Trojaner-Board - Unbekannter Virus: Windows Explorer stürzt ab, Rechner teilweise stark verlangsamt usw.

Trojaner-Board (https://www.trojaner-board.de/)

- Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)

- - Unbekannter Virus: Windows Explorer stürzt ab, Rechner teilweise stark verlangsamt usw. (https://www.trojaner-board.de/111005-unbekannter-virus-windows-explorer-stuerzt-ab-rechner-teilweise-stark-verlangsamt-usw.html)

Vielen Dank, das hier ist der OTL-Log nach dem Fix:

Code:

All processes killed

========== OTL ==========

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!

64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0540005F-107E-4C4D-B1CD-64DE04847137}\ deleted successfully.

64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0540005F-107E-4C4D-B1CD-64DE04847137}\ not found.

HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Local Page| /E : value set successfully!

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{3E4A5BD3-2D23-461A-98CD-FC106A31775C}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3E4A5BD3-2D23-461A-98CD-FC106A31775C}\ not found.

HKU\S-1-5-21-1302499063-601275286-625076348-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!

HKU\S-1-5-21-1302499063-601275286-625076348-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Bar| /E : value set successfully!

HKU\S-1-5-21-1302499063-601275286-625076348-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Page| /E : value set successfully!

HKEY_USERS\S-1-5-21-1302499063-601275286-625076348-1000\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!

Registry key HKEY_USERS\S-1-5-21-1302499063-601275286-625076348-1000\Software\Microsoft\Internet Explorer\SearchScopes\{AC129BF9-68BF-4bc4-A1DC-ECB62712FF99}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AC129BF9-68BF-4bc4-A1DC-ECB62712FF99}\ not found.

C:\Program Files (x86)\Mozilla Firefox\searchplugins\chambers-en-GB.xml moved successfully.

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d2ce3e00-f94a-4740-988e-03dc2f38c34f}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d2ce3e00-f94a-4740-988e-03dc2f38c34f}\ deleted successfully.

C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll moved successfully.

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E601996F-E400-41CA-804B-CD6373A7EEE2}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E601996F-E400-41CA-804B-CD6373A7EEE2}\ deleted successfully.

C:\Program Files (x86)\kikin\ie_kikin.dll moved successfully.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\FixCamera deleted successfully.

C:\Windows\FixCamera.exe moved successfully.

Registry value HKEY_USERS\S-1-5-21-1302499063-601275286-625076348-1000\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeBridge deleted successfully.

Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.

Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.

C:\Users\Allgemein\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk moved successfully.

C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk moved successfully.

File move failed. C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk scheduled to be moved on reboot.

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully.

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges deleted successfully.

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin deleted successfully.

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser deleted successfully.

Registry value HKEY_USERS\S-1-5-21-1302499063-601275286-625076348-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.

Registry value HKEY_USERS\S-1-5-21-1302499063-601275286-625076348-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\LogonHoursAction deleted successfully.

Registry value HKEY_USERS\S-1-5-21-1302499063-601275286-625076348-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DontDisplayLogonHoursWarnings deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{0F7195C2-6713-4d93-A1BC-DA5FA33F0A65}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F7195C2-6713-4d93-A1BC-DA5FA33F0A65}\ not found.

File C:\Program Files (x86)\kikin\ie_kikin.dll not found.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{06e9706d-2611-11e0-95e9-0026b9124de7}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{06e9706d-2611-11e0-95e9-0026b9124de7}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{06e9706d-2611-11e0-95e9-0026b9124de7}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{06e9706d-2611-11e0-95e9-0026b9124de7}\ not found.

File G:\setup.exe not found.

C:\Users\Allgemein\AppData\Roaming\kikin folder moved successfully.

========== COMMANDS ==========

 

[EMPTYTEMP]

 

User: All Users

 

User: Allgemein

->Temp folder emptied: 50826508 bytes

->Temporary Internet Files folder emptied: 8286410 bytes

->Java cache emptied: 36444676 bytes

->FireFox cache emptied: 111633541 bytes

->Apple Safari cache emptied: 0 bytes

->Flash cache emptied: 21596 bytes

 

User: Christian

->Temp folder emptied: 37411317 bytes

->Temporary Internet Files folder emptied: 4394696 bytes

->Java cache emptied: 46423599 bytes

->FireFox cache emptied: 50731571 bytes

->Google Chrome cache emptied: 332116326 bytes

->Flash cache emptied: 11350825 bytes

 

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

->Flash cache emptied: 56475 bytes

 

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Flash cache emptied: 0 bytes

 

User: Public

 

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32 (64bit) .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 540066 bytes

%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67899 bytes

%systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 749 bytes

RecycleBin emptied: 0 bytes

 

Total Files Cleaned = 658,00 mb

 

C:\Windows\System32\drivers\etc\Hosts moved successfully.

HOSTS file reset successfully

 

OTL by OldTimer - Version 3.2.36.1 log created on 03082012_202606
 

Files\Folders moved on Reboot...

File\Folder C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk not found!

C:\Users\Christian\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
 

Registry entries deleted on Reboot...

Wieso hast du den Command [resethosts] rausgenommen :balla:

Habe ich nicht (wissentlich). Kann ich den auch isoliert noch einmal laufen lassen? Also in das Feld nur die Zeile [resthosts] ?
Edit: Also zumindest steht in dem Log "HOSTS file reset successfully".. also hat der Hosts doch resettet?
An deinem Skript habe ich definitiv nichts verändert.

Ups sry vergiss es, du hast drin gehabt, ich habs nur übersehen blind wie ich bin :stirn:

Zitat:

C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C:) nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

http://saved.im/mtkwmtcxexhp/setting...8_16-25-18.jpg

Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, Verknüpfungen auf dem Desktop oder im Startmenü unter "alle Programme" fehlen, bitte unhide ausführen:
Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop.
Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )
http://www.trojaner-board.de/images/icons/icon4.gif Windows-Vista und Windows-7-User müssen das Tool per Rechtsklick als Administrator ausführen! http://www.trojaner-board.de/images/icons/icon4.gif

Code:

20:48:25.0949 5980        TDSS rootkit removing tool 2.7.19.0 Mar  5 2012 11:23:39

20:48:26.0170 5980        ============================================================

20:48:26.0171 5980        Current date / time: 2012/03/08 20:48:26.0170

20:48:26.0171 5980        SystemInfo:

20:48:26.0171 5980        

20:48:26.0171 5980        OS Version: 6.1.7601 ServicePack: 1.0

20:48:26.0171 5980        Product type: Workstation

20:48:26.0171 5980        ComputerName: CHRISTIAN

20:48:26.0171 5980        UserName: Christian

20:48:26.0171 5980        Windows directory: C:\Windows

20:48:26.0171 5980        System windows directory: C:\Windows

20:48:26.0171 5980        Running under WOW64

20:48:26.0171 5980        Processor architecture: Intel x64

20:48:26.0171 5980        Number of processors: 2

20:48:26.0171 5980        Page size: 0x1000

20:48:26.0171 5980        Boot type: Normal boot

20:48:26.0171 5980        ============================================================

20:48:27.0483 5980        Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040

20:48:27.0490 5980        \Device\Harddisk0\DR0:

20:48:27.0490 5980        MBR used

20:48:27.0490 5980        Initialize success

20:48:27.0490 5980        ============================================================

20:59:40.0527 5604        ============================================================

20:59:40.0527 5604        Scan started

20:59:40.0527 5604        Mode: Manual; SigCheck; TDLFS; 

20:59:40.0527 5604        ============================================================

20:59:40.0620 5604        1394ohci - ok

20:59:40.0636 5604        ACPI - ok

20:59:40.0636 5604        AcpiPmi - ok

20:59:40.0667 5604        acsock - ok

20:59:40.0683 5604        adp94xx - ok

20:59:40.0698 5604        adpahci - ok

20:59:40.0698 5604        adpu320 - ok

20:59:40.0729 5604        AFD - ok

20:59:40.0729 5604        agp440 - ok

20:59:40.0745 5604        aliide - ok

20:59:40.0761 5604        amdide - ok

20:59:40.0761 5604        AmdK8 - ok

20:59:40.0776 5604        AmdPPM - ok

20:59:40.0776 5604        amdsata - ok

20:59:40.0792 5604        amdsbs - ok

20:59:40.0792 5604        amdxata - ok

20:59:40.0839 5604        AppID - ok

20:59:40.0854 5604        arc - ok

20:59:40.0854 5604        arcsas - ok

20:59:40.0885 5604        AsyncMac - ok

20:59:40.0885 5604        atapi - ok

20:59:40.0901 5604        AtiHdmiService - ok

20:59:40.0901 5604        atikmdag - ok

20:59:40.0932 5604        avgntflt - ok

20:59:40.0948 5604        avipbb - ok

20:59:40.0979 5604        avkmgr - ok

20:59:40.0995 5604        b06bdrv - ok

20:59:40.0995 5604        b57nd60a - ok

20:59:41.0026 5604        BCM42RLY - ok

20:59:41.0026 5604        BCM43XX - ok

20:59:41.0041 5604        BDA_Capture_225 - ok

20:59:41.0041 5604        BDA_Loader_225 - ok

20:59:41.0057 5604        Beep - ok

20:59:41.0088 5604        blbdrive - ok

20:59:41.0104 5604        bowser - ok

20:59:41.0119 5604        BrFiltLo - ok

20:59:41.0119 5604        BrFiltUp - ok

20:59:41.0135 5604        Brserid - ok

20:59:41.0135 5604        BrSerWdm - ok

20:59:41.0151 5604        BrUsbMdm - ok

20:59:41.0151 5604        BrUsbSer - ok

20:59:41.0166 5604        BTHMODEM - ok

20:59:41.0182 5604        cdfs - ok

20:59:41.0182 5604        cdrom - ok

20:59:41.0197 5604        circlass - ok

20:59:41.0197 5604        CLFS - ok

20:59:41.0229 5604        CmBatt - ok

20:59:41.0229 5604        cmdide - ok

20:59:41.0244 5604        CNG - ok

20:59:41.0244 5604        Compbatt - ok

20:59:41.0260 5604        CompositeBus - ok

20:59:41.0275 5604        crcdisk - ok

20:59:41.0275 5604        CtClsFlt - ok

20:59:41.0291 5604        CVirtA - ok

20:59:41.0307 5604        CVPNDRVA - ok

20:59:41.0322 5604        DfsC - ok

20:59:41.0338 5604        discache - ok

20:59:41.0338 5604        Disk - ok

20:59:41.0369 5604        DNE - ok

20:59:41.0385 5604        drmkaud - ok

20:59:41.0400 5604        DXGKrnl - ok

20:59:41.0416 5604        ebdrv - ok

20:59:41.0431 5604        elxstor - ok

20:59:41.0431 5604        ErrDev - ok

20:59:41.0447 5604        exfat - ok

20:59:41.0463 5604        fastfat - ok

20:59:41.0463 5604        fdc - ok

20:59:41.0478 5604        FileInfo - ok

20:59:41.0494 5604        Filetrace - ok

20:59:41.0494 5604        flpydisk - ok

20:59:41.0509 5604        FltMgr - ok

20:59:41.0525 5604        FsDepends - ok

20:59:41.0525 5604        Fs_Rec - ok

20:59:41.0556 5604        fvevol - ok

20:59:41.0556 5604        gagp30kx - ok

20:59:41.0572 5604        GEARAspiWDM - ok

20:59:41.0603 5604        hcw85cir - ok

20:59:41.0619 5604        HDAudBus - ok

20:59:41.0634 5604        HidBatt - ok

20:59:41.0650 5604        HidBth - ok

20:59:41.0650 5604        HidIr - ok

20:59:41.0681 5604        HidUsb - ok

20:59:41.0712 5604        HpSAMD - ok

20:59:41.0712 5604        HTCAND64 - ok

20:59:41.0728 5604        htcnprot - ok

20:59:41.0728 5604        HTTP - ok

20:59:41.0728 5604        hwpolicy - ok

20:59:41.0743 5604        i8042prt - ok

20:59:41.0743 5604        iaStorV - ok

20:59:41.0759 5604        iirsp - ok

20:59:41.0775 5604        intelide - ok

20:59:41.0775 5604        intelppm - ok

20:59:41.0790 5604        IpFilterDriver - ok

20:59:41.0806 5604        IPMIDRV - ok

20:59:41.0806 5604        IPNAT - ok

20:59:41.0837 5604        IRENUM - ok

20:59:41.0837 5604        isapnp - ok

20:59:41.0853 5604        iScsiPrt - ok

20:59:41.0853 5604        k57nd60a - ok

20:59:41.0868 5604        kbdclass - ok

20:59:41.0868 5604        kbdhid - ok

20:59:41.0884 5604        KSecDD - ok

20:59:41.0884 5604        KSecPkg - ok

20:59:41.0884 5604        ksthunk - ok

20:59:41.0915 5604        lltdio - ok

20:59:41.0931 5604        LSI_FC - ok

20:59:41.0931 5604        LSI_SAS - ok

20:59:41.0946 5604        LSI_SAS2 - ok

20:59:41.0946 5604        LSI_SCSI - ok

20:59:41.0962 5604        luafv - ok

20:59:41.0962 5604        ManyCam - ok

20:59:41.0977 5604        MBAMProtector - ok

20:59:41.0993 5604        megasas - ok

20:59:42.0009 5604        MegaSR - ok

20:59:42.0024 5604        Modem - ok

20:59:42.0024 5604        monitor - ok

20:59:42.0040 5604        mouclass - ok

20:59:42.0040 5604        mouhid - ok

20:59:42.0055 5604        mountmgr - ok

20:59:42.0055 5604        mpio - ok

20:59:42.0071 5604        mpsdrv - ok

20:59:42.0071 5604        MRxDAV - ok

20:59:42.0087 5604        mrxsmb - ok

20:59:42.0087 5604        mrxsmb10 - ok

20:59:42.0102 5604        mrxsmb20 - ok

20:59:42.0102 5604        msahci - ok

20:59:42.0118 5604        msdsm - ok

20:59:42.0133 5604        Msfs - ok

20:59:42.0133 5604        mshidkmdf - ok

20:59:42.0149 5604        msisadrv - ok

20:59:42.0165 5604        MSKSSRV - ok

20:59:42.0165 5604        MSPCLOCK - ok

20:59:42.0180 5604        MSPQM - ok

20:59:42.0180 5604        MsRPC - ok

20:59:42.0196 5604        mssmbios - ok

20:59:42.0196 5604        MSTEE - ok

20:59:42.0211 5604        MTConfig - ok

20:59:42.0211 5604        Mup - ok

20:59:42.0227 5604        NativeWifiP - ok

20:59:42.0227 5604        NDIS - ok

20:59:42.0243 5604        NdisCap - ok

20:59:42.0243 5604        NdisTapi - ok

20:59:42.0258 5604        Ndisuio - ok

20:59:42.0258 5604        NdisWan - ok

20:59:42.0274 5604        NDProxy - ok

20:59:42.0274 5604        NetBIOS - ok

20:59:42.0289 5604        NetBT - ok

20:59:42.0336 5604        nfrd960 - ok

20:59:42.0352 5604        Npfs - ok

20:59:42.0367 5604        nsiproxy - ok

20:59:42.0383 5604        Ntfs - ok

20:59:42.0383 5604        Null - ok

20:59:42.0399 5604        nvraid - ok

20:59:42.0399 5604        nvstor - ok

20:59:42.0414 5604        nv_agp - ok

20:59:42.0430 5604        ohci1394 - ok

20:59:42.0461 5604        Parport - ok

20:59:42.0461 5604        partmgr - ok

20:59:42.0477 5604        PCDSRVC{1E208CE0-FB7451FF-06020101}_0 - ok

20:59:42.0492 5604        pci - ok

20:59:42.0492 5604        pciide - ok

20:59:42.0508 5604        pcmcia - ok

20:59:42.0508 5604        pcw - ok

20:59:42.0508 5604        PEAUTH - ok

20:59:42.0555 5604        PptpMiniport - ok

20:59:42.0570 5604        Processor - ok

20:59:42.0586 5604        Psched - ok

20:59:42.0586 5604        PSI - ok

20:59:42.0601 5604        PxHlpa64 - ok

20:59:42.0601 5604        ql2300 - ok

20:59:42.0617 5604        ql40xx - ok

20:59:42.0617 5604        QWAVEdrv - ok

20:59:42.0648 5604        RasAcd - ok

20:59:42.0648 5604        RasAgileVpn - ok

20:59:42.0664 5604        Rasl2tp - ok

20:59:42.0664 5604        RasPppoe - ok

20:59:42.0679 5604        RasSstp - ok

20:59:42.0679 5604        rdbss - ok

20:59:42.0695 5604        rdpbus - ok

20:59:42.0695 5604        RDPCDD - ok

20:59:42.0711 5604        RDPENCDD - ok

20:59:42.0726 5604        RDPREFMP - ok

20:59:42.0726 5604        RDPWD - ok

20:59:42.0742 5604        rdyboost - ok

20:59:42.0742 5604        rimmptsk - ok

20:59:42.0757 5604        rimsptsk - ok

20:59:42.0757 5604        rismxdp - ok

20:59:42.0773 5604        rspndr - ok

20:59:42.0789 5604        sbp2port - ok

20:59:42.0804 5604        scfilter - ok

20:59:42.0820 5604        sdbus - ok

20:59:42.0835 5604        secdrv - ok

20:59:42.0851 5604        Serenum - ok

20:59:42.0867 5604        Serial - ok

20:59:42.0867 5604        sermouse - ok

20:59:42.0898 5604        sffdisk - ok

20:59:42.0898 5604        sffp_mmc - ok

20:59:42.0913 5604        sffp_sd - ok

20:59:42.0913 5604        sfloppy - ok

20:59:42.0929 5604        SiSRaid2 - ok

20:59:42.0929 5604        SiSRaid4 - ok

20:59:42.0945 5604        Smb - ok

20:59:42.0960 5604        SNPSTD3 - ok

20:59:42.0976 5604        spldr - ok

20:59:42.0991 5604        sptd - ok

20:59:43.0007 5604        srv - ok

20:59:43.0007 5604        srv2 - ok

20:59:43.0023 5604        srvnet - ok

20:59:43.0038 5604        StarOpen - ok

20:59:43.0054 5604        stexstor - ok

20:59:43.0054 5604        STHDA - ok

20:59:43.0069 5604        swenum - ok

20:59:43.0085 5604        SynasUSB - ok

20:59:43.0101 5604        SynTP - ok

20:59:43.0116 5604        taphss - ok

20:59:43.0132 5604        Tcpip - ok

20:59:43.0132 5604        TCPIP6 - ok

20:59:43.0147 5604        tcpipreg - ok

20:59:43.0147 5604        TDPIPE - ok

20:59:43.0163 5604        TDTCP - ok

20:59:43.0163 5604        tdx - ok

20:59:43.0179 5604        TermDD - ok

20:59:43.0194 5604        tssecsrv - ok

20:59:43.0210 5604        TsUsbFlt - ok

20:59:43.0210 5604        tunnel - ok

20:59:43.0225 5604        uagp35 - ok

20:59:43.0225 5604        udfs - ok

20:59:43.0241 5604        uliagpkx - ok

20:59:43.0257 5604        umbus - ok

20:59:43.0257 5604        UmPass - ok

20:59:43.0272 5604        USBAAPL64 - ok

20:59:43.0288 5604        usbccgp - ok

20:59:43.0288 5604        usbcir - ok

20:59:43.0288 5604        usbehci - ok

20:59:43.0303 5604        usbhub - ok

20:59:43.0303 5604        usbohci - ok

20:59:43.0319 5604        usbprint - ok

20:59:43.0319 5604        usbscan - ok

20:59:43.0335 5604        USBSTOR - ok

20:59:43.0335 5604        usbuhci - ok

20:59:43.0366 5604        usbvideo - ok

20:59:43.0381 5604        usb_rndisx - ok

20:59:43.0397 5604        vdrvroot - ok

20:59:43.0413 5604        vga - ok

20:59:43.0413 5604        VgaSave - ok

20:59:43.0428 5604        vhdmp - ok

20:59:43.0428 5604        viaide - ok

20:59:43.0428 5604        volmgr - ok

20:59:43.0444 5604        volmgrx - ok

20:59:43.0444 5604        volsnap - ok

20:59:43.0475 5604        vpnva - ok

20:59:43.0491 5604        vsmraid - ok

20:59:43.0506 5604        vwifibus - ok

20:59:43.0522 5604        vwififlt - ok

20:59:43.0522 5604        vwifimp - ok

20:59:43.0537 5604        WacomPen - ok

20:59:43.0553 5604        WANARP - ok

20:59:43.0553 5604        Wanarpv6 - ok

20:59:43.0584 5604        Wd - ok

20:59:43.0584 5604        Wdf01000 - ok

20:59:43.0615 5604        WfpLwf - ok

20:59:43.0647 5604        WimFltr - ok

20:59:43.0647 5604        WIMMount - ok

20:59:43.0709 5604        WINUSB - ok

20:59:43.0725 5604        WmiAcpi - ok

20:59:43.0740 5604        ws2ifsl - ok

20:59:43.0771 5604        WudfPf - ok

20:59:43.0787 5604        WUDFRd - ok

20:59:43.0834 5604        MBR (0x1B8)     (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0

20:59:44.0037 5604        \Device\Harddisk0\DR0 - ok

20:59:44.0037 5604        ============================================================

20:59:44.0037 5604        Scan finished

20:59:44.0037 5604        ============================================================

20:59:44.0068 5892        Detected object count: 0

20:59:44.0068 5892        Actual detected object count: 0

20:59:54.0598 2996        ============================================================

20:59:54.0598 2996        Scan started

20:59:54.0598 2996        Mode: Manual; SigCheck; TDLFS; 

20:59:54.0598 2996        ============================================================

20:59:54.0910 2996        1394ohci - ok

20:59:54.0910 2996        ACPI - ok

20:59:54.0925 2996        AcpiPmi - ok

20:59:54.0925 2996        acsock - ok

20:59:54.0957 2996        adp94xx - ok

20:59:54.0957 2996        adpahci - ok

20:59:54.0972 2996        adpu320 - ok

20:59:54.0988 2996        AFD - ok

20:59:55.0003 2996        agp440 - ok

20:59:55.0019 2996        aliide - ok

20:59:55.0035 2996        amdide - ok

20:59:55.0050 2996        AmdK8 - ok

20:59:55.0050 2996        AmdPPM - ok

20:59:55.0066 2996        amdsata - ok

20:59:55.0066 2996        amdsbs - ok

20:59:55.0081 2996        amdxata - ok

20:59:55.0097 2996        AppID - ok

20:59:55.0128 2996        arc - ok

20:59:55.0144 2996        arcsas - ok

20:59:55.0159 2996        AsyncMac - ok

20:59:55.0175 2996        atapi - ok

20:59:55.0191 2996        AtiHdmiService - ok

20:59:55.0191 2996        atikmdag - ok

20:59:55.0222 2996        avgntflt - ok

20:59:55.0222 2996        avipbb - ok

20:59:55.0222 2996        avkmgr - ok

20:59:55.0237 2996        b06bdrv - ok

20:59:55.0253 2996        b57nd60a - ok

20:59:55.0284 2996        BCM42RLY - ok

20:59:55.0284 2996        BCM43XX - ok

20:59:55.0300 2996        BDA_Capture_225 - ok

20:59:55.0315 2996        BDA_Loader_225 - ok

20:59:55.0331 2996        Beep - ok

20:59:55.0347 2996        blbdrive - ok

20:59:55.0362 2996        bowser - ok

20:59:55.0378 2996        BrFiltLo - ok

20:59:55.0378 2996        BrFiltUp - ok

20:59:55.0393 2996        Brserid - ok

20:59:55.0409 2996        BrSerWdm - ok

20:59:55.0425 2996        BrUsbMdm - ok

20:59:55.0425 2996        BrUsbSer - ok

20:59:55.0440 2996        BTHMODEM - ok

20:59:55.0456 2996        cdfs - ok

20:59:55.0471 2996        cdrom - ok

20:59:55.0487 2996        circlass - ok

20:59:55.0487 2996        CLFS - ok

20:59:55.0518 2996        CmBatt - ok

20:59:55.0534 2996        cmdide - ok

20:59:55.0534 2996        CNG - ok

20:59:55.0534 2996        Compbatt - ok

20:59:55.0549 2996        CompositeBus - ok

20:59:55.0565 2996        crcdisk - ok

20:59:55.0581 2996        CtClsFlt - ok

20:59:55.0581 2996        CVirtA - ok

20:59:55.0596 2996        CVPNDRVA - ok

20:59:55.0612 2996        DfsC - ok

20:59:55.0612 2996        discache - ok

20:59:55.0627 2996        Disk - ok

20:59:55.0627 2996        DNE - ok

20:59:55.0659 2996        drmkaud - ok

20:59:55.0659 2996        DXGKrnl - ok

20:59:55.0674 2996        ebdrv - ok

20:59:55.0690 2996        elxstor - ok

20:59:55.0690 2996        ErrDev - ok

20:59:55.0705 2996        exfat - ok

20:59:55.0721 2996        fastfat - ok

20:59:55.0737 2996        fdc - ok

20:59:55.0737 2996        FileInfo - ok

20:59:55.0752 2996        Filetrace - ok

20:59:55.0752 2996        flpydisk - ok

20:59:55.0768 2996        FltMgr - ok

20:59:55.0783 2996        FsDepends - ok

20:59:55.0783 2996        Fs_Rec - ok

20:59:55.0799 2996        fvevol - ok

20:59:55.0799 2996        gagp30kx - ok

20:59:55.0799 2996        GEARAspiWDM - ok

20:59:55.0830 2996        hcw85cir - ok

20:59:55.0830 2996        HDAudBus - ok

20:59:55.0846 2996        HidBatt - ok

20:59:55.0846 2996        HidBth - ok

20:59:55.0861 2996        HidIr - ok

20:59:55.0861 2996        HidUsb - ok

20:59:55.0877 2996        HpSAMD - ok

20:59:55.0893 2996        HTCAND64 - ok

20:59:55.0893 2996        htcnprot - ok

20:59:55.0908 2996        HTTP - ok

20:59:55.0908 2996        hwpolicy - ok

20:59:55.0924 2996        i8042prt - ok

20:59:55.0924 2996        iaStorV - ok

20:59:55.0939 2996        iirsp - ok

20:59:55.0955 2996        intelide - ok

20:59:55.0971 2996        intelppm - ok

20:59:55.0971 2996        IpFilterDriver - ok

20:59:55.0986 2996        IPMIDRV - ok

20:59:55.0986 2996        IPNAT - ok

20:59:56.0002 2996        IRENUM - ok

20:59:56.0017 2996        isapnp - ok

20:59:56.0017 2996        iScsiPrt - ok

20:59:56.0033 2996        k57nd60a - ok

20:59:56.0033 2996        kbdclass - ok

20:59:56.0049 2996        kbdhid - ok

20:59:56.0049 2996        KSecDD - ok

20:59:56.0064 2996        KSecPkg - ok

20:59:56.0080 2996        ksthunk - ok

20:59:56.0111 2996        lltdio - ok

20:59:56.0127 2996        LSI_FC - ok

20:59:56.0142 2996        LSI_SAS - ok

20:59:56.0142 2996        LSI_SAS2 - ok

20:59:56.0158 2996        LSI_SCSI - ok

20:59:56.0158 2996        luafv - ok

20:59:56.0173 2996        ManyCam - ok

20:59:56.0189 2996        MBAMProtector - ok

20:59:56.0251 2996        megasas - ok

20:59:56.0267 2996        MegaSR - ok

20:59:56.0283 2996        Modem - ok

20:59:56.0298 2996        monitor - ok

20:59:56.0314 2996        mouclass - ok

20:59:56.0314 2996        mouhid - ok

20:59:56.0329 2996        mountmgr - ok

20:59:56.0345 2996        mpio - ok

20:59:56.0361 2996        mpsdrv - ok

20:59:56.0376 2996        MRxDAV - ok

20:59:56.0392 2996        mrxsmb - ok

20:59:56.0392 2996        mrxsmb10 - ok

20:59:56.0407 2996        mrxsmb20 - ok

20:59:56.0423 2996        msahci - ok

20:59:56.0439 2996        msdsm - ok

20:59:56.0470 2996        Msfs - ok

20:59:56.0470 2996        mshidkmdf - ok

20:59:56.0485 2996        msisadrv - ok

20:59:56.0501 2996        MSKSSRV - ok

20:59:56.0517 2996        MSPCLOCK - ok

20:59:56.0517 2996        MSPQM - ok

20:59:56.0532 2996        MsRPC - ok

20:59:56.0548 2996        mssmbios - ok

20:59:56.0563 2996        MSTEE - ok

20:59:56.0579 2996        MTConfig - ok

20:59:56.0579 2996        Mup - ok

20:59:56.0610 2996        NativeWifiP - ok

20:59:56.0610 2996        NDIS - ok

20:59:56.0626 2996        NdisCap - ok

20:59:56.0641 2996        NdisTapi - ok

20:59:56.0657 2996        Ndisuio - ok

20:59:56.0657 2996        NdisWan - ok

20:59:56.0673 2996        NDProxy - ok

20:59:56.0688 2996        NetBIOS - ok

20:59:56.0688 2996        NetBT - ok

20:59:56.0751 2996        nfrd960 - ok

20:59:56.0797 2996        Npfs - ok

20:59:56.0829 2996        nsiproxy - ok

20:59:56.0844 2996        Ntfs - ok

20:59:56.0844 2996        Null - ok

20:59:56.0860 2996        nvraid - ok

20:59:56.0875 2996        nvstor - ok

20:59:56.0875 2996        nv_agp - ok

20:59:56.0907 2996        ohci1394 - ok

20:59:56.0938 2996        Parport - ok

20:59:56.0938 2996        partmgr - ok

20:59:56.0969 2996        PCDSRVC{1E208CE0-FB7451FF-06020101}_0 - ok

20:59:56.0985 2996        pci - ok

20:59:56.0985 2996        pciide - ok

20:59:57.0000 2996        pcmcia - ok

20:59:57.0016 2996        pcw - ok

20:59:57.0031 2996        PEAUTH - ok

20:59:57.0109 2996        PptpMiniport - ok

20:59:57.0109 2996        Processor - ok

20:59:57.0141 2996        Psched - ok

20:59:57.0156 2996        PSI - ok

20:59:57.0172 2996        PxHlpa64 - ok

20:59:57.0172 2996        ql2300 - ok

20:59:57.0187 2996        ql40xx - ok

20:59:57.0203 2996        QWAVEdrv - ok

20:59:57.0219 2996        RasAcd - ok

20:59:57.0234 2996        RasAgileVpn - ok

20:59:57.0250 2996        Rasl2tp - ok

20:59:57.0265 2996        RasPppoe - ok

20:59:57.0265 2996        RasSstp - ok

20:59:57.0281 2996        rdbss - ok

20:59:57.0281 2996        rdpbus - ok

20:59:57.0297 2996        RDPCDD - ok

20:59:57.0312 2996        RDPENCDD - ok

20:59:57.0328 2996        RDPREFMP - ok

20:59:57.0343 2996        RDPWD - ok

20:59:57.0359 2996        rdyboost - ok

20:59:57.0375 2996        rimmptsk - ok

20:59:57.0375 2996        rimsptsk - ok

20:59:57.0390 2996        rismxdp - ok

20:59:57.0406 2996        rspndr - ok

20:59:57.0421 2996        sbp2port - ok

20:59:57.0437 2996        scfilter - ok

20:59:57.0453 2996        sdbus - ok

20:59:57.0468 2996        secdrv - ok

20:59:57.0515 2996        Serenum - ok

20:59:57.0515 2996        Serial - ok

20:59:57.0531 2996        sermouse - ok

20:59:57.0562 2996        sffdisk - ok

20:59:57.0577 2996        sffp_mmc - ok

20:59:57.0577 2996        sffp_sd - ok

20:59:57.0593 2996        sfloppy - ok

20:59:57.0624 2996        SiSRaid2 - ok

20:59:57.0624 2996        SiSRaid4 - ok

20:59:57.0640 2996        Smb - ok

20:59:57.0671 2996        SNPSTD3 - ok

20:59:57.0671 2996        spldr - ok

20:59:57.0702 2996        sptd - ok

20:59:57.0718 2996        srv - ok

20:59:57.0718 2996        srv2 - ok

20:59:57.0733 2996        srvnet - ok

20:59:57.0765 2996        StarOpen - ok

20:59:57.0780 2996        stexstor - ok

20:59:57.0796 2996        STHDA - ok

20:59:57.0811 2996        swenum - ok

20:59:57.0827 2996        SynasUSB - ok

20:59:57.0843 2996        SynTP - ok

20:59:57.0858 2996        taphss - ok

20:59:57.0889 2996        Tcpip - ok

20:59:57.0889 2996        TCPIP6 - ok

20:59:57.0921 2996        tcpipreg - ok

20:59:57.0936 2996        TDPIPE - ok

20:59:57.0936 2996        TDTCP - ok

20:59:57.0952 2996        tdx - ok

20:59:57.0967 2996        TermDD - ok

20:59:58.0014 2996        tssecsrv - ok

20:59:58.0030 2996        TsUsbFlt - ok

20:59:58.0030 2996        tunnel - ok

20:59:58.0045 2996        uagp35 - ok

20:59:58.0061 2996        udfs - ok

20:59:58.0092 2996        uliagpkx - ok

20:59:58.0092 2996        umbus - ok

20:59:58.0108 2996        UmPass - ok

20:59:58.0139 2996        USBAAPL64 - ok

20:59:58.0155 2996        usbccgp - ok

20:59:58.0170 2996        usbcir - ok

20:59:58.0186 2996        usbehci - ok

20:59:58.0201 2996        usbhub - ok

20:59:58.0201 2996        usbohci - ok

20:59:58.0217 2996        usbprint - ok

20:59:58.0233 2996        usbscan - ok

20:59:58.0248 2996        USBSTOR - ok

20:59:58.0248 2996        usbuhci - ok

20:59:58.0264 2996        usbvideo - ok

20:59:58.0279 2996        usb_rndisx - ok

20:59:58.0295 2996        vdrvroot - ok

20:59:58.0311 2996        vga - ok

20:59:58.0326 2996        VgaSave - ok

20:59:58.0342 2996        vhdmp - ok

20:59:58.0357 2996        viaide - ok

20:59:58.0357 2996        volmgr - ok

20:59:58.0373 2996        volmgrx - ok

20:59:58.0389 2996        volsnap - ok

20:59:58.0404 2996        vpnva - ok

20:59:58.0420 2996        vsmraid - ok

20:59:58.0435 2996        vwifibus - ok

20:59:58.0451 2996        vwififlt - ok

20:59:58.0467 2996        vwifimp - ok

20:59:58.0482 2996        WacomPen - ok

20:59:58.0498 2996        WANARP - ok

20:59:58.0513 2996        Wanarpv6 - ok

20:59:58.0545 2996        Wd - ok

20:59:58.0560 2996        Wdf01000 - ok

20:59:58.0607 2996        WfpLwf - ok

20:59:58.0623 2996        WimFltr - ok

20:59:58.0638 2996        WIMMount - ok

20:59:58.0701 2996        WINUSB - ok

20:59:58.0716 2996        WmiAcpi - ok

20:59:58.0763 2996        ws2ifsl - ok

20:59:58.0810 2996        WudfPf - ok

20:59:58.0857 2996        WUDFRd - ok

20:59:58.0919 2996        MBR (0x1B8)     (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0

20:59:59.0153 2996        \Device\Harddisk0\DR0 - ok

20:59:59.0153 2996        ============================================================

20:59:59.0153 2996        Scan finished

20:59:59.0153 2996        ============================================================

20:59:59.0169 6056        Detected object count: 0

20:59:59.0169 6056        Actual detected object count: 0

Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix

Lade dir ComboFix hier herunter auf deinen Desktop.

Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.

Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.

Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.

Wichtiger Hinweis:

Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:

Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.

startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.

Code:

ComboFix 12-03-08.04 - Christian 08.03.2012  23:00:42.1.2 - x64

Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.4061.1895 [GMT 1:00]

ausgeführt von:: c:\users\Christian\Desktop\ComboFix.exe

AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}

SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\program files (x86)\etc

c:\program files (x86)\etc\maple2e.sty

c:\program files (x86)\etc\mapleenv.def

c:\program files (x86)\etc\mapleenv.sty

c:\program files (x86)\etc\mapleplots.sty

c:\program files (x86)\etc\maplestd2e.sty

c:\program files (x86)\etc\maplestyle.sty

c:\program files (x86)\etc\mapletab.sty

c:\program files (x86)\etc\mapleutil.sty

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\vpngui.exe.lnk

c:\windows\system32\setuid.dll

c:\windows\SysWow64\Gdiplus.dll

c:\windows\SysWow64\scvideo.dll

.

.

(((((((((((((((((((((((   Dateien erstellt von 2012-02-08 bis 2012-03-08  ))))))))))))))))))))))))))))))

.

.

2012-03-08 19:26 . 2012-03-08 19:26        --------        d-----w-        C:\_OTL

2012-03-07 23:46 . 2012-02-16 14:55        45016        ----a-w-        c:\program files (x86)\Mozilla Firefox\mozutils.dll

2012-03-07 23:46 . 2012-02-16 10:41        626688        ----a-w-        c:\program files (x86)\Mozilla Firefox\msvcr80.dll

2012-03-07 23:46 . 2012-02-16 10:41        548864        ----a-w-        c:\program files (x86)\Mozilla Firefox\msvcp80.dll

2012-03-07 23:46 . 2012-02-16 10:41        479232        ----a-w-        c:\program files (x86)\Mozilla Firefox\msvcm80.dll

2012-03-07 23:33 . 2012-03-07 23:33        --------        d-----w-        c:\program files (x86)\Common Files\Java

2012-03-07 23:29 . 2012-03-07 23:29        525544        ----a-w-        c:\windows\system32\deployJava1.dll

2012-03-07 23:29 . 2012-03-07 23:29        --------        d-----w-        c:\program files\Java

2012-03-07 23:13 . 2012-03-07 23:13        --------        d-----w-        c:\users\Christian\AppData\Local\Secunia PSI

2012-03-07 22:55 . 2012-03-07 22:55        --------        d-----w-        c:\program files (x86)\ESET

2012-03-07 21:40 . 2012-03-07 21:40        --------        d-----w-        c:\program files (x86)\Secunia

2012-03-06 17:38 . 2012-03-06 17:38        --------        d-----w-        c:\users\Christian\AppData\Roaming\MathWorks

2012-03-06 16:39 . 2004-07-29 20:35        1077344        ----a-w-        c:\windows\system32\MSCOMCTL.OCX

2012-03-06 16:39 . 2004-03-01 21:05        407104        ----a-w-        c:\windows\system32\MSHFLXGD.OCX

2012-03-06 16:39 . 2004-02-11 13:37        203976        ----a-w-        c:\windows\system32\RICHTX32.OCX

2012-03-06 16:10 . 2012-03-06 16:10        --------        d-----w-        c:\program files\MATLAB

2012-03-06 16:00 . 2012-02-08 07:13        8643640        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{86170759-CD0F-42BF-90E0-2BD28FD4B5B8}\mpengine.dll

2012-03-06 14:48 . 2012-03-06 14:48        --------        d-----w-        c:\program files (x86)\Malwarebytes' Anti-Malware

2012-03-06 14:48 . 2011-12-10 14:24        23152        ----a-w-        c:\windows\system32\drivers\mbam.sys

2012-03-04 17:45 . 2012-03-04 17:45        --------        d-----w-        c:\users\Christian\AppData\Roaming\Malwarebytes

2012-03-04 14:17 . 2012-03-04 14:17        --------        d-----w-        c:\users\Allgemein\AppData\Roaming\Malwarebytes

2012-03-04 14:17 . 2012-03-04 14:17        --------        d-----w-        c:\programdata\Malwarebytes

2012-02-17 12:09 . 2012-02-17 12:09        --------        d-----w-        c:\users\Christian\AppData\Roaming\Jumping Bytes

2012-02-17 12:03 . 2012-02-17 12:04        --------        d-----w-        c:\program files (x86)\PureSync

2012-02-17 12:03 . 2012-02-17 12:04        --------        d-----w-        c:\program files (x86)\Common Files\Jumping Bytes

2012-02-16 21:44 . 2012-02-16 21:44        --------        d-----w-        c:\users\Christian\AppData\Roaming\TuneUp Software

2012-02-16 21:43 . 2012-02-16 21:45        --------        d-----w-        c:\programdata\TuneUp Software

2012-02-16 21:43 . 2012-02-16 21:43        --------        d-sh--w-        c:\programdata\{32364CEA-7855-4A3C-B674-53D8E9B97936}

2012-02-16 15:32 . 2012-02-16 15:32        --------        d-----w-        c:\users\Christian\AppData\Roaming\mkvtoolnix

2012-02-16 15:31 . 2012-02-16 15:31        --------        d-----w-        c:\program files (x86)\MKVToolNix

2012-02-16 08:21 . 2011-12-30 06:26        515584        ----a-w-        c:\windows\system32\timedate.cpl

2012-02-16 08:21 . 2011-12-30 05:27        478720        ----a-w-        c:\windows\SysWow64\timedate.cpl

2012-02-16 08:21 . 2012-01-04 10:44        509952        ----a-w-        c:\windows\system32\ntshrui.dll

2012-02-16 08:21 . 2012-01-04 08:58        442880        ----a-w-        c:\windows\SysWow64\ntshrui.dll

2012-02-16 08:21 . 2011-12-28 03:59        498688        ----a-w-        c:\windows\system32\drivers\afd.sys

2012-02-16 08:21 . 2012-01-14 04:06        3145728        ----a-w-        c:\windows\system32\win32k.sys

2012-02-16 08:21 . 2011-12-16 08:46        634880        ----a-w-        c:\windows\system32\msvcrt.dll

2012-02-16 08:21 . 2011-12-16 07:52        690688        ----a-w-        c:\windows\SysWow64\msvcrt.dll

.

.

.

((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-03-07 23:48 . 2011-12-16 12:28        414368        ----a-w-        c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-03-07 23:32 . 2010-06-28 10:15        472808        ----a-w-        c:\windows\SysWow64\deployJava1.dll

2012-02-23 08:18 . 2009-12-14 20:03        279656        ------w-        c:\windows\system32\MpSigStub.exe

2012-02-15 13:58 . 2011-10-15 12:07        132320        ----a-w-        c:\windows\system32\drivers\avipbb.sys

2012-01-12 00:19 . 2012-01-12 00:19        4448256        ----a-w-        c:\windows\SysWow64\GPhotos.scr

2012-01-04 23:01 . 2012-01-04 23:01        37888        ----a-w-        c:\windows\system32\drivers\taphss.sys

2011-10-15 19:18 . 2011-10-15 17:27        4962008        ----a-w-        c:\program files (x86)\MapleToolbox_WindowsX86_64.exe

2011-10-15 17:27 . 2011-10-15 17:27        106        ----a-w-        c:\program files (x86)\MapleToolbox.bat

2006-05-03 10:06        163328        --sha-r-        c:\windows\SysWOW64\flvDX.dll

2007-02-21 11:47        31232        --sha-r-        c:\windows\SysWOW64\msfDX.dll

2008-03-16 13:30        216064        --sha-r-        c:\windows\SysWOW64\nbDX.dll

2010-01-06 22:00        107520        --sha-r-        c:\windows\SysWOW64\TAKDSDecoder.dll

.

.

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))

.

.

*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]

@="{C5994560-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]

2011-06-13 09:20        64792        ----a-w-        c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]

@="{C5994561-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]

2011-06-13 09:20        64792        ----a-w-        c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]

@="{C5994562-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]

2011-06-13 09:20        64792        ----a-w-        c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]

@="{C5994563-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]

2011-06-13 09:20        64792        ----a-w-        c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]

@="{C5994564-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]

2011-06-13 09:20        64792        ----a-w-        c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]

@="{C5994565-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]

2011-06-13 09:20        64792        ----a-w-        c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]

@="{C5994566-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]

2011-06-13 09:20        64792        ----a-w-        c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]

@="{C5994567-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]

2011-06-13 09:20        64792        ----a-w-        c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]

@="{C5994568-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]

2011-06-13 09:20        64792        ----a-w-        c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Facebook Update"="c:\users\Christian\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2011-09-02 137536]

"PureSync"="c:\program files (x86)\PureSync\PureSyncTray.exe" [2011-12-12 837696]

"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-06-26 98304]

"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2009-06-24 409744]

"Desktop Disc Tool"="c:\program files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" [2009-06-19 494064]

"FreePDF Assistant"="c:\program files (x86)\FreePDF_XP\fpassist.exe" [2009-09-05 385024]

"AVFX Engine"="c:\program files (x86)\Creative\Creative Live! Cam\VideoFX\StartFX.exe" [2006-10-09 20480]

"NuonSoft ShellEnhancer StartupHelper"="c:\program files (x86)\NuonSoft\ShellEnhancer\StartupHelper.exe" [2006-12-16 65536]

"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]

"AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-10-08 47904]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]

"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]

"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-07-22 402432]

"snpstd3"="c:\windows\vsnpstd3.exe" [2007-05-10 835584]

"tsnpstd3"="c:\windows\tsnpstd3.exe" [2009-07-08 356352]

"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-01 59240]

"Cisco AnyConnect Secure Mobility Agent for Windows"="c:\program files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe" [2011-09-09 523216]

"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2011-10-11 258512]

"Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [2011-06-06 36760]

"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2011-06-06 2903448]

"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]

"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-01-16 421736]

"HTC Sync Loader"="c:\program files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe" [2011-12-20 634880]

"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]

.

c:\users\Christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Adobe Gamma.lnk - c:\program files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]

OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk - c:\program files (x86)\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]

OpenOffice.org 3.1.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2009-8-18 384000]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Secunia PSI Tray.lnk - c:\program files (x86)\Secunia\PSI\psi_tray.exe [2011-7-29 291896]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"aux"=wdmaud.drv

.

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-12-09 135664]

R3 BDA_Capture_225;USB Digital-TV receiver. Driver 3.0.1.18;c:\windows\system32\Drivers\BDA_Capture_225_x64.sys [x]

R3 BDA_Loader_225;USB Digital-TV Receiver. Firmware Loader 7.1.9.0;c:\windows\system32\Drivers\BDA_Loader_225_x64.sys [x]

R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-12-09 135664]

R3 HTCAND64;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys [x]

R3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\DRIVERS\htcnprot.sys [x]

R3 k57nd60a;Broadcom NetLink (TM)-Gigabit-Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [x]

R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\DRIVERS\ManyCam_x64.sys [x]

R3 PCDSRVC{1E208CE0-FB7451FF-06020101}_0;PCDSRVC{1E208CE0-FB7451FF-06020101}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\dell support center\pcdsrvc_x64.pkms [2011-05-12 25072]

R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]

R3 SynasUSB;SynasUSB;c:\windows\system32\drivers\SynUSB64.sys [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]

R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]

S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]

S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]

S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [x]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]

S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]

S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2011-10-11 86224]

S2 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-10-21 196176]

S2 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-10-13 249648]

S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2009-06-09 155648]

S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360]

S2 PassThru Service;Internet Pass-Through Service;c:\program files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [2011-09-15 88576]

S2 Secunia PSI Agent;Secunia PSI Agent;c:\program files (x86)\Secunia\PSI\PSIA.exe [2011-07-29 994360]

S2 Secunia Update Agent;Secunia Update Agent;c:\program files (x86)\Secunia\PSI\sua.exe [2011-07-29 399416]

S2 vpnagent;Cisco AnyConnect Secure Mobility Agent;c:\program files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe [2011-09-09 475088]

S3 acsock;acsock;c:\windows\system32\DRIVERS\acsock64.sys [x]

S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [x]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]

S3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys [x]

.

.

--- Andere Dienste/Treiber im Speicher ---

.

*NewlyCreated* - WS2IFSL

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{74FA3C8A-1739-4AE0-B578-0E4E288B6688}]

2009-12-16 19:12        126736        ----a-w-        c:\programdata\VoicePro12\VoiceProInstallCurrentUser.exe

.

Inhalt des "geplante Tasks" Ordners

.

2011-09-07 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1302499063-601275286-625076348-1000Core.job

- c:\users\Christian\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-09-02 18:40]

.

2011-09-08 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1302499063-601275286-625076348-1000UA.job

- c:\users\Christian\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-09-02 18:40]

.

2012-02-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-12-09 19:59]

.

2012-02-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-12-09 19:59]

.

2012-02-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1302499063-601275286-625076348-1000Core.job

- c:\users\Christian\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-09 21:20]

.

2012-02-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1302499063-601275286-625076348-1000UA.job

- c:\users\Christian\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-09 21:20]

.

2012-03-06 c:\windows\Tasks\MATLAB R2011b Startup Accelerator.job

- c:\program files\MATLAB\R2011b\bin\win64\MATLABStartupAccelerator.exe [2012-03-06 14:34]

.

2011-09-01 c:\windows\Tasks\PCDoctorBackgroundMonitorTask-Delay.job

- c:\program files\Dell Support Center\uaclauncher.exe [2011-06-21 18:09]

.

2011-09-08 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job

- c:\program files\Dell Support Center\uaclauncher.exe [2011-06-21 18:09]

.

2011-09-08 c:\windows\Tasks\SystemToolsDailyTest.job

- c:\program files\Dell Support Center\uaclauncher.exe [2011-06-21 18:09]

.

.

--------- x86-64 -----------

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]

@="{C5994560-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]

2011-06-13 09:20        75544        ----a-w-        c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]

@="{C5994561-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]

2011-06-13 09:20        75544        ----a-w-        c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]

@="{C5994562-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]

2011-06-13 09:20        75544        ----a-w-        c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]

@="{C5994563-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]

2011-06-13 09:20        75544        ----a-w-        c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]

@="{C5994564-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]

2011-06-13 09:20        75544        ----a-w-        c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]

@="{C5994565-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]

2011-06-13 09:20        75544        ----a-w-        c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]

@="{C5994566-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]

2011-06-13 09:20        75544        ----a-w-        c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]

@="{C5994567-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]

2011-06-13 09:20        75544        ----a-w-        c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]

@="{C5994568-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]

2011-06-13 09:20        75544        ----a-w-        c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2009-06-29 444416]

"Broadcom Wireless Manager UI"="c:\program files\Dell\Dell Wireless WLAN Card\WLTRAY.exe" [2009-07-17 4968960]

"QuickSet"="c:\program files\Dell\QuickSet\QuickSet.exe" [2009-07-02 3180624]

"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 660360]

"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-09-16 497648]

"snpstd3"="c:\windows\vsnpstd3.exe" [2007-05-10 835584]

"combofix"="c:\combofix\CF16861.3XE" [2010-11-20 345088]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"LoadAppInit_DLLs"=0x0

.

------- Zusätzlicher Suchlauf -------

.

uLocal Page = c:\windows\system32\blank.htm

mLocal Page = 

uInternet Settings,ProxyOverride = *.local

IE: &Download by Orbit - c:\program files (x86)\Orbitdownloader\orbitmxt.dll/201

IE: &Grab video by Orbit - c:\program files (x86)\Orbitdownloader\orbitmxt.dll/204

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: Do&wnload selected by Orbit - c:\program files (x86)\Orbitdownloader\orbitmxt.dll/203

IE: Down&load all by Orbit - c:\program files (x86)\Orbitdownloader\orbitmxt.dll/202

IE: Free YouTube Download - c:\users\Christian\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm

IE: Free YouTube to Mp3 Converter - c:\users\Christian\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm

IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000

IE: {{7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - c:\program files (x86)\ICQ7.5\ICQ.exe

TCP: DhcpNameServer = 192.168.1.1

FF - ProfilePath - c:\users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\dkqm69cp.default\

FF - prefs.js: network.proxy.type - 2

.

- - - - Entfernte verwaiste Registrierungseinträge - - - -

.

SafeBoot-mcmscsvc

SafeBoot-MCODS

BHO-{F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - (no file)

Toolbar-Locked - (no file)

HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe

.

.

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\PCDSRVC{1E208CE0-FB7451FF-06020101}_0]

"ImagePath"="\??\c:\program files\dell support center\pcdsrvc_x64.pkms"

.

--------------------- Gesperrte Registrierungsschluessel ---------------------

.

[HKEY_USERS\S-1-5-21-1302499063-601275286-625076348-1000\Software\SecuROM\License information*]

"datasecu"=hex:a2,83,b5,48,d6,e5,96,19,cd,74,21,7d,71,5f,68,3c,f7,5b,34,c7,a4,

   b6,75,74,14,1f,2f,f6,88,e3,b2,84,fe,b8,78,ee,53,25,1c,40,f0,75,c4,fe,26,f6,\

"rkeysecu"=hex:65,3c,b3,07,d3,4b,bd,88,b9,9e,f2,98,b1,77,61,a3

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11f_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11f_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows CE Services]

"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,

   00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Weitere laufende Prozesse ------------------------

.

c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe

c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files (x86)\Cisco Systems\VPN Client\cvpnd.exe

c:\program files (x86)\CDBurnerXP\NMSAccessU.exe

.

**************************************************************************

.

Zeit der Fertigstellung: 2012-03-08  23:20:45 - PC wurde neu gestartet

ComboFix-quarantined-files.txt  2012-03-08 22:20

.

Vor Suchlauf: 17 Verzeichnis(se), 27.277.410.304 Bytes frei

Nach Suchlauf: 20 Verzeichnis(se), 26.896.732.160 Bytes frei

.

- - End Of File - - 51EBB3970518B7139A43209C817A6FDF

ComboFix-Log.

Unter weitere laufende Prozesse listet ComboFix den Avira Antivir-Guad auf, ich hab aber vor dem Scan die Checkbox "Echtzeit-Scanner aktivieren" auf deaktivieren geklickt. Wenn das nur die laufenden Prozesse nach dem Reboot sind passts wohl.

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.

Hinweis: Bitte den Virenscanner abstellen bevor du aswMBR ausführst, denn v.a. Avira meldet darin oft einen Fehalalrm!

Starte die aswMBR.exe Vista und Win7 User aswMBR per Rechtsklick "als Administrator ausführen"
Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen) Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
Klicke auf Scan.
Warte bitte bis Scan finished successfully im DOS Fenster steht.
Drücke auf Save Log und speichere diese auf dem Desktop.

Poste mir die aswMBR.txt in deiner nächsten Antwort. Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte es erneut nicht klappen teile mir das bitte mit.

Code:

aswMBR version 0.9.9.1649 Copyright(c) 2011 AVAST Software

Run date: 2012-03-08 23:39:39

-----------------------------

23:39:39.024    OS Version: Windows x64 6.1.7601 Service Pack 1

23:39:39.024    Number of processors: 2 586 0x170A

23:39:39.024    ComputerName: CHRISTIAN  UserName: Christian

23:39:40.490    Initialize success

23:41:02.516    AVAST engine defs: 12030801

23:41:05.698    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0

23:41:05.698    Disk 0 Vendor: WDC_WD2500BJKT-75F4T0 11.01A11 Size: 238475MB BusType: 11

23:41:05.714    Disk 1  \Device\Harddisk1\SR0 -> \Device\SdBus-0

23:41:05.714    Disk 1 Vendor: (  Size: 7580MB BusType: 12

23:41:05.729    Disk 0 MBR read successfully

23:41:05.729    Disk 0 MBR scan

23:41:05.745    Disk 0 Windows VISTA default MBR code

23:41:05.745    Disk 0 Partition 1 00     DE Dell Utility Dell 8.0       39 MB offset 63

23:41:05.761    Disk 0 Partition 2 80 (A) 42          SFS NTFS        15000 MB offset 80325

23:41:05.776    Disk 0 Partition 3 00     42          SFS NTFS       114457 MB offset 30800325

23:41:05.807    Disk 0 Partition 4 00     42          SFS            108977 MB offset 265208261

23:41:05.807    Disk 0 scanning C:\Windows\system32\drivers

23:41:05.823    Service scanning

23:41:32.047    Modules scanning

23:41:32.047    Disk 0 trace - called modules:

23:41:32.094    ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0xfffffa80049d82c0]<<spmc.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys 

23:41:32.109    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004cf2460]

23:41:32.109    3 CLASSPNP.SYS[fffff8800185143f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8004b2c060]

23:41:32.125    \Driver\atapi[0xfffffa8004aef060] -> IRP_MJ_CREATE -> 0xfffffa80049d82c0

23:41:33.685    AVAST engine scan C:\Windows

23:41:33.700    AVAST engine scan C:\Windows\system32

23:41:33.700    AVAST engine scan C:\Windows\system32\drivers

23:41:33.716    AVAST engine scan C:\Users\Christian

23:41:33.716    AVAST engine scan C:\ProgramData

23:41:33.732    Scan finished successfully

23:50:05.231    Disk 0 MBR has been saved successfully to "C:\Users\Christian\Desktop\MBR.dat"

23:50:05.231    The log file has been saved successfully to "C:\Users\Christian\Desktop\aswMBR.txt"

Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SASW und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!

Super AntiSpyware Log:
(Die Herkunftsangaben von den Tracking-Cookies hab ich selbst gelöscht.)

Code:

SUPERAntiSpyware Scan Log

hxxp://www.superantispyware.com
 

Generated 03/12/2012 at 07:46 AM
 

Application Version : 5.0.1146
 

Core Rules Database Version : 8324

Trace Rules Database Version: 6136
 

Scan type       : Complete Scan

Total Scan Time : 04:31:44
 

Operating System Information

Windows 7 Home Premium 64-bit, Service Pack 1 (Build 6.01.7601)

UAC On - Limited User
 

Memory items scanned      : 719

Memory threats detected   : 0

Registry items scanned    : 69007

Registry threats detected : 0

File items scanned        : 492689

File threats detected     : 44
 

Adware.Tracking Cookie

        

[...]

Malwarebytes-Log:

Code:

Malwarebytes Anti-Malware (Test) 1.60.1.1000

www.malwarebytes.org
 

Datenbank Version: v2012.03.11.08
 

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

Christian :: CHRISTIAN [Administrator]
 

Schutz: Aktiviert
 

11.03.2012 17:53:21

mbam-log-2012-03-11 (17-53-21).txt
 

Art des Suchlaufs: Vollständiger Suchlauf

Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM

Deaktivierte Suchlaufeinstellungen: P2P

Durchsuchte Objekte: 653979

Laufzeit: 2 Stunde(n), 16 Minute(n), 39 Sekunde(n)
 

Infizierte Speicherprozesse: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Speichermodule: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungsschlüssel: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungswerte: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateiobjekte der Registrierung: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Verzeichnisse: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateien: 0

(Keine bösartigen Objekte gefunden)
 

(Ende)

Sieht ok aus, da wurden nur Cookies gefunden.
Cookies sind keine Schädlinge direkt, aber es besteht die Gefahr der missbräuchlichen Verwendung (eindeutige Wiedererkennung zB für gezielte Werbung o.ä. => HTTP-Cookie )

Ist dein System nun wieder in Ordnung oder gibt's noch andere Funde oder Probleme?

Also bis jetzt sehe ich keine weiteren Probleme. Vielen Dank für die Hilfe!

Dann wären wir durch! :abklatsch:

Die Programme, die hier zum Einsatz kamen, können alle wieder runter. CF kann über Start, Ausführen mit combofix /uninstall entfernt werden. Melde dich falls es da Fehlermeldungen zu gibt.
Malwarebytes zu behalten ist kein Fehler. Kannst ja 1x im Monat damit scannen, aber immer vorher ans Update denken.

Bitte abschließend die Updates prüfen, unten mein Leitfaden dazu. Um in Zukunft die Aktualität der installierten Programme besser im Überblick zu halten, kannst du zB Secunia PSI verwenden.
Für noch mehr Sicherheit solltest Du nach der beseitigten Infektion auch möglichst alle Passwörter ändern.

Microsoftupdate

Windows XP: Besuch mit dem IE die MS-Updateseite und lass Dir alle wichtigen Updates installieren.

Windows Vista/7: Anleitung Windows-Update

PDF-Reader aktualisieren
Ein veralteter AdobeReader stellt ein großes Sicherheitsrisiko dar. Du solltest daher besser alte Versionen vom AdobeReader über Systemsteuerung => Software bzw. Programme und Funktionen deinstallieren, indem Du dort auf "Adobe Reader x.0" klickst und das Programm entfernst. (falls du AdobeReader installiert hast)

Ich empfehle einen alternativen PDF-Reader wie PDF Xchange Viewer, SumatraPDF oder Foxit PDF Reader, die sind sehr viel schlanker und flotter als der AdobeReader.

Bitte überprüf bei der Gelegenheit auch die Aktualität des Flashplayers:

Adobe - Andere Version des Adobe Flash Player installieren

Notfalls kann man auch von Chip.de runterladen => http://filepony.de/?q=Flash+Player

Natürlich auch darauf achten, dass andere installierte Browser wie zB Firefox, Opera oder Chrome aktuell sind.

Java-Update
Veraltete Java-Installationen sind ein Sicherheitsrisiko, daher solltest Du die alten Versionen löschen (falls vorhanden, am besten mit JavaRa) und auf die neuste aktualisieren. Beende dazu alle Programme (v.a. die Browser), klick danach auf Start, Systemsteuerung, Software und deinstalliere darüber alle aufgelisteten Java-Versionen. Lad Dir danach von hier das aktuelle Java SE Runtime Environment (JRE) herunter und installiere es.