Trojaner-Board - Trojaner Sirefef und Conedex und Backdoor.Agent

Hallo Zusammen,

heute meldete mir Microsoft Security Essentials mehmals, dass ich Trojaner auf meinem Rechner habe.
Diese sind:
Conedex.a , Conedex.b. , Conedex.c sowie Sirefef.A usw. und Trojandropper Sirefef. Win32 und Win64.

Nach mehrmaligem Entfernen mit Security Essentials sah ich keinen Erfolg und habe "Avira Free Antivirus" und "Malwarebytes Anti-Malware" installiert.

"Malwarebytes Anti-Malware" fand durch das Scannen einen Backdoor.Agent.

Zitat:

Infizierte Registrierungswerte: 1
HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon|Shell (Backdoor.Agent) -> Daten: C:\Users\***\AppData\Local\be61aef9\X -> Keine Aktion durchgeführt.

"Avira Free Antivirus" fand durch das Scannen 2 Viren oder unerwünschte Programme. Das Report dazu umfasst 64 MB. Auf Anfrage kann ich es gerne hochladen. Beide Funde sind gleich:

Zitat:

Die Datei 'C:\Users\Yusuf\AppData\Local\be61aef9\U\80000000.@'
enthielt einen Virus oder unerwünschtes Programm 'TR/Sirefef.A.28' [trojan].
Durchgeführte Aktion(en):
Die Datei wurde ignoriert.

Das sind meine Systeminformationen:

Code:

Betriebsystemname        Microsoft Windows 7 Professional

Version        6.1.7600 Build 7600

Weitere Betriebsystembeschreibung         Nicht verfügbar

Betriebsystemhersteller        Microsoft Corporation

Systemname        USER

Systemhersteller        Hewlett-Packard

Systemmodell        HP Compaq nx6310 (RH323ET#ABD)

Systemtyp        X86-basierter PC

Prozessor        Intel(R) Celeron(R) M CPU        430  @ 1.73GHz, 1729 MHz, 1 Kern(e), 1 logische(r) Prozessor(en)

BIOS-Version/-Datum        Hewlett-Packard 68YDU Ver. F.08, 27.07.2006

SMBIOS-Version        2.4

Windows-Verzeichnis        C:\Windows

Systemverzeichnis        C:\Windows\system32

Startgerät        \Device\HarddiskVolume1

Gebietsschema        Deutschland

Hardwareabstraktionsebene        Version = "6.1.7600.16385"

Benutzername        USER\***

Zeitzone        Mitteleuropäische Zeit

Installierter physikalischer Speicher (RAM)        1,50 GB

Gesamter realer Speicher        1,49 GB

Verfügbarer realer Speicher        514 MB

Gesamter virtueller Speicher        2,98 GB

Verfügbarer virtueller Speicher        1,66 GB

Größe der Auslagerungsdatei        1,49 GB

Auslagerungsdatei        C:\pagefile.sys

Das Ergab DDS:

Code:

.

DDS (Ver_2011-08-26.01) - NTFSx86 

Internet Explorer: 9.0.8112.16421  BrowserJavaVersion: 1.6.0_30

Run by *** at 17:26:20 on 2012-02-29

Microsoft Windows 7 Professional   6.1.7600.0.1252.49.1031.18.1527.829 [GMT 1:00]

.

AV: Avira Desktop *Enabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}

SP: Avira Desktop *Enabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}

SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Program Files\Avira\AntiVir Desktop\avguard.exe

C:\Program Files\Avira\AntiVir Desktop\avshadow.exe

C:\Windows\system32\conhost.exe

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Program Files\Avira\AntiVir Desktop\sched.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Windows\system32\AEADISRV.EXE

C:\Program Files\LSI SoftModem\agrsmsvc.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe

C:\Windows\System32\svchost.exe -k HPZ12

C:\Windows\System32\svchost.exe -k HPZ12

C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files\Analog Devices\Core\smax4pnp.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Windows\System32\igfxtray.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\system32\igfxsrvc.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files\Synaptics\SynTP\SynTPStart.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Program Files\iPod\bin\iPodService.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Windows\system32\DllHost.exe

C:\Windows\system32\svchost.exe -k HPService

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Windows\System32\svchost.exe -k secsvcs

C:\Windows\system32\taskhost.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\conhost.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.de/

uInternet Settings,ProxyOverride = *.local

uURLSearchHooks: H - No File

uWinlogon: Shell=c:\users\***\appdata\local\be61aef9\X

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - c:\program files\divx\divx plus web player\ie\divxhtml5\DivXHTML5.dll

BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll

BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn toolbar\platform\5.0.1449.0\npwinext.dll

BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File

TB: @c:\program files\msn toolbar\platform\5.0.1449.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - c:\program files\msn toolbar\platform\5.0.1449.0\npwinext.dll

uRun: [Google Update] "c:\users\***\appdata\local\google\update\GoogleUpdate.exe" /c

uRun: [klgratis.exe] c:\program files\kg monitor\klgratis.exe

mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe

mRun: [IgfxTray] c:\windows\system32\igfxtray.exe

mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe

mRun: [Persistence] c:\windows\system32\igfxpers.exe

mRun: [SynTPStart] c:\program files\synaptics\syntp\SynTPStart.exe

mRun: [EKIJ5000StatusMonitor] c:\windows\system32\spool\drivers\w32x86\3\EKIJ5000MUI.exe

mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [Bing Bar] "c:\program files\msn toolbar\platform\5.0.1449.0\mswinext.exe"

mRun: [Microsoft Default Manager] "c:\program files\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume

mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray

mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: E&xport to Microsoft Excel - c:\progra~1\micros~1\office11\EXCEL.EXE/3000

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~1\office11\REFIEBAR.DLL

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

TCP: DhcpNameServer = 10.0.1.1

TCP: Interfaces\{01A3DBFE-3D05-455D-AD6D-9B1C0E66A146} : DhcpNameServer = 193.189.244.225 193.189.244.206

TCP: Interfaces\{62295FBF-3A6F-4095-ABBF-7A7F2F0E84C1} : DhcpNameServer = 10.0.1.1

TCP: Interfaces\{62295FBF-3A6F-4095-ABBF-7A7F2F0E84C1}\14C4943454D275C414E46344 : DhcpNameServer = 192.168.1.1

TCP: Interfaces\{62295FBF-3A6F-4095-ABBF-7A7F2F0E84C1}\35552564D2652353030303 : DhcpNameServer = 192.168.2.1

TCP: Interfaces\{62295FBF-3A6F-4095-ABBF-7A7F2F0E84C1}\4556C656B6F6D6 : DhcpNameServer = 10.120.136.116

TCP: Interfaces\{62295FBF-3A6F-4095-ABBF-7A7F2F0E84C1}\64259445A51224F6870264F6E60275C414E40273131333 : DhcpNameServer = 192.168.178.1

TCP: Interfaces\{62295FBF-3A6F-4095-ABBF-7A7F2F0E84C1}\64259445A51224F6870264F6E60275C414E40273332303 : DhcpNameServer = 192.168.178.1

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll

Notify: igfxcui - igfxdev.dll

Hosts: 173.194.69.105 simpsons.to

Hosts: 173.194.69.105 chatroulette.com

Hosts: 173.194.69.105 spelpunt.nl

Hosts: 173.194.69.105 spelpunkt.nl

Hosts: 173.194.69.105    www.spelpunt.nl

.

Note: multiple HOSTS entries found. Please refer to Attach.txt

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\users\***\appdata\roaming\mozilla\firefox\profiles\vqmmkgbr.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/

FF - plugin: c:\progra~1\mozill~1\plugins\np-mswmp.dll

FF - plugin: c:\progra~1\mozill~1\plugins\npdeployJava1.dll

FF - plugin: c:\progra~1\mozill~1\plugins\NpFv522.dll

FF - plugin: c:\progra~1\mozill~1\plugins\NPOFFICE.DLL

FF - plugin: c:\progra~1\mozill~1\plugins\nppdf32.dll

FF - plugin: c:\progra~1\mozill~1\plugins\npqtplugin.dll

FF - plugin: c:\progra~1\mozill~1\plugins\npqtplugin2.dll

FF - plugin: c:\progra~1\mozill~1\plugins\npqtplugin3.dll

FF - plugin: c:\progra~1\mozill~1\plugins\npqtplugin4.dll

FF - plugin: c:\progra~1\mozill~1\plugins\npqtplugin5.dll

FF - plugin: c:\progra~1\mozill~1\plugins\npqtplugin6.dll

FF - plugin: c:\progra~1\mozill~1\plugins\npqtplugin7.dll

FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll

FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll

FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\microsoft silverlight\5.0.61118.0\npctrlui.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll

FF - plugin: c:\program files\mozilla firefox\plugins\NpFv522.dll

FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll

FF - plugin: c:\users\***\appdata\local\google\update\1.3.21.99\npGoogleUpdate3.dll

.

============= SERVICES / DRIVERS ===============

.

R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [2012-2-29 36000]

R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2012-2-29 74640]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-2-29 20464]

S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]

S3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\drivers\netaapl.sys [2011-8-2 18432]

.

=============== Created Last 30 ================

.

2012-02-29 13:02:24        --------        d-----w-        c:\users\***\appdata\local\{05240CBA-5644-413E-BBD4-98C0981232E0}

2012-02-29 13:02:06        --------        d-----w-        c:\users\***\appdata\local\{E0D55A69-4E5D-443F-8C94-D51B9B4D7CDB}

2012-02-29 12:21:16        --------        d-----w-        c:\users\***\appdata\roaming\Avira

2012-02-29 12:14:48        74640        ----a-w-        c:\windows\system32\drivers\avgntflt.sys

2012-02-29 12:14:48        36000        ----a-w-        c:\windows\system32\drivers\avkmgr.sys

2012-02-29 12:14:44        --------        d-----w-        c:\programdata\Avira

2012-02-29 12:14:44        --------        d-----w-        c:\program files\Avira

2012-02-29 07:46:16        --------        d-----w-        c:\users\***\appdata\roaming\Malwarebytes

2012-02-29 07:45:58        --------        d-----w-        c:\programdata\Malwarebytes

2012-02-29 07:45:56        20464        ----a-w-        c:\windows\system32\drivers\mbam.sys

2012-02-29 07:45:56        --------        d-----w-        c:\program files\Malwarebytes' Anti-Malware

2012-02-28 22:20:23        --------        d-sh--w-        c:\users\***\appdata\local\be61aef9

2012-02-28 11:55:06        --------        d-----w-        c:\users\***\appdata\local\{4BFE9568-A03E-459E-9D52-BBA255A66933}

2012-02-28 11:54:52        --------        d-----w-        c:\users\***\appdata\local\{E8A180E7-3E28-4333-BF93-9008AA5F0A15}

2012-02-27 15:26:06        --------        d-----w-        c:\users\***\appdata\local\{DB4E0FC7-27BA-458F-9C06-DBC350F99EA3}

2012-02-27 15:25:54        --------        d-----w-        c:\users\***\appdata\local\{0CCCAEF6-EFB3-4049-882E-E598EBBB73A6}

2012-02-27 13:25:25        --------        d-----w-        c:\users\***\appdata\local\{FAE6AB18-92F8-4134-A9E5-4463FF947A5C}

2012-02-26 23:53:27        --------        d-----w-        c:\program files\Microsoft

2012-02-26 23:51:52        --------        d-----w-        c:\program files\common files\HP

2012-02-26 23:51:43        --------        d-----w-        c:\program files\common files\Hewlett-Packard

2012-02-26 23:47:37        --------        d-----w-        c:\program files\HP

2012-02-26 23:45:27        718336        ----a-w-        c:\windows\system32\hpwwiax5.dll

2012-02-26 23:45:26        970752        ----a-w-        c:\windows\system32\hpwtiop4.dll

2012-02-26 23:45:23        372736        ----a-w-        c:\windows\system32\hppldcoi.dll

2012-02-26 23:45:22        294912        ----a-w-        c:\windows\system32\hpovst11.dll

2012-02-26 18:36:10        --------        d-----w-        c:\users\***\appdata\local\{54FF8624-1C8A-48EC-B6DC-938CD00D31E4}

2012-02-26 18:35:58        --------        d-----w-        c:\users\***\appdata\local\{89A925D2-F5C0-47E8-9ABA-9B2D6A137E45}

2012-02-26 00:00:48        --------        d-----w-        c:\users\***\appdata\local\Google

2012-02-25 14:05:54        --------        d-----w-        c:\users\***\appdata\local\{899B9CA2-B816-46C6-BB8E-E131F8C0A5BD}

2012-02-25 14:05:41        --------        d-----w-        c:\users\***\appdata\local\{44E2E0BE-CA9B-4994-B45D-FE0288A2C33E}

2012-02-25 14:04:58        --------        d-----w-        c:\users\***\appdata\local\{A9FBA58C-387B-4EFC-99B1-4F8EC8D08F05}

2012-02-25 14:04:46        --------        d-----w-        c:\users\***\appdata\local\{E5B31E1B-6565-459D-9C18-8673F8818F32}

2012-02-24 22:30:08        --------        d-----w-        c:\users\***\appdata\local\Opera

2012-02-24 08:16:06        --------        d-----w-        c:\users\***\appdata\local\{E2F37523-756A-477F-9139-6EDBA6A84E1E}

2012-02-24 08:15:54        --------        d-----w-        c:\users\***\appdata\local\{A29EA9F8-EA14-4FD9-A9BC-EE0C556C3AE6}

2012-02-23 11:49:50        --------        d-----w-        c:\users\***\appdata\local\{FE5C526D-F552-49C6-83A3-83C2012E83AD}

2012-02-23 11:49:37        --------        d-----w-        c:\users\***\appdata\local\{B19FA0A2-0D39-4AE8-A614-00FA216E7029}

2012-02-22 23:49:06        --------        d-----w-        c:\users\***\appdata\local\{BD471BB5-E40D-489C-9A13-44C1BE05D1ED}

2012-02-22 23:48:50        --------        d-----w-        c:\users\***\appdata\local\{4CC5986C-F182-4039-91A2-977B38E2CFA0}

2012-02-22 08:39:00        --------        d-----w-        c:\users\***\appdata\local\{3A93F7D9-C4AD-4D42-839E-26D15B964A52}

2012-02-22 08:38:47        --------        d-----w-        c:\users\***\appdata\local\{C4DF7FD9-A5AE-4568-BB23-C4CB7373ADDD}

2012-02-21 11:46:13        --------        d-----w-        c:\users\***\appdata\local\{252E497E-4133-4FAE-A376-334452E83831}

2012-02-21 11:46:00        --------        d-----w-        c:\users\***\appdata\local\{4D9033F3-8A9E-4E7D-883D-B6CA628A3D6A}

2012-02-20 23:45:31        --------        d-----w-        c:\users\***\appdata\local\{AF11B3E9-102D-420D-B7E3-B638363BBDAC}

2012-02-20 23:45:18        --------        d-----w-        c:\users\***\appdata\local\{BEA83627-0505-4223-98F5-A3CA0A5943EA}

2012-02-20 07:53:12        --------        d-----w-        c:\users\***\appdata\local\{BABB95FD-CADF-42AA-A399-969C4A743AF1}

2012-02-20 07:52:59        --------        d-----w-        c:\users\***\appdata\local\{ACD01AEA-0007-4E70-A384-0D29CFE56334}

2012-02-19 17:21:40        --------        d-----w-        c:\users\***\appdata\local\{81D78B70-D6F2-4F60-86BC-6888B8A60BE1}

2012-02-19 17:21:23        --------        d-----w-        c:\users\***\appdata\local\{0E088D45-7599-40F6-BD0E-52FA0C6AED1A}

2012-02-19 07:19:24        --------        d-----w-        c:\users\***\appdata\local\{3A22BACC-9C6D-414E-A100-2642D89553FC}

2012-02-19 07:19:12        --------        d-----w-        c:\users\***\appdata\local\{375B70F5-BA61-457F-9A71-49992B3B7A1A}

2012-02-18 07:48:11        --------        d-----w-        c:\users\***\appdata\local\{4909673D-15FA-49A5-B608-36177D6B78E6}

2012-02-18 07:47:22        --------        d-----w-        c:\users\***\appdata\local\{B341FF50-5478-4799-907F-034C87F60DB6}

2012-02-18 03:42:07        --------        d-----w-        c:\users\***\appdata\local\{AD80E04D-9069-4DC9-B95E-EA831CB4F480}

2012-02-17 12:53:45        --------        d-----w-        c:\users\***\appdata\local\{B9DA8F9C-07C9-408D-A2C8-054C3AB31AED}

2012-02-17 12:53:34        --------        d-----w-        c:\users\***\appdata\local\{E661E5F5-5186-413E-8B48-7D6AB5B95DD6}

2012-02-16 21:52:21        --------        d-----w-        c:\users\***\appdata\local\{8588840A-71B7-4E08-A2D3-386D0219C5C3}

2012-02-16 21:52:09        --------        d-----w-        c:\users\***\appdata\local\{5864832A-8D3F-4D9E-8D14-76215698D97A}

2012-02-16 18:06:11        2382848        ----a-w-        c:\windows\system32\mshtml.tlb

2012-02-16 18:06:10        141112        ----a-w-        c:\program files\internet explorer\sqmapi.dll

2012-02-16 18:06:09        1798656        ----a-w-        c:\windows\system32\jscript9.dll

2012-02-16 18:06:08        194048        ----a-w-        c:\program files\internet explorer\IEShims.dll

2012-02-16 18:06:06        1127424        ----a-w-        c:\windows\system32\wininet.dll

2012-02-16 18:06:04        678912        ----a-w-        c:\program files\internet explorer\iedvtool.dll

2012-02-16 18:05:55        1427456        ----a-w-        c:\windows\system32\inetcpl.cpl

2012-02-16 18:05:12        478208        ----a-w-        c:\windows\system32\timedate.cpl

2012-02-16 18:05:01        690688        ----a-w-        c:\windows\system32\msvcrt.dll

2012-02-16 18:04:53        442880        ----a-w-        c:\windows\system32\ntshrui.dll

2012-02-16 18:04:51        2340864        ----a-w-        c:\windows\system32\win32k.sys

2012-02-16 16:32:28        --------        d-----w-        c:\program files\iPod

2012-02-16 07:43:33        --------        d-----w-        c:\users\***\appdata\local\{70BD0C3A-2526-4CAA-874A-57A60FD7DE8F}

2012-02-16 07:43:20        --------        d-----w-        c:\users\***\appdata\local\{BB99D7AD-F95D-47D8-A00C-2C1167EE842F}

2012-02-15 08:17:58        --------        d-----w-        c:\users\***\appdata\local\{BBFB6F38-2FFA-400E-9D8E-7EA839286CDC}

2012-02-15 08:17:45        --------        d-----w-        c:\users\***\appdata\local\{70515437-39C6-47D6-862B-FAD2778CFEA5}

2012-02-14 12:14:52        --------        d-----w-        c:\users\***\appdata\local\{7B7E1A42-CACE-4B6D-93A8-0B32F413B661}

2012-02-14 12:14:39        --------        d-----w-        c:\users\***\appdata\local\{B0037C0E-4944-41F6-BFD7-8B15A7B8E9E4}

2012-02-13 16:06:14        --------        d-----w-        c:\users\***\appdata\local\{D001E826-FF61-4012-AC0B-B338A7D4940D}

2012-02-13 16:06:02        --------        d-----w-        c:\users\***\appdata\local\{8DCCE014-3312-449A-A484-C06B19FB9C67}

2012-02-13 13:29:26        --------        d-----w-        c:\users\***\appdata\local\{B85D5163-C474-4540-8E0B-A9A8208D01F8}

2012-02-13 02:56:43        --------        d-----w-        c:\users\***\appdata\roaming\KG Monitor

2012-02-13 02:56:29        --------        d-----w-        c:\program files\KG Monitor

2012-02-13 00:48:32        --------        d-----w-        c:\users\***\appdata\local\{3C6C8AC5-9B2A-4712-9BD5-8303C300AD53}

2012-02-13 00:48:20        --------        d-----w-        c:\users\***\appdata\local\{7D83CF00-9F8E-414B-B48F-444DC0B419D8}

2012-02-12 17:51:54        --------        d-----w-        c:\users\***\appdata\local\{64BD568B-6CCC-4788-AF5C-5E83D02F025A}

2012-02-12 17:51:34        --------        d-----w-        c:\users\***\appdata\local\{507AFDDA-545B-42F3-89AF-855AEBCEC392}

2012-02-12 03:09:27        --------        d-----w-        c:\users\***\appdata\local\{F4662576-9F56-4E4B-8203-2850123C6813}

2012-02-12 03:09:05        --------        d-----w-        c:\users\***\appdata\local\{932633E2-1F9C-40F2-B930-4D96B4BB9B30}

2012-02-11 13:14:21        --------        d-----w-        c:\users\***\appdata\local\{AE50534D-A3A0-4DF5-BF2F-E082BD6C2398}

2012-02-11 13:14:09        --------        d-----w-        c:\users\***\appdata\local\{A9D6FD53-4E70-460F-96F5-4138BDEB3FB4}

2012-02-11 04:57:17        --------        d-----w-        c:\program files\AC3Filter

2012-02-11 01:13:37        --------        d-----w-        c:\users\***\appdata\local\{1B3038A1-9F88-4AF6-91B4-D5290EEE0B5B}

2012-02-11 01:13:25        --------        d-----w-        c:\users\***\appdata\local\{EE519DFB-7C3E-4E54-900F-2CD05D1F14E7}

2012-02-10 11:07:56        --------        d-----w-        c:\users\***\appdata\local\{F183D82B-A49D-46C5-9ECB-BC0618993154}

2012-02-10 11:07:37        --------        d-----w-        c:\users\***\appdata\local\{0C2B857A-00A5-4189-AE80-90FF3CDCA3D9}

2012-02-09 23:07:05        --------        d-----w-        c:\users\***\appdata\local\{34E69EF8-3781-410A-B76B-71B1366C826C}

2012-02-09 23:06:53        --------        d-----w-        c:\users\***\appdata\local\{0F0EFB39-6001-46A4-8F69-072699E5E518}

2012-02-09 09:42:36        --------        d-----w-        c:\users\***\appdata\local\{9C27FD92-0FC5-4519-AAF5-717BBD9C0099}

2012-02-09 09:42:12        --------        d-----w-        c:\users\***\appdata\local\{ED073368-355C-4F0E-AB53-5A3CDD5A9D6C}

2012-02-08 14:20:51        --------        d-----w-        c:\users\***\appdata\local\{230157D1-ED35-4223-8D25-CF691FC0C60E}

2012-02-08 14:20:34        --------        d-----w-        c:\users\***\appdata\local\{FFFB76B6-1BCC-4B3B-B831-835B0BA54F34}

2012-02-07 13:49:08        --------        d-----w-        c:\users\***\appdata\local\{478E7665-8565-4713-A836-C63BC5446297}

2012-02-07 13:48:56        --------        d-----w-        c:\users\***\appdata\local\{435A43A3-F110-4B9E-9D1B-9110795B980A}

2012-02-06 20:18:58        --------        d-----w-        c:\users\***\appdata\local\{FC066133-700F-432F-9548-41B14D865676}

2012-02-06 20:18:44        --------        d-----w-        c:\users\***\appdata\local\{01BEF380-1A9C-428D-B6A5-464EBCA090BA}

2012-02-05 11:58:52        --------        d-----w-        c:\users\***\appdata\local\{6444E730-8FDE-4171-888D-7C3B981C7308}

2012-02-05 11:58:37        --------        d-----w-        c:\users\***\appdata\local\{51D4C42E-7063-44B8-A18B-160C37AC0D02}

2012-02-03 23:45:13        --------        d-----w-        c:\users\***\appdata\local\{C94ECC5E-2437-41A0-B329-5D2FA2F5F15F}

2012-02-03 23:44:52        --------        d-----w-        c:\users\***\appdata\local\{A13B9284-81FD-440B-B0E1-9FC071E2026F}

2012-02-03 09:18:57        --------        d-----w-        c:\users\***\appdata\local\{7AFF0E9F-35F9-40C8-8285-2337BA635C91}

2012-02-03 09:18:45        --------        d-----w-        c:\users\***\appdata\local\{1468DFF2-3984-4312-A560-EC4F429C9B21}

2012-02-02 15:27:21        --------        d-----w-        c:\users\***\appdata\local\{8BD00F25-8B61-4700-B04D-77209B3F884D}

2012-02-02 15:27:04        --------        d-----w-        c:\users\***\appdata\local\{8F291696-DC11-44D7-BC72-EDB568BF6EB8}

2012-02-01 14:02:20        --------        d-----w-        c:\users\***\appdata\local\{A965A7E3-87A8-4825-83E1-EB0290FC51B6}

2012-02-01 14:02:08        --------        d-----w-        c:\users\***\appdata\local\{89E23EBC-D082-4992-894B-209ED7A0D6EB}

2012-01-31 10:25:47        --------        d-----w-        c:\users\***\appdata\local\{1196ACF3-0B2A-4348-90B9-7D27450EA7DF}

2012-01-31 10:25:34        --------        d-----w-        c:\users\***\appdata\local\{FDE566FF-1118-4377-A9F0-DD8B2EF4CA99}

2012-01-30 19:18:48        --------        d-----w-        c:\users\***\appdata\local\Adobe

.

==================== Find3M  ====================

.

2012-02-22 00:43:35        414368        ----a-w-        c:\windows\system32\FlashPlayerCPLApp.cpl

2012-01-31 12:44:05        237072        ------w-        c:\windows\system32\MpSigStub.exe

2012-01-10 21:46:56        299008        ------w-        c:\windows\Setupa.exe

2012-01-10 21:46:55        73216        ----a-w-        c:\windows\ST6UNST.EXE

.

============= FINISH: 17:27:26,70 ===============

Das ist Attach von DDS

Code:

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft Windows 7 Professional 

Boot Device: \Device\HarddiskVolume1

Install Date: 11.04.2010 13:46:47

System Uptime: 29.02.2012 14:27:00 (3 hours ago)

.

Motherboard: Hewlett-Packard |  | 30AA

Processor: Intel(R) Celeron(R) M CPU        430  @ 1.73GHz | U10 | 1729/133mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 56 GiB total, 8,946 GiB free.

E: is CDROM ()

.

==== Disabled Device Manager Items =============

.

Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}

Description: Officejet Pro 8500 A909a

Device ID: ROOT\MULTIFUNCTION\0000

Manufacturer: HP

Name: Officejet Pro 8500 A909a

PNP Device ID: ROOT\MULTIFUNCTION\0000

Service: 

.

==== System Restore Points ===================

.

RP654: 28.02.2012 23:27:34 - Microsoft Antimalware Checkpoint

RP655: 28.02.2012 23:28:57 - Windows Update

RP656: 29.02.2012 08:39:15 - Windows Update

.

==== Hosts File Hijack ======================

.

Hosts: 173.194.69.105     simpsons.to

Hosts: 173.194.69.105    chatroulette.com

Hosts: 173.194.69.105    spelpunt.nl

Hosts: 173.194.69.105    spelpunkt.nl

Hosts: 173.194.69.105    www.spelpunt.nl

Hosts: 173.194.69.105    hxxp://www.spelpunt.nl

.

==== Installed Programs ======================

.

32 Bit HP CIO Components Installer

7-Zip 9.22beta

8500A909_BasicWeb

8500A909_Help_BasicWeb

AC3Filter 1.63b

Adobe Flash Player 11 Plugin

Adobe Reader X (10.1.2) - Deutsch

Apple Application Support

Apple Mobile Device Support

Apple Software Update

AuthenTec Fingerprint Sensor Minimum Install

Avira Free Antivirus

BdB at work 2010

Bing Bar Platform

Bonjour

bpd_scan

BPDSoftware

BPDSoftware_Ini

BtG-Mini 3.0

BufferChm

CCleaner

D3DX10

DivX-Setup

Google Chrome

Google Update Helper

HHD Software Hex Editor Neo 4.96

HP Officejet Pro 8500 A909 Series

Intel(R) Graphics Media Accelerator Driver

IrfanView (remove only)

iTunes

Java Auto Updater

Java(TM) 6 Update 30

Junk Mail filter update

LAWgistic- Betreuervergütung 1.4.1

Logitech Webcam Software

Logitech Webcam Software-Treiberpaket

LSI HDA Modem

Malwarebytes Anti-Malware Version 1.60.1.1000

Microsoft .NET Framework 4 Client Profile

Microsoft .NET Framework 4 Client Profile DEU Language Pack

Microsoft Antimalware Service DE-DE Language Pack

Microsoft Application Error Reporting

Microsoft Default Manager

Microsoft Office 2007 Service Pack 2 (SP2)

Microsoft Office Access 2007

Microsoft Office Access MUI (German) 2007

Microsoft Office Professional Edition 2003

Microsoft Office Proof (English) 2007

Microsoft Office Proof (French) 2007

Microsoft Office Proof (German) 2007

Microsoft Office Proof (Italian) 2007

Microsoft Office Proofing (German) 2007

Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

Microsoft Office Shared MUI (German) 2007

Microsoft Search Enhancement Pack

Microsoft Silverlight

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219

Mozilla Firefox 10.0.2 (x86 de)

MSVCRT

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

Network

Opera 11.61

Scan

Security Update for 2007 Microsoft Office System (KB2288621)

Security Update for 2007 Microsoft Office System (KB2288931)

Security Update for 2007 Microsoft Office System (KB2289158)

Security Update for 2007 Microsoft Office System (KB969559)

Security Update for 2007 Microsoft Office System (KB976321)

Security Update for CAPICOM (KB931906)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile DEU Language Pack (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile DEU Language Pack (KB2518870)

Security Update for Microsoft Office Access 2007 (KB979440)

Security Update for Microsoft Office system 2007 (972581)

Security Update for Microsoft Office system 2007 (KB974234)

Skype™ 5.5

Synaptics Pointing Device Driver

TeamViewer 6

Toolbox

Update for 2007 Microsoft Office System (KB967642)

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

VC80CRTRedist - 8.0.50727.6195

Version 2.0

WebReg

Windows Live Communications Platform

Windows Live Essentials

Windows Live Fotogalerie

Windows Live ID Sign-in Assistant

Windows Live Installer

Windows Live Mail

Windows Live Messenger

Windows Live MIME IFilter

Windows Live Movie Maker

Windows Live Photo Common

Windows Live Photo Gallery

Windows Live PIMT Platform

Windows Live SOXE

Windows Live SOXE Definitions

Windows Live Sync

Windows Live UX Platform

Windows Live UX Platform Language Pack

Windows Live Writer

Windows Live Writer Resources

Windows Media Player Firefox Plugin

.

==== End Of File ===========================

Das ergab Gmer:
GMER Logfile:

Code:

GMER 1.0.15.15641 - hxxp://www.gmer.net

Rootkit scan 2012-02-29 18:35:05

Windows 6.1.7600  Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-2 ST96812AS rev.7.24

Running: 5jobflit.exe; Driver: C:\Users\***\AppData\Local\Temp\pxldapob.sys
 
 

---- System - GMER 1.0.15 ----
 

SSDT            8C6A0E0E                                                                                              ZwCreateSection

SSDT            8C6A0E18                                                                                              ZwRequestWaitReplyPort

SSDT            8C6A0E13                                                                                              ZwSetContextThread

SSDT            8C6A0E1D                                                                                              ZwSetSecurityObject

SSDT            8C6A0E22                                                                                              ZwSystemDebugControl

SSDT            8C6A0DAF                                                                                              ZwTerminateProcess
 

---- Kernel code sections - GMER 1.0.15 ----
 

.text           ntkrnlpa.exe!ZwSaveKeyEx + 13AD                                                                       82C605D9 1 Byte  [06]

.text           ntkrnlpa.exe!KiDispatchInterrupt + 5A2                                                                82C85092 19 Bytes  [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}

.text           ntkrnlpa.exe!RtlSidHashLookup + 370                                                                   82C8C9B0 4 Bytes  [0E, 0E, 6A, 8C] {PUSH CS; PUSH CS; PUSH -0x74}

.text           ntkrnlpa.exe!RtlSidHashLookup + 6CC                                                                   82C8CD0C 4 Bytes  [18, 0E, 6A, 8C] {SBB [ESI], CL; PUSH -0x74}

.text           ntkrnlpa.exe!RtlSidHashLookup + 710                                                                   82C8CD50 4 Bytes  [13, 0E, 6A, 8C] {ADC ECX, [ESI]; PUSH -0x74}

.text           ntkrnlpa.exe!RtlSidHashLookup + 78C                                                                   82C8CDCC 4 Bytes  [1D, 0E, 6A, 8C]

.text           ntkrnlpa.exe!RtlSidHashLookup + 7E0                                                                   82C8CE20 4 Bytes  [22, 0E, 6A, 8C] {AND CL, [ESI]; PUSH -0x74}

.text           ...                                                                                                   
 

---- Devices - GMER 1.0.15 ----
 

AttachedDevice  \Driver\kbdclass \Device\KeyboardClass0                                                               Wdf01000.sys (Kernelmodustreiber-Frameworklaufzeit/Microsoft Corporation)

AttachedDevice  \Driver\volmgr \Device\HarddiskVolume1                                                                fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

AttachedDevice  \Driver\volmgr \Device\HarddiskVolume2                                                                fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
 

Device          \Driver\ACPI_HAL \Device\0000004c                                                                     halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)
 

---- Registry - GMER 1.0.15 ----
 

Reg             HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\00805a46173a                           

Reg             HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\00805a46173a@e8e5d6e2d91f              0x01 0x8B 0x2F 0xA4 ...

Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04                      

Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0                   0

Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew                0x86 0x23 0x1C 0xBE ...

Reg             HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\00805a46173a (not active ControlSet)       

Reg             HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\00805a46173a@e8e5d6e2d91f                  0x01 0x8B 0x2F 0xA4 ...

Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)  

Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0                       0

Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew                    0x86 0x23 0x1C 0xBE ...
 

---- EOF - GMER 1.0.15 ----

--- --- ---

Anmerkung zur Host Datei: Die Host Datei habe ich selbst verändert, um die aufgeführten Webseiten nicht zu öffnen.

Was habe ich nun auf meinem Rechner? Wie kann ich diese Trojaner entfernen?
Ich hoffe um eine Formatierung der Festplatte herum zu kommen..

Vielen Dank für eure Hilfe und Unterstützung.
Schöne Grüße,
Claus