Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Disk Antivirus Professional und plötzlich jede Menge Infektionen

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 15.02.2013, 09:58   #1
nicoellchen
 
Disk Antivirus Professional und plötzlich jede Menge Infektionen - Standard

Disk Antivirus Professional und plötzlich jede Menge Infektionen



Hallo zusammen!
Heute morgen hab ich plötzlich Disk Antivirus Professional auf meinem Netbook und bekomme ständig Meldungen über Infektionen!
Nach einem Quick Scan Malewarebytes mit einigen Funden (z.B.0Acess) scheint jetzt alles wieder zu funktionieren. Disk Antivirus Prof. ist aber dennoch auf meinem PC installiert.
Scheint ja die Ursache allen Übels zu sein.....aber wie werd ich das jetzt wieder los??
Ich hab eigentlich nur ein Acrobat Reader Update zugelassen und plötzlich kamen Meldungen zu Infektionen. Kann das in einem Zusammenhang stehen?
Bei einem Scan am 12.02. war noch alles in Ordnung.......(mein Vater hat das Selbe Problem, deshalb hab ich einfach vorsorglich mal einen Scan gemacht).

Die Logdatei:
Malwarebytes Anti-Malware (Test) 1.70.0.1100
www.malwarebytes.org

Datenbank Version: v2013.02.15.04

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
nicoellchen :: NICOELLCHEN-PC [Administrator]

Schutz: Deaktiviert

15.02.2013 09:25:20
mbam-log-2013-02-15 (09-25-20).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 202752
Laufzeit: 12 Minute(n), 46 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce|90D961E8D38A1C4C000090D8D11A2670 (Trojan.FakeAlert.SSGen) -> Daten: C:\ProgramData\90D961E8D38A1C4C000090D8D11A2670\90D961E8D38A1C4C000090D8D11A2670.exe -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateiobjekte der Registrierung: 2
HKCR\CLSID\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32| (Trojan.0Access) -> Bösartig: (C:\$Recycle.Bin\S-1-5-18\$122aa81fa6b257be3119945c08522bd0\n.) Gut: (fastprox.dll) -> Erfolgreich ersetzt und in Quarantäne gestellt.
HKCR\CLSID\{FBEB8A05-BEEE-4442-804E-409D6C4515E9}\InProcServer32| (Trojan.0Access) -> Bösartig: (C:\$Recycle.Bin\S-1-5-21-972427698-2092502590-1326188989-1000\$122aa81fa6b257be3119945c08522bd0\n.) Gut: (shell32.dll) -> Erfolgreich ersetzt und in Quarantäne gestellt.

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 8
C:\$Recycle.Bin\S-1-5-18\$122aa81fa6b257be3119945c08522bd0\n (Trojan.0Access) -> Löschen bei Neustart.
C:\$Recycle.Bin\S-1-5-21-972427698-2092502590-1326188989-1000\$122aa81fa6b257be3119945c08522bd0\n (Trojan.0Access) -> Löschen bei Neustart.
C:\Users\nicoellchen\AppData\Local\Temp\msimg32.dll (Rootkit.0Access) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\nicoellchen\Downloads\ccsetup317b1689.exe (Trojan.Backdoor.MRX) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\nicoellchen\Downloads\setup_dm_Fotowelt(1).exe (Trojan.Backdoor.MRX) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\nicoellchen\Downloads\setup_dm_Fotowelt.exe (Trojan.Backdoor.MRX) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\nicoellchen\Desktop\Disk Antivirus Professional.lnk (Trojan.FakeAV) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\ProgramData\90D961E8D38A1C4C000090D8D11A2670\90D961E8D38A1C4C000090D8D11A2670.exe (Trojan.FakeAlert.SSGen) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)

Ich hoffe ich habe an alles gedacht und jemand kann mit helfend zur Seite stehen!
Viele Grüße
n.

OTL:OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 15.02.2013 10:25:10 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\nicoellchen\Downloads
 Starter Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1013,09 Mb Total Physical Memory | 337,87 Mb Available Physical Memory | 33,35% Memory free
1,99 Gb Paging File | 0,97 Gb Available in Paging File | 48,64% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 215,79 Gb Total Space | 177,97 Gb Free Space | 82,47% Space Free | Partition Type: NTFS
Drive D: | 4,00 Gb Total Space | 2,65 Gb Free Space | 66,35% Space Free | Partition Type: FAT32
 
Computer Name: NICOELLCHEN-PC | User Name: nicoellchen | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.02.15 10:10:02 | 000,365,568 | ---- | M] () -- C:\Users\nicoellchen\Downloads\gmer_2.0.18454.exe
PRC - [2013.02.15 10:07:57 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\nicoellchen\Downloads\OTL.exe
PRC - [2013.02.15 08:30:06 | 000,701,296 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\Macromed\Flash\FlashUtil32_11_6_602_168_ActiveX.exe
PRC - [2013.01.08 11:27:24 | 000,026,600 | ---- | M] (Uniblue Systems Ltd) -- C:\Program Files\Uniblue\SpeedUpMyPC\spmonitor.exe
PRC - [2012.12.14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012.12.14 16:49:28 | 000,512,360 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012.12.14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012.11.30 03:55:25 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2012.11.23 03:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2012.08.08 19:37:36 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.05.02 00:42:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2012.05.01 23:34:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.04.24 01:11:55 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010.07.21 02:53:50 | 000,492,096 | ---- | M] (Insyde Software Corp.) -- C:\Program Files\Acer\Updater\iUpdate.exe
PRC - [2010.06.22 07:34:48 | 000,321,104 | ---- | M] (Dritek System Inc.) -- C:\Program Files\Launch Manager\dsiwmis.exe
PRC - [2010.06.22 07:34:48 | 000,305,744 | ---- | M] (Dritek System Inc.) -- C:\Program Files\Launch Manager\LMworker.exe
PRC - [2010.06.22 07:34:46 | 000,968,272 | ---- | M] (Dritek System Inc.) -- C:\Program Files\Launch Manager\LManager.exe
PRC - [2010.06.11 13:28:06 | 000,715,296 | ---- | M] (Acer Incorporated) -- C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
PRC - [2010.06.11 13:28:02 | 000,735,776 | ---- | M] (Acer Incorporated) -- C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
PRC - [2010.06.11 13:27:54 | 000,469,536 | ---- | M] (Acer Incorporated) -- C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
PRC - [2010.05.27 03:41:24 | 000,349,552 | ---- | M] (Egis Technology Inc.) -- C:\Program Files\EgisTec MyWinLocker\x86\mwlDaemon.exe
PRC - [2010.03.11 06:11:56 | 000,407,920 | ---- | M] (Egis Technology Inc.) -- C:\Program Files\EgisTec IPS\PmmUpdate.exe
PRC - [2010.03.11 06:11:42 | 000,201,584 | ---- | M] (Egis Technology Inc.) -- C:\Program Files\EgisTec IPS\EgisUpdate.exe
PRC - [2010.02.09 19:57:46 | 000,704,032 | ---- | M] (Acer Incorporated) -- C:\Program Files\Acer\Acer VCM\AcerVCM.exe
PRC - [2010.01.30 00:52:58 | 000,260,640 | ---- | M] (Acer Incorporated) -- C:\Program Files\Acer\Acer VCM\RS_Service.exe
PRC - [2010.01.29 00:27:36 | 000,243,232 | ---- | M] (Acer Group) -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe
PRC - [2010.01.08 14:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) -- C:\Program Files\Acer\Registration\GREGsvc.exe
PRC - [2010.01.08 10:53:30 | 000,407,416 | ---- | M] (Insyde Software Corp.) -- C:\Program Files\Acer\Android Manager\iSync.exe
PRC - [2009.10.13 18:25:54 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2009.10.13 18:25:30 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013.02.15 10:10:02 | 000,365,568 | ---- | M] () -- C:\Users\nicoellchen\Downloads\gmer_2.0.18454.exe
MOD - [2010.07.20 13:54:12 | 000,411,136 | ---- | M] () -- C:\Program Files\Acer\Android Manager\DEU.dll
MOD - [2009.05.20 07:02:04 | 000,072,200 | ---- | M] () -- C:\Program Files\Launch Manager\CdDirIo.dll
 
 
========== Services (SafeList) ==========
 
SRV - [2013.02.15 08:30:08 | 000,251,248 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.12.14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.12.14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012.07.13 12:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.05.02 00:42:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.05.01 23:34:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010.06.22 07:34:48 | 000,321,104 | ---- | M] (Dritek System Inc.) [Auto | Running] -- C:\Program Files\Launch Manager\dsiwmis.exe -- (DsiWMIService)
SRV - [2010.06.11 13:28:02 | 000,735,776 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe -- (ePowerSvc)
SRV - [2010.05.27 03:41:06 | 000,305,520 | ---- | M] (Egis Technology Inc.) [On_Demand | Stopped] -- C:\Program Files\EgisTec MyWinLocker\x86\MWLService.exe -- (MWLService)
SRV - [2010.01.30 00:52:58 | 000,260,640 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Acer\Acer VCM\RS_Service.exe -- (RS_Service)
SRV - [2010.01.29 00:27:36 | 000,243,232 | ---- | M] (Acer Group) [Auto | Running] -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe -- (Updater Service)
SRV - [2010.01.08 14:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Acer\Registration\GREGsvc.exe -- (GREGService)
SRV - [2009.10.13 18:25:30 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\pccsmcfd.sys -- (pccsmcfd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ewusbmdm.sys -- (hwdatacard)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ew_jubusenum.sys -- (huawei_enumerator)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ewusbnet.sys -- (ewusbnet)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ew_hwusbdev.sys -- (ew_hwusbdev)
DRV - File not found [Kernel | On_Demand | Unknown] -- C:\Users\NICOEL~1\AppData\Local\Temp\agloyaoc.sys -- (agloyaoc)
DRV - [2012.12.14 16:49:28 | 000,021,104 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012.08.23 15:44:32 | 000,014,848 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV - [2012.08.23 15:40:25 | 000,049,664 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2012.04.27 09:20:04 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2012.04.24 23:32:27 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2012.04.16 20:17:40 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2010.11.20 10:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010.06.17 14:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010.06.17 07:50:38 | 000,082,768 | ---- | M] (ENE Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\EUCR6SK.sys -- (EUCR)
DRV - [2010.05.20 07:10:32 | 000,068,208 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\L1C62x86.sys -- (L1C)
DRV - [2010.04.07 03:04:42 | 001,792,512 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2009.07.14 01:18:07 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV - [2009.07.14 00:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009.06.03 03:15:40 | 000,060,976 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mwlPSDVDisk.sys -- (mwlPSDVDisk)
DRV - [2009.06.03 03:15:38 | 000,016,432 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mwlPSDNserv.sys -- (mwlPSDNServ)
DRV - [2009.06.03 03:15:34 | 000,018,992 | ---- | M] (Egis Technology Inc.) [File_System | System | Running] -- C:\Windows\System32\drivers\mwlPSDFilter.sys -- (mwlPSDFilter)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aod255&r=27b51210p035l0454wwk5w4762u49s
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aod255&r=27b51210p035l0454wwk5w4762u49s
IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aod255&r=27b51210p035l0454wwk5w4762u49s
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKCU\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_deDE411
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.selectedEngine: "LEO Eng-Deu"
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.3.0.7280
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_149.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
 
[2010.12.25 08:02:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\nicoellchen\AppData\Roaming\mozilla\Extensions
[2012.10.25 08:21:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\nicoellchen\AppData\Roaming\mozilla\Firefox\Profiles\oo7ai80u.default\extensions
[2012.12.05 21:38:40 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011.02.02 20:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
 
O1 HOSTS File: ([2009.06.10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKLM..\Run: [Acer ePower Management] C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe (Acer Incorporated)
O4 - HKLM..\Run: [AndroidManager] C:\Program Files\Acer\Android Manager\AML.exe ()
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [EgisTecPMMUpdate] C:\Program Files\EgisTec IPS\PmmUpdate.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [EgisUpdate] C:\Program Files\EgisTec IPS\EgisUpdate.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [iPatchData] C:\Program Files\Acer\Updater\iUpdate.exe (Insyde Software Corp.)
O4 - HKLM..\Run: [iSyncData] C:\Program Files\Acer\Android Manager\iSync.exe (Insyde Software Corp.)
O4 - HKLM..\Run: [LManager] C:\Program Files\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [mwlDaemon] C:\Program Files\EgisTec MyWinLocker\x86\mwlDaemon.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [SuiteTray] C:\Program Files\EgisTec MyWinLockerSuite\x86\SuiteTray.exe (Egis Technology Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll (Google Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{59F74A6E-03F3-44E9-B921-7511009B782F}: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{056144ea-c56b-11e0-a50e-88ae1d9ec018}\Shell - "" = AutoRun
O33 - MountPoints2\{056144ea-c56b-11e0-a50e-88ae1d9ec018}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{056144f9-c56b-11e0-a50e-88ae1d9ec018}\Shell - "" = AutoRun
O33 - MountPoints2\{056144f9-c56b-11e0-a50e-88ae1d9ec018}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{0561450b-c56b-11e0-a50e-88ae1d9ec018}\Shell - "" = AutoRun
O33 - MountPoints2\{0561450b-c56b-11e0-a50e-88ae1d9ec018}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{11d5e9d5-24d0-11e0-acf7-88ae1d9ec018}\Shell - "" = AutoRun
O33 - MountPoints2\{11d5e9d5-24d0-11e0-acf7-88ae1d9ec018}\Shell\AutoRun\command - "" = I:\LaunchU3.exe -a
O33 - MountPoints2\{707efa47-ed16-11e0-8a41-88ae1d9ec018}\Shell - "" = AutoRun
O33 - MountPoints2\{707efa47-ed16-11e0-8a41-88ae1d9ec018}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{bfdce0ac-c4ae-11e0-8afe-88ae1d9ec018}\Shell - "" = AutoRun
O33 - MountPoints2\{bfdce0ac-c4ae-11e0-8afe-88ae1d9ec018}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{bfdce0bc-c4ae-11e0-8afe-88ae1d9ec018}\Shell - "" = AutoRun
O33 - MountPoints2\{bfdce0bc-c4ae-11e0-8afe-88ae1d9ec018}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{bfdce215-c4ae-11e0-8afe-88ae1d9ec018}\Shell - "" = AutoRun
O33 - MountPoints2\{bfdce215-c4ae-11e0-8afe-88ae1d9ec018}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{bfdce223-c4ae-11e0-8afe-88ae1d9ec018}\Shell - "" = AutoRun
O33 - MountPoints2\{bfdce223-c4ae-11e0-8afe-88ae1d9ec018}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\I\Shell - "" = AutoRun
O33 - MountPoints2\I\Shell\AutoRun\command - "" = I:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.02.15 09:23:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013.02.15 09:23:23 | 000,021,104 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2013.02.15 09:23:23 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2013.02.15 09:16:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Uniblue
[2013.02.15 09:16:31 | 000,000,000 | ---D | C] -- C:\Users\nicoellchen\AppData\Roaming\Uniblue
[2013.02.15 09:16:31 | 000,000,000 | ---D | C] -- C:\Program Files\Uniblue
[2013.02.15 08:34:27 | 000,000,000 | ---D | C] -- C:\Users\nicoellchen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Disk Antivirus Professional
[2013.02.15 08:26:29 | 000,000,000 | ---D | C] -- C:\ProgramData\90D961E8D38A1C4C000090D8D11A2670
[2013.02.15 06:52:00 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2013.02.11 19:22:41 | 000,000,000 | ---D | C] -- C:\Users\nicoellchen\AppData\Roaming\Malwarebytes
[2013.02.11 19:22:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.02.11 19:21:43 | 000,000,000 | ---D | C] -- C:\Users\nicoellchen\AppData\Local\Programs
[2013.02.07 13:20:51 | 000,691,568 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
 
========== Files - Modified Within 30 Days ==========
 
[2013.02.15 10:19:01 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.02.15 10:07:26 | 000,000,000 | ---- | M] () -- C:\Users\nicoellchen\defogger_reenable
[2013.02.15 10:03:03 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.02.15 09:50:12 | 000,009,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.02.15 09:50:12 | 000,009,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.02.15 09:45:23 | 000,000,258 | ---- | M] () -- C:\Windows\tasks\SpeedUpMyPC.job
[2013.02.15 09:42:12 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.02.15 09:42:12 | 000,000,336 | ---- | M] () -- C:\Windows\tasks\spmonitor.job
[2013.02.15 09:42:03 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.02.15 09:41:53 | 796,729,344 | -HS- | M] () -- C:\hiberfil.sys
[2013.02.15 09:16:36 | 000,001,048 | ---- | M] () -- C:\Users\Public\Desktop\SpeedUpMyPC.lnk
[2013.02.15 08:30:06 | 000,691,568 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2013.02.15 08:30:06 | 000,071,024 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2013.02.15 06:53:11 | 000,001,948 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2013.02.11 19:38:57 | 551,338,393 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2013.02.05 14:57:21 | 000,654,400 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013.02.05 14:57:21 | 000,616,242 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013.02.05 14:57:21 | 000,130,240 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013.02.05 14:57:21 | 000,106,622 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013.01.17 01:28:58 | 000,232,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
 
========== Files Created - No Company Name ==========
 
[2013.02.15 10:07:26 | 000,000,000 | ---- | C] () -- C:\Users\nicoellchen\defogger_reenable
[2013.02.15 09:16:43 | 000,000,336 | ---- | C] () -- C:\Windows\tasks\spmonitor.job
[2013.02.15 09:16:42 | 000,000,258 | ---- | C] () -- C:\Windows\tasks\SpeedUpMyPC.job
[2013.02.15 09:16:36 | 000,001,048 | ---- | C] () -- C:\Users\Public\Desktop\SpeedUpMyPC.lnk
[2013.02.11 19:38:57 | 551,338,393 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2013.02.07 13:20:54 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2011.09.29 20:07:28 | 000,000,032 | ---- | C] () -- C:\Windows\schwanger.ini
[2011.04.10 06:20:24 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010.08.05 14:39:30 | 000,131,984 | ---- | C] () -- C:\ProgramData\FullRemove.exe
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
"ThreadingModel" = Both
"" = shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

< End of report >
         
--- --- ---

Alt 15.02.2013, 12:00   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Disk Antivirus Professional und plötzlich jede Menge Infektionen - Standard

Disk Antivirus Professional und plötzlich jede Menge Infektionen



Hallo und

Vorsicht, du hast einen ZeroAccess im System, eine Bereinigung ist da nicht wirklich zu empfehlem, v.a. wenn du weiterhin mit diesem System Onlinebanking und Einkäufe/Bezahlvorgänge sicher erledigen willst.

Willst du wirklich reinigen oder lieber alles neu installieren?
__________________

__________________

Alt 15.02.2013, 12:09   #3
nicoellchen
 
Disk Antivirus Professional und plötzlich jede Menge Infektionen - Standard

Disk Antivirus Professional und plötzlich jede Menge Infektionen



Extras.txt:OTL EXTRAS Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 15.02.2013 10:25:10 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\nicoellchen\Downloads
 Starter Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1013,09 Mb Total Physical Memory | 337,87 Mb Available Physical Memory | 33,35% Memory free
1,99 Gb Paging File | 0,97 Gb Available in Paging File | 48,64% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 215,79 Gb Total Space | 177,97 Gb Free Space | 82,47% Space Free | Partition Type: NTFS
Drive D: | 4,00 Gb Total Space | 2,65 Gb Free Space | 66,35% Space Free | Partition Type: FAT32
 
Computer Name: NICOELLCHEN-PC | User Name: nicoellchen | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
========== Firewall Settings ==========
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{047F790A-7A2A-4B6A-AD02-38092BA63DAC}" = Acer VCM
"{0D7CD0D9-4A88-4A63-8F91-3F4E8F371768}" = MyWinLocker
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 24
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour
"{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie
"{2DC94AFD-A6E2-4AB4-9132-4A3F8E07B386}" = Apple Application Support
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3DB0448D-AD82-4923-B305-D001E521A964}" = Acer ePower Management
"{3EFEF049-23D4-4B46-8903-4592FEA51018}" = Windows Live Movie Maker
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{51F026FA-5146-4232-A8BA-1364740BD053}" = Acer Crystal Eye webcam
"{523281E5-91DD-49F5-9D85-954148F7596A}" = AndroidInstaller
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{58F4D244-314F-4D26-B5EF-C28AB32E22CB}_is1" = Acer GameZone Console
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{738BF5C3-AF7B-4BB0-B7EF-E505EFC756BE}" = MyWinLocker Suite
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.5.3 MUI
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{C2695E83-CF1D-43D1-84FE-B3BEC561012A}" = Shredder
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{CACAEB5F-174D-4C7C-AC56-A33289A807CA}" = Apple Mobile Device Support
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E3B64CC5-C011-40C0-92BC-7316CD5E5688}" = Microsoft_VC100_CRT_SP1_x86
"{E55B3271-7CA8-4D0C-AE06-69A24856E996}_is1" = SpeedUpMyPC
"{EE171732-BEB4-4576-887D-CB62727F01CA}" = Acer Updater
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"3B29FD3CCF1F5B855DA0C521597413EBABE97DFB" = ENE USB Card Reader Driver
"Acer Registration" = Acer Registration
"Acer Screensaver" = Acer ScreenSaver
"Acer Welcome Center" = Welcome Center
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Avira AntiVir Desktop" = Avira Free Antivirus
"CCleaner" = CCleaner
"ENTERPRISE" = Microsoft Office Enterprise 2007
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"Identity Card" = Identity Card
"InstallShield_{523281E5-91DD-49F5-9D85-954148F7596A}" = AndroidInstaller
"InstallShield_{738BF5C3-AF7B-4BB0-B7EF-E505EFC756BE}" = MyWinLocker Suite
"LManager" = Launch Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"WinLiveSuite_Wave3" = Windows Live Essentials
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 22.03.2012 09:26:55 | Computer Name = nicoellchen-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 22.03.2012 09:26:55 | Computer Name = nicoellchen-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 8627
 
Error - 22.03.2012 09:26:55 | Computer Name = nicoellchen-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 8627
 
Error - 22.03.2012 09:26:56 | Computer Name = nicoellchen-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 22.03.2012 09:26:56 | Computer Name = nicoellchen-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 9641
 
Error - 22.03.2012 09:26:56 | Computer Name = nicoellchen-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 9641
 
Error - 22.03.2012 09:26:58 | Computer Name = nicoellchen-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 22.03.2012 09:26:58 | Computer Name = nicoellchen-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 11107
 
Error - 22.03.2012 09:26:58 | Computer Name = nicoellchen-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 11107
 
Error - 22.03.2012 11:45:47 | Computer Name = nicoellchen-PC | Source = Bonjour Service | ID = 100
Description = DNS Message from «ZERO ADDRESS»:0 to «ZERO ADDRESS»:0 length 0
 too short
 
[ System Events ]
Error - 15.02.2013 04:42:07 | Computer Name = nicoellchen-PC | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 10000
Description = Das WLAN-Erweiterungsmodul konnte nicht gestartet werden.    Modulpfad:
 C:\Windows\system32\athExt.dll  Fehlercode: 126  
 
Error - 15.02.2013 04:42:09 | Computer Name = nicoellchen-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Computerbrowser" wurde mit folgendem Fehler beendet:   %%1060
 
Error - 15.02.2013 04:42:10 | Computer Name = nicoellchen-PC | Source = Service Control Manager | ID = 7003
Description = Der Dienst "IKE- und AuthIP IPsec-Schlüsselerstellungsmodule" ist 
von folgendem Dienst abhängig: BFE. Dieser Dienst ist eventuell nicht installiert.
 
Error - 15.02.2013 04:42:10 | Computer Name = nicoellchen-PC | Source = Service Control Manager | ID = 7003
Description = Der Dienst "IPsec-Richtlinien-Agent" ist von folgendem Dienst abhängig:
 BFE. Dieser Dienst ist eventuell nicht installiert.
 
Error - 15.02.2013 04:42:38 | Computer Name = nicoellchen-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   cdrom
 
Error - 15.02.2013 04:43:11 | Computer Name = nicoellchen-PC | Source = DCOM | ID = 10016
Description = 
 
Error - 15.02.2013 04:45:45 | Computer Name = nicoellchen-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Heimnetzgruppen-Anbieter" ist vom Dienst "Funktionssuche-Ressourcenveröffentlichung"
 abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%-2147024891
 
Error - 15.02.2013 04:45:45 | Computer Name = nicoellchen-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Funktionssuche-Ressourcenveröffentlichung" wurde mit folgendem
 Fehler beendet:   %%-2147024891
 
Error - 15.02.2013 06:41:28 | Computer Name = nicoellchen-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Funktionssuche-Ressourcenveröffentlichung" wurde mit folgendem
 Fehler beendet:   %%-2147024891
 
Error - 15.02.2013 06:41:28 | Computer Name = nicoellchen-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Heimnetzgruppen-Anbieter" ist vom Dienst "Funktionssuche-Ressourcenveröffentlichung"
 abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%-2147024891
 
 
< End of report >
         
--- --- ---


Vielen Dank für deine Antwort!

Ich war mich nicht sicher ob die Viren tatsächlich da sind, oder eben nur durch Disk Antivirus Prof. vorgetäuscht werden.

Denk, ich werd mich dann eher für ne Neuinstallation entscheiden!

Kann man raufinden wo ich mir den Virus eingefangen hab?

GMER Logfile:
Code:
ATTFilter
GMER 2.0.18454 - hxxp://www.gmer.net
Rootkit scan 2013-02-15 12:47:01
Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 ST925031 rev.0001 232,89GB
Running: gmer_2.0.18454.exe; Driver: C:\Users\NICOEL~1\AppData\Local\Temp\agloyaoc.sys


---- System - GMER 2.0 ----

SSDT   8ABF0CBE                                                                                                                       ZwCreateSection
SSDT   8ABF0CC8                                                                                                                       ZwRequestWaitReplyPort
SSDT   8ABF0CC3                                                                                                                       ZwSetContextThread
SSDT   8ABF0CCD                                                                                                                       ZwSetSecurityObject
SSDT   8ABF0CD2                                                                                                                       ZwSystemDebugControl
SSDT   8ABF0C5F                                                                                                                       ZwTerminateProcess

---- Kernel code sections - GMER 2.0 ----

.text  ntkrnlpa.exe!ZwRollbackEnlistment + 140D                                                                                       81C93A49 1 Byte  [06]
.text  ntkrnlpa.exe!KiDispatchInterrupt + 5A2                                                                                         81CCD4D2 19 Bytes  [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text  ntkrnlpa.exe!KeRemoveQueueEx + 11F7                                                                                            81CD462C 4 Bytes  [BE, 0C, BF, 8A]
.text  ntkrnlpa.exe!KeRemoveQueueEx + 1553                                                                                            81CD4988 4 Bytes  [C8, 0C, BF, 8A] {ENTER 0xbf0c, 0x8a}
.text  ntkrnlpa.exe!KeRemoveQueueEx + 1597                                                                                            81CD49CC 4 Bytes  [C3, 0C, BF, 8A]
.text  ntkrnlpa.exe!KeRemoveQueueEx + 1613                                                                                            81CD4A48 4 Bytes  [CD, 0C, BF, 8A]
.text  ntkrnlpa.exe!KeRemoveQueueEx + 1667                                                                                            81CD4A9C 4 Bytes  [D2, 0C, BF, 8A]
.text  ...                                                                                                                            
?      System32\drivers\xmhr.sys                                                                                                      Das System kann den angegebenen Pfad nicht finden. !

---- User code sections - GMER 2.0 ----

.text  C:\Program Files\Internet Explorer\iexplore.exe[5160] USER32.dll!EnableWindow                                                  76B08D02 5 Bytes  JMP 71699EB4 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text  C:\Program Files\Internet Explorer\iexplore.exe[5160] USER32.dll!DialogBoxParamW                                               76B23B9B 5 Bytes  JMP 715F1893 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text  C:\Program Files\Internet Explorer\iexplore.exe[5160] USER32.dll!DialogBoxIndirectParamW                                       76B33B7F 5 Bytes  JMP 717E8FB6 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text  C:\Program Files\Internet Explorer\iexplore.exe[5160] USER32.dll!DialogBoxParamA                                               76B4CF42 5 Bytes  JMP 717E8F51 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text  C:\Program Files\Internet Explorer\iexplore.exe[5160] USER32.dll!DialogBoxIndirectParamA                                       76B4D274 5 Bytes  JMP 717E901B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text  C:\Program Files\Internet Explorer\iexplore.exe[5160] USER32.dll!MessageBoxIndirectA                                           76B5E869 5 Bytes  JMP 717E8ED8 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text  C:\Program Files\Internet Explorer\iexplore.exe[5160] USER32.dll!MessageBoxIndirectW                                           76B5E963 5 Bytes  JMP 717E8E5F C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text  C:\Program Files\Internet Explorer\iexplore.exe[5160] USER32.dll!MessageBoxExA                                                 76B5E9C9 5 Bytes  JMP 717E8DFB C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text  C:\Program Files\Internet Explorer\iexplore.exe[5160] USER32.dll!MessageBoxExW                                                 76B5E9ED 5 Bytes  JMP 717E8D97 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text  C:\Program Files\Internet Explorer\iexplore.exe[5232] kernel32.dll!CreateThread                                                7683DCC2 5 Bytes  JMP 716575DB C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text  C:\Program Files\Internet Explorer\iexplore.exe[5232] USER32.dll!EnableWindow                                                  76B08D02 5 Bytes  JMP 71699EB4 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text  C:\Program Files\Internet Explorer\iexplore.exe[5232] USER32.dll!GetAsyncKeyState                                              76B0A256 5 Bytes  JMP 7163DED5 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text  C:\Program Files\Internet Explorer\iexplore.exe[5232] USER32.dll!CallNextHookEx                                                76B0ABE1 5 Bytes  JMP 716B7FDF C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text  C:\Program Files\Internet Explorer\iexplore.exe[5232] USER32.dll!UnhookWindowsHookEx                                           76B0ADF9 5 Bytes  JMP 716DED00 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text  C:\Program Files\Internet Explorer\iexplore.exe[5232] USER32.dll!DefWindowProcA                                                76B0BB1C 7 Bytes  JMP 71659805 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text  C:\Program Files\Internet Explorer\iexplore.exe[5232] USER32.dll!CreateWindowExA                                               76B0BF40 5 Bytes  JMP 7166363B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text  C:\Program Files\Internet Explorer\iexplore.exe[5232] USER32.dll!SetWindowsHookExW                                             76B0E30C 5 Bytes  JMP 716925AC C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text  C:\Program Files\Internet Explorer\iexplore.exe[5232] USER32.dll!CreateWindowExW                                               76B0EC7C 5 Bytes  JMP 716C03CF C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text  C:\Program Files\Internet Explorer\iexplore.exe[5232] USER32.dll!GetKeyState                                                   76B12B4D 5 Bytes  JMP 7163DDAB C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text  C:\Program Files\Internet Explorer\iexplore.exe[5232] USER32.dll!IsDialogMessageW                                              76B14104 5 Bytes  JMP 717E9A7A C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text  C:\Program Files\Internet Explorer\iexplore.exe[5232] USER32.dll!DefWindowProcW                                                76B1507D 7 Bytes  JMP 716B8042 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text  C:\Program Files\Internet Explorer\iexplore.exe[5232] USER32.dll!CreateDialogParamA                                            76B21F42 5 Bytes  JMP 717E92E8 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text  C:\Program Files\Internet Explorer\iexplore.exe[5232] USER32.dll!IsDialogMessage                                               76B22019 5 Bytes  JMP 717E9A52 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text  C:\Program Files\Internet Explorer\iexplore.exe[5232] USER32.dll!DialogBoxParamW                                               76B23B9B 5 Bytes  JMP 715F1893 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text  C:\Program Files\Internet Explorer\iexplore.exe[5232] USER32.dll!CreateDialogIndirectParamA                                    76B2721D 5 Bytes  JMP 717E9358 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text  C:\Program Files\Internet Explorer\iexplore.exe[5232] USER32.dll!CreateDialogIndirectParamW                                    76B2EA10 5 Bytes  JMP 717E9390 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text  C:\Program Files\Internet Explorer\iexplore.exe[5232] USER32.dll!DialogBoxIndirectParamW                                       76B33B7F 5 Bytes  JMP 717E8FB6 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text  C:\Program Files\Internet Explorer\iexplore.exe[5232] USER32.dll!EndDialog                                                     76B33BA3 5 Bytes  JMP 717E9D26 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text  C:\Program Files\Internet Explorer\iexplore.exe[5232] USER32.dll!CreateDialogParamW                                            76B35630 5 Bytes  JMP 717E9320 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text  C:\Program Files\Internet Explorer\iexplore.exe[5232] USER32.dll!SetKeyboardState                                              76B3695A 5 Bytes  JMP 717EA341 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text  C:\Program Files\Internet Explorer\iexplore.exe[5232] USER32.dll!SendInput                                                     76B37019 5 Bytes  JMP 717EA2E9 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text  C:\Program Files\Internet Explorer\iexplore.exe[5232] USER32.dll!SetCursorPos                                                  76B4C1B0 5 Bytes  JMP 717EA3C2 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text  C:\Program Files\Internet Explorer\iexplore.exe[5232] USER32.dll!DialogBoxParamA                                               76B4CF42 5 Bytes  JMP 717E8F51 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text  C:\Program Files\Internet Explorer\iexplore.exe[5232] USER32.dll!DialogBoxIndirectParamA                                       76B4D274 5 Bytes  JMP 717E901B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text  C:\Program Files\Internet Explorer\iexplore.exe[5232] USER32.dll!MessageBoxIndirectA                                           76B5E869 5 Bytes  JMP 717E8ED8 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text  C:\Program Files\Internet Explorer\iexplore.exe[5232] USER32.dll!MessageBoxIndirectW                                           76B5E963 5 Bytes  JMP 717E8E5F C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text  C:\Program Files\Internet Explorer\iexplore.exe[5232] USER32.dll!MessageBoxExA                                                 76B5E9C9 5 Bytes  JMP 717E8DFB C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text  C:\Program Files\Internet Explorer\iexplore.exe[5232] USER32.dll!MessageBoxExW                                                 76B5E9ED 5 Bytes  JMP 717E8D97 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text  C:\Program Files\Internet Explorer\iexplore.exe[5232] USER32.dll!keybd_event                                                   76B5EC3B 5 Bytes  JMP 717EA2A6 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text  C:\Program Files\Internet Explorer\iexplore.exe[5232] SHELL32.dll!RealDriveType + 173D                                         7573FE30 4 Bytes  [CF, 01, 25, 73]
.text  C:\Program Files\Internet Explorer\iexplore.exe[5232] SHELL32.dll!RealDriveType + 1745                                         7573FE38 8 Bytes  [E0, 61, 24, 73, 79, F7, 24, ...] {LOOPNZ 0x63; AND AL, 0x73; JNS 0xfffffffd; AND AL, 0x73}
.text  C:\Program Files\Internet Explorer\iexplore.exe[5232] ole32.dll!OleLoadFromStream                                              762F6143 5 Bytes  JMP 717E9784 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)

---- Registry - GMER 2.0 ----

Reg    HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{59F74A6E-03F3-44E9-B921-7511009B782F}@LeaseObtainedTime    1360925183
Reg    HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{59F74A6E-03F3-44E9-B921-7511009B782F}@T1                   1361357183
Reg    HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{59F74A6E-03F3-44E9-B921-7511009B782F}@T2                   1361681183
Reg    HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{59F74A6E-03F3-44E9-B921-7511009B782F}@LeaseTerminatesTime  1361789183

---- EOF - GMER 2.0 ----
         
--- --- ---
__________________

Alt 15.02.2013, 13:07   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Disk Antivirus Professional und plötzlich jede Menge Infektionen - Standard

Disk Antivirus Professional und plötzlich jede Menge Infektionen



Zitat:
"ENTERPRISE" = Microsoft Office Enterprise 2007
Woher hast du dieses Office?
Enterprise Editionen sind (teure) Firmenversionen!!
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 15.02.2013, 14:04   #5
nicoellchen
 
Disk Antivirus Professional und plötzlich jede Menge Infektionen - Standard

Disk Antivirus Professional und plötzlich jede Menge Infektionen



Das ist ein Original und schon lang installiert. Daran kann das Problem nicht liegen!


Alt 15.02.2013, 14:39   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Disk Antivirus Professional und plötzlich jede Menge Infektionen - Standard

Disk Antivirus Professional und plötzlich jede Menge Infektionen



Dennoch frage ich mich wo du dieses angebliche Orignal her hast
Deine Windows-7-Edition lautet Starter hast aber ein Entprise Office 2007 drauf
__________________
--> Disk Antivirus Professional und plötzlich jede Menge Infektionen

Antwort

Themen zu Disk Antivirus Professional und plötzlich jede Menge Infektionen
acrobat, administrator, anti-malware, antivirus, appdata, autostart, ccsetup, dateien, desktop, disk antivirus professional, explorer, gelöscht, hallo zusammen, launch, logdatei, löschen, microsoft, mywinlocker, plug-in, plötzlich, problem, quarantäne, recycle.bin, scan, seite, shell, software, speedupmypc, speicher, temp, test, trojan.backdoor.mrx, update




Ähnliche Themen: Disk Antivirus Professional und plötzlich jede Menge Infektionen


  1. Jede menge Pop ups
    Log-Analyse und Auswertung - 27.06.2015 (3)
  2. Jede menge Werbung im Mozilla
    Plagegeister aller Art und deren Bekämpfung - 18.04.2015 (25)
  3. Jede Menge Probleme, jede Menge Logs
    Plagegeister aller Art und deren Bekämpfung - 15.03.2014 (7)
  4. Disk Antivirus Professional - Würde Recovery helfen? - Andere Möglichkeit?
    Plagegeister aller Art und deren Bekämpfung - 19.03.2013 (1)
  5. GVU-Trojaner und Disk Antivirus Professional-Trojaner
    Plagegeister aller Art und deren Bekämpfung - 13.03.2013 (11)
  6. Disk Antivirus Professional entfernen
    Anleitungen, FAQs & Links - 30.01.2013 (2)
  7. Jede Menge Funde und BKA Virus im Hintergrund
    Plagegeister aller Art und deren Bekämpfung - 27.08.2012 (1)
  8. Jede Menge Trojaner und Würmer eingefangen!
    Plagegeister aller Art und deren Bekämpfung - 03.08.2010 (36)
  9. Jede menge Fehler und Bluescreens - Ingame
    Alles rund um Windows - 04.04.2009 (1)
  10. Hilfe ich hab jede menge Trojaner auf dem Pc!
    Mülltonne - 24.10.2008 (0)
  11. Jede Menge Trojaner u.a.
    Log-Analyse und Auswertung - 07.06.2007 (1)
  12. Popup und jede menge andere Werbung im IE
    Plagegeister aller Art und deren Bekämpfung - 11.10.2006 (9)
  13. Jede Menge Funde mit eScan - Help
    Log-Analyse und Auswertung - 19.03.2006 (2)
  14. Jede Menge Trojaner und Pop-Ups
    Log-Analyse und Auswertung - 19.12.2005 (29)
  15. hilfe, jede menge plagegeister :-))
    Plagegeister aller Art und deren Bekämpfung - 09.05.2005 (7)
  16. Jede Menge Viren...
    Log-Analyse und Auswertung - 20.01.2005 (7)
  17. Hilfe, jede menge Viruse/Trojaner
    Log-Analyse und Auswertung - 05.12.2004 (6)

Zum Thema Disk Antivirus Professional und plötzlich jede Menge Infektionen - Hallo zusammen! Heute morgen hab ich plötzlich Disk Antivirus Professional auf meinem Netbook und bekomme ständig Meldungen über Infektionen! Nach einem Quick Scan Malewarebytes mit einigen Funden (z.B.0Acess) scheint jetzt - Disk Antivirus Professional und plötzlich jede Menge Infektionen...
Archiv
Du betrachtest: Disk Antivirus Professional und plötzlich jede Menge Infektionen auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.