Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Viele Viren und Trojaner Funde, Icq Virus...

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 04.05.2010, 19:41   #1
SiebenSchlae
 
Viele Viren und Trojaner Funde, Icq Virus... - Standard

Viele Viren und Trojaner Funde, Icq Virus...



Hallo

Antivir hat auf dem Computer eines Kumpels, nach einer System Durchsuchung, sehr viele Trojaner, Viren und andre Schädlinge gefunden. Desweiteren schließt sich sein icq einfach so, geht alle Kontakte durch klickt jeden einzeln an und schließt jedes einzelne icq fenster wieder. Weiter soll er eine Datei ständig zulassen oder verweigern die als Windows update exe getarnt ist aber ein unbekannten herrausgeber hat und in dem Ordner AppData/Local/Temp liegt. Jedes mal wenn er auf verweigern klicke (Vista) fragt er sofort wieder nach. So lange bis er den Ordner mit antivir überprüfe, dann ist er ersteinmal weg aber taucht spätestens nach einem neustart wieder auf. Desweiter kommen öfters Fehlermeldungen. Ob Antivir komplett bis zum Ende durchsucht bin ich mir auch nicht sicher. Anfangs war Antivir auf über 200 Funde gestoßen mittlerweile unter 10. Weiter öffnet sich einfach so Internet Explorer mit Werbung ohne das er anklickt wird.

Hijackthis:
Code:
ATTFilter
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:40:25, on 04.05.2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18904)
Boot mode: Normal

Running processes:
C:\Windows\system32\sdra64.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Fujitsu Siemens Computers\Energy Settings\EnergySettings.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
D:\Spiele\Steam\Steam.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\TechSmith\SnagIt 9\SnagIt32.exe
C:\Users\***\AppData\Local\Temp\nvdis.exe
C:\Users\Public\winvns.exe
C:\Program Files\TechSmith\SnagIt 9\TSCHelp.exe
C:\Windows\system32\msiexec.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\TechSmith\SnagIt 9\snagiteditor.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Windows\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\program files\avira\antivir desktop\avcenter.exe
C:\Program Files\ICQ6.5\ICQ.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Users\***\AppData\Local\TeamSpeak 3 Client\ts3client_win32.exe
C:\Users\***\AppData\Local\Temp\Wcl.exe
D:\Hijackthis\test.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
R3 - URLSearchHook: (no name) -  - (no file)
R3 - URLSearchHook: (no name) - {EEE6C35D-6118-11DC-9C72-001320C79847} - (no file)
F2 - REG:system.ini: UserInit=C:\Windows\system32\userinit.exe,C:\Windows\system32\sdra64.exe,
O1 - Hosts: ::1 localhost
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 9\SnagItBHO.dll
O2 - BHO: G DATA WebFilter Class - {0124123D-61B4-456f-AF86-78C53A0790C5} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: SmartAds browser enhancer dbuptzjz - {4356ADD9-7562-4442-9D91-88313F7807C7} - C:\Windows\system32\dbuptzjz.dll (file missing)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {8a194578-81ea-4850-9911-13ba2d71efbd}  - (no file)
O2 - BHO: hotrevenue browser enhancer - {8D9E2564-858C-8E65-4975-40F8891D4444} - C:\Windows\system32\zywbbljkkccfgpdh.dll (file missing)
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: (no name) - {0124123D-61B4-456f-AF86-78C53A0790C5} - (no file)
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 9\SnagItIEAddin.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [EnergySettings] C:\Program Files\Fujitsu Siemens Computers\Energy Settings\EnergySettings.exe
O4 - HKLM\..\Run: [Google EULA Launcher] c:\Program Files\Google\Google EULA\GoogleEULALauncher.exe IE PA
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [LogMeIn Hamachi Ui] "C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [WinUpdSrvc] C:\Users\Public\winvns.exe
O4 - HKCU\..\Run: [Google Updater] C:\Users\***\AppData\Local\Temp\nvdis.exe
O4 - HKCU\..\Run: [WindowsSysGuard] C:\Users\Public\winvcsn.exe
O4 - HKCU\..\Run: [StartServiceLBNSSBFP] C:\Users\***\AppData\Local\LBNSSBFP\StartService.exe
O4 - HKCU\..\Run: [Steam] "D:\spiele\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [Canaveral] rundll32.exe C:\Windows\system32\sshnas21.dll,BackupReadW
O4 - HKCU\..\Run: [M5T8QL3YW3] C:\Users\***\AppData\Local\Temp\Wcl.exe
O4 - HKCU\..\Run: [userinit] C:\Users\***\AppData\Roaming\sdra64.exe
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [fsc-reg] c:\fsc-reg\fscreg.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user')
O4 - Startup: OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: SnagIt 9.lnk = C:\Program Files\TechSmith\SnagIt 9\SnagIt32.exe
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: HP Intelligente Auswahl - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O13 - Gopher Prefix: 
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - hxxp://icq.oberon-media.com/Gameshell/GameHost/1.0/OberonGameHost.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LogMeIn Hamachi 2.0 Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: TeamViewer 4 (TeamViewer4) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version4\TeamViewer_Service.exe
O23 - Service: TeamViewer 5 (TeamViewer5) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe
O23 - Service: Fujitsu Siemens Computers Diagnostic Testhandler (TestHandler) - Fujitsu Siemens Computers - C:\Program Files\Fujitsu Siemens Computers\SystemDiagnostics\OnlineDiagnostic\TestManager\TestHandler.exe

--
End of file - 9693 bytes
         
Ich Hoffe ihr könnt mir helfen, dass ich das System nicht neu aufsetzen muss..

Danke schonmal im Vorraus
MFG
SiebenSchläfer

Geändert von SiebenSchlae (04.05.2010 um 20:17 Uhr)

Alt 05.05.2010, 11:50   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Viele Viren und Trojaner Funde, Icq Virus... - Standard

Viele Viren und Trojaner Funde, Icq Virus...



Hallo und

Zitat:
sehr viele Trojaner, Viren und andre Schädlinge gefunden.
Das Log will ich sehen...
__________________

__________________

Alt 05.05.2010, 12:29   #3
SiebenSchlae
 
Viele Viren und Trojaner Funde, Icq Virus... - Standard

Viele Viren und Trojaner Funde, Icq Virus...



Von welchem Prog den das log file?
__________________

Alt 05.05.2010, 12:36   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Viele Viren und Trojaner Funde, Icq Virus... - Standard

Viele Viren und Trojaner Funde, Icq Virus...



Von AntiVir vielleicht? Hast doch selbst geschrieben, dass AntiVir "sehr viele Trojaner, Viren und andre Schädlinge gefunden" hat.
__________________
"Ich habe viel Geld für Alkohol, Weiber und schnelle Autos ausgegeben. Den Rest hab’ ich einfach nur verprasst." - George Best

Warum Linux besser als Windows ist!


Das Trojaner-Board unterstützen

Alt 05.05.2010, 12:42   #5
SiebenSchlae
 
Viele Viren und Trojaner Funde, Icq Virus... - Standard

Viele Viren und Trojaner Funde, Icq Virus...



joa das war am wochende mit 200 funden aber ka obs da noch ein file gibt irgendwo, quarantäne ist gelöscht. Ich guck dann mal wenn nicht ein suchlauf machen und das dann hier posten?


Alt 05.05.2010, 16:20   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Viele Viren und Trojaner Funde, Icq Virus... - Standard

Viele Viren und Trojaner Funde, Icq Virus...



Dann erstmal bitte nen Vollscan mit Malwarebytes machen und Log posten. Danach OTL:

Systemscan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles hier in den Thread.
__________________
--> Viele Viren und Trojaner Funde, Icq Virus...

Alt 05.05.2010, 23:09   #7
SiebenSchlae
 
Viele Viren und Trojaner Funde, Icq Virus... - Standard

Viele Viren und Trojaner Funde, Icq Virus...



OTL:
Code:
ATTFilter
OTL logfile created on: 05.05.2010 23:05:49 - Run 1
OTL by OldTimer - Version 3.2.4.1     Folder = C:\Users\Johannes\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18904)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 40,00% Memory free
7,00 Gb Paging File | 5,00 Gb Available in Paging File | 68,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 308,88 Gb Total Space | 219,14 Gb Free Space | 70,95% Space Free | Partition Type: NTFS
Drive D: | 613,85 Gb Total Space | 221,16 Gb Free Space | 36,03% Space Free | Partition Type: NTFS
Drive E: | 5,10 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: JOHANNES-PC
Current User Name: Johannes
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Johannes\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Windows\Wtihyd.exe ()
PRC - C:\Users\Johannes\AppData\Local\Temp\Wcl.exe ()
PRC - C:\Users\Public\winvcsn.exe ()
PRC - C:\Users\Johannes\AppData\Local\Temp\nvdis.exe (                     )
PRC - C:\Users\Johannes\AppData\Local\TeamSpeak 3 Client\ts3client_win32.exe (TeamSpeak Systems GmbH)
PRC - C:\Programme\DivX\DivX Update\DivXUpdate.exe ()
PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Programme\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Programme\Internet Explorer\iexplore.exe (Microsoft Corporation)
PRC - C:\Programme\Avira\AntiVir Desktop\avcenter.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH)
PRC - C:\Programme\TeamViewer\Version5\TeamViewer_Service.exe (TeamViewer GmbH)
PRC - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.)
PRC - C:\Programme\TeamViewer\Version4\TeamViewer.exe (TeamViewer GmbH)
PRC - C:\Programme\TeamViewer\Version4\TeamViewer_Service.exe (TeamViewer GmbH)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Fujitsu Siemens Computers\Energy Settings\EnergySettings.exe (Fujitsu Siemens Computers GmbH)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Programme\TechSmith\SnagIt 9\TscHelp.exe (TechSmith Corporation)
PRC - C:\Programme\TechSmith\SnagIt 9\SnagItEditor.exe (TechSmith Corporation)
PRC - C:\Programme\TechSmith\SnagIt 9\SnagIt32.exe (TechSmith Corporation)
PRC - C:\Programme\TechSmith\SnagIt 9\SnagPriv.exe (TechSmith Corporation)
PRC - C:\Programme\Fujitsu Siemens Computers\SystemDiagnostics\OnlineDiagnostic\TestManager\TestHandler.exe (Fujitsu Siemens Computers)
PRC - C:\Programme\Picasa2\PicasaMediaDetector.exe (Google Inc.)
PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
PRC - C:\Windows\System32\consent.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Defender\MSASCui.exe (Microsoft Corporation)
PRC - C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\Johannes\Downloads\OTL.exe (OldTimer Tools)
MOD - C:\Programme\TeamViewer\Version4\TV.dll (TeamViewer GmbH)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll (Microsoft Corporation)
MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation)
MOD - C:\Windows\System32\dwmapi.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (Hamachi2Svc) -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (TeamViewer5) -- C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (TeamViewer4) -- C:\Program Files\TeamViewer\Version4\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation)
SRV - (TestHandler) -- C:\Program Files\Fujitsu Siemens Computers\SystemDiagnostics\OnlineDiagnostic\TestManager\TestHandler.exe (Fujitsu Siemens Computers)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (UPnPService) -- C:\Programme\Common Files\MAGIX Shared\UPnPService\UPnPService.exe (Magix AG)
SRV - (FirebirdServerMAGIXInstance) -- C:\Programme\MAGIX\Common\Database\bin\fbserver.exe (MAGIX®)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (hamachi) -- C:\Windows\System32\drivers\hamachi.sys (LogMeIn, Inc.)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.)
DRV - (nvsmu) -- C:\Windows\System32\drivers\nvsmu.sys (NVIDIA Corporation)
DRV - (NVENETFD) -- C:\Windows\System32\drivers\nvmfdx32.sys (NVIDIA Corporation)
DRV - (ahcix86s) -- C:\Windows\system32\drivers\ahcix86s.sys (AMD Technologies Inc.)
DRV - (JRAID) -- C:\Windows\system32\drivers\jraid.sys (JMicron Technology Corp.)
DRV - (MegaSR) -- C:\Windows\system32\drivers\megasr.sys (LSI Corporation, Inc.)
DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Corporation)
DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)
DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (iaStor) -- C:\Windows\system32\drivers\iastor.sys (Intel Corporation)
DRV - (RTL85n86) -- C:\Windows\System32\drivers\RTL85n86.sys (Realtek)
DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ig/redirectdomain?brand=FUJD&bmod=FUJD
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {EEE6C35D-6118-11DC-9C72-001320C79847} - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaulturl: "hxxp://search.sweetim.com/search.asp?src=2&q="
FF - prefs.js..browser.search.selectedEngine: "SweetIM Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "sport1.de"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2
 
FF - HKLM\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2008.12.26 18:54:50 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.9\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.05.03 22:12:48 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.9\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.04.01 17:54:22 | 000,000,000 | ---D | M]
 
[2008.12.31 18:30:21 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\mozilla\Extensions
[2010.05.05 22:11:56 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\mozilla\Firefox\Profiles\k68k1rp0.default\extensions
[2009.09.02 15:34:51 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Johannes\AppData\Roaming\mozilla\Firefox\Profiles\k68k1rp0.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.05.03 22:15:41 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Johannes\AppData\Roaming\mozilla\Firefox\Profiles\k68k1rp0.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010.05.03 22:09:06 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions
[2009.06.24 14:37:42 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2009.06.24 14:37:42 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2009.06.24 14:37:42 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2009.09.13 17:10:36 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2009.06.24 14:37:42 | 000,000,801 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (SnagIt Toolbar Loader) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Programme\TechSmith\SnagIt 9\SnagItBHO.dll (TechSmith Corporation)
O2 - BHO: (no name) - {0124123D-61B4-456f-AF86-78C53A0790C5} - No CLSID value found.
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (no name) - {8a194578-81ea-4850-9911-13ba2d71efbd}  - No CLSID value found.
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Programme\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O3 - HKLM\..\Toolbar: (no name) - {0124123D-61B4-456f-AF86-78C53A0790C5} - No CLSID value found.
O3 - HKLM\..\Toolbar: (SnagIt) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Programme\TechSmith\SnagIt 9\SnagItIEAddin.dll (TechSmith Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EEE6C35B-6118-11DC-9C72-001320C79847} - No CLSID value found.
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [EnergySettings] C:\Programme\Fujitsu Siemens Computers\Energy Settings\EnergySettings.exe (Fujitsu Siemens Computers GmbH)
O4 - HKLM..\Run: [Google EULA Launcher] c:\Program Files\Google\Google EULA\GoogleEULALauncher.exe ( )
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKLM..\Run: [ Malwarebytes Anti-Malware  (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Skytel] C:\Windows\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Google Updater] C:\Users\Johannes\AppData\Local\Temp\nvdis.exe (                     )
O4 - HKCU..\Run: [Picasa Media Detector] C:\Programme\Picasa2\PicasaMediaDetector.exe (Google Inc.)
O4 - HKCU..\Run: [StartServiceLBNSSBFP] C:\Users\Johannes\AppData\Local\LBNSSBFP\StartService.exe ()
O4 - HKCU..\Run: [Steam] D:\spiele\Steam\Steam.exe (Valve Corporation)
O4 - HKCU..\Run: [WindowsSysGuard] C:\Users\Public\winvcsn.exe ()
O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - Startup: C:\Users\Johannes\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk = C:\Programme\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_06\bin\NPJPI150_06.dll (Sun Microsystems, Inc.)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: HP Intelligente Auswahl - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Programme\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} hxxp://icq.oberon-media.com/Gameshell/GameHost/1.0/OberonGameHost.cab (Oberon Flash Game Host)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 80.69.100.198 192.168.0.1
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Johannes\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Johannes\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2006.10.13 14:50:51 | 003,834,762 | R--- | M] (Macromedia, Inc.) - E:\Autorun.exe -- [ CDFS ]
O32 - AutoRun File - [2006.10.17 17:24:41 | 000,000,041 | RH-- | M] () - E:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{1e2baa9c-cfb2-11de-86b7-002185c1db95}\Shell\AutoRun\command - "" = K:\installer.exe -- File not found
O33 - MountPoints2\{1e2baa9c-cfb2-11de-86b7-002185c1db95}\Shell\verb\command - "" = K:\installer.exe -- File not found
O33 - MountPoints2\{29b3abcf-b288-11dd-9c75-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{29b3abcf-b288-11dd-9c75-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Autorun.exe -- [2006.10.13 14:50:51 | 003,834,762 | R--- | M] (Macromedia, Inc.)
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2010.05.05 21:52:00 | 000,000,000 | ---D | C] -- C:\Users\Johannes\AppData\Roaming\Malwarebytes
[2010.05.05 21:51:50 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010.05.05 21:51:47 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010.05.05 21:51:47 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2010.05.05 21:51:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010.05.04 17:40:20 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2010.05.03 15:21:14 | 000,000,000 | RHSD | C] -- C:\RECYCLER
[2010.05.02 22:07:18 | 000,000,000 | ---D | C] -- C:\Users\Johannes\AppData\Roaming\Avira
[2010.05.02 21:53:32 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys
[2010.05.02 21:53:29 | 000,124,784 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2010.05.02 21:53:29 | 000,060,936 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
[2010.05.02 21:53:29 | 000,051,992 | ---- | C] (AVIRA GmbH) -- C:\Windows\System32\drivers\avgntdd.sys
[2010.05.02 21:53:29 | 000,017,016 | ---- | C] (AVIRA GmbH) -- C:\Windows\System32\drivers\avgntmgr.sys
[2010.05.02 21:53:26 | 000,000,000 | ---D | C] -- C:\Programme\Avira
[2010.05.02 21:53:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2010.05.02 17:28:23 | 000,000,000 | ---D | C] -- C:\Users\Johannes\AppData\Local\LBNSSBFP
[2010.04.28 17:03:58 | 000,000,000 | ---D | C] -- C:\Users\Johannes\AppData\Local\Windows Server
[2010.04.26 22:45:20 | 000,000,000 | ---D | C] -- C:\Users\Johannes\AppData\Roaming\501902D68DB8CA7AFA6AFDC173D4967F
[2010.04.26 18:29:23 | 000,000,000 | -HSD | C] -- C:\Users\Johannes\AppData\Roaming\lowsec
[2010.04.23 23:13:07 | 000,000,000 | ---D | C] -- C:\Users\Johannes\AppData\Roaming\TS3Client
[2010.04.23 23:12:17 | 000,000,000 | ---D | C] -- C:\Users\Johannes\AppData\Local\TeamSpeak 3 Client
[2010.04.15 00:00:00 | 000,000,000 | ---D | C] -- C:\Users\Johannes\Documents\Downloads
[2010.04.14 23:57:54 | 000,000,000 | ---D | C] -- C:\ProgramData\DivX
[2010.04.14 16:59:40 | 003,600,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2010.04.14 16:59:40 | 003,548,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2010.04.14 16:59:36 | 000,420,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
[2010.04.14 16:59:33 | 000,220,672 | ---- | C] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\Windows\System32\l3codecp.acm
[2010.04.14 16:59:33 | 000,062,464 | ---- | C] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\Windows\System32\l3codeca.acm
[2009.04.09 12:38:00 | 000,126,976 | ---- | C] ( ) -- C:\Windows\System32\Interop.SHDocVw.dll
 
========== Files - Modified Within 30 Days ==========
 
[2010.05.05 23:07:12 | 012,582,912 | -HS- | M] () -- C:\Users\Johannes\ntuser.dat
[2010.05.05 23:06:59 | 000,000,298 | -H-- | M] () -- C:\Windows\tasks\{8C3FDD81-7AE0-4605-A46A-2488B179F2A3}.job
[2010.05.05 23:06:00 | 000,000,428 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{A250949A-1191-4172-BE04-ADF5CCC93F80}.job
[2010.05.05 23:04:02 | 000,054,016 | ---- | M] () -- C:\Windows\System32\drivers\yvcokn.sys
[2010.05.05 21:51:54 | 000,000,824 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.05.05 21:39:03 | 001,418,806 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010.05.05 21:39:03 | 000,618,204 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2010.05.05 21:39:03 | 000,586,980 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010.05.05 21:39:03 | 000,122,636 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2010.05.05 21:39:03 | 000,101,052 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010.05.05 21:32:42 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010.05.05 21:32:42 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010.05.05 21:32:40 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010.05.05 21:32:39 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.05.05 21:32:36 | 3488,784,384 | -HS- | M] () -- C:\hiberfil.sys
[2010.05.05 17:24:45 | 000,524,288 | -HS- | M] () -- C:\Users\Johannes\ntuser.dat{11c1c480-3e63-11df-b49b-002185c1db95}.TMContainer00000000000000000001.regtrans-ms
[2010.05.05 17:24:45 | 000,065,536 | -HS- | M] () -- C:\Users\Johannes\ntuser.dat{11c1c480-3e63-11df-b49b-002185c1db95}.TM.blf
[2010.05.05 17:24:13 | 003,651,678 | -H-- | M] () -- C:\Users\Johannes\AppData\Local\IconCache.db
[2010.05.04 18:58:36 | 000,165,888 | ---- | M] () -- C:\Windows\Wtihyd.exe
[2010.05.04 18:31:27 | 000,183,296 | ---- | M] () -- C:\Users\Johannes\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.05.04 18:11:54 | 000,165,888 | ---- | M] () -- C:\Windows\Wtihyc.exe
[2010.05.03 23:28:26 | 000,000,574 | ---- | M] () -- C:\Users\Johannes\Desktop\HijackThis.lnk
[2010.05.03 22:53:37 | 000,000,589 | ---- | M] () -- C:\Users\Johannes\Desktop\Steam.lnk
[2010.05.03 22:33:09 | 000,207,872 | ---- | M] () -- C:\Windows\System32\sshnas21.dll
[2010.05.03 19:33:45 | 000,000,000 | ---- | M] () -- C:\Users\Johannes\AppData\Roaming\chrtmp
[2010.05.02 21:53:45 | 000,001,853 | ---- | M] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk
[2010.04.29 15:36:10 | 000,400,488 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010.04.29 12:19:24 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010.04.29 12:19:14 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010.04.23 23:12:18 | 000,001,029 | ---- | M] () -- C:\Users\Johannes\Desktop\TeamSpeak 3 Client.lnk
[2010.04.17 22:29:54 | 000,010,696 | ---- | M] () -- C:\Users\Johannes\Desktop\esl befehle.docx
 
========== Files Created - No Company Name ==========
 
[2010.05.05 23:06:54 | 000,000,298 | -H-- | C] () -- C:\Windows\tasks\{8C3FDD81-7AE0-4605-A46A-2488B179F2A3}.job
[2010.05.05 23:04:02 | 000,054,016 | ---- | C] () -- C:\Windows\System32\drivers\yvcokn.sys
[2010.05.05 21:51:54 | 000,000,824 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.05.04 19:51:04 | 000,165,888 | ---- | C] () -- C:\Windows\Wtihyd.exe
[2010.05.04 18:47:26 | 000,165,888 | ---- | C] () -- C:\Windows\Wtihyc.exe
[2010.05.03 23:28:26 | 000,000,574 | ---- | C] () -- C:\Users\Johannes\Desktop\HijackThis.lnk
[2010.05.03 22:33:09 | 000,207,872 | ---- | C] () -- C:\Windows\System32\sshnas21.dll
[2010.05.03 19:33:45 | 000,000,000 | ---- | C] () -- C:\Users\Johannes\AppData\Roaming\chrtmp
[2010.05.02 21:53:44 | 000,001,853 | ---- | C] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk
[2010.04.23 23:12:18 | 000,001,029 | ---- | C] () -- C:\Users\Johannes\Desktop\TeamSpeak 3 Client.lnk
[2009.09.17 16:58:24 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009.04.09 12:38:00 | 000,053,248 | ---- | C] () -- C:\Windows\System32\SearchRequire.dll
[2008.11.10 18:40:02 | 000,120,200 | ---- | C] () -- C:\Windows\System32\DLLDEV32i.dll
[2008.11.10 18:40:01 | 000,006,768 | ---- | C] () -- C:\Windows\mgxoschk.ini
[2008.04.25 15:23:38 | 000,012,288 | ---- | C] () -- C:\Windows\System32\EvOnlDiag.dll
[2007.06.19 09:59:36 | 000,070,400 | ---- | C] () -- C:\Windows\System32\PhysXLoader.dll
[2007.04.20 08:57:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2007.04.20 08:57:28 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2007.04.20 08:57:28 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2007.04.20 08:57:28 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2007.04.20 08:57:28 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2007.04.20 08:57:28 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2007.04.20 08:57:28 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2007.04.20 08:57:28 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2007.04.20 08:57:28 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
[2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2001.08.25 16:44:45 | 000,011,616 | R--- | C] () -- C:\Windows\System32\drivers\SECDRV.SYS
[1997.06.14 13:56:08 | 000,056,832 | ---- | C] () -- C:\Windows\System32\iyvu9_32.dll
< End of report >
         
mbam

Code:
ATTFilter
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 4070

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18904

05.05.2010 23:03:22
mbam-log-2010-05-05 (23-03-22).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 321091
Laufzeit: 56 Minute(n), 27 Sekunde(n)

Infizierte Speicherprozesse: 2
Infizierte Speichermodule: 1
Infizierte Registrierungsschlüssel: 17
Infizierte Registrierungswerte: 4
Infizierte Dateiobjekte der Registrierung: 4
Infizierte Verzeichnisse: 3
Infizierte Dateien: 32

Infizierte Speicherprozesse:
C:\Windows\System32\sdra64.exe (Trojan.Downloader) -> No action taken.
C:\Users\Public\winvns.exe (Trojan.Downloader) -> No action taken.

Infizierte Speichermodule:
C:\Windows\System32\sshnas21.dll (Trojan.Downloader) -> No action taken.

Infizierte Registrierungsschlüssel:
HKEY_CLASSES_ROOT\AppID\{a9722a0d-365f-47d2-b70b-37d046316d99} (Adware.EZlife) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\nkgwuvjiwnwyqbluu (Adware.Adrotator) -> No action taken.
HKEY_CURRENT_USER\Software\M5T8QL3YW3 (Trojan.FakeAlert) -> No action taken.
HKEY_CURRENT_USER\Software\YVIBBBHA8C (Trojan.Agent) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Smart-Ads-Solutions (Adware.SmartAds) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Smart-Ads-Solutions (Adware.SmartAds) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Smart-Ads-Solutions (Adware.SmartAds) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Handle (Malware.Trace) -> No action taken.
HKEY_CLASSES_ROOT\adhlpr.adhlpr (Adware.Adrotator) -> No action taken.
HKEY_CLASSES_ROOT\adhlpr.adhlpr.1.0 (Adware.Adrotator) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\QZAIB7KITK (Trojan.FakeAlert) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4356add9-7562-4442-9d91-88313f7807c7} (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{4356add9-7562-4442-9d91-88313f7807c7} (Trojan.BHO) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8d9e2564-858c-8e65-4975-40f8891d4444} (Adware.AdRotator) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{8d9e2564-858c-8e65-4975-40f8891d4444} (Adware.AdRotator) -> No action taken.

Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\winupdsrvc (Trojan.Downloader) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\userinit (Trojan.Downloader) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\shell (Worm.AutoRun) -> No action taken.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\m5t8ql3yw3 (Trojan.FakeAlert) -> No action taken.

Infizierte Dateiobjekte der Registrierung:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.Downloader) -> Data: c:\windows\system32\sdra64.exe -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.Downloader) -> Data: system32\sdra64.exe -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell (Hijack.Shell) -> Bad: (explorer.exe,C:\RECYCLER\S-1-5-21-1634265367-4055158860-846931726-7261\Setupin.exe) Good: (Explorer.exe) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Hijack.Userinit) -> Bad: (C:\Windows\system32\userinit.exe,C:\Windows\system32\sdra64.exe,) Good: (Userinit.exe) -> No action taken.

Infizierte Verzeichnisse:
C:\Program Files\Smart-Ads-Solutions (Adware.SmartAds) -> No action taken.
C:\Program Files\Smart-Ads-Solutions\SmartAds (Adware.SmartAds) -> No action taken.
C:\Program Files\Smart-Ads-Solutions\SmartAds\1.5.2.0 (Adware.SmartAds) -> No action taken.

Infizierte Dateien:
C:\Windows\System32\sdra64.exe (Trojan.Downloader) -> No action taken.
C:\Users\Public\winvns.exe (Trojan.Downloader) -> No action taken.
C:\Users\Johannes\AppData\Roaming\sdra64.exe (Trojan.Downloader) -> No action taken.
C:\RECYCLER\S-1-5-21-1634265367-4055158860-846931726-7261\Setupin.exe (Worm.Autorun.B) -> No action taken.
C:\Users\Johannes\AppData\Local\Temp\2802.exe (Trojan.Downloader) -> No action taken.
C:\Users\Johannes\AppData\Local\Temp\6123.exe (Trojan.Downloader) -> No action taken.
C:\Users\Johannes\AppData\Local\Temp\Wcq.exe (Trojan.Fraudpack) -> No action taken.
C:\Users\Johannes\AppData\Local\Temp\install.48596.exe (Trojan.Sshnas) -> No action taken.
C:\Users\Johannes\AppData\Local\Temp\Windows-Update-KB342145-x86-ENU.exe (Trojan.Fraudpack) -> No action taken.
C:\Users\Johannes\AppData\Local\Temp\3159.exe (Trojan.Downloader) -> No action taken.
C:\Users\Johannes\AppData\Local\Temp\3286.exe (Trojan.Downloader) -> No action taken.
C:\Users\Johannes\AppData\Local\Temp\Wcv.exe (Trojan.Fraudpack) -> No action taken.
C:\Users\Johannes\AppData\Local\Temp\khvcol.exe (Trojan.Downloader) -> No action taken.
C:\Users\Johannes\AppData\Local\Temp\COM Security Update Level 1 (Adware.BHO) -> No action taken.
C:\Users\Johannes\AppData\Local\Temp\COM Security Update Level 10 (Adware.BHO) -> No action taken.
C:\Users\Johannes\AppData\Local\Temp\COM Security Update Level 3 (Adware.BHO) -> No action taken.
C:\Users\Johannes\AppData\Local\Temp\COM Security Update Level 5 (Adware.BHO) -> No action taken.
C:\Users\Johannes\AppData\Local\Temp\COM Security Update Level 6 (Adware.BHO) -> No action taken.
C:\Users\Johannes\AppData\Local\Temp\COM Security Update Level 7 (Adware.BHO) -> No action taken.
C:\Users\Johannes\AppData\Local\Temp\COM Security Update Level 8 (Adware.BHO) -> No action taken.
C:\Users\Johannes\AppData\Local\Temp\COM Security Update Level 9 (Adware.BHO) -> No action taken.
C:\Windows\System32\nkgwuvjiwnwyqbluu.exe (Adware.Adrotator) -> No action taken.
C:\Windows\Temp\WinBB9E.tmp (Trojan.Fraudpack) -> No action taken.
C:\Program Files\Smart-Ads-Solutions\SmartAds\1.5.2.0\uninstall.exe (Adware.SmartAds) -> No action taken.
C:\Windows\Tasks\{8C3FDD81-7AE0-4605-A46A-2488B179F2A3}.job (Trojan.Downloader) -> No action taken.
C:\Users\Johannes\AppData\Local\Temp\Wcl.exe (Trojan.FakeAlert) -> No action taken.
C:\Users\Johannes\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ntuser_mssec.exe (Trojan.VirTool) -> No action taken.
C:\Windows\System32\sshnas21.dll (Trojan.Downloader) -> No action taken.
C:\Windows\Tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job (Trojan.Downloader) -> No action taken.
C:\Users\Johannes\AppData\Local\Temp\csrss.exe (Trojan.Agent) -> No action taken.
C:\Windows\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job (Trojan.Downloader) -> No action taken.
C:\Users\Johannes\AppData\Local\Temp\0.04576904530300718.exe (Trojan.Dropper) -> No action taken.
         

Alt 05.05.2010, 23:13   #8
SiebenSchlae
 
Viele Viren und Trojaner Funde, Icq Virus... - Standard

Viele Viren und Trojaner Funde, Icq Virus...



otl extra
Code:
ATTFilter
OTL Extras logfile created on: 05.05.2010 23:05:49 - Run 1
OTL by OldTimer - Version 3.2.4.1     Folder = C:\Users\Johannes\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18904)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 40,00% Memory free
7,00 Gb Paging File | 5,00 Gb Available in Paging File | 68,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 308,88 Gb Total Space | 219,14 Gb Free Space | 70,95% Space Free | Partition Type: NTFS
Drive D: | 613,85 Gb Total Space | 221,16 Gb Free Space | 36,03% Space Free | Partition Type: NTFS
Drive E: | 5,10 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: JOHANNES-PC
Current User Name: Johannes
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" File not found
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" File not found
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{84F59794-7629-4A32-B6B8-F99CFCEA68C2}" = rport=427 | protocol=17 | dir=in | svc=hpslpsvc | app=c:\windows\system32\svchost.exe | 
"{F4A928EA-2904-4BA7-B69F-D8E24DDB30F2}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{07E648BC-BA0C-4AC7-80EB-F97A00BE9F5C}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe | 
"{0BD1FAE7-B7CB-4C71-9B7E-B0E24692729D}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgplgtupl.exe | 
"{200FEB3E-1FE1-480D-97E3-91575FD6809D}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqkygrp.exe | 
"{203C5391-1865-419A-8F4A-7860DA97130F}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgpc01.exe | 
"{244F409E-F142-4173-A81D-5400FA709818}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{2E6B9B6D-83F0-452F-8C1E-5F50064854BC}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqsudi.exe | 
"{33AD5E70-67B8-4199-A914-A46BB63895AC}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqste08.exe | 
"{41D87C1B-E4E2-42F6-8617-575DE091333D}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version4\teamviewer.exe | 
"{46438C51-9148-4C1B-BE9D-464B0075980B}" = protocol=17 | dir=in | app=d:\spiele\steam\steam.exe | 
"{728737A4-7750-4C35-8A7D-5412309B1E3A}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe | 
"{77FB02E2-ED6C-4485-B898-91EF0CFA6366}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{781E64D4-FDBB-43AE-BC29-3B59713143AA}" = protocol=6 | dir=in | app=c:\program files\electronic arts\unrealengine3\binaries\moha.exe | 
"{782AC38A-F57F-40E3-BFD8-DDACC286EBE4}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqpse.exe | 
"{7DC5881A-DA10-45A9-B3E4-FE264A92A2F8}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposid01.exe | 
"{89883749-DF06-4D98-A47F-AF7C27342D83}" = dir=in | app=c:\program files\common files\hp\digital imaging\bin\hpqphotocrm.exe | 
"{8FA8B820-23B3-4DF6-AD3E-BDB78C9F9355}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpiscnapp.exe | 
"{918D7379-A249-470E-A55F-111D04D8E8A2}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqpsapp.exe | 
"{996468DE-7B99-4428-AA22-1961FEB1732C}" = protocol=6 | dir=in | app=d:\spiele\steam\steam.exe | 
"{9A806A3D-EABA-4182-953C-E8882B5D56CB}" = dir=in | app=e:\setup\hpznui01.exe | 
"{9BB12149-84E2-4298-8A8C-CDB51EDA75D1}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{B6DFC1E6-6D46-4974-A3ED-8A2865E6DAAD}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpoews01.exe | 
"{D5F41B31-CA41-4A53-898A-64107FD39CE5}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version5\teamviewer.exe | 
"{DDC64038-85CE-4CBD-9049-56D9B1E5B526}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version5\teamviewer.exe | 
"{DF5E22DE-F505-4FCD-9D43-B12C7A8A1A18}" = protocol=17 | dir=in | app=c:\program files\electronic arts\unrealengine3\binaries\moha.exe | 
"{F5F6D738-2064-47DD-855B-3605FBD259E9}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqtra08.exe | 
"{F87A88E6-F1F9-4083-9BA5-0D6A04375A25}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version4\teamviewer.exe | 
"TCP Query User{53205DFF-006F-452F-BF43-DF1011A1E35D}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe | 
"TCP Query User{7D612AE1-5C6F-4338-8FDD-69D32167C64E}D:\spiele\steam\steamapps\killer_1392\counter-strike source\hl2.exe" = protocol=6 | dir=in | app=d:\spiele\steam\steamapps\killer_1392\counter-strike source\hl2.exe | 
"TCP Query User{FAF6E403-8846-42CC-83C4-D58FE2F6ECC1}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"TCP Query User{FD79758E-C411-4481-A933-61964FCECEA3}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe | 
"UDP Query User{0B55BF90-6CAF-4B80-A582-7C91736A0701}D:\spiele\steam\steamapps\killer_1392\counter-strike source\hl2.exe" = protocol=17 | dir=in | app=d:\spiele\steam\steamapps\killer_1392\counter-strike source\hl2.exe | 
"UDP Query User{3AA8BF85-6B1F-477C-94FC-6692536963EA}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe | 
"UDP Query User{915CC473-1393-4B67-B651-26F92792532D}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"UDP Query User{9FC867AE-07C0-4064-94A1-15940EA11BA6}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0289B35E-DC07-4c7a-9710-BBD686EA4B7D}" = Status
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{09633A5E-3089-41A8-9FF1-382171423C5D}" = PSSWCORE
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{15B8AFD9-92E9-4E86-96D9-83FAC510B82E}" = HPPhotoSmartPhotobookWebPack1
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{22F761D1-8063-4170-ADF7-2D2F47834CA9}" = VideoToolkit01
"{25F28E39-FDBB-11DB-8314-0800200C9A66}" = Medal of Honor Airborne
"{2614F54E-A828-49FA-93BA-45A3F756BFAA}" = 32 Bit HP CIO Components Installer
"{27197499-7680-4208-8FD8-5439CDB0FDC1}" = HPProductAssistant
"{2AFEAA03-2DFE-4519-A629-EDAB6541ABE9}" = HPSSupply
"{2F926AE7-9FB7-4B34-906F-9C29A6D146A7}" = SystemDiagnostics
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{43C0C354-A185-4D2D-A057-67C9160460E1}" = PS_AIO_04_C4580_Software_Min
"{4A3D0CF8-60FF-4CEF-91A4-A1F001424602}" = DocProc
"{4E7C28C7-D5DA-4E9F-A1CA-60490B54AE35}" = UnloadSupport
"{58BAA8D0-404E-4585-9FD3-ED1BB72AC2EE}" = Adobe Flash Player 9 ActiveX
"{593A6CAF-E114-4e31-884F-74FF349E8E36}" = SolutionCenter
"{59991D18-A988-45AB-B1BF-5ADE6E64CD3F}" = SnagIt 9
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{60DE4033-9503-48D1-A483-7846BD217CA9}" = ICQ6.5
"{65F1CF63-31E0-450B-96F3-4A88BE7361A6}" = AGEIA PhysX v7.07.09
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{681B698F-C997-42C3-B184-B489C6CA24C9}" = HPPhotoSmartDiscLabelContent1
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{70E1E357-E57C-4284-B04E-58196DC27BC1}" = PanoStandAlone
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7613592F-B20C-4E1B-B2DD-67F0784D4373}" = Energy Settings
"{7641710F-A4AD-4EAE-889C-4958BE3F169C}" = C4580
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{8A74DEFD-A224-49CC-AB80-4E88BC730125}" = LogMeIn Hamachi
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8F32C384-D237-4516-9F2B-223E8963A2FB}" = Lager
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{9580813D-94B1-4C28-9426-A441E2BB29A5}" = Counter-Strike: Source
"{9605D5C2-F545-40F2-B39A-0462E4CD3811}" = Windows Vista Demo Screen Saver
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9C2D4047-0E40-499a-AC7A-C4B9BB12FE03}" = TrayApp
"{9F4EE72A-C5C9-42ad-ABEF-427690843577}" = MarketResearch
"{A6A195F5-BCAB-4F38-8459-DF693303CD8D}" = PS_AIO_04_C4520_ProductContext
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AA2E8A46-B45E-4aea-8A23-88AB57D04523}" = WebReg
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1031-7B44-A90000000001}" = Adobe Reader 9 - Deutsch
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{BED1705F-7558-40f7-9F52-6C6FBD58EA2E}" = HP Photosmart C4500 All-In-One Driver Software 11.0 Rel .4
"{BF08AB1C-3357-4f20-A200-8EBB8EF27C59}" = BufferChm
"{C89B5E3A-690F-4CEE-909A-BF869E198B0A}" = Scan
"{CC0E1AE3-091D-4969-B151-7AC142062C28}" = SmartWebPrinting
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D16B4BE6-8B10-422f-8034-96D1CA9483B5}" = GPBaseService
"{D23E2520-0EAA-4AC3-A47E-A551C70D4FED}" = C4520_Help
"{D4278897-1541-493E-9D39-59CC6AB0FC09}" = PS_AIO_04_C4580_Software
"{D79113E7-274C-470B-BD46-01B10219DF6A}" = HPPhotosmartEssential
"{E535C94A-B87F-4182-BEA8-1E9322078D3E}" = Cards_Calendar_OrderGift_DoMorePlugout
"{E8ADC69C-4F11-483B-A3C9-B42E6A451CD2}" = Belkin Wireless Driver
"{E96B0085-6659-486b-A221-5042A042728D}" = Toolbox
"{EF1ADA5A-0B1A-4662-8C55-7475A61D8B65}" = DeviceDiscovery
"{EF9E56EE-0243-4BAD-88F4-5E7508AA7D96}" = Destination Component
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F95F178B-56AD-4fab-87F8-FA81E66C7D68}" = Network
"{FE57DE70-95DE-4B64-9266-84DA811053DB}" = HP Update
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Age of Empires 2.0" = Microsoft Age of Empires II
"Age of Empires II: The Conquerors Expansion 1.0" = Microsoft Age of Empires II: The Conquerors Expansion
"Applian FLV Player2.0.24" = Applian FLV Player
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DivX Setup.divx.com" = DivX-Setup
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Firebird SQL Server D" = Firebird SQL Server - MAGIX Edition
"HijackThis" = HijackThis 2.0.2
"HP Imaging Device Functions" = HP Imaging Device Functions 11.0
"HP Photosmart Essential" = HP Photosmart Essential 3.5
"HP Smart Web Printing" = HP Smart Web Printing
"HP Solution Center & Imaging Support Tools" = HP Solution Center 11.0
"HPExtendedCapabilities" = HP Customer Participation Program 11.0
"HPOCR" = OCR Software by I.R.I.S. 11.0
"LogMeIn Hamachi" = LogMeIn Hamachi
"MAGIX Foto Manager 2008 D" = MAGIX Foto Manager 2008 5.0.3.351 (D)
"MAGIX Fotobuch" = MAGIX Fotobuch 3.6
"MAGIX Media Suite D" = MAGIX Media Suite 1.12.0.89 (D)
"MAGIX Music Manager 2007 D" = MAGIX Music Manager 2007 8.2.0.76 (D)
"MAGIX Online Druck Service D" = MAGIX Online Druck Service 2.3.2.0 (D)
"MAGIX Ringtone Maker SE D" = MAGIX Ringtone Maker SE 3.1.0.4 (D)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.5.9)" = Mozilla Firefox (3.5.9)
"NVIDIA Drivers" = NVIDIA Drivers
"Picasa2" = Picasa 2
"Shop for HP Supplies" = Shop for HP Supplies
"Steam App 240" = Counter-Strike: Source
"Steam App 300" = Day of Defeat: Source
"Steam App 320" = Half-Life 2: Deathmatch
"Steam App 340" = Half-Life 2: Lost Coast
"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2
"TeamViewer 4" = TeamViewer 4
"TeamViewer 5" = TeamViewer 5
"VLC media player" = VLC media player 1.0.3
"WinRAR archiver" = WinRAR
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"TeamSpeak 3 Client" = TeamSpeak 3 Client
 
========== Last 10 Event Log Errors ==========
 
Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!
 
< End of report >
         

Alt 06.05.2010, 11:56   #9
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Viele Viren und Trojaner Funde, Icq Virus... - Standard

Viele Viren und Trojaner Funde, Icq Virus...



Beende alle Programme, starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:
ATTFilter
:OTL
PRC - C:\Windows\Wtihyd.exe ()
PRC - C:\Users\Johannes\AppData\Local\Temp\Wcl.exe ()
PRC - C:\Users\Public\winvcsn.exe ()
PRC - C:\Users\Johannes\AppData\Local\Temp\nvdis.exe (                     )
FF - prefs.js..browser.search.defaulturl: "http://search.sweetim.com/search.asp?src=2&q="
FF - prefs.js..browser.search.selectedEngine: "SweetIM Search"
O4 - HKCU..\Run: [Google Updater] C:\Users\Johannes\AppData\Local\Temp\nvdis.exe (                     )
O4 - HKCU..\Run: [WindowsSysGuard] C:\Users\Public\winvcsn.exe ()
O4 - HKCU..\Run: [Google Updater] C:\Users\Johannes\AppData\Local\Temp\nvdis.exe (                     )
O4 - HKCU..\Run: [WindowsSysGuard] C:\Users\Public\winvcsn.exe ()
O32 - AutoRun File - [2006.10.13 14:50:51 | 003,834,762 | R--- | M] (Macromedia, Inc.) - E:\Autorun.exe -- [ CDFS ]
O32 - AutoRun File - [2006.10.17 17:24:41 | 000,000,041 | RH-- | M] () - E:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{1e2baa9c-cfb2-11de-86b7-002185c1db95}\Shell\AutoRun\command - "" = K:\installer.exe -- File not found
O33 - MountPoints2\{1e2baa9c-cfb2-11de-86b7-002185c1db95}\Shell\verb\command - "" = K:\installer.exe -- File not found
O33 - MountPoints2\{29b3abcf-b288-11dd-9c75-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{29b3abcf-b288-11dd-9c75-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Autorun.exe -- [2006.10.13 14:50:51 | 003,834,762 | R--- | M] (Macromedia, Inc.)
[2010.04.26 22:45:20 | 000,000,000 | ---D | C] -- C:\Users\Johannes\AppData\Roaming\501902D68DB8CA7AFA6AFDC173D4967F
[2010.04.26 18:29:23 | 000,000,000 | -HSD | C] -- C:\Users\Johannes\AppData\Roaming\lowsec
[2010.05.05 23:04:02 | 000,054,016 | ---- | M] () -- C:\Windows\System32\drivers\yvcokn.sys
[2010.05.04 18:58:36 | 000,165,888 | ---- | M] () -- C:\Windows\Wtihyd.exe
[2010.05.04 18:31:27 | 000,183,296 | ---- | M] () -- C:\Users\Johannes\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.05.04 18:11:54 | 000,165,888 | ---- | M] () -- C:\Windows\Wtihyc.exe
[2010.05.03 22:33:09 | 000,207,872 | ---- | M] () -- C:\Windows\System32\sshnas21.dll
[2010.05.03 19:33:45 | 000,000,000 | ---- | M] () -- C:\Users\Johannes\AppData\Roaming\chrtmp
[2009.04.09 12:38:00 | 000,053,248 | ---- | C] () -- C:\Windows\System32\SearchRequire.dll
:Commands
[purity]
[resethosts]
[emptytemp]
         
Klick dann auf den Button Run Fixes!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.
__________________
"Ich habe viel Geld für Alkohol, Weiber und schnelle Autos ausgegeben. Den Rest hab’ ich einfach nur verprasst." - George Best

Warum Linux besser als Windows ist!


Das Trojaner-Board unterstützen

Alt 06.05.2010, 21:49   #10
SiebenSchlae
 
Viele Viren und Trojaner Funde, Icq Virus... - Standard

Viele Viren und Trojaner Funde, Icq Virus...



So ich habe das alles mal so gemacht wie du es mir gesagt hast, dass windows update von einem unbekannten herrausgeber(C:\User\**\AppData\Temp\Windows-Update-KB342145-x86-ENU.exe) hat mich aber direkt wieder begrüßt mit zulassen oder verweigern, hier die log datei:

Code:
ATTFilter
All processes killed
========== OTL ==========
No active process named Wtihyd.exe was found!
No active process named Wcl.exe was found!
No active process named winvcsn.exe was found!
No active process named nvdis.exe was found!
Prefs.js: "hxxp://search.sweetim.com/search.asp?src=2&q=" removed from browser.search.defaulturl
Prefs.js: "SweetIM Search" removed from browser.search.selectedEngine
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Google Updater not found.
File C:\Users\Johannes\AppData\Local\Temp\nvdis.exe not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\WindowsSysGuard not found.
File C:\Users\Public\winvcsn.exe not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Google Updater not found.
File C:\Users\Johannes\AppData\Local\Temp\nvdis.exe not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\WindowsSysGuard not found.
File C:\Users\Public\winvcsn.exe not found.
File move failed. E:\Autorun.exe scheduled to be moved on reboot.
File move failed. E:\autorun.inf scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1e2baa9c-cfb2-11de-86b7-002185c1db95}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1e2baa9c-cfb2-11de-86b7-002185c1db95}\ not found.
File K:\installer.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1e2baa9c-cfb2-11de-86b7-002185c1db95}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1e2baa9c-cfb2-11de-86b7-002185c1db95}\ not found.
File K:\installer.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{29b3abcf-b288-11dd-9c75-806e6f6e6963}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{29b3abcf-b288-11dd-9c75-806e6f6e6963}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{29b3abcf-b288-11dd-9c75-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{29b3abcf-b288-11dd-9c75-806e6f6e6963}\ not found.
File move failed. E:\Autorun.exe scheduled to be moved on reboot.
C:\Users\Johannes\AppData\Roaming\501902D68DB8CA7AFA6AFDC173D4967F folder moved successfully.
C:\Users\Johannes\AppData\Roaming\lowsec folder moved successfully.
File C:\Windows\System32\drivers\yvcokn.sys not found.
C:\Windows\Wtihyd.exe moved successfully.
C:\Users\Johannes\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini moved successfully.
C:\Windows\Wtihyc.exe moved successfully.
File C:\Windows\System32\sshnas21.dll not found.
C:\Users\Johannes\AppData\Roaming\chrtmp moved successfully.
C:\Windows\System32\SearchRequire.dll moved successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: ***
->Temp folder emptied: 2141845158 bytes
->Temporary Internet Files folder emptied: 45635184 bytes
->Java cache emptied: 685872 bytes
->FireFox cache emptied: 71702212 bytes
->Google Chrome cache emptied: 856432 bytes
->Flash cache emptied: 6190 bytes
 
User: ***
->Temp folder emptied: 6152475 bytes
->Temporary Internet Files folder emptied: 48661980 bytes
->FireFox cache emptied: 30671951 bytes
->Flash cache emptied: 2929 bytes
 
User: ***
->Temp folder emptied: 1699635 bytes
->Temporary Internet Files folder emptied: 109898 bytes
->FireFox cache emptied: 40953262 bytes
->Flash cache emptied: 604 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 629602 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 2.279,00 mb
 
 
OTL by OldTimer - Version 3.2.4.1 log created on 05062010_214111

Files\Folders moved on Reboot...
File move failed. E:\Autorun.exe scheduled to be moved on reboot.
File move failed. E:\autorun.inf scheduled to be moved on reboot.

Registry entries deleted on Reboot...
         

Geändert von SiebenSchlae (06.05.2010 um 21:58 Uhr)

Alt 07.05.2010, 12:36   #11
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Viele Viren und Trojaner Funde, Icq Virus... - Standard

Viele Viren und Trojaner Funde, Icq Virus...



Ok. Weiter gehts mit CF:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Lade dir ComboFix hier herunter auf deinen Desktop. Benenne es beim Runterladen um in cofi.exe.
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.
__________________
"Ich habe viel Geld für Alkohol, Weiber und schnelle Autos ausgegeben. Den Rest hab’ ich einfach nur verprasst." - George Best

Warum Linux besser als Windows ist!


Das Trojaner-Board unterstützen

Alt 07.05.2010, 16:55   #12
SiebenSchlae
 
Viele Viren und Trojaner Funde, Icq Virus... - Standard

Viele Viren und Trojaner Funde, Icq Virus...



Okay habe mir Beide Programme geladen und ausgeführt hier das Log von combofix:
Code:
ATTFilter
ComboFix 10-05-06.05 - Johannes 07.05.2010  16:44:14.1.4 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.49.1031.18.3327.2156 [GMT 2:00]
ausgeführt von:: c:\users\Johannes\Desktop\cofi.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\$recycle.bin\S-1-5-21-1981430874-1461379027-507063435-500
c:\programdata\Microsoft\Network\Downloader\qmgr0.dat
c:\programdata\Microsoft\Network\Downloader\qmgr1.dat
c:\recycler\S-1-5-21-1634265367-4055158860-846931726-7261
c:\recycler\S-1-5-21-2371285633-5924054069-967626963-5865
c:\recycler\S-1-5-21-2392517425-9675785191-291163200-2830
c:\recycler\S-1-5-21-2476066020-3156319294-914401234-6823
c:\recycler\S-1-5-21-4361653718-4885406370-135914478-8306
c:\recycler\S-1-5-21-5329191258-0846633533-629004746-4783
c:\recycler\S-1-5-21-5577668531-0322717827-083024200-4759
c:\recycler\S-1-5-21-6824106828-5238599994-095171678-3973
c:\recycler\S-1-5-21-8375497566-7244318555-596617142-9877
c:\recycler\S-1-5-21-8468337546-2401470383-114608456-3179
c:\recycler\S-1-5-21-8543406265-4846407540-276423725-9583
c:\recycler\S-1-5-21-9076899268-4717087827-259976369-0995
c:\recycler\S-1-5-21-9200935278-4043040693-077872233-6379
c:\users\Johannes\AppData\Local\Windows Server
c:\users\Johannes\AppData\Local\Windows Server\flags.ini
c:\users\Johannes\AppData\Local\Windows Server\uses32.dat

----- BITS: Eventuell infizierte Webseiten -----

hxxp://gooddayfilm.com
.
(((((((((((((((((((((((   Dateien erstellt von 2010-04-07 bis 2010-05-07  ))))))))))))))))))))))))))))))
.

2010-05-07 14:48 . 2010-05-07 14:48	--------	d-----w-	c:\users\Johannes\AppData\Local\temp
2010-05-07 14:25 . 2010-05-07 14:25	--------	d-----w-	c:\program files\CCleaner
2010-05-06 18:52 . 2010-05-06 18:52	--------	d-----w-	C:\_OTL
2010-05-05 19:52 . 2010-05-05 19:52	--------	d-----w-	c:\users\Johannes\AppData\Roaming\Malwarebytes
2010-05-05 19:51 . 2010-04-29 10:19	38224	----a-w-	c:\windows\system32\drivers\mbamswissarmy.sys
2010-05-05 19:51 . 2010-05-05 19:51	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2010-05-05 19:51 . 2010-05-05 19:51	--------	d-----w-	c:\programdata\Malwarebytes
2010-05-05 19:51 . 2010-04-29 10:19	20952	----a-w-	c:\windows\system32\drivers\mbam.sys
2010-05-04 15:40 . 2010-05-04 15:40	--------	d-----w-	c:\windows\Sun
2010-05-02 20:07 . 2010-05-02 20:07	--------	d-----w-	c:\users\Johannes\AppData\Roaming\Avira
2010-05-02 19:53 . 2010-03-01 08:05	124784	----a-w-	c:\windows\system32\drivers\avipbb.sys
2010-05-02 19:53 . 2010-02-16 12:24	60936	----a-w-	c:\windows\system32\drivers\avgntflt.sys
2010-05-02 19:53 . 2009-05-11 10:49	51992	----a-w-	c:\windows\system32\drivers\avgntdd.sys
2010-05-02 19:53 . 2009-05-11 10:49	17016	----a-w-	c:\windows\system32\drivers\avgntmgr.sys
2010-05-02 19:53 . 2010-05-02 19:53	--------	d-----w-	c:\programdata\Avira
2010-05-02 19:53 . 2010-05-02 19:53	--------	d-----w-	c:\program files\Avira
2010-05-02 15:28 . 2010-05-03 19:50	--------	d-----w-	c:\users\Johannes\AppData\Local\LBNSSBFP
2010-04-23 21:13 . 2010-04-25 18:25	--------	d-----w-	c:\users\Johannes\AppData\Roaming\TS3Client
2010-04-23 21:12 . 2010-04-23 21:12	--------	d-----w-	c:\users\Johannes\AppData\Local\TeamSpeak 3 Client
2010-04-14 14:59 . 2010-02-18 14:07	3600776	----a-w-	c:\windows\system32\ntkrnlpa.exe
2010-04-14 14:59 . 2010-02-18 14:07	3548040	----a-w-	c:\windows\system32\ntoskrnl.exe
2010-04-14 14:59 . 2010-02-23 11:10	212992	----a-w-	c:\windows\system32\drivers\mrxsmb10.sys
2010-04-14 14:59 . 2010-02-23 11:10	79360	----a-w-	c:\windows\system32\drivers\mrxsmb20.sys
2010-04-14 14:59 . 2010-02-23 11:10	106496	----a-w-	c:\windows\system32\drivers\mrxsmb.sys
2010-04-14 14:59 . 2010-03-05 14:01	420352	----a-w-	c:\windows\system32\vbscript.dll
2010-04-14 14:59 . 2010-02-18 14:07	904576	----a-w-	c:\windows\system32\drivers\tcpip.sys
2010-04-14 14:59 . 2010-02-18 13:30	200704	----a-w-	c:\windows\system32\iphlpsvc.dll
2010-04-14 14:59 . 2010-02-18 11:28	25088	----a-w-	c:\windows\system32\drivers\tunnel.sys
2010-04-14 14:58 . 2009-12-23 11:33	172032	----a-w-	c:\windows\system32\wintrust.dll
2010-04-14 14:57 . 2010-01-13 17:34	98304	----a-w-	c:\windows\system32\cabview.dll

.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-07 13:20 . 2008-01-21 07:15	618204	----a-w-	c:\windows\system32\perfh007.dat
2010-05-07 13:20 . 2008-01-21 07:15	122636	----a-w-	c:\windows\system32\perfc007.dat
2010-05-06 14:26 . 2008-12-26 17:27	--------	d-----w-	c:\users\Johannes\AppData\Roaming\ICQ
2010-05-04 15:26 . 2009-01-13 17:37	--------	d-----w-	c:\program files\Common Files\Steam
2010-05-03 20:59 . 2008-12-26 10:13	--------	d-----w-	c:\program files\Google
2010-05-03 20:23 . 2008-11-10 16:39	--------	d-----w-	c:\programdata\G DATA
2010-05-03 20:09 . 2009-01-26 21:19	--------	d-----r-	c:\program files\Skype
2010-05-02 20:06 . 2009-04-08 21:26	--------	d-----w-	c:\users\Johannes\AppData\Roaming\TeamViewer
2010-05-02 18:12 . 2010-01-02 11:04	--------	d-----w-	c:\users\Johannes\AppData\Roaming\vlc
2010-05-02 11:17 . 2010-03-17 17:46	--------	d-----w-	c:\users\Michael Kreß\AppData\Roaming\vlc
2010-05-02 11:16 . 2010-03-17 17:46	--------	d-----w-	c:\users\Michael Kreß\AppData\Roaming\dvdcss
2010-05-02 07:52 . 2009-01-21 20:25	--------	d-----w-	c:\users\Johannes\AppData\Roaming\teamspeak2
2010-04-18 22:44 . 2009-01-26 21:19	--------	d-----w-	c:\users\Johannes\AppData\Roaming\Skype
2010-04-18 22:06 . 2009-01-26 21:22	--------	d-----w-	c:\users\Johannes\AppData\Roaming\skypePM
2010-04-15 06:44 . 2006-11-02 11:18	--------	d-----w-	c:\program files\Windows Mail
2010-04-14 21:59 . 2010-04-14 21:59	57344	----a-w-	c:\programdata\DivX\RunAsUser\RUNASUSERPROCESS.dll
2010-04-14 21:59 . 2009-12-05 21:37	--------	d-----w-	c:\program files\DivX
2010-04-14 21:59 . 2010-04-14 21:59	56766	----a-w-	c:\programdata\DivX\DivXPlusShortcuts\Uninstaller.exe
2010-04-14 21:59 . 2010-04-14 21:57	--------	d-----w-	c:\programdata\DivX
2010-04-14 21:59 . 2010-04-14 21:59	56978	----a-w-	c:\programdata\DivX\WebPlayer\Uninstaller.exe
2010-04-14 21:59 . 2010-04-14 21:59	57409	----a-w-	c:\programdata\DivX\ControlPanel\Uninstaller.exe
2010-04-14 21:59 . 2010-04-14 21:59	53600	----a-w-	c:\programdata\DivX\Update\Uninstaller.exe
2010-04-14 21:59 . 2010-04-14 21:59	52963	----a-w-	c:\programdata\DivX\MSVC80CRTRedist\Uninstaller.exe
2010-04-14 21:59 . 2010-04-14 21:59	54073	----a-w-	c:\programdata\DivX\Qt4.5\Uninstaller.exe
2010-04-14 21:59 . 2009-12-05 21:37	--------	d-----w-	c:\program files\Common Files\DivX Shared
2010-04-14 21:58 . 2010-04-14 21:59	754984	----a-w-	c:\programdata\DivX\Setup\Resource.dll
2010-04-14 21:57 . 2010-04-14 21:59	1180952	----a-w-	c:\programdata\DivX\Setup\DivXSetup.exe
2010-04-03 00:20 . 2009-07-22 20:02	--------	d-----w-	c:\programdata\HP Product Assistant
2010-04-02 20:25 . 2010-04-02 20:25	--------	d-----w-	c:\program files\Common Files\Skype
2010-04-02 20:25 . 2009-01-26 21:18	--------	d-----w-	c:\programdata\Skype
2010-04-02 13:00 . 2009-06-09 14:27	114944	----a-w-	c:\users\Jonas Kreß\AppData\Local\GDIPFONTCACHEV1.DAT
2010-04-01 01:20 . 2010-04-01 01:20	--------	d-----w-	c:\program files\LogMeIn Hamachi
2010-03-29 21:53 . 2009-01-04 13:12	--------	d-----w-	c:\users\Johannes\AppData\Roaming\dvdcss
2010-03-17 17:36 . 2010-03-17 17:36	--------	d-----w-	c:\users\Michael Kreß\AppData\Roaming\DivX
2010-03-17 17:23 . 2010-03-17 17:23	114944	----a-w-	c:\users\Michael Kreß\AppData\Local\GDIPFONTCACHEV1.DAT
2010-03-08 17:59 . 2010-03-08 17:59	94208	----a-w-	c:\windows\system32\dpl100.dll
2010-02-25 20:42 . 2008-12-26 10:17	114944	----a-w-	c:\users\Johannes\AppData\Local\GDIPFONTCACHEV1.DAT
2010-02-24 08:16 . 2009-10-02 18:47	181632	------w-	c:\windows\system32\MpSigStub.exe
2010-02-23 06:39 . 2010-03-31 09:06	916480	----a-w-	c:\windows\system32\wininet.dll
2010-02-23 06:33 . 2010-03-31 09:06	71680	----a-w-	c:\windows\system32\iesetup.dll
2010-02-23 06:33 . 2010-03-31 09:06	109056	----a-w-	c:\windows\system32\iesysprep.dll
2010-02-23 04:55 . 2010-03-31 09:06	133632	----a-w-	c:\windows\system32\ieUnatt.exe
2010-02-20 23:06 . 2010-03-10 13:50	24064	----a-w-	c:\windows\system32\nshhttp.dll
2010-02-20 23:05 . 2010-03-10 13:50	30720	----a-w-	c:\windows\system32\httpapi.dll
2010-02-20 20:53 . 2010-03-10 13:50	411648	----a-w-	c:\windows\system32\drivers\http.sys
2010-02-13 13:35 . 2010-02-13 13:35	509552	----a-w-	c:\programdata\Google\Google Toolbar\Update\gtbB81C.tmp.exe
2010-02-12 10:32 . 2010-03-12 13:47	293376	----a-w-	c:\windows\system32\browserchoice.exe
2008-12-29 09:54 . 2008-12-29 09:54	7728128	----a-w-	c:\program files\FLV PlayerRCATSetup.exe
2008-12-29 09:53 . 2008-12-29 09:52	20938728	----a-w-	c:\program files\FLV PlayerRCSetup.exe
.

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Picasa Media Detector"="c:\program files\Picasa2\PicasaMediaDetector.exe" [2008-02-26 443968]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
"StartServiceLBNSSBFP"="c:\users\Johannes\AppData\Local\LBNSSBFP\StartService.exe" [2010-05-03 409600]
"Steam"="d:\spiele\Steam\Steam.exe" [2010-05-07 1238352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"RtHDVCpl"="RtHDVCpl.exe" [2008-08-27 6281760]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"EnergySettings"="c:\program files\Fujitsu Siemens Computers\Energy Settings\EnergySettings.exe" [2008-09-19 113664]
"Google EULA Launcher"="c:\program files\Google\Google EULA\GoogleEULALauncher.exe" [2008-05-28 20480]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2008-03-25 49152]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-09-17 13580832]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-09-17 92704]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-08-20 150016]
"Skytel"="Skytel.exe" [2008-08-27 1833504]
"LogMeIn Hamachi Ui"="c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe" [2010-03-30 1820040]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-04-12 1135912]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-03-02 282792]
" Malwarebytes Anti-Malware  (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-04-29 1090952]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Picasa Media Detector"="c:\program files\Picasa2\PicasaMediaDetector.exe" [2008-02-26 443968]

c:\users\Johannes\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2008-3-25 214360]
SnagIt 9.lnk - c:\program files\TechSmith\SnagIt 9\SnagIt32.exe [2008-5-15 6822728]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):d6,8e,2d,f2,98,96,ca,01

R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\MAGIX\Common\Database\bin\fbserver.exe [2005-11-17 1527900]
R4 UPnPService;UPnPService;c:\program files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe [2006-12-14 544768]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2010-02-24 135336]
S2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [2010-03-30 1107336]
S2 TeamViewer4;TeamViewer 4;c:\program files\TeamViewer\Version4\TeamViewer_Service.exe [2009-10-07 185640]
S2 TeamViewer5;TeamViewer 5;c:\program files\TeamViewer\Version5\TeamViewer_Service.exe [2010-01-12 185640]
S3 RTL85n86;Belkin Wireless G Notebook Card Service v8;c:\windows\system32\DRIVERS\RTL85n86.sys [2007-03-12 354816]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12	REG_MULTI_SZ   	Pml Driver HPZ12 Net Driver HPZ12
HPService	REG_MULTI_SZ   	HPSLPSVC
hpdevmgmt	REG_MULTI_SZ   	hpqcxs08 hpqddsvc
LocalServiceAndNoImpersonation	REG_MULTI_SZ   	FontCache
.
Inhalt des "geplante Tasks" Ordners

2010-05-07 c:\windows\Tasks\User_Feed_Synchronization-{A250949A-1191-4172-BE04-ADF5CCC93F80}.job
- c:\windows\system32\msfeedssync.exe [2010-03-31 04:54]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://start.icq.com/
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=FUJD&bmod=FUJD
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Johannes\AppData\Roaming\Mozilla\Firefox\Profiles\k68k1rp0.default\
FF - prefs.js: browser.search.defaulturl - 
FF - prefs.js: browser.search.selectedEngine - 
FF - prefs.js: browser.startup.homepage - sport1.de
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava11.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava12.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava13.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava14.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava32.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJPI150_06.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPOJI610.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX Richtlinien ----
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation",  false);
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -

URLSearchHooks-{EEE6C35D-6118-11DC-9C72-001320C79847} - (no file)
WebBrowser-{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - (no file)
WebBrowser-{EEE6C35B-6118-11DC-9C72-001320C79847} - (no file)
HKU-Default-Run-fsc-reg - c:\fsc-reg\fscreg.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2010-05-07 16:48
Windows 6.0.6002 Service Pack 2 NTFS

Scanne versteckte Prozesse... 

Scanne versteckte Autostarteinträge... 

Scanne versteckte Dateien... 


c:\users\Johannes\AppData\Local\Temp\catchme.dll 53248 bytes executable

Scan erfolgreich abgeschlossen
versteckte Dateien: 1

**************************************************************************
.
Zeit der Fertigstellung: 2010-05-07  16:50:31
ComboFix-quarantined-files.txt  2010-05-07 14:50

Vor Suchlauf: 14 Verzeichnis(se), 238.606.979.072 Bytes frei
Nach Suchlauf: 18 Verzeichnis(se), 238.586.081.280 Bytes frei

- - End Of File - - A2AD880B140A82397C1938EE187EE511
         

Alt 07.05.2010, 21:20   #13
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Viele Viren und Trojaner Funde, Icq Virus... - Standard

Viele Viren und Trojaner Funde, Icq Virus...



Sieht gut aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!

Edith schreit HALT!
Einen Ordner hätte ich gefunden der weg sollte => c:\users\Johannes\AppData\Local\LBNSSBFP
Probiers als OTL-Fix (hast Du ja schonmal gemacht )

Code:
ATTFilter
:Files
c:\users\Johannes\AppData\Local\LBNSSBFP
:Commands
[emptytemp]
         
__________________
"Ich habe viel Geld für Alkohol, Weiber und schnelle Autos ausgegeben. Den Rest hab’ ich einfach nur verprasst." - George Best

Warum Linux besser als Windows ist!


Das Trojaner-Board unterstützen

Geändert von cosinus (07.05.2010 um 21:27 Uhr)

Alt 10.05.2010, 18:29   #14
SiebenSchlae
 
Viele Viren und Trojaner Funde, Icq Virus... - Standard

Viele Viren und Trojaner Funde, Icq Virus...



OTL fix log:
Code:
ATTFilter
All processes killed
========== FILES ==========
c:\users\Johannes\AppData\Local\LBNSSBFP folder moved successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Johannes
->Temp folder emptied: 1375030 bytes
->Temporary Internet Files folder emptied: 6858570 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 73901335 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 2252 bytes
 
User: Jonas Kreß
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Michael Kreß
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Public
->Temp folder emptied: 0 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 23302 bytes
RecycleBin emptied: 188416 bytes
 
Total Files Cleaned = 79,00 mb
 
 
OTL by OldTimer - Version 3.2.4.1 log created on 05102010_175906

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...
         
Malwarebytes und Antispyware mache ich auch sofort.

Alt 11.05.2010, 21:52   #15
SiebenSchlae
 
Viele Viren und Trojaner Funde, Icq Virus... - Standard

Viele Viren und Trojaner Funde, Icq Virus...



mbam:
Code:
ATTFilter
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 4086

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18904

10.05.2010 19:54:47
mbam-log-2010-05-10 (19-54-47).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 308871
Laufzeit: 52 Minute(n), 54 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 4

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
C:\Users\Johannes\AppData\LocalLow\Smart-Ads-Solutions\SmartAds\download\bndl_1540.exe (Adware.SmartAds) -> Quarantined and deleted successfully.
C:\_OTL\MovedFiles\05062010_214111\C_Users\Johannes\AppData\Roaming\501902D68DB8CA7AFA6AFDC173D4967F\gotnewupdate000.exe (Trojan.FraudPack) -> Quarantined and deleted successfully.
C:\_OTL\MovedFiles\05062010_214111\C_Windows\Wtihyc.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\_OTL\MovedFiles\05062010_214111\C_Windows\Wtihyd.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
         

Antwort

Themen zu Viele Viren und Trojaner Funde, Icq Virus...
alle kontakte, antivir guard, avg, avira, bho, browser, computer, defender, desktop, exe, firefox, g data, google, internet, internet explorer, local\temp, mozilla, neu aufsetzen, picasa, rundll, senden, server, software, system, teamspeak, trojaner, viele viren, viren, vista, werbung, windows



Ähnliche Themen: Viele Viren und Trojaner Funde, Icq Virus...


  1. Viele Funde mit MBAM
    Plagegeister aller Art und deren Bekämpfung - 12.11.2015 (10)
  2. Viele Funde via MBAM Windows 8, kein log file gespeichert?
    Log-Analyse und Auswertung - 12.11.2014 (7)
  3. Malwarebytes Anti-Malware viele Funde, z.B. SpyEyes, Exploit.Drop2
    Plagegeister aller Art und deren Bekämpfung - 13.08.2014 (15)
  4. Zugang bei Emailproider wg Trojanerverdacht gesperrt und viele Funde mit malewarbytes
    Log-Analyse und Auswertung - 08.08.2014 (24)
  5. Extrem viele Funde mit AVIRA und Malwarebytes
    Log-Analyse und Auswertung - 24.03.2014 (13)
  6. Windows 7: diverse Probleme und viele Funde bei MWB Antimalware
    Log-Analyse und Auswertung - 06.03.2014 (15)
  7. Vista: Viele Funde durch MBAM, Zugangsprobleme Internet, PC langsam
    Log-Analyse und Auswertung - 04.03.2014 (11)
  8. Win7-64 Malwarebytes viele Funde, Snapdo
    Log-Analyse und Auswertung - 19.01.2014 (11)
  9. Windows 7: Snap-do und div. Trojaner/Viren eingefangen , Avira und Malwarebytes-Funde
    Log-Analyse und Auswertung - 03.10.2013 (12)
  10. Windows 7: Avira hat 172 Viren gefunden, davor mehrer Funde einzel Funde bei Malwarebytes bzw. Avira
    Log-Analyse und Auswertung - 15.09.2013 (13)
  11. Malwarebytes Log - Viele Funde
    Log-Analyse und Auswertung - 08.09.2013 (7)
  12. Malwarebytes Log analyse (viele Funde!)
    Log-Analyse und Auswertung - 20.08.2013 (14)
  13. Zu viele Viren, Bezahlen und Herunterladen! - Virus
    Plagegeister aller Art und deren Bekämpfung - 11.05.2012 (4)
  14. viele Viren/Trojaner-Funde in letzter Zeit
    Plagegeister aller Art und deren Bekämpfung - 09.03.2011 (18)
  15. Viele Viren und Trojaner entfernt, ist Sicherheit wieder hergestellt?
    Plagegeister aller Art und deren Bekämpfung - 11.06.2009 (1)
  16. Ziemlich viele Funde in kurzer Zeit (Vundo.Gen/Agent.Age)
    Log-Analyse und Auswertung - 15.04.2007 (10)
  17. Viele trojaner/viren
    Plagegeister aller Art und deren Bekämpfung - 18.07.2005 (2)

Zum Thema Viele Viren und Trojaner Funde, Icq Virus... - Hallo Antivir hat auf dem Computer eines Kumpels, nach einer System Durchsuchung, sehr viele Trojaner, Viren und andre Schädlinge gefunden. Desweiteren schließt sich sein icq einfach so, geht alle Kontakte - Viele Viren und Trojaner Funde, Icq Virus......
Archiv
Du betrachtest: Viele Viren und Trojaner Funde, Icq Virus... auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.