System Tool Malware

Beas · 01.02.2011, 14:45

Hallo,
habe mir die System Tool Malware eingefangen, aber schon erste Schritte eingeleitet. Habe (wie ich hier im Forum gelesen habe) meinen Laptop im abgesichteren Modus gestartet und dann rkill.com gestartet. Danach waren bereits die Symptome verschwunden. Habe dann mit Malwarebytes Anti-Malware meinen PC gescannt und die unerwünschten Dateien entfernt.
Welche Schritte sind nun notwendig?
Danke schon mal im voraus.
Grüße

Beas

cosinus · 01.02.2011, 20:51

Zitat:

Welche Schritte sind nun notwendig?

Wie wär's mal mit: alle Logdateien posten.

Beas · 01.02.2011, 21:48

Hatte mit Malwarebytes 2 Scans durchgeführt. Erst einen kurzen, und dann, als ich las, dass man einen kompletten durchführen soll, noch einen ganzen.
Scan 1

Zitat:

Malwarebytes' Anti-Malware 1.50.1.1100
Malwarebytes

Datenbank Version: 5650

Windows 6.0.6002 Service Pack 2 (Safe Mode)
Internet Explorer 7.0.6002.18005

01.02.2011 00:47:21
mbam-log-2011-02-01 (00-47-21).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 138351
Laufzeit: 3 Minute(n), 6 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 2
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 14

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\syscheckrt.exe (Spyware.Passwords.XGen) -> Value: syscheckrt.exe -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\gFcPjDd15400 (Rogue.SystemTool) -> Value: gFcPjDd15400 -> Quarantined and deleted successfully.

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
c:\syscheckrt\syscheckrt.exe (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
c:\programdata\gfcpjdd15400\gfcpjdd15400.exe (Rogue.SystemTool) -> Quarantined and deleted successfully.
c:\Users\Medion\AppData\Local\Temp\90BB.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully.
c:\Users\Medion\AppData\Local\Temp\B5D9.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully.
c:\Users\Medion\AppData\Local\Temp\efybxz.exe (Worm.Rimecud) -> Quarantined and deleted successfully.
c:\Users\Medion\AppData\Local\Temp\fenpcn.exe (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
c:\Users\Medion\AppData\Local\Temp\ilx.exe (Worm.Rimecud) -> Quarantined and deleted successfully.
c:\Users\Medion\AppData\Local\Temp\sawocmxenr.exe (Trojan.FraudPack.Gen) -> Quarantined and deleted successfully.
c:\Users\Medion\AppData\Local\Temp\setup911142224.exe (Rootkit.TDSS) -> Quarantined and deleted successfully.
c:\Users\Medion\AppData\Local\Temp\setup940604944.exe (Rootkit.TDSS) -> Quarantined and deleted successfully.
c:\Users\Medion\AppData\Local\Temp\tvljxpe.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Medion\AppData\Local\Temp\vvifjepc.exe (Worm.Rimecud) -> Quarantined and deleted successfully.
c:\Users\Medion\Desktop\system tool 2011.lnk (Rogue.SystemTool) -> Quarantined and deleted successfully.
c:\Users\Medion\downloads\eXplorer.exe (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully.

Scan 2

Zitat:

Malwarebytes' Anti-Malware 1.50.1.1100
Malwarebytes

Datenbank Version: 5650

Windows 6.0.6002 Service Pack 2
Internet Explorer 7.0.6002.18005

01.02.2011 15:44:45
mbam-log-2011-02-01 (15-44-45).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 274402
Laufzeit: 57 Minute(n), 33 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 6

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
c:\Users\Medion\AppData\Local\microsoft\Windows\temporary internet files\Content.IE5\390H6W0C\az3[2].exe (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
c:\Users\Medion\AppData\Local\microsoft\Windows\temporary internet files\Content.IE5\FJBQ3TH1\iztbjhowu[1].htm (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Medion\AppData\Local\microsoft\Windows\temporary internet files\Content.IE5\RNSJBFFH\tyfnhc[1].htm (Rogue.SystemTool) -> Quarantined and deleted successfully.
c:\Users\Medion\AppData\Local\microsoft\Windows\temporary internet files\Content.IE5\RNSJBFFH\xavdxsz[1].htm (Worm.Rimecud) -> Quarantined and deleted successfully.
c:\Users\Medion\AppData\Local\microsoft\Windows\temporary internet files\Content.IE5\VH6AFS0P\sjnlgn[1].htm (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Medion\AppData\Local\microsoft\Windows\temporary internet files\Content.IE5\Y1A9PASQ\tyfnhc[2].htm (Rogue.SystemTool) -> Quarantined and deleted successfully.

cosinus · 01.02.2011, 21:50

Gibt es noch weitere Logs von Malwarebytes? Wenn ja bitte alle davon posten. Du findest diese im Reiter Logdateien in Malwarebytes.

Beas · 01.02.2011, 22:29

ja, hatte direkt nach dem ersten noch einen zweiten kurz-durchlauf zur sicherheit gestartet. da wurde aber nichts gefunden.
hier der log:

Zitat:

Malwarebytes' Anti-Malware 1.50.1.1100
Malwarebytes

Datenbank Version: 5650

Windows 6.0.6002 Service Pack 2
Internet Explorer 7.0.6002.18005

01.02.2011 01:11:09
mbam-log-2011-02-01 (01-11-09).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 140204
Laufzeit: 4 Minute(n), 14 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)

cosinus · 01.02.2011, 23:02

Systemscan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop

Doppelklick auf die OTL.exe
Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
Unter Extra Registry, wähle bitte Use SafeList
Klicke nun auf Run Scan links oben
Wenn der Scan beendet wurde werden 2 Logfiles erstellt
Poste die Logfiles hier in den Thread.

Beas · 01.02.2011, 23:32

hier der otl.txt
OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 01.02.2011 23:29:20 - Run 3
OTL by OldTimer - Version 3.2.20.6     Folder = C:\Users\Medion\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 61,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 80,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 278,56 Gb Total Space | 167,37 Gb Free Space | 60,08% Space Free | Partition Type: NTFS
Drive D: | 19,52 Gb Total Space | 7,78 Gb Free Space | 39,85% Space Free | Partition Type: FAT32
 
Computer Name: MEDION-PC | User Name: Medion | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Medion\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.)
PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH)
PRC - C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
PRC - C:\Windows\Pixart\Pac7302\Monitor.exe (PixArt Imaging Incorporation)
PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Launch Manager\HotkeyApp.exe (Wistron)
PRC - C:\Programme\Launch Manager\WisLMSvc.exe (Wistron Corp.)
PRC - C:\Programme\Windows Live\Mail\wlmail.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Live\Contacts\wlcomm.exe (Microsoft Corporation)
PRC - C:\Programme\Common Files\Nero\Lib\NMIndexStoreSvr.exe (Nero AG)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Defender\MSASCui.exe (Microsoft Corporation)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Windows\System32\PSIService.exe ()
PRC - C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
PRC - C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
PRC - C:\Programme\Launch Manager\OSD.exe (Wistron Corp.)
PRC - C:\Programme\Launch Manager\OSDCtrl.exe ()
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\Medion\Downloads\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (WPFFontCache_v0400) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe (Microsoft Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation)
SRV - (WisLMSvc) -- C:\Program Files\Launch Manager\WisLMSvc.exe (Wistron Corp.)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (ProtexisLicensing) -- C:\Windows\System32\PSIService.exe ()
SRV - (IAANTMON) Intel(R) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (PAC7302) -- C:\Windows\System32\drivers\PAC7302.SYS (PixArt Imaging Inc.)
DRV - (usbaudio) USB-Audiotreiber (WDM) -- C:\Windows\System32\drivers\USBAUDIO.sys (Microsoft Corporation)
DRV - (igfx) -- C:\Windows\System32\drivers\igdkmd32.sys (Intel Corporation)
DRV - (netr28) -- C:\Windows\System32\drivers\netr28.sys (Ralink Technology, Corp.)
DRV - (RL_DJIF) -- C:\Windows\System32\drivers\rldjifu.sys (Ploytec GmbH)
DRV - (RL_DJIF_WDM) -- C:\Windows\System32\drivers\rldjifa.sys (Ploytec GmbH)
DRV - (RL_DJIFM) -- C:\Windows\System32\drivers\rldjifm.sys (Ploytec GmbH)
DRV - (SynTP) -- C:\Windows\System32\drivers\SynTP.sys (Synaptics, Inc.)
DRV - (MegaSR) -- C:\Windows\system32\drivers\megasr.sys (LSI Corporation, Inc.)
DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Corporation)
DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)
DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation                                            )
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.)
DRV - (iaStor) -- C:\Windows\system32\DRIVERS\iaStor.sys (Intel Corporation)
DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = Welcome to ALDI
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = Welcome to ALDI
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Welcome to ALDI
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "hxxp://www.borussia.de/de/startseite.html"
FF - prefs.js..extensions.enabledItems: vshare@toolbar:1.0.0
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..network.proxy.type: 0
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.12.12 15:34:37 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.12.12 15:34:37 | 000,000,000 | ---D | M]
 
[2010.08.27 15:30:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Medion\AppData\Roaming\mozilla\Extensions
[2011.02.01 20:04:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Medion\AppData\Roaming\mozilla\Firefox\Profiles\0318zy87.default\extensions
[2010.09.09 22:47:58 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Medion\AppData\Roaming\mozilla\Firefox\Profiles\0318zy87.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.10.27 19:14:45 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\Medion\AppData\Roaming\mozilla\Firefox\Profiles\0318zy87.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2010.10.02 14:31:57 | 000,000,000 | ---D | M] (vShare Plugin) -- C:\Users\Medion\AppData\Roaming\mozilla\Firefox\Profiles\0318zy87.default\extensions\vshare@toolbar
[2010.10.11 19:19:44 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2010.09.14 22:32:39 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.09.14 22:32:39 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.09.14 22:32:39 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.09.14 22:32:39 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.09.14 22:32:39 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [HotkeyApp] C:\Program Files\Launch Manager\HotkeyApp.exe (Wistron)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [LMgrOSD] C:\Program Files\Launch Manager\OSDCtrl.exe ()
O4 - HKLM..\Run: [LMgrVolOSD] C:\Program Files\Launch Manager\OSD.exe (Wistron Corp.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [PAC7302_Monitor] C:\Windows\Pixart\Pac7302\Monitor.exe (PixArt Imaging Incorporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Skytel] C:\Windows\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [UCam_Menu] C:\Program Files\HomeCinema\YouCam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe (Nero AG)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKCU..\Run: [wmplay.exe] C:\wmplay\wmplay.exe (MoRUN.net)
O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Medion\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm ()
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Programme\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} -  File not found
O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} -  File not found
O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Users\Medion\Pictures\London\Bilder Tobi\DSC061111.JPG
O24 - Desktop BackupWallPaper: C:\Users\Medion\Pictures\London\Bilder Tobi\DSC061111.JPG
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2008.08.21 11:50:32 | 000,000,672 | RH-- | M] () - D:\autoexec.bat -- [ FAT32 ]
O33 - MountPoints2\{59225f2f-af74-11df-b034-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{59225f2f-af74-11df-b034-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Autorun.exe
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.02.01 00:43:04 | 000,000,000 | ---D | C] -- C:\Users\Medion\AppData\Roaming\Malwarebytes
[2011.02.01 00:42:57 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011.02.01 00:42:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.02.01 00:42:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011.02.01 00:42:54 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011.02.01 00:42:54 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2011.02.01 00:29:53 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools
[2011.02.01 00:14:06 | 000,000,000 | ---D | C] -- C:\Users\Medion\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tool
[2011.02.01 00:05:50 | 000,000,000 | ---D | C] -- C:\ProgramData\gFcPjDd15400
[2011.01.12 17:28:13 | 000,000,000 | ---D | C] -- C:\Users\Medion\AppData\Local\Ahead
[2011.01.12 17:27:42 | 000,000,000 | ---D | C] -- C:\Users\Medion\AppData\Roaming\Nero
[2011.01.12 15:55:42 | 000,413,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbc32.dll
[2011.01.12 15:55:39 | 001,169,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sdclt.exe
 
========== Files - Modified Within 30 Days ==========
 
[2011.02.01 22:41:00 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011.02.01 22:41:00 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011.02.01 21:49:08 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011.02.01 21:49:08 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011.02.01 19:53:42 | 000,628,742 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.02.01 19:53:42 | 000,595,996 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.02.01 19:53:42 | 000,126,454 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.02.01 19:53:42 | 000,104,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.02.01 19:51:43 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2011.02.01 19:49:13 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.02.01 19:49:08 | 3211,190,272 | -HS- | M] () -- C:\hiberfil.sys
[2011.02.01 00:42:57 | 000,000,910 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.01.29 16:18:41 | 000,000,476 | -H-- | M] () -- C:\Windows\tasks\Norton Security Scan for Medion.job
[2011.01.26 19:34:14 | 000,013,824 | ---- | M] () -- C:\Users\Medion\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.01.18 15:02:36 | 000,114,688 | ---- | M] () -- C:\Users\Medion\Desktop\bericht.doc
 
========== Files Created - No Company Name ==========
 
[2011.02.01 00:48:22 | 3211,190,272 | -HS- | C] () -- C:\hiberfil.sys
[2011.02.01 00:42:57 | 000,000,910 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.01.18 15:02:36 | 000,114,688 | ---- | C] () -- C:\Users\Medion\Desktop\bericht.doc
[2010.12.04 16:27:47 | 000,001,428 | ---- | C] () -- C:\Users\Medion\AppData\Local\RecConfig.xml
[2010.10.07 15:20:53 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
[2010.08.29 16:36:08 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2010.08.27 15:20:04 | 000,013,824 | ---- | C] () -- C:\Users\Medion\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.05.08 12:15:59 | 000,000,850 | ---- | C] () -- C:\Windows\System32\SP7302.INI
[2009.05.08 12:08:36 | 000,140,288 | ---- | C] () -- C:\Windows\System32\igfxtvcx.dll
[2009.05.05 02:56:36 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2006.11.02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2005.10.10 14:00:00 | 000,005,702 | ---- | C] () -- C:\Windows\System32\OUTLPERF.INI

< End of report >

--- --- ---

hier der extras.txt
OTL Logfile:

Code:

ATTFilter

OTL Extras logfile created on: 01.02.2011 23:29:20 - Run 3
OTL by OldTimer - Version 3.2.20.6     Folder = C:\Users\Medion\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 61,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 80,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 278,56 Gb Total Space | 167,37 Gb Free Space | 60,08% Space Free | Partition Type: NTFS
Drive D: | 19,52 Gb Total Space | 7,78 Gb Free Space | 39,85% Space Free | Partition Type: FAT32
 
Computer Name: MEDION-PC | User Name: Medion | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MI1933~1\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 1
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{11A9DB66-A822-4F90-BB80-E02A6F57FB86}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{45CC2A78-6E06-435A-8869-1ABFB88928DD}" = rport=139 | protocol=6 | dir=out | app=system | 
"{48456DAC-9EEE-480C-AFBD-F957CF628BEE}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{4DF4B45A-DCA5-48B8-8502-160C5837368F}" = lport=445 | protocol=6 | dir=in | app=system | 
"{6AB366C8-8FA8-4E5C-8FAB-D7839F2DAC27}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{6AFE8EEB-7EF6-4FF3-84BF-BF9C50AE49EF}" = rport=137 | protocol=17 | dir=out | app=system | 
"{712EF3C5-4F6F-44FD-AFAE-67A1F108CCDE}" = rport=445 | protocol=6 | dir=out | app=system | 
"{9C3C7DC4-6485-4768-AB43-37BEAC657764}" = lport=137 | protocol=17 | dir=in | app=system | 
"{9CB876B3-5280-4C81-A32C-D5260323C71B}" = lport=139 | protocol=6 | dir=in | app=system | 
"{AEAC6C8A-61E4-4F15-950C-AD6C035A09F0}" = rport=138 | protocol=17 | dir=out | app=system | 
"{C2668D6E-DCD6-4C4A-A1EE-7B5979D95CE4}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{FC1DFBE1-34BA-4B41-ADF5-76FC1D28E19E}" = lport=138 | protocol=17 | dir=in | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00007742-FF5B-4830-B8E8-A9C8E9F9FE45}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{0E236434-0875-4F93-A7E8-3D5C74579E83}" = protocol=6 | dir=in | app=c:\program files\icq7.2\aolload.exe | 
"{3244A261-A8DA-4155-A759-EFED1220EE2F}" = protocol=6 | dir=in | app=c:\program files\icq7.2\aolload.exe | 
"{5A35F521-299E-4AFD-92C5-42986304A996}" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe | 
"{5ADA806B-88E2-4BAE-87A3-3EA20E438FD1}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{5E31609D-E99B-4214-84EF-46CA6E1DA7D6}" = protocol=17 | dir=in | app=c:\program files\icq7.2\aolload.exe | 
"{6C8FCA29-DB58-47B5-AAFC-55D69C364BB3}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{77D8137C-975D-483A-84D3-7283DC352B56}" = protocol=6 | dir=in | app=c:\program files\icq7.2\aolload.exe | 
"{8C6FEC14-DD00-42EC-8833-3612870888CF}" = protocol=17 | dir=in | app=c:\program files\icq7.2\aolload.exe | 
"{91A2C974-C3CB-41DE-B830-1139ED6ADB77}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"{9870FC12-DE35-467E-B4B5-EA59FBC88BD1}" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe | 
"{9CF2C0C3-BD79-4940-BD43-1F66FE914357}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{A8274D89-35EE-4234-863E-04B6220E4087}" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe | 
"{BAD201F1-7677-4565-A6B4-A8DC7C16AC2C}" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe | 
"{C1418938-F6C1-47D3-AAB6-64A0AB95F7CC}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{C97899AE-4BC4-48EC-A97F-47D8975B87E1}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{C98389A7-E928-4E79-AEEF-A8097670B876}" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe | 
"{CD7C2849-DF5D-47B5-BD16-6DDC83F8D404}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{D9B234E8-3B83-4001-B8E4-F22AD7BEBE43}" = protocol=17 | dir=in | app=c:\program files\icq7.2\aolload.exe | 
"{E3CFB2C6-ED06-47EF-9582-BC41C3B5BB1B}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe | 
"{EB02128F-785C-491F-850D-0EA98667810C}" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe | 
"{F5C03FFE-BC35-48CF-8437-9341C4DBE1DB}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe | 
"{F5C0F062-000A-4326-BB87-D14313BF9D6D}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{ADDBE07D-95B8-4789-9C76-187FFF9624B4}" = CorelDRAW Essential Edition 3
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}" = Google Earth
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2315B23D-3E21-4920-837D-AE6460934ECB}" = FIFA 09
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java(TM) 6 Update 13
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{47948554-90C6-4AAC-8CFA-D23CE11C1031}" = Nero 8 Essentials
"{4AB8B41B-3AF1-46BE-99B0-0ACD3B300C0A}" = Junk Mail filter update
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5A166C0B-9557-4364-A057-F946D674E6AC}" = Windows Live Mail
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{6B96DADA-1A27-4A04-8CB2-CC45168D05FA}" = Windows Live Fotogalerie
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}" = ICQ7.2
"{81821BF8-DA20-4F8C-AA87-F70A274828D4}" = Windows Live Writer
"{835686C5-8650-49EB-8CA0-4528B4035495}" = Windows Live Call
"{837B6259-6FF5-4E66-87C1-A5A15ED36FF4}" = Windows Live Messenger
"{83E2CFA9-E0EB-4E08-9F85-43E577FF3D60}" = Windows Live Anmelde-Assistent
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C1E2925-14F8-45AA-B999-1E2A74BF5607}" = Windows Live Sync
"{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}" = Azurewave Wireless LAN
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A0516415-ED61-419A-981D-93596DA74165}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{26454C26-D259-4543-AA60-3189E09C5F76}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel(R) Matrix Storage Manager
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A334F1BA-0A1D-4ED6-B4F9-4066157CA15D}" = DE
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-A94000000001}" = Adobe Reader 9.4.1 - Deutsch
"{ADDBE07D-95B8-4789-9C76-187FFF9624B4}" = CorelDRAW Essential Edition 3
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0846526-66DD-4DC9-A02C-98F9A2806812}" = Launch Manager V1.5.0.2
"{DF5F687F-8018-4542-9F98-7084E9022917}" = Windows Live Essentials
"{F0B2D11F-E4D9-4C17-A195-B8BADEAE9C40}" = VGA USB Camera
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F428D0FB-765D-40EB-BDD8-A1E7F5C597FA}" = Update Manager
"{F69E83CF-B440-43F8-89E6-6EA80712109B}" = Windows Live Communications Platform
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.8
"Google Updater" = Google Updater
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13)
"Native Instruments Service Center" = Native Instruments Service Center
"Native Instruments Traktor 3 LE" = Native Instruments Traktor 3 LE
"NSS" = Norton Security Scan
"Picasa 3" = Picasa 3
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TVWiz" = Intel(R) TV Wizard
"Uninstall_is1" = Uninstall 1.0.0.1
"USB_AUDIO_DEusb-audio.deRLDJIF" = Digital Jockey Interface Driver
"VLC media player" = VLC media player 1.1.4
"WinLiveSuite_Wave3" = Windows Live Essentials
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 31.01.2011 19:26:53 | Computer Name = Medion-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 31.01.2011 19:35:25 | Computer Name = Medion-PC | Source = EventSystem | ID = 4609
Description = 
 
Error - 31.01.2011 19:36:36 | Computer Name = Medion-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 31.01.2011 19:37:41 | Computer Name = Medion-PC | Source = EventSystem | ID = 4609
Description = 
 
Error - 31.01.2011 19:39:31 | Computer Name = Medion-PC | Source = EventSystem | ID = 4609
Description = 
 
Error - 31.01.2011 19:40:34 | Computer Name = Medion-PC | Source = EventSystem | ID = 4609
Description = 
 
Error - 31.01.2011 19:48:58 | Computer Name = Medion-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 01.02.2011 06:38:01 | Computer Name = Medion-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 01.02.2011 09:00:25 | Computer Name = Medion-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 01.02.2011 14:49:37 | Computer Name = Medion-PC | Source = WinMgmt | ID = 10
Description = 
 
[ System Events ]
Error - 03.12.2010 11:17:41 | Computer Name = Medion-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 03.12.2010 11:19:45 | Computer Name = Medion-PC | Source = Dhcp | ID = 1002
Description = Die IP-Adresslease 192.168.0.161 für die Netzwerkkarte mit der Netzwerkadresse
 00224397119E wurde durch den DHCP-Server 0.0.0.0 abgelehnt (der DHCP-Server hat
 eine DHCPNACK-Meldung gesendet).
 
Error - 03.12.2010 13:22:21 | Computer Name = Medion-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 03.12.2010 13:57:17 | Computer Name = Medion-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 03.12.2010 16:48:00 | Computer Name = Medion-PC | Source = Dhcp | ID = 1002
Description = Die IP-Adresslease 192.168.178.22 für die Netzwerkkarte mit der Netzwerkadresse
 00224397119E wurde durch den DHCP-Server 0.0.0.0 abgelehnt (der DHCP-Server hat
 eine DHCPNACK-Meldung gesendet).
 
Error - 03.12.2010 16:48:18 | Computer Name = Medion-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 04.12.2010 06:19:19 | Computer Name = Medion-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 04.12.2010 10:24:57 | Computer Name = Medion-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 04.12.2010 10:48:23 | Computer Name = Medion-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 04.12.2010 17:44:56 | Computer Name = Medion-PC | Source = Service Control Manager | ID = 7000
Description = 
 
 
< End of report >

--- --- ---

cosinus · 01.02.2011, 23:42

Beende alle Programme, starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:

ATTFilter

:OTL
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2008.08.21 11:50:32 | 000,000,672 | RH-- | M] () - D:\autoexec.bat -- [ FAT32 ]
O33 - MountPoints2\{59225f2f-af74-11df-b034-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{59225f2f-af74-11df-b034-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Autorun.exe
[2011.02.01 00:05:50 | 000,000,000 | ---D | C] -- C:\ProgramData\gFcPjDd15400

:Commands
[purity]
[resethosts]
[emptytemp]

Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Beas · 02.02.2011, 16:10

Hier das Logfile:

Zitat:

All processes killed
========== OTL ==========
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\autoexec.bat moved successfully.
D:\autoexec.bat moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{59225f2f-af74-11df-b034-806e6f6e6963}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{59225f2f-af74-11df-b034-806e6f6e6963}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{59225f2f-af74-11df-b034-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{59225f2f-af74-11df-b034-806e6f6e6963}\ not found.
File move failed. E:\AutoRun.exe scheduled to be moved on reboot.
Folder C:\ProgramData\gFcPjDd15400\ not found.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Medion
->Temp folder emptied: 83890801 bytes
->Temporary Internet Files folder emptied: 55204543 bytes
->Java cache emptied: 9297 bytes
->FireFox cache emptied: 79537435 bytes
->Flash cache emptied: 61247 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 5894816 bytes
RecycleBin emptied: 1727512 bytes

Total Files Cleaned = 216,00 mb

OTL by OldTimer - Version 3.2.20.6 log created on 02022011_160556

Files\Folders moved on Reboot...
File move failed. E:\AutoRun.exe scheduled to be moved on reboot.

Registry entries deleted on Reboot...

cosinus · 02.02.2011, 20:28

Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix

Lade dir ComboFix hier herunter auf deinen Desktop. Benenne es beim Runterladen um in cofi.exe.

Dann folgende Anleitung durchlesen und abarbeiten -> CCleaner Systembereinigung

Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.

Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.

Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.

Wichtiger Hinweis:

Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Beas · 03.02.2011, 09:37

hier das combo-fix-log
Combofix Logfile:

Code:

ATTFilter

ComboFix 11-01-31.02 - Medion 03.02.2011   9:20.1.2 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.49.1031.18.3062.2039 [GMT 1:00]
ausgeführt von:: c:\users\Medion\Desktop\cofi.exe.exe
AV: AntiVir Desktop *Disabled/Outdated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Outdated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\Medion\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tool
c:\users\Medion\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tool\System Tool 2011.lnk

.
(((((((((((((((((((((((   Dateien erstellt von 2011-01-03 bis 2011-02-03  ))))))))))))))))))))))))))))))
.

2011-02-03 08:25 . 2011-02-03 08:25	--------	d-----w-	c:\users\Default\AppData\Local\temp
2011-02-03 07:46 . 2011-02-03 07:49	--------	d-----w-	c:\users\Medion\Anti-Virus
2011-01-31 23:43 . 2011-01-31 23:43	--------	d-----w-	c:\users\Medion\AppData\Roaming\Malwarebytes
2011-01-31 23:42 . 2010-12-20 17:09	38224	----a-w-	c:\windows\system32\drivers\mbamswissarmy.sys
2011-01-31 23:42 . 2011-01-31 23:42	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2011-01-31 23:42 . 2010-12-20 17:08	20952	----a-w-	c:\windows\system32\drivers\mbam.sys
2011-01-12 16:28 . 2011-01-12 16:28	--------	d-----w-	c:\users\Medion\AppData\Local\Ahead
2011-01-12 16:27 . 2011-01-12 16:27	--------	d-----w-	c:\users\Medion\AppData\Roaming\Nero
2011-01-12 14:55 . 2010-12-28 15:55	413696	----a-w-	c:\windows\system32\odbc32.dll
2011-01-12 14:55 . 2010-12-28 15:53	253952	----a-w-	c:\program files\Common Files\System\ado\msadox.dll
2011-01-12 14:55 . 2010-12-28 15:53	241664	----a-w-	c:\program files\Common Files\System\ado\msadomd.dll
2011-01-12 14:55 . 2010-12-28 15:53	708608	----a-w-	c:\program files\Common Files\System\ado\msado15.dll
2011-01-12 14:55 . 2010-12-28 15:53	57344	----a-w-	c:\program files\Common Files\System\msadc\msadcs.dll
2011-01-12 14:55 . 2010-12-28 15:53	180224	----a-w-	c:\program files\Common Files\System\msadc\msadco.dll
2011-01-12 14:55 . 2010-12-14 14:49	1169408	----a-w-	c:\windows\system32\sdclt.exe

.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-12-31 17:15 . 2010-08-27 15:04	135096	----a-w-	c:\windows\system32\drivers\avipbb.sys
2010-12-10 17:12 . 2010-08-27 15:04	61960	----a-w-	c:\windows\system32\drivers\avgntflt.sys
2010-12-02 03:35 . 2010-12-02 03:35	4280320	----a-w-	c:\windows\system32\GPhotos.scr
.

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-05-08 39408]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2008-02-28 1828136]
"wmplay.exe"="c:\wmplay\wmplay.exe" [2009-04-11 365568]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-03-21 174872]
"RtHDVCpl"="RtHDVCpl.exe" [2007-07-06 4669440]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-05-08 1111336]
"UCam_Menu"="c:\program files\HomeCinema\YouCam\MUITransfer\MUIStartMenu.exe" [2008-12-03 218408]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-03-05 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-03-05 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-03-05 150552]
"PAC7302_Monitor"="c:\windows\PixArt\PAC7302\Monitor.exe" [2009-04-28 389120]
"HotkeyApp"="c:\program files\Launch Manager\HotkeyApp.exe" [2009-04-10 191488]
"LMgrVolOSD"="c:\program files\Launch Manager\OSD.exe" [2006-12-26 180224]
"LMgrOSD"="c:\program files\Launch Manager\OSDCtrl.exe" [2006-08-29 241664]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-12-10 281768]
"Skytel"="Skytel.exe" [2007-06-15 1826816]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-12-20 963976]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-08-27 135664]
R3 RL_DJIF;usb-audio.de driver for Reloop Digital Jockey Interface;c:\windows\system32\Drivers\rldjifu.sys [2008-06-17 365568]
R3 RL_DJIF_WDM;Digital Jockey Interface WDM Audio;c:\windows\system32\drivers\rldjifa.sys [2008-06-17 34304]
R3 RL_DJIFM;Digital Jockey Interface WDM Midi Device;c:\windows\system32\drivers\rldjifm.sys [2008-06-17 20992]
R3 uxddrv;Dynamically loaded UxdDrv;e:\diagnose\WSTGER32\2PART\uxddrv86.sys [x]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2010-12-10 135336]
S3 netr28;Ralink 802.11n Wireless Driver for Windows Vista;c:\windows\system32\DRIVERS\netr28.sys [2008-11-03 440832]
S3 WisLMSvc;WisLMSvc;c:\program files\Launch Manager\WisLMSvc.exe [2009-03-04 113152]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation	REG_MULTI_SZ   	FontCache
.
Inhalt des "geplante Tasks" Ordners

2011-02-03 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-05-08 12:06]

2011-02-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-27 14:31]

2011-02-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-27 14:31]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.aldi.com/
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Free YouTube to Mp3 Converter - c:\users\Medion\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm
IE: Nach Microsoft &Excel exportieren - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MI1933~1\Office12\EXCEL.EXE/3000
IE: {{0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - eBay - eine der größten deutschen Shopping-Websites
FF - ProfilePath - c:\users\Medion\AppData\Roaming\Mozilla\Firefox\Profiles\0318zy87.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.borussia.de/de/startseite.html
FF - prefs.js: network.proxy.type - 0
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: vShare Plugin: vshare@toolbar - %profile%\extensions\vshare@toolbar
FF - Ext: DVDVideoSoft Menu: {ACAA314B-EEBA-48e4-AD47-84E31C44796C} - %profile%\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -

AddRemove-NSS - c:\program files\Norton Security Scan\Engine\2.7.3.34\InstWrap.exe
AddRemove-_{ADDBE07D-95B8-4789-9C76-187FFF9624B4} - c:\program files\Corel\CorelDRAW Essential Edition 3\Programs\MSILauncher {ADDBE07D-95B8-4789-9C76-187FFF9624B4}



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2011-02-03 09:25
Windows 6.0.6002 Service Pack 2 NTFS

Scanne versteckte Prozesse... 

Scanne versteckte Autostarteinträge... 

Scanne versteckte Dateien... 


c:\windows\TEMP\TMP00000075030E026FDA3AA523 524288 bytes

Scan erfolgreich abgeschlossen
versteckte Dateien: 1

**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------

[HKEY_USERS\S-1-5-21-3423867620-269497745-3642092803-1000\Software\SecuROM\License information*]
"datasecu"=hex:09,1b,fc,25,30,13,33,26,77,8d,2f,30,32,ca,ed,6d,e7,d6,a6,d6,92,
   58,72,3e,73,fb,f2,1e,53,8b,35,64,3a,3a,91,97,87,fe,0b,87,11,1a,90,af,b8,48,\
"rkeysecu"=hex:54,4b,83,f0,1d,2c,6d,cc,f9,84,de,4d,3e,a3,f8,da
.
Zeit der Fertigstellung: 2011-02-03  09:34:47
ComboFix-quarantined-files.txt  2011-02-03 08:34

Vor Suchlauf: 9 Verzeichnis(se), 178.424.406.016 Bytes frei
Nach Suchlauf: 15 Verzeichnis(se), 178.353.594.368 Bytes frei

- - End Of File - - 21E67EE28BD5A0DD1D66F117644BA702

--- --- ---

cosinus · 03.02.2011, 12:24

Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.

Downloade Dir danach bitte MBRCheck (by a_d_13) und speichere die Datei auf dem Desktop.

Doppelklick auf die MBRCheck.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Das Tool braucht nur wenige Sekunden.
Danach solltest du eine MBRCheck_<Datum>_<Uhrzeit>.txt auf dem Desktop finden.

Poste mir bitte den Inhalt des .txt Dokumentes

Beas · 03.02.2011, 14:23

gmer wollte leider nicht funktionieren.
hier das osam-logfile
OSAM Logfile:

Code:

ATTFilter

Report of OSAM: Autorun Manager v5.0.11926.0
Online Solutions. Complex Protection for Information Systems
Saved at 14:20:43 on 03.02.2011

OS: Windows Vista Home Premium Edition Service Pack 2 (Build 6002), 32-bit
Default Browser: Mozilla Corporation Firefox 3.6.13

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Common]
-----( %SystemRoot%\Tasks )-----
"Google Software Updater.job" - "Google" - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
"GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe

[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"ISUSPM.cpl" - "Macrovision Corporation" - C:\Windows\system32\ISUSPM.cpl
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"Nero BurnRights" - "Nero AG" - C:\Program Files\Nero\Nero8\Nero Toolkit\NeroBurnRights.cpl

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"avgntflt" (avgntflt) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avgntflt.sys
"avipbb" (avipbb) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avipbb.sys
"catchme" (catchme) - ? - C:\Users\Medion\AppData\Local\Temp\catchme.sys  (File not found)
"Digital Jockey Interface WDM Audio" (RL_DJIF_WDM) - "Ploytec GmbH" - C:\Windows\System32\drivers\rldjifa.sys
"Digital Jockey Interface WDM Midi Device" (RL_DJIFM) - "Ploytec GmbH" - C:\Windows\System32\drivers\rldjifm.sys
"Dynamically loaded UxdDrv" (uxddrv) - ? - E:\DIAGNOSE\WSTGER32\2PART\uxddrv86.sys  (File not found)
"IP in IP Tunnel Driver" (IpInIp) - ? - C:\Windows\System32\DRIVERS\ipinip.sys  (File not found)
"IPX Traffic Filter Driver" (NwlnkFlt) - ? - C:\Windows\System32\DRIVERS\nwlnkflt.sys  (File not found)
"IPX Traffic Forwarder Driver" (NwlnkFwd) - ? - C:\Windows\System32\DRIVERS\nwlnkfwd.sys  (File not found)
"PxHelp20" (PxHelp20) - "Sonic Solutions" - C:\Windows\System32\Drivers\PxHelp20.sys
"ssmdrv" (ssmdrv) - "Avira GmbH" - C:\Windows\System32\DRIVERS\ssmdrv.sys
"ugryypod" (ugryypod) - ? - C:\Users\Medion\AppData\Local\Temp\ugryypod.sys  (Hidden registry entry, rootkit activity | File not found)
"usb-audio.de driver for Reloop Digital Jockey Interface" (RL_DJIF) - "Ploytec GmbH" - C:\Windows\System32\Drivers\rldjifu.sys

[Explorer]
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
-----( HKLM\Software\Classes\Protocols\Filter )-----
{807563E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
-----( HKLM\Software\Classes\Protocols\Handler )-----
{32505114-5902-49B2-880A-1F7738E5A384} "Data Page Plugable Protocal mso-offdap11 Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL
{3D9F03FA-7A94-11D3-BE81-0050048385D1} "Data Page Pluggable Protocol mso-offdap Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL
{314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
{828030A1-22C1-4009-854F-8E305202313F} "livecall" - "Microsoft Corporation" - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
{0A9007C0-4076-11D3-8789-0000F8105754} "Microsoft Infotech Storage Protocol for IE 4.0" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll
{828030A1-22C1-4009-854F-8E305202313F} "msnim" - "Microsoft Corporation" - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
{03C514A3-1EFB-4856-9F99-10D7BE1653C0} "Windows Live Mail HTML Asynchronous Pluggable Protocol Handler" - "Microsoft Corporation" - C:\Program Files\Windows Live\Mail\mailcomm.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )-----
{AEB6717E-7E19-11d0-97EE-00C04FD91972} "{AEB6717E-7E19-11d0-97EE-00C04FD91972}" - ? -   (File not found | COM-object registry key not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{911051fa-c21c-4246-b470-070cd8df6dc4} ".cab or .zip files" - ? -   (File not found | COM-object registry key not found)
{1b24a030-9b20-49bc-97ac-1be4426f9e59} "ActiveDirectory Folder" - ? -   (File not found | COM-object registry key not found)
{34449847-FD14-4fc8-A75A-7432F5181EFB} "ActiveDirectory Folder" - ? -   (File not found | COM-object registry key not found)
{0563DB41-F538-4B37-A92D-4659049B7766} "CLSID_WLMCMimeFilter" - "Microsoft Corporation" - C:\Program Files\Windows Live\Mail\mailcomm.dll
{0F8604A5-4ECE-4DE1-BA7D-CF10F8AA4F48} "Contacts folder" - ? -   (File not found | COM-object registry key not found)
 "CorelDRAW Shell Extension Component" - ? -   (File not found | COM-object registry key not found)
{2C2577C2-63A7-40e3-9B7F-586602617ECB} "Explorer Query Band" - ? -   (File not found | COM-object registry key not found)
{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\OFFICE11\msohev.dll
{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C} "Microsoft Office OneNote Namespace Extension for Windows Desktop Search" - "Microsoft Corporation" - C:\PROGRA~1\MI1933~1\Office12\ONFILTER.DLL
{00020d75-0000-0000-c000-000000000046} "Microsoft Office Outlook" - "Microsoft Corporation" - C:\PROGRA~1\MI1933~1\OFFICE11\MLSHEXT.DLL
{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{97F68CE3-7146-45FF-BE24-D9A7DD7CB8A2} "NeroCoverEdLiveIcons Class" - "Nero AG" - C:\Program Files\Nero\Nero8\Nero CoverDesigner\CoverEdExtension.dll
{0006F045-0000-0000-C000-000000000046} "Outlook-Dateisymbolerweiterung" - "Microsoft Corporation" - C:\PROGRA~1\MI1933~1\OFFICE11\OLKFSTUB.DLL
{C8494E42-ACDD-4739-B0FB-217361E4894F} "Sam Account Folder" - ? -   (File not found | COM-object registry key not found)
{E29F9716-5C08-4FCD-955A-119FDB5A522D} "Sam Account Folder" - ? -   (File not found | COM-object registry key not found)
{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\shlext.dll
{BDEADF00-C265-11D0-BCED-00A0C90AB50F} "Webordner" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
{2BE99FD4-A181-4996-BFA9-58C5FFD11F6C} "Windows Live Photo Gallery Autoplay Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe
{00F30F64-AC33-42F5-8FD1-5DC2D3FDE06C} "Windows Live Photo Gallery Editor Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe
{00F3712A-CA79-45B4-9E4D-D7891E7F8B9D} "Windows Live Photo Gallery Editor Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll
{00F30F90-3E96-453B-AFCD-D71989ECC2C7} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll
{00F33137-EE26-412F-8D71-F84E4C2C6625} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll
{00F374B7-B390-4884-B372-2FC349F2172B} "Windows Live Photo Gallery Viewer Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe
{00F346CB-35A4-465B-8B8F-65A29DBAB1F6} "Windows Live Photo Gallery Viewer Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll
{da67b8ad-e81b-4c70-9b91b417b5e33527} "Windows Search Shell Service" - ? -   (File not found | COM-object registry key not found)
{06A2568A-CED6-4187-BB20-400B8C02BE5A} "{06A2568A-CED6-4187-BB20-400B8C02BE5A}" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoAcquireWizard.exe

[Internet Explorer]
-----( HKCU\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
"eBay - Der weltweite Online-Marktplatz" - ? - eBay - eine der größten deutschen Shopping-Websites  (HTTP value)
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
<binary data> "Google Toolbar" - "Google Inc." - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
<binary data> "ITBar7Layout" - ? -   (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_13" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} "Java Plug-in 1.6.0_13" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_13" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_13.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
{48E73304-E1D6-4330-914C-F5F514E3486C} "An OneNote senden" - "Microsoft Corporation" - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
"eBay - Der weltweite Online-Marktplatz" - ? - eBay - eine der größten deutschen Shopping-Websites  (HTTP value)
"ICQ7.2" - "ICQ, LLC." - C:\Program Files\ICQ7.2\ICQ.exe
{5F7B1267-94A9-47F5-98DB-E99415F33AEC} "In Blog veröffentlichen" - "Microsoft Corporation" - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
{FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Recherchieren" - "Microsoft Corporation" - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )-----
<binary data> "Google Toolbar" - "Google Inc." - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
{AA58ED58-01DD-4d91-8333-CF10577473F7} "Google Toolbar Helper" - "Google Inc." - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} "Google Toolbar Notifier BHO" - "Google Inc." - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2ssv.dll
{9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live Anmelde-Hilfsprogramm" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
{5C255C8A-E604-49b4-9D64-90988571CECB} "{5C255C8A-E604-49b4-9D64-90988571CECB}" - ? -   (File not found | COM-object registry key not found)

[Logon]
-----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\Users\Medion\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}" - "Nero AG" - "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
"swg" - "Google Inc." - "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
-----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )-----
"StartupPrograms" - ? - rdpclip  (File not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"Adobe ARM" - "Adobe Systems Incorporated" - "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"Adobe Reader Speed Launcher" - "Adobe Systems Incorporated" - "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"avgnt" - "Avira GmbH" - "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
"HotkeyApp" - "Wistron" - "C:\Program Files\Launch Manager\HotkeyApp.exe"
"IAAnotif" - "Intel Corporation" - "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
"LMgrOSD" - ? - "C:\Program Files\Launch Manager\OSDCtrl.exe"
"LMgrVolOSD" - "Wistron Corp." - "C:\Program Files\Launch Manager\OSD.exe"
"Malwarebytes' Anti-Malware (reboot)" - "Malwarebytes Corporation" - "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
"UCam_Menu" - "CyberLink Corp." - "C:\Program Files\HomeCinema\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\HomeCinema\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\2.0"

[Print Monitors]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----
"Microsoft Document Imaging Writer Monitor" - "Microsoft Corporation" - C:\Windows\system32\mdimon.dll
"Send To Microsoft OneNote Monitor" - "Microsoft Corporation" - C:\Windows\system32\msonpmon.dll

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"@C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100" (WPFFontCache_v0400) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
"Avira AntiVir Guard" (AntiVirService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
"Avira AntiVir Planer" (AntiVirSchedulerService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\sched.exe
"Google Software Updater" (gusvc) - "Google" - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
"Google Update Service (gupdate)" (gupdate) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"Intel(R) Matrix Storage Event Monitor" (IAANTMON) - "Intel Corporation" - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
"Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
"Microsoft Office Diagnostics Service" (odserv) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
"Nero BackItUp Scheduler 3" (Nero BackItUp Scheduler 3) - "Nero AG" - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
"NMIndexingService" (NMIndexingService) - "Nero AG" - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
"Office Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
"PLFlash DeviceIoControl Service" (PLFlash DeviceIoControl Service) - "Prolific Technology Inc." - C:\Windows\system32\IoctlSvc.exe
"ProtexisLicensing" (ProtexisLicensing) - ? - C:\Windows\system32\PSIService.exe
"WisLMSvc" (WisLMSvc) - "Wistron Corp." - C:\Program Files\Launch Manager\WisLMSvc.exe

===[ Logfile end ]=========================================[ Logfile end ]===

--- --- ---
If You have questions or want to get some help, You can visit Online Solutions :: Index[/QUOTE]

Beas · 03.02.2011, 14:25

und hier MBRCheck

Zitat:

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows Vista Home Premium Edition
Windows Information: Service Pack 2 (build 6002), 32-bit
Base Board Manufacturer: MEDION
BIOS Manufacturer: Phoenix Technologies LTD
System Manufacturer: MEDION
System Product Name: E5214
Logical Drives Mask: 0x0000001c

Kernel Drivers (total 138):
0x81E40000 \SystemRoot\system32\ntkrnlpa.exe
0x81E0D000 \SystemRoot\system32\hal.dll
0x80406000 \SystemRoot\system32\kdcom.dll
0x8040D000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x8047D000 \SystemRoot\system32\PSHED.dll
0x8048E000 \SystemRoot\system32\BOOTVID.dll
0x80496000 \SystemRoot\system32\CLFS.SYS
0x804D7000 \SystemRoot\system32\CI.dll
0x80607000 \SystemRoot\system32\drivers\Wdf01000.sys
0x80683000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x80690000 \SystemRoot\system32\drivers\acpi.sys
0x806D6000 \SystemRoot\system32\drivers\WMILIB.SYS
0x806DF000 \SystemRoot\system32\drivers\msisadrv.sys
0x806E7000 \SystemRoot\system32\drivers\pci.sys
0x8070E000 \SystemRoot\System32\drivers\partmgr.sys
0x8071D000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x80720000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x8072A000 \SystemRoot\system32\drivers\volmgr.sys
0x80739000 \SystemRoot\System32\drivers\volmgrx.sys
0x80783000 \SystemRoot\system32\drivers\intelide.sys
0x8078A000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0x80798000 \SystemRoot\System32\drivers\mountmgr.sys
0x8280B000 \SystemRoot\system32\DRIVERS\iaStor.sys
0x828D2000 \SystemRoot\system32\drivers\atapi.sys
0x828DA000 \SystemRoot\system32\drivers\ataport.SYS
0x828F8000 \SystemRoot\system32\drivers\fltmgr.sys
0x8292A000 \SystemRoot\system32\drivers\fileinfo.sys
0x8293A000 \SystemRoot\System32\Drivers\PxHelp20.sys
0x82943000 \SystemRoot\System32\Drivers\ksecdd.sys
0x82A04000 \SystemRoot\system32\drivers\ndis.sys
0x82B0F000 \SystemRoot\system32\drivers\msrpc.sys
0x82B3A000 \SystemRoot\system32\drivers\NETIO.SYS
0x8A20B000 \SystemRoot\System32\drivers\tcpip.sys
0x8A2F5000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x8A40A000 \SystemRoot\System32\Drivers\Ntfs.sys
0x8A51A000 \SystemRoot\system32\drivers\volsnap.sys
0x8A553000 \SystemRoot\System32\Drivers\spldr.sys
0x8A55B000 \SystemRoot\System32\Drivers\mup.sys
0x8A56A000 \SystemRoot\System32\drivers\ecache.sys
0x8A591000 \SystemRoot\system32\drivers\disk.sys
0x8A5A2000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x8A5C3000 \SystemRoot\system32\drivers\crcdisk.sys
0x8A5D9000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x8A5E4000 \SystemRoot\system32\DRIVERS\tunmp.sys
0x8A5ED000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0x8A3D7000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x8E00A000 \SystemRoot\system32\DRIVERS\igdkmd32.sys
0x8E909000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x8E9AA000 \SystemRoot\System32\drivers\watchdog.sys
0x8E9B6000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x8E9C1000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x8A3E6000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x8EC08000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x8EC95000 \SystemRoot\system32\DRIVERS\Rtlh86.sys
0x8ECAF000 \SystemRoot\system32\DRIVERS\netr28.sys
0x8ED22000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x8ED26000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x8ED39000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x8ED44000 \SystemRoot\system32\DRIVERS\SynTP.sys
0x8ED74000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x8ED76000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x8ED81000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x8ED99000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0x82B75000 \SystemRoot\system32\DRIVERS\storport.sys
0x8EDC8000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x8EDD3000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x8EDEA000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x82BB6000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x82BD9000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x82BE8000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x829B4000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x829C9000 \SystemRoot\system32\DRIVERS\termdd.sys
0x8EDF5000 \SystemRoot\system32\DRIVERS\swenum.sys
0x807A8000 \SystemRoot\system32\DRIVERS\ks.sys
0x8E000000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x829D9000 \SystemRoot\system32\DRIVERS\umbus.sys
0x805B7000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x829E6000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x8F00D000 \SystemRoot\system32\drivers\RTKVHDA.sys
0x8F1CD000 \SystemRoot\system32\drivers\portcls.sys
0x807D2000 \SystemRoot\system32\drivers\drmk.sys
0x8F000000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x8EDF7000 \SystemRoot\System32\Drivers\Null.SYS
0x8EC00000 \SystemRoot\System32\Drivers\Beep.SYS
0x805EC000 \SystemRoot\System32\drivers\vga.sys
0x8F200000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x8F221000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x8F229000 \SystemRoot\system32\drivers\rdpencdd.sys
0x8F231000 \SystemRoot\System32\Drivers\Msfs.SYS
0x8F23C000 \SystemRoot\System32\Drivers\Npfs.SYS
0x8F24A000 \SystemRoot\System32\DRIVERS\rasacd.sys
0x8F253000 \SystemRoot\system32\DRIVERS\tdx.sys
0x8F269000 \SystemRoot\system32\DRIVERS\smb.sys
0x8F27D000 \SystemRoot\system32\drivers\afd.sys
0x8F2C5000 \SystemRoot\System32\DRIVERS\netbt.sys
0x8F2F7000 \SystemRoot\system32\DRIVERS\pacer.sys
0x8F30D000 \SystemRoot\system32\DRIVERS\netbios.sys
0x8F31B000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x8F32E000 \SystemRoot\system32\DRIVERS\ssmdrv.sys
0x8F334000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x8F370000 \SystemRoot\system32\drivers\nsiproxy.sys
0x8F37A000 \SystemRoot\System32\Drivers\dfsc.sys
0x8F391000 \SystemRoot\system32\DRIVERS\avipbb.sys
0x8F3B7000 \SystemRoot\System32\Drivers\fastfat.SYS
0x8F3DF000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x8F3E8000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x8F3F8000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x8A5F6000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x8A5CC000 \SystemRoot\System32\Drivers\crashdmp.sys
0x8A310000 \SystemRoot\System32\Drivers\dump_iaStor.sys
0x96E10000 \SystemRoot\System32\win32k.sys
0x8A400000 \SystemRoot\System32\drivers\Dxapi.sys
0xA7802000 \SystemRoot\system32\DRIVERS\monitor.sys
0x97030000 \SystemRoot\System32\TSDDD.dll
0x97050000 \SystemRoot\System32\cdd.dll
0xA7811000 \SystemRoot\system32\drivers\luafv.sys
0xA782C000 \SystemRoot\system32\DRIVERS\avgntflt.sys
0xA7841000 \SystemRoot\system32\drivers\spsys.sys
0xA78F1000 \SystemRoot\system32\DRIVERS\lltdio.sys
0xA7901000 \SystemRoot\system32\DRIVERS\nwifi.sys
0xA792B000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xA7935000 \SystemRoot\system32\DRIVERS\rspndr.sys
0xA7948000 \SystemRoot\system32\drivers\HTTP.sys
0xA79B5000 \SystemRoot\System32\DRIVERS\srvnet.sys
0xA79D2000 \SystemRoot\system32\DRIVERS\bowser.sys
0xA79EB000 \SystemRoot\System32\drivers\mpsdrv.sys
0xAB608000 \SystemRoot\system32\drivers\mrxdav.sys
0xAB629000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xAB648000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0xAB681000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0xAB699000 \SystemRoot\System32\DRIVERS\srv2.sys
0xAB6C1000 \SystemRoot\System32\DRIVERS\srv.sys
0xAB70F000 \SystemRoot\system32\drivers\peauth.sys
0xAB7ED000 \SystemRoot\System32\Drivers\secdrv.SYS
0xAD60B000 \SystemRoot\System32\drivers\tcpipreg.sys
0xAD617000 \SystemRoot\system32\DRIVERS\cdfs.sys
0xAD62D000 \??\C:\Users\Medion\AppData\Local\Temp\ugryypod.sys
0x779D0000 \Windows\System32\ntdll.dll

Processes (total 65):
0 System Idle Process
4 System
464 C:\Windows\System32\smss.exe
580 csrss.exe
620 C:\Windows\System32\wininit.exe
628 csrss.exe
664 C:\Windows\System32\services.exe
696 C:\Windows\System32\lsass.exe
704 C:\Windows\System32\lsm.exe
768 C:\Windows\System32\winlogon.exe
868 C:\Windows\System32\svchost.exe
948 C:\Windows\System32\svchost.exe
988 C:\Windows\System32\svchost.exe
1088 C:\Windows\System32\svchost.exe
1116 C:\Windows\System32\svchost.exe
1136 C:\Windows\System32\svchost.exe
1292 C:\Windows\System32\audiodg.exe
1324 C:\Windows\System32\SLsvc.exe
1356 C:\Windows\System32\svchost.exe
1496 C:\Windows\System32\svchost.exe
1768 C:\Windows\System32\spoolsv.exe
1812 C:\Program Files\Avira\AntiVir Desktop\sched.exe
1832 C:\Windows\System32\svchost.exe
1948 C:\Windows\System32\taskeng.exe
1976 C:\Windows\System32\dwm.exe
480 C:\Program Files\Avira\AntiVir Desktop\avguard.exe
540 C:\Windows\explorer.exe
632 C:\Windows\System32\taskeng.exe
1528 C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
2104 C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
2176 C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
2316 C:\Windows\System32\IoctlSvc.exe
2336 C:\Windows\System32\svchost.exe
2352 C:\Windows\System32\PSIService.exe
2388 C:\Windows\System32\svchost.exe
2448 C:\Windows\System32\svchost.exe
2516 C:\Windows\System32\SearchIndexer.exe
3204 C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
3216 C:\Windows\RtHDVCpl.exe
3232 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
3360 C:\Windows\System32\igfxtray.exe
3392 C:\Windows\System32\hkcmd.exe
3436 C:\Windows\System32\igfxsrvc.exe
3460 C:\Windows\System32\igfxpers.exe
3472 C:\Windows\Pixart\Pac7302\Monitor.exe
3492 C:\Program Files\Launch Manager\HotkeyApp.exe
3528 C:\Program Files\Launch Manager\OSD.exe
3536 C:\Program Files\Launch Manager\OSDCtrl.exe
3556 C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
3612 C:\Program Files\Windows Sidebar\sidebar.exe
3656 C:\Program Files\Launch Manager\WisLMSvc.exe
3664 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
3708 C:\Program Files\Windows Media Player\wmpnscfg.exe
3724 WmiPrvSE.exe
3772 C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
3820 C:\Program Files\Windows Media Player\wmpnetwk.exe
3944 C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
3680 C:\Windows\System32\SearchProtocolHost.exe
2164 C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
2748 C:\Program Files\Mozilla Firefox\firefox.exe
2956 C:\Windows\System32\SearchFilterHost.exe
1824 dllhost.exe
3244 dllhost.exe
2432 C:\Users\Medion\Desktop\MBRCheck.exe
2528 C:\Windows\System32\conime.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00100000 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000045`a3fe1800 (FAT32)

PhysicalDrive0 Model Number: HitachiHTS545032B9A300, Rev: PB3OC64G

Size Device Name MBR Status
--------------------------------------------
298 GB \\.\PhysicalDrive0 Windows 2008 MBR code detected
SHA1: 8DF43F2BDE2D9451948FA14B5279969C777A7979

Done!

cosinus · 03.02.2011, 16:19

Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!

01.02.2011, 21:50	#4
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	System Tool Malware Gibt es noch weitere Logs von Malwarebytes? Wenn ja bitte alle davon posten. Du findest diese im Reiter Logdateien in Malwarebytes. __________________ Logfiles bitte immer in CODE-Tags posten

03.02.2011, 16:19	#15
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	System Tool Malware Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs. Denk dran beide Tools zu updaten vor dem Scan!! __________________ Logfiles bitte immer in CODE-Tags posten

System Tool Malware

Plagegeister aller Art und deren Bekämpfung: System Tool Malware