Trojaner-Board
Seite 2 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Maßnahmen nach XP-Recovery und Trojan:Win32/Alureon Microsoft (https://www.trojaner-board.de/100081-massnahmen-xp-recovery-trojan-win32-alureon-microsoft.html)

abuarmin 10.06.2011 21:41
Arne, hier das Resultat:

========== OTL ==========
Folder move failed. C:\7060f2ea2812502ce0\setup\system scheduled to be moved on reboot.
Folder move failed. C:\7060f2ea2812502ce0\setup\program files\microsoft.net\adomd.net\90\en scheduled to be moved on reboot.
Folder move failed. C:\7060f2ea2812502ce0\setup\program files\microsoft.net\adomd.net\90\de scheduled to be moved on reboot.
Folder move failed. C:\7060f2ea2812502ce0\setup\program files\microsoft.net\adomd.net\90 scheduled to be moved on reboot.
Folder move failed. C:\7060f2ea2812502ce0\setup\program files\microsoft.net\adomd.net scheduled to be moved on reboot.
Folder move failed. C:\7060f2ea2812502ce0\setup\program files\microsoft.net scheduled to be moved on reboot.
Folder move failed. C:\7060f2ea2812502ce0\setup\program files\microsoft sql server\x86\install scheduled to be moved on reboot.
Folder move failed. C:\7060f2ea2812502ce0\setup\program files\microsoft sql server\x86\data scheduled to be moved on reboot.
Folder move failed. C:\7060f2ea2812502ce0\setup\program files\microsoft sql server\x86\binn\res\1033 scheduled to be moved on reboot.
Folder move failed. C:\7060f2ea2812502ce0\setup\program files\microsoft sql server\x86\binn\res\1031 scheduled to be moved on reboot.
Folder move failed. C:\7060f2ea2812502ce0\setup\program files\microsoft sql server\x86\binn\res scheduled to be moved on reboot.
Folder move failed. C:\7060f2ea2812502ce0\setup\program files\microsoft sql server\x86\binn\de scheduled to be moved on reboot.
Folder move failed. C:\7060f2ea2812502ce0\setup\program files\microsoft sql server\x86\binn scheduled to be moved on reboot.
Folder move failed. C:\7060f2ea2812502ce0\setup\program files\microsoft sql server\x86 scheduled to be moved on reboot.
Folder move failed. C:\7060f2ea2812502ce0\setup\program files\microsoft sql server\common files\microsoft shared\database replication\resources\1033 scheduled to be moved on reboot.
Folder move failed. C:\7060f2ea2812502ce0\setup\program files\microsoft sql server\common files\microsoft shared\database replication\resources\1031 scheduled to be moved on reboot.
Folder move failed. C:\7060f2ea2812502ce0\setup\program files\microsoft sql server\common files\microsoft shared\database replication\resources scheduled to be moved on reboot.
Folder move failed. C:\7060f2ea2812502ce0\setup\program files\microsoft sql server\common files\microsoft shared\database replication scheduled to be moved on reboot.
Folder move failed. C:\7060f2ea2812502ce0\setup\program files\microsoft sql server\common files\microsoft shared scheduled to be moved on reboot.
Folder move failed. C:\7060f2ea2812502ce0\setup\program files\microsoft sql server\common files scheduled to be moved on reboot.
Folder move failed. C:\7060f2ea2812502ce0\setup\program files\microsoft sql server\90\tools\binn\windows\winsxs\z8ww3aes.lm8 scheduled to be moved on reboot.
Folder move failed. C:\7060f2ea2812502ce0\setup\program files\microsoft sql server\90\tools\binn\windows\winsxs\r6hpravq.lm8 scheduled to be moved on reboot.
Folder move failed. C:\7060f2ea2812502ce0\setup\program files\microsoft sql server\90\tools\binn\windows\winsxs\policies\y8ww3aes.lm8 scheduled to be moved on reboot.
Folder move failed. C:\7060f2ea2812502ce0\setup\program files\microsoft sql server\90\tools\binn\windows\winsxs\policies\67wtistq.lm8 scheduled to be moved on reboot.
Folder move failed. C:\7060f2ea2812502ce0\setup\program files\microsoft sql server\90\tools\binn\windows\winsxs\policies\2kfkwlwq.lm8 scheduled to be moved on reboot.
Folder move failed. C:\7060f2ea2812502ce0\setup\program files\microsoft sql server\90\tools\binn\windows\winsxs\policies\2ggml9qs.lm8 scheduled to be moved on reboot.
Folder move failed. C:\7060f2ea2812502ce0\setup\program files\microsoft sql server\90\tools\binn\windows\winsxs\policies scheduled to be moved on reboot.
Folder move failed. C:\7060f2ea2812502ce0\setup\program files\microsoft sql server\90\tools\binn\windows\winsxs\p6hpravq.lm8 scheduled to be moved on reboot.
Folder move failed. C:\7060f2ea2812502ce0\setup\program files\microsoft sql server\90\tools\binn\windows\winsxs\manifests scheduled to be moved on reboot.
Folder move failed. C:\7060f2ea2812502ce0\setup\program files\microsoft sql server\90\tools\binn\windows\winsxs\jwfvlhtq.lm8 scheduled to be moved on reboot.
Folder move failed. C:\7060f2ea2812502ce0\setup\program files\microsoft sql server\90\tools\binn\windows\winsxs\hwfvlhtq.lm8 scheduled to be moved on reboot.
Folder move failed. C:\7060f2ea2812502ce0\setup\program files\microsoft sql server\90\tools\binn\windows\winsxs\bql1q2cs.lm8 scheduled to be moved on reboot.
Folder move failed. C:\7060f2ea2812502ce0\setup\program files\microsoft sql server\90\tools\binn\windows\winsxs\9ql1q2cs.lm8 scheduled to be moved on reboot.
Folder move failed. C:\7060f2ea2812502ce0\setup\program files\microsoft sql server\90\tools\binn\windows\winsxs\77wtistq.lm8 scheduled to be moved on reboot.
Folder move failed. C:\7060f2ea2812502ce0\setup\program files\microsoft sql server\90\tools\binn\windows\winsxs\3kn09qps.lm8 scheduled to be moved on reboot.
Folder move failed. C:\7060f2ea2812502ce0\setup\program files\microsoft sql server\90\tools\binn\windows\winsxs\3kfkwlwq.lm8 scheduled to be moved on reboot.
Folder move failed. C:\7060f2ea2812502ce0\setup\program files\microsoft sql server\90\tools\binn\windows\winsxs\3ggml9qs.lm8 scheduled to be moved on reboot.
Folder move failed. C:\7060f2ea2812502ce0\setup\program files\microsoft sql server\90\tools\binn\windows\winsxs\1kn09qps.lm8 scheduled to be moved on reboot.
Folder move failed. C:\7060f2ea2812502ce0\setup\program files\microsoft sql server\90\tools\binn\windows\winsxs scheduled to be moved on reboot.
Folder move failed. C:\7060f2ea2812502ce0\setup\program files\microsoft sql server\90\tools\binn\windows\system32\ansi scheduled to be moved on reboot.
Folder move failed. C:\7060f2ea2812502ce0\setup\program files\microsoft sql server\90\tools\binn\windows\system32 scheduled to be moved on reboot.
Folder move failed. C:\7060f2ea2812502ce0\setup\program files\microsoft sql server\90\tools\binn\windows scheduled to be moved on reboot.
Folder move failed. C:\7060f2ea2812502ce0\setup\program files\microsoft sql server\90\tools\binn\schemas\sqlserver\2004\sqltypes scheduled to be moved on reboot.
Folder move failed. C:\7060f2ea2812502ce0\setup\program files\microsoft sql server\90\tools\binn\schemas\sqlserver\2004\soap\types\sqltransaction scheduled to be moved on reboot.
Folder move failed. C:\7060f2ea2812502ce0\setup\program files\microsoft sql server\90\tools\binn\schemas\sqlserver\2004\soap\types\sqlrowcount scheduled to be moved on reboot.
Folder move failed. C:\7060f2ea2812502ce0\setup\program files\microsoft sql server\90\tools\binn\schemas\sqlserver\2004\soap\types\sqlresultstream scheduled to be moved on reboot.
Folder move failed. C:\7060f2ea2812502ce0\setup\program files\microsoft sql server\90\tools\binn\schemas\sqlserver\2004\soap\types\sqlparameter scheduled to be moved on reboot.
Folder move failed. C:\7060f2ea2812502ce0\setup\program files\microsoft sql server\90\tools\binn\schemas\sqlserver\2004\soap\types\sqlmessage scheduled to be moved on reboot.
Folder move failed. C:\7060f2ea2812502ce0\setup\program files\microsoft sql server\90\tools\binn\schemas\sqlserver\2004\soap\types scheduled to be moved on reboot.
Folder move failed. C:\7060f2ea2812502ce0\setup\program files\microsoft sql server\90\tools\binn\schemas\sqlserver\2004\soap\options scheduled to be moved on reboot.
Folder move failed. C:\7060f2ea2812502ce0\setup\program files\microsoft sql server\90\tools\binn\schemas\sqlserver\2004\soap scheduled to be moved on reboot.
Folder move failed. C:\7060f2ea2812502ce0\setup\program files\microsoft sql server\90\tools\binn\schemas\sqlserver\2004\bulkload\format scheduled to be moved on reboot.
Folder move failed. C:\7060f2ea2812502ce0\setup\program files\microsoft sql server\90\tools\binn\schemas\sqlserver\2004\bulkload scheduled to be moved on reboot.
Folder move failed. C:\7060f2ea2812502ce0\setup\program files\microsoft sql server\90\tools\binn\schemas\sqlserver\2004\07\showplan scheduled to be moved on reboot.
Folder move failed. C:\7060f2ea2812502ce0\setup\program files\microsoft sql server\90\tools\binn\schemas\sqlserver\2004\07\queryprocessor scheduled to be moved on reboot.
Folder move failed. C:\7060f2ea2812502ce0\setup\program files\microsoft sql server\90\tools\binn\schemas\sqlserver\2004\07\dta scheduled to be moved on reboot.
Folder move failed. C:\7060f2ea2812502ce0\setup\program files\microsoft sql server\90\tools\binn\schemas\sqlserver\2004\07 scheduled to be moved on reboot.
Folder move failed. C:\7060f2ea2812502ce0\setup\program files\microsoft sql server\90\tools\binn\schemas\sqlserver\2004 scheduled to be moved on reboot.
Folder move failed. C:\7060f2ea2812502ce0\setup\program files\microsoft sql server\90\tools\binn\schemas\sqlserver scheduled to be moved on reboot.
Folder move failed. C:\7060f2ea2812502ce0\setup\program files\microsoft sql server\90\tools\binn\schemas scheduled to be moved on reboot.
Folder move failed. C:\7060f2ea2812502ce0\setup\program files\microsoft sql server\90\tools\binn\resources\1033 scheduled to be moved on reboot.
Folder move failed. C:\7060f2ea2812502ce0\setup\program files\microsoft sql server\90\tools\binn\resources\1031 scheduled to be moved on reboot.
Folder move failed. C:\7060f2ea2812502ce0\setup\program files\microsoft sql server\90\tools\binn\resources scheduled to be moved on reboot.
Folder move failed. C:\7060f2ea2812502ce0\setup\program files\microsoft sql server\90\tools\binn scheduled to be moved on reboot.
Folder move failed. C:\7060f2ea2812502ce0\setup\program files\microsoft sql server\90\tools scheduled to be moved on reboot.
Folder move failed. C:\7060f2ea2812502ce0\setup\program files\microsoft sql server\90\shared\resources\1033 scheduled to be moved on reboot.
Folder move failed. C:\7060f2ea2812502ce0\setup\program files\microsoft sql server\90\shared\resources\1031 scheduled to be moved on reboot.
Folder move failed. C:\7060f2ea2812502ce0\setup\program files\microsoft sql server\90\shared\resources scheduled to be moved on reboot.
Folder move failed. C:\7060f2ea2812502ce0\setup\program files\microsoft sql server\90\shared\de scheduled to be moved on reboot.
Folder move failed. C:\7060f2ea2812502ce0\setup\program files\microsoft sql server\90\shared scheduled to be moved on reboot.
Folder move failed. C:\7060f2ea2812502ce0\setup\program files\microsoft sql server\90\sdk\assemblies\en scheduled to be moved on reboot.
Folder move failed. C:\7060f2ea2812502ce0\setup\program files\microsoft sql server\90\sdk\assemblies\de scheduled to be moved on reboot.
Folder move failed. C:\7060f2ea2812502ce0\setup\program files\microsoft sql server\90\sdk\assemblies scheduled to be moved on reboot.
Folder move failed. C:\7060f2ea2812502ce0\setup\program files\microsoft sql server\90\sdk scheduled to be moved on reboot.
Folder move failed. C:\7060f2ea2812502ce0\setup\program files\microsoft sql server\90\gac\de scheduled to be moved on reboot.
Folder move failed. C:\7060f2ea2812502ce0\setup\program files\microsoft sql server\90\gac scheduled to be moved on reboot.
Folder move failed. C:\7060f2ea2812502ce0\setup\program files\microsoft sql server\90\eula scheduled to be moved on reboot.
Folder move failed. C:\7060f2ea2812502ce0\setup\program files\microsoft sql server\90\com\resources\1033 scheduled to be moved on reboot.
Folder move failed. C:\7060f2ea2812502ce0\setup\program files\microsoft sql server\90\com\resources\1031 scheduled to be moved on reboot.
Folder move failed. C:\7060f2ea2812502ce0\setup\program files\microsoft sql server\90\com\resources scheduled to be moved on reboot.
Folder move failed. C:\7060f2ea2812502ce0\setup\program files\microsoft sql server\90\com\en scheduled to be moved on reboot.
Folder move failed. C:\7060f2ea2812502ce0\setup\program files\microsoft sql server\90\com\de scheduled to be moved on reboot.
Folder move failed. C:\7060f2ea2812502ce0\setup\program files\microsoft sql server\90\com scheduled to be moved on reboot.
Folder move failed. C:\7060f2ea2812502ce0\setup\program files\microsoft sql server\90 scheduled to be moved on reboot.
Folder move failed. C:\7060f2ea2812502ce0\setup\program files\microsoft sql server\80\tools\binn\resources\1033 scheduled to be moved on reboot.
Folder move failed. C:\7060f2ea2812502ce0\setup\program files\microsoft sql server\80\tools\binn\resources\1031 scheduled to be moved on reboot.
Folder move failed. C:\7060f2ea2812502ce0\setup\program files\microsoft sql server\80\tools\binn\resources scheduled to be moved on reboot.
Folder move failed. C:\7060f2ea2812502ce0\setup\program files\microsoft sql server\80\tools\binn scheduled to be moved on reboot.
Folder move failed. C:\7060f2ea2812502ce0\setup\program files\microsoft sql server\80\tools scheduled to be moved on reboot.
Folder move failed. C:\7060f2ea2812502ce0\setup\program files\microsoft sql server\80 scheduled to be moved on reboot.
Folder move failed. C:\7060f2ea2812502ce0\setup\program files\microsoft sql server scheduled to be moved on reboot.
Folder move failed. C:\7060f2ea2812502ce0\setup\program files\common files\microsoft shared\sql debugging scheduled to be moved on reboot.
Folder move failed. C:\7060f2ea2812502ce0\setup\program files\common files\microsoft shared scheduled to be moved on reboot.
Folder move failed. C:\7060f2ea2812502ce0\setup\program files\common files scheduled to be moved on reboot.
Folder move failed. C:\7060f2ea2812502ce0\setup\program files scheduled to be moved on reboot.
Folder move failed. C:\7060f2ea2812502ce0\setup\images scheduled to be moved on reboot.
Folder move failed. C:\7060f2ea2812502ce0\setup\help\1033 scheduled to be moved on reboot.
Folder move failed. C:\7060f2ea2812502ce0\setup\help\1031 scheduled to be moved on reboot.
Folder move failed. C:\7060f2ea2812502ce0\setup\help scheduled to be moved on reboot.
Folder move failed. C:\7060f2ea2812502ce0\setup scheduled to be moved on reboot.
C:\7060f2ea2812502ce0\1031 folder moved successfully.
C:\7060f2ea2812502ce0 folder moved successfully.
Folder move failed. C:\8218266a1cc31ae583832e\hotfixexpress\files scheduled to be moved on reboot.
C:\8218266a1cc31ae583832e\hotfixexpress folder moved successfully.
C:\8218266a1cc31ae583832e\1031 folder moved successfully.
C:\8218266a1cc31ae583832e folder moved successfully.
C:\found.000 folder moved successfully.
C:\bd_logs folder moved successfully.
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\~16637732r moved successfully.
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\~16637732 moved successfully.
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\16637732 moved successfully.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.23.0 log created on 06102011_222415

Files\Folders moved on Reboot...
File\Folder C:\7060f2ea2812502ce0\setup\system not found!
File\Folder C:\7060f2ea2812502ce0\setup\program files\microsoft.net\adomd.net\90\en not found!
File\Folder C:\7060f2ea2812502ce0\setup\program files\microsoft.net\adomd.net\90\de not found!
File\Folder C:\7060f2ea2812502ce0\setup\program files\microsoft.net\adomd.net\90 not found!
File\Folder C:\7060f2ea2812502ce0\setup\program files\microsoft.net\adomd.net not found!
File\Folder C:\7060f2ea2812502ce0\setup\program files\microsoft.net not found!
File\Folder C:\7060f2ea2812502ce0\setup\program files\microsoft sql server\x86\install not found!
File\Folder C:\7060f2ea2812502ce0\setup\program files\microsoft sql server\x86\data not found!
File\Folder C:\7060f2ea2812502ce0\setup\program files\microsoft sql server\x86\binn\res\1033 not found!
File\Folder C:\7060f2ea2812502ce0\setup\program files\microsoft sql server\x86\binn\res\1031 not found!
File\Folder C:\7060f2ea2812502ce0\setup\program files\microsoft sql server\x86\binn\res not found!
File\Folder C:\7060f2ea2812502ce0\setup\program files\microsoft sql server\x86\binn\de not found!
File\Folder C:\7060f2ea2812502ce0\setup\program files\microsoft sql server\x86\binn not found!
File\Folder C:\7060f2ea2812502ce0\setup\program files\microsoft sql server\x86 not found!
File\Folder C:\7060f2ea2812502ce0\setup\program files\microsoft sql server\common files\microsoft shared\database replication\resources\1033 not found!
File\Folder C:\7060f2ea2812502ce0\setup\program files\microsoft sql server\common files\microsoft shared\database replication\resources\1031 not found!
File\Folder C:\7060f2ea2812502ce0\setup\program files\microsoft sql server\common files\microsoft shared\database replication\resources not found!
File\Folder C:\7060f2ea2812502ce0\setup\program files\microsoft sql server\common files\microsoft shared\database replication not found!
File\Folder C:\7060f2ea2812502ce0\setup\program files\microsoft sql server\common files\microsoft shared not found!
File\Folder C:\7060f2ea2812502ce0\setup\program files\microsoft sql server\common files not found!
File\Folder C:\7060f2ea2812502ce0\setup\program files\microsoft sql server\90\tools\binn\windows\winsxs\z8ww3aes.lm8 not found!
File\Folder C:\7060f2ea2812502ce0\setup\program files\microsoft sql server\90\tools\binn\windows\winsxs\r6hpravq.lm8 not found!
File\Folder C:\7060f2ea2812502ce0\setup\program files\microsoft sql server\90\tools\binn\windows\winsxs\policies\y8ww3aes.lm8 not found!
File\Folder C:\7060f2ea2812502ce0\setup\program files\microsoft sql server\90\tools\binn\windows\winsxs\policies\67wtistq.lm8 not found!
File\Folder C:\7060f2ea2812502ce0\setup\program files\microsoft sql server\90\tools\binn\windows\winsxs\policies\2kfkwlwq.lm8 not found!
File\Folder C:\7060f2ea2812502ce0\setup\program files\microsoft sql server\90\tools\binn\windows\winsxs\policies\2ggml9qs.lm8 not found!
File\Folder C:\7060f2ea2812502ce0\setup\program files\microsoft sql server\90\tools\binn\windows\winsxs\policies not found!
File\Folder C:\7060f2ea2812502ce0\setup\program files\microsoft sql server\90\tools\binn\windows\winsxs\p6hpravq.lm8 not found!
File\Folder C:\7060f2ea2812502ce0\setup\program files\microsoft sql server\90\tools\binn\windows\winsxs\manifests not found!
File\Folder C:\7060f2ea2812502ce0\setup\program files\microsoft sql server\90\tools\binn\windows\winsxs\jwfvlhtq.lm8 not found!
File\Folder C:\7060f2ea2812502ce0\setup\program files\microsoft sql server\90\tools\binn\windows\winsxs\hwfvlhtq.lm8 not found!
File\Folder C:\7060f2ea2812502ce0\setup\program files\microsoft sql server\90\tools\binn\windows\winsxs\bql1q2cs.lm8 not found!
File\Folder C:\7060f2ea2812502ce0\setup\program files\microsoft sql server\90\tools\binn\windows\winsxs\9ql1q2cs.lm8 not found!
File\Folder C:\7060f2ea2812502ce0\setup\program files\microsoft sql server\90\tools\binn\windows\winsxs\77wtistq.lm8 not found!
File\Folder C:\7060f2ea2812502ce0\setup\program files\microsoft sql server\90\tools\binn\windows\winsxs\3kn09qps.lm8 not found!
File\Folder C:\7060f2ea2812502ce0\setup\program files\microsoft sql server\90\tools\binn\windows\winsxs\3kfkwlwq.lm8 not found!
File\Folder C:\7060f2ea2812502ce0\setup\program files\microsoft sql server\90\tools\binn\windows\winsxs\3ggml9qs.lm8 not found!
File\Folder C:\7060f2ea2812502ce0\setup\program files\microsoft sql server\90\tools\binn\windows\winsxs\1kn09qps.lm8 not found!
File\Folder C:\7060f2ea2812502ce0\setup\program files\microsoft sql server\90\tools\binn\windows\winsxs not found!
File\Folder C:\7060f2ea2812502ce0\setup\program files\microsoft sql server\90\tools\binn\windows\system32\ansi not found!
File\Folder C:\7060f2ea2812502ce0\setup\program files\microsoft sql server\90\tools\binn\windows\system32 not found!
File\Folder C:\7060f2ea2812502ce0\setup\program files\microsoft sql server\90\tools\binn\windows not found!
File\Folder C:\7060f2ea2812502ce0\setup\program files\microsoft sql server\90\tools\binn\schemas\sqlserver\2004\sqltypes not found!
File\Folder C:\7060f2ea2812502ce0\setup\program files\microsoft sql server\90\tools\binn\schemas\sqlserver\2004\soap\types\sqltransaction not found!
File\Folder C:\7060f2ea2812502ce0\setup\program files\microsoft sql server\90\tools\binn\schemas\sqlserver\2004\soap\types\sqlrowcount not found!
File\Folder C:\7060f2ea2812502ce0\setup\program files\microsoft sql server\90\tools\binn\schemas\sqlserver\2004\soap\types\sqlresultstream not found!
File\Folder C:\7060f2ea2812502ce0\setup\program files\microsoft sql server\90\tools\binn\schemas\sqlserver\2004\soap\types\sqlparameter not found!
File\Folder C:\7060f2ea2812502ce0\setup\program files\microsoft sql server\90\tools\binn\schemas\sqlserver\2004\soap\types\sqlmessage not found!
File\Folder C:\7060f2ea2812502ce0\setup\program files\microsoft sql server\90\tools\binn\schemas\sqlserver\2004\soap\types not found!
File\Folder C:\7060f2ea2812502ce0\setup\program files\microsoft sql server\90\tools\binn\schemas\sqlserver\2004\soap\options not found!
File\Folder C:\7060f2ea2812502ce0\setup\program files\microsoft sql server\90\tools\binn\schemas\sqlserver\2004\soap not found!
File\Folder C:\7060f2ea2812502ce0\setup\program files\microsoft sql server\90\tools\binn\schemas\sqlserver\2004\bulkload\format not found!
File\Folder C:\7060f2ea2812502ce0\setup\program files\microsoft sql server\90\tools\binn\schemas\sqlserver\2004\bulkload not found!
File\Folder C:\7060f2ea2812502ce0\setup\program files\microsoft sql server\90\tools\binn\schemas\sqlserver\2004\07\showplan not found!
File\Folder C:\7060f2ea2812502ce0\setup\program files\microsoft sql server\90\tools\binn\schemas\sqlserver\2004\07\queryprocessor not found!
File\Folder C:\7060f2ea2812502ce0\setup\program files\microsoft sql server\90\tools\binn\schemas\sqlserver\2004\07\dta not found!
File\Folder C:\7060f2ea2812502ce0\setup\program files\microsoft sql server\90\tools\binn\schemas\sqlserver\2004\07 not found!
File\Folder C:\7060f2ea2812502ce0\setup\program files\microsoft sql server\90\tools\binn\schemas\sqlserver\2004 not found!
File\Folder C:\7060f2ea2812502ce0\setup\program files\microsoft sql server\90\tools\binn\schemas\sqlserver not found!
File\Folder C:\7060f2ea2812502ce0\setup\program files\microsoft sql server\90\tools\binn\schemas not found!
File\Folder C:\7060f2ea2812502ce0\setup\program files\microsoft sql server\90\tools\binn\resources\1033 not found!
File\Folder C:\7060f2ea2812502ce0\setup\program files\microsoft sql server\90\tools\binn\resources\1031 not found!
File\Folder C:\7060f2ea2812502ce0\setup\program files\microsoft sql server\90\tools\binn\resources not found!
File\Folder C:\7060f2ea2812502ce0\setup\program files\microsoft sql server\90\tools\binn not found!
File\Folder C:\7060f2ea2812502ce0\setup\program files\microsoft sql server\90\tools not found!
File\Folder C:\7060f2ea2812502ce0\setup\program files\microsoft sql server\90\shared\resources\1033 not found!
File\Folder C:\7060f2ea2812502ce0\setup\program files\microsoft sql server\90\shared\resources\1031 not found!
File\Folder C:\7060f2ea2812502ce0\setup\program files\microsoft sql server\90\shared\resources not found!
File\Folder C:\7060f2ea2812502ce0\setup\program files\microsoft sql server\90\shared\de not found!
File\Folder C:\7060f2ea2812502ce0\setup\program files\microsoft sql server\90\shared not found!
File\Folder C:\7060f2ea2812502ce0\setup\program files\microsoft sql server\90\sdk\assemblies\en not found!
File\Folder C:\7060f2ea2812502ce0\setup\program files\microsoft sql server\90\sdk\assemblies\de not found!
File\Folder C:\7060f2ea2812502ce0\setup\program files\microsoft sql server\90\sdk\assemblies not found!
File\Folder C:\7060f2ea2812502ce0\setup\program files\microsoft sql server\90\sdk not found!
File\Folder C:\7060f2ea2812502ce0\setup\program files\microsoft sql server\90\gac\de not found!
File\Folder C:\7060f2ea2812502ce0\setup\program files\microsoft sql server\90\gac not found!
File\Folder C:\7060f2ea2812502ce0\setup\program files\microsoft sql server\90\eula not found!
File\Folder C:\7060f2ea2812502ce0\setup\program files\microsoft sql server\90\com\resources\1033 not found!
File\Folder C:\7060f2ea2812502ce0\setup\program files\microsoft sql server\90\com\resources\1031 not found!
File\Folder C:\7060f2ea2812502ce0\setup\program files\microsoft sql server\90\com\resources not found!
File\Folder C:\7060f2ea2812502ce0\setup\program files\microsoft sql server\90\com\en not found!
File\Folder C:\7060f2ea2812502ce0\setup\program files\microsoft sql server\90\com\de not found!
File\Folder C:\7060f2ea2812502ce0\setup\program files\microsoft sql server\90\com not found!
File\Folder C:\7060f2ea2812502ce0\setup\program files\microsoft sql server\90 not found!
File\Folder C:\7060f2ea2812502ce0\setup\program files\microsoft sql server\80\tools\binn\resources\1033 not found!
File\Folder C:\7060f2ea2812502ce0\setup\program files\microsoft sql server\80\tools\binn\resources\1031 not found!
File\Folder C:\7060f2ea2812502ce0\setup\program files\microsoft sql server\80\tools\binn\resources not found!
File\Folder C:\7060f2ea2812502ce0\setup\program files\microsoft sql server\80\tools\binn not found!
File\Folder C:\7060f2ea2812502ce0\setup\program files\microsoft sql server\80\tools not found!
File\Folder C:\7060f2ea2812502ce0\setup\program files\microsoft sql server\80 not found!
File\Folder C:\7060f2ea2812502ce0\setup\program files\microsoft sql server not found!
File\Folder C:\7060f2ea2812502ce0\setup\program files\common files\microsoft shared\sql debugging not found!
File\Folder C:\7060f2ea2812502ce0\setup\program files\common files\microsoft shared not found!
File\Folder C:\7060f2ea2812502ce0\setup\program files\common files not found!
File\Folder C:\7060f2ea2812502ce0\setup\program files not found!
File\Folder C:\7060f2ea2812502ce0\setup\images not found!
File\Folder C:\7060f2ea2812502ce0\setup\help\1033 not found!
File\Folder C:\7060f2ea2812502ce0\setup\help\1031 not found!
File\Folder C:\7060f2ea2812502ce0\setup\help not found!
File\Folder C:\7060f2ea2812502ce0\setup not found!
File\Folder C:\8218266a1cc31ae583832e\hotfixexpress\files not found!

Registry entries deleted on Reboot...

Inzwischen kann ich die für mich wichtigen Daten wieder sehen. Ich bin also hoch zufrieden und habe eine Menge gelernt!
Gruß
Detlef

cosinus 10.06.2011 22:32
Bitte nun dieses Tool von Kaspersky ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

Das Tool so einstellen wie unten im Bild angegeben - also beide Haken setzen, auf Start scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.

http://www.trojaner-board.de/attachm...rnen-start.png


Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, bitte unhide ausführen:
Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop.
Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )
http://www.trojaner-board.de/images/icons/icon4.gif Vista und 7 User müssen das Tool per Rechtsklick als Administrator ausführen! http://www.trojaner-board.de/images/icons/icon4.gif

abuarmin 11.06.2011 16:16
Das sieht dann so aus:

2011/06/11 17:14:01.0531 TDSS rootkit removing tool 2.4.11.0 Dec 8 2010 14:46:40
2011/06/11 17:14:01.0531 ================================================================================
2011/06/11 17:14:01.0531 SystemInfo:
2011/06/11 17:14:01.0531
2011/06/11 17:14:01.0531 OS Version: 5.1.2600 ServicePack: 3.0
2011/06/11 17:14:01.0531 Product type: Workstation
2011/06/11 17:14:01.0531 ComputerName: DETLEF
2011/06/11 17:14:01.0531 UserName: ichallein
2011/06/11 17:14:01.0531 Windows directory: C:\WINDOWS
2011/06/11 17:14:01.0531 System windows directory: C:\WINDOWS
2011/06/11 17:14:01.0531 Processor architecture: Intel x86
2011/06/11 17:14:01.0531 Number of processors: 2
2011/06/11 17:14:01.0531 Page size: 0x1000
2011/06/11 17:14:01.0531 Boot type: Normal boot
2011/06/11 17:14:01.0531 ================================================================================
2011/06/11 17:14:02.0281 Initialize success
2011/06/11 17:14:19.0625 ================================================================================
2011/06/11 17:14:19.0625 Scan started
2011/06/11 17:14:19.0625 Mode: Manual;
2011/06/11 17:14:19.0625 ================================================================================
2011/06/11 17:14:20.0125 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
2011/06/11 17:14:20.0343 ACPI (ac407f1a62c3a300b4f2b5a9f1d55b2c) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/06/11 17:14:20.0515 ACPIEC (9e1ca3160dafb159ca14f83b1e317f75) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
2011/06/11 17:14:20.0718 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
2011/06/11 17:14:20.0796 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/06/11 17:14:20.0906 AFD (7618d5218f2a614672ec61a80d854a37) C:\WINDOWS\System32\drivers\afd.sys
2011/06/11 17:14:20.0968 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
2011/06/11 17:14:21.0015 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
2011/06/11 17:14:21.0046 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
2011/06/11 17:14:21.0062 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
2011/06/11 17:14:21.0093 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
2011/06/11 17:14:21.0171 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
2011/06/11 17:14:21.0218 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
2011/06/11 17:14:21.0296 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
2011/06/11 17:14:21.0328 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
2011/06/11 17:14:21.0390 ApfiltrService (350f19eb5fe4ec37a2414df56cde1aa8) C:\WINDOWS\system32\DRIVERS\Apfiltr.sys
2011/06/11 17:14:21.0468 APPDRV (ec94e05b76d033b74394e7b2175103cf) C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS
2011/06/11 17:14:21.0515 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
2011/06/11 17:14:21.0578 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
2011/06/11 17:14:21.0609 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
2011/06/11 17:14:21.0640 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
2011/06/11 17:14:21.0718 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/06/11 17:14:21.0812 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/06/11 17:14:21.0843 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/06/11 17:14:21.0921 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/06/11 17:14:22.0031 BCM43XX (37f385a93c620cbe0f89c17e45f697a1) C:\WINDOWS\system32\DRIVERS\bcmwl5.sys
2011/06/11 17:14:22.0109 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/06/11 17:14:22.0203 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
2011/06/11 17:14:22.0234 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/06/11 17:14:22.0265 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
2011/06/11 17:14:22.0328 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/06/11 17:14:22.0406 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/06/11 17:14:22.0468 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/06/11 17:14:22.0562 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
2011/06/11 17:14:22.0593 CmdIde (c687f81290303d90099b027a6474f99f) C:\WINDOWS\system32\DRIVERS\cmdide.sys
2011/06/11 17:14:22.0609 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
2011/06/11 17:14:22.0687 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
2011/06/11 17:14:22.0750 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
2011/06/11 17:14:22.0781 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
2011/06/11 17:14:22.0828 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/06/11 17:14:22.0875 DLABMFSM (a0500678a33802d8954153839301d539) C:\WINDOWS\system32\Drivers\DLABMFSM.SYS
2011/06/11 17:14:22.0906 DLABOIOM (b8d2f68cac54d46281399f9092644794) C:\WINDOWS\system32\Drivers\DLABOIOM.SYS
2011/06/11 17:14:22.0921 DLACDBHM (0ee93ab799d1cb4ec90b36f3612fe907) C:\WINDOWS\system32\Drivers\DLACDBHM.SYS
2011/06/11 17:14:22.0937 DLADResM (f8b70d38845c4694b28adc4768676fd0) C:\WINDOWS\system32\Drivers\DLADResM.SYS
2011/06/11 17:14:22.0968 DLAIFS_M (766a148235be1c0039c974446e4c0edc) C:\WINDOWS\system32\Drivers\DLAIFS_M.SYS
2011/06/11 17:14:23.0015 DLAOPIOM (38267cca177354f1c64450a43a4f7627) C:\WINDOWS\system32\Drivers\DLAOPIOM.SYS
2011/06/11 17:14:23.0031 DLAPoolM (fd363369fd313b46b5aeab1a688b52e9) C:\WINDOWS\system32\Drivers\DLAPoolM.SYS
2011/06/11 17:14:23.0046 DLARTL_M (336ae18f0912ef4fbe5518849e004d74) C:\WINDOWS\system32\Drivers\DLARTL_M.SYS
2011/06/11 17:14:23.0109 DLAUDFAM (fd85f682c1cc2a7ca878c7a448e6d87e) C:\WINDOWS\system32\Drivers\DLAUDFAM.SYS
2011/06/11 17:14:23.0125 DLAUDF_M (af389ce587b6bf5bbdcd6f6abe5eabc0) C:\WINDOWS\system32\Drivers\DLAUDF_M.SYS
2011/06/11 17:14:23.0265 dmboot (0dcfc8395a99fecbb1ef771cec7fe4ea) C:\WINDOWS\system32\drivers\dmboot.sys
2011/06/11 17:14:23.0312 dmio (53720ab12b48719d00e327da470a619a) C:\WINDOWS\system32\drivers\dmio.sys
2011/06/11 17:14:23.0359 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/06/11 17:14:23.0421 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2011/06/11 17:14:23.0500 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
2011/06/11 17:14:23.0515 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/06/11 17:14:23.0546 DRVMCDB (5d3b71bb2bb0009d65d290e2ef374bd3) C:\WINDOWS\system32\Drivers\DRVMCDB.SYS
2011/06/11 17:14:23.0578 DRVNDDM (c591ba9f96f40a1fd6494dafdcd17185) C:\WINDOWS\system32\Drivers\DRVNDDM.SYS
2011/06/11 17:14:23.0625 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/06/11 17:14:23.0671 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
2011/06/11 17:14:23.0703 Fips (b0678a548587c5f1967b0d70bacad6c1) C:\WINDOWS\system32\drivers\Fips.sys
2011/06/11 17:14:23.0734 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
2011/06/11 17:14:23.0765 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
2011/06/11 17:14:23.0796 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/06/11 17:14:23.0828 Ftdisk (8f1955ce42e1484714b542f341647778) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/06/11 17:14:23.0875 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/06/11 17:14:23.0921 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2011/06/11 17:14:23.0968 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/06/11 17:14:24.0046 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
2011/06/11 17:14:24.0109 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/06/11 17:14:24.0125 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
2011/06/11 17:14:24.0187 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
2011/06/11 17:14:24.0250 i8042prt (e283b97cfbeb86c1d86baed5f7846a92) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/06/11 17:14:24.0343 iaStor (2358c53f30cb9dcd1d3843c4e2f299b2) C:\WINDOWS\system32\drivers\iaStor.sys
2011/06/11 17:14:24.0359 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/06/11 17:14:24.0406 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
2011/06/11 17:14:24.0609 IntcAzAudAddService (613a2b00da1d4a80de1ec8cfb52c0d89) C:\WINDOWS\system32\drivers\RtkHDAud.sys
2011/06/11 17:14:24.0687 IntelIde (69c4e3c9e67a1f103b94e14fdd5f3213) C:\WINDOWS\system32\DRIVERS\intelide.sys
2011/06/11 17:14:24.0718 intelppm (4c7d2750158ed6e7ad642d97bffae351) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/06/11 17:14:24.0750 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
2011/06/11 17:14:24.0796 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/06/11 17:14:24.0843 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/06/11 17:14:24.0875 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/06/11 17:14:24.0921 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/06/11 17:14:25.0000 isapnp (6dfb88f64135c525433e87648bda30de) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/06/11 17:14:25.0031 Kbdclass (1704d8c4c8807b889e43c649b478a452) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/06/11 17:14:25.0062 kbdhid (b6d6c117d771c98130497265f26d1882) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2011/06/11 17:14:25.0156 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/06/11 17:14:25.0187 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/06/11 17:14:25.0265 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/06/11 17:14:25.0312 Modem (6fb74ebd4ec57a6f1781de3852cc3362) C:\WINDOWS\system32\drivers\Modem.sys
2011/06/11 17:14:25.0375 Mouclass (b24ce8005deab254c0251e15cb71d802) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/06/11 17:14:25.0406 mouhid (66a6f73c74e1791464160a7065ce711a) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/06/11 17:14:25.0421 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/06/11 17:14:25.0484 MpFilter (7e34bfa1a7b60bba1da03d677f16cd63) C:\WINDOWS\system32\DRIVERS\MpFilter.sys
2011/06/11 17:14:25.0687 MpKslb7609bc3 (5f53edfead46fa7adb78eee9ecce8fdf) c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Microsoft\Microsoft Antimalware\Definition Updates\{9D1B24A5-C07A-4710-81F7-E77FA13C440E}\MpKslb7609bc3.sys
2011/06/11 17:14:25.0734 MpKsld2281442 (5f53edfead46fa7adb78eee9ecce8fdf) c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Microsoft\Microsoft Antimalware\Definition Updates\{9D1B24A5-C07A-4710-81F7-E77FA13C440E}\MpKsld2281442.sys
2011/06/11 17:14:25.0796 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
2011/06/11 17:14:25.0828 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/06/11 17:14:25.0906 MRxSmb (0ea4d8ed179b75f8afa7998ba22285ca) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/06/11 17:14:25.0953 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/06/11 17:14:26.0031 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/06/11 17:14:26.0062 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/06/11 17:14:26.0093 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/06/11 17:14:26.0156 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/06/11 17:14:26.0171 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2011/06/11 17:14:26.0234 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2011/06/11 17:14:26.0312 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/06/11 17:14:26.0343 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/06/11 17:14:26.0375 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/06/11 17:14:26.0437 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/06/11 17:14:26.0468 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/06/11 17:14:26.0515 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/06/11 17:14:26.0578 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
2011/06/11 17:14:26.0593 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2011/06/11 17:14:26.0687 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/06/11 17:14:26.0765 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/06/11 17:14:27.0015 nv (c116d2b008a1640c4484a1dcd1abe12c) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2011/06/11 17:14:27.0296 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/06/11 17:14:27.0328 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/06/11 17:14:27.0390 O2MDRDR (948aefc4db1e6cc5a8d9fc5740aee392) C:\WINDOWS\system32\DRIVERS\o2media.sys
2011/06/11 17:14:27.0406 O2SDRDR (5472c48f44b49f07b16b421899e550f8) C:\WINDOWS\system32\DRIVERS\o2sd.sys
2011/06/11 17:14:27.0484 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
2011/06/11 17:14:27.0531 Parport (f84785660305b9b903fb3bca8ba29837) C:\WINDOWS\system32\drivers\Parport.sys
2011/06/11 17:14:27.0578 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/06/11 17:14:27.0609 ParVdm (c2bf987829099a3eaa2ca6a0a90ecb4f) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/06/11 17:14:27.0625 PCI (387e8dedc343aa2d1efbc30580273acd) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/06/11 17:14:27.0718 PCIIde (59ba86d9a61cbcf4df8e598c331f5b82) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/06/11 17:14:27.0750 Pcmcia (a2a966b77d61847d61a3051df87c8c97) C:\WINDOWS\system32\drivers\Pcmcia.sys
2011/06/11 17:14:27.0875 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
2011/06/11 17:14:27.0906 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
2011/06/11 17:14:27.0968 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/06/11 17:14:28.0015 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/06/11 17:14:28.0046 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/06/11 17:14:28.0109 PxHelp20 (153d02480a0a2f45785522e814c634b6) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2011/06/11 17:14:28.0140 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
2011/06/11 17:14:28.0171 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
2011/06/11 17:14:28.0203 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
2011/06/11 17:14:28.0234 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
2011/06/11 17:14:28.0265 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
2011/06/11 17:14:28.0312 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/06/11 17:14:28.0390 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/06/11 17:14:28.0421 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/06/11 17:14:28.0468 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/06/11 17:14:28.0500 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/06/11 17:14:28.0578 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/06/11 17:14:28.0593 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2011/06/11 17:14:28.0656 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/06/11 17:14:28.0703 redbook (ed761d453856f795a7fe056e42c36365) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/06/11 17:14:28.0812 RTLE8023xp (89619ef503f949fae09252a8b883ee11) C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
2011/06/11 17:14:28.0859 sdbus (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys
2011/06/11 17:14:28.0921 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/06/11 17:14:28.0984 Serial (cf24eb4f0412c82bcd1f4f35a025e31d) C:\WINDOWS\system32\drivers\Serial.sys
2011/06/11 17:14:29.0015 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/06/11 17:14:29.0046 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
2011/06/11 17:14:29.0140 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
2011/06/11 17:14:29.0203 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2011/06/11 17:14:29.0250 sr (50fa898f8c032796d3b1b9951bb5a90f) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/06/11 17:14:29.0328 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/06/11 17:14:29.0375 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/06/11 17:14:29.0406 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2011/06/11 17:14:29.0468 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
2011/06/11 17:14:29.0500 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
2011/06/11 17:14:29.0531 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
2011/06/11 17:14:29.0562 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
2011/06/11 17:14:29.0609 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/06/11 17:14:29.0703 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/06/11 17:14:29.0765 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/06/11 17:14:29.0781 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/06/11 17:14:29.0828 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/06/11 17:14:29.0875 TosIde (d213a9247dc347f305a2d4cc9b951487) C:\WINDOWS\system32\DRIVERS\toside.sys
2011/06/11 17:14:29.0921 tosporte (8d624d3bd1f2d78bd1c01a2d4e954b4e) C:\WINDOWS\system32\DRIVERS\tosporte.sys
2011/06/11 17:14:29.0984 tosrfbd (435ac6cc2abed508ac5a495658cbaf0f) C:\WINDOWS\system32\DRIVERS\tosrfbd.sys
2011/06/11 17:14:30.0031 tosrfbnp (90c8525bc578aaffe87c2d0ed4379e9e) C:\WINDOWS\system32\Drivers\tosrfbnp.sys
2011/06/11 17:14:30.0125 Tosrfcom (5ba1ca3b3cddb1ddc67df473f05d1ec2) C:\WINDOWS\system32\Drivers\tosrfcom.sys
2011/06/11 17:14:30.0203 Tosrfhid (28099a4e52148319afa685d93a2244d0) C:\WINDOWS\system32\DRIVERS\Tosrfhid.sys
2011/06/11 17:14:30.0265 tosrfnds (c52fd27b9adf3a1f22cb90e6bcf9b0cb) C:\WINDOWS\system32\DRIVERS\tosrfnds.sys
2011/06/11 17:14:30.0343 Tosrfusb (6bc529c5eca0c7654943fd6fab21c5fa) C:\WINDOWS\system32\DRIVERS\tosrfusb.sys
2011/06/11 17:14:30.0500 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2011/06/11 17:14:30.0562 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
2011/06/11 17:14:30.0640 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2011/06/11 17:14:30.0734 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
2011/06/11 17:14:30.0765 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/06/11 17:14:30.0812 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/06/11 17:14:30.0875 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/06/11 17:14:30.0968 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2011/06/11 17:14:31.0031 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/06/11 17:14:31.0109 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/06/11 17:14:31.0171 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/06/11 17:14:31.0250 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2011/06/11 17:14:31.0359 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
2011/06/11 17:14:31.0421 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
2011/06/11 17:14:31.0468 VolSnap (a5a712f4e880874a477af790b5186e1d) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/06/11 17:14:31.0531 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/06/11 17:14:31.0625 Wdf01000 (fd47474bd21794508af449d9d91af6e6) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
2011/06/11 17:14:31.0671 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/06/11 17:14:31.0781 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
2011/06/11 17:14:31.0859 ================================================================================
2011/06/11 17:14:31.0859 Scan finished
2011/06/11 17:14:31.0859 ================================================================================
Gruß
Detlef

cosinus 11.06.2011 17:39
Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Lade dir ComboFix hier herunter auf deinen Desktop. Benenne es beim Runterladen um in cofi.exe.
http://saved.im/mtm0nzyzmzd5/cofi.jpg
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

abuarmin 11.06.2011 18:16
Hier das Ergebnis:
Combofix Logfile:
Code:
ComboFix 11-06-11.01 - ichallein 11.06.2011  19:00:57.1.2 - x86
Microsoft Windows XP Professional  5.1.2600.3.1252.49.1031.18.3070.2165 [GMT 2:00]
ausgeführt von:: c:\dokumente und einstellungen\ichallein\Eigene Dateien\Downloads\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\dokumente und einstellungen\ichallein\Anwendungsdaten\Adobe\plugs
c:\dokumente und einstellungen\ichallein\Anwendungsdaten\Adobe\shed
c:\dokumente und einstellungen\ichallein\Anwendungsdaten\PriceGong
c:\dokumente und einstellungen\ichallein\Anwendungsdaten\PriceGong\Data\1.xml
c:\dokumente und einstellungen\ichallein\Anwendungsdaten\PriceGong\Data\a.xml
c:\dokumente und einstellungen\ichallein\Anwendungsdaten\PriceGong\Data\b.xml
c:\dokumente und einstellungen\ichallein\Anwendungsdaten\PriceGong\Data\c.xml
c:\dokumente und einstellungen\ichallein\Anwendungsdaten\PriceGong\Data\d.xml
c:\dokumente und einstellungen\ichallein\Anwendungsdaten\PriceGong\Data\e.xml
c:\dokumente und einstellungen\ichallein\Anwendungsdaten\PriceGong\Data\f.xml
c:\dokumente und einstellungen\ichallein\Anwendungsdaten\PriceGong\Data\g.xml
c:\dokumente und einstellungen\ichallein\Anwendungsdaten\PriceGong\Data\h.xml
c:\dokumente und einstellungen\ichallein\Anwendungsdaten\PriceGong\Data\i.xml
c:\dokumente und einstellungen\ichallein\Anwendungsdaten\PriceGong\Data\J.xml
c:\dokumente und einstellungen\ichallein\Anwendungsdaten\PriceGong\Data\k.xml
c:\dokumente und einstellungen\ichallein\Anwendungsdaten\PriceGong\Data\l.xml
c:\dokumente und einstellungen\ichallein\Anwendungsdaten\PriceGong\Data\m.xml
c:\dokumente und einstellungen\ichallein\Anwendungsdaten\PriceGong\Data\mru.xml
c:\dokumente und einstellungen\ichallein\Anwendungsdaten\PriceGong\Data\n.xml
c:\dokumente und einstellungen\ichallein\Anwendungsdaten\PriceGong\Data\o.xml
c:\dokumente und einstellungen\ichallein\Anwendungsdaten\PriceGong\Data\p.xml
c:\dokumente und einstellungen\ichallein\Anwendungsdaten\PriceGong\Data\q.xml
c:\dokumente und einstellungen\ichallein\Anwendungsdaten\PriceGong\Data\r.xml
c:\dokumente und einstellungen\ichallein\Anwendungsdaten\PriceGong\Data\s.xml
c:\dokumente und einstellungen\ichallein\Anwendungsdaten\PriceGong\Data\t.xml
c:\dokumente und einstellungen\ichallein\Anwendungsdaten\PriceGong\Data\u.xml
c:\dokumente und einstellungen\ichallein\Anwendungsdaten\PriceGong\Data\v.xml
c:\dokumente und einstellungen\ichallein\Anwendungsdaten\PriceGong\Data\w.xml
c:\dokumente und einstellungen\ichallein\Anwendungsdaten\PriceGong\Data\x.xml
c:\dokumente und einstellungen\ichallein\Anwendungsdaten\PriceGong\Data\y.xml
c:\dokumente und einstellungen\ichallein\Anwendungsdaten\PriceGong\Data\z.xml
c:\windows\inf\pok.pnf
c:\windows\IsUn0407.exe
.
.
(((((((((((((((((((((((  Dateien erstellt von 2011-05-11 bis 2011-06-11  ))))))))))))))))))))))))))))))
.
.
2011-06-11 15:04 . 2011-06-11 15:04        --------        d-----w-        c:\dokumente und einstellungen\ichallein\Anwendungsdaten\BabylonToolbar
2011-06-11 15:04 . 2011-06-11 15:04        28752        ----a-w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\Microsoft\Microsoft Antimalware\Definition Updates\{9D1B24A5-C07A-4710-81F7-E77FA13C440E}\MpKsld2281442.sys
2011-06-11 14:52 . 2011-06-11 14:52        --------        d-----w-        c:\programme\BabylonToolbar
2011-06-11 09:38 . 2011-05-09 11:46        6962000        ----a-w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\Microsoft\Microsoft Antimalware\Definition Updates\{9D1B24A5-C07A-4710-81F7-E77FA13C440E}\mpengine.dll
2011-06-10 20:24 . 2011-06-10 20:24        --------        d-----w-        C:\_OTL
2011-06-10 07:16 . 2011-06-10 07:16        --------        d-----w-        c:\programme\Recuva
2011-06-10 07:16 . 2011-06-10 07:16        --------        d-----w-        c:\programme\Ask.com
2011-06-08 20:27 . 2011-06-08 20:27        --------        d-----w-        C:\Malwarebytes' Anti-Malware
2011-06-06 08:46 . 2011-06-06 08:46        --------        d-sh--w-        c:\dokumente und einstellungen\Default User\IETldCache
2011-05-31 20:58 . 2011-05-31 20:58        --------        d-----w-        c:\windows\PIF
2011-05-31 18:40 . 2009-08-06 17:23        274288        ----a-w-        c:\windows\system32\mucltui.dll
2011-05-31 18:40 . 2009-08-06 17:23        215920        ----a-w-        c:\windows\system32\muweb.dll
2011-05-31 07:10 . 2011-05-31 07:11        --------        d-----w-        c:\windows\Temp2BE581E5-FD62-4356-D6CA-F8CAD7FCEBC0-Signatures
2011-05-31 07:10 . 2011-05-31 07:13        --------        d-----w-        c:\programme\Microsoft Security Client
2011-05-31 07:01 . 2011-05-09 11:46        6962000        ----a-w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-05-31 06:59 . 2011-05-31 06:59        --------        d-----w-        c:\dokumente und einstellungen\NetworkService\Lokale Einstellungen\Anwendungsdaten\PCHealth
2011-05-31 03:12 . 2011-05-09 11:46        6962000        ----a-w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\Microsoft\Microsoft Antimalware\Definition Updates\Updates\mpengine.dll
2011-05-30 21:10 . 2010-10-19 20:51        222080        ------w-        c:\windows\system32\MpSigStub.exe
2011-05-30 20:59 . 2011-05-30 20:59        --------        d-----w-        c:\dokumente und einstellungen\ichallein\Anwendungsdaten\Malwarebytes
2011-05-30 19:03 . 2011-05-30 19:03        --------        d-----w-        c:\dokumente und einstellungen\Administrator\Anwendungsdaten\Ordner HP Share-to-Web
2011-05-30 17:35 . 2011-05-30 17:35        --------        d-----w-        c:\dokumente und einstellungen\Administrator\Anwendungsdaten\Malwarebytes
2011-05-30 17:35 . 2011-05-29 07:11        39984        ----a-w-        c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-30 17:35 . 2011-05-30 17:35        --------        d-----w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\Malwarebytes
2011-05-30 17:35 . 2011-06-08 11:54        --------        d-----w-        c:\programme\Malwarebytes' Anti-Malware
2011-05-30 17:32 . 2011-05-30 17:32        --------        d-sh--w-        c:\dokumente und einstellungen\Administrator\IETldCache
2011-05-26 15:29 . 2011-05-26 15:30        --------        d-----w-        c:\dokumente und einstellungen\ichallein\Anwendungsdaten\Halyi
2011-05-23 07:59 . 2011-05-23 07:59        781272        ----a-w-        c:\programme\Mozilla Firefox\mozsqlite3.dll
2011-05-23 07:59 . 2011-05-23 07:59        1874904        ----a-w-        c:\programme\Mozilla Firefox\mozjs.dll
2011-05-23 07:59 . 2011-05-23 07:59        89048        ----a-w-        c:\programme\Mozilla Firefox\libEGL.dll
2011-05-23 07:59 . 2011-05-23 07:59        465880        ----a-w-        c:\programme\Mozilla Firefox\libGLESv2.dll
2011-05-23 07:59 . 2011-05-23 07:59        15832        ----a-w-        c:\programme\Mozilla Firefox\mozalloc.dll
2011-05-23 07:59 . 2011-05-23 07:59        1892184        ----a-w-        c:\programme\Mozilla Firefox\d3dx9_42.dll
2011-05-23 07:59 . 2011-05-23 07:59        142296        ----a-w-        c:\programme\Mozilla Firefox\components\browsercomps.dll
2011-05-23 07:59 . 2011-05-23 07:59        1974616        ----a-w-        c:\programme\Mozilla Firefox\D3DCompiler_42.dll
2011-05-22 14:49 . 2011-05-22 14:49        404640        ----a-w-        c:\windows\system32\FlashPlayerCPLApp.cpl
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-06-11 15:03 . 2008-04-25 09:46        53760        ----a-w-        c:\windows\system32\drivers\volsnap.sys
2011-05-23 07:59 . 2011-05-23 07:59        142296        ----a-w-        c:\programme\mozilla firefox\components\browsercomps.dll
2010-08-19 14:18 . 2009-06-11 03:57        119808        ----a-w-        c:\programme\mozilla firefox\components\GoogleDesktopMozilla.dll
2006-05-03 09:06        163328        --sh--r-        c:\windows\system32\flvDX.dll
2007-02-21 10:47        31232        --sh--r-        c:\windows\system32\msfDX.dll
2008-03-16 12:30        216064        --sh--r-        c:\windows\system32\nbDX.dll
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{c840e246-6b95-475e-9bd7-caa1c7eca9f2}"= "c:\programme\uTorrentBar_DE\tbuTor.dll" [2010-12-09 3911776]
"{937f343c-c9c2-4235-b544-7fc4da2f2594}"= "c:\programme\Suche_Deutschland\prxtbSuc0.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}]
.
[HKEY_CLASSES_ROOT\clsid\{937f343c-c9c2-4235-b544-7fc4da2f2594}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2010-12-09 11:51        3911776        ----a-w-        c:\programme\ConduitEngine\ConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{937f343c-c9c2-4235-b544-7fc4da2f2594}]
2011-01-17 14:54        175912        ----a-w-        c:\programme\Suche_Deutschland\prxtbSuc0.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}]
2010-12-09 11:51        3911776        ----a-w-        c:\programme\uTorrentBar_DE\tbuTor.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2010-09-28 21:12        1435112        ----a-w-        c:\programme\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{c840e246-6b95-475e-9bd7-caa1c7eca9f2}"= "c:\programme\uTorrentBar_DE\tbuTor.dll" [2010-12-09 3911776]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\programme\ConduitEngine\ConduitEngine.dll" [2010-12-09 3911776]
"{937f343c-c9c2-4235-b544-7fc4da2f2594}"= "c:\programme\Suche_Deutschland\prxtbSuc0.dll" [2011-01-17 175912]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\programme\Ask.com\GenericAskToolbar.dll" [2010-09-28 1435112]
.
[HKEY_CLASSES_ROOT\clsid\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CLASSES_ROOT\clsid\{937f343c-c9c2-4235-b544-7fc4da2f2594}]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{C840E246-6B95-475E-9BD7-CAA1C7ECA9F2}"= "c:\programme\uTorrentBar_DE\tbuTor.dll" [2010-12-09 3911776]
"{937F343C-C9C2-4235-B544-7FC4DA2F2594}"= "c:\programme\Suche_Deutschland\prxtbSuc0.dll" [2011-01-17 175912]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\programme\ConduitEngine\ConduitEngine.dll" [2010-12-09 3911776]
.
[HKEY_CLASSES_ROOT\clsid\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}]
.
[HKEY_CLASSES_ROOT\clsid\{937f343c-c9c2-4235-b544-7fc4da2f2594}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM"="c:\programme\Gemeinsame Dateien\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 218032]
"msnmsgr"="c:\programme\Windows Live\Messenger\msnmsgr.exe" [2008-12-02 3882312]
"SpybotSD TeaTimer"="c:\programme\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"TomTomHOME.exe"="c:\programme\TomTom HOME 2\TomTomHOMERunner.exe" [2011-04-22 247728]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\programme\DellTPad\Apoint.exe" [2008-02-21 159744]
"RTHDCPL"="RTHDCPL.EXE" [2008-02-21 16855552]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-06-09 13537280]
"nwiz"="nwiz.exe" [2008-06-09 1630208]
"NVHotkey"="nvHotkey.dll" [2008-06-09 90112]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-06-30 86016]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2008-12-18 2289664]
"Dell QuickSet"="c:\programme\Dell\QuickSet\quickset.exe" [2008-02-22 1245184]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2008-05-23 128296]
"SunJavaUpdateSched"="c:\programme\Java\jre6\bin\jusched.exe" [2009-10-14 149280]
"Adobe Reader Speed Launcher"="c:\programme\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
"Share-to-Web Namespace Daemon"="c:\programme\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [2001-07-03 57344]
"TkBellExe"="c:\programme\real\realplayer\update\realsched.exe" [2010-12-14 274608]
"QuickTime Task"="c:\programme\QuickTime\qttask.exe" [2010-09-08 421888]
"Google Desktop Search"="c:\programme\Google\Google Desktop Search\GoogleDesktop.exe" [2010-08-19 30192]
"Adobe ARM"="c:\programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
"MSC"="c:\programme\Microsoft Security Client\msseces.exe" [2010-11-30 997408]
"BabylonToolbar"="c:\programme\BabylonToolbar\BabylonToolbar\1.4.19.19\BabylonToolbarsrv.exe" [2010-11-07 286720]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="c:\progra~1\GEMEIN~1\MICROS~1\DW\dwtrig20.exe" [2008-11-03 435096]
.
c:\dokumente und einstellungen\ichallein\Startmen\Programme\Autostart\
OpenOffice.org 3.1.lnk - c:\programme\OpenOffice.org 3\program\quickstart.exe [2009-8-18 384000]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\programme\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programme\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Programme\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programme\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Programme\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\Programme\\ICQ6.5\\ICQ.exe"=
"c:\\Programme\\IncrediMail\\Bin\\IncMail.exe"=
"c:\\Programme\\IncrediMail\\Bin\\ImApp.exe"=
"c:\\Programme\\IncrediMail\\Bin\\ImpCnt.exe"=
"c:\\Programme\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\Programme\\Google\\Google Earth\\plugin\\geplugin.exe"=
.
R1 MpKsld2281442;MpKsld2281442;c:\dokumente und einstellungen\All Users\Anwendungsdaten\Microsoft\Microsoft Antimalware\Definition Updates\{9D1B24A5-C07A-4710-81F7-E77FA13C440E}\MpKsld2281442.sys [11.06.2011 17:04 28752]
R2 ICQ Service;ICQ Service;c:\programme\ICQ6Toolbar\ICQ Service.exe [16.06.2009 17:51 222456]
R2 TomTomHOMEService;TomTomHOMEService;c:\programme\TomTom HOME 2\TomTomHOMEService.exe [22.04.2011 14:21 92592]
R3 O2MDRDR;O2MDRDR;c:\windows\system32\drivers\o2media.sys [26.03.2009 22:51 51288]
R3 O2SDRDR;O2SDRDR;c:\windows\system32\drivers\o2sd.sys [26.03.2009 22:51 43608]
S1 MpKsl033aadec;MpKsl033aadec;\??\c:\dokumente und einstellungen\All Users\Anwendungsdaten\Microsoft\Microsoft Antimalware\Definition Updates\{6652333F-E6E9-4257-975E-48CB984E3B8D}\MpKsl033aadec.sys --> c:\dokumente und einstellungen\All Users\Anwendungsdaten\Microsoft\Microsoft Antimalware\Definition Updates\{6652333F-E6E9-4257-975E-48CB984E3B8D}\MpKsl033aadec.sys [?]
S1 MpKsl3aa8aa8f;MpKsl3aa8aa8f;\??\c:\dokumente und einstellungen\All Users\Anwendungsdaten\Microsoft\Microsoft Antimalware\Definition Updates\{6652333F-E6E9-4257-975E-48CB984E3B8D}\MpKsl3aa8aa8f.sys --> c:\dokumente und einstellungen\All Users\Anwendungsdaten\Microsoft\Microsoft Antimalware\Definition Updates\{6652333F-E6E9-4257-975E-48CB984E3B8D}\MpKsl3aa8aa8f.sys [?]
S1 MpKsl55230e96;MpKsl55230e96;\??\c:\dokumente und einstellungen\All Users\Anwendungsdaten\Microsoft\Microsoft Antimalware\Definition Updates\{6652333F-E6E9-4257-975E-48CB984E3B8D}\MpKsl55230e96.sys --> c:\dokumente und einstellungen\All Users\Anwendungsdaten\Microsoft\Microsoft Antimalware\Definition Updates\{6652333F-E6E9-4257-975E-48CB984E3B8D}\MpKsl55230e96.sys [?]
S1 MpKsl76db2902;MpKsl76db2902;\??\c:\dokumente und einstellungen\All Users\Anwendungsdaten\Microsoft\Microsoft Antimalware\Definition Updates\{6652333F-E6E9-4257-975E-48CB984E3B8D}\MpKsl76db2902.sys --> c:\dokumente und einstellungen\All Users\Anwendungsdaten\Microsoft\Microsoft Antimalware\Definition Updates\{6652333F-E6E9-4257-975E-48CB984E3B8D}\MpKsl76db2902.sys [?]
S1 MpKsl8fe2470b;MpKsl8fe2470b;\??\c:\dokumente und einstellungen\All Users\Anwendungsdaten\Microsoft\Microsoft Antimalware\Definition Updates\{6652333F-E6E9-4257-975E-48CB984E3B8D}\MpKsl8fe2470b.sys --> c:\dokumente und einstellungen\All Users\Anwendungsdaten\Microsoft\Microsoft Antimalware\Definition Updates\{6652333F-E6E9-4257-975E-48CB984E3B8D}\MpKsl8fe2470b.sys [?]
S1 MpKsl988aa76d;MpKsl988aa76d;\??\c:\dokumente und einstellungen\All Users\Anwendungsdaten\Microsoft\Microsoft Antimalware\Definition Updates\{6652333F-E6E9-4257-975E-48CB984E3B8D}\MpKsl988aa76d.sys --> c:\dokumente und einstellungen\All Users\Anwendungsdaten\Microsoft\Microsoft Antimalware\Definition Updates\{6652333F-E6E9-4257-975E-48CB984E3B8D}\MpKsl988aa76d.sys [?]
S1 MpKslb7609bc3;MpKslb7609bc3;\??\c:\dokumente und einstellungen\All Users\Anwendungsdaten\Microsoft\Microsoft Antimalware\Definition Updates\{9D1B24A5-C07A-4710-81F7-E77FA13C440E}\MpKslb7609bc3.sys --> c:\dokumente und einstellungen\All Users\Anwendungsdaten\Microsoft\Microsoft Antimalware\Definition Updates\{9D1B24A5-C07A-4710-81F7-E77FA13C440E}\MpKslb7609bc3.sys [?]
S2 gupdate1c9bf4a266e0780;Google Update Service (gupdate1c9bf4a266e0780);c:\programme\Google\Update\GoogleUpdate.exe [17.04.2009 12:49 133104]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\programme\Google\Google Desktop Search\GoogleDesktop.exe [11.06.2009 05:56 30192]
S3 gupdatem;Google Update-Dienst (gupdatem);c:\programme\Google\Update\GoogleUpdate.exe [17.04.2009 12:49 133104]
.
Inhalt des "geplante Tasks" Ordners
.
2011-06-11 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programme\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]
.
2011-06-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\programme\Google\Update\GoogleUpdate.exe [2009-04-17 10:49]
.
2011-06-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programme\Google\Update\GoogleUpdate.exe [2009-04-17 10:49]
.
2011-06-11 c:\windows\Tasks\Internet Explorer (ohne Add-Ons).job
- c:\progra~1\INTERN~1\iexplore.exe [2008-04-25 12:09]
.
2011-06-11 c:\windows\Tasks\Internet Explorer.job
- c:\progra~1\INTERN~1\iexplore.exe [2008-04-25 12:09]
.
2011-06-11 c:\windows\Tasks\MP Scheduled Scan.job
- c:\programme\Microsoft Security Client\Antimalware\MpCmdRun.exe [2010-11-11 10:26]
.
2011-06-11 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-542718681-3178781138-3301103432-1005.job
- c:\programme\Real\RealUpgrade\realupgrade.exe [2010-11-05 10:33]
.
2011-06-11 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-542718681-3178781138-3301103432-1005.job
- c:\programme\Real\RealUpgrade\realupgrade.exe [2010-11-05 10:33]
.
2011-06-11 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\programme\Ask.com\UpdateTask.exe [2010-09-28 21:12]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://search.babylon.com/?babsrc=HP_ss&mntrId=0862f7a800000000000000242ba5dc93&tlver=1.4.19.19&affID=19405
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
IE: Google Sidewiki... - c:\programme\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\dokumente und einstellungen\ichallein\Anwendungsdaten\Mozilla\Firefox\Profiles\xgoljvut.default\
FF - prefs.js: browser.search.selectedEngine - foxsearch
FF - prefs.js: browser.startup.homepage - hxxp://www.ferienwohnung-bad-pyrmont.net/
FF - prefs.js: keyword.URL - hxxp://www.finduny.com?client=mozilla-firefox&cd=UTF-8&search=1&q=
FF - user.js: browser.search.selectedEngine - foxsearch
FF - user.js: browser.search.order.1 - foxsearch
FF - user.js: browser.search.defaultenginename - foxsearch
FF - user.js: keyword.URL - hxxp://www.finduny.com?client=mozilla-firefox&cd=UTF-8&search=1&q=
FF - user.js: privacy.item.cookies - false
FF - user.js: privacy.sanitize.promptOnSanitize - false
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKCU-Run-DellSupportCenter - c:\programme\Dell Support Center\bin\sprtcmd.exe
HKLM-Run-DellSupportCenter - c:\programme\Dell Support Center\bin\sprtcmd.exe
SafeBoot-01551253.sys
AddRemove-Dell Support Center - c:\progra~1\DELLSU~1\uninst.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2011-06-11 19:08
Windows 5.1.2600 Service Pack 3 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'winlogon.exe'(1236)
c:\windows\System32\BCMLogon.dll
.
- - - - - - - > 'explorer.exe'(3284)
c:\windows\system32\webcheck.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\programme\Microsoft Security Client\Antimalware\MsMpEng.exe
c:\windows\System32\WLTRYSVC.EXE
c:\windows\System32\bcmwltry.exe
c:\windows\system32\brss01a.exe
c:\programme\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
c:\programme\Java\jre6\bin\jqs.exe
c:\programme\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\DRIVERS\o2flash.exe
c:\programme\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\windows\RTHDCPL.EXE
c:\programme\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\windows\system32\rundll32.exe
c:\programme\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\windows\system32\SearchIndexer.exe
c:\progra~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe
c:\programme\DellTPad\ApMsgFwd.exe
c:\programme\DellTPad\HidFind.exe
c:\programme\DellTPad\Apntex.exe
c:\programme\OpenOffice.org 3\program\soffice.exe
c:\programme\OpenOffice.org 3\program\soffice.bin
c:\windows\system32\wscntfy.exe
c:\windows\system32\SearchProtocolHost.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\system32\SearchFilterHost.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2011-06-11  19:11:06 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2011-06-11 17:10
.
Vor Suchlauf: 15 Verzeichnis(se), 207.898.578.944 Bytes frei
Nach Suchlauf: 17 Verzeichnis(se), 209.839.984.640 Bytes frei
.
WindowsXP-KB310994-SP2-Pro-BootDisk-DEU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - 9669DD6006B95399D738120442407851
--- --- ---
Gruß
Detlef

cosinus 11.06.2011 19:14
Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.


Downloade Dir danach bitte MBRCheck (by a_d_13) und speichere die Datei auf dem Desktop.
  • Doppelklick auf die MBRCheck.exe.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Das Tool braucht nur wenige Sekunden.
  • Danach solltest du eine MBRCheck_<Datum>_<Uhrzeit>.txt auf dem Desktop finden.
Poste mir bitte den Inhalt des .txt Dokumentes

abuarmin 11.06.2011 20:45
Oh, Mann, GMER lief zwar stabil, aber dauerte endlos! Hier nun das Resultat:

GMER Logfile:
Code:
GMER 1.0.15.15640 - GMER - Rootkit Detector and Remover
Rootkit scan 2011-06-11 21:42:56
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 WDC_WD25 rev.11.0
Running: dcej0ztm.exe; Driver: C:\DOKUME~1\ICHALL~1\LOKALE~1\Temp\uxtdapod.sys


---- Kernel code sections - GMER 1.0.15 ----

?              Combo-Fix.sys                                                                                                                                                        Das System kann die angegebene Datei nicht finden. !
.text          C:\WINDOWS\system32\DRIVERS\nv4_mini.sys                                                                                                                              section is writeable [0xB7A26380, 0x37DE8D, 0xE8000020]
?              c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Microsoft\Microsoft Antimalware\Definition Updates\{9D1B24A5-C07A-4710-81F7-E77FA13C440E}\MpKsld2281442.sys  Das System kann die angegebene Datei nicht finden. !
?              C:\ComboFix\catchme.sys                                                                                                                                              Das System kann den angegebenen Pfad nicht finden. !
?              C:\WINDOWS\system32\Drivers\PROCEXP113.SYS                                                                                                                            Das System kann die angegebene Datei nicht finden. !

---- User code sections - GMER 1.0.15 ----

.text          C:\Programme\Mozilla Firefox\plugin-container.exe[512] USER32.dll!SetWindowLongA                                                                                      7E37C29D 5 Bytes  JMP 10698DD9 C:\Programme\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text          C:\Programme\Mozilla Firefox\plugin-container.exe[512] USER32.dll!SetWindowLongW                                                                                      7E37C2BB 5 Bytes  JMP 10698D6B C:\Programme\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text          C:\Programme\Mozilla Firefox\plugin-container.exe[512] USER32.dll!GetWindowInfo                                                                                      7E37C49C 5 Bytes  JMP 104C7187 C:\Programme\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text          C:\Programme\Mozilla Firefox\plugin-container.exe[512] USER32.dll!TrackPopupMenu                                                                                      7E3B531E 5 Bytes  JMP 104C7781 C:\Programme\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text          C:\programme\real\realplayer\update\realsched.exe[2856] kernel32.dll!SetUnhandledExceptionFilter                                                                      7C84495D 5 Bytes  [33, C0, C2, 04, 00] {XOR EAX, EAX; RET 0x4}
.text          C:\Programme\Mozilla Firefox\firefox.exe[2968] ntdll.dll!LdrLoadDll                                                                                                  7C92632D 5 Bytes  JMP 00401410 C:\Programme\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation)
.text          C:\WINDOWS\system32\SearchIndexer.exe[3060] kernel32.dll!WriteFile                                                                                                    7C810E27 7 Bytes  JMP 00585C0C C:\WINDOWS\system32\MSSRCH.DLL (mssrch.dll/Microsoft Corporation)
.text          C:\Programme\Microsoft Office\Office12\OUTLOOK.EXE[3580] kernel32.dll!SetUnhandledExceptionFilter                                                                    7C84495D 5 Bytes  JMP 32605B49 C:\Programme\Gemeinsame Dateien\Microsoft Shared\office12\mso.dll (2007 Microsoft Office component/Microsoft Corporation)
.text          C:\Programme\Microsoft Office\Office12\OUTLOOK.EXE[3580] ole32.dll!OleLoadFromStream                                                                                  774F981B 5 Bytes  JMP 32920DB5 C:\Programme\Gemeinsame Dateien\Microsoft Shared\office12\mso.dll (2007 Microsoft Office component/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

Device                                                                                                                                                                                mrxsmb.sys (Windows NT SMB Minirdr/Microsoft Corporation)
Device                                                                                                                                                                                A6A97D20

AttachedDevice                                                                                                                                                                        fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

Device                                                                                                                                                                                Cdfs.SYS (CD-ROM File System Driver/Microsoft Corporation)
Device                                                                                                                                                                                DLAIFS_M.SYS (Drive Letter Access Component/Roxio)

---- Threads - GMER 1.0.15 ----

Thread          System [4:896]                                                                                                                                                        AA165E70
Thread          System [4:908]                                                                                                                                                        AA166720
Thread          System [4:912]                                                                                                                                                        AA166720
Thread          System [4:916]                                                                                                                                                        AA166720
Thread          System [4:920]                                                                                                                                                        AA166720
Thread          System [4:924]                                                                                                                                                        AA166720
Thread          System [4:928]                                                                                                                                                        AA166720
Thread          System [4:932]                                                                                                                                                        AA16629E
Thread          System [4:936]                                                                                                                                                        AA16629E
Thread          System [4:940]                                                                                                                                                        AA16629E
Thread          System [4:944]                                                                                                                                                        AA16629E
Thread          System [4:948]                                                                                                                                                        AA16629E
Thread          System [4:952]                                                                                                                                                        AA166576
Thread          System [4:956]                                                                                                                                                        AA166576
Thread          System [4:960]                                                                                                                                                        AA166576
Thread          System [4:964]                                                                                                                                                        AA166576
Thread          System [4:968]                                                                                                                                                        AA166576
Thread          System [4:972]                                                                                                                                                        AA16753A
Thread          System [4:976]                                                                                                                                                        AA167602
Thread          System [4:980]                                                                                                                                                        AA1723DE
Thread          System [4:984]                                                                                                                                                        AA165E70
Thread          System [4:988]                                                                                                                                                        AA165E70
Thread          System [4:992]                                                                                                                                                        AA165E70
Thread          System [4:996]                                                                                                                                                        AB421B8E
Thread          System [4:1000]                                                                                                                                                      AB4221AC
Thread          System [4:1004]                                                                                                                                                      AB190298
Thread          System [4:1008]                                                                                                                                                      AB190344
Thread          System [4:1012]                                                                                                                                                      AB1903EE

---- Services - GMER 1.0.15 ----

Service        C:\Programme\Dell (*** hidden *** )                                                                                                                                  [AUTO] sprtsvc_dellsupportcenter                                                                                                                          <-- ROOTKIT !!!

---- EOF - GMER 1.0.15 ----
--- --- ---

Das andere mache ich gleich!
Gruß
Detlef

abuarmin 11.06.2011 20:58
Osam kann ich nicht öffnen! Das .rar-format kann ich nicht öffnen. Deshalb mache ich gleich mit MBRCheck weiter.
Gruß
Detlef

abuarmin 11.06.2011 21:00
Und hier ist MBRCheck:

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows XP Professional
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x0000000c

Kernel Drivers (total 142):
0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
0x806E6000 \WINDOWS\system32\hal.dll
0xBA5A8000 \WINDOWS\system32\KDCOM.DLL
0xBA4B8000 \WINDOWS\system32\BOOTVID.dll
0xB9F78000 ACPI.sys
0xBA5AA000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xB9F67000 pci.sys
0xBA0A8000 isapnp.sys
0xBA4BC000 compbatt.sys
0xBA4C0000 \WINDOWS\system32\DRIVERS\BATTC.SYS
0xBA670000 pciide.sys
0xBA328000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xBA0B8000 MountMgr.sys
0xB9F48000 ftdisk.sys
0xB9F22000 dmio.sys
0xBA330000 PartMgr.sys
0xBA4C4000 ACPIEC.sys
0xBA671000 \WINDOWS\system32\DRIVERS\OPRGHDLR.SYS
0xBA0C8000 VolSnap.sys
0xB9F0A000 atapi.sys
0xB9E43000 iaStor.sys
0xBA0D8000 disk.sys
0xBA0E8000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xB9E23000 fltMgr.sys
0xB9E11000 sr.sys
0xBA5AC000 DLACDBHM.SYS
0xB9DFA000 DRVMCDB.SYS
0xBA0F8000 PxHelp20.sys
0xB9DE3000 KSecDD.sys
0xB9D56000 Ntfs.sys
0xB9D29000 NDIS.sys
0xBA108000 Combo-Fix.sys
0xBA118000 ohci1394.sys
0xBA128000 \WINDOWS\system32\DRIVERS\1394BUS.SYS
0xB9D0F000 Mup.sys
0xBA148000 \SystemRoot\system32\DRIVERS\nic1394.sys
0xBA1B8000 \SystemRoot\system32\DRIVERS\intelppm.sys
0xB9CA6000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0xB7A26000 \SystemRoot\system32\DRIVERS\nv4_mini.sys
0xB7A12000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xBA400000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0xB79EE000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xBA408000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xB79C6000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0xB7872000 \SystemRoot\system32\DRIVERS\bcmwl5.sys
0xB7858000 \SystemRoot\system32\DRIVERS\Rtenicxp.sys
0xBA1C8000 \SystemRoot\system32\DRIVERS\o2sd.sys
0xB7840000 \SystemRoot\system32\DRIVERS\SCSIPORT.SYS
0xBA1D8000 \SystemRoot\system32\DRIVERS\o2media.sys
0xB9CA2000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0xBA1E8000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0xBA410000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xB7814000 \SystemRoot\system32\DRIVERS\Apfiltr.sys
0xBA248000 \SystemRoot\system32\DRIVERS\WDFLDR.SYS
0xB7799000 \SystemRoot\system32\DRIVERS\Wdf01000.sys
0xBA418000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xBA258000 \SystemRoot\system32\DRIVERS\imapi.sys
0xBA1F8000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xBA208000 \SystemRoot\system32\DRIVERS\redbook.sys
0xB7776000 \SystemRoot\system32\DRIVERS\ks.sys
0xBA218000 \SystemRoot\System32\Drivers\tosrfcom.sys
0xBA6DD000 \SystemRoot\system32\DRIVERS\audstub.sys
0xBA228000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xB9C96000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xB775F000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xBA238000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xBA268000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xBA420000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xB774E000 \SystemRoot\system32\DRIVERS\psched.sys
0xBA278000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xBA458000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xBA460000 \SystemRoot\system32\DRIVERS\raspti.sys
0xB72D1000 \SystemRoot\system32\DRIVERS\rdpdr.sys
0xB807E000 \SystemRoot\system32\DRIVERS\termdd.sys
0xBA5F0000 \SystemRoot\system32\DRIVERS\swenum.sys
0xB7273000 \SystemRoot\system32\DRIVERS\update.sys
0xBA580000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xB1B74000 \SystemRoot\system32\DRIVERS\tosporte.sys
0xB1799000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xB1789000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xBA660000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xAA382000 \SystemRoot\system32\drivers\RtkHDAud.sys
0xAA35E000 \SystemRoot\system32\drivers\portcls.sys
0xAB4AD000 \SystemRoot\system32\drivers\drmk.sys
0xAB98C000 \SystemRoot\System32\Drivers\i2omgmt.SYS
0xAA30F000 \SystemRoot\system32\DRIVERS\MpFilter.sys
0xAB9B6000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xBA726000 \SystemRoot\System32\Drivers\Null.SYS
0xAB9B4000 \SystemRoot\System32\Drivers\Beep.SYS
0xAB6D4000 \SystemRoot\System32\Drivers\DLARTL_M.SYS
0xAB1C6000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0xAB1BE000 \SystemRoot\System32\drivers\vga.sys
0xAB9B2000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xAB9B0000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xAB1B6000 \SystemRoot\System32\Drivers\Msfs.SYS
0xAB1AE000 \SystemRoot\System32\Drivers\Npfs.SYS
0xB6A91000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xAA2DC000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xAA283000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xAA25B000 \SystemRoot\system32\DRIVERS\netbt.sys
0xAA235000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xAA213000 \SystemRoot\System32\drivers\afd.sys
0xAB48D000 \SystemRoot\system32\DRIVERS\netbios.sys
0xAB47D000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xAA1E8000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xAA178000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xAB46D000 \SystemRoot\system32\DRIVERS\arp1394.sys
0xAB19E000 \??\c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Microsoft\Microsoft Antimalware\Definition Updates\{9D1B24A5-C07A-4710-81F7-E77FA13C440E}\MpKsld2281442.sys
0xAB45D000 \SystemRoot\System32\Drivers\Fips.SYS
0xAA33A000 \SystemRoot\SYSTEM32\DRIVERS\APPDRV.SYS
0xAAD88000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xAA083000 \SystemRoot\System32\Drivers\dump_iaStor.sys
0xBF800000 \SystemRoot\System32\win32k.sys
0xB904B000 \SystemRoot\System32\drivers\Dxapi.sys
0xAB17E000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xBA6E4000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF012000 \SystemRoot\System32\nv4_disp.dll
0xBF60C000 \SystemRoot\System32\ATMFD.DLL
0xB80EE000 \SystemRoot\System32\Drivers\DRVNDDM.SYS
0xBA794000 \SystemRoot\System32\Drivers\DLADResM.SYS
0xA8D6A000 \SystemRoot\System32\Drivers\DLAIFS_M.SYS
0xAAC8E000 \SystemRoot\System32\Drivers\DLAOPIOM.SYS
0xADB70000 \SystemRoot\System32\Drivers\DLAPoolM.SYS
0xAAC86000 \SystemRoot\System32\Drivers\DLABMFSM.SYS
0xAAC7E000 \SystemRoot\System32\Drivers\DLABOIOM.SYS
0xA8D54000 \SystemRoot\System32\Drivers\DLAUDFAM.SYS
0xA8D3D000 \SystemRoot\System32\Drivers\DLAUDF_M.SYS
0xAB97C000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xA8BC0000 \SystemRoot\system32\drivers\wdmaud.sys
0xBA198000 \SystemRoot\system32\drivers\sysaudio.sys
0xA8AA5000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0xA89D5000 \SystemRoot\system32\DRIVERS\srv.sys
0xA7166000 \SystemRoot\System32\Drivers\HTTP.sys
0xBA498000 \??\C:\ComboFix\catchme.sys
0xBA61E000 \??\C:\WINDOWS\system32\Drivers\PROCEXP113.SYS
0xAB704000 \??\c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Microsoft\Microsoft Antimalware\Definition Updates\{B37BBCC4-58DD-4B69-859A-AF24857B7675}\MpKsl157cf596.sys
0xA7E89000 \SystemRoot\system32\DRIVERS\asyncmac.sys
0xA6AB4000 \??\C:\DOKUME~1\ICHALL~1\LOKALE~1\Temp\uxtdapod.sys
0xA6A90000 \SystemRoot\System32\Drivers\Fastfat.SYS
0xA6A65000 \SystemRoot\system32\drivers\kmixer.sys
0x7C910000 \WINDOWS\system32\ntdll.dll

Processes (total 65):
0 System Idle Process
4 System
856 C:\WINDOWS\system32\smss.exe
1204 csrss.exe
1236 C:\WINDOWS\system32\winlogon.exe
1280 C:\WINDOWS\system32\services.exe
1292 C:\WINDOWS\system32\lsass.exe
1500 C:\WINDOWS\system32\svchost.exe
1548 svchost.exe
1692 C:\Programme\Microsoft Security Client\Antimalware\MsMpEng.exe
1728 C:\WINDOWS\system32\svchost.exe
1824 svchost.exe
1980 svchost.exe
388 C:\WINDOWS\system32\WLTRYSVC.EXE
416 C:\WINDOWS\system32\BCMWLTRY.EXE
608 C:\WINDOWS\system32\spoolsv.exe
628 C:\WINDOWS\system32\BRSS01A.EXE
1168 svchost.exe
1584 C:\Programme\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
156 C:\Programme\ICQ6Toolbar\ICQ Service.exe
236 C:\Programme\Java\jre6\bin\jqs.exe
1336 C:\Programme\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe
2124 C:\WINDOWS\system32\nvsvc32.exe
2168 C:\WINDOWS\system32\drivers\o2flash.exe
2256 C:\Programme\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
2372 C:\Programme\DellTPad\Apoint.exe
2432 C:\WINDOWS\RTHDCPL.EXE
2444 sqlbrowser.exe
2468 C:\WINDOWS\system32\rundll32.exe
2492 C:\WINDOWS\system32\WLTRAY.EXE
2512 C:\Programme\Dell\QuickSet\quickset.exe
2520 C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
2504 C:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe
2588 C:\Programme\Java\jre6\bin\jusched.exe
2640 C:\WINDOWS\system32\svchost.exe
2784 C:\Programme\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
2856 C:\Programme\Real\RealPlayer\Update\realsched.exe
2944 C:\Programme\TomTom HOME 2\TomTomHOMEService.exe
3064 C:\Programme\Google\Google Desktop Search\GoogleDesktop.exe
3060 C:\WINDOWS\system32\searchindexer.exe
3296 C:\PROGRA~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe
3392 C:\Programme\Microsoft Security Client\msseces.exe
3412 C:\Programme\DellTPad\ApMsgFwd.exe
3444 C:\Programme\BabylonToolbar\BabylonToolbar\1.4.19.19\BabylonToolbarsrv.exe
3468 C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\ISUSPM.exe
3624 C:\Programme\DellTPad\hidfind.exe
3700 C:\Programme\DellTPad\ApntEx.exe
3760 C:\Programme\TomTom HOME 2\TomTomHOMERunner.exe
3968 C:\Programme\OpenOffice.org 3\program\soffice.exe
4088 C:\Programme\OpenOffice.org 3\program\soffice.bin
1088 wmiprvse.exe
840 C:\WINDOWS\system32\ctfmon.exe
2892 C:\WINDOWS\system32\wbem\wmiapsrv.exe
1808 alg.exe
3284 C:\WINDOWS\explorer.exe
2968 C:\Programme\Mozilla Firefox\firefox.exe
456 C:\Programme\Mozilla Firefox\plugin-container.exe
3580 C:\Programme\Microsoft Office\Office12\OUTLOOK.EXE
512 C:\Programme\Mozilla Firefox\plugin-container.exe
4992 C:\WINDOWS\system32\wscntfy.exe
5284 C:\Dokumente und Einstellungen\ichallein\Eigene Dateien\Downloads\dcej0ztm.exe
5764 C:\Programme\QuickTime\QuickTimePlayer.exe
3428 C:\WINDOWS\system32\searchprotocolhost.exe
3664 searchfilterhost.exe
6112 C:\Dokumente und Einstellungen\ichallein\Eigene Dateien\Downloads\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`075a9e00 (NTFS)

PhysicalDrive0 Model Number: WDCWD2500BEVT-75ZCT2, Rev: 11.01A11

Size Device Name MBR Status
--------------------------------------------
232 GB \\.\PhysicalDrive0 Windows 2008 MBR code detected
SHA1: 8DF43F2BDE2D9451948FA14B5279969C777A7979


Done!

Gruß

Detlef

abuarmin 11.06.2011 21:41
So, nun kommt doch OSAM:
OSAM Logfile:
Code:
Report of OSAM: Autorun Manager v5.0.11926.0
Online Solutions. Complex Protection for Information Systems
Saved at 22:39:28 on 11.06.2011

OS: Windows XP Professional Service Pack 3 (Build 2600)
Default Browser: Microsoft Corporation Internet Explorer 8.00.6001.18702

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Common]
-----( %SystemRoot%\Tasks )-----
"AppleSoftwareUpdate.job" - "Apple Inc." - C:\Programme\Apple Software Update\SoftwareUpdate.exe
"GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Programme\Google\Update\GoogleUpdate.exe
"GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Programme\Google\Update\GoogleUpdate.exe
"RealUpgradeLogonTaskS-1-5-21-542718681-3178781138-3301103432-1005.job" - "RealNetworks, Inc." - C:\Programme\Real\RealUpgrade\realupgrade.exe
"RealUpgradeScheduledTaskS-1-5-21-542718681-3178781138-3301103432-1005.job" - "RealNetworks, Inc." - C:\Programme\Real\RealUpgrade\realupgrade.exe
"MP Scheduled Scan.job" - "Microsoft Corporation" - c:\Programme\Microsoft Security Client\Antimalware\MpCmdRun.exe
"Scheduled Update for Ask Toolbar.job" - ? - C:\Programme\Ask.com\UpdateTask.exe  (File found, but it contains no detailed information)

[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"BCMWLCPL.CPL" - "Dell Inc." - C:\WINDOWS\system32\BCMWLCPL.CPL
"cmdvdpak.cpl" - "Sonic Solutions" - C:\WINDOWS\system32\cmdvdpak.cpl
"FlashPlayerCPLApp.cpl" - "Adobe Systems Incorporated" - C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
"infocardcpl.cpl" - "Microsoft Corporation" - C:\WINDOWS\system32\infocardcpl.cpl
"ISUSPM.cpl" - "Macrovision Corporation" - C:\WINDOWS\system32\ISUSPM.cpl
"javacpl.cpl" - "Sun Microsystems, Inc." - C:\WINDOWS\system32\javacpl.cpl
"LocalCOM.cpl" - "東芝公司" - C:\WINDOWS\system32\LocalCOM.cpl
"nvcpl.cpl" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvcpl.cpl
"nvtuicpl.cpl" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvtuicpl.cpl
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"Avira AntiVir Personal - Free Antivirus " - ? - C:\PROGRA~1\Avira\ANTIVI~1\avconfig.cpl  (File not found)
"mlcfg32.cpl" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\MLCFG32.CPL
"QuickTime" - "Apple Inc." - C:\Programme\QuickTime\QTSystem\QuickTime.cpl

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"APPDRV" (APPDRV) - "Dell Inc" - C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS
"catchme" (catchme) - ? - C:\ComboFix\catchme.sys  (File not found)
"Changer" (Changer) - ? - C:\WINDOWS\system32\drivers\Changer.sys  (File not found)
"DLABMFSM" (DLABMFSM) - "Roxio" - C:\WINDOWS\System32\Drivers\DLABMFSM.SYS
"DLABOIOM" (DLABOIOM) - "Roxio" - C:\WINDOWS\System32\Drivers\DLABOIOM.SYS
"DLACDBHM" (DLACDBHM) - "Roxio" - C:\WINDOWS\System32\Drivers\DLACDBHM.SYS
"DLADResM" (DLADResM) - "Roxio" - C:\WINDOWS\System32\Drivers\DLADResM.SYS
"DLAIFS_M" (DLAIFS_M) - "Roxio" - C:\WINDOWS\System32\Drivers\DLAIFS_M.SYS
"DLAOPIOM" (DLAOPIOM) - "Roxio" - C:\WINDOWS\System32\Drivers\DLAOPIOM.SYS
"DLAPoolM" (DLAPoolM) - "Roxio" - C:\WINDOWS\System32\Drivers\DLAPoolM.SYS
"DLARTL_M" (DLARTL_M) - "Roxio" - C:\WINDOWS\System32\Drivers\DLARTL_M.SYS
"DLAUDFAM" (DLAUDFAM) - "Roxio" - C:\WINDOWS\System32\Drivers\DLAUDFAM.SYS
"DLAUDF_M" (DLAUDF_M) - "Roxio" - C:\WINDOWS\System32\Drivers\DLAUDF_M.SYS
"DRVMCDB" (DRVMCDB) - "Sonic Solutions" - C:\WINDOWS\System32\Drivers\DRVMCDB.SYS
"DRVNDDM" (DRVNDDM) - "Roxio" - C:\WINDOWS\System32\Drivers\DRVNDDM.SYS
"lbrtfdc" (lbrtfdc) - ? - C:\WINDOWS\system32\drivers\lbrtfdc.sys  (File not found)
"mbr" (mbr) - ? - C:\DOKUME~1\ICHALL~1\LOKALE~1\Temp\mbr.sys  (Hidden registry entry, rootkit activity | File not found)
"MpKsl033aadec" (MpKsl033aadec) - ? - C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Microsoft\Microsoft Antimalware\Definition Updates\{6652333F-E6E9-4257-975E-48CB984E3B8D}\MpKsl033aadec.sys  (File not found)
"MpKsl3aa8aa8f" (MpKsl3aa8aa8f) - ? - C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Microsoft\Microsoft Antimalware\Definition Updates\{6652333F-E6E9-4257-975E-48CB984E3B8D}\MpKsl3aa8aa8f.sys  (File not found)
"MpKsl55230e96" (MpKsl55230e96) - ? - C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Microsoft\Microsoft Antimalware\Definition Updates\{6652333F-E6E9-4257-975E-48CB984E3B8D}\MpKsl55230e96.sys  (File not found)
"MpKsl76db2902" (MpKsl76db2902) - ? - C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Microsoft\Microsoft Antimalware\Definition Updates\{6652333F-E6E9-4257-975E-48CB984E3B8D}\MpKsl76db2902.sys  (File not found)
"MpKsl80ed5f4d" (MpKsl80ed5f4d) - "Microsoft Corporation" - c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Microsoft\Microsoft Antimalware\Definition Updates\{D18959FE-3820-4E9B-851B-83A07C610F53}\MpKsl80ed5f4d.sys
"MpKsl8fe2470b" (MpKsl8fe2470b) - ? - C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Microsoft\Microsoft Antimalware\Definition Updates\{6652333F-E6E9-4257-975E-48CB984E3B8D}\MpKsl8fe2470b.sys  (File not found)
"MpKsl988aa76d" (MpKsl988aa76d) - ? - C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Microsoft\Microsoft Antimalware\Definition Updates\{6652333F-E6E9-4257-975E-48CB984E3B8D}\MpKsl988aa76d.sys  (File not found)
"MpKslb7609bc3" (MpKslb7609bc3) - ? - c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Microsoft\Microsoft Antimalware\Definition Updates\{9D1B24A5-C07A-4710-81F7-E77FA13C440E}\MpKslb7609bc3.sys  (File not found)
"MpKsld2281442" (MpKsld2281442) - ? - c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Microsoft\Microsoft Antimalware\Definition Updates\{9D1B24A5-C07A-4710-81F7-E77FA13C440E}\MpKsld2281442.sys  (File not found)
"PCIDump" (PCIDump) - ? - C:\WINDOWS\system32\drivers\PCIDump.sys  (File not found)
"PDCOMP" (PDCOMP) - ? - C:\WINDOWS\system32\drivers\PDCOMP.sys  (File not found)
"PDFRAME" (PDFRAME) - ? - C:\WINDOWS\system32\drivers\PDFRAME.sys  (File not found)
"PDRELI" (PDRELI) - ? - C:\WINDOWS\system32\drivers\PDRELI.sys  (File not found)
"PDRFRAME" (PDRFRAME) - ? - C:\WINDOWS\system32\drivers\PDRFRAME.sys  (File not found)
"PxHelp20" (PxHelp20) - "Sonic Solutions" - C:\WINDOWS\System32\Drivers\PxHelp20.sys
"uxtdapod" (uxtdapod) - ? - C:\DOKUME~1\ICHALL~1\LOKALE~1\Temp\uxtdapod.sys  (Hidden registry entry, rootkit activity | File not found)
"WDICA" (WDICA) - ? - C:\WINDOWS\system32\drivers\WDICA.sys  (File not found)

[Explorer]
-----( HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components )-----
{89B4C1CD-B018-4511-B0A1-5476DBF70820} "StubPath" - "Microsoft Corporation" - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.dll
{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" - ? - C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
-----( HKLM\Software\Classes\Protocols\Filter )-----
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
{807563E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
-----( HKLM\Software\Classes\Protocols\Handler )-----
{32505114-5902-49B2-880A-1F7738E5A384} "Data Page Plugable Protocal mso-offdap11 Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\WEBCOM~1\11\OWC11.DLL
{314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll
{828030A1-22C1-4009-854F-8E305202313F} "livecall" - "Microsoft Corporation" - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
{0A9007C0-4076-11D3-8789-0000F8105754} "Microsoft Infotech Storage Protocol for IE 4.0" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\msitss.dll
{828030A1-22C1-4009-854F-8E305202313F} "msnim" - "Microsoft Corporation" - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
{03C514A3-1EFB-4856-9F99-10D7BE1653C0} "Windows Live Mail HTML Asynchronous Pluggable Protocol Handler" - "Microsoft Corporation" - C:\Programme\Windows Live\Mail\mailcomm.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )-----
{56F9679E-7826-4C84-81F3-532071A8BCC5} "Windows Desktop Search Namespace Manager" - "Microsoft Corporation" - C:\Programme\Windows Desktop Search\MSNLNamespaceMgr.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{45C6AFA5-2C13-402f-BC5D-45CC8172EF6B} "Bluetooth-Informationsaustausch" - "TOSHIBA" - C:\WINDOWS\system32\TosBtExt.dll
{0563DB41-F538-4B37-A92D-4659049B7766} "CLSID_WLMCMimeFilter" - "Microsoft Corporation" - C:\Programme\Windows Live\Mail\mailcomm.dll
{42071714-76d4-11d1-8b24-00a0c9068ff3} "CPL-Erweiterung für Anzeigeverschiebung" - ? - deskpan.dll  (File not found)
{1CDB2949-8F65-4355-8456-263E7C208A5D} "Desktop Explorer" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvshell.dll
{1E9B04FB-F9E5-4718-997B-B8DA88302A47} "Desktop Explorer Menu" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvshell.dll
{09A47860-11B0-4DA5-AFA5-26D86198A780} "EPP" - "Microsoft Corporation" - c:\PROGRA~1\MI239C~1\shellext.dll
{1D2680C9-0E2A-469d-B787-065558BC7D43} "Fusion Cache" - "Microsoft Corporation" - c:\WINDOWS\system32\mscoree.dll
{FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} "IE User Assist" - ? -  (File not found | COM-object registry key not found)
{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} "Kontextmenü für die Verschlüsselung" - ? -  (File not found | COM-object registry key not found)
{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Programme\Microsoft Office\Office12\msohevi.dll
{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\OFFICE12\msoshext.dll
{00020D75-0000-0000-C000-000000000046} "Microsoft Office Outlook" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\MLSHEXT.DLL
{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\OFFICE12\msoshext.dll
{1E9B04FB-F9E5-4718-997B-B8DA88302A48} "nView Desktop Context Menu" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvshell.dll
{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "OpenOffice.org Column Handler" - ? - C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{087B3AE3-E237-4467-B8DB-5A38AB959AC9} "OpenOffice.org Infotip Handler" - ? - C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{63542C48-9552-494A-84F7-73AA6A7C99C1} "OpenOffice.org Property Sheet Handler" - ? - C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{3B092F0C-7696-40E3-A80F-68D74DA84210} "OpenOffice.org Thumbnail Viewer" - ? - C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{A4DF5659-0801-4A60-9607-1C48695EFDA9} "Ordner HP Share-to-Web" - "Hewlett-Packard" - C:\Programme\Hewlett-Packard\HP Share-to-Web\HPGS2WNS.DLL
{0006F045-0000-0000-C000-000000000046} "Outlook File Icon Extension" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\OLKFSTUB.DLL
{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} "RealOne Player Context Menu Class" - "RealNetworks, Inc." - c:\programme\real\realplayer\rpshell.dll
{5E44E225-A408-11CF-B581-008029601108} "Roxio DragToDisc Shell Extension" - "Roxio" - C:\Programme\Roxio\Drag-to-Disc\Shellex.dll
{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - ? -  (File not found | COM-object registry key not found)
{E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} "Shell Icon Handler for Application References" - "Microsoft Corporation" - c:\WINDOWS\system32\dfshim.dll
{764BF0E1-F219-11ce-972D-00AA00A14F56} "Shellerweiterungen für die Dateikomprimierung" - ? -  (File not found | COM-object registry key not found)
{e82a2d71-5b2f-43a0-97b8-81be15854de8} "ShellLink for Application References" - "Microsoft Corporation" - c:\WINDOWS\system32\dfshim.dll
{BDEADF00-C265-11D0-BCED-00A0C90AB50F} "Web Folders" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Folders\MSONSEXT.DLL
{13E7F612-F261-4391-BEA2-39DF4F3FA311} "Windows Desktop Search" - "Microsoft Corporation" - C:\Programme\Windows Desktop Search\msnlExt.dll
{2BE99FD4-A181-4996-BFA9-58C5FFD11F6C} "Windows Live Photo Gallery Autoplay Drop Target" - "Microsoft Corporation" - C:\Programme\Windows Live\Photo Gallery\WLXPhotoGallery.exe
{00F30F64-AC33-42F5-8FD1-5DC2D3FDE06C} "Windows Live Photo Gallery Editor Drop Target" - "Microsoft Corporation" - C:\Programme\Windows Live\Photo Gallery\WLXPhotoGallery.exe
{00F3712A-CA79-45B4-9E4D-D7891E7F8B9D} "Windows Live Photo Gallery Editor Shim" - "Microsoft Corporation" - C:\Programme\Windows Live\Photo Gallery\PhotoViewerShim.dll
{00F30F90-3E96-453B-AFCD-D71989ECC2C7} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Programme\Windows Live\Photo Gallery\PhotoViewerShim.dll
{00F33137-EE26-412F-8D71-F84E4C2C6625} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Programme\Windows Live\Photo Gallery\PhotoViewerShim.dll
{00F374B7-B390-4884-B372-2FC349F2172B} "Windows Live Photo Gallery Viewer Drop Target" - "Microsoft Corporation" - C:\Programme\Windows Live\Photo Gallery\WLXPhotoGallery.exe
{00F346CB-35A4-465B-8B8F-65A29DBAB1F6} "Windows Live Photo Gallery Viewer Shim" - "Microsoft Corporation" - C:\Programme\Windows Live\Photo Gallery\PhotoViewerShim.dll
{da67b8ad-e81b-4c70-9b91b417b5e33527} "Windows Search Shell Service" - ? -  (File not found | COM-object registry key not found)
{06A2568A-CED6-4187-BB20-400B8C02BE5A} "{06A2568A-CED6-4187-BB20-400B8C02BE5A}" - "Microsoft Corporation" - C:\Programme\Windows Live\Photo Gallery\WLXPhotoAcquireWizard.exe

[Internet Explorer]
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
<binary data> "&Windows Live Toolbar" - "Microsoft Corporation" - C:\Programme\Windows Live\Toolbar\wltcore.dll
<binary data> "Conduit Engine" - "Conduit Ltd." - C:\Programme\ConduitEngine\ConduitEngine.dll
<binary data> "Google Toolbar" - "Google Inc." - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll
ITBar7Height "ITBar7Height" - ? -  (File not found | COM-object registry key not found)
<binary data> "ITBar7Layout" - ? -  (File not found | COM-object registry key not found)
<binary data> "ITBarLayout" - ? -  (File not found | COM-object registry key not found)
<binary data> "Softonic Toolbar" - "Search-Results" - C:\Programme\Ask.com\GenericAskToolbar.dll
<binary data> "Suche Deutschland Toolbar" - "Conduit Ltd." - C:\Programme\Suche_Deutschland\prxtbSuc0.dll
<binary data> "uTorrentBar_DE Toolbar" - "Conduit Ltd." - C:\Programme\uTorrentBar_DE\tbuTor.dll
<binary data> "{DFEFCDEE-CF1A-4FC8-88AD-48514E463B27}" - ? -  (File not found | COM-object registry key not found)
-----( HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks )-----
{855F3B16-6D32-4fe6-8A56-BBB695989046} "ICQToolBar" - "ICQ" - C:\Programme\ICQ6Toolbar\ICQToolBar.dll
{937f343c-c9c2-4235-b544-7fc4da2f2594} "Suche Deutschland Toolbar" - "Conduit Ltd." - C:\Programme\Suche_Deutschland\prxtbSuc0.dll
{c840e246-6b95-475e-9bd7-caa1c7eca9f2} "uTorrentBar_DE Toolbar" - "Conduit Ltd." - C:\Programme\uTorrentBar_DE\tbuTor.dll
 "{855F3B16-6D32-4fe6-8A56-BBB695989046}" - ? -  (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_16" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_16.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} "Java Plug-in 1.6.0_16" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_16.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_16" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_16.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
{53707962-6F74-2D53-2644-206D7942484F} "ClsidExtension" - "Safer Networking Limited" - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
"ICQ6" - "ICQ, LLC." - C:\Programme\ICQ6.5\ICQ.exe
{5F7B1267-94A9-47F5-98DB-E99415F33AEC} "In Blog veröffentlichen" - "Microsoft Corporation" - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll
{FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Research" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )-----
<binary data> "&Windows Live Toolbar" - "Microsoft Corporation" - C:\Programme\Windows Live\Toolbar\wltcore.dll
{30F9B915-B755-4826-820B-08FBA6BD249D} "Conduit Engine" - "Conduit Ltd." - C:\Programme\ConduitEngine\ConduitEngine.dll
<binary data> "Google Toolbar" - "Google Inc." - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll
{855F3B16-6D32-4fe6-8A56-BBB695989046} "ICQToolBar" - "ICQ" - C:\Programme\ICQ6Toolbar\ICQToolBar.dll
<binary data> "Softonic Toolbar" - "Search-Results" - C:\Programme\Ask.com\GenericAskToolbar.dll
{937f343c-c9c2-4235-b544-7fc4da2f2594} "Suche Deutschland Toolbar" - "Conduit Ltd." - C:\Programme\Suche_Deutschland\prxtbSuc0.dll
{c840e246-6b95-475e-9bd7-caa1c7eca9f2} "uTorrentBar_DE Toolbar" - "Conduit Ltd." - C:\Programme\uTorrentBar_DE\tbuTor.dll
{DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} "{DFEFCDEE-CF1A-4FC8-88AD-48514E463B27}" - ? -  (File not found | COM-object registry key not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
{30F9B915-B755-4826-820B-08FBA6BD249D} "Conduit Engine" - "Conduit Ltd." - C:\Programme\ConduitEngine\ConduitEngine.dll
{AA58ED58-01DD-4d91-8333-CF10577473F7} "Google Toolbar Helper" - "Google Inc." - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} "Google Toolbar Notifier BHO" - "Google Inc." - C:\Programme\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jp2ssv.dll
{E7E6F031-17CE-4C07-BC86-EABFE594F69C} "JQSIEStartDetectorImpl Class" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
{3049C3E9-B461-4BC5-8870-4C09146192CA} "RealPlayer Download and Record Plugin for Internet Explorer" - "RealPlayer" - C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
{6EBF7485-159F-4bff-A14F-B9E3AAC4465B} "Search Helper" - "Microsoft Corp." - C:\Programme\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
{D4027C7F-154A-4066-A1AD-4243D8127440} "Softonic Toolbar" - "Search-Results" - C:\Programme\Ask.com\GenericAskToolbar.dll
{53707962-6F74-2D53-2644-206D7942484F} "Spybot-S&D IE Protection" - "Safer Networking Limited" - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
{937f343c-c9c2-4235-b544-7fc4da2f2594} "Suche Deutschland Toolbar" - "Conduit Ltd." - C:\Programme\Suche_Deutschland\prxtbSuc0.dll
{c840e246-6b95-475e-9bd7-caa1c7eca9f2} "uTorrentBar_DE Toolbar" - "Conduit Ltd." - C:\Programme\uTorrentBar_DE\tbuTor.dll
{9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live Anmelde-Hilfsprogramm" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} "Windows Live Toolbar Helper" - "Microsoft Corporation" - C:\Programme\Windows Live\Toolbar\wltcore.dll
{5C255C8A-E604-49b4-9D64-90988571CECB} "{5C255C8A-E604-49b4-9D64-90988571CECB}" - ? -  (File not found | COM-object registry key not found)

[Logon]
-----( %UserProfile%\Startmenü\Programme\Autostart )-----
"desktop.ini" - ? - C:\Dokumente und Einstellungen\ichallein\Startmenü\Programme\Autostart\desktop.ini
"OpenOffice.org 3.1.lnk" - ? - C:\Programme\OpenOffice.org 3\program\quickstart.exe  (Shortcut exists | File found, but it contains no detailed information | File exists)
-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----
"ISUSPM" - "Macrovision Corporation" - "C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\ISUSPM.exe" -scheduler
"msnmsgr" - "Microsoft Corporation" - "C:\Programme\Windows Live\Messenger\msnmsgr.exe" /background
"SpybotSD TeaTimer" - "Safer-Networking Ltd." - C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
"TomTomHOME.exe" - "TomTom" - "C:\Programme\TomTom HOME 2\TomTomHOMERunner.exe"
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"Adobe ARM" - "Adobe Systems Incorporated" - "C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe"
"Adobe Reader Speed Launcher" - "Adobe Systems Incorporated" - "C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"BabylonToolbar" - "Babylon Ltd." - "C:\Programme\BabylonToolbar\BabylonToolbar\1.4.19.19\BabylonToolbarsrv.exe" /md I
"Broadcom Wireless Manager UI" - "Dell Inc." - C:\WINDOWS\system32\WLTRAY.exe
"Dell QuickSet" - "Dell Inc." - C:\Programme\Dell\QuickSet\quickset.exe
"Google Desktop Search" - "Google" - "C:\Programme\Google\Google Desktop Search\GoogleDesktop.exe" /startup
"MSC" - "Microsoft Corporation" - "c:\Programme\Microsoft Security Client\msseces.exe" -hide -runkey
"NVHotkey" - "NVIDIA Corporation" - rundll32.exe nvHotkey.dll,Start
"nwiz" - "NVIDIA Corporation" - nwiz.exe /installquiet
"PDVDDXSrv" - "CyberLink Corp." - "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
"QuickTime Task" - "Apple Inc." - "C:\Programme\QuickTime\qttask.exe" -atboottime
"Share-to-Web Namespace Daemon" - "Hewlett-Packard" - C:\Programme\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
"SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Programme\Java\jre6\bin\jusched.exe"
"TkBellExe" - "RealNetworks, Inc." - "C:\programme\real\realplayer\update\realsched.exe"  -osboot

[Network Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Control\NetworkProvider\Order )-----
"Dell Wireless WLAN Card Logon Provider" - "Dell Inc." - C:\WINDOWS\System32\BCMLogon.dll

[Print Monitors]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----
"Toshiba Bluetooth Monitor" - "Toshiba America Business Solutions, Inc." - C:\WINDOWS\system32\tbtmon.dll

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
".NET Runtime Optimization Service v2.0.50727_X86" (clr_optimization_v2.0.50727_32) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
"ASP.NET-Zustandsdienst" (aspnet_state) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
"Dell Wireless WLAN Tray Service" (wltrysvc) - ? - C:\WINDOWS\System32\WLTRYSVC.EXE  (File found, but it contains no detailed information)
"Google Desktop Manager 5.9.1005.12335" (GoogleDesktopManager-051210-111108) - "Google" - C:\Programme\Google\Google Desktop Search\GoogleDesktop.exe
"Google Software Updater" (gusvc) - "Google" - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe
"Google Update Service (gupdate1c9bf4a266e0780)" (gupdate1c9bf4a266e0780) - "Google Inc." - C:\Programme\Google\Update\GoogleUpdate.exe
"Google Update-Dienst (gupdatem)" (gupdatem) - "Google Inc." - C:\Programme\Google\Update\GoogleUpdate.exe
"ICQ Service" (ICQ Service) - ? - C:\Programme\ICQ6Toolbar\ICQ Service.exe
"Java Quick Starter" (JavaQuickStarterService) - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jqs.exe
"Microsoft Antimalware Service" (MsMpSvc) - "Microsoft Corporation" - c:\Programme\Microsoft Security Client\Antimalware\MsMpEng.exe
"Microsoft Office Diagnostics Service" (odserv) - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE
"Office Source Engine" (ose) - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE
"SeaPort" (SeaPort) - "Microsoft Corp." - C:\Programme\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
"SQL Server (MSSMLBIZ)" (MSSQL$MSSMLBIZ) - "Microsoft Corporation" - c:\Programme\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
"SQL Server (SQLEXPRESS)" (MSSQL$SQLEXPRESS) - "Microsoft Corporation" - C:\Programme\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe
"SQL Server VSS Writer" (SQLWriter) - "Microsoft Corporation" - c:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe
"SQL Server-Browser" (SQLBrowser) - "Microsoft Corporation" - c:\Programme\Microsoft SQL Server\90\Shared\sqlbrowser.exe
"SQL Server-Startdienst für Business Contact Manager" (BcmSqlStartupSvc) - "Microsoft Corporation" - C:\Programme\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
"stllssvr" (stllssvr) - "MicroVision Development, Inc." - C:\Programme\Gemeinsame Dateien\SureThing Shared\stllssvr.exe
"SupportSoft Sprocket Service (dellsupportcenter)" (sprtsvc_dellsupportcenter) - ? - C:\Programme\Dell Support Center\bin\sprtsvc.exe /service /p dellsupportcenter  (File not found)
"TomTomHOMEService" (TomTomHOMEService) - "TomTom" - C:\Programme\TomTom HOME 2\TomTomHOMEService.exe
"Windows CardSpace" (idsvc) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
"Windows Presentation Foundation Font Cache 3.0.0.0" (FontCache3.0.0.0) - "Microsoft Corporation" - c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe

[Winlogon]
-----( HKCU\Control Panel\IOProcs )-----
"MVB" - ? - mvfs32.dll  (File not found)
-----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify )-----
"WgaLogon" - "Microsoft Corporation" - C:\WINDOWS\system32\WgaLogon.dll

===[ Logfile end ]=========================================[ Logfile end ]===
--- --- ---
If You have questions or want to get some help, You can visit Online Solutions :: Index

Gruß
Detlef

cosinus 11.06.2011 22:58
Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SASW und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!


Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt:


ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset



Alle Zeitangaben in WEZ +1. Es ist jetzt 19:52 Uhr.
Seite 2 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131