Irgendwas macht aus meinen Ordnern Anwendungen
 

Hallo an alle,

ich habe folgenes problem:

also die infektion kam so, dass ich die sd card von einem kumpel genommen habe weil ich ein foto davon haben wollte.

bei ihm war es so das man auch eine anwendung öffnen musste. das habe ich dann getan. dann kam ein neuer windows explorer und ich habe das bild gefunden und auf meine festplatte gespeichert und dann war es bei mir leider auch so, dass alle ordner anwendungen geworden sind. immer wenn ich dies nun öffne, öffnen sich dutzend von windows explorer und der rchner stürzt ab.

ich habe mein problem schon beim chip forum gepostet. hier der link
h**p://forum.chip.de/viren-trojaner-wuermer/virus-trojaner-wurm-macht-meinen-ordnern-anwendungen-1369726.html

mein BS ist windows 7 starter

ich habe die anleitung von trojaner board durchgeführt.

ccleaner ist erledigt und bereinigt

hier von malwarebytes

Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org

Datenbank Version: 3976

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

11.04.2010 22:14:57
mbam-log-2010-04-11 (22-14-57).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 221395
Laufzeit: 1 Stunde(n), 7 Minute(n), 34 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 3

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
C:\WINDOWS.EXE (Worm.Venom) -> No action taken.
C:\Windows\System32\SYSTIM32.EXE (Trojan.Agent) -> No action taken.
C:\Windows\SYSTIM32.EXE (Trojan.FakeAlert) -> No action taken.

und von RSIT funktioniert die exe datei nicht. es kommt folgende fehlermeldung
Line-1:
Error: Variable used without being declared

ich hoffe ich habe alles richtig gemacht und ihr könnt mir weiter helfen

Hallo und :hallo:

RSIT ist nicht ganz kompatibel mit Win7. Man kann es über den Kompatibilitätmodus laufen lassen oder Du nimmst OTL:

Systemscan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop

• Doppelklick auf die OTL.exe
• Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
• Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
• Unter Extra Registry, wähle bitte Use SafeList
• Klicke nun auf Run Scan links oben
• Wenn der Scan beendet wurde werden 2 Logfiles erstellt
• Poste die Logfiles hier in den Thread.

danke cosinus für die hilfe

hier der OTL Report

OTL logfile created on: 4/12/2010 10:40:32 PM - Run 3
OTL by OldTimer - Version 3.2.1.1 Folder = C:\Users\PT\Desktop
Starter Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

1,014.00 Mb Total Physical Memory | 323.00 Mb Available Physical Memory | 32.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 60.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 100.00 Gb Total Space | 64.95 Gb Free Space | 64.95% Space Free | Partition Type: NTFS
Drive D: | 122.87 Gb Total Space | 19.90 Gb Free Space | 16.20% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: PT-PC
Current User Name: PT
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/04/11 20:48:19 | 000,561,664 | ---- | M] (OldTimer Tools) -- C:\Users\PT\Desktop\OTL.exe
PRC - [2010/04/02 21:10:35 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/02/23 06:59:05 | 000,603,904 | ---- | M] (TuneUp Software GmbH) -- C:\Windows\System32\TUProgSt.exe
PRC - [2009/10/31 15:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/10/27 08:30:00 | 000,413,688 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files\EeePC\SHE\SuperHybridEngine.exe
PRC - [2009/10/17 15:43:28 | 001,021,424 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files\EeePC\HotkeyService\HotkeyService.exe
PRC - [2009/09/29 20:28:44 | 007,744,032 | ---- | M] (Realtek Semiconductor) -- C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
PRC - [2009/09/26 05:04:10 | 000,115,888 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files\asus\SystemSetting\WallPaperAgent.exe
PRC - [2009/09/15 11:05:56 | 000,044,312 | ---- | M] () -- C:\Program Files\Asus\Game Park\GameConsole\OberonGameConsoleService.exe
PRC - [2009/09/12 05:41:02 | 000,100,328 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files\EeePC\HotkeyService\HotKeyMon.exe
PRC - [2009/08/19 11:35:56 | 000,219,136 | ---- | M] () -- C:\Windows\System32\AsusService.exe
PRC - [2009/07/21 22:34:28 | 000,185,089 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2009/07/14 11:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009/06/05 13:03:32 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2009/06/05 13:03:06 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
PRC - [2009/05/14 00:48:18 | 000,108,289 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2009/05/07 09:53:50 | 001,220,608 | ---- | M] (MAGIX AG) -- C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe
PRC - [2009/03/02 21:08:43 | 000,209,153 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe


========== Modules (SafeList) ==========

MOD - [2010/04/11 20:48:19 | 000,561,664 | ---- | M] (OldTimer Tools) -- C:\Users\PT\Desktop\OTL.exe
MOD - [2009/07/14 11:16:15 | 000,099,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sspicli.dll
MOD - [2009/07/14 11:16:13 | 000,092,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sechost.dll
MOD - [2009/07/14 11:16:13 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\samcli.dll
MOD - [2009/07/14 11:16:12 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\profapi.dll
MOD - [2009/07/14 11:16:03 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\netutils.dll
MOD - [2009/07/14 11:15:35 | 000,288,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\KernelBase.dll
MOD - [2009/07/14 11:15:13 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dwmapi.dll
MOD - [2009/07/14 11:15:11 | 000,064,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\devobj.dll
MOD - [2009/07/14 11:15:07 | 000,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cryptbase.dll
MOD - [2009/07/14 11:15:02 | 000,145,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cfgmgr32.dll
MOD - [2009/07/14 11:03:50 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/02/23 06:59:05 | 000,603,904 | ---- | M] (TuneUp Software GmbH) [Auto | Running] -- C:\Windows\System32\TUProgSt.exe -- (TuneUp.ProgramStatisticsSvc)
SRV - [2010/02/23 06:59:03 | 000,362,752 | ---- | M] (TuneUp Software GmbH) [On_Demand | Stopped] -- C:\Windows\System32\TuneUpDefragService.exe -- (TuneUp.Defrag)
SRV - [2009/09/15 11:05:56 | 000,044,312 | ---- | M] () [Auto | Running] -- C:\Program Files\Asus\Game Park\GameConsole\OberonGameConsoleService.exe -- (OberonGameConsoleService)
SRV - [2009/08/19 11:35:56 | 000,219,136 | ---- | M] () [Auto | Running] -- C:\Windows\System32\AsusService.exe -- (AsusService)
SRV - [2009/07/21 22:34:28 | 000,185,089 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2009/07/14 11:16:21 | 000,185,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wwansvc.dll -- (WwanSvc)
SRV - [2009/07/14 11:16:17 | 000,151,552 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wbiosrvc.dll -- (WbioSrvc)
SRV - [2009/07/14 11:16:17 | 000,119,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\umpo.dll -- (Power)
SRV - [2009/07/14 11:16:16 | 000,037,376 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\themeservice.dll -- (Themes)
SRV - [2009/07/14 11:16:15 | 000,053,760 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sppuinotify.dll -- (sppuinotify)
SRV - [2009/07/14 11:16:13 | 000,043,520 | ---- | M] (Microsoft Corporation) [Unknown | Running] -- C:\Windows\System32\RpcEpMap.dll -- (RpcEptMapper)
SRV - [2009/07/14 11:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpsvc.dll -- (PNRPsvc)
SRV - [2009/07/14 11:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpsvc.dll -- (p2pimsvc)
SRV - [2009/07/14 11:16:12 | 000,165,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\provsvc.dll -- (HomeGroupProvider)
SRV - [2009/07/14 11:16:12 | 000,020,480 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpauto.dll -- (PNRPAutoReg)
SRV - [2009/07/14 11:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV - [2009/07/14 11:15:36 | 000,194,560 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\ListSvc.dll -- (HomeGroupListener)
SRV - [2009/07/14 11:15:21 | 000,797,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2009/07/14 11:15:11 | 000,253,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dhcpcore.dll -- (Dhcp)
SRV - [2009/07/14 11:15:10 | 000,218,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\defragsvc.dll -- (defragsvc)
SRV - [2009/07/14 11:14:59 | 000,076,800 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\bdesvc.dll -- (BDESVC)
SRV - [2009/07/14 11:14:58 | 000,088,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\AxInstSv.dll -- (AxInstSV) ActiveX-Installer (AxInstSV)
SRV - [2009/07/14 11:14:53 | 000,027,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\appidsvc.dll -- (AppIDSvc)
SRV - [2009/07/14 11:14:29 | 003,179,520 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\sppsvc.exe -- (sppsvc)
SRV - [2009/06/05 13:03:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe -- (IAANTMON) Intel(R)
SRV - [2009/05/14 00:48:18 | 000,108,289 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2009/05/07 09:53:50 | 001,220,608 | ---- | M] (MAGIX AG) [Unknown | Running] -- C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe -- (Fabs)
SRV - [2008/11/07 20:37:38 | 000,027,904 | ---- | M] (TuneUp Software GmbH) [Auto | Stopped] -- C:\Windows\System32\uxtuneup.dll -- (UxTuneUp)
SRV - [2008/08/08 02:10:02 | 003,276,800 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance)


========== Driver Services (SafeList) ==========

DRV - [2010/02/23 06:37:28 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2009/11/25 20:19:02 | 000,056,816 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2009/10/06 03:31:50 | 001,221,632 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2009/09/29 20:16:02 | 002,776,672 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2009/09/23 14:14:24 | 004,808,192 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\igdkmd32.sys -- (igfx)
DRV - [2009/07/27 17:06:45 | 000,051,712 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\L1C62x86.sys -- (L1C) NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20)
DRV - [2009/07/20 19:48:32 | 000,213,552 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SynTP.sys -- (SynTP)
DRV - [2009/07/20 19:29:40 | 000,013,880 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\kbfiltr.sys -- (kbfiltr)
DRV - [2009/07/14 11:26:21 | 000,015,952 | ---- | M] (CMD Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\windows\system32\DRIVERS\cmdide.sys -- (cmdide)
DRV - [2009/07/14 11:26:17 | 000,297,552 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\windows\system32\DRIVERS\adpahci.sys -- (adpahci)
DRV - [2009/07/14 11:26:15 | 000,422,976 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\windows\system32\DRIVERS\adp94xx.sys -- (adp94xx)
DRV - [2009/07/14 11:26:15 | 000,159,312 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\windows\system32\DRIVERS\amdsbs.sys -- (amdsbs)
DRV - [2009/07/14 11:26:15 | 000,146,512 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\windows\system32\DRIVERS\adpu320.sys -- (adpu320)
DRV - [2009/07/14 11:26:15 | 000,086,608 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\windows\system32\DRIVERS\arcsas.sys -- (arcsas)
DRV - [2009/07/14 11:26:15 | 000,079,952 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\windows\system32\DRIVERS\amdsata.sys -- (amdsata)
DRV - [2009/07/14 11:26:15 | 000,076,368 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\windows\system32\DRIVERS\arc.sys -- (arc)
DRV - [2009/07/14 11:26:15 | 000,023,616 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\windows\system32\DRIVERS\amdxata.sys -- (amdxata)
DRV - [2009/07/14 11:26:15 | 000,014,400 | ---- | M] (Acer Laboratories Inc.) [Kernel | On_Demand | Stopped] -- C:\windows\system32\DRIVERS\aliide.sys -- (aliide)
DRV - [2009/07/14 11:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\windows\system32\DRIVERS\nvstor.sys -- (nvstor)
DRV - [2009/07/14 11:20:44 | 000,117,312 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\windows\system32\DRIVERS\nvraid.sys -- (nvraid)
DRV - [2009/07/14 11:20:44 | 000,044,624 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Stopped] -- C:\windows\system32\DRIVERS\nfrd960.sys -- (nfrd960)
DRV - [2009/07/14 11:20:37 | 000,089,168 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\windows\system32\DRIVERS\lsi_sas.sys -- (LSI_SAS)
DRV - [2009/07/14 11:20:36 | 000,332,352 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\windows\system32\DRIVERS\iaStorV.sys -- (iaStorV)
DRV - [2009/07/14 11:20:36 | 000,235,584 | ---- | M] (LSI Corporation, Inc.) [Kernel | On_Demand | Stopped] -- C:\windows\system32\DRIVERS\MegaSR.sys -- (MegaSR)
DRV - [2009/07/14 11:20:36 | 000,133,200 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\windows\System32\Drivers\ksecpkg.sys -- (KSecPkg)
DRV - [2009/07/14 11:20:36 | 000,096,848 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\windows\system32\DRIVERS\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2009/07/14 11:20:36 | 000,095,824 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\windows\system32\DRIVERS\lsi_fc.sys -- (LSI_FC)
DRV - [2009/07/14 11:20:36 | 000,054,864 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\windows\system32\DRIVERS\lsi_sas2.sys -- (LSI_SAS2)
DRV - [2009/07/14 11:20:36 | 000,041,040 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | On_Demand | Stopped] -- C:\windows\system32\DRIVERS\iirsp.sys -- (iirsp)
DRV - [2009/07/14 11:20:36 | 000,030,800 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\windows\system32\DRIVERS\megasas.sys -- (megasas)
DRV - [2009/07/14 11:20:36 | 000,013,904 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\windows\System32\drivers\hwpolicy.sys -- (hwpolicy)
DRV - [2009/07/14 11:20:28 | 000,453,712 | ---- | M] (Emulex) [Kernel | On_Demand | Stopped] -- C:\windows\system32\DRIVERS\elxstor.sys -- (elxstor)
DRV - [2009/07/14 11:20:28 | 000,070,720 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\windows\system32\DRIVERS\djsvs.sys -- (aic78xx)
DRV - [2009/07/14 11:20:28 | 000,067,152 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\windows\system32\DRIVERS\HpSAMD.sys -- (HpSAMD)
DRV - [2009/07/14 11:20:28 | 000,046,160 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\fsdepends.sys -- (FsDepends)
DRV - [2009/07/14 11:19:11 | 000,141,904 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | On_Demand | Stopped] -- C:\windows\system32\DRIVERS\vsmraid.sys -- (vsmraid)
DRV - [2009/07/14 11:19:10 | 000,159,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\windows\system32\DRIVERS\vhdmp.sys -- (vhdmp)
DRV - [2009/07/14 11:19:10 | 000,032,832 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\windows\system32\DRIVERS\vdrvroot.sys -- (vdrvroot)
DRV - [2009/07/14 11:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\wimmount.sys -- (WIMMount)
DRV - [2009/07/14 11:19:10 | 000,016,976 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\windows\system32\DRIVERS\viaide.sys -- (viaide)
DRV - [2009/07/14 11:19:04 | 001,383,488 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\windows\system32\DRIVERS\ql2300.sys -- (ql2300)
DRV - [2009/07/14 11:19:04 | 000,173,648 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\windows\System32\drivers\rdyboost.sys -- (rdyboost)
DRV - [2009/07/14 11:19:04 | 000,106,064 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\windows\system32\DRIVERS\ql40xx.sys -- (ql40xx)
DRV - [2009/07/14 11:19:04 | 000,077,888 | ---- | M] (Silicon Integrated Systems) [Kernel | On_Demand | Stopped] -- C:\windows\system32\DRIVERS\sisraid4.sys -- (SiSRaid4)
DRV - [2009/07/14 11:19:04 | 000,043,088 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\windows\System32\drivers\pcw.sys -- (pcw)
DRV - [2009/07/14 11:19:04 | 000,040,016 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\windows\system32\DRIVERS\SiSRaid2.sys -- (SiSRaid2)
DRV - [2009/07/14 11:19:04 | 000,021,072 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\windows\system32\DRIVERS\stexstor.sys -- (stexstor)
DRV - [2009/07/14 11:17:54 | 000,369,568 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\windows\System32\Drivers\cng.sys -- (CNG)
DRV - [2009/07/14 10:57:25 | 000,272,128 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\windows\System32\Drivers\Brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2009/07/14 10:02:41 | 000,018,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\windows\system32\DRIVERS\rdpbus.sys -- (rdpbus)
DRV - [2009/07/14 10:01:41 | 000,007,168 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\RDPREFMP.sys -- (RDPREFMP)
DRV - [2009/07/14 09:55:00 | 000,049,152 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\agilevpn.sys -- (RasAgileVpn) WAN Miniport (IKEv2)
DRV - [2009/07/14 09:53:51 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\wfplwf.sys -- (WfpLwf)
DRV - [2009/07/14 09:52:44 | 000,027,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ndiscap.sys -- (NdisCap)
DRV - [2009/07/14 09:52:04 | 000,048,128 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\vwififlt.sys -- (vwififlt)
DRV - [2009/07/14 09:52:02 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vwifibus.sys -- (vwifibus)
DRV - [2009/07/14 09:52:00 | 000,163,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\windows\system32\DRIVERS\1394ohci.sys -- (1394ohci)
DRV - [2009/07/14 09:51:35 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\windows\system32\DRIVERS\umpass.sys -- (UmPass)
DRV - [2009/07/14 09:51:23 | 000,080,640 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\USBAUDIO.sys -- (usbaudio) USB-Audiotreiber (WDM)
DRV - [2009/07/14 09:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2009/07/14 09:51:08 | 000,004,096 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\windows\System32\drivers\mshidkmdf.sys -- (mshidkmdf)
DRV - [2009/07/14 09:46:55 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\windows\system32\DRIVERS\MTConfig.sys -- (MTConfig)
DRV - [2009/07/14 09:45:26 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CompositeBus.sys -- (CompositeBus)
DRV - [2009/07/14 09:36:52 | 000,050,176 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\windows\system32\drivers\appid.sys -- (AppID)
DRV - [2009/07/14 09:33:50 | 000,026,624 | ---- | M] (Microsoft Corporation) [Kernel | Unknown | Stopped] -- C:\Windows\System32\drivers\scfilter.sys -- (scfilter)
DRV - [2009/07/14 09:24:05 | 000,032,256 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\discache.sys -- (discache)
DRV - [2009/07/14 09:19:21 | 000,021,504 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\windows\system32\DRIVERS\HidBatt.sys -- (HidBatt)
DRV - [2009/07/14 09:16:36 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\windows\system32\DRIVERS\acpipmi.sys -- (AcpiPmi)
DRV - [2009/07/14 09:11:04 | 000,052,736 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\windows\system32\DRIVERS\amdppm.sys -- (AmdPPM)
DRV - [2009/07/14 08:54:14 | 000,026,624 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\windows\system32\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009/07/14 08:53:33 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\windows\System32\Drivers\BrUsbMdm.sys -- (BrUsbMdm)
DRV - [2009/07/14 08:53:33 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\windows\System32\Drivers\BrUsbSer.sys -- (BrUsbSer)
DRV - [2009/07/14 08:53:32 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\windows\System32\Drivers\BrSerWdm.sys -- (BrSerWdm)
DRV - [2009/07/14 08:53:28 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\windows\system32\DRIVERS\BrFiltLo.sys -- (BrFiltLo)
DRV - [2009/07/14 08:53:28 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\windows\system32\DRIVERS\BrFiltUp.sys -- (BrFiltUp)
DRV - [2009/07/14 08:02:49 | 000,229,888 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\b57nd60x.sys -- (b57nd60x)
DRV - [2009/07/14 08:02:48 | 003,100,160 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\windows\system32\DRIVERS\evbdx.sys -- (ebdrv)
DRV - [2009/07/14 08:02:48 | 000,430,080 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\windows\system32\DRIVERS\bxvbdx.sys -- (b06bdrv)
DRV - [2009/07/06 12:48:02 | 000,011,448 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\AsUpIO.sys -- (AsUpIO)
DRV - [2009/07/01 14:46:20 | 000,043,944 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btusbflt.sys -- (btusbflt)
DRV - [2009/06/05 12:43:16 | 000,330,264 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\windows\system32\DRIVERS\iaStor.sys -- (iaStor)
DRV - [2009/05/11 18:12:20 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009/03/30 18:33:03 | 000,096,104 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2009/02/13 20:35:01 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus.msn.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://eeepc.asus.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://eeepc.asus.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://asus.msn.com
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/04/02 21:10:39 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/04/02 21:10:39 | 000,000,000 | ---D | M]

[2010/02/23 03:24:08 | 000,000,000 | ---D | M] -- C:\Users\PT\AppData\Roaming\mozilla\Extensions
[2010/03/01 23:41:24 | 000,000,000 | ---D | M] -- C:\Users\PT\AppData\Roaming\mozilla\Firefox\Profiles\t3c3yhja.default\extensions
[2010/02/23 03:23:50 | 000,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2010/01/16 11:15:29 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2010/01/16 11:15:29 | 000,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2010/01/16 11:15:29 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2010/01/16 11:15:29 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2010/01/16 11:15:29 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml

O1 HOSTS File: ([2009/06/11 07:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (ASUS Windows 7 Starter Helper) - {D381FF29-7CFB-4D4E-B92A-C4EDDC696614} - C:\Program Files\asus\SystemSetting\StarterHelper.dll (ASUSTeK Computer Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [HotkeyMon] C:\windows\System32\AsusSender.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [HotkeyService] C:\windows\System32\AsusSender.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SuperHybridEngine] C:\windows\System32\AsusSender.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [SynAsusAcpi] C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe (Synaptics Incorporated)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutorun = 0
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe (ICQ, LLC.)
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKCU Winlogon: Shell - (C:\Program Files\asus\SystemSetting\WallPaperAgent.exe) - C:\Program Files\asus\SystemSetting\WallPaperAgent.exe (ASUSTeK Computer Inc.)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\windows\System32\igfxdev.dll (Intel Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (pku2u) - C:\windows\System32\pku2u.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/11 07:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{ec67bbbe-1ff2-11df-9783-e0cb4e465a36}\Shell - "" = AutoRun
O33 - MountPoints2\{ec67bbbe-1ff2-11df-9783-e0cb4e465a36}\Shell\AutoRun\command - "" = F:\start.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/04/12 19:26:33 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro
[2010/04/12 19:26:32 | 000,000,000 | ---D | C] -- C:\rsit
[2010/04/12 19:05:13 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2010/04/12 19:03:18 | 001,134,624 | ---- | C] (Piriform Ltd) -- C:\Users\PT\Desktop\ccsetup230_slim.exe
[2010/04/12 19:00:39 | 000,000,000 | ---D | C] -- C:\Users\PT\AppData\Local\Diagnostics
[2010/04/12 00:07:05 | 000,000,000 | ---D | C] -- C:\Users\PT\Desktop\avz4
[2010/04/11 20:58:24 | 000,000,000 | ---D | C] -- C:\Users\PT\AppData\Roaming\Malwarebytes
[2010/04/11 20:58:04 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbamswissarmy.sys
[2010/04/11 20:57:53 | 000,020,824 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbam.sys
[2010/04/11 20:57:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/04/11 20:57:52 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/04/11 20:55:56 | 005,918,776 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\PT\Desktop\mbam-setup-1.45.exe
[2010/04/11 20:48:08 | 000,561,664 | ---- | C] (OldTimer Tools) -- C:\Users\PT\Desktop\OTL.exe
[2010/04/10 11:04:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2010/04/10 11:04:06 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2010/04/10 10:56:05 | 016,409,960 | ---- | C] (Safer Networking Limited ) -- C:\Users\PT\Desktop\spybotsd162.exe
[2010/04/10 10:11:31 | 000,000,000 | -HSD | C] -- C:\Neuer Ordner
[2010/04/10 09:47:12 | 000,000,000 | -HSD | C] -- C:\windows\System32\SYSTIM32
[2010/04/07 09:10:25 | 000,000,000 | ---D | C] -- C:\Program Files\Truecrypt
[2010/03/31 10:51:27 | 000,606,208 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mstime.dll
[2010/03/31 10:51:26 | 000,381,440 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\iedkcs32.dll
[2010/03/31 10:51:26 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msfeedsbs.dll
[2010/03/20 03:56:57 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2010/03/19 13:24:10 | 000,000,000 | ---D | C] -- C:\Users\PT\AppData\Roaming\VSO
[2010/03/19 13:24:08 | 000,000,000 | ---D | C] -- C:\Users\PT\AppData\Local\VSO
[2010/03/19 13:22:11 | 000,000,000 | ---D | C] -- C:\Program Files\VSO
[2010/03/15 06:05:32 | 000,000,000 | ---D | C] -- C:\Users\PT\AppData\Roaming\ooVoo Details
[2010/03/15 06:05:10 | 000,000,000 | ---D | C] -- C:\Program Files\ooVoo
[2009/10/06 23:08:27 | 000,013,880 | ---- | C] ( ) -- C:\windows\System32\drivers\kbfiltr.sys

========== Files - Modified Within 30 Days ==========

[2010/04/12 22:42:29 | 001,572,864 | -HS- | M] () -- C:\Users\PT\NTUSER.DAT
[2010/04/12 22:31:59 | 000,000,494 | ---- | M] () -- C:\windows\tasks\1-Klick-Wartung.job
[2010/04/12 22:31:53 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2010/04/12 19:33:42 | 000,781,909 | ---- | M] () -- C:\Users\PT\Desktop\RSIT.exe
[2010/04/12 19:16:05 | 000,000,950 | ---- | M] () -- C:\Users\PT\Desktop\cc_20100412_191551.reg
[2010/04/12 19:05:15 | 000,001,827 | ---- | M] () -- C:\Users\PT\Desktop\CCleaner.lnk
[2010/04/12 19:04:23 | 000,009,696 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010/04/12 19:04:23 | 000,009,696 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010/04/12 19:03:45 | 001,134,624 | ---- | M] (Piriform Ltd) -- C:\Users\PT\Desktop\ccsetup230_slim.exe
[2010/04/12 19:02:03 | 001,472,002 | ---- | M] () -- C:\windows\System32\PerfStringBackup.INI
[2010/04/12 19:02:03 | 000,643,866 | ---- | M] () -- C:\windows\System32\perfh007.dat
[2010/04/12 19:02:03 | 000,607,190 | ---- | M] () -- C:\windows\System32\perfh009.dat
[2010/04/12 19:02:03 | 000,126,394 | ---- | M] () -- C:\windows\System32\perfc007.dat
[2010/04/12 19:02:03 | 000,103,568 | ---- | M] () -- C:\windows\System32\perfc009.dat
[2010/04/12 18:56:55 | 000,000,006 | -H-- | M] () -- C:\windows\tasks\SA.DAT
[2010/04/12 18:56:39 | 797,581,312 | -HS- | M] () -- C:\hiberfil.sys
[2010/04/12 09:59:53 | 000,943,767 | -H-- | M] () -- C:\Users\PT\AppData\Local\IconCache.db
[2010/04/12 00:01:51 | 005,125,238 | ---- | M] () -- C:\Users\PT\Desktop\avz4.zip
[2010/04/11 23:55:50 | 001,694,260 | ---- | M] () -- C:\Users\PT\Desktop\avz4.zip.part
[2010/04/11 20:58:08 | 000,000,975 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/04/11 20:56:42 | 005,918,776 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\PT\Desktop\mbam-setup-1.45.exe
[2010/04/11 20:48:19 | 000,561,664 | ---- | M] (OldTimer Tools) -- C:\Users\PT\Desktop\OTL.exe
[2010/04/11 19:06:15 | 000,107,666 | ---- | M] () -- C:\Users\PT\Desktop\Video call snapshot 1.png
[2010/04/10 13:43:50 | 152,530,528 | ---- | M] () -- C:\Users\PT\Desktop\AV2010GER_ESD.exe
[2010/04/10 11:04:24 | 000,001,212 | ---- | M] () -- C:\Users\PT\Desktop\Spybot - Search & Destroy.lnk
[2010/04/10 11:00:48 | 016,409,960 | ---- | M] (Safer Networking Limited ) -- C:\Users\PT\Desktop\spybotsd162.exe
[2010/04/10 10:19:29 | 000,000,331 | -HS- | M] () -- C:\regs.sys
[2010/04/10 09:40:55 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2010/04/10 09:40:55 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2010/04/10 09:15:47 | 000,039,076 | ---- | M] () -- C:\Users\PT\Desktop\Die Reise um die Welt.xlsx
[2010/03/30 00:46:30 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbamswissarmy.sys
[2010/03/30 00:45:52 | 000,020,824 | ---- | M] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbam.sys
[2010/03/28 11:34:12 | 004,975,104 | ---- | M] () -- C:\Users\PT\Desktop\Aussergewöhnliches.pps
[2010/03/22 13:52:26 | 000,000,000 | -H-- | M] () -- C:\windows\System32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2010/03/19 13:22:24 | 000,001,074 | ---- | M] () -- C:\Users\PT\Desktop\VSO Image Resizer.lnk
[2010/03/15 07:48:10 | 000,001,167 | ---- | M] () -- C:\Users\PT\Desktop\MSD.lnk
[2010/03/15 06:05:10 | 000,000,706 | ---- | M] () -- C:\Users\Public\Desktop\ooVoo.lnk

========== Files Created - No Company Name ==========

[2010/04/12 19:33:27 | 000,781,909 | ---- | C] () -- C:\Users\PT\Desktop\RSIT.exe
[2010/04/12 19:16:02 | 000,000,950 | ---- | C] () -- C:\Users\PT\Desktop\cc_20100412_191551.reg
[2010/04/12 19:05:15 | 000,001,827 | ---- | C] () -- C:\Users\PT\Desktop\CCleaner.lnk
[2010/04/11 23:41:53 | 005,125,238 | ---- | C] () -- C:\Users\PT\Desktop\avz4.zip
[2010/04/11 23:41:51 | 001,694,260 | ---- | C] () -- C:\Users\PT\Desktop\avz4.zip.part
[2010/04/11 20:58:08 | 000,000,975 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/04/11 19:06:15 | 000,107,666 | ---- | C] () -- C:\Users\PT\Desktop\Video call snapshot 1.png
[2010/04/10 13:25:01 | 152,530,528 | ---- | C] () -- C:\Users\PT\Desktop\AV2010GER_ESD.exe
[2010/04/10 11:04:24 | 000,001,212 | ---- | C] () -- C:\Users\PT\Desktop\Spybot - Search & Destroy.lnk
[2010/04/10 09:46:47 | 006,883,584 | ---- | C] () -- C:\windows\System32\SYSTIM32.EX_
[2010/04/10 09:43:16 | 006,883,584 | ---- | C] () -- C:\PERFLOGS.EXE
[2010/04/10 09:43:16 | 006,883,584 | ---- | C] () -- C:\INTEL.EXE
[2010/04/10 09:43:16 | 006,883,584 | ---- | C] () -- C:\DOWNLO~1.EXE
[2010/04/10 09:43:16 | 006,883,584 | ---- | C] () -- C:\BILDER.EXE
[2010/04/10 09:40:57 | 000,000,331 | -HS- | C] () -- C:\regs.sys
[2010/04/10 09:40:55 | 000,000,000 | RHS- | C] () -- C:\MSDOS.SYS
[2010/04/10 09:40:55 | 000,000,000 | RHS- | C] () -- C:\IO.SYS
[2010/03/28 11:33:54 | 004,975,104 | ---- | C] () -- C:\Users\PT\Desktop\Aussergewöhnliches.pps
[2010/03/22 13:52:26 | 000,000,000 | -H-- | C] () -- C:\windows\System32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2010/03/19 13:22:24 | 000,001,074 | ---- | C] () -- C:\Users\PT\Desktop\VSO Image Resizer.lnk
[2010/03/15 07:48:10 | 000,001,167 | ---- | C] () -- C:\Users\PT\Desktop\MSD.lnk
[2010/03/15 06:05:10 | 000,000,706 | ---- | C] () -- C:\Users\Public\Desktop\ooVoo.lnk
[2010/03/10 02:14:46 | 000,120,200 | ---- | C] () -- C:\windows\System32\DLLDEV32i.dll
[2010/03/06 10:23:23 | 000,017,408 | ---- | C] () -- C:\Users\PT\AppData\Local\WebpageIcons.db
[2010/02/23 06:55:50 | 000,006,144 | ---- | C] () -- C:\windows\System32\drivers\ASUSHWIO.SYS
[2010/02/23 06:41:37 | 000,524,288 | -HS- | C] () -- C:\Users\PT\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000002.regtrans-ms
[2010/02/23 06:41:37 | 000,524,288 | -HS- | C] () -- C:\Users\PT\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000001.regtrans-ms
[2010/02/23 06:41:37 | 000,262,144 | -HS- | C] () -- C:\Users\PT\ntuser.dat.LOG1
[2010/02/23 06:41:37 | 000,065,536 | -HS- | C] () -- C:\Users\PT\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TM.blf
[2010/02/23 06:41:37 | 000,000,000 | -HS- | C] () -- C:\Users\PT\ntuser.dat.LOG2
[2010/02/23 06:41:34 | 001,572,864 | -HS- | C] () -- C:\Users\PT\NTUSER.DAT
[2010/02/23 06:41:34 | 000,000,020 | -HS- | C] () -- C:\Users\PT\ntuser.ini
[2010/02/23 06:37:28 | 000,691,696 | ---- | C] () -- C:\windows\System32\drivers\sptd.sys
[2009/11/11 10:02:27 | 000,021,864 | ---- | C] () -- C:\windows\AsAcpiSvrLang.ini
[2009/11/11 09:49:39 | 000,131,368 | ---- | C] () -- C:\ProgramData\FullRemove.exe
[2009/11/11 09:42:59 | 000,011,448 | ---- | C] () -- C:\windows\System32\drivers\AsUpIO.sys
[2009/11/11 09:42:49 | 000,001,769 | ---- | C] () -- C:\windows\Language_trs.ini
[2009/07/14 09:51:43 | 000,073,728 | ---- | C] () -- C:\windows\System32\BthpanContextHandler.dll
[2009/07/14 09:42:10 | 000,064,000 | ---- | C] () -- C:\windows\System32\BWContextHandler.dll
< End of report >

ich hoffe das hilft irgendwie

außerdem nochmal zur meiner situation. ich bin gerade in australien und habe nicht überall internet, darum bitte ich um verständniss das ich nciht immer gleich die fragen beantworten kann.

vielen dank schon mal im voraus für eure hilfe. hoffe ihr könnt mein problem beheben.

Starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)
Klick dann auf den Button Run Fixes!
Das Logfile nach dem Fixen müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte.

hallo cosinus

also ich habe den text eingefügt und folgenden log bekommen

Error: Unable to interpret <:OTL:> in the current context!
Error: Unable to interpret <[2010/04/10 10:11:31 | 000,000,000 | -HSD | C] -- C:\Neuer Ordner> in the current context!
Error: Unable to interpret <[2010/04/10 09:47:12 | 000,000,000 | -HSD | C] -- C:\windows\System32\SYSTIM32> in the current context!
Error: Unable to interpret <[2010/04/10 09:46:47 | 006,883,584 | ---- | C] () -- C:\windows\System32\SYSTIM32.EX_> in the current context!
Error: Unable to interpret <[2010/04/10 09:43:16 | 006,883,584 | ---- | C] () -- C:\PERFLOGS.EXE> in the current context!
Error: Unable to interpret <[2010/04/10 09:43:16 | 006,883,584 | ---- | C] () -- C:\INTEL.EXE> in the current context!
Error: Unable to interpret <[2010/04/10 09:43:16 | 006,883,584 | ---- | C] () -- C:\DOWNLO~1.EXE> in the current context!
Error: Unable to interpret <[2010/04/10 09:43:16 | 006,883,584 | ---- | C] () -- C:\BILDER.EXE> in the current context!

OTL by OldTimer - Version 3.2.1.1 log created on 04132010_063626

hoffe das hilft weiter

hallo,

ich habe es dochhin bekommen. musste den einen : weg lassen. :D

dabei kam das raus
========== OTL ==========
C:\Neuer Ordner folder moved successfully.
C:\windows\System32\SYSTIM32 folder moved successfully.
C:\Windows\System32\SYSTIM32.EX_ moved successfully.
C:\PERFLOGS.EXE moved successfully.
C:\INTEL.EXE moved successfully.
C:\DOWNLO~1.EXE moved successfully.
C:\BILDER.EXE moved successfully.

OTL by OldTimer - Version 3.2.1.1 log created on 04132010_082905

also die anwendungen sind jetzt weg. die ordner sind leider nocht aufgetaucht, wie bekommen wir die wieder. des weiteren habe ich noch eine partition D und dort sind alle ordner auch anwendungen. kannst du mir da sagen was ich da machen soll.

vielen dank auf jedenfall für die hilfe

hallo,

ich weiß nun nicht was ich machen kann. ich habe die anwendungen zwar von meinem laufwerk c weg, aber die ordner sind leider auch ncihtmehr da. Die müssen doch noch irgendwo sein, da der windows ordner auch weg ist.

bei mienem lauferk d sind alle ordener immer noch anwendungen.

bitte hilft mir

Ok. Mach bitte nen Durchgangmit CF:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix

• Lade dir ComboFix hier herunter auf deinen Desktop. Benenne es beim Runterladen um in cofi.exe.

http://saved.im/mtm0nzyzmzd5/cofi.jpg

• Dann folgende Anleitung durchlesen und abarbeiten -> CCleaner Systembereinigung

• Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.

• Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
  Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.

• Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.

Wichtiger Hinweis:

Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

so ich habe es wie beschrieben durchgeführt und hier der log

ComboFix 10-04-15.05 - PT 17.04.2010 9:43.1.2 - x86
Microsoft Windows 7 Starter 6.1.7600.0.1252.49.1031.18.1014.257 [GMT 10:00]
ausgeführt von:: c:\users\PT\Desktop\cofi.exe
.

(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\Thumbs.db

.
((((((((((((((((((((((( Dateien erstellt von 2010-03-16 bis 2010-04-16 ))))))))))))))))))))))))))))))
.

2010-04-16 23:57 . 2010-04-16 23:58 -------- d-----w- c:\users\PT\AppData\Local\temp
2010-04-16 23:57 . 2010-04-16 23:57 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-04-12 20:28 . 2010-04-12 20:28 -------- d-----w- C:\_OTL
2010-04-12 09:26 . 2010-04-12 09:47 -------- d-----w- c:\program files\trend micro
2010-04-12 09:05 . 2010-04-12 09:05 -------- d-----w- c:\program files\CCleaner
2010-04-12 09:00 . 2010-04-12 09:00 -------- d-----w- c:\users\PT\AppData\Local\Diagnostics
2010-04-11 10:58 . 2010-04-11 10:58 -------- d-----w- c:\users\PT\AppData\Roaming\Malwarebytes
2010-04-11 10:58 . 2010-03-29 14:46 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-11 10:57 . 2010-04-11 10:57 -------- d-----w- c:\programdata\Malwarebytes
2010-04-11 10:57 . 2010-03-29 14:45 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-11 10:57 . 2010-04-11 10:58 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-04-10 01:04 . 2010-04-12 09:08 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2010-04-10 01:04 . 2010-04-10 01:04 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-04-09 23:40 . 2010-04-10 00:19 331 --sh--w- C:\regs.sys
2010-04-06 23:10 . 2010-04-06 23:13 -------- d-----w- c:\program files\Truecrypt
2010-03-31 00:51 . 2010-02-23 07:56 977920 ----a-w- c:\windows\system32\wininet.dll
2010-03-20 17:57 . 2010-03-20 17:57 26100520 ----a-w- c:\programdata\Microsoft\Windows Defender\LocalCopy\{FBDB564A-DBF6-1058-6356-624762428B23}-Skype.exe
2010-03-19 17:56 . 2010-03-19 17:56 -------- d-----w- c:\program files\Common Files\Skype
2010-03-19 03:24 . 2010-04-05 09:53 -------- d-----w- c:\users\PT\AppData\Roaming\VSO
2010-03-19 03:24 . 2010-03-19 03:24 -------- d-----w- c:\users\PT\AppData\Local\VSO
2010-03-19 03:22 . 2010-03-19 03:22 -------- d-----w- c:\program files\VSO

.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-16 23:50 . 2009-07-26 01:28 643866 ----a-w- c:\windows\system32\perfh007.dat
2010-04-16 23:50 . 2009-07-26 01:28 126394 ----a-w- c:\windows\system32\perfc007.dat
2010-04-11 10:45 . 2010-02-22 18:31 -------- d-----w- c:\users\PT\AppData\Roaming\Skype
2010-04-11 08:36 . 2010-02-22 18:33 -------- d-----w- c:\users\PT\AppData\Roaming\skypePM
2010-04-09 23:45 . 2010-02-22 20:26 -------- d-----w- c:\users\PT\AppData\Roaming\ICQ
2010-03-22 03:52 . 2010-03-22 03:52 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2010-03-16 00:00 . 2010-03-09 16:16 -------- d-----w- c:\programdata\MAGIX
2010-03-14 20:07 . 2010-03-14 20:05 -------- d-----w- c:\users\PT\AppData\Roaming\ooVoo Details
2010-03-14 20:05 . 2010-03-14 20:05 -------- d-----w- c:\program files\ooVoo
2010-03-14 20:05 . 2009-11-10 23:42 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-03-13 00:00 . 2010-02-22 20:41 150064 ----a-w- c:\users\PT\AppData\Local\GDIPFONTCACHEV1.DAT
2010-03-12 02:51 . 2009-11-10 23:25 -------- d-----w- c:\programdata\Microsoft Help
2010-03-09 16:53 . 2010-03-09 16:53 -------- d-----w- c:\users\PT\AppData\Roaming\MAGIX
2010-03-09 16:49 . 2010-03-09 16:13 -------- d-----w- c:\program files\Common Files\MAGIX Services
2010-03-09 16:45 . 2010-03-09 16:14 -------- d-----w- c:\program files\MAGIX
2010-03-09 16:45 . 2010-03-09 16:42 -------- d-----w- c:\program files\Common Files\MAGIX Shared
2010-03-09 16:42 . 2010-03-09 16:42 -------- d-----w- c:\program files\Common Files\xara
2010-02-28 11:37 . 2009-11-10 23:28 -------- d-----w- c:\program files\Microsoft Works
2010-02-27 09:51 . 2010-02-27 09:51 -------- d-----w- c:\program files\MSXML 4.0
2010-02-26 16:04 . 2009-07-14 04:52 -------- d-----w- c:\program files\Windows Sidebar
2010-02-26 16:04 . 2009-07-14 04:52 -------- d-----w- c:\program files\DVD Maker
2010-02-26 16:04 . 2009-07-14 02:37 -------- d-----w- c:\program files\Windows Mail
2010-02-26 16:04 . 2009-07-14 04:52 -------- d-----w- c:\program files\Windows Photo Viewer
2010-02-26 16:04 . 2009-07-14 04:52 -------- d-----w- c:\program files\Windows Defender
2010-02-25 16:40 . 2009-11-10 23:42 -------- d-----w- c:\program files\Common Files\InstallShield
2010-02-25 12:06 . 2010-02-25 12:06 -------- d-----w- c:\program files\Microsoft.NET
2010-02-24 21:33 . 2010-02-24 21:32 -------- d-----w- c:\users\PT\AppData\Roaming\vlc
2010-02-24 16:16 . 2010-02-22 18:54 181632 ------w- c:\windows\system32\MpSigStub.exe
2010-02-24 12:01 . 2010-02-24 12:01 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2010-02-22 21:03 . 2010-02-22 20:28 -------- d-----w- c:\users\PT\AppData\Roaming\Winamp
2010-02-22 20:59 . 2010-02-22 20:59 603904 ----a-w- c:\windows\system32\TUProgSt.exe
2010-02-22 20:59 . 2010-02-22 20:59 362752 ----a-w- c:\windows\system32\TuneUpDefragService.exe
2010-02-22 20:59 . 2010-02-22 20:59 -------- d-----w- c:\users\PT\AppData\Roaming\TuneUp Software
2010-02-22 20:58 . 2010-02-22 20:58 -------- d-----w- c:\program files\TuneUp Utilities 2009
2010-02-22 20:58 . 2010-02-22 20:58 -------- d-----w- c:\programdata\TuneUp Software
2010-02-22 20:54 . 2010-02-22 20:54 -------- d-----w- c:\program files\Boingo
2010-02-22 20:54 . 2010-02-22 20:54 -------- d-----w- c:\programdata\GoBoingo
2010-02-22 20:54 . 2009-11-10 23:24 -------- d-----w- c:\program files\ASUS
2010-02-22 20:53 . 2010-02-22 20:53 520192 ----a-w- c:\windows\system32\Eee PC 1005P Series.scr
2010-02-22 20:52 . 2010-02-22 20:35 -------- d-----w- c:\users\PT\AppData\Roaming\DAEMON Tools Lite
2010-02-22 20:49 . 2010-02-22 20:24 -------- d-----w- c:\program files\ICQ6.5
2010-02-22 20:47 . 2010-02-22 20:47 -------- d-----w- c:\program files\Windows Live SkyDrive
2010-02-22 20:44 . 2010-02-22 20:44 -------- d-----w- c:\program files\Common Files\Windows Live
2010-02-22 20:37 . 2010-02-22 20:36 -------- d-----w- c:\program files\DAEMON Tools Lite
2010-02-22 20:37 . 2010-02-22 20:37 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-02-22 20:35 . 2010-02-22 20:35 -------- d-----w- c:\programdata\DAEMON Tools Lite
2010-02-22 20:32 . 2010-02-22 20:32 -------- d-----w- c:\users\PT\AppData\Roaming\DAEMON Tools Pro
2010-02-22 20:32 . 2010-02-22 20:32 -------- d-----w- c:\programdata\DAEMON Tools Pro
2010-02-22 20:29 . 2010-02-22 20:29 -------- d-----w- c:\program files\VideoLAN
2010-02-22 20:29 . 2010-02-22 20:28 -------- d-----w- c:\program files\Winamp
2010-02-22 20:28 . 2010-02-22 20:28 -------- d-----w- c:\program files\Common Files\PX Storage Engine
2010-02-22 18:08 . 2010-02-22 18:08 -------- d-----w- c:\programdata\Avira
2010-02-22 18:08 . 2010-02-22 18:08 -------- d-----w- c:\program files\Avira
2010-02-22 18:03 . 2010-02-22 18:03 -------- d-----w- c:\programdata\CyberLink
2010-02-22 18:01 . 2010-02-22 20:47 -------- d-----w- c:\program files\Microsoft
2010-02-22 17:55 . 2009-11-10 23:45 -------- d-----w- c:\programdata\Trend Micro
2010-02-22 17:46 . 2009-11-10 23:42 -------- d-----r- c:\program files\Skype
2010-02-02 07:45 . 2010-02-24 11:03 2048 ----a-w- c:\windows\system32\tzres.dll
2010-01-18 23:29 . 2010-02-23 09:52 365568 ----a-w- c:\windows\system32\secproc_isv.dll
2010-01-18 23:29 . 2010-02-23 09:52 85504 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
2010-01-18 23:29 . 2010-02-23 09:52 85504 ----a-w- c:\windows\system32\secproc_ssp.dll
2010-01-18 23:29 . 2010-02-23 09:52 369152 ----a-w- c:\windows\system32\secproc.dll
2010-01-18 23:28 . 2010-02-23 09:52 324608 ----a-w- c:\windows\system32\RMActivate_isv.exe
2010-01-18 23:28 . 2010-02-23 09:52 277504 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
2010-01-18 23:28 . 2010-02-23 09:52 320512 ----a-w- c:\windows\system32\RMActivate.exe
2010-01-18 23:28 . 2010-02-23 09:52 280064 ----a-w- c:\windows\system32\RMActivate_ssp.exe
2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sha-r- c:\windows\Fonts\StaticCache.dat
2009-07-14 01:14 . 2009-07-13 23:42 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe
.

(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\OverlayIconExtension1]
@="{fe25455d-b4c2-4e32-97d2-92632ec1c224}"
[HKEY_CLASSES_ROOT\CLSID\{fe25455d-b4c2-4e32-97d2-92632ec1c224}]
2009-06-10 21:23 278864 ----a-w- c:\windows\System32\mscoree.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\OverlayIconExtension2]
@="{1fae2d88-a78e-4f03-909f-be818a3c1ce6}"
[HKEY_CLASSES_ROOT\CLSID\{1fae2d88-a78e-4f03-909f-be818a3c1ce6}]
2009-06-10 21:23 278864 ----a-w- c:\windows\System32\mscoree.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-05 186904]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-07-20 1545512]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-09-29 7744032]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"HotkeyService"="AsusSender.exe" [2009-09-11 33768]
"SuperHybridEngine"="AsusSender.exe" [2009-09-11 33768]
"HotkeyMon"="AsusSender.exe" [2009-09-11 33768]
"SynAsusAcpi"="c:\program files\Synaptics\SynTP\SynAsusAcpi.exe" [2009-07-20 83240]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-10-05 173592]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-10-05 141848]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-10-05 150552]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-03-29 1086856]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-02-28 01:10 35696 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2009-10-30 11:57 369200 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Eee Docking]
2009-09-25 22:02 402608 ----a-w- c:\program files\ASUS\Eee Docking\Eee Docking.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EeeStorageBackup]
2009-08-25 07:47 947472 ----a-w- c:\program files\ASUS\Asus WebStorage\BackupService.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2008-10-25 10:44 31072 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LivCam]
2009-10-17 01:31 284160 ----a-w- c:\program files\ASUS\LivCam\LivCam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LiveUpdate]
2009-09-11 21:25 33768 ----a-w- c:\windows\System32\AsusSender.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OOBESetup]
2009-09-30 11:58 338096 ----a-w- c:\program files\ASUS\OOBERegBackup\OOBERegBackup.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ooVoo.exe]
2010-02-10 18:27 18784440 ----a-w- c:\program files\ooVoo\ooVoo.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
2009-07-14 01:14 1173504 ----a-w- c:\program files\Windows Sidebar\sidebar.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrayServer]
2008-08-07 22:18 90112 ----a-w- c:\program files\MAGIX\Video_deluxe_16_Premium\Trayserver.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UCam_Menu]
2009-05-20 06:16 222504 ----a-w- c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"WinampAgent"="c:\program files\Winamp\winampa.exe"
"Boingo Wi-Fi"="c:\program files\Boingo\Boingo Wi-Fi\Boingo.lnk"
"ASUS Screen Saver Protector"=c:\windows\AsScrPro.exe

R0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-02-22 691696]
R2 AsusService;Asus Launcher Service;c:\windows\System32\AsusService.exe [2009-08-19 219136]
R3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2009-07-01 43944]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\Common Files\MAGIX Services\Database\bin\fbserver.exe [2008-08-07 3276800]
S1 AsUpIO;AsUpIO;c:\windows\system32\drivers\AsUpIO.sys [2009-07-06 11448]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2009-05-13 108289]
S2 Fabs;FABS - Helping agent for MAGIX media database;c:\program files\Common Files\MAGIX Services\Database\bin\FABS.exe [2009-05-06 1220608]
S2 OberonGameConsoleService;Oberon Media Game Console service;c:\program files\Asus\Game Park\GameConsole\OberonGameConsoleService.exe [2009-09-15 44312]
S3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\DRIVERS\L1C62x86.sys [2009-07-27 51712]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS FontCache fdrespub AppIDSvc QWAVE wcncsvc

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Inhalt des "geplante Tasks" Ordners

2010-04-17 c:\windows\Tasks\1-Klick-Wartung.job
- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2008-11-07 10:49]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://asus.msn.com
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\PT\AppData\Roaming\Mozilla\Firefox\Profiles\t3c3yhja.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/

---- FIREFOX Richtlinien ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "hxxp://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -

Toolbar-Locked - (no file)
MSConfigStartUp-Expl0rer - Systim32.exe
MSConfigStartUp-ICQUpdater - c:\users\PT\AppData\Local\Temp\IcqUpdater.exe


.
--------------------- Gesperrte Registrierungsschluessel ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2010-04-17 10:02:31
ComboFix-quarantined-files.txt 2010-04-17 00:02

Vor Suchlauf: 4 Verzeichnis(se), 69.153.734.656 Bytes frei
Nach Suchlauf: 14 Verzeichnis(se), 68.931.739.648 Bytes frei

- - End Of File - - 145BB211D9A9D9A7C3352A978C5153AE

hallo cosinus,

ich habe nun alle meine ordner wieder... ich weiß gar nicht wie ich dir danken soll. du hast alle mein bilder wieder beschafft. vielen vielen vielen dank.

kommt nun noch was auf mich zu, was ich machen soll?

ich bin so froh dass das geklappt hat:singsing::singsing::singsing::applaus:

Sieht auch ok aus. :)
Mach bitte Kontrollscans mit Malwarebytes und SASW und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!

hallo,

endschuldigung das ich mich jetzt erst melde, aber ich war auf einem trip und hatte kein internet.

ich wollte gerade die softwares runterladen, aber die verbingung ist so schlecht das ich nicht mal 4,5 mb runter laden kann.
ich werde es morgen oder übermorgen machen wenn ich wieder eine bessere verbindung habe.

ich habe noch ein kleines problem. also alle meine ordner sind wieder da und keine anwendungen mehr, außer der unterordner von meinen bilder. der pfad ist so:
C://Bilder/Weltreise.. und dieser ist immer noch eine anwendung. was kann ich da machen? weißt du was?

auf jedenfall vielen vielen dank und ich melde mich die tage

Versteh ich nicht was Du meinst. Musst Du genauer beschreiben. Wie soll ein Ordner eine Anwendung sein?

also das war ja mein hauptproblem.
alle meine ordner wurden aufeinmal anwendungen und wenn ich sie geöffnet habe dann hat sich ein neuer windows explorer geöffnet und immer wieder und immer wieder, so das mein laptop abgestürtzt ist. also wie anwendungen die immer wieder den windows explorer geöffneten haben.

nun sind die ordner alle wieder ordner, nur der unterordner von meinen bildern nicht. dieser ordner ist immer noch eine anwendung. ich habe ihn nicht geöffnet, da ich nicht wieder einen absturtzt riskieren wollte.

ich hoffe du verstehst mich.

ich kann leider immer noch nicht du sofares runterladen, weil ich immer nur bei maces internet habe und dort ist die verbindung so schlecht. werde morgen mal in ein internetcafe gehen.

danke für die hilfe

hallo,

habe es nun endlich hin bekommen

hier der bericht von malwarebytes

Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org

Datenbank Version: 4033

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

25.04.2010 18:29:19
mbam-log-2010-04-25 (18-29-19).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 223492
Laufzeit: 1 Stunde(n), 28 Minute(n), 39 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:

bei der anderen wird kein log erstellt oder???

hat auf jedenfall was gefunden... irgendwas mit cookies.

also danke nochmals und weißt du was ich machen kann zu dem beitrag darunter???