen\Nina\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation)
MOD - C:\Programme\SweetIM\Messenger\mgAdaptersProxy.dll (SweetIM Technologies Ltd.)
MOD - C:\WINDOWS\system32\BtMmHook.dll (Broadcom Corporation.)
MOD - C:\Programme\SweetIM\Messenger\msvcr71.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (RichVideo) Cyberlink RichVideo Service(CRVS) -- C:\Programme\Cyberlink\Shared files\RichVideo.exe File not found
SRV - (AppMgmt) -- C:\WINDOWS\System32\appmgmts.dll File not found
SRV - (AntiVirUpgradeService) -- C:\DOKUME~1\Nina\LOKALE~1\Temp\AVSETUP_4ceecb40\basic\avupgsvc.exe File not found
SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir PersonalEdition Classic\avguard.exe File not found
SRV - (AntiVirScheduler) -- C:\Programme\Avira\AntiVir PersonalEdition Classic\sched.exe File not found
SRV - (ICQ Service) -- C:\Programme\ICQ6Toolbar\ICQ Service.exe ()
SRV - (SeaPort) -- C:\Programme\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
SRV - (CVPND) -- C:\Programme\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.)
SRV - (SearchAnonymizer) -- C:\Dokumente und Einstellungen\Nina\Anwendungsdaten\OCS\SM\SearchAnonymizerHelper.exe ()
SRV - (ACDaemon) -- C:\Programme\Gemeinsame Dateien\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
SRV - (WTGService) -- C:\Programme\XSManager\WTGService.exe ()
SRV - (XS Stick Service) -- C:\WINDOWS\service4g.exe (4G Systems GmbH & Co. KG)
SRV - (IJPLMSVC) -- C:\Programme\Canon\IJPLM\ijplmsvc.exe ()
SRV - (Micro Star SCM) -- C:\Programme\System Control Manager\MSIService.exe (Micro-Star Int'l Co., Ltd.)
SRV - (odserv) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (ProtexisLicensing) -- C:\WINDOWS\system32\PSIService.exe ()
SRV - (ose) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (USBCCID) -- C:\WINDOWS\System32\DRIVERS\RtsUCcid.sys File not found
DRV - (RtsUIR) -- C:\WINDOWS\System32\DRIVERS\Rts516xIR.sys File not found
DRV - (RSUSBSTOR) -- C:\WINDOWS\System32\Drivers\RtsUStor.sys File not found
DRV - (avgntflt) -- C:\Programme\Avira\AntiVir PersonalEdition Classic\avgntflt.sys File not found
DRV - (avgio) -- C:\Programme\Avira\AntiVir PersonalEdition Classic\avgio.sys File not found
DRV - (sptd) -- C:\WINDOWS\System32\Drivers\sptd.sys ()
DRV - (RTL8192se) -- C:\WINDOWS\system32\drivers\rtl8192se.sys (Realtek Semiconductor Corporation                           )
DRV - (CVPNDRVA) -- C:\WINDOWS\system32\drivers\CVPNDRVA.sys (Cisco Systems, Inc.)
DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH)
DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (RTHDMIAzAudService) -- C:\WINDOWS\system32\drivers\RtKHDMI.sys (Realtek Semiconductor Corp.)
DRV - (DNE) -- C:\WINDOWS\system32\drivers\dne2000.sys (Deterministic Networks, Inc.)
DRV - (cmnsusbser) -- C:\WINDOWS\system32\drivers\cmnsusbser.sys (Mobile Connector)
DRV - (BTKRNL) -- C:\WINDOWS\system32\drivers\btkrnl.sys (Broadcom Corporation.)
DRV - (BTWUSB) -- C:\WINDOWS\system32\drivers\btwusb.sys (Broadcom Corporation.)
DRV - (RTLE8023xp) -- C:\WINDOWS\system32\drivers\Rtenicxp.sys (Realtek Semiconductor Corporation                           )
DRV - (Ambfilt) -- C:\WINDOWS\system32\drivers\Ambfilt.sys (Creative)
DRV - (BTWDNDIS) -- C:\WINDOWS\system32\drivers\btwdndis.sys (Broadcom Corporation.)
DRV - (btaudio) -- C:\WINDOWS\system32\drivers\btaudio.sys (Broadcom Corporation.)
DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows (R) Server 2003 DDK provider)
DRV - (btwhid) -- C:\WINDOWS\system32\drivers\btwhid.sys (Broadcom Corporation.)
DRV - (BTDriver) -- C:\WINDOWS\system32\drivers\btport.sys (Broadcom Corporation.)
DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (AVIRA GmbH)
DRV - (CVirtA) -- C:\WINDOWS\system32\drivers\CVirtA.sys (Cisco Systems, Inc.)
DRV - (Afc) -- C:\WINDOWS\system32\drivers\afc.sys (Arcsoft, Inc.)
DRV - (Monfilt) -- C:\WINDOWS\system32\drivers\Monfilt.sys (Creative Technology Ltd.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://home.sweetim.com
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/
IE - HKCU\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKCU\..\URLSearchHook: {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Programme\SweetIM\Toolbars\Internet Explorer\mgHelper.dll (SweetIM Technologies Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = proxy:3128
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.sweetim.com/search.asp?src=2&q="
FF - prefs.js..browser.search.selectedEngine: "ICQ Search"
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledItems: DTToolbar@toolbarnet.com:1.1.0.0283
FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:1.1.6
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {AA994882-F391-4d2e-806F-8908DA4814ED}:1.11
FF - prefs.js..extensions.enabledItems: {EEE6C361-6118-11DC-9C72-001320C79847}:1.0.0.9
FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.1.7&q="
FF - prefs.js..sweetim.toolbar.previous.browser.search.defaultenginename: "chrome://browser-region/locale/region.properties"
FF - prefs.js..browser.startup.homepage: "www.google.de"
FF - prefs.js..sweetim.toolbar.previous.keyword.URL: "chrome://browser-region/locale/region.properties"
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.15\extensions\\Components: C:\Programme\Mozilla Firefox\components [2010.11.17 19:24:25 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.15\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2010.10.29 12:12:57 | 000,000,000 | ---D | M]
 
[2009.10.10 18:44:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Nina\Anwendungsdaten\Mozilla\Extensions
[2010.12.30 18:25:51 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Nina\Anwendungsdaten\Mozilla\Firefox\Profiles\7g0tjua6.default\extensions
[2009.10.10 18:46:46 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Dokumente und Einstellungen\Nina\Anwendungsdaten\Mozilla\Firefox\Profiles\7g0tjua6.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.08.29 22:55:51 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Nina\Anwendungsdaten\Mozilla\Firefox\Profiles\7g0tjua6.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2009.10.11 17:02:26 | 000,000,000 | ---D | M] (kikin plugin (Murb.com Edition)) -- C:\Dokumente und Einstellungen\Nina\Anwendungsdaten\Mozilla\Firefox\Profiles\7g0tjua6.default\extensions\{AA994882-F391-4d2e-806F-8908DA4814ED}
[2009.11.05 14:02:52 | 000,000,000 | ---D | M] (SweetIM Toolbar for Firefox) -- C:\Dokumente und Einstellungen\Nina\Anwendungsdaten\Mozilla\Firefox\Profiles\7g0tjua6.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}
[2010.02.01 15:19:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Nina\Anwendungsdaten\Mozilla\Firefox\Profiles\7g0tjua6.default\extensions\DTToolbar@toolbarnet.com
[2010.12.26 17:58:55 | 000,000,961 | ---- | M] () -- C:\Dokumente und Einstellungen\Nina\Anwendungsdaten\Mozilla\Firefox\Profiles\7g0tjua6.default\searchplugins\icqplugin-1.xml
[2010.10.21 16:32:06 | 000,000,961 | ---- | M] () -- C:\Dokumente und Einstellungen\Nina\Anwendungsdaten\Mozilla\Firefox\Profiles\7g0tjua6.default\searchplugins\icqplugin-2.xml
[2010.10.29 12:13:12 | 000,000,961 | ---- | M] () -- C:\Dokumente und Einstellungen\Nina\Anwendungsdaten\Mozilla\Firefox\Profiles\7g0tjua6.default\searchplugins\icqplugin-3.xml
[2010.11.17 22:41:17 | 000,000,961 | ---- | M] () -- C:\Dokumente und Einstellungen\Nina\Anwendungsdaten\Mozilla\Firefox\Profiles\7g0tjua6.default\searchplugins\icqplugin-4.xml
[2010.11.17 22:41:13 | 000,000,168 | ---- | M] () -- C:\Dokumente und Einstellungen\Nina\Anwendungsdaten\Mozilla\Firefox\Profiles\7g0tjua6.default\searchplugins\icqplugin.gif
[2010.11.17 22:41:13 | 000,000,618 | ---- | M] () -- C:\Dokumente und Einstellungen\Nina\Anwendungsdaten\Mozilla\Firefox\Profiles\7g0tjua6.default\searchplugins\icqplugin.src
[2010.06.21 16:35:24 | 000,001,042 | ---- | M] () -- C:\Dokumente und Einstellungen\Nina\Anwendungsdaten\Mozilla\Firefox\Profiles\7g0tjua6.default\searchplugins\icqplugin.xml
[2009.11.05 14:02:44 | 000,003,915 | ---- | M] () -- C:\Dokumente und Einstellungen\Nina\Anwendungsdaten\Mozilla\Firefox\Profiles\7g0tjua6.default\searchplugins\sweetim.xml
[2009.10.11 16:49:21 | 000,001,834 | ---- | M] () -- C:\Dokumente und Einstellungen\Nina\Anwendungsdaten\Mozilla\Firefox\Profiles\7g0tjua6.default\searchplugins\{20A63768-D38A-4A40-B209-4D7B9D599609}.xml
[2009.10.11 16:49:21 | 000,002,041 | ---- | M] () -- C:\Dokumente und Einstellungen\Nina\Anwendungsdaten\Mozilla\Firefox\Profiles\7g0tjua6.default\searchplugins\{25B5CF82-AF02-4046-8E8B-E43ADAD4FF30}.xml
[2009.10.11 16:49:21 | 000,002,152 | ---- | M] () -- C:\Dokumente und Einstellungen\Nina\Anwendungsdaten\Mozilla\Firefox\Profiles\7g0tjua6.default\searchplugins\{D210E680-51D3-4437-9B76-8C8053D8EE4D}.xml
[2009.10.10 18:44:01 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions
[2010.10.12 17:31:26 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.10.12 17:31:26 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.10.12 17:31:26 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.10.12 17:31:26 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.10.12 17:31:26 | 000,000,801 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2008.04.14 13:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Programme\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Programme\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O2 - BHO: (kikin Plugin) - {E601996F-E400-41CA-804B-CD6373A7EEE2} - C:\Programme\kikin\ie_kikin.dll (kikin)
O2 - BHO: (SweetIM Toolbar Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Programme\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Programme\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Programme\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKLM\..\Toolbar: (SweetIM Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Programme\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Programme\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Programme\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKCU\..\Toolbar\WebBrowser: (SweetIM Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Programme\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Programme\Gemeinsame Dateien\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [avgnt] C:\Windows\svschost-xx.exe File not found
O4 - HKLM..\Run: [CanonMyPrinter] C:\Programme\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenu] C:\Programme\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4 - HKLM..\Run: [CLMLServer] C:\Programme\Cyberlink\Power2Go\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [JANINA] C:\WINDOWS\system32\JANINA.vbs ()
O4 - HKLM..\Run: [KernelFaultCheck]  File not found
O4 - HKLM..\Run: [LGODDFU] C:\Programme\lg_fwupdate\fwupdate.exe (BitLeader)
O4 - HKLM..\Run: [MGSysCtrl] C:\Programme\System Control Manager\MGSysCtrl.exe (Micro-Star International Co., Ltd.)
O4 - HKLM..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\svschost-xx.exe File not found
O4 - HKLM..\Run: [Ocs_SM] C:\Dokumente und Einstellungen\Nina\Anwendungsdaten\OCS\SM\SearchAnonymizer.exe ()
O4 - HKLM..\Run: [PDVD8LanguageShortcut] C:\Programme\Cyberlink\PowerDVD8\Language\Language.exe (CyberLink Corp.)
O4 - HKLM..\Run: [RemoteControl8] C:\Programme\Cyberlink\PowerDVD8\PDVD8Serv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [StartCCC] C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [starter4g] C:\WINDOWS\starter4g.exe (4G Systems GmbH & Co. KG)
O4 - HKLM..\Run: [SweetIM] C:\Programme\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.)
O4 - HKLM..\Run: [UCam_Menu] C:\Programme\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateLBPShortCut] C:\Programme\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Programme\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePPShortCut] C:\Programme\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePSTShortCut] C:\Programme\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [Windows Defender] C:\Programme\Windows-Defender\svschost-xx.exe File not found
O4 - HKCU..\Run: [BD]  File not found
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Programme\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [ICQ] C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.)
O4 - HKCU..\Run: [msnmsgr] C:\Programme\Windows Live\Messenger\msnmsgr.exe File not found
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\BTTray.lnk = C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\VPN Client.lnk = C:\WINDOWS\Installer\{21E247D4-5E27-4BEA-AA4D-19A81203FE2A}\Icon3E5562ED7.ico ()
O4 - Startup: C:\Dokumente und Einstellungen\Nina\Startmenü\Programme\Autostart\OpenOffice.org 3.1.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Senden an &Bluetooth-Gerät... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Senden an Bluetooth - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} -  File not found
O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} -  File not found
O9 - Extra 'Tools' menuitem : My kikin - {0F7195C2-6713-4d93-A1BC-DA5FA33F0A65} - C:\Programme\kikin\ie_kikin.dll (kikin)
O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O12 - Plugin for: .csm - C:\Programme\Internet Explorer\Plugins\npchime.dll (MDL Information Systems, Inc (Elsevier MDL))
O12 - Plugin for: .csml - C:\Programme\Internet Explorer\Plugins\npchime.dll (MDL Information Systems, Inc (Elsevier MDL))
O12 - Plugin for: .cub - C:\Programme\Internet Explorer\Plugins\npchime.dll (MDL Information Systems, Inc (Elsevier MDL))
O12 - Plugin for: .cube - C:\Programme\Internet Explorer\Plugins\npchime.dll (MDL Information Systems, Inc (Elsevier MDL))
O12 - Plugin for: .dx - C:\Programme\Internet Explorer\Plugins\npchime.dll (MDL Information Systems, Inc (Elsevier MDL))
O12 - Plugin for: .emb - C:\Programme\Internet Explorer\Plugins\npchime.dll (MDL Information Systems, Inc (Elsevier MDL))
O12 - Plugin for: .embl - C:\Programme\Internet Explorer\Plugins\npchime.dll (MDL Information Systems, Inc (Elsevier MDL))
O12 - Plugin for: .gau - C:\Programme\Internet Explorer\Plugins\npchime.dll (MDL Information Systems, Inc (Elsevier MDL))
O12 - Plugin for: .jdx - C:\Programme\Internet Explorer\Plugins\npchime.dll (MDL Information Systems, Inc (Elsevier MDL))
O12 - Plugin for: .mol - C:\Programme\Internet Explorer\Plugins\npchime.dll (MDL Information Systems, Inc (Elsevier MDL))
O12 - Plugin for: .mop - C:\Programme\Internet Explorer\Plugins\npchime.dll (MDL Information Systems, Inc (Elsevier MDL))
O12 - Plugin for: .pdb - C:\Programme\Internet Explorer\Plugins\npchime.dll (MDL Information Systems, Inc (Elsevier MDL))
O12 - Plugin for: .rxn - C:\Programme\Internet Explorer\Plugins\npchime.dll (MDL Information Systems, Inc (Elsevier MDL))
O12 - Plugin for: .scr - C:\Programme\Internet Explorer\Plugins\npchime.dll (MDL Information Systems, Inc (Elsevier MDL))
O12 - Plugin for: .skc - C:\Programme\Internet Explorer\Plugins\npchime.dll (MDL Information Systems, Inc (Elsevier MDL))
O12 - Plugin for: .spt - C:\Programme\Internet Explorer\Plugins\npchime.dll (MDL Information Systems, Inc (Elsevier MDL))
O12 - Plugin for: .tgf - C:\Programme\Internet Explorer\Plugins\npchime.dll (MDL Information Systems, Inc (Elsevier MDL))
O12 - Plugin for: .xyz - C:\Programme\Internet Explorer\Plugins\npchime.dll (MDL Information Systems, Inc (Elsevier MDL))
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1243230124750 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1243239631578 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} hxxp://office.microsoft.com/officeupdate/content/opuc4.cab (Office Update Installation Engine)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL File not found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL File not found
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.05.17 08:58:05 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2011.01.01 20:49:12 | 000,000,094 | RHS- | M] () - C:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2008.08.21 11:50:32 | 000,000,672 | RH-- | M] () - D:\autoexec.bat -- [ FAT32 ]
O32 - AutoRun File - [2011.01.01 20:49:14 | 000,000,094 | RHS- | M] () - D:\autorun.inf -- [ FAT32 ]
O33 - MountPoints2\{1252445e-5ac4-11df-9bbe-0024216e38ed}\Shell - "" = AutoRun
O33 - MountPoints2\{1252445e-5ac4-11df-9bbe-0024216e38ed}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{455ef32c-f7c9-11de-9aad-0024216e38ed}\Shell - "" = AutoRun
O33 - MountPoints2\{455ef32c-f7c9-11de-9aad-0024216e38ed}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{7f7b5d76-b7fd-11de-9a06-0024216e38ed}\Shell - "" = AutoRun
O33 - MountPoints2\{7f7b5d76-b7fd-11de-9a06-0024216e38ed}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{bacc1efa-42c4-11de-a9aa-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{bacc1efa-42c4-11de-a9aa-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{bacc1efa-42c4-11de-a9aa-806d6172696f}\Shell\AutoRun\command - "" = E:\setup.exe -- File not found
O33 - MountPoints2\{c883a048-3789-11d6-a42e-0024216f1575}\Shell\AutoRun\command - "" = E:\setup.exe -- File not found
O33 - MountPoints2\{dd7d568a-9d0a-11de-a437-0024216f1575}\Shell\AutoRun\command - "" = E:\autorun.bat -- File not found
O33 - MountPoints2\{fb765020-9696-11df-9c6e-0024216e38ed}\Shell - "" = AutoRun
O33 - MountPoints2\{fb765020-9696-11df-9c6e-0024216e38ed}\Shell\AutoRun - "" = Auto&Play
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.01.01 20:48:37 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Nina\Desktop\OTL.exe
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011.01.01 20:53:12 | 000,004,218 | RHS- | M] () -- C:\WINDOWS\System32\JANINA.vbs
[2011.01.01 20:53:12 | 000,004,218 | RHS- | M] () -- C:\JANINA.vbs
[2011.01.01 20:53:12 | 000,000,094 | RHS- | M] () -- C:\autorun.inf
[2011.01.01 20:48:39 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Nina\Desktop\OTL.exe
[2011.01.01 17:57:24 | 000,000,332 | ---- | M] () -- C:\WINDOWS\lgfwup.ini
[2011.01.01 17:56:16 | 000,002,423 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\VPN Client.lnk
[2011.01.01 17:53:28 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011.01.01 17:53:05 | 938,856,448 | -HS- | M] () -- C:\hiberfil.sys
[2010.12.30 20:54:06 | 000,023,672 | ---- | M] () -- C:\Dokumente und Einstellungen\Nina\Desktop\Nebenjobs.docx
[2010.12.27 18:39:22 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2010.12.30 20:54:04 | 000,023,672 | ---- | C] () -- C:\Dokumente und Einstellungen\Nina\Desktop\Nebenjobs.docx
[2010.05.07 14:14:36 | 000,002,828 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2010.05.07 14:14:36 | 000,000,008 | RHS- | C] () -- C:\WINDOWS\System32\1AFB651ACF.sys
[2010.02.01 15:19:26 | 000,691,696 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2010.01.02 19:19:31 | 000,000,332 | ---- | C] () -- C:\WINDOWS\lgfwup.ini
[2009.11.17 11:08:34 | 000,197,424 | ---- | C] () -- C:\WINDOWS\System32\vpnapi.dll
[2009.11.17 11:07:44 | 000,193,328 | ---- | C] () -- C:\WINDOWS\System32\CSGina.dll
[2009.10.13 19:00:51 | 000,000,480 | ---- | C] () -- C:\Dokumente und Einstellungen\Nina\Anwendungsdaten\wklnhst.dat
[2009.10.10 17:20:20 | 000,049,664 | ---- | C] () -- C:\Dokumente und Einstellungen\Nina\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.05.26 05:09:38 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2009.05.19 04:05:59 | 000,001,084 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2009.05.17 09:36:38 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2008.12.05 08:07:42 | 002,854,976 | ---- | C] () -- C:\WINDOWS\System32\btwicons.dll
[2001.11.14 11:56:00 | 001,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll

< End of report >
         
--- --- ---

_________________________
OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 01.01.2011 20:50:11 - Run 1
OTL by OldTimer - Version 3.2.17.3     Folder = C:\Dokumente und Einstellungen\Nina\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
895,00 Mb Total Physical Memory | 425,00 Mb Available Physical Memory | 47,00% Memory free
2,00 Gb Paging File | 2,00 Gb Available in Paging File | 83,00% Paging File free
Paging file location(s): C:\pagefile.sys 1344 2688 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 133,27 Gb Total Space | 106,23 Gb Free Space | 79,72% Space Free | Partition Type: NTFS
Drive D: | 15,76 Gb Total Space | 8,63 Gb Free Space | 54,76% Space Free | Partition Type: FAT32
 
Computer Name: JANINA | User Name: Nina | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Programme\Windows Live\Messenger\wlcsdk.exe" = C:\Programme\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- File not found
"C:\Programme\Windows Live\Messenger\msnmsgr.exe" = C:\Programme\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- File not found
"C:\Programme\Windows Live\Sync\WindowsLiveSync.exe" = C:\Programme\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)
"C:\Programme\Cyberlink\PowerDVD8\PowerDVD8.exe" = C:\Programme\Cyberlink\PowerDVD8\PowerDVD8.exe:*:Enabled:CyberLink PowerDVD 8.0 -- (CyberLink Corp.)
"C:\Programme\ICQ7.2\ICQ.exe" = C:\Programme\ICQ7.2\ICQ.exe:*:Enabled:ICQ7.2 -- (ICQ, LLC.)
"C:\Programme\ICQ7.2\aolload.exe" = C:\Programme\ICQ7.2\aolload.exe:*:Enabled:aolload.exe -- (AOL LLC)
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Programme\Windows Live\Messenger\wlcsdk.exe" = C:\Programme\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- File not found
"C:\Programme\Windows Live\Messenger\msnmsgr.exe" = C:\Programme\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- File not found
"C:\Programme\Windows Live\Sync\WindowsLiveSync.exe" = C:\Programme\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)
"C:\Programme\ICQ6.5\ICQ.exe" = C:\Programme\ICQ6.5\ICQ.exe:*:Enabled:ICQ6 -- File not found
"C:\Programme\Cyberlink\PowerDVD8\PowerDVD8.exe" = C:\Programme\Cyberlink\PowerDVD8\PowerDVD8.exe:*:Enabled:CyberLink PowerDVD 8.0 -- (CyberLink Corp.)
"C:\Programme\ICQ7.2\ICQ.exe" = C:\Programme\ICQ7.2\ICQ.exe:*:Enabled:ICQ7.2 -- (ICQ, LLC.)
"C:\Programme\ICQ7.2\aolload.exe" = C:\Programme\ICQ7.2\aolload.exe:*:Enabled:aolload.exe -- (AOL LLC)
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{ADDBE07D-95B8-4789-9C76-187FFF9624B4}" = CorelDRAW Essential Edition 3
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = LG CyberLink YouCam
"{048FC675-D00F-A0B0-C111-AE39F4B8CC9E}" = CCC Help Italian
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{06E6E30D-B498-442F-A943-07DE41D7F785}" = Microsoft Search Enhancement Pack
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP270_series" = Canon MP270 series MP Drivers
"{1AC247CD-DC48-0DF7-0570-8B07885FF018}" = Catalyst Control Center Graphics Previews Common
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = LG Power Tools
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{20800BCE-5629-3F94-9F9A-4B7A2C17324F}" = CCC Help German
"{209775F0-6B14-5E9A-87E4-0C78A79C78FE}" = CCC Help Norwegian
"{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}" = QuickTime
"{21E247D4-5E27-4BEA-AA4D-19A81203FE2A}" = Cisco Systems VPN Client 5.0.06.0160
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{242F05A2-B450-5235-6C95-656FE1C422CB}" = Catalyst Control Center Core Implementation
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java(TM) 6 Update 16
"{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie
"{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = LG CyberLink PowerDVD
"{31CF6C0E-51F0-41D2-B088-A6A143C4303C}" = SweetIM Toolbar for Internet Explorer 3.6
"{341B8C78-57D3-EAA3-9661-D74304C3EE17}" = CCC Help French
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3B8028BA-35C7-6032-B889-30B3B37B41C0}" = Catalyst Control Center Localization All
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = LG CyberLink Power2Go
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{46761278-BF32-4008-833B-93487FF0A06E}" = MDL Chime/Chime Pro for Internet Explorer
"{48ADC36F-75AA-6EF5-0733-D9F8CDE8D0D2}" = CCC Help Greek
"{50C78D0B-B45E-638F-D120-0721D86B253A}" = CCC Help Korean
"{51A24711-A461-1CD8-6AA1-DF37F3E02C77}" = CCC Help Dutch
"{535C6037-F272-71F4-FE26-E1B2868DE2F7}" = ccc-core-static
"{5D91D393-1523-5293-176D-9E2204BB5829}" = CCC Help Turkish
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{6179550A-3E7C-499E-BCC9-9E8113E0A285}" = LG ODD Auto Firmware Update
"{61C3E1B4-2F5C-8961-1439-CA5D44F49CFC}" = CCC Help Chinese Standard
"{6222657E-1118-DFFC-2683-FAA9BA68FE10}" = CCC Help Spanish
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{6857B928-CD51-E5EC-7120-0D1E5E631350}" = CCC Help Finnish
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{70B7A167-0B88-445D-A3EA-97C73AA88CAC}" = Windows Live Toolbar
"{7121BAE0-8959-6930-441C-409455A2391F}" = CCC Help English
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}" = ICQ7.2
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{76EFFC7C-17A6-479D-9E47-8E658C1695AE}" = Windows-Sicherungsprogramm
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7932FC5E-CCD0-916C-9B56-0C2F5B786843}" = CCC Help Portuguese
"{83E2CFA9-E0EB-4E08-9F85-43E577FF3D60}" = Windows Live Anmelde-Assistent
"{84814E6B-2581-46EC-926A-823BD1C670F6}" = WIDCOMM Bluetooth Software
"{855425BB-0BB6-E908-2781-134FD8BDE9C0}" = ccc-utility
"{86FFE51F-6DC8-6D5D-7571-E6837DAC7F26}" = CCC Help Czech
"{88223E9F-D792-77A6-D1C0-500610042740}" = Catalyst Control Center Graphics Full New
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8B80D71B-5AA2-E36D-BE9D-70A2FBBB9C85}" = CCC Help Japanese
"{90120000-0010-0407-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders  (German) 12
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{945DAF9A-2BE1-DEDE-3B16-81757CA2BEAD}" = CCC Help Swedish
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95FD3168-58AF-8C6B-1B33-9B196E992425}" = CCC Help Chinese Traditional
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = USB2.0 Card Reader Software
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9D3D8C60-A55F-4fed-B2B9-173F09590E16}" = REALTEK Wireless LAN Driver
"{9EC9754D-CA34-4293-B5DB-3BD245A88A43}" = ArcSoft MediaImpression
"{A062A15F-9CAC-4B88-98DF-87628A0BD721}" = Corel MediaOne
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A334F1BA-0A1D-4ED6-B4F9-4066157CA15D}" = DE
"{AC76BA86-7AD7-1031-7B44-A92000000001}" = Adobe Reader 9.2 - Deutsch
"{ADD5DB49-72CF-11D8-9D75-000129760D75}" = LG CyberLink PowerBackup
"{ADDBE07D-95B8-4789-9C76-187FFF9624B4}" = CorelDRAW Essential Edition 3
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = LG CyberLink PowerProducer
"{B80F72C0-C511-C947-3F2E-83AFC506517B}" = CCC Help Polish
"{B8754879-727E-A8CF-2210-A345CD1CF9ED}" = ccc-core-preinstall
"{BAC80EF3-E106-4AEA-8C57-F217F9BC7358}" = Microsoft SQL Server 2005 Compact Edition [DEU]
"{BBA51523-A256-825E-C5C2-8F4FC1D787ED}" = Catalyst Control Center Graphics Light
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C040AA8E-11D2-9648-9F9C-985A91A4727A}" = CCC Help Thai
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C2C284D2-6BD7-3B34-B0C5-B2CAED168DF7}" = Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - DEU
"{C314CE45-3392-3B73-B4E1-139CD41CA933}" = Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - DEU
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LG CyberLink LabelPrint
"{C9BED750-1211-4480-B1A5-718A3BE15525}" = REALTEK GbE & FE Ethernet PCI-E NIC Driver
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D32B19EA-BFAD-442D-A0C3-FAA8A93DEFCA}" = CCC Help Danish
"{D55D77A5-BBE2-1A5F-CD1E-E7AB6DEACB60}" = CCC Help Russian
"{D6510194-C41F-CE9C-F726-8543F4414EE9}" = CCC Help Hungarian
"{D765F1CE-5AE5-4C47-B134-AE58AC474740}" = OpenOffice.org 3.1
"{DF6F459C-8B89-4F88-B63F-A2E136BB6B79}" = SweetIM for Messenger 2.8
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{ED9C5D25-55DF-48D8-9328-2AC0D75DE5D8}" = System Control Manager
"{F067F869-D300-FF34-F1D5-13474E1BB948}" = Catalyst Control Center Graphics Full Existing
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F428D0FB-765D-40EB-BDD8-A1E7F5C597FA}" = Update Manager
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player
"ATI Display Driver" = ATI Display Driver
"AVNM" = AVNM
"Canon MP270 series Benutzerregistrierung" = Canon MP270 series Benutzerregistrierung
"CANONIJPLM100" = Canon Inkjet Printer/Scanner/Fax Extended Survey Program
"CanonMyPrinter" = Canon Utilities My Printer
"CanonSolutionMenu" = Canon Utilities Solution Menu
"DAEMON Tools Toolbar" = DAEMON Tools Toolbar
"doPDF 6  printer_is1" = doPDF 6.2  printer
"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
"Easy-WebPrint EX" = Canon Easy-WebPrint EX
"ENTERPRISE" = Microsoft Office Enterprise 2007
"HijackThis" = HijackThis 2.0.2
"ICQToolbar" = ICQ Toolbar
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = LG CyberLink YouCam
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = LG Power Tools
"InstallShield_{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = LG CyberLink PowerDVD
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = LG CyberLink Power2Go
"InstallShield_{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = LG CyberLink PowerProducer
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LG CyberLink LabelPrint
"kikin Plugin (Murb.com Edition)" = kikin Plugin (Murb.com Edition) 1.11
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.5.15)" = Mozilla Firefox (3.5.15)
"MP Navigator EX 3.0" = Canon MP Navigator EX 3.0
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"SearchAnonymizer" = SearchAnonymizer
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0
"XSManager" = XSManager
 
========== Last 10 Event Log Errors ==========
 
Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!
 
< End of report >
         
--- --- ---

Alt 02.12.2010, 21:24   #11
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Silly Gen und andere Viren - Standard

Silly Gen und andere Viren



Beende alle Programme, starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:
ATTFilter
:OTL
O4 - HKLM..\Run: [avgnt] C:\Windows\svschost-xx.exe File not found
O4 - HKLM..\Run: [JANINA] C:\WINDOWS\system32\JANINA.vbs ()
O4 - HKLM..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\svschost-xx.exe File not found
O4 - HKLM..\Run: [Windows Defender] C:\Programme\Windows-Defender\svschost-xx.exe File not found
O4 - HKCU..\Run: [BD]  File not found
O32 - AutoRun File - [2009.05.17 08:58:05 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2011.01.01 20:49:12 | 000,000,094 | RHS- | M] () - C:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2008.08.21 11:50:32 | 000,000,672 | RH-- | M] () - D:\autoexec.bat -- [ FAT32 ]
O32 - AutoRun File - [2011.01.01 20:49:14 | 000,000,094 | RHS- | M] () - D:\autorun.inf -- [ FAT32 ]
O33 - MountPoints2\{1252445e-5ac4-11df-9bbe-0024216e38ed}\Shell - "" = AutoRun
O33 - MountPoints2\{1252445e-5ac4-11df-9bbe-0024216e38ed}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{455ef32c-f7c9-11de-9aad-0024216e38ed}\Shell - "" = AutoRun
O33 - MountPoints2\{455ef32c-f7c9-11de-9aad-0024216e38ed}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{7f7b5d76-b7fd-11de-9a06-0024216e38ed}\Shell - "" = AutoRun
O33 - MountPoints2\{7f7b5d76-b7fd-11de-9a06-0024216e38ed}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{bacc1efa-42c4-11de-a9aa-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{bacc1efa-42c4-11de-a9aa-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{bacc1efa-42c4-11de-a9aa-806d6172696f}\Shell\AutoRun\command - "" = E:\setup.exe -- File not found
O33 - MountPoints2\{c883a048-3789-11d6-a42e-0024216f1575}\Shell\AutoRun\command - "" = E:\setup.exe -- File not found
O33 - MountPoints2\{dd7d568a-9d0a-11de-a437-0024216f1575}\Shell\AutoRun\command - "" = E:\autorun.bat -- File not found
O33 - MountPoints2\{fb765020-9696-11df-9c6e-0024216e38ed}\Shell - "" = AutoRun
O33 - MountPoints2\{fb765020-9696-11df-9c6e-0024216e38ed}\Shell\AutoRun - "" = Auto&Play
[2011.01.01 20:53:12 | 000,004,218 | RHS- | M] () -- C:\WINDOWS\System32\JANINA.vbs
[2011.01.01 20:53:12 | 000,004,218 | RHS- | M] () -- C:\JANINA.vbs
[2011.01.01 20:53:12 | 000,000,094 | RHS- | M] () -- C:\autorun.inf
:Commands
[purity]
[resethosts]
[emptytemp]
         
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 06.12.2010, 23:16   #12
JaninaW
 
Silly Gen und andere Viren - Standard

Silly Gen und andere Viren



Hallo Arne
nun bin ich in den letzten Zügen, würd mich freun, wenn du mir noch weiter hilfst

Alt 06.12.2010, 23:35   #13
JaninaW
 
Silly Gen und andere Viren - Standard

Silly Gen und andere Viren



Sooo und hier - hoffentlich - das was du haben möchtest:

All processes killed
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\avgnt deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\JANINA deleted successfully.
File move failed. C:\WINDOWS\system32\JANINA.vbs scheduled to be moved on reboot.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\MSConfig deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Windows Defender deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\BD deleted successfully.
C:\AUTOEXEC.BAT moved successfully.
C:\autorun.inf moved successfully.
D:\autoexec.bat moved successfully.
D:\autorun.inf moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1252445e-5ac4-11df-9bbe-0024216e38ed}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1252445e-5ac4-11df-9bbe-0024216e38ed}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1252445e-5ac4-11df-9bbe-0024216e38ed}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1252445e-5ac4-11df-9bbe-0024216e38ed}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{455ef32c-f7c9-11de-9aad-0024216e38ed}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{455ef32c-f7c9-11de-9aad-0024216e38ed}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{455ef32c-f7c9-11de-9aad-0024216e38ed}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{455ef32c-f7c9-11de-9aad-0024216e38ed}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7f7b5d76-b7fd-11de-9a06-0024216e38ed}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7f7b5d76-b7fd-11de-9a06-0024216e38ed}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7f7b5d76-b7fd-11de-9a06-0024216e38ed}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7f7b5d76-b7fd-11de-9a06-0024216e38ed}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{bacc1efa-42c4-11de-a9aa-806d6172696f}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{bacc1efa-42c4-11de-a9aa-806d6172696f}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{bacc1efa-42c4-11de-a9aa-806d6172696f}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{bacc1efa-42c4-11de-a9aa-806d6172696f}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{bacc1efa-42c4-11de-a9aa-806d6172696f}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{bacc1efa-42c4-11de-a9aa-806d6172696f}\ not found.
File E:\setup.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c883a048-3789-11d6-a42e-0024216f1575}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c883a048-3789-11d6-a42e-0024216f1575}\ not found.
File E:\setup.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{dd7d568a-9d0a-11de-a437-0024216f1575}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{dd7d568a-9d0a-11de-a437-0024216f1575}\ not found.
File E:\autorun.bat not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fb765020-9696-11df-9c6e-0024216e38ed}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{fb765020-9696-11df-9c6e-0024216e38ed}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fb765020-9696-11df-9c6e-0024216e38ed}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{fb765020-9696-11df-9c6e-0024216e38ed}\ not found.
File move failed. C:\WINDOWS\system32\JANINA.vbs scheduled to be moved on reboot.
C:\JANINA.vbs moved successfully.
File C:\autorun.inf not found.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Besitzer

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 278662 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 405 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Nina
->Temp folder emptied: 109251835 bytes
->Temporary Internet Files folder emptied: 99476579 bytes
->Java cache emptied: 2030754 bytes
->FireFox cache emptied: 105341432 bytes
->Flash cache emptied: 34749 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2352202 bytes
%systemroot%\System32 .tmp files removed: 2833287 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 124830169 bytes
RecycleBin emptied: 26624 bytes

Total Files Cleaned = 426,00 mb


OTL by OldTimer - Version 3.2.17.3 log created on 01052011_232145

Files\Folders moved on Reboot...
C:\WINDOWS\system32\JANINA.vbs moved successfully.

Registry entries deleted on Reboot...

Alt 07.12.2010, 11:01   #14
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Silly Gen und andere Viren - Standard

Silly Gen und andere Viren



Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Lade dir ComboFix hier herunter auf deinen Desktop. Benenne es beim Runterladen um in cofi.exe.
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 09.12.2010, 18:21   #15
JaninaW
 
Silly Gen und andere Viren - Standard

Silly Gen und andere Viren



Hallo,
hab mir das Programm runtergeladen und Anleitung gelesen. daraufhin alles geschlossen...
Jetzt startet das Programm nicht weil es behauptet, avira würde laufen, was ich aber seit langem nicht mehr auf dem pc hab. Ich finde dieses Programm auch nirgendwo, da ich es über Systemsteuerung gelöscht habe...
Combofix sagt dann, er startet den Suchlauf auf eigene Verantwortung, dann öffnet sich ein blaues Fenster,schließt aber sofort wieder und nichts passiert.

Geändert von JaninaW (09.12.2010 um 18:27 Uhr)

Antwort

Themen zu Silly Gen und andere Viren
.dll, arbeitsplatz, dateien, desktop, explorer, gelöscht, hängt, iexplore.exe, internet, internet explorer, langsam, malwarebytes, microsoft, pc hängt, problem, programme, sehr langsam, seite, sekunden, software, system, system32, trojan.agent, viren, windows, windowsxp




Ähnliche Themen: Silly Gen und andere Viren


  1. 2x | Trojaner und andere Viren?
    Mülltonne - 02.10.2013 (1)
  2. Delta Search & Andere Viren
    Plagegeister aller Art und deren Bekämpfung - 10.08.2013 (3)
  3. Sidekicks und Andere Viren
    Log-Analyse und Auswertung - 20.05.2013 (13)
  4. TR/ATRAPS.Gen + andere unerwünschte Viren
    Log-Analyse und Auswertung - 06.12.2012 (5)
  5. Trojaner Invasion und andere fiese Viren!
    Plagegeister aller Art und deren Bekämpfung - 08.08.2012 (10)
  6. [2x] TR/Dropper.Gen! und andere Viren!
    Mülltonne - 26.02.2012 (1)
  7. 2 viren -BOO/Aleuron.A und noch ein andere
    Plagegeister aller Art und deren Bekämpfung - 22.12.2010 (36)
  8. Bankdatenphishing und viele Andere Viren
    Plagegeister aller Art und deren Bekämpfung - 11.12.2010 (5)
  9. Google öffnet andere Links. Viren!
    Log-Analyse und Auswertung - 07.09.2010 (6)
  10. Trojaner und andere Viren
    Plagegeister aller Art und deren Bekämpfung - 22.07.2010 (1)
  11. TR/Dropper.Gen' [trojan] und andere Viren gefunden
    Log-Analyse und Auswertung - 03.05.2009 (0)
  12. HTML/Rce.Gen und andere Viren
    Plagegeister aller Art und deren Bekämpfung - 06.10.2008 (9)
  13. CiD Popup und andere Viren?
    Plagegeister aller Art und deren Bekämpfung - 19.08.2008 (10)
  14. trojaner und andere viren
    Mülltonne - 09.07.2008 (1)
  15. Outerinfo und eventuell andere Viren
    Plagegeister aller Art und deren Bekämpfung - 07.02.2008 (1)
  16. Hilfe TR/Dldr.Swizzor.DV und andere Viren
    Plagegeister aller Art und deren Bekämpfung - 24.09.2007 (15)
  17. Trojan.Adclicker und andere Viren
    Plagegeister aller Art und deren Bekämpfung - 12.01.2006 (7)

Zum Thema Silly Gen und andere Viren - Hallo allerseits, ich habe ein Problem mit einem Virus. Ich habe bereits Malwarebytes heruntergeladen und laufen lassen mit vorgendem Report: (falls auch Log von HijackThis gebraucht wird, poste ich sie - Silly Gen und andere Viren...
Archiv
Du betrachtest: Silly Gen und andere Viren auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.