Ich bekomme einen Error beim Installieren von "HijackThis" , warscheinlich durch Trojaner

    Ich bekomme einen Error beim Installieren von "HijackThis" , warscheinlich durch Trojaner

    Hallo erstmal , ich habe ein Problem mit einem Trojaner , ich weiß auch schon welche Datei es ist , aber diese ist mit Windows Explorer "verbunden" sodass ich sie nicht löschen kann. Wenn ich andere Antivirus Dateien laden oder zB. HijackThis kriege ich bei der Installation eine Fahlermeldung " Diese Datei konnte nicht richtig installiert werden Fehlercode ist
    2203. Der Trojaner lädt mit zB. Pornos in meinen Windows Ordner oder lässt mein Icq durchdrehen.

    Das hier gibt mir Antivir aus :
    C:\Users\User\AppData\Local\Temp\sshnas21.dl


    Ich würde gerne "Die Anleitung zum Löschen von Maleware" befolgen , aber durch den Virus kann ich das leider nicht T_T

    RE: Ich bekomme einen Error beim Installieren von "HijackThis" , warscheinlich durch Trojaner

    Niklas schrieb:

    H
    Das hier gibt mir Antivir aus :
    C:\Users\User\AppData\Local\Temp\sshnas21.dl


    Ich würde gerne "Die Anleitung zum Löschen von Maleware" befolgen , aber durch den Virus kann ich das leider nicht T_T


    Installiere dir das Programm:malwarebytes.org/ Update es und scanne einen "Fast Scan". Das Log davon kopierst du hier rein.

    GAV.
    Norman Malware Cleaner
    Version 1.6.2
    Copyright © 1990 - 2009, Norman ASA. Built 2010/04/20 11:50:36

    Norman Scanner Engine Version: 6.04.08
    Nvcbin.def Version: 6.04.00, Date: 2010/04/20 11:50:36, Variants: 5466876

    Scan started: 20/04/2010 20:21:12

    Running pre-scan cleanup routine:
    Operating System: Microsoft Windows 7 6.1.7600
    Logged on user: User-PC\User


    Scanning bootsectors...

    Number of sectors found: 0
    Number of sectors scanned: 0
    Number of sectors not scanned: 0
    Number of infections found: 0
    Number of infections removed: 0
    Total scanning time: 0s


    Scanning running processes and process memory...

    Number of processes/threads found: 7287
    Number of processes/threads scanned: 7287
    Number of processes/threads not scanned: 0
    Number of infected processes/threads terminated: 0
    Total scanning time: 2m 6s


    Scanning file system...

    Scanning: prescan

    Scanning: C:\*.*

    C:\Blockland\patches\patch.exe/noname.nsis/file6 (Error whilst scanning file: I/O Error (0x00220005))

    C:\Blockland\patches\patch.exe/noname.nsis/file8 (Error whilst scanning file: I/O Error (0x00220005))

    C:\Blockland\patches\patch.exe/noname.nsis/file9 (Error whilst scanning file: I/O Error (0x00220005))

    C:\Blockland\patches\patch.exe/noname.nsis/file10/4_1.jpg (Error whilst scanning file: I/O Error (0x00220005))

    C:\Blockland\patches\patch.exe/noname.nsis/file11 (Error whilst scanning file: I/O Error (0x00220005))

    C:\Blockland\patches\patch.exe/noname.nsis/file12 (Error whilst scanning file: I/O Error (0x00220005))

    C:\Blockland\patches\patch.exe/noname.nsis/file13 (Error whilst scanning file: I/O Error (0x00220005))

    C:\Blockland\patches\patch.exe/noname.nsis/file23/shot.wav (Error whilst scanning file: I/O Error (0x00220005))

    C:\Program Files\Cheat Engine\Cheat Engine.exe (Infected with W32/Obfuscated.I)
    Removed link file: C:\Users\User\Desktop\Cheat Engine.lnk
    Deleted file

    C:\Program Files\Counter-Strike 1.6\cstrike.exe (Infected with W32/Infostealer.F)
    Deleted file

    C:\Program Files\Fox\Aliens vs. Predator 2 Multiplayer Demo\lithtech.exe (Infected with W32/Bactera.B)
    Deleted file

    C:\Program Files\League of Legends\Game\HeroPak_client.zip/DATA\Particles\leaf_test.troy (Error whilst scanning file: I/O Error (0x00220005))

    C:\Program Files\Midway Games\Rise and Fall\Default.dll (Infected with Vundo.gen214)
    Deleted file

    C:\Program Files\Midway Games\Rise and Fall\Exception.dll (Infected with Vundo.gen214)
    Deleted file

    C:\Program Files\Midway Games\Rise and Fall\GrannySS.dll (Infected with Vundo.gen214)
    Deleted file

    C:\Program Files\Nero\Nero 7\Nero BackItUp\BackItUp_ImageTool\root.img/root.img (Error whilst scanning file: I/O Error (0x0022000A))
    C:\Program Files\Nero\Nero 7\Nero BackItUp\BackItUp_ImageTool\root.img (Possible archive bomb)

    C:\System Volume Information\{3808876b-c176-4e48-b7ae-04046e6cc752} (Error opening file: Access denied)

    C:\System Volume Information\{862c85dc-4c77-11df-98ba-00184dd8d40e}{3808876b-c176-4e48-b7ae-04046e6cc752} (Error opening file: Access denied)

    C:\System Volume Information\{b5f082eb-4ca1-11df-953a-00184dd8d40e}{3808876b-c176-4e48-b7ae-04046e6cc752} (Error opening file: Access denied)

    C:\System Volume Information\{b5f082f8-4ca1-11df-953a-00184dd8d40e}{3808876b-c176-4e48-b7ae-04046e6cc752} (Error opening file: Access denied)

    C:\System Volume Information\{b5f08304-4ca1-11df-953a-00184dd8d40e}{3808876b-c176-4e48-b7ae-04046e6cc752} (Error opening file: Access denied)

    C:\Users\User\AppData\Roaming\Microsoft\Windows\Cookies\user@www.ibizababes[2].txt (Infected with HTML/Redir.AF)
    Deleted file

    C:\Users\User\AppData\Roaming\Microsoft\Windows\Cookies\user@www.ibizababes[3].txt (Infected with HTML/Redir.AF)
    Deleted file

    C:\Users\User\AppData\Roaming\Microsoft\Windows\Cookies\user@www.topless-babes[2].txt (Infected with HTML/Redir.AE)
    Deleted file

    C:\Users\User\AppData\Roaming\Microsoft\Windows\Cookies\user@www.topless-babes[3].txt (Infected with HTML/Redir.AE)
    Deleted file

    C:\Users\User\Desktop\Bla Bla Bla\Blockland_12.exe/noname.nsis/file8 (Error whilst scanning file: I/O Error (0x00220005))

    C:\Users\User\Desktop\Bla Bla Bla\Blockland_12.exe/noname.nsis/file10 (Error whilst scanning file: I/O Error (0x00220005))

    C:\Users\User\Desktop\Bla Bla Bla\Blockland_12.exe/noname.nsis/file12 (Error whilst scanning file: I/O Error (0x00220005))

    C:\Users\User\Desktop\Bla Bla Bla\Blockland_12.exe/noname.nsis/file16/memePBear.png (Error whilst scanning file: I/O Error (0x00220005))

    C:\Users\User\Desktop\Bla Bla Bla\Blockland_12.exe/noname.nsis/file18/Jamie.png (Error whilst scanning file: I/O Error (0x00220005))

    C:\Users\User\Desktop\Bla Bla Bla\Blockland_12.exe/noname.nsis/file23 (Error whilst scanning file: I/O Error (0x00220005))

    C:\Users\User\Desktop\Bla Bla Bla\Blockland_12.exe/noname.nsis/file25 (Error whilst scanning file: I/O Error (0x00220005))

    C:\Users\User\Desktop\Bla Bla Bla\Blockland_12.exe/noname.nsis/file26 (Error whilst scanning file: I/O Error (0x00220005))

    C:\Users\User\Desktop\Bla Bla Bla\Blockland_12.exe/noname.nsis/file27 (Error whilst scanning file: I/O Error (0x00220005))

    C:\Users\User\Desktop\Bla Bla Bla\Blockland_12.exe/noname.nsis/file28 (Error whilst scanning file: I/O Error (0x00220005))

    C:\Users\User\Desktop\Bla Bla Bla\Blockland_12.exe/noname.nsis/file40/prints/BLP.png (Error whilst scanning file: I/O Error (0x00220005))

    C:\Users\User\Desktop\Bla Bla Bla\Blockland_12.exe/noname.nsis/file41/prints/chip1.png (Error whilst scanning file: I/O Error (0x00220005))

    C:\Users\User\Desktop\Bla Bla Bla\Blockland_12.exe/noname.nsis/file42/prints/arrow.png (Error whilst scanning file: I/O Error (0x00220005))

    C:\Users\User\Desktop\Bla Bla Bla\Blockland_12.exe/noname.nsis/file43/prints/medical1.png (Error whilst scanning file: I/O Error (0x00220005))

    C:\Users\User\Desktop\Bla Bla Bla\Blockland_12.exe/noname.nsis/file44/prints/monitor3.png (Error whilst scanning file: I/O Error (0x00220005))

    C:\Users\User\Desktop\Bla Bla Bla\Blockland_12.exe/noname.nsis/file46/rocketgravityprojectile.dts (Error whilst scanning file: I/O Error (0x00220005))

    C:\Users\User\Desktop\Bla Bla Bla\Blockland_12.exe/noname.nsis/file47 (Error whilst scanning file: I/O Error (0x00220005))

    C:\Users\User\Desktop\Bla Bla Bla\Blockland_12.exe/noname.nsis/file52 (Error whilst scanning file: I/O Error (0x00220005))

    C:\Users\User\Desktop\Bla Bla Bla\Blockland_12.exe/noname.nsis/file53 (Error whilst scanning file: I/O Error (0x00220005))

    C:\Users\User\Desktop\Bla Bla Bla\Blockland_12.exe/noname.nsis/file60/shot.wav (Error whilst scanning file: I/O Error (0x00220005))

    C:\Users\User\Desktop\Bla Bla Bla\Blockland_12.exe/noname.nsis/file66/rocketCone.png (Error whilst scanning file: I/O Error (0x00220005))

    C:\Users\User\Desktop\Bla Bla Bla\Blockland_12.exe/noname.nsis/file67/spearFire.wav (Error whilst scanning file: I/O Error (0x00220005))

    C:\Users\User\Desktop\Bla Bla Bla\Blockland_14.exe/noname.nsis/file8 (Error whilst scanning file: I/O Error (0x00220005))

    C:\Users\User\Desktop\Bla Bla Bla\Blockland_14.exe/noname.nsis/file10 (Error whilst scanning file: I/O Error (0x00220005))

    C:\Users\User\Desktop\Bla Bla Bla\Blockland_14.exe/noname.nsis/file12 (Error whilst scanning file: I/O Error (0x00220005))

    C:\Users\User\Desktop\Bla Bla Bla\Blockland_14.exe/noname.nsis/file16/memePBear.png (Error whilst scanning file: I/O Error (0x00220005))

    C:\Users\User\Desktop\Bla Bla Bla\Blockland_14.exe/noname.nsis/file18/Jamie.png (Error whilst scanning file: I/O Error (0x00220005))

    C:\Users\User\Desktop\Bla Bla Bla\Blockland_14.exe/noname.nsis/file23 (Error whilst scanning file: I/O Error (0x00220005))

    C:\Users\User\Desktop\Bla Bla Bla\Blockland_14.exe/noname.nsis/file26 (Error whilst scanning file: I/O Error (0x00220005))

    C:\Users\User\Desktop\Bla Bla Bla\Blockland_14.exe/noname.nsis/file27 (Error whilst scanning file: I/O Error (0x00220005))

    C:\Users\User\Desktop\Bla Bla Bla\Blockland_14.exe/noname.nsis/file28/4_1.jpg (Error whilst scanning file: I/O Error (0x00220005))

    C:\Users\User\Desktop\Bla Bla Bla\Blockland_14.exe/noname.nsis/file29 (Error whilst scanning file: I/O Error (0x00220005))

    C:\Users\User\Desktop\Bla Bla Bla\Blockland_14.exe/noname.nsis/file30 (Error whilst scanning file: I/O Error (0x00220005))

    C:\Users\User\Desktop\Bla Bla Bla\Blockland_14.exe/noname.nsis/file31 (Error whilst scanning file: I/O Error (0x00220005))

    C:\Users\User\Desktop\Bla Bla Bla\Blockland_14.exe/noname.nsis/file32 (Error whilst scanning file: I/O Error (0x00220005))

    C:\Users\User\Desktop\Bla Bla Bla\Blockland_14.exe/noname.nsis/file33 (Error whilst scanning file: I/O Error (0x00220005))

    C:\Users\User\Desktop\Bla Bla Bla\Blockland_14.exe/noname.nsis/file45/prints/BLP.png (Error whilst scanning file: I/O Error (0x00220005))

    C:\Users\User\Desktop\Bla Bla Bla\Blockland_14.exe/noname.nsis/file46/prints/chip1.png (Error whilst scanning file: I/O Error (0x00220005))

    C:\Users\User\Desktop\Bla Bla Bla\Blockland_14.exe/noname.nsis/file47/prints/arrow.png (Error whilst scanning file: I/O Error (0x00220005))

    C:\Users\User\Desktop\Bla Bla Bla\Blockland_14.exe/noname.nsis/file48/prints/medical1.png (Error whilst scanning file: I/O Error (0x00220005))

    C:\Users\User\Desktop\Bla Bla Bla\Blockland_14.exe/noname.nsis/file49/prints/monitor3.png (Error whilst scanning file: I/O Error (0x00220005))

    C:\Users\User\Desktop\Bla Bla Bla\Blockland_14.exe/noname.nsis/file51/rocketgravityprojectile.dts (Error whilst scanning file: I/O Error (0x00220005))

    C:\Users\User\Desktop\Bla Bla Bla\Blockland_14.exe/noname.nsis/file56 (Error whilst scanning file: I/O Error (0x00220005))

    C:\Users\User\Desktop\Bla Bla Bla\Blockland_14.exe/noname.nsis/file57 (Error whilst scanning file: I/O Error (0x00220005))

    C:\Users\User\Desktop\Bla Bla Bla\Blockland_14.exe/noname.nsis/file66/shot.wav (Error whilst scanning file: I/O Error (0x00220005))

    C:\Users\User\Desktop\Bla Bla Bla\Blockland_14.exe/noname.nsis/file72/rocketCone.png (Error whilst scanning file: I/O Error (0x00220005))

    C:\Users\User\Desktop\Bla Bla Bla\Blockland_14.exe/noname.nsis/file73/spearFire.wav (Error whilst scanning file: I/O Error (0x00220005))

    C:\Users\User\Desktop\Games\Left 4 Dead 2\L4D2Settings.exe (Infected with AutoRun.BBEE)
    Deleted file

    C:\Users\User\Music\iTunes\iTunes Media\Mobile Applications\Archers.ipa/Payload/Archers.app/options/options-1.rar/ACL (Error whilst scanning file: I/O Error (0x00220000))

    Scanning: C:\System Volume Information\*.*

    C:\System Volume Information\{3808876b-c176-4e48-b7ae-04046e6cc752} (Error opening file: Access denied)

    C:\System Volume Information\{862c85dc-4c77-11df-98ba-00184dd8d40e}{3808876b-c176-4e48-b7ae-04046e6cc752} (Error opening file: Access denied)

    C:\System Volume Information\{b5f082eb-4ca1-11df-953a-00184dd8d40e}{3808876b-c176-4e48-b7ae-04046e6cc752} (Error opening file: Access denied)

    C:\System Volume Information\{b5f082f8-4ca1-11df-953a-00184dd8d40e}{3808876b-c176-4e48-b7ae-04046e6cc752} (Error opening file: Access denied)

    C:\System Volume Information\{b5f08304-4ca1-11df-953a-00184dd8d40e}{3808876b-c176-4e48-b7ae-04046e6cc752} (Error opening file: Access denied)

    Scanning: postscan


    Running post-scan cleanup routine:

    Number of files found: 677751
    Number of archives unpacked: 3990
    Number of files scanned: 677647
    Number of files not scanned: 104
    Number of files skipped due to exclude list: 0
    Number of infected files found: 12
    Number of infected files repaired/deleted: 11
    Number of infections removed: 11
    Total scanning time: 1h 54m 20s


    Ich bin mir aber nicht sicher ob das so wahr ist , weil in dem Ordner des Trojaners sind verschiedene Daten aufgetaucht die mit dem Norman Malware Cleaner zusammenhängen.
    Einmal von "Malwarebytes" :


    Malwarebytes' Anti-Malware 1.45
    malwarebytes.org

    Datenbank Version: 3930

    Windows 6.1.7600
    Internet Explorer 8.0.7600.16385

    21.04.2010 14:49:06
    mbam-log-2010-04-21 (14-49-06).txt

    Art des Suchlaufs: Quick-Scan
    Durchsuchte Objekte: 102453
    Laufzeit: 3 Minute(n), 16 Sekunde(n)

    Infizierte Speicherprozesse: 0
    Infizierte Speichermodule: 0
    Infizierte Registrierungsschlüssel: 3
    Infizierte Registrierungswerte: 2
    Infizierte Dateiobjekte der Registrierung: 0
    Infizierte Verzeichnisse: 0
    Infizierte Dateien: 2

    Infizierte Speicherprozesse:
    (Keine bösartigen Objekte gefunden)

    Infizierte Speichermodule:
    (Keine bösartigen Objekte gefunden)

    Infizierte Registrierungsschlüssel:
    HKEY_CURRENT_USER\Software\YVIBBBHA8C (Trojan.Agent) -> No action taken.
    HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> No action taken.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Handle (Malware.Trace) -> No action taken.

    Infizierte Registrierungswerte:
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\yvibbbha8c (Trojan.FakeAlert) -> No action taken.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\canaveral (Trojan.Downloader) -> No action taken.

    Infizierte Dateiobjekte der Registrierung:
    (Keine bösartigen Objekte gefunden)

    Infizierte Verzeichnisse:
    (Keine bösartigen Objekte gefunden)

    Infizierte Dateien:
    C:\Windows\Tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job (Trojan.Downloader) -> No action taken.
    C:\Windows\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job (Trojan.Downloader) -> No action taken.





    Und das hier von "hijackthis" :


    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 14:51:21, on 21.04.2010
    Platform: Unknown Windows (WinNT 6.01.3504)
    MSIE: Unable to get Internet Explorer version!
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\taskhost.exe
    C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
    C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe
    C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
    C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
    C:\Program Files\Steam\Steam.exe
    C:\Program Files\Tobit Radio.fx\Client\rfx-tray.exe
    C:\Program Files\NETGEAR\WPN111\wpn111.exe
    C:\Program Files\Tobit Radio.fx\Client\rfx-client.exe
    C:\Program Files\OpenOffice.org 3\program\soffice.exe
    C:\Program Files\OpenOffice.org 3\program\soffice.bin
    C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
    C:\Program Files\Opera\opera.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
    C:\Windows\system32\DllHost.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = start.icq.com/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
    R3 - URLSearchHook: (no name) - - (no file)
    R3 - URLSearchHook: DVDVideoSoft Toolbar - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Program Files\DVDVideoSoft\tbDVDV.dll
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: DVDVideoSoft Toolbar - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Program Files\DVDVideoSoft\tbDVDV.dll
    O3 - Toolbar: DVDVideoSoft Toolbar - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Program Files\DVDVideoSoft\tbDVDV.dll
    O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [LogMeIn Hamachi Ui] "C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
    O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
    O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
    O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
    O4 - HKCU\..\Run: [rfxsrvtray] "C:\Program Files\Tobit Radio.fx\Client\rfx-tray.exe"
    O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\\Phone\Skype.exe" /nosplash /minimized
    O4 - HKCU\..\Run: [Windows System Guard] C:\Users\Public\dlll.exe
    O4 - HKCU\..\Run: [YVIBBBHA8C] C:\Users\User\AppData\Local\Temp\Zcz.exe
    O4 - HKCU\..\Run: [Canaveral] rundll32.exe C:\Users\User\AppData\Local\Temp\sshnas21.dll,BackupReadW
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOKALER DIENST')
    O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOKALER DIENST')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETZWERKDIENST')
    O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETZWERKDIENST')
    O4 - Startup: OpenOffice.org 3.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
    O4 - Global Startup: NETGEAR WPN111 Smart Wizard.lnk = ?
    O4 - Global Startup: Radio.fx.LNK = C:\Program Files\Tobit Radio.fx\Client\rfx-client.exe
    O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
    O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
    O13 - Gopher Prefix:
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - fpdownload2.macromedia.com/get…ve/cabs/flash/swflash.cab
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
    O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
    O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    O23 - Service: Dienst "Bonjour" (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: LogMeIn Hamachi 2.0 Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
    O23 - Service: ICQ Service - Unknown owner - C:\Program Files\ICQ6Toolbar\ICQ Service.exe
    O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
    O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)
    O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
    O23 - Service: Radio.fx Server (Radio.fx) - Unknown owner - C:\Program Files\Tobit Radio.fx\Server\rfx-server.exe
    O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe

    --
    End of file - 7631 bytes

    Niklas schrieb:



    Malwarebytes' Anti-Malware 1.45
    Datenbank Version: 3930


    1. Du hast Malwarebytes nicht upgadated bevor du den Scan durchgeführt hast! Update das Programm (Gehe auf "Update")
    Scanne nach dem Update noch einmal. Die Fünde entfernst du nach dem Scan (Alles ankreuzen und auf "Entferne Auswahl)
    Siehe auch Malwarebytes Anleitung in meinem letzten Thread.

    2. Scane mit Hijackthis. Kreuze folgende Einträge an und klicke dann auf "fix checked"
    R3 - URLSearchHook: (no name) - - (no file)
    O4 - HKLM\..\Run: [LogMeIn Hamachi Ui] "C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
    O4 - HKCU\..\Run: [YVIBBBHA8C] C:\Users\User\AppData\Local\Temp\Zcz.exe
    O4 - HKCU\..\Run: [Canaveral] rundll32.exe C:\Users\User\AppData\Local\Temp\sshnas21.dll,BackupReadW

    3. Führe das durch:
    forum.hijackthis.de/tipps-tric…6-ccleaner-anleitung.html
    Mache eine Datei und eine Registry Reinigung.



    GAV
    Combofix :

    ComboFix 10-04-20.04 - User 21.04.2010 18:28:50.1.4 - x86
    Microsoft Windows 7 Home Premium 6.1.7600.0.1252.49.1031.18.3582.2406 [GMT 2:00]
    ausgeführt von:: c:\users\User\Desktop\ComboFix.exe
    .

    (((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\install.exe
    c:\program files\Cheat Engine\dbk32.sys

    .
    ((((((((((((((((((((((( Dateien erstellt von 2010-03-21 bis 2010-04-21 ))))))))))))))))))))))))))))))
    .

    2010-04-21 16:35 . 2010-04-21 16:35 -------- d-----w- c:\users\Default\AppData\Local\temp
    2010-04-21 16:21 . 2010-04-21 16:21 -------- d-----w- c:\program files\CCleaner
    2010-04-21 12:50 . 2010-04-21 12:50 -------- d-----w- c:\program files\Trend Micro
    2010-04-21 12:44 . 2010-04-21 12:44 -------- d-----w- c:\users\User\AppData\Roaming\Malwarebytes
    2010-04-21 12:44 . 2010-03-29 22:46 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-04-21 12:44 . 2010-04-21 12:44 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2010-04-21 12:44 . 2010-04-21 12:44 -------- d-----w- c:\programdata\Malwarebytes
    2010-04-21 12:44 . 2010-03-29 22:45 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-04-20 20:40 . 2010-04-20 20:45 -------- d-----w- c:\users\User\AppData\Roaming\ICQ
    2010-04-20 20:40 . 2010-04-20 20:45 -------- d-----w- c:\program files\ICQ6.5
    2010-04-20 17:00 . 2010-04-20 17:00 -------- d-----w- c:\users\User\AppData\Roaming\BitDefender
    2010-04-19 20:41 . 2010-04-19 20:41 -------- d-----w- c:\users\User\AppData\Local\AOL
    2010-04-18 09:27 . 2010-04-20 20:41 -------- d-----w- c:\users\User\AppData\Roaming\vlc
    2010-04-18 09:25 . 2010-04-18 09:25 -------- d-----w- c:\program files\VideoLAN
    2010-04-17 21:09 . 2010-04-17 21:09 -------- d-----w- c:\program files\Midway Games
    2010-04-16 18:32 . 2010-04-16 18:32 -------- d-----w- c:\program files\Trojancheck 6
    2010-04-15 05:06 . 2010-02-27 12:07 3954568 ----a-w- c:\windows\system32\ntkrnlpa.exe
    2010-04-15 05:06 . 2010-02-27 12:07 3899280 ----a-w- c:\windows\system32\ntoskrnl.exe
    2010-04-15 05:06 . 2010-03-08 21:33 427520 ----a-w- c:\windows\system32\vbscript.dll
    2010-04-15 05:06 . 2010-02-27 07:32 221696 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
    2010-04-15 05:06 . 2010-02-27 07:32 95744 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
    2010-04-15 05:06 . 2010-02-27 07:32 123392 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
    2010-04-14 16:20 . 2010-01-09 06:52 132608 ----a-w- c:\windows\system32\cabview.dll
    2010-04-14 16:20 . 2009-12-29 06:55 172032 ----a-w- c:\windows\system32\wintrust.dll
    2010-04-04 10:33 . 2010-02-03 13:56 26176 ---ha-w- c:\windows\system32\hamachi.sys
    2010-04-04 10:33 . 2010-04-04 10:33 -------- d-----w- c:\program files\LogMeIn Hamachi
    2010-04-03 11:09 . 2010-04-03 11:09 -------- d-----w- c:\program files\iPod
    2010-04-03 11:09 . 2010-04-03 11:09 -------- d-----w- c:\programdata\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
    2010-04-03 11:09 . 2010-04-03 11:09 -------- d-----w- c:\program files\iTunes
    2010-04-03 11:07 . 2010-04-03 11:07 -------- d-----w- c:\program files\QuickTime
    2010-04-03 11:06 . 2010-04-03 11:06 -------- d-----w- c:\program files\Bonjour
    2010-04-03 10:57 . 2010-04-03 10:57 73000 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 9.1.0.79\SetupAdmin.exe
    2010-03-31 15:50 . 2010-02-23 07:56 977920 ----a-w- c:\windows\system32\wininet.dll
    2010-03-31 10:17 . 2010-03-31 10:17 426704 ----a-w- c:\windows\system32\uc_wepic_launching.dll
    2010-03-29 21:54 . 2010-04-21 16:35 -------- d-----w- c:\program files\Cheat Engine
    2010-03-29 21:54 . 2009-11-03 11:07 679936 ----a-w- c:\windows\system32\D3DX81ab.dll
    2010-03-29 21:54 . 2009-11-03 11:07 1970176 ----a-w- c:\windows\system32\d3dx9.dll
    2010-03-27 17:59 . 2010-03-27 17:59 -------- d-----w- c:\program files\Common Files\Skype

    .
    (((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-04-21 15:51 . 2009-12-24 21:38 -------- d-----w- c:\program files\Steam
    2010-04-21 13:03 . 2009-12-24 21:38 -------- d-----w- c:\program files\Common Files\Steam
    2010-04-20 20:41 . 2009-12-24 21:44 -------- d-----w- c:\program files\ICQ6Toolbar
    2010-04-20 20:41 . 2009-12-24 21:44 -------- d-----w- c:\programdata\ICQ
    2010-04-20 18:31 . 2010-02-14 18:15 -------- d-----w- c:\program files\Counter-Strike 1.6
    2010-04-20 17:53 . 2010-01-04 14:34 1 ----a-w- c:\users\User\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
    2010-04-19 20:41 . 2009-12-23 10:28 -------- d--h--w- c:\program files\InstallShield Installation Information
    2010-04-18 20:14 . 2009-07-14 08:47 759178 ----a-w- c:\windows\system32\perfc007.dat
    2010-04-18 20:14 . 2009-07-14 08:47 2685682 ----a-w- c:\windows\system32\perfh007.dat
    2010-04-18 05:00 . 2010-02-13 16:55 138464 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
    2010-04-18 05:00 . 2010-02-13 16:55 111928 ----a-w- c:\windows\system32\PnkBstrB.exe
    2010-04-03 11:09 . 2009-12-25 01:05 -------- d-----w- c:\program files\Common Files\Apple
    2010-03-28 12:21 . 2010-02-06 22:19 -------- d-----w- c:\users\User\AppData\Roaming\Skype
    2010-03-28 12:20 . 2010-02-06 22:22 -------- d-----w- c:\users\User\AppData\Roaming\skypePM
    2010-03-24 19:38 . 2009-12-24 21:28 -------- d-----w- c:\program files\Opera
    2010-03-20 10:01 . 2010-02-13 09:50 -------- d-----w- c:\program files\Safari
    2010-03-20 09:58 . 2010-03-20 09:58 79144 ----a-w- c:\programdata\Apple Computer\Installer Cache\Safari 5.31.22.7\SetupAdmin.exe
    2010-03-17 19:48 . 2010-03-17 19:48 -------- d-----w- c:\program files\NCSoft
    2010-03-15 17:03 . 2010-03-15 16:23 -------- d-----w- c:\users\User\AppData\Roaming\Notepad++
    2010-03-15 16:43 . 2010-03-15 16:23 -------- d-----w- c:\program files\Notepad++
    2010-03-15 11:17 . 2009-12-30 23:04 1848584 ----a-w- c:\windows\RXSUnins.exe
    2010-03-15 11:17 . 2009-12-30 23:04 1848584 ----a-w- c:\windows\RXCUnins.exe
    2010-03-14 11:41 . 2010-03-14 11:41 144053 ----a-w- c:\users\User\AppData\Roaming\Move Networks\uninstall.exe
    2010-03-14 11:41 . 2010-03-14 11:41 -------- d-----w- c:\users\User\AppData\Roaming\Move Networks
    2010-03-14 11:41 . 2010-02-11 19:31 5640640 ----a-w- c:\users\User\AppData\Roaming\Move Networks\plugins\071802000001\npqmp071802000001.dll
    2010-03-12 18:42 . 2010-02-13 16:55 22328 ----a-w- c:\users\User\AppData\Roaming\PnkBstrK.sys
    2010-03-12 18:42 . 2010-02-13 16:55 22328 ----a-w- c:\users\User\AppData\Roaming\PnkBstrK.sys
    2010-03-12 18:41 . 2010-02-13 16:55 682280 ----a-w- c:\windows\system32\pbsvc.exe
    2010-03-12 18:35 . 2010-03-04 19:27 -------- d-----w- c:\program files\Activision
    2010-03-10 15:04 . 2010-03-10 15:03 -------- d-----w- c:\users\User\AppData\Roaming\gtk-2.0
    2010-03-10 14:43 . 2010-03-10 14:43 -------- d-----w- c:\program files\GIMP-2.0
    2010-03-07 01:26 . 2010-03-06 21:08 -------- d-----w- c:\program files\Warcraft III
    2010-03-06 21:14 . 2010-03-06 21:08 -------- d-----w- c:\program files\Common Files\Blizzard Entertainment
    2010-03-04 20:35 . 2010-02-13 16:55 75064 ----a-w- c:\windows\system32\PnkBstrA.exe
    2010-03-04 16:36 . 2010-03-04 16:36 -------- d-----w- c:\programdata\PopCap Games
    2010-03-04 16:36 . 2010-03-04 16:36 -------- d-----w- c:\users\User\AppData\Roaming\Thinstall
    2010-03-04 11:42 . 2010-03-04 11:42 277536 ----a-w- c:\windows\system32\drivers\Rt86win7.sys
    2010-03-03 20:35 . 2009-12-23 10:27 -------- d-----w- c:\program files\Common Files\Adobe
    2010-03-02 13:52 . 2010-03-02 13:50 -------- d-----w- c:\programdata\Norton
    2010-03-02 13:50 . 2010-03-02 13:50 -------- d-----w- c:\programdata\Symantec
    2010-03-02 13:50 . 2010-03-02 13:50 -------- d-----w- c:\programdata\NortonInstaller
    2010-02-28 20:30 . 2010-02-28 20:30 -------- d-----w- c:\programdata\Avira
    2010-02-28 20:30 . 2010-02-28 20:30 -------- d-----w- c:\program files\Avira
    2010-02-28 15:15 . 2010-02-28 01:00 -------- d-----w- c:\users\User\AppData\Roaming\ijjigame
    2010-02-28 00:49 . 2010-02-28 00:49 -------- d-----w- c:\program files\Common Files\INCA Shared
    2010-02-28 00:07 . 2010-02-28 00:07 -------- d-----w- c:\program files\ijji
    2010-02-27 14:21 . 2010-02-27 14:21 -------- d-----w- c:\users\User\AppData\Roaming\Weaverslave
    2010-02-27 14:21 . 2010-02-27 14:21 -------- d-----w- c:\program files\Weaverslave
    2010-02-27 08:13 . 2010-02-27 08:13 -------- d--h--r- c:\users\User\AppData\Roaming\SecuROM
    2010-02-27 07:51 . 2010-02-27 07:51 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
    2010-02-27 07:42 . 2010-02-27 07:42 -------- d-----w- c:\program files\Ubisoft
    2010-02-24 08:16 . 2009-12-23 08:12 181632 ------w- c:\windows\system32\MpSigStub.exe
    2010-02-22 19:26 . 2010-02-22 19:26 147456 ----a-w- c:\windows\system32\uc_neosteam_launching.dll
    2010-02-19 13:29 . 2010-01-13 15:41 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\Markup.dll
    2010-02-18 10:58 . 2010-01-13 15:40 1170240 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
    2010-02-14 16:09 . 2009-12-24 21:21 61624 ----a-w- c:\users\User\AppData\Local\GDIPFONTCACHEV1.DAT
    2010-02-13 17:28 . 2010-02-13 17:28 92 ----a-w- c:\users\User\AppData\Local\fusioncache.dat
    2010-02-13 09:44 . 2010-02-13 09:44 79144 ----a-w- c:\programdata\Apple Computer\Installer Cache\Safari 5.31.21.10\SetupAdmin.exe
    2010-02-12 09:46 . 2010-02-12 09:46 91424 ----a-w- c:\windows\system32\dnssd.dll
    2010-02-12 09:46 . 2010-02-12 09:46 107808 ----a-w- c:\windows\system32\dns-sd.exe
    2010-02-11 19:31 . 2010-02-11 19:31 97216 ----a-w- c:\users\User\AppData\Roaming\Move Networks\ie_bin\MovePlayerUpgrade.exe
    2010-02-11 07:10 . 2010-03-15 15:57 293376 ----a-w- c:\windows\system32\browserchoice.exe
    2010-02-06 22:22 . 2010-02-06 22:22 48 ---ha-w- c:\programdata\ezsidmv.dat
    2010-02-04 17:31 . 2009-12-24 21:41 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\Markup.dll
    2010-02-04 17:31 . 2009-12-24 21:41 1195328 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
    2010-02-03 10:24 . 2010-02-03 10:24 94208 ----a-w- c:\windows\system32\RTNUninst32.dll
    2010-02-02 07:45 . 2010-02-24 13:52 2048 ----a-w- c:\windows\system32\tzres.dll
    2010-01-28 21:58 . 2010-01-28 21:58 376320 ----a-r- c:\users\User\AppData\Roaming\Microsoft\Installer\{52B65911-1559-4ED5-9461-46957FDD48CD}\Icon52B659113.exe
    2010-01-25 15:33 . 2010-01-25 15:33 4608 ----a-w- c:\windows\system32\w95inf32.dll
    2010-01-25 15:33 . 2010-01-25 15:33 2272 ----a-w- c:\windows\system32\w95inf16.dll
    2010-01-22 08:24 . 2010-01-22 08:24 64000 ----a-w- c:\windows\system32\uc_sfighters_launching.dll
    2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sha-r- c:\windows\Fonts\StaticCache.dat
    2009-07-14 01:14 . 2009-07-13 23:42 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe
    .
    Teil 2 :

    (((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
    REGEDIT4

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
    "{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}"= "c:\program files\DVDVideoSoft\tbDVDV.dll" [2009-11-09 2331672]

    [HKEY_CLASSES_ROOT\clsid\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}]
    2009-11-09 17:38 2331672 ----a-w- c:\program files\DVDVideoSoft\tbDVDV.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}"= "c:\program files\DVDVideoSoft\tbDVDV.dll" [2009-11-09 2331672]

    [HKEY_CLASSES_ROOT\clsid\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}]

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
    "{E9911EC6-1BCC-40B0-9993-E0EEA7F6953F}"= "c:\program files\DVDVideoSoft\tbDVDV.dll" [2009-11-09 2331672]

    [HKEY_CLASSES_ROOT\clsid\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-07-18 451872]
    "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-01 153136]
    "Steam"="c:\program files\steam\steam.exe" [2010-04-15 1238352]
    "rfxsrvtray"="c:\program files\Tobit Radio.fx\Client\rfx-tray.exe" [2010-01-13 686344]
    "Skype"="c:\program files\Skype\\Phone\Skype.exe" [2010-03-09 26100520]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 32768]
    "NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
    "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2010-01-04 149280]
    "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-03-16 47392]
    "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-17 421888]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-03-25 142120]
    "LogMeIn Hamachi Ui"="c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe" [2010-03-30 1820040]
    "Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-03-29 1086856]

    c:\users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    OpenOffice.org 3.1.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-8-18 384000]

    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    NETGEAR WPN111 Smart Wizard.lnk - c:\program files\NETGEAR\WPN111\wpn111.exe [2009-12-24 893029]
    Radio.fx.LNK - c:\program files\Tobit Radio.fx\Client\rfx-client.exe [2009-12-31 5844744]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "aux1"=wdmaud.drv

    R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [2010-02-16 3465452]
    S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-08-18 176128]
    S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2009-05-13 108289]
    S2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [2010-03-30 1107336]
    S2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [2010-01-03 246520]
    S2 Radio.fx;Radio.fx Server;c:\program files\Tobit Radio.fx\Server\rfx-server.exe [2010-04-01 2429192]
    S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2010-03-04 277536]
    S3 WPN111;Wireless USB 2.0 Adapter with RangeMax Service;c:\windows\system32\DRIVERS\WPN111.sys [2005-09-26 362944]


    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
    2007-07-18 16:53 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
    .
    .
    ------- Zusätzlicher Suchlauf -------
    .
    uStart Page = hxxp://start.icq.com/
    uInternet Settings,ProxyOverride = *.local
    FF - ProfilePath - c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\7qjhknbv.default\
    FF - prefs.js: browser.search.selectedEngine - ICQ Search
    FF - prefs.js: browser.startup.homepage - hxxp://start.icq.com/
    FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=2.0.0.2&q=
    FF - plugin: c:\users\User\AppData\Roaming\Move Networks\plugins\071802000001\npqmp071802000001.dll

    ---- FIREFOX Richtlinien ----
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
    c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
    c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
    .
    - - - - Entfernte verwaiste Registrierungseinträge - - - -

    HKCU-Run-PlayNC Launcher - (no file)



    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc]
    "ImagePath"="c:\windows\system32\GameMon.des -service"
    .
    --------------------- Gesperrte Registrierungsschluessel ---------------------

    [HKEY_USERS\S-1-5-21-1005014840-1413831162-2888623346-1000\Software\SecuROM\License information*]
    "datasecu"=hex:67,53,07,25,43,80,ef,ac,09,59,2c,0f,a2,66,0a,88,e0,a9,cb,f4,17,
    69,1e,fa,c5,54,66,dd,9a,ff,33,78,47,34,56,ac,78,03,b6,a1,b7,de,44,44,a2,ff,\
    "rkeysecu"=hex:2f,6a,84,8a,69,25,57,3d,08,5d,ae,7a,cb,e7,d9,e0

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    Zeit der Fertigstellung: 2010-04-21 18:36:50
    ComboFix-quarantined-files.txt 2010-04-21 16:36

    Vor Suchlauf: 10 Verzeichnis(se), 58.821.263.360 Bytes frei
    Nach Suchlauf: 13 Verzeichnis(se), 58.524.356.608 Bytes frei


    ----------------------------------------------------------------------------------------------------------------------------------------------------


    Malwarebytes' Anti-Malware 1.45
    malwarebytes.org

    Datenbank Version: 4016

    Windows 6.1.7600
    Internet Explorer 8.0.7600.16385

    21.04.2010 19:04:19
    mbam-log-2010-04-21 (19-04-19).txt

    Art des Suchlaufs: Quick-Scan
    Durchsuchte Objekte: 106688
    Laufzeit: 3 Minute(n), 0 Sekunde(n)

    Infizierte Speicherprozesse: 0
    Infizierte Speichermodule: 0
    Infizierte Registrierungsschlüssel: 0
    Infizierte Registrierungswerte: 0
    Infizierte Dateiobjekte der Registrierung: 0
    Infizierte Verzeichnisse: 0
    Infizierte Dateien: 0

    Infizierte Speicherprozesse:
    (Keine bösartigen Objekte gefunden)

    Infizierte Speichermodule:
    (Keine bösartigen Objekte gefunden)

    Infizierte Registrierungsschlüssel:
    (Keine bösartigen Objekte gefunden)

    Infizierte Registrierungswerte:
    (Keine bösartigen Objekte gefunden)

    Infizierte Dateiobjekte der Registrierung:
    (Keine bösartigen Objekte gefunden)

    Infizierte Verzeichnisse:
    (Keine bösartigen Objekte gefunden)

    Infizierte Dateien:
    (Keine bösartigen Objekte gefunden)



    - - End Of File - - 63B19678B8B957FC439A433CCD5720CD
    ---------------------------------------------------------------------------------------------------------------------------------
    O.T.L.(© OldTimer) Logfile erstellen
    ------------------------------------------------------------------------------------------------------------------------------------


    1.) Bitte auch hier alle vorhandenen Hintergrundwächter("Guards") temporär deaktivieren, da O.T.L. von einigen Anti-Malware-Lösungen ebenso fälschlicherweise als schädlich eingestuft wird.

    Dann die Software von hier herunterladen und mittels Doppelklick ausführen(die Nachfrage bestätigen).
    sicher-ins-netz.info/analyse/otl.html

    2.) Nach dem Ausführen erscheint folgendes


    Ein Fenster. Für eine erste Einschätzung genügt der "Quick Scan", der mit einem Klick auf den oben markierten Button gestartet wird.

    3.) Das Programm erstellt nach einiger Zeit (Systemabhängig) ein Logfile namens OTL.Txt, das mittels STRG+A, STRG+C und STRG+V in den Thread eingefügt werden kann.

    Auch hier gilt: Sollten sich in den Logfiles persönliche Daten wie z.b. C:\Dokumente und Einstellungen\Klaus Schulze befinden, diese durch Asterisken(C:\Dokumente und Einstellungen\***) unkenntlich machen.
    OTL logfile created on: 21.04.2010 19:28:33 - Run 1
    OTL by OldTimer - Version 3.2.1.3 Folder = C:\Users\User\Desktop
    Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.7600.16385)
    Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

    3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 62,00% Memory free
    7,00 Gb Paging File | 6,00 Gb Available in Paging File | 81,00% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 297,99 Gb Total Space | 54,38 Gb Free Space | 18,25% Space Free | Partition Type: NTFS
    D: Drive not present or media not loaded
    E: Drive not present or media not loaded
    F: Drive not present or media not loaded
    G: Drive not present or media not loaded
    H: Drive not present or media not loaded
    I: Drive not present or media not loaded

    Computer Name: USER-PC
    Current User Name: User
    Logged in as Administrator.

    Current Boot Mode: Normal
    Scan Mode: Current user
    Company Name Whitelist: On
    Skip Microsoft Files: On
    File Age = 14 Days
    Output = Standard
    Quick Scan

    ========== Processes (SafeList) ==========

    PRC - [2010.04.21 19:28:27 | 000,562,176 | ---- | M] (OldTimer Tools) -- C:\Users\User\Desktop\OTL.exe
    PRC - [2010.04.21 14:38:19 | 000,390,952 | ---- | M] (Valve Corporation) -- C:\Programme\Common Files\Steam\SteamService.exe
    PRC - [2010.04.15 16:48:24 | 001,238,352 | ---- | M] (Valve Corporation) -- C:\Programme\Steam\Steam.exe
    PRC - [2010.04.04 16:08:35 | 006,289,096 | ---- | M] (TeamSpeak Systems GmbH) -- C:\Users\User\AppData\Local\TeamSpeak 3 Client\ts3client_win32.exe
    PRC - [2010.04.01 13:55:10 | 002,429,192 | ---- | M] () -- C:\Programme\Tobit Radio.fx\Server\rfx-server.exe
    PRC - [2010.03.30 11:16:12 | 001,107,336 | ---- | M] (LogMeIn Inc.) -- C:\Programme\LogMeIn Hamachi\hamachi-2.exe
    PRC - [2010.03.19 10:49:20 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Programme\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    PRC - [2010.03.18 02:43:38 | 000,835,952 | ---- | M] (Opera Software) -- C:\Programme\Opera\opera.exe
    PRC - [2010.01.13 13:24:52 | 000,686,344 | ---- | M] (Tobit.Software) -- C:\Programme\Tobit Radio.fx\Client\rfx-tray.exe
    PRC - [2010.01.04 16:29:58 | 000,386,872 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Java\jre6\bin\jucheck.exe
    PRC - [2010.01.03 17:07:48 | 000,246,520 | ---- | M] () -- C:\Programme\ICQ6Toolbar\ICQ Service.exe
    PRC - [2009.12.02 16:43:35 | 000,470,785 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avcenter.exe
    PRC - [2009.10.31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
    PRC - [2009.08.18 03:36:36 | 000,348,160 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe
    PRC - [2009.08.18 03:36:08 | 000,176,128 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe
    PRC - [2009.07.21 14:34:28 | 000,185,089 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
    PRC - [2009.07.14 03:14:47 | 001,121,280 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
    PRC - [2009.07.14 03:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
    PRC - [2009.05.13 16:48:18 | 000,108,289 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
    PRC - [2009.03.02 13:08:43 | 000,209,153 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
    PRC - [2007.06.01 11:21:30 | 001,209,904 | ---- | M] (Nero AG) -- C:\Programme\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
    PRC - [2007.06.01 11:21:08 | 000,153,136 | ---- | M] (Nero AG) -- C:\Programme\Common Files\Ahead\Lib\NMBgMonitor.exe
    PRC - [2006.03.27 16:46:00 | 000,893,029 | ---- | M] (NETGEAR) -- C:\Programme\NETGEAR\WPN111\WPN111.exe


    ========== Modules (SafeList) ==========

    MOD - [2010.04.21 19:28:27 | 000,562,176 | ---- | M] (OldTimer Tools) -- C:\Users\User\Desktop\OTL.exe
    MOD - [2009.07.14 03:16:15 | 000,099,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sspicli.dll
    MOD - [2009.07.14 03:16:13 | 000,092,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sechost.dll
    MOD - [2009.07.14 03:16:13 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\samcli.dll
    MOD - [2009.07.14 03:16:12 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\profapi.dll
    MOD - [2009.07.14 03:16:03 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\netutils.dll
    MOD - [2009.07.14 03:15:35 | 000,288,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\KernelBase.dll
    MOD - [2009.07.14 03:15:13 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dwmapi.dll
    MOD - [2009.07.14 03:15:11 | 000,064,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\devobj.dll
    MOD - [2009.07.14 03:15:07 | 000,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cryptbase.dll
    MOD - [2009.07.14 03:15:02 | 000,145,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cfgmgr32.dll
    MOD - [2009.07.14 03:03:50 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll


    ========== Win32 Services (SafeList) ==========

    SRV - [2010.04.21 14:38:19 | 000,390,952 | ---- | M] (Valve Corporation) [On_Demand | Running] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
    SRV - [2010.04.01 13:55:10 | 002,429,192 | ---- | M] () [Auto | Running] -- C:\Programme\Tobit Radio.fx\Server\rfx-server.exe -- (Radio.fx)
    SRV - [2010.03.30 11:16:12 | 001,107,336 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
    SRV - [2010.03.19 10:49:20 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
    SRV - [2010.02.16 22:42:00 | 003,465,452 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\System32\GameMon.des -- (npggsvc)
    SRV - [2010.01.03 17:07:48 | 000,246,520 | ---- | M] () [Auto | Running] -- C:\Programme\ICQ6Toolbar\ICQ Service.exe -- (ICQ Service)
    SRV - [2009.08.18 03:36:08 | 000,176,128 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
    SRV - [2009.07.21 14:34:28 | 000,185,089 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
    SRV - [2009.07.14 03:16:21 | 000,185,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wwansvc.dll -- (WwanSvc)
    SRV - [2009.07.14 03:16:17 | 000,151,552 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wbiosrvc.dll -- (WbioSrvc)
    SRV - [2009.07.14 03:16:17 | 000,119,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\umpo.dll -- (Power)
    SRV - [2009.07.14 03:16:16 | 000,037,376 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\themeservice.dll -- (Themes)
    SRV - [2009.07.14 03:16:15 | 000,053,760 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sppuinotify.dll -- (sppuinotify)
    SRV - [2009.07.14 03:16:13 | 000,043,520 | ---- | M] (Microsoft Corporation) [Unknown | Running] -- C:\Windows\System32\RpcEpMap.dll -- (RpcEptMapper)
    SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
    SRV - [2009.07.14 03:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpsvc.dll -- (PNRPsvc)
    SRV - [2009.07.14 03:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpsvc.dll -- (p2pimsvc)
    SRV - [2009.07.14 03:16:12 | 000,165,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\provsvc.dll -- (HomeGroupProvider)
    SRV - [2009.07.14 03:16:12 | 000,020,480 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpauto.dll -- (PNRPAutoReg)
    SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV - [2009.07.14 03:15:36 | 000,194,560 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\ListSvc.dll -- (HomeGroupListener)
    SRV - [2009.07.14 03:15:21 | 000,797,696 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\FntCache.dll -- (FontCache)
    SRV - [2009.07.14 03:15:11 | 000,253,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dhcpcore.dll -- (Dhcp)
    SRV - [2009.07.14 03:15:10 | 000,218,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\defragsvc.dll -- (defragsvc)
    SRV - [2009.07.14 03:14:59 | 000,076,800 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\bdesvc.dll -- (BDESVC)
    SRV - [2009.07.14 03:14:58 | 000,088,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\AxInstSv.dll -- (AxInstSV) ActiveX-Installer (AxInstSV)
    SRV - [2009.07.14 03:14:53 | 000,027,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\appidsvc.dll -- (AppIDSvc)
    SRV - [2009.07.14 03:14:29 | 003,179,520 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\sppsvc.exe -- (sppsvc)
    SRV - [2009.05.13 16:48:18 | 000,108,289 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========
    Teil 2

    IE - HKLM\..\URLSearchHook: - Reg Error: Key error. File not found
    IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
    IE - HKLM\..\URLSearchHook: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Programme\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.)

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = start.icq.com/
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = de.msn.com/?ocid=iehp
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 73 FE 80 3F DF 84 CA 01 [binary data]
    IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
    IE - HKCU\..\URLSearchHook: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Programme\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.)
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

    ========== FireFox ==========

    FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
    FF - prefs.js..browser.search.selectedEngine: "ICQ Search"
    FF - prefs.js..browser.startup.homepage: "http://start.icq.com/"
    FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:2.0.0.2
    FF - prefs.js..keyword.URL: "http://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=2.0.0.2&q="

    FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.04.03 13:07:53 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.04.03 13:07:53 | 000,000,000 | ---D | M]

    [2010.03.15 21:08:54 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\mozilla\Extensions
    [2010.04.20 22:41:54 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\7qjhknbv.default\extensions
    [2010.04.19 22:41:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\7qjhknbv.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
    [2008.07.10 12:19:06 | 000,000,944 | ---- | M] () -- C:\Users\User\AppData\Roaming\Mozilla\FireFox\Profiles\7qjhknbv.default\searchplugins\icqplugin.xml
    [2010.03.15 21:08:34 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions
    [2010.01.16 03:15:29 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
    [2010.01.16 03:15:29 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
    [2010.01.16 03:15:29 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
    [2010.01.16 03:15:29 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
    [2010.01.16 03:15:29 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml

    O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
    O2 - BHO: (DVDVideoSoft Toolbar) - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Programme\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.)
    O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
    O3 - HKLM\..\Toolbar: (DVDVideoSoft Toolbar) - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Programme\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.)
    O3 - HKCU\..\Toolbar\WebBrowser: (DVDVideoSoft Toolbar) - {E9911EC6-1BCC-40B0-9993-E0EEA7F6953F} - C:\Programme\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.)
    O4 - HKLM..\Run: [AppleSyncNotifier] C:\Programme\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.)
    O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
    O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
    O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
    O4 - HKLM..\Run: [NeroFilterCheck] C:\Programme\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
    O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
    O4 - HKCU..\Run: [rfxsrvtray] C:\Program Files\Tobit Radio.fx\Client\rfx-tray.exe (Tobit.Software)
    O4 - HKCU..\Run: [Steam] c:\program files\steam\steam.exe (Valve Corporation)
    O4 - Startup: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe ()
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.)
    O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
    O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} fpdownload2.macromedia.com/get…ve/cabs/flash/swflash.cab (Shockwave Flash Object)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
    O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation)
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    ========== Files/Folders - Created Within 14 Days ==========

    [2010.04.21 19:28:26 | 000,562,176 | ---- | C] (OldTimer Tools) -- C:\Users\User\Desktop\OTL.exe
    [2010.04.21 18:42:40 | 000,000,000 | ---D | C] -- C:\Users\User\Desktop\AntiVir
    [2010.04.21 18:37:07 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
    [2010.04.21 18:28:07 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
    [2010.04.21 18:28:07 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
    [2010.04.21 18:28:07 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
    [2010.04.21 18:28:03 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
    [2010.04.21 18:27:27 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2010.04.21 18:27:14 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
    [2010.04.21 18:21:29 | 000,000,000 | ---D | C] -- C:\Programme\CCleaner
    [2010.04.21 14:50:39 | 000,000,000 | ---D | C] -- C:\Programme\Trend Micro
    [2010.04.21 14:44:07 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Malwarebytes
    [2010.04.21 14:44:02 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
    [2010.04.21 14:44:00 | 000,020,824 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
    [2010.04.21 14:44:00 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
    [2010.04.21 14:44:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
    [2010.04.20 22:40:46 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\ICQ
    [2010.04.20 22:40:22 | 000,000,000 | ---D | C] -- C:\Programme\ICQ6.5
    [2010.04.20 19:00:47 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\BitDefender
    [2010.04.19 22:41:05 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\AOL
    [2010.04.18 11:27:55 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\vlc
    [2010.04.18 11:25:32 | 000,000,000 | ---D | C] -- C:\Programme\VideoLAN
    [2010.04.17 23:09:18 | 000,000,000 | ---D | C] -- C:\Programme\Midway Games
    [2010.04.16 20:32:11 | 000,000,000 | ---D | C] -- C:\Programme\Trojancheck 6
    [2009.12.24 23:58:18 | 814,143,398 | ---- | C] (GOA ) -- C:\Users\User\loleusetup.exe
    [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

    ========== Files - Modified Within 14 Days ==========

    [2010.04.21 19:29:15 | 005,767,168 | -HS- | M] () -- C:\Users\User\NTUSER.DAT
    [2010.04.21 19:28:27 | 000,562,176 | ---- | M] (OldTimer Tools) -- C:\Users\User\Desktop\OTL.exe
    [2010.04.21 18:35:52 | 000,000,215 | ---- | M] () -- C:\Windows\system.ini
    [2010.04.21 18:26:55 | 003,922,906 | R--- | M] () -- C:\Users\User\Desktop\ComboFix.exe
    [2010.04.21 17:58:47 | 000,014,608 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2010.04.21 17:58:47 | 000,014,608 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2010.04.21 17:50:34 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
    [2010.04.21 17:50:30 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2010.04.21 17:50:27 | 2817,384,448 | -HS- | M] () -- C:\hiberfil.sys
    [2010.04.21 15:06:49 | 003,166,647 | -H-- | M] () -- C:\Users\User\AppData\Local\IconCache.db
    [2010.04.18 22:14:31 | 002,685,682 | ---- | M] () -- C:\Windows\System32\perfh007.dat
    [2010.04.18 22:14:31 | 001,206,746 | ---- | M] () -- C:\Windows\System32\perfh009.dat
    [2010.04.18 22:14:31 | 000,759,178 | ---- | M] () -- C:\Windows\System32\perfc007.dat
    [2010.04.18 22:14:31 | 000,671,502 | ---- | M] () -- C:\Windows\System32\perfc009.dat
    [2010.04.18 22:14:31 | 000,004,956 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
    [2010.04.18 07:00:08 | 000,138,464 | ---- | M] () -- C:\Windows\System32\drivers\PnkBstrK.sys
    [2010.04.16 23:29:28 | 004,595,834 | ---- | M] () -- C:\Users\User\Desktop\E-Type - Life (Cansis Remix).mp3
    [2010.04.15 00:29:30 | 042,162,851 | ---- | M] () -- C:\Users\User\Desktop\7 - Audioslave - Shadow Of The Sun.flac
    [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2010.04.21 18:28:07 | 000,261,632 | ---- | C] () -- C:\Windows\PEV.exe
    [2010.04.21 18:28:07 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
    [2010.04.21 18:28:07 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
    [2010.04.21 18:28:07 | 000,077,312 | ---- | C] () -- C:\Windows\MBR.exe
    [2010.04.21 18:28:07 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
    [2010.04.21 18:26:38 | 003,922,906 | R--- | C] () -- C:\Users\User\Desktop\ComboFix.exe
    [2010.04.18 11:20:45 | 042,162,851 | ---- | C] () -- C:\Users\User\Desktop\7 - Audioslave - Shadow Of The Sun.flac
    [2010.04.16 23:29:28 | 004,595,834 | ---- | C] () -- C:\Users\User\Desktop\E-Type - Life (Cansis Remix).mp3
    [2010.03.29 23:54:00 | 001,970,176 | ---- | C] () -- C:\Windows\System32\d3dx9.dll
    [2010.03.12 23:50:58 | 007,653,164 | ---- | C] () -- C:\Users\User\ts3_recording_10_03_12_22_50_55.wav
    [2010.03.10 23:10:39 | 000,871,468 | ---- | C] () -- C:\Users\User\ts3_recording_10_03_10_22_10_37.wav
    [2010.03.10 17:04:19 | 000,001,461 | ---- | C] () -- C:\Users\User\.recently-used.xbel
    [2010.03.04 21:37:08 | 000,000,319 | ---- | C] () -- C:\Windows\game.ini
    [2010.02.28 00:23:21 | 402,399,020 | ---- | C] () -- C:\Users\User\ts3_recording_10_02_27_23_23_19.wav
    [2010.02.27 22:46:11 | 192,186,156 | ---- | C] () -- C:\Users\User\ts3_recording_10_02_27_21_46_9.wav
    [2010.02.13 19:28:40 | 000,000,092 | ---- | C] () -- C:\Users\User\AppData\Local\fusioncache.dat
    [2010.02.13 18:55:40 | 000,138,464 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
    [2010.02.13 18:55:40 | 000,022,328 | ---- | C] () -- C:\Users\User\AppData\Roaming\PnkBstrK.sys
    [2010.02.07 00:22:47 | 000,000,048 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
    [2010.01.26 13:29:01 | 000,000,017 | ---- | C] () -- C:\Users\User\AppData\Local\resmon.resmoncfg
    [2010.01.25 17:36:15 | 000,056,320 | ---- | C] () -- C:\Windows\System32\iyvu9_32.dll
    [2010.01.25 17:33:41 | 000,010,240 | ---- | C] () -- C:\Windows\System32\vidx16.dll
    [2009.12.26 00:32:07 | 000,554,496 | ---- | C] () -- C:\Windows\System32\dvmsg.dll
    [2009.12.24 23:21:05 | 000,651,264 | ---- | C] () -- C:\Windows\System32\libeay32.dll
    [2009.12.24 23:21:05 | 000,147,456 | ---- | C] () -- C:\Windows\System32\ssleay32.dll
    [2009.12.23 10:07:52 | 005,767,168 | -HS- | C] () -- C:\Users\User\NTUSER.DAT
    [2009.12.23 10:07:52 | 000,524,288 | -HS- | C] () -- C:\Users\User\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000002.regtrans-ms
    [2009.12.23 10:07:52 | 000,524,288 | -HS- | C] () -- C:\Users\User\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000001.regtrans-ms
    [2009.12.23 10:07:52 | 000,262,144 | -HS- | C] () -- C:\Users\User\ntuser.dat.LOG2
    [2009.12.23 10:07:52 | 000,262,144 | -HS- | C] () -- C:\Users\User\ntuser.dat.LOG1
    [2009.12.23 10:07:52 | 000,065,536 | -HS- | C] () -- C:\Users\User\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TM.blf
    [2009.12.23 10:07:52 | 000,000,020 | -HS- | C] () -- C:\Users\User\ntuser.ini
    [2009.12.03 09:27:28 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
    [2009.11.06 11:58:04 | 000,178,975 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
    [2009.07.14 01:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
    [2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
    [2008.10.07 10:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll
    [2008.10.07 10:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
    [2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
    [2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
    [2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
    [2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
    [2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
    [2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
    [2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
    [2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll

    ========== LOP Check ==========

    [2010.04.20 19:00:47 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\BitDefender
    [2010.03.10 17:04:19 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\gtk-2.0
    [2010.04.20 22:45:25 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\ICQ
    [2010.02.28 17:15:31 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\ijjigame
    [2009.12.25 17:28:48 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\LolClient.F24C99354F615F3BAB18AE7B93E3F9B9E8784FA6.1
    [2010.03.15 19:03:36 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Notepad++
    [2010.01.04 16:34:37 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\OpenOffice.org
    [2009.12.24 23:28:15 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Opera
    [2010.01.16 18:56:19 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Sierra Entertainment
    [2009.12.25 15:33:33 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\The Creative Assembly
    [2010.03.04 18:36:23 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Thinstall
    [2009.12.31 01:04:18 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Tobit
    [2010.01.04 21:38:29 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\TS3Client
    [2009.12.28 18:27:40 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\vghd
    [2010.02.27 16:21:20 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Weaverslave
    [2010.02.26 15:48:27 | 000,032,630 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

    ========== Purity Check ==========


    < End of report >
    Deinstalliere:
    C:\Programme\DVDVideoSoft\
    DVDVideoSoft Toolbar

    > Lade diese Dateien hier hoch: virustotal.com/de/

    c:\windows\system32\uc_wepic_launching.dll
    c:\users\User\AppData\Roaming\Microsoft\Installer\{52B65911-1559-4ED5-9461-46957FDD48CD}\Icon52B659113.exe
    C:\Users\User\AppData\Roaming\PnkBstrK.sys

    Poste die Logs aber nur wenn eine Infektion gemeldet wird.

    > Download: superantispyware.com/superantispywarefreevspro.html (Free Version)
    Update das Programm und mache einen Vollständigen Scan
    Fünde löschen lassen.
    Kopiere das Log hier ab.

    GAV.