Trojaner-Board - Bundespolizei-Ukash (anderer Rechner mit Windows XP)

Trojaner-Board (https://www.trojaner-board.de/)

- Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)

- - Bundespolizei-Ukash (anderer Rechner mit Windows XP) (https://www.trojaner-board.de/103866-bundespolizei-ukash-anderer-rechner-windows-xp.html)

"copy to quarantine" bedeutet aber so eigentlich nur, dass es in die Quarantäne kopiert wird, sonst wird nichts weiter entfernt.

Vllt meinen die damit eher "move to quarantine", das wäre sinniger.

Mach bitte ein neues Log mit dem TDSS-Killer

guten morgen erstmal :pfeiff:

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Datenbank Version: 7884

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

06.10.2011 16:46:45
mbam-log-2011-10-06 (16-46-45).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|)
Durchsuchte Objekte: 240654
Laufzeit: 32 Minute(n), 49 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
esets_scanner_update returned -1 esets_gle=1
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6528
# api_version=3.0.2
# EOSSerial=a2d87656fa723c45beb2800e41b1aeb9
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-10-10 09:03:50
# local_time=2011-10-10 11:03:50 (+0100, Westeuropäische Normalzeit)
# country="Germany"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=1798 16775141 100 95 5466 57711251 0 0
# compatibility_mode=8192 67108863 100 0 213 213 0 0
# scanned=47536
# found=0
# cleaned=0
# scan_time=1888

hxxp://www.trojaner-board.de/images/icons/icon26.gif

ahja bevor ich das vergesse soll ich die dateien die in der quarantäne sind alle löschen ? bevor der virus evtl zurückkommt ?

Ich hab den Eindruck ich bin hier ein wenig durcheinandergekommen, hattest du den TDSS-Killer schon ausgeführt :confused: wil irgendwie seh ich kein Log dazu hab aber was von seiner Quarantäne erwähnt.

Welche Qurantäne meinst du wenn in den letzten beiden Logs von MBAM/ESET rein GARNIX zu sehen ist? :wtf:

Du weißt, was eine Quarantäne ist? Ob da die schädliche Datei drinbleibt oder nicht, das hat keine Auswirkungen. Schädlinge in der Quarantäne können nichts mehr anrichten, sie sind dort isoliert. Du solltest grundsätzlich mit der Quarantäne arbeiten, denn falls der Virenscanner durch einen Fehlalarm was wichtiges löscht, kannst Du notfalls noch über die Quarantäne an die Datei ran.

lasse tdss gleichmal drüberlaufen

tdss rüberlaufen lassen finde nirgends die logfile :eek: hat aber auch nur einen fund gehabt was mit der fritzbox nix wildes

Log vom TDSS ist direkt auf C:

:huepp:

14:58:02.0875 3700 TDSS rootkit removing tool 2.6.7.0 Oct 10 2011 09:40:06
14:58:04.0875 3700 ============================================================
14:58:04.0875 3700 Current date / time: 2011/10/10 14:58:04.0875
14:58:04.0875 3700 SystemInfo:
14:58:04.0875 3700
14:58:04.0875 3700 OS Version: 5.1.2600 ServicePack: 3.0
14:58:04.0875 3700 Product type: Workstation
14:58:04.0875 3700 ComputerName: WILLI
14:58:04.0875 3700 UserName: Teproma
14:58:04.0875 3700 Windows directory: C:\WINDOWS
14:58:04.0875 3700 System windows directory: C:\WINDOWS
14:58:04.0875 3700 Processor architecture: Intel x86
14:58:04.0875 3700 Number of processors: 2
14:58:04.0875 3700 Page size: 0x1000
14:58:04.0875 3700 Boot type: Normal boot
14:58:04.0875 3700 ============================================================
14:58:05.0656 3700 Initialize success
14:58:10.0609 0780 ============================================================
14:58:10.0609 0780 Scan started
14:58:10.0609 0780 Mode: Manual;
14:58:10.0609 0780 ============================================================
14:58:12.0343 0780 A3AB (1f489950b3e4ba796b7c035542f2fb25) C:\WINDOWS\system32\DRIVERS\A3AB.sys
14:58:12.0343 0780 A3AB - ok
14:58:12.0406 0780 Abiosdsk - ok
14:58:12.0421 0780 abp480n5 - ok
14:58:12.0484 0780 ACPI (ac407f1a62c3a300b4f2b5a9f1d55b2c) C:\WINDOWS\system32\DRIVERS\ACPI.sys
14:58:12.0484 0780 ACPI - ok
14:58:12.0562 0780 ACPIEC (9e1ca3160dafb159ca14f83b1e317f75) C:\WINDOWS\system32\drivers\ACPIEC.sys
14:58:12.0562 0780 ACPIEC - ok
14:58:12.0625 0780 adpu160m - ok
14:58:12.0687 0780 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
14:58:12.0687 0780 aec - ok
14:58:12.0796 0780 AFD (322d0e36693d6e24a2398bee62a268cd) C:\WINDOWS\System32\drivers\afd.sys
14:58:12.0796 0780 AFD - ok
14:58:12.0843 0780 Aha154x - ok
14:58:12.0859 0780 aic78u2 - ok
14:58:12.0875 0780 aic78xx - ok
14:58:12.0890 0780 AliIde - ok
14:58:12.0968 0780 Ambfilt (267fc636801edc5ab28e14036349e3be) C:\WINDOWS\system32\drivers\Ambfilt.sys
14:58:12.0984 0780 Ambfilt - ok
14:58:13.0062 0780 AmdPPM (033448d435e65c4bd72e70521fd05c76) C:\WINDOWS\system32\DRIVERS\AmdPPM.sys
14:58:13.0062 0780 AmdPPM - ok
14:58:13.0109 0780 amsint - ok
14:58:13.0125 0780 asc - ok
14:58:13.0140 0780 asc3350p - ok
14:58:13.0156 0780 asc3550 - ok
14:58:13.0218 0780 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
14:58:13.0218 0780 AsyncMac - ok
14:58:13.0296 0780 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
14:58:13.0296 0780 atapi - ok
14:58:13.0343 0780 Atdisk - ok
14:58:13.0390 0780 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
14:58:13.0390 0780 Atmarpc - ok
14:58:13.0484 0780 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
14:58:13.0484 0780 audstub - ok
14:58:13.0578 0780 avfwim (32f20f013ac88f9b1d3194f7bbff6324) C:\WINDOWS\system32\DRIVERS\avfwim.sys
14:58:13.0578 0780 avfwim - ok
14:58:13.0656 0780 avfwot (9d46038fc08b9d129ad001e2ccebd25d) C:\WINDOWS\system32\DRIVERS\avfwot.sys
14:58:13.0656 0780 avfwot - ok
14:58:13.0718 0780 avgio (0b497c79824f8e1bf22fa6aacd3de3a0) C:\Programme\Avira\AntiVir Desktop\avgio.sys
14:58:13.0718 0780 avgio - ok
14:58:13.0812 0780 avgntflt (1e4114685de1ffa9675e09c6a1fb3f4b) C:\WINDOWS\system32\DRIVERS\avgntflt.sys
14:58:13.0812 0780 avgntflt - ok
14:58:13.0890 0780 avipbb (0f78d3dae6dedd99ae54c9491c62adf2) C:\WINDOWS\system32\DRIVERS\avipbb.sys
14:58:13.0890 0780 avipbb - ok
14:58:13.0968 0780 AVMCOWAN (56acae37faeef24d346b99f45d17ef4b) C:\WINDOWS\system32\DRIVERS\AVMCOWAN.sys
14:58:13.0968 0780 AVMCOWAN - ok
14:58:14.0046 0780 AVMPORT (02568a764ef2c37cfa6f9c471e67d475) C:\WINDOWS\System32\drivers\avmport.sys
14:58:14.0046 0780 AVMPORT - ok
14:58:14.0109 0780 AVMWAN (c997af59c54d69232fb7bbea4dad86e2) C:\WINDOWS\system32\DRIVERS\avmwan.sys
14:58:14.0109 0780 AVMWAN - ok
14:58:14.0187 0780 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
14:58:14.0187 0780 Beep - ok
14:58:14.0281 0780 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
14:58:14.0281 0780 cbidf2k - ok
14:58:14.0343 0780 cd20xrnt - ok
14:58:14.0375 0780 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
14:58:14.0375 0780 Cdaudio - ok
14:58:14.0453 0780 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
14:58:14.0453 0780 Cdfs - ok
14:58:14.0531 0780 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
14:58:14.0531 0780 Cdrom - ok
14:58:14.0578 0780 Changer - ok
14:58:14.0609 0780 CmdIde - ok
14:58:14.0671 0780 cmuda (53f4cc55f3c255439c5973e31f0adce7) C:\WINDOWS\system32\drivers\cmuda.sys
14:58:14.0687 0780 cmuda - ok
14:58:14.0750 0780 Cpqarray - ok
14:58:14.0781 0780 dac2w2k - ok
14:58:14.0796 0780 dac960nt - ok
14:58:14.0843 0780 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
14:58:14.0843 0780 Disk - ok
14:58:14.0937 0780 dmboot (0dcfc8395a99fecbb1ef771cec7fe4ea) C:\WINDOWS\system32\drivers\dmboot.sys
14:58:14.0937 0780 dmboot - ok
14:58:15.0015 0780 dmio (53720ab12b48719d00e327da470a619a) C:\WINDOWS\system32\DRIVERS\dmio.sys
14:58:15.0015 0780 dmio - ok
14:58:15.0093 0780 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
14:58:15.0093 0780 dmload - ok
14:58:15.0171 0780 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
14:58:15.0171 0780 DMusic - ok
14:58:15.0218 0780 dpti2o - ok
14:58:15.0265 0780 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
14:58:15.0265 0780 drmkaud - ok
14:58:15.0359 0780 ElbyCDIO (fa13264eea448b2e1b3a844ae4f75c7a) C:\WINDOWS\system32\Drivers\ElbyCDIO.sys
14:58:15.0359 0780 ElbyCDIO - ok
14:58:15.0421 0780 ElbyDelay (df9957db3bfe5136aad3c2c101806c98) C:\WINDOWS\system32\Drivers\ElbyDelay.sys
14:58:15.0421 0780 ElbyDelay - ok
14:58:15.0500 0780 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
14:58:15.0500 0780 Fastfat - ok
14:58:15.0593 0780 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
14:58:15.0593 0780 Fdc - ok
14:58:15.0687 0780 Fips (b0678a548587c5f1967b0d70bacad6c1) C:\WINDOWS\system32\drivers\Fips.sys
14:58:15.0687 0780 Fips - ok
14:58:15.0765 0780 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
14:58:15.0765 0780 Flpydisk - ok
14:58:15.0843 0780 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
14:58:15.0843 0780 FltMgr - ok
14:58:15.0921 0780 fpcibase (45b5129aeae91ea096a9bbebff99e098) C:\WINDOWS\system32\DRIVERS\fpcibase.sys
14:58:15.0921 0780 fpcibase - ok
14:58:15.0953 0780 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
14:58:15.0968 0780 Fs_Rec - ok
14:58:16.0015 0780 Ftdisk (8f1955ce42e1484714b542f341647778) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
14:58:16.0015 0780 Ftdisk - ok
14:58:16.0093 0780 G400 (33d00f8cb70ac5f7a8101f79d5273615) C:\WINDOWS\system32\DRIVERS\G400m.sys
14:58:16.0093 0780 G400 - ok
14:58:16.0187 0780 G400DH (2dd3d27e36ebf6804c40b843ff10872f) C:\WINDOWS\system32\DRIVERS\g400dhm.sys
14:58:16.0187 0780 G400DH - ok
14:58:16.0265 0780 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
14:58:16.0265 0780 Gpc - ok
14:58:16.0343 0780 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
14:58:16.0343 0780 HDAudBus - ok
14:58:16.0390 0780 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
14:58:16.0390 0780 HidUsb - ok
14:58:16.0437 0780 hpn - ok
14:58:16.0484 0780 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
14:58:16.0484 0780 HTTP - ok
14:58:16.0546 0780 i2omgmt - ok
14:58:16.0562 0780 i2omp - ok
14:58:16.0609 0780 i8042prt (e283b97cfbeb86c1d86baed5f7846a92) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
14:58:16.0609 0780 i8042prt - ok
14:58:16.0828 0780 ialm (1312e0141a7bd409afadd52fa565927e) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
14:58:16.0859 0780 ialm - ok
14:58:16.0937 0780 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
14:58:16.0937 0780 Imapi - ok
14:58:16.0984 0780 ini910u - ok
14:58:17.0171 0780 IntcAzAudAddService (364d3642ae236c3f2f5f55f43b09ffda) C:\WINDOWS\system32\drivers\RtkHDAud.sys
14:58:17.0203 0780 IntcAzAudAddService - ok
14:58:17.0250 0780 IntelIde - ok
14:58:17.0296 0780 intelppm (4c7d2750158ed6e7ad642d97bffae351) C:\WINDOWS\system32\DRIVERS\intelppm.sys
14:58:17.0296 0780 intelppm - ok
14:58:17.0328 0780 ip6fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
14:58:17.0328 0780 ip6fw - ok
14:58:17.0406 0780 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
14:58:17.0406 0780 IpFilterDriver - ok
14:58:17.0484 0780 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
14:58:17.0484 0780 IpInIp - ok
14:58:17.0625 0780 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
14:58:17.0625 0780 IpNat - ok
14:58:17.0796 0780 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
14:58:17.0796 0780 IPSec - ok
14:58:17.0953 0780 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
14:58:17.0953 0780 IRENUM - ok
14:58:18.0078 0780 isapnp (6dfb88f64135c525433e87648bda30de) C:\WINDOWS\system32\DRIVERS\isapnp.sys
14:58:18.0078 0780 isapnp - ok
14:58:18.0140 0780 Kbdclass (1704d8c4c8807b889e43c649b478a452) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
14:58:18.0140 0780 Kbdclass - ok
14:58:18.0187 0780 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
14:58:18.0187 0780 kmixer - ok
14:58:18.0265 0780 KSecDD (1705745d900dabf2d89f90ebaddc7517) C:\WINDOWS\system32\drivers\KSecDD.sys
14:58:18.0265 0780 KSecDD - ok
14:58:18.0328 0780 lbrtfdc - ok
14:58:18.0343 0780 lrgwx - ok
14:58:18.0390 0780 MBAMProtector (69a6268d7f81e53d568ab4e7e991caf3) C:\WINDOWS\system32\drivers\mbam.sys
14:58:18.0390 0780 MBAMProtector - ok
14:58:18.0437 0780 mgabg (005992e527c5c159702dd82f9aa82c28) C:\WINDOWS\system32\drivers\mgabg.sys
14:58:18.0437 0780 mgabg - ok
14:58:18.0468 0780 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
14:58:18.0468 0780 mnmdd - ok
14:58:18.0546 0780 Modem (6fb74ebd4ec57a6f1781de3852cc3362) C:\WINDOWS\system32\drivers\Modem.sys
14:58:18.0546 0780 Modem - ok
14:58:18.0625 0780 Monfilt (c7d9f9717916b34c1b00dd4834af485c) C:\WINDOWS\system32\drivers\Monfilt.sys
14:58:18.0640 0780 Monfilt - ok
14:58:18.0718 0780 Mouclass (b24ce8005deab254c0251e15cb71d802) C:\WINDOWS\system32\DRIVERS\mouclass.sys
14:58:18.0718 0780 Mouclass - ok
14:58:18.0796 0780 mouhid (66a6f73c74e1791464160a7065ce711a) C:\WINDOWS\system32\DRIVERS\mouhid.sys
14:58:18.0796 0780 mouhid - ok
14:58:18.0843 0780 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
14:58:18.0843 0780 MountMgr - ok
14:58:18.0890 0780 mraid35x - ok
14:58:18.0937 0780 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
14:58:18.0937 0780 MRxDAV - ok
14:58:19.0031 0780 MRxSmb (68755f0ff16070178b54674fe5b847b0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
14:58:19.0031 0780 MRxSmb - ok
14:58:19.0171 0780 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
14:58:19.0171 0780 Msfs - ok
14:58:19.0250 0780 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
14:58:19.0250 0780 MSKSSRV - ok
14:58:19.0343 0780 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
14:58:19.0343 0780 MSPCLOCK - ok
14:58:19.0437 0780 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
14:58:19.0437 0780 MSPQM - ok
14:58:19.0531 0780 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
14:58:19.0531 0780 mssmbios - ok
14:58:19.0578 0780 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
14:58:19.0578 0780 Mup - ok
14:58:19.0671 0780 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
14:58:19.0671 0780 NDIS - ok
14:58:19.0765 0780 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
14:58:19.0765 0780 NdisTapi - ok
14:58:19.0859 0780 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
14:58:19.0859 0780 Ndisuio - ok
14:58:19.0953 0780 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
14:58:19.0953 0780 NdisWan - ok
14:58:20.0046 0780 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
14:58:20.0046 0780 NDProxy - ok
14:58:20.0125 0780 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
14:58:20.0125 0780 NetBIOS - ok
14:58:20.0203 0780 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
14:58:20.0203 0780 NetBT - ok
14:58:20.0281 0780 NETFRITZ (0b4eae4191d88e10bc81cc649650d9fc) C:\WINDOWS\system32\DRIVERS\NETFRITZ.SYS
14:58:20.0281 0780 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\NETFRITZ.SYS. Real md5: 0b4eae4191d88e10bc81cc649650d9fc, Fake md5: 0277a68f44c932168e8afb48f55abab8
14:58:20.0281 0780 NETFRITZ ( ForgedFile.Multi.Generic ) - warning
14:58:20.0281 0780 NETFRITZ - detected ForgedFile.Multi.Generic (1)
14:58:20.0359 0780 NIOC (bfc971937636909f15af81ef45ae167d) C:\WINDOWS\System32\NIOC.SYS
14:58:20.0359 0780 NIOC - ok
14:58:20.0421 0780 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
14:58:20.0421 0780 Npfs - ok
14:58:20.0500 0780 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
14:58:20.0515 0780 Ntfs - ok
14:58:20.0593 0780 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
14:58:20.0593 0780 Null - ok
14:58:20.0671 0780 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
14:58:20.0671 0780 NwlnkFlt - ok
14:58:20.0750 0780 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
14:58:20.0765 0780 NwlnkFwd - ok
14:58:20.0843 0780 Parport (f84785660305b9b903fb3bca8ba29837) C:\WINDOWS\system32\DRIVERS\parport.sys
14:58:20.0843 0780 Parport - ok
14:58:20.0937 0780 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
14:58:20.0937 0780 PartMgr - ok
14:58:21.0015 0780 ParVdm (c2bf987829099a3eaa2ca6a0a90ecb4f) C:\WINDOWS\system32\drivers\ParVdm.sys
14:58:21.0015 0780 ParVdm - ok
14:58:21.0093 0780 PCI (387e8dedc343aa2d1efbc30580273acd) C:\WINDOWS\system32\DRIVERS\pci.sys
14:58:21.0093 0780 PCI - ok
14:58:21.0156 0780 PCIDump - ok
14:58:21.0187 0780 PCIIde (59ba86d9a61cbcf4df8e598c331f5b82) C:\WINDOWS\system32\DRIVERS\pciide.sys
14:58:21.0187 0780 PCIIde - ok
14:58:21.0265 0780 Pcmcia (a2a966b77d61847d61a3051df87c8c97) C:\WINDOWS\system32\drivers\Pcmcia.sys
14:58:21.0265 0780 Pcmcia - ok
14:58:21.0328 0780 PDCOMP - ok
14:58:21.0343 0780 PDFRAME - ok
14:58:21.0359 0780 PDRELI - ok
14:58:21.0375 0780 PDRFRAME - ok
14:58:21.0406 0780 perc2 - ok
14:58:21.0421 0780 perc2hib - ok
14:58:21.0484 0780 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
14:58:21.0484 0780 PptpMiniport - ok
14:58:21.0562 0780 Processor (2cb55427c58679f49ad600fccba76360) C:\WINDOWS\system32\DRIVERS\processr.sys
14:58:21.0562 0780 Processor - ok
14:58:21.0640 0780 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
14:58:21.0640 0780 PSched - ok
14:58:21.0703 0780 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
14:58:21.0703 0780 Ptilink - ok
14:58:21.0734 0780 ql1080 - ok
14:58:21.0750 0780 Ql10wnt - ok
14:58:21.0765 0780 ql12160 - ok
14:58:21.0781 0780 ql1240 - ok
14:58:21.0796 0780 ql1280 - ok
14:58:21.0843 0780 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
14:58:21.0843 0780 RasAcd - ok
14:58:21.0906 0780 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
14:58:21.0906 0780 Rasl2tp - ok
14:58:21.0984 0780 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
14:58:21.0984 0780 RasPppoe - ok
14:58:22.0093 0780 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
14:58:22.0093 0780 Raspti - ok
14:58:22.0171 0780 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
14:58:22.0171 0780 Rdbss - ok
14:58:22.0250 0780 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
14:58:22.0250 0780 RDPCDD - ok
14:58:22.0328 0780 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
14:58:22.0328 0780 rdpdr - ok
14:58:22.0421 0780 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
14:58:22.0421 0780 RDPWD - ok
14:58:22.0515 0780 redbook (ed761d453856f795a7fe056e42c36365) C:\WINDOWS\system32\DRIVERS\redbook.sys
14:58:22.0515 0780 redbook - ok
14:58:22.0593 0780 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys
14:58:22.0593 0780 ROOTMODEM - ok
14:58:22.0703 0780 RTLE8023xp (387c8f70e992efa3d25816ecc1ab2b8b) C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
14:58:22.0703 0780 RTLE8023xp - ok
14:58:22.0781 0780 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
14:58:22.0781 0780 Secdrv - ok
14:58:22.0828 0780 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
14:58:22.0828 0780 serenum - ok
14:58:22.0890 0780 Serial (cf24eb4f0412c82bcd1f4f35a025e31d) C:\WINDOWS\system32\DRIVERS\serial.sys
14:58:22.0890 0780 Serial - ok
14:58:22.0953 0780 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\DRIVERS\sfloppy.sys
14:58:22.0953 0780 Sfloppy - ok
14:58:22.0984 0780 Simbad - ok
14:58:23.0015 0780 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
14:58:23.0015 0780 sisagp - ok
14:58:23.0046 0780 SISNIC (3fbb6ef8b5a71a2fa11f5f461bb73219) C:\WINDOWS\system32\DRIVERS\sisnic.sys
14:58:23.0062 0780 SISNIC - ok
14:58:23.0140 0780 snapman (e78c98378a071ce4d48a7c514fa98fa1) C:\WINDOWS\system32\DRIVERS\snapman.sys
14:58:23.0140 0780 snapman - ok
14:58:23.0156 0780 Sparrow - ok
14:58:23.0203 0780 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
14:58:23.0203 0780 splitter - ok
14:58:23.0250 0780 sr (50fa898f8c032796d3b1b9951bb5a90f) C:\WINDOWS\system32\DRIVERS\sr.sys
14:58:23.0250 0780 sr - ok
14:58:23.0312 0780 Srv (5252605079810904e31c332e241cd59b) C:\WINDOWS\system32\DRIVERS\srv.sys
14:58:23.0312 0780 Srv - ok
14:58:23.0390 0780 ssmdrv (5ec550b8952882ee856b862cf648522d) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
14:58:23.0390 0780 ssmdrv - ok
14:58:23.0437 0780 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
14:58:23.0437 0780 swenum - ok
14:58:23.0468 0780 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
14:58:23.0468 0780 swmidi - ok
14:58:23.0515 0780 symc810 - ok
14:58:23.0531 0780 symc8xx - ok
14:58:23.0546 0780 sym_hi - ok
14:58:23.0562 0780 sym_u3 - ok
14:58:23.0593 0780 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
14:58:23.0609 0780 sysaudio - ok
14:58:23.0718 0780 Tcpip (93ea8d04ec73a85db02eb8805988f733) C:\WINDOWS\system32\DRIVERS\tcpip.sys
14:58:23.0718 0780 Tcpip - ok
14:58:23.0781 0780 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
14:58:23.0781 0780 TDPIPE - ok
14:58:23.0828 0780 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
14:58:23.0828 0780 TDTCP - ok
14:58:23.0859 0780 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
14:58:23.0859 0780 TermDD - ok
14:58:23.0968 0780 tifsfilter (b84b82c0cbeb1b0d7eb7a946bade5830) C:\WINDOWS\system32\DRIVERS\tifsfilt.sys
14:58:23.0968 0780 tifsfilter - ok
14:58:24.0015 0780 timounter (74711884439bdf9ccf446c79cb05fac0) C:\WINDOWS\system32\DRIVERS\timntr.sys
14:58:24.0015 0780 timounter - ok
14:58:24.0156 0780 TosIde - ok
14:58:24.0265 0780 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
14:58:24.0265 0780 Udfs - ok
14:58:24.0312 0780 ultra - ok
14:58:24.0375 0780 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
14:58:24.0375 0780 Update - ok
14:58:24.0421 0780 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
14:58:24.0421 0780 usbccgp - ok
14:58:24.0500 0780 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
14:58:24.0500 0780 usbehci - ok
14:58:24.0546 0780 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
14:58:24.0546 0780 usbhub - ok
14:58:24.0625 0780 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
14:58:24.0625 0780 usbohci - ok
14:58:24.0687 0780 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
14:58:24.0687 0780 usbprint - ok
14:58:24.0750 0780 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
14:58:24.0750 0780 usbscan - ok
14:58:24.0796 0780 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
14:58:24.0796 0780 USBSTOR - ok
14:58:24.0875 0780 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
14:58:24.0875 0780 usbuhci - ok
14:58:24.0890 0780 UtilNT - ok
14:58:24.0937 0780 VClone (1a131c2ca1b99542f9b0dd0c901f6587) C:\WINDOWS\system32\DRIVERS\VClone.sys
14:58:24.0937 0780 VClone - ok
14:58:25.0015 0780 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
14:58:25.0015 0780 VgaSave - ok
14:58:25.0031 0780 ViaIde - ok
14:58:25.0062 0780 VolSnap (a5a712f4e880874a477af790b5186e1d) C:\WINDOWS\system32\drivers\VolSnap.sys
14:58:25.0062 0780 VolSnap - ok
14:58:25.0125 0780 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
14:58:25.0125 0780 Wanarp - ok
14:58:25.0140 0780 WDICA - ok
14:58:25.0187 0780 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
14:58:25.0187 0780 wdmaud - ok
14:58:25.0296 0780 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
14:58:25.0296 0780 WS2IFSL - ok
14:58:25.0343 0780 MBR (0x1B8) (6e2f5812efa4914e420e8ee64c1dbd8b) \Device\Harddisk0\DR0
14:58:28.0234 0780 \Device\Harddisk0\DR0 - ok
14:58:28.0234 0780 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk1\DR11
14:58:28.0390 0780 \Device\Harddisk1\DR11 - ok
14:58:28.0406 0780 Boot (0x1200) (535b5891ff6abc7523d9600cecdd70d8) \Device\Harddisk0\DR0\Partition0
14:58:28.0406 0780 \Device\Harddisk0\DR0\Partition0 - ok
14:58:28.0406 0780 Boot (0x1200) (12f20bd0447fbc554189a34162c323b1) \Device\Harddisk0\DR0\Partition1
14:58:28.0406 0780 \Device\Harddisk0\DR0\Partition1 - ok
14:58:28.0437 0780 Boot (0x1200) (e0ed1fe2f8c398af6008637cda31862a) \Device\Harddisk0\DR0\Partition2
14:58:28.0437 0780 \Device\Harddisk0\DR0\Partition2 - ok
14:58:28.0437 0780 Boot (0x1200) (31a0181048ade140451c55fb64cea6e7) \Device\Harddisk1\DR11\Partition0
14:58:28.0437 0780 \Device\Harddisk1\DR11\Partition0 - ok
14:58:28.0437 0780 ============================================================
14:58:28.0437 0780 Scan finished
14:58:28.0437 0780 ============================================================
14:58:28.0437 1252 Detected object count: 1
14:58:28.0437 1252 Actual detected object count: 1
14:58:42.0687 1252 NETFRITZ ( ForgedFile.Multi.Generic ) - skipped by user
14:58:42.0687 1252 NETFRITZ ( ForgedFile.Multi.Generic ) - User select action: Skip
14:59:54.0296 4076 Deinitialize success

Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix

Lade dir ComboFix hier herunter auf deinen Desktop.

Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.

Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.

Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.

Wichtiger Hinweis:

Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:

Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.

startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.

Combofix Logfile:

Code:

ComboFix 11-10-10.01 - Teproma 10.10.2011  15:58:22.1.2 - x86

Microsoft Windows XP Professional  5.1.2600.3.1252.49.1031.18.989.398 [GMT 2:00]

ausgeführt von:: c:\dokumente und einstellungen\Teproma\Desktop\ComboFix.exe

AV: AntiVir Desktop *Disabled/Updated* {11638345-E4FC-4BEE-BB73-EC754659C5F6}

FW: Avira FireWall *Disabled* {11638345-E4FC-4BEE-BB73-EC754659C5F6}

.

.

((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\dokumente und einstellungen\Joerg\WINDOWS

c:\windows\ehome\medctrro.exe

c:\windows\IsUn0407.exe

.

.

(((((((((((((((((((((((((((((((((((((((   Treiber/Dienste   )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

-------\Legacy_PASSWORD

.

.

(((((((((((((((((((((((   Dateien erstellt von 2011-09-10 bis 2011-10-10  ))))))))))))))))))))))))))))))

.

.

2011-10-10 08:28 . 2011-10-10 08:28        --------        d-----w-        c:\programme\ESET

2011-10-06 14:11 . 2011-10-06 14:11        --------        d-----w-        c:\dokumente und einstellungen\Teproma\Anwendungsdaten\Malwarebytes

2011-10-06 14:10 . 2011-10-06 14:12        --------        d-----w-        c:\programme\Malwarebytes' Anti-Malware

2011-10-06 14:10 . 2011-08-31 15:00        22216        ----a-w-        c:\windows\system32\drivers\mbam.sys

2011-09-20 11:27 . 2011-09-20 11:27        --------        d-----w-        c:\dokumente und einstellungen\Joerg\Anwendungsdaten\Malwarebytes

2011-09-20 11:27 . 2011-09-20 11:27        --------        d-----w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\Malwarebytes

.

.

.

((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

.

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))

.

.

*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 

REGEDIT4

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"avgnt"="c:\programme\Avira\AntiVir Desktop\avgnt.exe" [2010-11-03 281768]

"PDFPrint"="e:\nils\pdf24\pdf24.exe" [2010-03-11 208528]

"IgfxTray"="c:\windows\System32\igfxtray.exe" [2008-10-27 150040]

"HotKeysCmds"="c:\windows\System32\hkcmd.exe" [2008-10-27 178712]

"Persistence"="c:\windows\System32\igfxpers.exe" [2008-10-27 150040]

"RTHDCPL"="RTHDCPL.EXE" [2009-12-25 18789408]

"Malwarebytes' Anti-Malware"="c:\programme\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"tscuninstall"="c:\windows\system32\tscupgrd.exe" [2003-04-02 40960]

.

c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\

FRITZ!fax.lnk - c:\programme\FRITZ!\FriFax32.exe [2006-10-24 1425408]

.

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\programme\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute        REG_MULTI_SZ           autocheck autochk *\0OODBS

.

[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Adobe Acrobat - Schnellstart.lnk]

backup=c:\windows\pss\Adobe Acrobat - Schnellstart.lnkCommon Startup

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Matrox Powerdesk]

2000-08-14 18:17        503808        ----a-r-        c:\windows\system32\pdesk.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]

"D-Link AirPro Utility"=c:\programme\D-Link\AirPro Utility\WLANmon.exe

"VirtualCloneDrive"="d:\systemprogramme\VirtualCloneDrive\VCDDaemon.exe" /s

"Adobe ARM"="c:\programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe"

"Adobe Reader Speed Launcher"="d:\adobe\Reader 9.0\Reader\Reader_sl.exe"

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"c:\\WINDOWS\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

.

R1 avfwot;avfwot;c:\windows\system32\drivers\avfwot.sys [11.12.2009 12:46 106904]

R2 AntiVirFirewallService;Avira Firewall;c:\programme\Avira\AntiVir Desktop\avfwsvc.exe [11.12.2009 12:46 567464]

R2 AntiVirMailService;Avira AntiVir MailGuard;c:\programme\Avira\AntiVir Desktop\avmailc.exe [11.12.2009 12:46 340136]

R2 AntiVirSchedulerService;Avira AntiVir Planer;c:\programme\Avira\AntiVir Desktop\sched.exe [11.12.2009 12:46 136360]

R2 AntiVirWebService;Avira AntiVir WebGuard;c:\programme\Avira\AntiVir Desktop\avwebgrd.exe [11.12.2009 12:46 428200]

R2 AVMPORT;AVMPORT;c:\windows\system32\drivers\avmport.sys [24.10.2006 09:01 59520]

R2 Matrox Centering Service;Matrox Centering Service;c:\programme\Matrox Graphics Inc\PowerDesk\Services\Matrox.PowerDesk.Services.exe [06.02.2009 15:09 1263872]

R2 Matrox.Pdesk.ServicesHost;Matrox.Pdesk.ServicesHost;c:\programme\Matrox Graphics Inc\PowerDesk SE\Matrox.Pdesk.ServicesHost.exe [06.02.2009 15:08 344832]

R2 MBAMService;MBAMService;c:\programme\Malwarebytes' Anti-Malware\mbamservice.exe [06.10.2011 16:10 366152]

R2 NIOC;NIOC Service;c:\windows\system32\NIOC.sys [22.05.2002 16:27 28200]

R3 avfwim;AvFw Packet Filter Miniport;c:\windows\system32\drivers\avfwim.sys [11.12.2009 12:46 82952]

R3 AVMCOWAN;AVMCOWAN;c:\windows\system32\drivers\avmcowan.sys [24.11.2005 01:00 53632]

R3 AVMWAN;AVM NDIS WAN CAPI-Treiber;c:\windows\system32\drivers\avmwan.sys [15.09.2000 05:00 37568]

R3 fpcibase;AVM ISDN-Controller FRITZ!Card PCI;c:\windows\system32\drivers\fpcibase.sys [15.09.2000 05:00 444416]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [06.10.2011 16:10 22216]

S0 lrgwx;lrgwx;c:\windows\system32\drivers\ardabc.sys --> c:\windows\system32\drivers\ardabc.sys [?]

S3 A3AB;D-Link AirPro 802.11a/b Wireless Adapter Service(A3AB);c:\windows\system32\drivers\A3AB.sys [18.10.2006 14:45 323008]

S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [14.01.2011 12:52 1691480]

S3 NETFRITZ;AVM FRITZ!web PPP over ISDN;c:\windows\system32\drivers\NETFRITZ.SYS [18.10.2006 16:05 200192]

S3 OOTextMode;OOTextMode;c:\windows\system32\drivers\oobctm.sys [11.05.2005 01:37 30720]

S3 UtilNT;UtilNT; [x]

S3 WZCBDLService;WZCBDL Service;c:\programme\WZCBDL Service\WZCBDLS.exe [19.03.2002 12:15 36864]

.

Inhalt des "geplante Tasks" Ordners

.

2011-10-10 c:\windows\Tasks\1-Klick-Wartung.job

- d:\systemprogramme\TuneUp Utilities 2007\SystemOptimizer.exe [2006-11-23 14:46]

.

2011-10-10 c:\windows\Tasks\User_Feed_Synchronization-{7249D272-ED12-459F-8885-DEF9E6451EF3}.job

- c:\windows\system32\msfeedssync.exe [2006-10-17 03:31]

.

.

------- Zusätzlicher Suchlauf -------

.

uStart Page = hxxp://www.t-online.de/

LSP: c:\programme\Avira\AntiVir Desktop\avsda.dll

TCP: DhcpNameServer = 192.168.0.200

TCP: Interfaces\{0BEF5F9E-A6A2-44B2-ACA8-4BAC119CC134}: NameServer = 192.168.0.1

TCP: Interfaces\{82A17C66-7117-4B34-9286-98FA62F118F3}: NameServer = 192.168.0.1

.

- - - - Entfernte verwaiste Registrierungseinträge - - - -

.

MSConfigStartUp-Acrobat Assistant 7 - d:\acrobat 7\Distillr\Acrotray.exe

MSConfigStartUp-Cmaudio - cmicnfg.cpl

AddRemove-FRITZ! 2.0 - c:\windows\IsUn0407.exe

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net

Rootkit scan 2011-10-10 16:06

Windows 5.1.2600 Service Pack 3 NTFS

.

Scanne versteckte Prozesse... 

.

Scanne versteckte Autostarteinträge... 

.

Scanne versteckte Dateien... 

.

Scan erfolgreich abgeschlossen

versteckte Dateien: 0

.

**************************************************************************

.

--------------------- Gesperrte Registrierungsschluessel ---------------------

.

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]

"OODEFRAG08.00.00.01WORKSTATION"="D2E2FEF5D2CECBC408F48B6BF0046900340491F6D88434DB1D586508F003EA8DBAB4436ADA0E88B02D6FF646EF18336646601A72D5463F571E1ED810171AC3F63588D5FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C8EDD5E5BE2F6E667A9C6AECB7A5D1407A6A0AC4980AC79338EDD5E5BE2F6E6671C2573CA2A9BA7815F959C6BE3D59201749EA389B23D00F410F3EFE2ED0E80C31E796992F2B3AF135E639596776D391F57E294FB9B8636A815E4DE8E569A5E6F3D61601A29EE00B76BBBD33D2D54CB6A61AB81CD68A4F5BE0DC1BD49F9C020F153723C578EAE9493B2B439DF2A3D55E036316AA54337F52D2E834583A7314ADCCC039425B5D661F1792657DE675BD5258B6D7D0F29E7618E4765E5918024D4E42AB0353E07D1CBC014AEF982326A3EFE2F1D2379EB5E59263664412CFB562FE202DB9CC63E892F91ECAD9BF22BA7F8587EC37339B24CF155F0C5AD6FE50737D37EA701C2E9705798834A6E4145D4DDC06D27BB04F562B225FD8FB6DC5C794458DAFCC69B6F7B87B2E7EC555E4BB5BDEB83507E75045718C07C8D1AD6D17520B568078B1E06A2F55CC2C169A059175BAEDA0FF08DFD6791781ACDCA278C4685D50EB69DFCB9614B38CC3AF7C1E0446C05A4F4FCB05B4E03401D25EDFAA8BCA643C3BF81CCE9BAA68AD48D80E1A5901E0FA2583EA4E351C5AFDBA8606014AA28AF981B6E87C9B11B3EBDB1B782C0CF8E0DAC52089536B62403C2B5AFCD9269A3F1AB834F8A63CEADE0FC67068B1FDBCF68AD41E01243C8609AD3EA1D9AB9D32581327AC3968FA057A41CAC094481156A2A26C9FE0F53D5ABF8222AA08374CAAEF97744A05200350760BBC7105D7C5A5882274FD2E2FC3030C7D69B64A903AF359ED6E7EB4537241F0C0CC19F68F91109435AFB7C49302F0AD02D2A4710F56BA053C3B262DD8E8275C754E8F1DBB525DFE4F83FD2602E2E470675055B20B56ACF9FC1B3716DB070D3D26ECC7193BF033381D3CBDDAD8C8A6D791420E6257B1B12B2E9BF3F2A9E8C789548C3C04BFD1C4E57CD16DB97B5A77465823165D05871AD5CE96EA22C2A7B951965E531A72965EF4ADCD7BDE9E56BC8A34B3304B6AC66DA12849CA5F17B665089DA11CEADCDDACB608E922A533041C9348FE627D0B07347EB8CEA09DC10FAC2BB53E5D449CB7788458004F9687A17CA3C044F63796F191427ECBB4130B5E77C248D4A32C75ABFC147E6B63B9EFD60958370328471C65BD4A5A2B7F29892637E5C5A678D5B003705598871AED2C814E4F4B19B08DD6AC193E9BE4D7C211C253F23A229BE1A1A675614C043C944BBABE8A0365A21C75FD7CD1F6729EBBC1F6A2859DDC1D200D9DEAD2F7EFE36960F27453B0482371902ADF390D342063FBAF397061C2709EA43"

.

--------------------- Durch laufende Prozesse gestartete DLLs ---------------------

.

- - - - - - - > 'explorer.exe'(2536)

c:\windows\system32\webcheck.dll

.

------------------------ Weitere laufende Prozesse ------------------------

.

c:\programme\Avira\AntiVir Desktop\avguard.exe

c:\programme\Java\jre6\bin\jqs.exe

c:\programme\Avira\AntiVir Desktop\avshadow.exe

c:\windows\system32\mgabg.exe

c:\windows\system32\oodag.exe

c:\windows\System32\wbem\wmiapsrv.exe

c:\windows\System32\igfxsrvc.exe

c:\windows\RTHDCPL.EXE

.

**************************************************************************

.

Zeit der Fertigstellung: 2011-10-10  16:09:15 - PC wurde neu gestartet

ComboFix-quarantined-files.txt  2011-10-10 14:09

.

Vor Suchlauf: 4.773.208.064 Bytes frei

Nach Suchlauf: 4.700.282.880 Bytes frei

.

WindowsXP-KB310994-SP2-Pro-BootDisk-DEU.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

UnsupportedDebug="do not select this" /debug

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /tutag=tbslml noguiboot /NoExecute=OptIn

.

- - End Of File - - 1572664D0FBC33A8E150A08CAEA12243

--- --- ---

Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.

Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM!

Downloade dir bitte

aswMBR.exe und speichere die Datei auf deinem Desktop.

Starte die aswMBR.exe - (aswMBR.exe Anleitung)
Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
Klicke auf Scan.
Warte bitte bis Scan finished successfully im DOS-Fenster steht.
Drücke auf Save Log und speichere diese auf dem Desktop.

Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).

GMER Logfile:

Code:

GMER 1.0.15.15641 - hxxp://www.gmer.net

Rootkit scan 2011-10-10 17:08:44

Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 ST380011A rev.3.06

Running: 75kfvn7s.exe; Driver: C:\DOKUME~1\Teproma\LOKALE~1\Temp\pgtdqpod.sys
 
 

---- System - GMER 1.0.15 ----
 

SSDT            F7B73AFC                                                                              ZwClose

SSDT            F7B73AB6                                                                              ZwCreateKey

SSDT            F7B73B06                                                                              ZwCreateSection

SSDT            F7B73AAC                                                                              ZwCreateThread

SSDT            F7B73ABB                                                                              ZwDeleteKey

SSDT            F7B73AC5                                                                              ZwDeleteValueKey

SSDT            F7B73AF7                                                                              ZwDuplicateObject

SSDT            F7B73AE3                                                                              ZwLoadDriver

SSDT            F7B73ACA                                                                              ZwLoadKey

SSDT            F7B73A98                                                                              ZwOpenProcess

SSDT            F7B73A9D                                                                              ZwOpenThread

SSDT            F7B73AD4                                                                              ZwReplaceKey

SSDT            F7B73ACF                                                                              ZwRestoreKey

SSDT            F7B73B0B                                                                              ZwSetContextThread

SSDT            F7B73AE8                                                                              ZwSetSystemInformation

SSDT            F7B73AC0                                                                              ZwSetValueKey

SSDT            F7B73AA7                                                                              ZwTerminateProcess

SSDT            F7B73AA2                                                                              ZwWriteVirtualMemory
 

---- Kernel code sections - GMER 1.0.15 ----
 

.text           ntkrnlpa.exe!ZwCallbackReturn + 2F84                                                  80504810 4 Bytes  CALL 9947FF4F 

?               Combo-Fix.sys                                                                         Das System kann die angegebene Datei nicht finden. !

?               C:\ComboFix\catchme.sys                                                               Das System kann die angegebene Datei nicht finden. !

?               C:\WINDOWS\system32\Drivers\PROCEXP113.SYS                                            Das System kann die angegebene Datei nicht finden. !
 

---- Devices - GMER 1.0.15 ----
 

AttachedDevice  \Driver\Tcpip \Device\Ip                                                              avfwot.sys (TDI filtering kernel driver/Avira GmbH)

AttachedDevice  \Driver\Tcpip \Device\Tcp                                                             avfwot.sys (TDI filtering kernel driver/Avira GmbH)

AttachedDevice  \Driver\Tcpip \Device\Udp                                                             avfwot.sys (TDI filtering kernel driver/Avira GmbH)

AttachedDevice  \Driver\Tcpip \Device\RawIp                                                           avfwot.sys (TDI filtering kernel driver/Avira GmbH)

AttachedDevice  \FileSystem\Fastfat \Fat                                                              fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
 

---- Registry - GMER 1.0.15 ----
 

Reg             HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\System                                 

Reg             HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\System@OODEFRAG08.00.00.01WORKSTATION  D2E2FEF5D2CECBC408F48B6BF0046900340491F6D88434DB1D586508F003EA8DBAB4436ADA0E88B02D6FF646EF18336646601A72D5463F571E1ED810171AC3F63588D5FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C8EDD5E5BE2F6E667A9C6AECB7A5D1407A6A0AC4980AC79338EDD5E5BE2F6E6671C2573CA2A9BA7815F959C6BE3D59201749EA389B23D00F410F3EFE2ED0E80C31E796992F2B3AF135E639596776D391F57E294FB9B8636A815E4DE8E569A5E6F3D61601A29EE00B76BBBD33D2D54CB6A61AB81CD68A4F5BE0DC1BD49F9C020F153723C578EAE9493B2B439DF2A3D55E036316AA54337F52D2E834583A7314ADCCC039425B5D661F1792657DE675BD5258B6D7D0F29E7618E4765E5918024D4E42AB0353E07D1CBC014AEF982326A3EFE2F1D2379EB5E59263664412CFB562FE202DB9CC63E892F91ECAD9BF22BA7F8587EC37339B24CF155F0C5AD6FE50737D37EA701C2E9705798834A6E4145D4DDC06D27BB04F562B225FD8FB6DC5C794458DAFCC69B6F7B87B2E7EC555E4BB5BDEB83507E75045718C07C8D1AD6D17520B568078B1E06A2F55CC2C169A059175BAEDA0FF08DFD6791781ACDCA278C4685D50EB69DFCB9614B38CC3AF7C1E0446C05A4F4FCB05B4E03401D25EDFAA8BCA643C3BF81CCE9BAA68AD48D80E1A
 

---- EOF - GMER 1.0.15 ----

--- --- ---

aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
Run date: 2011-10-10 17:12:13
-----------------------------
17:12:13.421 OS Version: Windows 5.1.2600 Service Pack 3
17:12:13.421 Number of processors: 2 586 0x170A
17:12:13.421 ComputerName: WILLI UserName:
17:12:13.593 Initialize success
17:12:50.812 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
17:12:50.812 Disk 0 Vendor: ST380011A 3.06 Size: 76318MB BusType: 3
17:12:52.828 Disk 0 MBR read successfully
17:12:52.828 Disk 0 MBR scan
17:12:52.828 Disk 0 unknown MBR code
17:12:52.828 Disk 0 scanning sectors +156296385
17:12:52.937 Disk 0 scanning C:\WINDOWS\system32\drivers
17:13:17.000 Service scanning
17:13:17.796 Modules scanning
17:13:57.625 Disk 0 trace - called modules:
17:13:57.656 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
17:13:57.656 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85f87ab8]
17:13:57.656 3 CLASSPNP.SYS[f7537fd7] -> nt!IofCallDriver -> \Device\0000007c[0x85f44f18]
17:13:57.656 5 ACPI.sys[f73cd620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x85f7e940]
17:13:57.656 Scan finished successfully
17:14:56.859 Disk 0 MBR has been saved successfully to "G:\polizei virus\neue logs\MBR.dat"
17:14:56.890 The log file has been saved successfully to "G:\polizei virus\neue logs\aswMBR.txt"

OSAM Logfile:

Code:

Report of OSAM: Autorun Manager v5.0.11926.0

hxxp://www.online-solutions.ru/en/

Saved at 17:12:09 on 10.10.2011
 

OS: Windows XP Professional Service Pack 3 (Build 2600)

Default Browser: Microsoft Corporation Internet Explorer 8.00.6001.18702
 

Scanner Settings

[x] Rootkits detection (hidden registry)

[x] Rootkits detection (hidden files)

[x] Retrieve files information

[x] Check Microsoft signatures
 

Filters

[ ] Trusted entries

[ ] Empty entries

[x] Hidden registry entries (rootkit activity)

[x] Exclusively opened files

[x] Not found files

[x] Files without detailed information

[x] Existing files

[ ] Non-startable services

[ ] Non-startable drivers

[x] Active entries

[x] Disabled entries
 
 

[Boot Execute]

-----( HKLM\SYSTEM\CurrentControlSet\Control\Session Manager )-----

"BootExecute" - "O&O Software GmbH" - C:\WINDOWS\system32\OODBS.exe
 

[Common]

-----( %SystemRoot%\Tasks )-----

"1-Klick-Wartung.job" - "TuneUp Software GmbH" - D:\Systemprogramme\TuneUp Utilities 2007\SystemOptimizer.exe
 

[Control Panel Objects]

-----( %SystemRoot%\system32 )-----

"infocardcpl.cpl" - "Microsoft Corporation" - C:\WINDOWS\system32\infocardcpl.cpl

"javacpl.cpl" - "Sun Microsystems, Inc." - C:\WINDOWS\system32\javacpl.cpl

"rhcpl.cpl" - "KsL Software" - C:\WINDOWS\system32\rhcpl.cpl

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----

"Avira Premium Security Suite - Konfiguration" - "Avira GmbH" - C:\PROGRA~1\Avira\ANTIVI~1\avconfig.cpl
 

[Drivers]

-----( HKLM\SYSTEM\CurrentControlSet\Services )-----

"Acronis Snapshots Manager" (snapman) - "Acronis" - C:\WINDOWS\System32\DRIVERS\snapman.sys

"Acronis True Image Backup Archive Explorer" (timounter) - "Acronis" - C:\WINDOWS\System32\DRIVERS\timntr.sys

"Acronis True Image FS Filter" (tifsfilter) - "Acronis" - C:\WINDOWS\System32\DRIVERS\tifsfilt.sys

"avfwot" (avfwot) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\avfwot.sys

"avgio" (avgio) - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\avgio.sys

"avgntflt" (avgntflt) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\avgntflt.sys

"avipbb" (avipbb) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\avipbb.sys

"AVM FRITZ!web PPP over ISDN" (NETFRITZ) - ? - C:\WINDOWS\System32\DRIVERS\NETFRITZ.SYS

"AVMPORT" (AVMPORT) - "AVM Berlin" - C:\WINDOWS\System32\drivers\avmport.sys

"catchme" (catchme) - ? - C:\ComboFix\catchme.sys  (File not found)

"Changer" (Changer) - ? - C:\WINDOWS\system32\drivers\Changer.sys  (File not found)

"ElbyCDIO Driver" (ElbyCDIO) - "Elaborate Bytes AG" - C:\WINDOWS\System32\Drivers\ElbyCDIO.sys

"ElbyDelay" (ElbyDelay) - "Elaborate Bytes AG" - C:\WINDOWS\System32\Drivers\ElbyDelay.sys

"HTTP" (HTTP) - "Microsoft Corporation" - C:\WINDOWS\System32\Drivers\HTTP.sys

"i2omgmt" (i2omgmt) - ? - C:\WINDOWS\system32\drivers\i2omgmt.sys  (File not found)

"lbrtfdc" (lbrtfdc) - ? - C:\WINDOWS\system32\drivers\lbrtfdc.sys  (File not found)

"lrgwx" (lrgwx) - ? - C:\WINDOWS\System32\drivers\ardabc.sys  (File not found)

"MBAMProtector" (MBAMProtector) - "Malwarebytes Corporation" - C:\WINDOWS\system32\drivers\mbam.sys

"mbr" (mbr) - ? - C:\DOKUME~1\Teproma\LOKALE~1\Temp\mbr.sys  (Hidden registry entry, rootkit activity | File not found)

"mgabg" (mgabg) - ? - C:\WINDOWS\system32\drivers\mgabg.sys

"NIOC Service" (NIOC) - "D-Link Corporation" - C:\WINDOWS\System32\NIOC.SYS

"OOTextMode" (OOTextMode) - "O&O Software GmbH" - C:\WINDOWS\System32\drivers\oobctm.sys  (Hidden registry entry, rootkit activity)

"PCIDump" (PCIDump) - ? - C:\WINDOWS\system32\drivers\PCIDump.sys  (File not found)

"PDCOMP" (PDCOMP) - ? - C:\WINDOWS\system32\drivers\PDCOMP.sys  (File not found)

"PDFRAME" (PDFRAME) - ? - C:\WINDOWS\system32\drivers\PDFRAME.sys  (File not found)

"PDRELI" (PDRELI) - ? - C:\WINDOWS\system32\drivers\PDRELI.sys  (File not found)

"PDRFRAME" (PDRFRAME) - ? - C:\WINDOWS\system32\drivers\PDRFRAME.sys  (File not found)

"pgtdqpod" (pgtdqpod) - ? - C:\DOKUME~1\Teproma\LOKALE~1\Temp\pgtdqpod.sys  (Hidden registry entry, rootkit activity | File not found)

"ssmdrv" (ssmdrv) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\ssmdrv.sys

"UtilNT" (UtilNT) - ? - C:\WINDOWS\system32\drivers\UtilNT.sys  (File not found)

"VClone" (VClone) - "Elaborate Bytes AG" - C:\WINDOWS\System32\DRIVERS\VClone.sys

"WDICA" (WDICA) - ? - C:\WINDOWS\system32\drivers\WDICA.sys  (File not found)
 

[Explorer]

-----( HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components )-----

{89B4C1CD-B018-4511-B0A1-5476DBF70820} "StubPath" - "Microsoft Corporation" - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install

-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----

{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.dll

{7D4D6379-F301-4311-BEBA-E26EB0561882} "{7D4D6379-F301-4311-BEBA-E26EB0561882}" - ? -   (File not found | COM-object registry key not found)

-----( HKLM\Software\Classes\Protocols\Filter )-----

{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll

{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll

{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll

-----( HKLM\Software\Classes\Protocols\Handler )-----

{3D9F03FA-7A94-11D3-BE81-0050048385D1} "Data Page Pluggable Protocol mso-offdap Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\WEBCOM~1\10\OWC10.DLL

{CD00020A-8B95-11D1-82DB-00C04FB1625D} "Microsoft PKM KnowledgePluggable Class" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Folders\PKMCDO.DLL

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )-----

{56F9679E-7826-4C84-81F3-532071A8BCC5} "Windows Desktop Search Namespace Manager" - "Microsoft Corporation" - C:\Programme\Windows Desktop Search\MSNLNamespaceMgr.dll

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----

{F2CF5485-4E02-4f68-819C-B92DE9277049} "&Links" - "Microsoft Corporation" - C:\WINDOWS\system32\ieframe.dll

{C539A15A-3AF9-4c92-B771-50CB78F5C751} "Acronis True Image Shell Context Menu Extension" - "Acronis" - D:\Systemprogramme\Acronis\TrueImageHome\tishell.dll

{C539A15B-3AF9-4c92-B771-50CB78F5C751} "Acronis True Image Shell Extension" - "Acronis" - D:\Systemprogramme\Acronis\TrueImageHome\tishell.dll

{42071714-76d4-11d1-8b24-00a0c9068ff3} "CPL-Erweiterung für Anzeigeverschiebung" - ? - deskpan.dll  (File not found)

{692F0339-CBAA-47e6-B5B5-3B84DB604E87} "Extensions Manager Folder" - "Microsoft Corporation" - C:\WINDOWS\System32\extmgr.dll

{FF393560-C2A7-11CF-BFF4-444553540000} "History" - "Microsoft Corporation" - C:\WINDOWS\system32\ieframe.dll

{3028902F-6374-48b2-8DC6-9725E775B926} "IE AutoComplete" - "Microsoft Corporation" - C:\WINDOWS\system32\ieframe.dll

{73CFD649-CD48-4fd8-A272-2070EA56526B} "IE BandProxy" - "Microsoft Corporation" - C:\WINDOWS\system32\ieframe.dll

{FDE7673D-2E19-4145-8376-BBD58C4BC7BA} "IE Custom MRU AutoCompleted List" - "Microsoft Corporation" - C:\WINDOWS\system32\ieframe.dll

{1C1EDB47-CE22-4bbb-B608-77B48F83C823} "IE Fade Task" - "Microsoft Corporation" - C:\WINDOWS\system32\ieframe.dll

{11016101-E366-4D22-BC06-4ADA335C892B} "IE History and Feeds Shell Data Source for Windows Search" - "Microsoft Corporation" - C:\WINDOWS\system32\ieframe.dll

{6CF48EF8-44CD-45d2-8832-A16EA016311B} "IE IShellFolderBand" - "Microsoft Corporation" - C:\WINDOWS\system32\ieframe.dll

{4B78D326-D922-44f9-AF2A-07805C2A3560} "IE Menu Band" - "Microsoft Corporation" - C:\WINDOWS\system32\ieframe.dll

{205D7A97-F16D-4691-86EF-F3075DCCA57D} "IE Menu Desk Bar" - "Microsoft Corporation" - C:\WINDOWS\system32\ieframe.dll

{44C76ECD-F7FA-411c-9929-1B77BA77F524} "IE Menu Site" - "Microsoft Corporation" - C:\WINDOWS\system32\ieframe.dll

{07C45BB1-4A8C-4642-A1F5-237E7215FF66} "IE Microsoft BrowserBand" - "Microsoft Corporation" - C:\WINDOWS\system32\ieframe.dll

{6038EF75-ABFC-4e59-AB6F-12D397F6568D} "IE Microsoft History AutoComplete List" - "Microsoft Corporation" - C:\WINDOWS\system32\ieframe.dll

{B31C5FAE-961F-415b-BAF0-E697A5178B94} "IE Microsoft Multiple AutoComplete List Container" - "Microsoft Corporation" - C:\WINDOWS\system32\ieframe.dll

{9D958C62-3954-4b44-8FAB-C4670C1DB4C2} "IE Microsoft Shell Folder AutoComplete List" - "Microsoft Corporation" - C:\WINDOWS\system32\ieframe.dll

{98FF6D4B-6387-4b0a-8FBD-C5C4BB17B4F8} "IE MRU AutoComplete List" - "Microsoft Corporation" - C:\WINDOWS\system32\ieframe.dll

{43886CD5-6529-41c4-A707-7B3C92C05E68} "IE Navigation Bar" - "Microsoft Corporation" - C:\WINDOWS\system32\ieframe.dll

{F83DAC1C-9BB9-4f2b-B619-09819DA81B0E} "IE Registry Tree Options Utility" - "Microsoft Corporation" - C:\WINDOWS\system32\ieframe.dll

{9A096BB5-9DC3-4D1C-8526-C3CBF991EA4E} "IE RSS Feeds Folder" - "Microsoft Corporation" - C:\WINDOWS\system32\ieframe.dll

{30D02401-6A81-11d0-8274-00C04FD5AE38} "IE Search Band" - "Microsoft Corporation" - C:\WINDOWS\system32\ieframe.dll

{E6EE9AAC-F76B-4947-8260-A9F136138E11} "IE Shell Band Site Menu" - "Microsoft Corporation" - C:\WINDOWS\system32\ieframe.dll

{BFAD62EE-9D54-4b2a-BF3B-76F90697BD2A} "IE Shell Rebar BandSite" - "Microsoft Corporation" - C:\WINDOWS\system32\ieframe.dll

{6B4ECC4F-16D1-4474-94AB-5A763F2A54AE} "IE Tracking Shell Menu" - "Microsoft Corporation" - C:\WINDOWS\system32\ieframe.dll

{FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} "IE User Assist" - "Microsoft Corporation" - C:\WINDOWS\system32\ieframe.dll

{871C5380-42A0-1069-A2EA-08002B30309D} "Internet Name Space" - "Microsoft Corporation" - C:\WINDOWS\system32\ieframe.dll

{FBF23B40-E3F0-101B-8488-00AA003E56F8} "Internet Shortcut" - "Microsoft Corporation" - C:\WINDOWS\system32\ieframe.dll

{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} "Kontextmenü für die Verschlüsselung" - ? -   (File not found | COM-object registry key not found)

{32683183-48a0-441b-a342-7c2a440a9478} "Media Band" - ? -   (File not found | COM-object registry key not found)

{BC476F4C-D9D7-4100-8D4E-E043F6DEC409} "Microsoft Browser Architecture" - "Microsoft Corporation" - C:\WINDOWS\system32\ieframe.dll

{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - D:\Microsoft Office\Office10\msohev.dll

{3C374A40-BAE4-11CF-BF7D-00AA006946EE} "Microsoft Url History Service" - "Microsoft Corporation" - C:\WINDOWS\system32\ieframe.dll

{CFBFAE00-17A6-11D0-99CB-00C04FD64497} "Microsoft Url Search Hook" - "Microsoft Corporation" - C:\WINDOWS\system32\ieframe.dll

{8856f961-340a-11d0-a96b-00c04fd705a2} "Microsoft Web Browser" - "Microsoft Corporation" - C:\WINDOWS\system32\ieframe.dll

{B327765E-D724-4347-8B16-78AE18552FC3} "NeroDigitalIconHandler" - ? -   (File not found | COM-object registry key not found)

{7F1CF152-04F8-453A-B34C-E609530A9DC8} "NeroDigitalPropSheetHandler" - ? -   (File not found | COM-object registry key not found)

{E7E4BC40-E76A-11CE-A9BB-00AA004AE837} "Shell DocObject Viewer" - "Microsoft Corporation" - C:\WINDOWS\system32\ieframe.dll

{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\shlext.dll

{E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} "Shell Icon Handler for Application References" - "Microsoft Corporation" - C:\WINDOWS\system32\dfshim.dll

{764BF0E1-F219-11ce-972D-00AA00A14F56} "Shellerweiterungen für die Dateikomprimierung" - ? -   (File not found | COM-object registry key not found)

{e82a2d71-5b2f-43a0-97b8-81be15854de8} "ShellLink for Application References" - "Microsoft Corporation" - C:\WINDOWS\system32\dfshim.dll

{00000000-5736-4205-0100-75ff97ac5007} "Steganos InternetSpurenVernichter 7" - ? - d:\systemprogramme\steganos internet trace destructor 7\itd7se.dll  (File found, but it contains no detailed information)

{7BD29E00-76C1-11CF-9DD0-00A0C9034933} "Temporary Internet Files" - "Microsoft Corporation" - C:\WINDOWS\system32\ieframe.dll

{7BD29E01-76C1-11CF-9DD0-00A0C9034933} "Temporary Internet Files" - "Microsoft Corporation" - C:\WINDOWS\system32\ieframe.dll

{3DC7A020-0ACD-11CF-A9BB-00AA004AE837} "The Internet" - "Microsoft Corporation" - C:\WINDOWS\system32\ieframe.dll

{00DF1F20-0849-A4D1-0239-00D0AF3E9CB0} "TuneUp Shredder Shell Context Menu Extension" - ? -   (File not found | COM-object registry key not found)

{4858E7D9-8E12-45a3-B6A3-1CD128C9D403} "TuneUp Shredder Shell Extension" - "TuneUp Software GmbH" - D:\Systemprogramme\TuneUp Utilities 2007\SDShelEx-win32.dll

{44440D00-FF19-4AFC-B765-9A0970567D97} "TuneUp Theme Extension" - "TuneUp Software GmbH" - C:\WINDOWS\system32\uxtuneup.dll

{B7056B8E-4F99-44f8-8CBD-282390FE5428} "VirtualCloneDrive Shell Extension" - "Elaborate Bytes AG" - D:\Systemprogramme\VirtualCloneDrive\ElbyVCDShell.dll

{BDEADF00-C265-11D0-BCED-00A0C90AB50F} "Webordner" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL

{13E7F612-F261-4391-BEA2-39DF4F3FA311} "Windows Desktop Search" - "Microsoft Corporation" - C:\Programme\Windows Desktop Search\msnlExt.dll

{da67b8ad-e81b-4c70-9b91b417b5e33527} "Windows Search Shell Service" - ? -   (File not found | COM-object registry key not found)

{45670FA8-ED97-4F44-BC93-305082590BFB} "Windows XPS Document Metadata Handler" - "Microsoft Corporation" - C:\WINDOWS\System32\XPSSHHDR.DLL

{44121072-A222-48f2-A58A-6D9AD51EBBE9} "Windows XPS Document Thumbnail Handler" - "Microsoft Corporation" - C:\WINDOWS\System32\XPSSHHDR.DLL

{E0D79304-84BE-11CE-9641-444553540000} "WinZip" - "WinZip Computing LP" - C:\PROGRA~1\WINZIP\WZSHLSTB.DLL

{E0D79305-84BE-11CE-9641-444553540000} "WinZip" - "WinZip Computing LP" - C:\PROGRA~1\WINZIP\WZSHLSTB.DLL

{E0D79306-84BE-11CE-9641-444553540000} "WinZip" - "WinZip Computing LP" - C:\PROGRA~1\WINZIP\WZSHLSTB.DLL

{E0D79307-84BE-11CE-9641-444553540000} "WinZip" - "WinZip Computing LP" - C:\PROGRA~1\WINZIP\WZSHLSTB.DLL

InCDUdfPerm extension "{B3D9AEDE-B2C3-406d-A254-6BE07767B08B}" - ? -   (File not found | COM-object registry key not found)

InCDShellExt extension "{CAE3251E-9B15-4810-B268-852AD9792A59}" - ? -   (File not found | COM-object registry key not found)
 

[Internet Explorer]

-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----

ITBar7Height "ITBar7Height" - ? -   (File not found | COM-object registry key not found)

<binary data> "ITBar7Layout" - ? -   (File not found | COM-object registry key not found)

<binary data> "ITBarLayout" - ? -   (File not found | COM-object registry key not found)

-----( HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks )-----

{CFBFAE00-17A6-11D0-99CB-00C04FD64497} "Microsoft Url Search Hook" - "Microsoft Corporation" - C:\WINDOWS\system32\ieframe.dll

-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----

{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} "Java Plug-in 1.6.0_01" - "Sun Microsystems, Inc." - C:\Programme\Java\jre1.6.0_01\bin\npjpi160_01.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab

{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} "Java Plug-in 1.6.0_05" - "Sun Microsystems, Inc." - C:\Programme\Java\jre1.6.0_05\bin\npjpi160_05.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab

{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_17" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_17.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab

{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} "Java Plug-in 1.6.0_17" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_17.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab

{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_17" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_17.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab

{05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} "Office Genuine Advantage Validation Tool" - ? - C:\WINDOWS\system32\OGACheckControl.DLL / hxxp://download.microsoft.com/download/e/7/3/e7345c16-80aa-4488-ae10-9ac6be844f99/OGAControl.cab

{3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} "Office Update Installation Engine" - "Microsoft Corporation" - C:\WINDOWS\opuc.dll / hxxp://office.microsoft.com/officeupdate/content/opuc3.cab

{C7DB51B4-BCF7-4923-8874-7F1A0DC92277} "Office Update Installation Engine" - "Microsoft Corporation" - C:\WINDOWS\opuc.dll / hxxp://office.microsoft.com/officeupdate/content/opuc4.cab

{7530BFB8-7293-4D34-9923-61A11451AFC5} "OnlineScanner Control" - "ESET" - C:\PROGRA~1\ESET\ESETON~1\ONLINE~1.OCX / hxxp://download.eset.com/special/eos/OnlineScanner.cab

{E2883E8F-472F-4FB0-9522-AC9BF37916A7} "{E2883E8F-472F-4FB0-9522-AC9BF37916A7}" - ? -   (File not found | COM-object registry key not found) / hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----

{B119EB0C-C021-46CF-85B0-34A760E0D5FE} "IE7pro Preferences" - "IE7pro.com" - C:\Programme\Internet Explorer\PLUGINS\IE7pro\IE7pro.dll

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----

{18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

{00011268-E188-40DF-A514-835FCD78B1BF} "IE7pro BHO" - "IE7pro.com" - C:\Programme\Internet Explorer\PLUGINS\IE7pro\IE7pro.dll

{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jp2ssv.dll

{E7E6F031-17CE-4C07-BC86-EABFE594F69C} "JQSIEStartDetectorImpl Class" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
 

[Logon]

-----( %AllUsersProfile%\Startmenü\Programme\Autostart )-----

"desktop.ini" - ? - C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\desktop.ini

"FRITZ!fax.lnk" - "AVM Berlin" - C:\Programme\FRITZ!\FriFax32.exe  (Shortcut exists | File exists)

-----( %UserProfile%\Startmenü\Programme\Autostart )-----

"desktop.ini" - ? - C:\Dokumente und Einstellungen\Teproma\Startmenü\Programme\Autostart\desktop.ini

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----

"avgnt" - "Avira GmbH" - "C:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min

"Malwarebytes' Anti-Malware" - "Malwarebytes Corporation" - "C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

"PDFPrint" - "Geek Software GmbH" - E:\Nils\pdf24\pdf24.exe
 

[Print Monitors]

-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----

"FRITZ!fax Color Port Monitor" - "AVM Berlin GmbH" - C:\WINDOWS\system32\FritzColorPort.dll

"FRITZ!fax Port Monitor" - "AVM Berlin GmbH" - C:\WINDOWS\system32\FritzPort.dll
 

[Services]

-----( HKLM\SYSTEM\CurrentControlSet\Services )-----

".NET Runtime Optimization Service v2.0.50727_X86" (clr_optimization_v2.0.50727_32) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

"Acronis Scheduler2 Service" (AcrSch2Svc) - "Acronis" - C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedul2.exe

"ASP.NET-Zustandsdienst" (aspnet_state) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe

"Avira AntiVir Guard" (AntiVirService) - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\avguard.exe

"Avira AntiVir MailGuard" (AntiVirMailService) - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\avmailc.exe

"Avira AntiVir Planer" (AntiVirSchedulerService) - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\sched.exe

"Avira AntiVir WebGuard" (AntiVirWebService) - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\AVWEBGRD.EXE

"Avira Firewall" (AntiVirFirewallService) - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\avfwsvc.exe

"Java Quick Starter" (JavaQuickStarterService) - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jqs.exe

"MBAMService" (MBAMService) - "Malwarebytes Corporation" - C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe

"Matrox Centering Service" (Matrox Centering Service) - "Matrox Graphics Inc." - c:\Programme\Matrox Graphics Inc\PowerDesk\Services\Matrox.PowerDesk.Services.exe

"Matrox.Pdesk.ServicesHost" (Matrox.Pdesk.ServicesHost) - "Matrox Graphics Inc" - c:\Programme\Matrox Graphics Inc\PowerDesk SE\Matrox.Pdesk.ServicesHost.exe

"O&O Defrag" (O&O Defrag) - "O&O Software GmbH" - C:\WINDOWS\system32\oodag.exe

"TuneUp Designerweiterung" (UxTuneUp) - "TuneUp Software GmbH" - C:\WINDOWS\System32\uxtuneup.dll

"TuneUp WinStyler Theme Service" (TUWinStylerThemeSvc) - ? - C:\WINDOWS\system32\drivers\TUWinStylerThemeSvc.sys  (File not found)

"Windows CardSpace" (idsvc) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe

"Windows Presentation Foundation Font Cache 3.0.0.0" (FontCache3.0.0.0) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe

"WZCBDL Service" (WZCBDLService) - "D-Link" - C:\Programme\WZCBDL Service\WZCBDLS.exe
 

[Winlogon]

-----( HKCU\Control Panel\IOProcs )-----

"MVB" - ? - mvfs32.dll  (File not found)

-----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions )-----

{F9C77450-3A41-477E-9310-9ACD617BD9E3} "Group Policy Applications" - "Microsoft Corporation" - C:\WINDOWS\system32\gpprefcl.dll

{728EE579-943C-4519-9EF7-AB56765798ED} "Group Policy Data Sources" - "Microsoft Corporation" - C:\WINDOWS\system32\gpprefcl.dll

{1A6364EB-776B-4120-ADE1-B63A406A76B5} "Group Policy Device Settings" - "Microsoft Corporation" - C:\WINDOWS\system32\gpprefcl.dll

{5794DAFD-BE60-433f-88A2-1A31939AC01F} "Group Policy Drive Maps" - "Microsoft Corporation" - C:\WINDOWS\system32\gpprefcl.dll

{0E28E245-9368-4853-AD84-6DA3BA35BB75} "Group Policy Environment" - "Microsoft Corporation" - C:\WINDOWS\system32\gpprefcl.dll

{7150F9BF-48AD-4da4-A49C-29EF4A8369BA} "Group Policy Files" - "Microsoft Corporation" - C:\WINDOWS\system32\gpprefcl.dll

{A3F3E39B-5D83-4940-B954-28315B82F0A8} "Group Policy Folder Options" - "Microsoft Corporation" - C:\WINDOWS\system32\gpprefcl.dll

{6232C319-91AC-4931-9385-E70C2B099F0E} "Group Policy Folders" - "Microsoft Corporation" - C:\WINDOWS\system32\gpprefcl.dll

{74EE6C03-5363-4554-B161-627540339CAB} "Group Policy Ini Files" - "Microsoft Corporation" - C:\WINDOWS\system32\gpprefcl.dll

{E47248BA-94CC-49c4-BBB5-9EB7F05183D0} "Group Policy Internet Settings" - "Microsoft Corporation" - C:\WINDOWS\system32\gpprefcl.dll

{17D89FEC-5C44-4972-B12D-241CAEF74509} "Group Policy Local Users and Groups" - "Microsoft Corporation" - C:\WINDOWS\system32\gpprefcl.dll

{3A0DBA37-F8B2-4356-83DE-3E90BD5C261F} "Group Policy Network Options" - "Microsoft Corporation" - C:\WINDOWS\system32\gpprefcl.dll

{6A4C88C6-C502-4f74-8F60-2CB23EDC24E2} "Group Policy Network Shares" - "Microsoft Corporation" - C:\WINDOWS\system32\gpprefcl.dll

{E62688F0-25FD-4c90-BFF5-F508B9D2E31F} "Group Policy Power Options" - "Microsoft Corporation" - C:\WINDOWS\system32\gpprefcl.dll

{BC75B1ED-5833-4858-9BB8-CBF0B166DF9D} "Group Policy Printers" - "Microsoft Corporation" - C:\WINDOWS\system32\gpprefcl.dll

{E5094040-C46C-4115-B030-04FB2E545B00} "Group Policy Regional Options" - "Microsoft Corporation" - C:\WINDOWS\system32\gpprefcl.dll

{B087BE9D-ED37-454f-AF9C-04291E351182} "Group Policy Registry" - "Microsoft Corporation" - C:\WINDOWS\system32\gpprefcl.dll

{AADCED64-746C-4633-A97C-D61349046527} "Group Policy Scheduled Tasks" - "Microsoft Corporation" - C:\WINDOWS\system32\gpprefcl.dll

{91FBB303-0CD5-4055-BF42-E512A681B325} "Group Policy Services" - "Microsoft Corporation" - C:\WINDOWS\system32\gpprefcl.dll

{C418DD9D-0D14-4efb-8FBF-CFE535C8FAC7} "Group Policy Shortcuts" - "Microsoft Corporation" - C:\WINDOWS\system32\gpprefcl.dll

{E4F48E54-F38D-4884-BFB9-D4D2E5729C18} "Group Policy Start Menu Settings" - "Microsoft Corporation" - C:\WINDOWS\system32\gpprefcl.dll

-----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify )-----

"WgaLogon" - "Microsoft Corporation" - C:\WINDOWS\system32\WgaLogon.dll
 

[Winsock Providers]

-----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries )-----

"AVSDA" - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\avsda.dll
 

===[ Logfile end ]=========================================[ Logfile end ]===

--- --- ---

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru

hab bekannten nun erzählt wie super ihr einem weiterhelft werde mich denke ich mal des öffteren nun wegen solchen viren sprich bka virus usw melden kleine spende wird folgen an euch =)

achja bevor ichs vergesse, kann ich combofix nun deinstalieren ? :kloppen:

so bin dann mal weck , schaue morgen wieder hier rein schönen abend wünsche ich dir noch :taenzer:und danke für eure Hilfe :kloppen::abklatsch: