Trojaner-Board - Windows Recovery Trojaner und dessen Nachwirkungen

Trojaner-Board (https://www.trojaner-board.de/)

- Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)

- - Windows Recovery Trojaner und dessen Nachwirkungen (https://www.trojaner-board.de/99787-windows-recovery-trojaner-nachwirkungen.html)

Windows Recovery Trojaner und dessen Nachwirkungen

Hallo,

ich habe mir vor kurzem den Recovery Trojaner eingefangen. Ein paar meiner Dateien konnte ich wieder sichtbar machen, mit den anderen Folgen habe ich aber noch zu kämpfen:

1. Thunderbird und weitere Programme sind verschwunden.
2. Ich werde wenn ich Links anklicke auf andere Seiten geleitet.
3. Datei Symbole werden weiss angezeigt.

Uns sicher noch einige andere die mir nicht auffallen.

Der Malwarebytes Log ist im Anhang.
Vielen Dank.
Tamás

Ich hab auch mal die OTL Logfile hochgeladen, falls diese gebraucht wird.

Gibt es noch weitere Logs von Malwarebytes? Wenn ja bitte alle posten, die in Malwarebytes im Reiter Logdateien sichtbar sind.

Hallo Arne! Hier alle gespeicherten Logfiles.

Danke!
Tamás

Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:

:OTL

[2011.05.30 16:08:49 | 000,000,152 | ---- | M] () -- C:\ProgramData\~28696312r

[2011.05.30 16:08:49 | 000,000,128 | ---- | M] () -- C:\ProgramData\~28696312

[2011.05.30 16:08:10 | 000,000,344 | ---- | M] () -- C:\ProgramData\28696312

[2011.05.31 13:11:27 | 000,054,016 | ---- | C] () -- C:\Windows\System32\drivers\lefgv.sys

[2011.05.31 10:09:19 | 000,001,056 | ---- | C] () -- C:\Users\Tamás\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\scandisk.lnk

:Commands

[purity]

[resethosts]

Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hier die Logfile vom OTL Fix:

Zitat:

========== OTL ==========
C:\ProgramData\~28696312r moved successfully.
C:\ProgramData\~28696312 moved successfully.
C:\ProgramData\28696312 moved successfully.
File C:\Windows\System32\drivers\lefgv.sys not found.
File C:\Users\Tamás\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\scandisk.lnk not found.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.23.0 log created on 05312011_222509

Bitte nun dieses Tool von Kaspersky ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

Das Tool so einstellen wie unten im Bild angegeben - also beide Haken setzen, auf Start scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.

http://www.trojaner-board.de/attachm...rnen-start.png

Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, bitte unhide ausführen:
Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop.
Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )
http://www.trojaner-board.de/images/icons/icon4.gif Vista und 7 User müssen das Tool per Rechtsklick als Administrator ausführen! http://www.trojaner-board.de/images/icons/icon4.gif

Das Kaspersky Tool habe ich heruntergeladen, allerdings lässt es sich nicht starten; auch nicht als Admin. Ich werde gefragt ob ich die Ausführung des Programms zulassen möchte, was ich bejahe... und dann passiert nichts mehr :(

Dann bitte jetzt CF ausführen, den tdsskiller probieren wir danach nochmal.

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix

Lade dir ComboFix hier herunter auf deinen Desktop. Benenne es beim Runterladen um in cofi.exe.

http://saved.im/mtm0nzyzmzd5/cofi.jpg

Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.

Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.

Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.

Wichtiger Hinweis:

Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Hier die Combofix Logfile:

Combofix Logfile:

Code:

ComboFix 11-05-31.01 - Tamás 31.05.2011  23:18:49.1.2 - x86

Microsoft Windows 7 Home Premium   6.1.7600.0.1252.49.1031.18.3037.2041 [GMT 2:00]

ausgeführt von:: c:\users\Tamás\Desktop\cofi.exe

AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}

AV: Lavasoft Ad-Watch Live! Virenschutz *Disabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}

SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}

SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

C:\cofi.exe

c:\cofi.exe\023.dat

c:\cofi.exe\023v.dat

c:\cofi.exe\023w7.dat

c:\cofi.exe\AppDataFile.cfx

c:\cofi.exe\AppDataFolder.cfx

c:\cofi.exe\appinit.bad

c:\cofi.exe\asp.str

c:\cofi.exe\Assoc.cmd

c:\cofi.exe\ATTRIB.cfxxe

c:\cofi.exe\Auto-RC.cmd

c:\cofi.exe\av.cmd

c:\cofi.exe\av.vbs

c:\cofi.exe\AWF.cmd

c:\cofi.exe\badclsid.c

c:\cofi.exe\Boot-Rk.cmd

c:\cofi.exe\Boot.bat

c:\cofi.exe\BootDrv.vbs

c:\cofi.exe\c.bat

c:\cofi.exe\c.mrk

c:\cofi.exe\Catch-sub.cmd

c:\cofi.exe\catchme.cfxxe

c:\cofi.exe\CCS.bat

c:\cofi.exe\CF-Script.cmd

c:\cofi.exe\CF4673.cfxxe

c:\cofi.exe\CHCP.bat

c:\cofi.exe\clsid.c

c:\cofi.exe\cmd.cfxxe

c:\cofi.exe\Combobatch.bat

c:\cofi.exe\ComboFix-Download.cfxxe

c:\cofi.exe\Create.cmd

c:\cofi.exe\Creg.dat

c:\cofi.exe\CregC.cmd

c:\cofi.exe\CregC.dat

c:\cofi.exe\CSCRIPT.cfxxe

c:\cofi.exe\CSet.cmd

c:\cofi.exe\d-delA.dat

c:\cofi.exe\dd.cfxxe

c:\cofi.exe\ddsDo.sed

c:\cofi.exe\de-DE\ATTRIB.cfxxe.mui

c:\cofi.exe\de-DE\CF4673.cfxxe.mui

c:\cofi.exe\de-DE\cmd.cfxxe.mui

c:\cofi.exe\de-DE\CSCRIPT.cfxxe.mui

c:\cofi.exe\de-DE\PING.cfxxe.mui

c:\cofi.exe\de-DE\REGT.cfxxe.mui

c:\cofi.exe\de-DE\ROUTE.cfxxe.mui

c:\cofi.exe\DelClsid.bat

c:\cofi.exe\DelClsid64.bat

c:\cofi.exe\desktop.ini

c:\cofi.exe\DesktopFile.cfx

c:\cofi.exe\DisclaimED.dat

c:\cofi.exe\DPF.str

c:\cofi.exe\DrvRun.vbs

c:\cofi.exe\dumphive.cfxxe

c:\cofi.exe\embedded.sed

c:\cofi.exe\ERDNT.e_e

c:\cofi.exe\ERDNTDOS.LOC

c:\cofi.exe\ERDNTWIN.LOC

c:\cofi.exe\ERUNT.cfxxe

c:\cofi.exe\erunt.dat

c:\cofi.exe\ERUNT.LOC

c:\cofi.exe\Exe.reg

c:\cofi.exe\extract.cfxxe

c:\cofi.exe\FavoriteFolder.cfx

c:\cofi.exe\FavoritesFile.cfx

c:\cofi.exe\FD-SV.cmd

c:\cofi.exe\ffdefstr.dll

c:\cofi.exe\FileKill.cfxxe

c:\cofi.exe\files.pif

c:\cofi.exe\Fin.dat

c:\cofi.exe\FIND3M.bat

c:\cofi.exe\FIXLSP.bat

c:\cofi.exe\FKMGen.cmd

c:\cofi.exe\ForeignWht

c:\cofi.exe\GetHive.cmd

c:\cofi.exe\grep.cfxxe

c:\cofi.exe\gsar.cfxxe

c:\cofi.exe\handle.cfxxe

c:\cofi.exe\HDPEInfo.cfxxe

c:\cofi.exe\hidec.cfxxe

c:\cofi.exe\history.bat

c:\cofi.exe\hwid.pif

c:\cofi.exe\iexplore.exe

c:\cofi.exe\image001.gif

c:\cofi.exe\Imefile.dat

c:\cofi.exe\Install-RC.cmd

c:\cofi.exe\katch.cmd

c:\cofi.exe\Kill-All.cmd

c:\cofi.exe\kmd.dat

c:\cofi.exe\Lang.bat

c:\cofi.exe\LatestVer

c:\cofi.exe\List-B.bat

c:\cofi.exe\List-C.bat

c:\cofi.exe\List-D.bat

c:\cofi.exe\List.bat

c:\cofi.exe\lnkread.vbs

c:\cofi.exe\LocalAppDataFile.cfx

c:\cofi.exe\LocalAppDataFolder.cfx

c:\cofi.exe\LocalService.dat

c:\cofi.exe\LocalServiceNetworkRestricted.dat

c:\cofi.exe\LocalSettingsFile.cfx

c:\cofi.exe\LocalSystemNetworkRestricted.dat

c:\cofi.exe\mbr.cfxxe

c:\cofi.exe\mbr.chk

c:\cofi.exe\md5sum.pif

c:\cofi.exe\Mirrors

c:\cofi.exe\MoveIt.bat

c:\cofi.exe\mtee.cfxxe

c:\cofi.exe\MtPt00

c:\cofi.exe\MUI

c:\cofi.exe\mynul.dat

c:\cofi.exe\N_\1034

c:\cofi.exe\N_\1109

c:\cofi.exe\N_\133

c:\cofi.exe\N_\13988

c:\cofi.exe\N_\15210

c:\cofi.exe\N_\20082

c:\cofi.exe\N_\20437

c:\cofi.exe\N_\20904

c:\cofi.exe\N_\2338

c:\cofi.exe\N_\24814

c:\cofi.exe\N_\24990

c:\cofi.exe\N_\26650

c:\cofi.exe\N_\31469

c:\cofi.exe\N_\5449

c:\cofi.exe\N_\8342

c:\cofi.exe\N_\8771

c:\cofi.exe\N_\pingtest

c:\cofi.exe\ncmd.com

c:\cofi.exe\ND_.bat

c:\cofi.exe\ND_64.bat

c:\cofi.exe\ndis_combofix.dat

c:\cofi.exe\netsvc.bad.dat

c:\cofi.exe\netsvc.dat

c:\cofi.exe\netsvc.vista.dat

c:\cofi.exe\netsvc.xp.dat

c:\cofi.exe\NetworkService.dat

c:\cofi.exe\NirCmd.cfxxe

c:\cofi.exe\NircmdB.exe

c:\cofi.exe\NirCmdC.cfxxe

c:\cofi.exe\NIRKMD.cfxxe

c:\cofi.exe\NlsLanguageDefault

c:\cofi.exe\NT-OS.cmd

c:\cofi.exe\NULL

c:\cofi.exe\OSid.vbs

c:\cofi.exe\OsVer

c:\cofi.exe\pausep.cfxxe

c:\cofi.exe\PersonalFile.cfx

c:\cofi.exe\PersonalFolder.cfx

c:\cofi.exe\pev.cfxxe

c:\cofi.exe\pevb.cfxxe

c:\cofi.exe\PING.cfxxe

c:\cofi.exe\Policies.dat

c:\cofi.exe\powp.dat

c:\cofi.exe\Prep.inf

c:\cofi.exe\ProfilesFile.cfx

c:\cofi.exe\ProfilesFolder.cfx

c:\cofi.exe\ProgramsFile.cfx

c:\cofi.exe\ProgramsFolder.cfx

c:\cofi.exe\Purity.dat

c:\cofi.exe\PV.cfxxe

c:\cofi.exe\pv.com

c:\cofi.exe\rar_sfx.cmd

c:\cofi.exe\RCLink.dat

c:\cofi.exe\REGDACL.sed

c:\cofi.exe\RegDo.sed

c:\cofi.exe\region.dat

c:\cofi.exe\RegScan.cmd

c:\cofi.exe\RegScan64.cmd

c:\cofi.exe\Resident.txt

c:\cofi.exe\restore_pt.vbs

c:\cofi.exe\Rkey.cmd

c:\cofi.exe\rmbr.cfxxe

c:\cofi.exe\rogues.dat

c:\cofi.exe\ROUTE.cfxxe

c:\cofi.exe\run2.sed

c:\cofi.exe\Rust.str

c:\cofi.exe\s0rt.cfxxe

c:\cofi.exe\safeboot.dat

c:\cofi.exe\safeboot.def.dat

c:\cofi.exe\safeboot.def.vista.dat

c:\cofi.exe\Safeboot.def.w7.dat

c:\cofi.exe\sed.cfxxe

c:\cofi.exe\SetEnvmt.bat

c:\cofi.exe\setpath.cfxxe

c:\cofi.exe\setpath_N.cmd

c:\cofi.exe\SF.exe

c:\cofi.exe\sfx.cmd

c:\cofi.exe\SnapShot.cmd

c:\cofi.exe\SRestore.cmd

c:\cofi.exe\srizbi.md5

c:\cofi.exe\Start_dat

c:\cofi.exe\StartMenuFile.cfx

c:\cofi.exe\StartMenuFolder.cfx

c:\cofi.exe\StartUpFile.cfx

c:\cofi.exe\SuppScan.cmd

c:\cofi.exe\svc_wht.dat

c:\cofi.exe\SvcDrv.vbs

c:\cofi.exe\svchost.dat

c:\cofi.exe\svchost.vista.dat

c:\cofi.exe\svchost.vista.x64.dat

c:\cofi.exe\svchost.w7.dat

c:\cofi.exe\svchost.w7.x64.dat

c:\cofi.exe\swreg.cfxxe

c:\cofi.exe\swsc.cfxxe

c:\cofi.exe\swxcacls.cfxxe

c:\cofi.exe\system_ini.dat

c:\cofi.exe\tail.cfxxe

c:\cofi.exe\temp00

c:\cofi.exe\TemplatesFile.cfx

c:\cofi.exe\TemplatesFolder.cfx

c:\cofi.exe\toolbar.sed

c:\cofi.exe\Update-CF.cmd

c:\cofi.exe\VerCF.bat

c:\cofi.exe\version.txt

c:\cofi.exe\VInfo

c:\cofi.exe\VInfo2

c:\cofi.exe\Vipev.dat

c:\cofi.exe\Vista.krl

c:\cofi.exe\vistaMcode.dat

c:\cofi.exe\vistareg.dat

c:\cofi.exe\vun.dat

c:\cofi.exe\VwinTemp.dacl

c:\cofi.exe\w_sock.dll

c:\cofi.exe\w2k_sock.dll

c:\cofi.exe\w2kreg.dat

c:\cofi.exe\W7.mac

c:\cofi.exe\w7Mcode.dat

c:\cofi.exe\w7reg.dat

c:\cofi.exe\Wmi_rem.vbs

c:\cofi.exe\xpmcode.dat

c:\cofi.exe\xpreg.dat

c:\cofi.exe\XPSBoot.reg

c:\cofi.exe\zDomain.dat

c:\cofi.exe\zhsvc.dat

c:\cofi.exe\zip.cfxxe

.

.

(((((((((((((((((((((((   Dateien erstellt von 2011-04-28 bis 2011-05-31  ))))))))))))))))))))))))))))))

.

.

2011-05-31 21:23 . 2011-05-31 21:23        --------        d-----w-        c:\users\Tamás\AppData\Local\temp

2011-05-31 21:23 . 2011-05-31 21:23        --------        d-----w-        c:\users\Default\AppData\Local\temp

2011-05-31 20:25 . 2011-05-31 20:25        --------        d-----w-        C:\_OTL

2011-05-31 16:55 . 2011-05-31 16:56        --------        d-----w-        c:\program files\Personal Voice Changer Driver

2011-05-31 16:53 . 2011-05-31 16:53        --------        d-----w-        c:\program files\Common Files\fwc

2011-05-31 16:53 . 2011-05-31 16:54        --------        d-----w-        c:\program files\FV

2011-05-31 16:52 . 2011-05-31 16:55        --------        d-----w-        c:\users\Tamás\AppData\Roaming\GetRightToGo

2011-05-31 09:50 . 2011-05-31 09:50        --------        d-----w-        c:\program files\CCleaner

2011-05-31 09:24 . 2011-05-31 09:24        --------        d-----w-        c:\program files\Common Files\Adobe

2011-05-31 07:51 . 2011-05-09 20:46        6962000        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{A13A2E8D-030A-428B-B7E9-1A916CF3A860}\mpengine.dll

2011-05-30 14:22 . 2011-05-30 14:22        --------        d-----w-        c:\users\Tamás\AppData\Roaming\Malwarebytes

2011-05-30 14:22 . 2010-12-20 16:09        38224        ----a-w-        c:\windows\system32\drivers\mbamswissarmy.sys

2011-05-30 14:22 . 2011-05-30 14:22        --------        d-----w-        c:\programdata\Malwarebytes

2011-05-30 14:22 . 2011-05-30 14:22        --------        d-----w-        c:\program files\Malwarebytes' Anti-Malware

2011-05-30 14:09 . 2011-05-30 14:09        --------        d-----w-        c:\users\Tamás\AppData\Roaming\Avira

2011-05-25 07:36 . 2011-04-22 19:36        26496        ----a-w-        c:\windows\system32\drivers\Diskdump.sys

2011-05-19 05:07 . 2011-04-09 05:56        123904        ----a-w-        c:\windows\system32\poqexec.exe

2011-05-18 04:47 . 2011-05-18 04:47        404640        ----a-w-        c:\windows\system32\FlashPlayerCPLApp.cpl

2011-05-16 17:56 . 2011-05-16 17:56        --------        d-----w-        c:\users\Tamás\AppData\Roaming\pokerth

2011-05-13 13:00 . 2011-05-13 13:00        --------        d-----w-        c:\users\Tamás\AppData\Roaming\Mozilla-Cache

2011-05-13 12:59 . 2011-05-13 12:59        --------        d-----w-        C:\Programs

2011-05-13 10:35 . 2011-05-13 10:35        781272        ----a-w-        c:\program files\Mozilla Firefox\mozsqlite3.dll

2011-05-13 10:35 . 2011-05-13 10:35        89048        ----a-w-        c:\program files\Mozilla Firefox\libEGL.dll

2011-05-13 10:35 . 2011-05-13 10:35        465880        ----a-w-        c:\program files\Mozilla Firefox\libGLESv2.dll

2011-05-13 10:35 . 2011-05-13 10:35        1892184        ----a-w-        c:\program files\Mozilla Firefox\d3dx9_42.dll

2011-05-13 10:35 . 2011-05-13 10:35        1874904        ----a-w-        c:\program files\Mozilla Firefox\mozjs.dll

2011-05-13 10:35 . 2011-05-13 10:35        15832        ----a-w-        c:\program files\Mozilla Firefox\mozalloc.dll

2011-05-13 10:35 . 2011-05-13 10:35        142296        ----a-w-        c:\program files\Mozilla Firefox\components\browsercomps.dll

2011-05-13 10:35 . 2011-05-13 10:35        1974616        ----a-w-        c:\program files\Mozilla Firefox\D3DCompiler_42.dll

2011-05-11 06:52 . 2011-03-25 03:06        258560        ----a-w-        c:\windows\system32\drivers\usbhub.sys

2011-05-11 06:52 . 2011-03-25 03:06        284160        ----a-w-        c:\windows\system32\drivers\usbport.sys

2011-05-11 06:52 . 2011-03-25 03:06        75776        ----a-w-        c:\windows\system32\drivers\usbccgp.sys

2011-05-11 06:52 . 2011-03-25 03:06        43008        ----a-w-        c:\windows\system32\drivers\usbehci.sys

2011-05-11 06:52 . 2011-03-25 03:06        20480        ----a-w-        c:\windows\system32\drivers\usbohci.sys

2011-05-11 06:52 . 2011-03-25 03:06        24064        ----a-w-        c:\windows\system32\drivers\usbuhci.sys

2011-05-11 06:52 . 2011-03-25 03:06        5888        ----a-w-        c:\windows\system32\drivers\usbd.sys

2011-05-11 06:52 . 2011-04-09 06:13        3957632        ----a-w-        c:\windows\system32\ntkrnlpa.exe

2011-05-11 06:52 . 2011-04-09 06:13        3901824        ----a-w-        c:\windows\system32\ntoskrnl.exe

2011-05-09 09:26 . 2011-05-09 09:26        --------        d-----w-        c:\programdata\Boss Media

2011-05-09 09:26 . 2011-05-09 09:26        --------        d-----w-        c:\users\Tamás\AppData\Local\Boss Media

2011-05-09 09:06 . 2011-05-14 17:04        --------        d-----w-        C:\Poker

.

.

.

((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-03-17 08:33 . 2010-10-28 00:00        137656        ----a-w-        c:\windows\system32\drivers\avipbb.sys

2011-03-12 11:31 . 2011-04-27 06:42        442880        ----a-w-        c:\windows\system32\XpsPrint.dll

2011-03-11 05:44 . 2011-04-27 06:43        146304        ----a-w-        c:\windows\system32\drivers\storport.sys

2011-03-11 05:44 . 2011-04-27 06:43        143744        ----a-w-        c:\windows\system32\drivers\nvstor.sys

2011-03-11 05:44 . 2011-04-27 06:43        1210240        ----a-w-        c:\windows\system32\drivers\ntfs.sys

2011-03-11 05:44 . 2011-04-27 06:43        117120        ----a-w-        c:\windows\system32\drivers\nvraid.sys

2011-03-11 05:43 . 2011-04-27 06:43        332160        ----a-w-        c:\windows\system32\drivers\iaStorV.sys

2011-03-11 05:43 . 2011-04-27 06:43        80256        ----a-w-        c:\windows\system32\drivers\amdsata.sys

2011-03-11 05:43 . 2011-04-27 06:43        22400        ----a-w-        c:\windows\system32\drivers\amdxata.sys

2011-03-11 05:40 . 2011-04-15 06:11        1164288        ----a-w-        c:\windows\system32\mfc42u.dll

2011-03-11 05:40 . 2011-04-15 06:11        1137664        ----a-w-        c:\windows\system32\mfc42.dll

2011-03-11 05:39 . 2011-04-27 06:43        1686016        ----a-w-        c:\windows\system32\esent.dll

2011-03-11 05:37 . 2011-04-27 06:43        74240        ----a-w-        c:\windows\system32\fsutil.exe

2011-03-10 22:30 . 2008-09-17 14:29        14744        ----a-w-        c:\users\Tamás\AppData\Roaming\Microsoft\IdentityCRL\production\ppcrlconfig.dll

2011-03-10 22:30 . 2008-09-17 14:29        14744        ----a-w-        c:\users\Tamás\AppData\Roaming\Microsoft\IdentityCRL\production\ppcrlconfig.dll

2011-03-08 05:38 . 2011-04-15 06:21        740864        ----a-w-        c:\windows\system32\inetcomm.dll

2011-03-03 05:29 . 2011-04-15 06:10        132608        ----a-w-        c:\windows\system32\dnsrslvr.dll

2011-03-03 05:27 . 2011-04-15 06:10        28672        ----a-w-        c:\windows\system32\dnscacheugc.exe

2011-03-03 03:31 . 2011-04-15 06:02        2331136        ----a-w-        c:\windows\system32\win32k.sys

2011-05-13 10:35 . 2011-05-13 10:35        142296        ----a-w-        c:\program files\mozilla firefox\components\browsercomps.dll

.

.

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))

.

.

*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-04-16 3872080]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-11-02 281768]

"ETDWare"="c:\program files\Elantech\ETDCtrl.exe" [2010-04-13 548744]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-25 136216]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-25 171032]

"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-25 170520]

"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-12-20 963976]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]

.

c:\users\Tam*s\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

OpenOffice.org 3.3.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2011-05-16 2151128]

R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [2011-02-04 15232]

R3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [x]

S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2010-09-23 64288]

S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-12-12 691696]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]

S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2011-04-29 136360]

S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [2010-04-13 109960]

S3 tenCapture;tenCapture;c:\windows\system32\DRIVERS\tenCapture.sys [2007-04-21 9344]

S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]

.

.

Inhalt des "geplante Tasks" Ordners

.

2011-05-31 c:\windows\Tasks\Ad-Aware Update (Weekly).job

- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-09-23 09:11]

.

2011-03-05 c:\windows\Tasks\DriverEasy Scheduled Scan.job

- c:\program files\Easeware\DriverEasy\DriverEasy.exe [2010-11-05 19:29]

.

.

------- Zusätzlicher Suchlauf -------

.

TCP: DhcpNameServer = 192.168.178.1

FF - ProfilePath - c:\users\Tamás\AppData\Roaming\Mozilla\Firefox\Profiles\hsyjdiac.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2431245&SearchSource=3&q={searchTerms}

FF - prefs.js: browser.search.selectedEngine - Amazon.de

FF - prefs.js: browser.startup.homepage - google.de

FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?FORM=IEFM1&q=

.

- - - - Entfernte verwaiste Registrierungseinträge - - - -

.

URLSearchHooks-{cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - (no file)

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)

HKCU-Run-NvCplDaemonTool - c:\users\TAMS~1\LPLOAD~1.DLL

.

.

.

--------------------- Gesperrte Registrierungsschluessel ---------------------

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Zeit der Fertigstellung: 2011-05-31  23:24:52

ComboFix-quarantined-files.txt  2011-05-31 21:24

.

Vor Suchlauf: 13 Verzeichnis(se), 268.421.943.296 Bytes frei

Nach Suchlauf: 15 Verzeichnis(se), 268.409.622.528 Bytes frei

.

- - End Of File - - 1F81CC7F522F539ECA9B22E846A00BE7

--- --- ---

Probier den tdsskiller bitte jetzt nochmal.

Der tdskiller will immernoch nicht :(

Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.

Downloade Dir danach bitte MBRCheck (by a_d_13) und speichere die Datei auf dem Desktop.

Doppelklick auf die MBRCheck.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Das Tool braucht nur wenige Sekunden.
Danach solltest du eine MBRCheck_<Datum>_<Uhrzeit>.txt auf dem Desktop finden.

Poste mir bitte den Inhalt des .txt Dokumentes

GMER Logfile:

Code:

GMER 1.0.15.15640 - hxxp://www.gmer.net

Rootkit scan 2011-06-01 12:07:31

Windows 6.1.7600  Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 ST9320325AS rev.0002SDM1

Running: ydemwxjr.exe; Driver: C:\Users\TAMS~1\AppData\Local\Temp\uxldapow.sys
 
 

---- Kernel code sections - GMER 1.0.15 ----
 

.text           ntkrnlpa.exe!ZwSaveKeyEx + 13BD                                                                                     82A82569 1 Byte  [06]

.text           ntkrnlpa.exe!KiDispatchInterrupt + 5A2                                                                              82AA7092 19 Bytes  [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}

?               System32\Drivers\spin.sys                                                                                           Das System kann den angegebenen Pfad nicht finden. !

.text           USBPORT.SYS!DllUnload                                                                                               91030D18 5 Bytes  JMP 866311D8 
 

---- User code sections - GMER 1.0.15 ----
 

.text           C:\Program Files\Internet Explorer\iexplore.exe[2272] USER32.dll!CreateWindowExW                                    76D30E51 5 Bytes  JMP 6EA38197 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)

.text           C:\Program Files\Internet Explorer\iexplore.exe[2272] USER32.dll!DialogBoxIndirectParamW                            76D54AA7 5 Bytes  JMP 6EB5FED8 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)

.text           C:\Program Files\Internet Explorer\iexplore.exe[2272] USER32.dll!DialogBoxParamW                                    76D5564A 5 Bytes  JMP 6E954BA7 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)

.text           C:\Program Files\Internet Explorer\iexplore.exe[2272] USER32.dll!DialogBoxParamA                                    76D6CF6A 5 Bytes  JMP 6EB5FE75 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)

.text           C:\Program Files\Internet Explorer\iexplore.exe[2272] USER32.dll!DialogBoxIndirectParamA                            76D6D29C 5 Bytes  JMP 6EB5FF3B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)

.text           C:\Program Files\Internet Explorer\iexplore.exe[2272] USER32.dll!MessageBoxIndirectA                                76D7E8C9 5 Bytes  JMP 6EB5FE0A C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)

.text           C:\Program Files\Internet Explorer\iexplore.exe[2272] USER32.dll!MessageBoxIndirectW                                76D7E9C3 5 Bytes  JMP 6EB5FD9F C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)

.text           C:\Program Files\Internet Explorer\iexplore.exe[2272] USER32.dll!MessageBoxExA                                      76D7EA29 5 Bytes  JMP 6EB5FD3D C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)

.text           C:\Program Files\Internet Explorer\iexplore.exe[2272] USER32.dll!MessageBoxExW                                      76D7EA4D 5 Bytes  JMP 6EB5FCDB C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)

.text           C:\Program Files\Internet Explorer\iexplore.exe[2272] WININET.dll!HttpAddRequestHeadersA                            77389ABA 5 Bytes  JMP 00476B70 

.text           C:\Program Files\Internet Explorer\iexplore.exe[2272] WININET.dll!HttpAddRequestHeadersW                            77390848 5 Bytes  JMP 00476D70 

.text           C:\Program Files\Internet Explorer\iexplore.exe[2272] WS2_32.dll!closesocket                                        77B63BED 5 Bytes  JMP 0040000A 

.text           C:\Program Files\Internet Explorer\iexplore.exe[2272] WS2_32.dll!recv                                               77B647DF 5 Bytes  JMP 003E000A 

.text           C:\Program Files\Internet Explorer\iexplore.exe[2272] WS2_32.dll!connect                                            77B648BE 5 Bytes  JMP 003F000A 

.text           C:\Program Files\Internet Explorer\iexplore.exe[2272] WS2_32.dll!getaddrinfo                                        77B66737 5 Bytes  JMP 004A000A 

.text           C:\Program Files\Internet Explorer\iexplore.exe[2272] WS2_32.dll!send                                               77B6C4C8 3 Bytes  JMP 0042000A 

.text           C:\Program Files\Internet Explorer\iexplore.exe[2272] WS2_32.dll!send + 4                                           77B6C4CC 1 Byte  [88]

.text           C:\Program Files\Internet Explorer\iexplore.exe[2272] WS2_32.dll!gethostbyname                                      77B77133 5 Bytes  JMP 0049000A 

.text           C:\Program Files\Internet Explorer\iexplore.exe[3272] USER32.dll!UnhookWindowsHookEx                                76D2CC7B 5 Bytes  JMP 6EA483A2 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)

.text           C:\Program Files\Internet Explorer\iexplore.exe[3272] USER32.dll!CallNextHookEx                                     76D2CC8F 5 Bytes  JMP 6EA29D94 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)

.text           C:\Program Files\Internet Explorer\iexplore.exe[3272] USER32.dll!CreateWindowExW                                    76D30E51 5 Bytes  JMP 6EA38197 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)

.text           C:\Program Files\Internet Explorer\iexplore.exe[3272] USER32.dll!SetWindowsHookExW                                  76D3210A 5 Bytes  JMP 6E9E463B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)

.text           C:\Program Files\Internet Explorer\iexplore.exe[3272] USER32.dll!DialogBoxIndirectParamW                            76D54AA7 5 Bytes  JMP 6EB5FED8 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)

.text           C:\Program Files\Internet Explorer\iexplore.exe[3272] USER32.dll!DialogBoxParamW                                    76D5564A 5 Bytes  JMP 6E954BA7 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)

.text           C:\Program Files\Internet Explorer\iexplore.exe[3272] USER32.dll!DialogBoxParamA                                    76D6CF6A 5 Bytes  JMP 6EB5FE75 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)

.text           C:\Program Files\Internet Explorer\iexplore.exe[3272] USER32.dll!DialogBoxIndirectParamA                            76D6D29C 5 Bytes  JMP 6EB5FF3B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)

.text           C:\Program Files\Internet Explorer\iexplore.exe[3272] USER32.dll!MessageBoxIndirectA                                76D7E8C9 5 Bytes  JMP 6EB5FE0A C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)

.text           C:\Program Files\Internet Explorer\iexplore.exe[3272] USER32.dll!MessageBoxIndirectW                                76D7E9C3 5 Bytes  JMP 6EB5FD9F C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)

.text           C:\Program Files\Internet Explorer\iexplore.exe[3272] USER32.dll!MessageBoxExA                                      76D7EA29 5 Bytes  JMP 6EB5FD3D C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)

.text           C:\Program Files\Internet Explorer\iexplore.exe[3272] USER32.dll!MessageBoxExW                                      76D7EA4D 5 Bytes  JMP 6EB5FCDB C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)

.text           C:\Program Files\Internet Explorer\iexplore.exe[3272] ole32.dll!OleLoadFromStream                                   76F05BF6 5 Bytes  JMP 6EB6022B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)

.text           C:\Program Files\Internet Explorer\iexplore.exe[3272] ole32.dll!CoCreateInstance                                    76F5590C 5 Bytes  JMP 6EA38C85 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)

.text           C:\Program Files\Internet Explorer\iexplore.exe[3272] WININET.dll!HttpAddRequestHeadersA                            77389ABA 5 Bytes  JMP 002B6B70 

.text           C:\Program Files\Internet Explorer\iexplore.exe[3272] WININET.dll!HttpAddRequestHeadersW                            77390848 5 Bytes  JMP 002B6D70 

.text           C:\Program Files\Internet Explorer\iexplore.exe[3272] WS2_32.dll!closesocket                                        77B63BED 5 Bytes  JMP 0059000A 

.text           C:\Program Files\Internet Explorer\iexplore.exe[3272] WS2_32.dll!recv                                               77B647DF 5 Bytes  JMP 0057000A 

.text           C:\Program Files\Internet Explorer\iexplore.exe[3272] WS2_32.dll!connect                                            77B648BE 5 Bytes  JMP 0058000A 

.text           C:\Program Files\Internet Explorer\iexplore.exe[3272] WS2_32.dll!getaddrinfo                                        77B66737 5 Bytes  JMP 005C000A 

.text           C:\Program Files\Internet Explorer\iexplore.exe[3272] WS2_32.dll!send                                               77B6C4C8 5 Bytes  JMP 005A000A 

.text           C:\Program Files\Internet Explorer\iexplore.exe[3272] WS2_32.dll!gethostbyname                                      77B77133 5 Bytes  JMP 005B000A 
 

---- Kernel IAT/EAT - GMER 1.0.15 ----
 

IAT             \SystemRoot\system32\DRIVERS\atapi.sys[ataport.SYS!AtaPortReadPortUchar]                                            [8B0A5042] \SystemRoot\System32\Drivers\spin.sys

IAT             \SystemRoot\system32\DRIVERS\atapi.sys[ataport.SYS!AtaPortWritePortUchar]                                           [8B0A56D6] \SystemRoot\System32\Drivers\spin.sys

IAT             \SystemRoot\system32\DRIVERS\atapi.sys[ataport.SYS!AtaPortWritePortBufferUshort]                                    [8B0A5800] \SystemRoot\System32\Drivers\spin.sys

IAT             \SystemRoot\system32\DRIVERS\atapi.sys[ataport.SYS!AtaPortReadPortBufferUshort]                                     [8B0A513E] \SystemRoot\System32\Drivers\spin.sys
 

---- Devices - GMER 1.0.15 ----
 

Device          \FileSystem\Ntfs \Ntfs                                                                                              853461F8

Device          \Driver\volmgr \Device\VolMgrControl                                                                                853411F8

Device          \Driver\usbuhci \Device\USBPDO-0                                                                                    8663C1F8

Device          \Driver\usbuhci \Device\USBPDO-1                                                                                    8663C1F8

Device          \Driver\usbuhci \Device\USBPDO-2                                                                                    8663C1F8

Device          \Driver\usbehci \Device\USBPDO-3                                                                                    86084500

Device          \Driver\usbuhci \Device\USBPDO-4                                                                                    8663C1F8

Device          \Driver\usbuhci \Device\USBPDO-5                                                                                    8663C1F8

Device          \Driver\usbuhci \Device\USBPDO-6                                                                                    8663C1F8

Device          \Driver\volmgr \Device\HarddiskVolume1                                                                              853411F8
 

AttachedDevice  \Driver\volmgr \Device\HarddiskVolume1                                                                              fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

AttachedDevice  \Driver\volmgr \Device\HarddiskVolume1                                                                              rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
 

Device          \Driver\usbehci \Device\USBPDO-7                                                                                    86084500

Device          \Driver\volmgr \Device\HarddiskVolume2                                                                              853411F8
 

AttachedDevice  \Driver\volmgr \Device\HarddiskVolume2                                                                              fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

AttachedDevice  \Driver\volmgr \Device\HarddiskVolume2                                                                              rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
 

Device          \Driver\cdrom \Device\CdRom0                                                                                        8663B1F8

Device          \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-0                                                                         853431F8

Device          \Driver\atapi \Device\Ide\IdePort0                                                                                  853431F8

Device          \Driver\atapi \Device\Ide\IdePort1                                                                                  853431F8

Device          \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-1                                                                         853431F8

Device          \Driver\msahci \Device\Ide\PciIde0Channel0                                                                          853441F8

Device          \Driver\msahci \Device\Ide\PciIde0Channel1                                                                          853441F8

Device          \Driver\NetBT \Device\NetBt_Wins_Export                                                                             865E71F8

Device          \Driver\ACPI_HAL \Device\0000004c                                                                                   halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

Device          \Driver\NetBT \Device\NetBT_Tcpip_{39A290D2-A698-4B41-A141-407119D44DB0}                                            865E71F8

Device          \Driver\NetBT \Device\NetBT_Tcpip_{62D45DF5-9BB5-47B6-935B-F32C042753BE}                                            865E71F8

Device          \Driver\usbuhci \Device\USBFDO-0                                                                                    8663C1F8

Device          \Driver\NetBT \Device\NetBT_Tcpip_{7C712DA1-1D3C-43DE-9F69-42E8D1566FE1}                                            865E71F8

Device          \Driver\usbuhci \Device\USBFDO-1                                                                                    8663C1F8

Device          \Driver\usbuhci \Device\USBFDO-2                                                                                    8663C1F8

Device          \Driver\usbehci \Device\USBFDO-3                                                                                    86084500

Device          \Driver\usbuhci \Device\USBFDO-4                                                                                    8663C1F8

Device          \Driver\usbuhci \Device\USBFDO-5                                                                                    8663C1F8

Device          \Driver\usbuhci \Device\USBFDO-6                                                                                    8663C1F8

Device          \Driver\usbehci \Device\USBFDO-7                                                                                    86084500
 

---- Threads - GMER 1.0.15 ----
 

Thread          System [4:268]                                                                                                      862E2E7A

Thread          System [4:272]                                                                                                      862E5008
 

---- Registry - GMER 1.0.15 ----
 

Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s1                                                                  771343423

Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s2                                                                  285507792

Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@h0                                                                  1

Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC                                    

Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0                                 C:\Program Files\DAEMON Tools Lite\

Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0                                 0x00 0x00 0x00 0x00 ...

Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                 0

Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                              0x1A 0xF3 0x28 0x4E ...

Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001                           

Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0                        0x20 0x01 0x00 0x00 ...

Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12                     0x42 0x02 0x78 0xA1 ...

Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0                      

Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12                0x97 0x74 0x96 0x75 ...

Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)                

Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0                                     C:\Program Files\DAEMON Tools Lite\

Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0                                     0x00 0x00 0x00 0x00 ...

Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                     0

Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                                  0x1A 0xF3 0x28 0x4E ...

Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)       

Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0                            0x20 0x01 0x00 0x00 ...

Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12                         0x42 0x02 0x78 0xA1 ...

Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)  

Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12                    0x97 0x74 0x96 0x75 ...
 

---- EOF - GMER 1.0.15 ----

--- --- ---

OSAM Logfile:

Code:

Report of OSAM: Autorun Manager v5.0.11926.0

hxxp://www.online-solutions.ru/en/

Saved at 12:18:49 on 01.06.2011
 

OS: Windows 7 Home Premium Edition (Build 7600), 32-bit

Default Browser: Mozilla Corporation Firefox 4.0.1
 

Scanner Settings

[x] Rootkits detection (hidden registry)

[x] Rootkits detection (hidden files)

[x] Retrieve files information

[x] Check Microsoft signatures
 

Filters

[ ] Trusted entries

[ ] Empty entries

[x] Hidden registry entries (rootkit activity)

[x] Exclusively opened files

[x] Not found files

[x] Files without detailed information

[x] Existing files

[ ] Non-startable services

[ ] Non-startable drivers

[x] Active entries

[x] Disabled entries
 
 

[Boot Execute]

-----( HKLM\SYSTEM\CurrentControlSet\Control\Session Manager )-----

"BootExecute" - ? - C:\Windows\system32\lsdelete.exe  (File found, but it contains no detailed information)
 

[Common]

-----( %SystemRoot%\Tasks )-----

"Ad-Aware Update (Weekly).job" - "Lavasoft Limited                                                      " - C:\Program Files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe

"DriverEasy Scheduled Scan.job" - "Easeware" - C:\Program Files\Easeware\DriverEasy\DriverEasy.exe
 

[Control Panel Objects]

-----( %SystemRoot%\system32 )-----

"FlashPlayerCPLApp.cpl" - "Adobe Systems Incorporated" - C:\Windows\system32\FlashPlayerCPLApp.cpl
 

[Drivers]

-----( HKLM\SYSTEM\CurrentControlSet\Services )-----

"a4aeoanf" (a4aeoanf) - ? - C:\Windows\system32\drivers\a4aeoanf.sys  (Hidden registry entry, rootkit activity | File not found)

"avgntflt" (avgntflt) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avgntflt.sys

"avipbb" (avipbb) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avipbb.sys

"catchme" (catchme) - ? - C:\Users\TAMS~1\AppData\Local\Temp\catchme.sys  (File not found)

"cpuz132" (cpuz132) - ? - C:\Users\TAMS~1\AppData\Local\Temp\cpuz132\cpuz132_x32.sys  (File not found)

"Lavasoft helper driver" (Lavasoft Kernexplorer) - ? - C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys  (File found, but it contains no detailed information)

"sptd" (sptd) - "Duplex Secure Ltd." - C:\Windows\System32\Drivers\sptd.sys  (File is exclusively opened, access blocked)

"ssmdrv" (ssmdrv) - "Avira GmbH" - C:\Windows\System32\DRIVERS\ssmdrv.sys

"tenCapture" (tenCapture) - "Hajo Krabbenhöft" - C:\Windows\System32\DRIVERS\tenCapture.sys

"uxldapow" (uxldapow) - ? - C:\Users\TAMS~1\AppData\Local\Temp\uxldapow.sys  (Hidden registry entry, rootkit activity | File not found)

"ZTE Diagnostic Port" (ZTEusbser6k) - ? - C:\Windows\System32\DRIVERS\ZTEusbser6k.sys  (File not found)

"ZTE Mass Storage Filter Driver" (massfilter) - ? - C:\Windows\System32\drivers\massfilter.sys  (File not found)

"ZTE NMEA Port" (ZTEusbnmea) - ? - C:\Windows\System32\DRIVERS\ZTEusbnmea.sys  (File not found)

"ZTE Proprietary USB Driver" (ZTEusbmdm6k) - ? - C:\Windows\System32\DRIVERS\ZTEusbmdm6k.sys  (File not found)
 

[Explorer]

-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----

{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll

{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll

-----( HKLM\Software\Classes\Protocols\Handler )-----

{828030A1-22C1-4009-854F-8E305202313F} "livecall" - "Microsoft Corporation" - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL

{828030A1-22C1-4009-854F-8E305202313F} "msnim" - "Microsoft Corporation" - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----

{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "OpenOffice.org Column Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll

{087B3AE3-E237-4467-B8DB-5A38AB959AC9} "OpenOffice.org Infotip Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll

{AE424E85-F6DF-4910-A6A9-438797986431} "OpenOffice.org Property Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\propertyhdl.dll

{63542C48-9552-494A-84F7-73AA6A7C99C1} "OpenOffice.org Property Sheet Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll

{3B092F0C-7696-40E3-A80F-68D74DA84210} "OpenOffice.org Thumbnail Viewer" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll

{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\shlext.dll

{2BE99FD4-A181-4996-BFA9-58C5FFD11F6C} "Windows Live Photo Gallery Autoplay Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe

{00F30F64-AC33-42F5-8FD1-5DC2D3FDE06C} "Windows Live Photo Gallery Editor Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe

{00F3712A-CA79-45B4-9E4D-D7891E7F8B9D} "Windows Live Photo Gallery Editor Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll

{00F30F90-3E96-453B-AFCD-D71989ECC2C7} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll

{00F33137-EE26-412F-8D71-F84E4C2C6625} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll

{00F374B7-B390-4884-B372-2FC349F2172B} "Windows Live Photo Gallery Viewer Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe

{00F346CB-35A4-465B-8B8F-65A29DBAB1F6} "Windows Live Photo Gallery Viewer Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll

{B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - "Alexander Roshal" - C:\Program Files\WinRAR\rarext.dll

{06A2568A-CED6-4187-BB20-400B8C02BE5A} "{06A2568A-CED6-4187-BB20-400B8C02BE5A}" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoAcquireWizard.exe
 

[Internet Explorer]

-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----

ITBar7Height "ITBar7Height" - ? -   (File not found | COM-object registry key not found)

<binary data> "ITBar7Layout" - ? -   (File not found | COM-object registry key not found)

<binary data> "{32099AAC-C132-4136-9E9A-4E364A424E17}" - ? -   (File not found | COM-object registry key not found)

-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----

{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_22" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} "Java Plug-in 1.6.0_22" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_22" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_22.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

{C3F79A2B-B9B4-4A66-B012-3EE46475B072} "MessengerStatsClient Class" - "Microsoft Corporation" - C:\Windows\Downloaded Program Files\MessengerStatsPAClient.dll / hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----

{18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2ssv.dll

{9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live Anmelde-Hilfsprogramm" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

{5C255C8A-E604-49b4-9D64-90988571CECB} "{5C255C8A-E604-49b4-9D64-90988571CECB}" - ? -   (File not found | COM-object registry key not found)
 

[Logon]

-----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )-----

"desktop.ini" - ? - C:\Users\Tamás\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini

"OpenOffice.org 3.3.lnk" - ? - C:\Program Files\OpenOffice.org 3\program\quickstart.exe  (Shortcut exists | File found, but it contains no detailed information | File exists)

-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----

"msnmsgr" - "Microsoft Corporation" - "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background

-----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )-----

"StartupPrograms" - ? - rdpclip  (File not found)

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----

"Adobe ARM" - "Adobe Systems Incorporated" - "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

"Adobe Reader Speed Launcher" - "Adobe Systems Incorporated" - "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

"avgnt" - "Avira GmbH" - "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min

"Malwarebytes' Anti-Malware (reboot)" - "Malwarebytes Corporation" - "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript

"SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
 

[Print Monitors]

-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----

"CutePDF Writer Monitor" - ? - C:\Windows\system32\cpwmon2k.dll  (File found, but it contains no detailed information)
 

[Services]

-----( HKLM\SYSTEM\CurrentControlSet\Services )-----

"Avira AntiVir Guard" (AntiVirService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\avguard.exe

"Avira AntiVir Planer" (AntiVirSchedulerService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\sched.exe

"Lavasoft Ad-Aware Service" (Lavasoft Ad-Aware Service) - "Lavasoft Limited" - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe

"Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
 

===[ Logfile end ]=========================================[ Logfile end ]===

--- --- ---

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows 7 Home Premium Edition
Windows Information: (build 7600), 32-bit
Base Board Manufacturer: ASUSTeK Computer Inc.
BIOS Manufacturer: American Megatrends Inc.
System Manufacturer: ASUSTeK Computer Inc.
System Product Name: K50IJ
Logical Drives Mask: 0x0000000c

Kernel Drivers (total 152):
0x82A3F000 \SystemRoot\system32\ntkrnlpa.exe
0x82A08000 \SystemRoot\system32\halmacpi.dll
0x80B9C000 \SystemRoot\system32\kdcom.dll
0x8AE2C000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x8AEA4000 \SystemRoot\system32\PSHED.dll
0x8AEB5000 \SystemRoot\system32\BOOTVID.dll
0x8AEBD000 \SystemRoot\system32\CLFS.SYS
0x8AEFF000 \SystemRoot\system32\CI.dll
0x8B024000 \SystemRoot\system32\drivers\Wdf01000.sys
0x8B095000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x8B0A3000 \SystemRoot\System32\Drivers\spin.sys
0x8B196000 \SystemRoot\System32\Drivers\WMILIB.SYS
0x8B19F000 \SystemRoot\System32\Drivers\SCSIPORT.SYS
0x8AFAA000 \SystemRoot\system32\DRIVERS\ACPI.sys
0x8B1C5000 \SystemRoot\system32\DRIVERS\msisadrv.sys
0x8B1CD000 \SystemRoot\system32\DRIVERS\vdrvroot.sys
0x8AE00000 \SystemRoot\system32\DRIVERS\pci.sys
0x8B1D8000 \SystemRoot\System32\drivers\partmgr.sys
0x8B1E9000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x8B1F1000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x8B000000 \SystemRoot\system32\DRIVERS\volmgr.sys
0x8B21A000 \SystemRoot\System32\drivers\volmgrx.sys
0x8B265000 \SystemRoot\System32\drivers\mountmgr.sys
0x8B27B000 \SystemRoot\system32\DRIVERS\atapi.sys
0x8B284000 \SystemRoot\system32\DRIVERS\ataport.SYS
0x8B2A7000 \SystemRoot\system32\DRIVERS\msahci.sys
0x8B2B1000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS
0x8B2BF000 \SystemRoot\system32\drivers\amdxata.sys
0x8B2C8000 \SystemRoot\system32\drivers\fltmgr.sys
0x8B2FC000 \SystemRoot\system32\drivers\fileinfo.sys
0x8B30D000 \SystemRoot\system32\DRIVERS\Lbd.sys
0x8B43D000 \SystemRoot\System32\Drivers\Ntfs.sys
0x8B56C000 \SystemRoot\System32\Drivers\msrpc.sys
0x8B597000 \SystemRoot\System32\Drivers\ksecdd.sys
0x8B31C000 \SystemRoot\System32\Drivers\cng.sys
0x8B5AA000 \SystemRoot\System32\drivers\pcw.sys
0x8B5B8000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x8B638000 \SystemRoot\system32\drivers\ndis.sys
0x8B6EF000 \SystemRoot\system32\drivers\NETIO.SYS
0x8B72D000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x8B812000 \SystemRoot\System32\drivers\tcpip.sys
0x8B95B000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x8B98C000 \SystemRoot\system32\DRIVERS\volsnap.sys
0x8B9CB000 \SystemRoot\System32\Drivers\spldr.sys
0x8B9D3000 \SystemRoot\System32\drivers\rdyboost.sys
0x8B800000 \SystemRoot\System32\Drivers\mup.sys
0x8B752000 \SystemRoot\System32\drivers\hwpolicy.sys
0x8B75A000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x8B78C000 \SystemRoot\system32\DRIVERS\disk.sys
0x8B79D000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
0x8B600000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x8B61F000 \SystemRoot\System32\Drivers\Null.SYS
0x8B626000 \SystemRoot\System32\Drivers\Beep.SYS
0x8B5C1000 \SystemRoot\System32\drivers\vga.sys
0x8B5CD000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x8B5EE000 \SystemRoot\System32\drivers\watchdog.sys
0x8B62D000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x8B7F5000 \SystemRoot\system32\drivers\rdpencdd.sys
0x8B400000 \SystemRoot\system32\drivers\rdprefmp.sys
0x8B408000 \SystemRoot\System32\Drivers\Msfs.SYS
0x8B413000 \SystemRoot\System32\Drivers\Npfs.SYS
0x8B421000 \SystemRoot\system32\DRIVERS\tdx.sys
0x8B379000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x8B384000 \SystemRoot\system32\drivers\afd.sys
0x90415000 \SystemRoot\System32\DRIVERS\netbt.sys
0x90447000 \SystemRoot\system32\DRIVERS\wfplwf.sys
0x9044E000 \SystemRoot\system32\DRIVERS\pacer.sys
0x9046D000 \SystemRoot\system32\DRIVERS\vwififlt.sys
0x9047E000 \SystemRoot\system32\DRIVERS\netbios.sys
0x9048C000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x9049F000 \SystemRoot\system32\DRIVERS\termdd.sys
0x904AF000 \SystemRoot\system32\DRIVERS\ssmdrv.sys
0x904B5000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x904F6000 \SystemRoot\system32\drivers\nsiproxy.sys
0x90500000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x9050A000 \SystemRoot\System32\drivers\discache.sys
0x90516000 \SystemRoot\System32\Drivers\dfsc.sys
0x9052E000 \SystemRoot\system32\DRIVERS\blbdrive.sys
0x9053C000 \SystemRoot\system32\DRIVERS\avipbb.sys
0x90562000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x90583000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x91815000 \SystemRoot\system32\DRIVERS\igdkmd32.sys
0x92132000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x90595000 \SystemRoot\System32\drivers\dxgmms1.sys
0x921E9000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x9100C000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x91057000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x91066000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x91085000 \SystemRoot\system32\DRIVERS\athr.sys
0x911B2000 \SystemRoot\system32\DRIVERS\vwifibus.sys
0x911BC000 \SystemRoot\system32\DRIVERS\L1E62x86.sys
0x911CC000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x911E4000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x905CE000 \SystemRoot\system32\DRIVERS\ETD.sys
0x911F1000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x91000000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x91004000 \SystemRoot\system32\DRIVERS\ATKACPI.sys
0x91800000 \SystemRoot\system32\DRIVERS\CompositeBus.sys
0x9180D000 \SystemRoot\system32\DRIVERS\tenCapture.sys
0x91424000 \SystemRoot\system32\DRIVERS\portcls.sys
0x91453000 \SystemRoot\system32\DRIVERS\drmk.sys
0x9146C000 \SystemRoot\system32\DRIVERS\ks.sys
0x914A0000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
0x914B2000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x914CA000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x914D5000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x914F7000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x9150F000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x91526000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x9153D000 \SystemRoot\system32\DRIVERS\swenum.sys
0x9153F000 \SystemRoot\system32\DRIVERS\umbus.sys
0x9154D000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x91591000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x915A2000 \SystemRoot\system32\drivers\HdAudio.sys
0x91400000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x91417000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x97250000 \SystemRoot\System32\win32k.sys
0x91419000 \SystemRoot\System32\drivers\Dxapi.sys
0x94408000 \SystemRoot\system32\DRIVERS\snp2uvc.sys
0x945B6000 \SystemRoot\system32\DRIVERS\STREAM.SYS
0x945C4000 \SystemRoot\system32\DRIVERS\sncduvc.SYS
0x945CB000 \SystemRoot\System32\Drivers\crashdmp.sys
0x945D8000 \SystemRoot\System32\Drivers\dump_dumpata.sys
0x945E3000 \SystemRoot\System32\Drivers\dump_msahci.sys
0x945ED000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x915F2000 \SystemRoot\system32\DRIVERS\monitor.sys
0x974B0000 \SystemRoot\System32\TSDDD.dll
0x974E0000 \SystemRoot\System32\cdd.dll
0x8B7C2000 \SystemRoot\system32\drivers\luafv.sys
0x90400000 \SystemRoot\system32\DRIVERS\avgntflt.sys
0x8B3DE000 \SystemRoot\system32\drivers\WudfPf.sys
0x905EC000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x8CE28000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x8CE6E000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x8CE7E000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x8CE9A000 \SystemRoot\system32\drivers\HTTP.sys
0x8CF1F000 \SystemRoot\system32\DRIVERS\bowser.sys
0x8CF38000 \SystemRoot\System32\drivers\mpsdrv.sys
0x8CF4A000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x8CF6D000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x8CFA8000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x99A03000 \SystemRoot\system32\drivers\peauth.sys
0x99A9A000 \SystemRoot\System32\Drivers\secdrv.SYS
0x99AA4000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x99AC5000 \SystemRoot\System32\drivers\tcpipreg.sys
0x99AD2000 \SystemRoot\System32\DRIVERS\srv2.sys
0x99B21000 \SystemRoot\System32\DRIVERS\srv.sys
0x99BDD000 \SystemRoot\system32\DRIVERS\asyncmac.sys
0x99B73000 \??\C:\Users\TAMS~1\AppData\Local\Temp\uxldapow.sys
0x77BA0000 \Windows\System32\ntdll.dll
0x483C0000 \Windows\System32\smss.exe
0x77DE0000 \Windows\System32\apisetschema.dll

Processes (total 51):
0 System Idle Process
4 System
304 C:\Windows\System32\smss.exe
400 csrss.exe
456 C:\Windows\System32\wininit.exe
464 csrss.exe
508 C:\Windows\System32\services.exe
544 C:\Windows\System32\winlogon.exe
556 C:\Windows\System32\lsass.exe
564 C:\Windows\System32\lsm.exe
696 C:\Windows\System32\svchost.exe
796 C:\Windows\System32\svchost.exe
892 C:\Windows\System32\svchost.exe
932 C:\Windows\System32\svchost.exe
964 C:\Windows\System32\svchost.exe
1112 C:\Windows\System32\svchost.exe
1220 C:\Windows\System32\svchost.exe
1412 C:\Windows\System32\spoolsv.exe
1444 C:\Program Files\Avira\AntiVir Desktop\sched.exe
1464 C:\Windows\System32\svchost.exe
1636 C:\Windows\System32\dwm.exe
1648 C:\Windows\System32\taskhost.exe
1732 C:\Windows\explorer.exe
1784 C:\Program Files\Avira\AntiVir Desktop\avguard.exe
1828 C:\Windows\System32\svchost.exe
344 C:\Windows\System32\svchost.exe
336 C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
560 C:\Windows\System32\conhost.exe
2272 C:\Program Files\Internet Explorer\iexplore.exe
2328 C:\Program Files\Common Files\Java\Java Update\jusched.exe
2344 C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
2356 C:\Program Files\Elantech\ETDCtrl.exe
2364 C:\Windows\System32\igfxtray.exe
2376 C:\Windows\System32\hkcmd.exe
2384 C:\Windows\System32\igfxpers.exe
3004 C:\Windows\System32\SearchIndexer.exe
3272 C:\Program Files\Internet Explorer\iexplore.exe
3608 C:\Program Files\Elantech\ETDCtrlHelper.exe
3652 C:\Program Files\Windows Media Player\wmpnetwk.exe
2100 C:\Windows\System32\svchost.exe
3916 C:\Windows\System32\svchost.exe
3912 C:\Windows\System32\svchost.exe
3616 C:\Program Files\Common Files\Java\Java Update\jucheck.exe
3492 C:\Windows\System32\audiodg.exe
3408 C:\Program Files\Internet Explorer\iexplore.exe
5084 C:\Program Files\Internet Explorer\iexplore.exe
2196 C:\Windows\System32\SearchProtocolHost.exe
5512 C:\Windows\System32\SearchFilterHost.exe
5868 C:\Users\Tamás\Desktop\MBRCheck.exe
632 C:\Windows\System32\conhost.exe
5828 C:\Windows\System32\dllhost.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`06500000 (NTFS)

PhysicalDrive0 Model Number: ST9320325AS, Rev: 0002SDM1

Size Device Name MBR Status
--------------------------------------------
298 GB \\.\PhysicalDrive0 Windows 7 MBR code detected
SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79

Done!

Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SASW und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!

Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt:

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org

Datenbank Version: 6742

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

01.06.2011 13:19:38
mbam-log-2011-06-01 (13-19-38).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Durchsuchte Objekte: 213194
Laufzeit: 24 Minute(n), 27 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)

SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com

Generated 06/01/2011 at 02:17 PM

Application Version : 4.53.1000

Core Rules Database Version : 7174
Trace Rules Database Version: 4986

Scan type : Complete Scan
Total Scan Time : 00:39:43

Memory items scanned : 700
Memory threats detected : 0
Registry items scanned : 8073
Registry threats detected : 0
File items scanned : 75045
File threats detected : 70

Adware.Tracking Cookie
C:\Users\Tamás\AppData\Roaming\Microsoft\Windows\Cookies\tamás@mediaplex[2].txt
C:\Users\Tamás\AppData\Roaming\Microsoft\Windows\Cookies\tamás@mediabrandsww[1].txt
C:\Users\Tamás\AppData\Roaming\Microsoft\Windows\Cookies\tamás@ww251.smartadserver[2].txt
C:\Users\Tamás\AppData\Roaming\Microsoft\Windows\Cookies\tamás@apmebf[2].txt
C:\Users\Tamás\AppData\Roaming\Microsoft\Windows\Cookies\tamás@adbrite[2].txt
C:\Users\Tamás\AppData\Roaming\Microsoft\Windows\Cookies\tamás@xml.trafficengine[2].txt
C:\Users\Tamás\AppData\Roaming\Microsoft\Windows\Cookies\tamás@trafficengine[2].txt
C:\Users\Tamás\AppData\Roaming\Microsoft\Windows\Cookies\tamás@clicks.thespecialsearch[1].txt
C:\Users\Tamás\AppData\Roaming\Microsoft\Windows\Cookies\tamás@server.iad.liveperson[2].txt
C:\Users\Tamás\AppData\Roaming\Microsoft\Windows\Cookies\tamás@mediatraffic[2].txt
C:\Users\Tamás\AppData\Roaming\Microsoft\Windows\Cookies\tamás@webmasterplan[2].txt
C:\Users\Tamás\AppData\Roaming\Microsoft\Windows\Cookies\tamás@burstnet[1].txt
C:\Users\Tamás\AppData\Roaming\Microsoft\Windows\Cookies\tamás@ad3.adfarm1.adition[2].txt
C:\Users\Tamás\AppData\Roaming\Microsoft\Windows\Cookies\tamás@ad4.adfarm1.adition[2].txt
C:\Users\Tamás\AppData\Roaming\Microsoft\Windows\Cookies\tamás@click.fastpartner[1].txt
C:\Users\Tamás\AppData\Roaming\Microsoft\Windows\Cookies\tamás@liveperson[3].txt
C:\Users\Tamás\AppData\Roaming\Microsoft\Windows\Cookies\tamás@ads.bleepingcomputer[2].txt
C:\Users\Tamás\AppData\Roaming\Microsoft\Windows\Cookies\tamás@imrworldwide[2].txt
C:\Users\Tamás\AppData\Roaming\Microsoft\Windows\Cookies\tamás@yadro[1].txt
C:\Users\Tamás\AppData\Roaming\Microsoft\Windows\Cookies\tamás@tracking.quisma[1].txt
C:\Users\Tamás\AppData\Roaming\Microsoft\Windows\Cookies\tamás@zanox[1].txt
C:\Users\Tamás\AppData\Roaming\Microsoft\Windows\Cookies\tamás@ad.zanox[2].txt
C:\Users\Tamás\AppData\Roaming\Microsoft\Windows\Cookies\tamás@ad.dyntracker[1].txt
C:\Users\Tamás\AppData\Roaming\Microsoft\Windows\Cookies\tamás@eclickz[2].txt
C:\Users\Tamás\AppData\Roaming\Microsoft\Windows\Cookies\tamás@media6degrees[2].txt
C:\Users\Tamás\AppData\Roaming\Microsoft\Windows\Cookies\tamás@fl01.ct2.comclick[2].txt
C:\Users\Tamás\AppData\Roaming\Microsoft\Windows\Cookies\tamás@invitemedia[1].txt
C:\Users\Tamás\AppData\Roaming\Microsoft\Windows\Cookies\tamás@overture[1].txt
C:\Users\Tamás\AppData\Roaming\Microsoft\Windows\Cookies\tamás@www.etracker[1].txt
C:\Users\Tamás\AppData\Roaming\Microsoft\Windows\Cookies\tamás@xml.happytofind[2].txt
C:\Users\Tamás\AppData\Roaming\Microsoft\Windows\Cookies\tamás@click.xmlmonetize[1].txt
C:\Users\Tamás\AppData\Roaming\Microsoft\Windows\Cookies\tamás@zanox-affiliate[1].txt
C:\Users\Tamás\AppData\Roaming\Microsoft\Windows\Cookies\tamás@mm.chitika[1].txt
C:\Users\Tamás\AppData\Roaming\Microsoft\Windows\Cookies\tamás@myroitracking[2].txt
C:\Users\Tamás\AppData\Roaming\Microsoft\Windows\Cookies\tamás@ad.yieldmanager[2].txt
C:\Users\Tamás\AppData\Roaming\Microsoft\Windows\Cookies\tamás@casalemedia[2].txt
C:\Users\Tamás\AppData\Roaming\Microsoft\Windows\Cookies\tamás@atdmt[1].txt
C:\Users\Tamás\AppData\Roaming\Microsoft\Windows\Cookies\tamás@serving-sys[1].txt
C:\Users\Tamás\AppData\Roaming\Microsoft\Windows\Cookies\tamás@atdmt.combing[2].txt
C:\Users\Tamás\AppData\Roaming\Microsoft\Windows\Cookies\tamás@www.burstnet[2].txt
C:\Users\Tamás\AppData\Roaming\Microsoft\Windows\Cookies\tamás@content.yieldmanager[2].txt
C:\Users\Tamás\AppData\Roaming\Microsoft\Windows\Cookies\tamás@eas.apm.emediate[2].txt
C:\Users\Tamás\AppData\Roaming\Microsoft\Windows\Cookies\tamás@clicksor[2].txt
C:\Users\Tamás\AppData\Roaming\Microsoft\Windows\Cookies\tamás@cdn.jemamedia[1].txt
C:\Users\Tamás\AppData\Roaming\Microsoft\Windows\Cookies\tamás@tradedoubler[1].txt
C:\Users\Tamás\AppData\Roaming\Microsoft\Windows\Cookies\tamás@eas4.emediate[1].txt
C:\Users\Tamás\AppData\Roaming\Microsoft\Windows\Cookies\tamás@statcounter[1].txt
C:\Users\Tamás\AppData\Roaming\Microsoft\Windows\Cookies\tamás@doubleclick[1].txt
C:\Users\Tamás\AppData\Roaming\Microsoft\Windows\Cookies\tamás@traffictrack[2].txt
C:\Users\Tamás\AppData\Roaming\Microsoft\Windows\Cookies\tamás@media.ohost[2].txt
C:\Users\Tamás\AppData\Roaming\Microsoft\Windows\Cookies\tamás@adtech[2].txt
C:\Users\Tamás\AppData\Roaming\Microsoft\Windows\Cookies\tamás@ad2.adfarm1.adition[1].txt
C:\Users\Tamás\AppData\Roaming\Microsoft\Windows\Cookies\tamás@adxpose[2].txt
C:\Users\Tamás\AppData\Roaming\Microsoft\Windows\Cookies\tamás@ad.ad-srv[2].txt
C:\Users\Tamás\AppData\Roaming\Microsoft\Windows\Cookies\tamás@www.zanox-affiliate[2].txt
C:\Users\Tamás\AppData\Roaming\Microsoft\Windows\Cookies\tamás@collective-media[2].txt
C:\Users\Tamás\AppData\Roaming\Microsoft\Windows\Cookies\tamás@fastclick[1].txt
C:\Users\Tamás\AppData\Roaming\Microsoft\Windows\Cookies\tamás@ad1.adfarm1.adition[2].txt
C:\Users\Tamás\AppData\Roaming\Microsoft\Windows\Cookies\tamás@xm.xtendmedia[1].txt
C:\Users\Tamás\AppData\Roaming\Microsoft\Windows\Cookies\tamás@ad.jmg[2].txt
C:\Users\Tamás\AppData\Roaming\Microsoft\Windows\Cookies\tamás@liveperson[1].txt
C:\Users\Tamás\AppData\Roaming\Microsoft\Windows\Cookies\tamás@clicks.bestcoolsearch[1].txt
C:\Users\Tamás\AppData\Roaming\Microsoft\Windows\Cookies\tamás@smartadserver[1].txt
C:\Users\Tamás\AppData\Roaming\Microsoft\Windows\Cookies\tamás@content.yieldmanager[3].txt
C:\Users\Tamás\AppData\Roaming\Microsoft\Windows\Cookies\tamás@bs.serving-sys[2].txt
C:\Users\Tamás\AppData\Roaming\Microsoft\Windows\Cookies\tamás@advertise[2].txt
C:\Users\Tamás\AppData\Roaming\Microsoft\Windows\Cookies\tamás@tracking.mlsat02[1].txt
C:\Users\Tamás\AppData\Roaming\Microsoft\Windows\Cookies\tamás@tribalfusion[1].txt
C:\Users\Tamás\AppData\Roaming\Microsoft\Windows\Cookies\tamás@adfarm1.adition[3].txt
C:\Users\Tamás\AppData\Roaming\Microsoft\Windows\Cookies\tamás@p222t1s1566894.kronos.bravenetmedia[1].txt

ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6427
# api_version=3.0.2
# EOSSerial=9164d7a33b6da340bd0a5ff19cabcc34
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-06-01 12:59:45
# local_time=2011-06-01 02:59:45 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7600 NT
# compatibility_mode=1797 16775165 100 94 166667 43467959 233738 0
# compatibility_mode=5893 16776573 100 94 102786 59369846 0 0
# compatibility_mode=8192 67108863 100 0 140 140 0 0
# scanned=77453
# found=0
# cleaned=0
# scan_time=2082

Sieht ok aus, da wurden nur Cookies gefunden.
Noch Probleme oder weitere Funde in der Zwischenzeit?

Reagiert immernoch nicht :( Ist kein gutes Zeichen,was?

Meinst du den TDSS-Killer?

Ja, den meinte ich. Wie ist denn Deine aktuelle Einschätzung? Ist der Rechner sauber? Wurde Thunderbird komplett gelöscht?

Ist eher ein Hinweis darauf, dass noch MBR-basierte Schädlinge aktiv sind...
Starte Windows neu, lösch die alte cofi.exe, lade CF neu als cofi.exe runter und lass CF bitte nochmal durchlaufen.

Combofix Logfile:

Code:

ComboFix 11-05-31.02 - Tamás 01.06.2011  16:47:03.2.2 - x86

Microsoft Windows 7 Home Premium   6.1.7600.0.1252.49.1031.18.3037.2004 [GMT 2:00]

ausgeführt von:: c:\users\Tamßs\Desktop\Cofi.exe

AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}

AV: Lavasoft Ad-Watch Live! Virenschutz *Disabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}

SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}

SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

(((((((((((((((((((((((   Dateien erstellt von 2011-05-01 bis 2011-06-01  ))))))))))))))))))))))))))))))

.

.

2011-06-01 14:51 . 2011-06-01 14:51        --------        d-----w-        c:\users\Default\AppData\Local\temp

2011-06-01 12:22 . 2011-06-01 12:22        --------        d-----w-        c:\program files\ESET

2011-06-01 11:33 . 2011-06-01 11:33        --------        d-----w-        c:\users\Tamás\AppData\Roaming\SUPERAntiSpyware.com

2011-06-01 11:33 . 2011-06-01 11:33        --------        d-----w-        c:\programdata\SUPERAntiSpyware.com

2011-06-01 11:33 . 2011-06-01 11:33        --------        d-----w-        c:\program files\SUPERAntiSpyware

2011-05-31 21:24 . 2011-06-01 14:51        --------        d-----w-        c:\users\Tamás\AppData\Local\temp

2011-05-31 20:25 . 2011-05-31 20:25        --------        d-----w-        C:\_OTL

2011-05-31 16:55 . 2011-05-31 16:56        --------        d-----w-        c:\program files\Personal Voice Changer Driver

2011-05-31 16:53 . 2011-06-01 06:59        --------        d-----w-        c:\program files\FV

2011-05-31 16:52 . 2011-05-31 16:55        --------        d-----w-        c:\users\Tamás\AppData\Roaming\GetRightToGo

2011-05-31 09:50 . 2011-05-31 09:50        --------        d-----w-        c:\program files\CCleaner

2011-05-31 09:24 . 2011-05-31 09:24        --------        d-----w-        c:\program files\Common Files\Adobe

2011-05-31 07:51 . 2011-05-09 20:46        6962000        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{A13A2E8D-030A-428B-B7E9-1A916CF3A860}\mpengine.dll

2011-05-30 14:22 . 2011-05-30 14:22        --------        d-----w-        c:\users\Tamás\AppData\Roaming\Malwarebytes

2011-05-30 14:22 . 2011-05-29 07:11        39984        ----a-w-        c:\windows\system32\drivers\mbamswissarmy.sys

2011-05-30 14:22 . 2011-05-30 14:22        --------        d-----w-        c:\programdata\Malwarebytes

2011-05-30 14:22 . 2011-06-01 10:54        --------        d-----w-        c:\program files\Malwarebytes' Anti-Malware

2011-05-30 14:09 . 2011-05-30 14:09        --------        d-----w-        c:\users\Tamás\AppData\Roaming\Avira

2011-05-25 07:36 . 2011-04-22 19:36        26496        ----a-w-        c:\windows\system32\drivers\Diskdump.sys

2011-05-19 05:07 . 2011-04-09 05:56        123904        ----a-w-        c:\windows\system32\poqexec.exe

2011-05-18 04:47 . 2011-05-18 04:47        404640        ----a-w-        c:\windows\system32\FlashPlayerCPLApp.cpl

2011-05-16 17:56 . 2011-05-16 17:56        --------        d-----w-        c:\users\Tamás\AppData\Roaming\pokerth

2011-05-13 13:00 . 2011-05-13 13:00        --------        d-----w-        c:\users\Tamás\AppData\Roaming\Mozilla-Cache

2011-05-13 12:59 . 2011-05-13 12:59        --------        d-----w-        C:\Programs

2011-05-13 10:35 . 2011-05-13 10:35        781272        ----a-w-        c:\program files\Mozilla Firefox\mozsqlite3.dll

2011-05-13 10:35 . 2011-05-13 10:35        89048        ----a-w-        c:\program files\Mozilla Firefox\libEGL.dll

2011-05-13 10:35 . 2011-05-13 10:35        465880        ----a-w-        c:\program files\Mozilla Firefox\libGLESv2.dll

2011-05-13 10:35 . 2011-05-13 10:35        1892184        ----a-w-        c:\program files\Mozilla Firefox\d3dx9_42.dll

2011-05-13 10:35 . 2011-05-13 10:35        1874904        ----a-w-        c:\program files\Mozilla Firefox\mozjs.dll

2011-05-13 10:35 . 2011-05-13 10:35        15832        ----a-w-        c:\program files\Mozilla Firefox\mozalloc.dll

2011-05-13 10:35 . 2011-05-13 10:35        142296        ----a-w-        c:\program files\Mozilla Firefox\components\browsercomps.dll

2011-05-13 10:35 . 2011-05-13 10:35        1974616        ----a-w-        c:\program files\Mozilla Firefox\D3DCompiler_42.dll

2011-05-11 06:52 . 2011-03-25 03:06        258560        ----a-w-        c:\windows\system32\drivers\usbhub.sys

2011-05-11 06:52 . 2011-03-25 03:06        284160        ----a-w-        c:\windows\system32\drivers\usbport.sys

2011-05-11 06:52 . 2011-03-25 03:06        75776        ----a-w-        c:\windows\system32\drivers\usbccgp.sys

2011-05-11 06:52 . 2011-03-25 03:06        43008        ----a-w-        c:\windows\system32\drivers\usbehci.sys

2011-05-11 06:52 . 2011-03-25 03:06        20480        ----a-w-        c:\windows\system32\drivers\usbohci.sys

2011-05-11 06:52 . 2011-03-25 03:06        24064        ----a-w-        c:\windows\system32\drivers\usbuhci.sys

2011-05-11 06:52 . 2011-03-25 03:06        5888        ----a-w-        c:\windows\system32\drivers\usbd.sys

2011-05-11 06:52 . 2011-04-09 06:13        3957632        ----a-w-        c:\windows\system32\ntkrnlpa.exe

2011-05-11 06:52 . 2011-04-09 06:13        3901824        ----a-w-        c:\windows\system32\ntoskrnl.exe

2011-05-09 09:26 . 2011-05-09 09:26        --------        d-----w-        c:\programdata\Boss Media

2011-05-09 09:26 . 2011-05-09 09:26        --------        d-----w-        c:\users\Tamás\AppData\Local\Boss Media

2011-05-09 09:06 . 2011-05-14 17:04        --------        d-----w-        C:\Poker

.

.

.

((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-03-17 08:33 . 2010-10-28 00:00        137656        ----a-w-        c:\windows\system32\drivers\avipbb.sys

2011-03-12 11:31 . 2011-04-27 06:42        442880        ----a-w-        c:\windows\system32\XpsPrint.dll

2011-03-11 05:44 . 2011-04-27 06:43        146304        ----a-w-        c:\windows\system32\drivers\storport.sys

2011-03-11 05:44 . 2011-04-27 06:43        143744        ----a-w-        c:\windows\system32\drivers\nvstor.sys

2011-03-11 05:44 . 2011-04-27 06:43        1210240        ----a-w-        c:\windows\system32\drivers\ntfs.sys

2011-03-11 05:44 . 2011-04-27 06:43        117120        ----a-w-        c:\windows\system32\drivers\nvraid.sys

2011-03-11 05:43 . 2011-04-27 06:43        332160        ----a-w-        c:\windows\system32\drivers\iaStorV.sys

2011-03-11 05:43 . 2011-04-27 06:43        80256        ----a-w-        c:\windows\system32\drivers\amdsata.sys

2011-03-11 05:43 . 2011-04-27 06:43        22400        ----a-w-        c:\windows\system32\drivers\amdxata.sys

2011-03-11 05:40 . 2011-04-15 06:11        1164288        ----a-w-        c:\windows\system32\mfc42u.dll

2011-03-11 05:40 . 2011-04-15 06:11        1137664        ----a-w-        c:\windows\system32\mfc42.dll

2011-03-11 05:39 . 2011-04-27 06:43        1686016        ----a-w-        c:\windows\system32\esent.dll

2011-03-11 05:37 . 2011-04-27 06:43        74240        ----a-w-        c:\windows\system32\fsutil.exe

2011-03-10 22:30 . 2008-09-17 14:29        14744        ----a-w-        c:\users\Tamás\AppData\Roaming\Microsoft\IdentityCRL\production\ppcrlconfig.dll

2011-03-10 22:30 . 2008-09-17 14:29        14744        ----a-w-        c:\users\Tamás\AppData\Roaming\Microsoft\IdentityCRL\production\ppcrlconfig.dll

2011-03-08 05:38 . 2011-04-15 06:21        740864        ----a-w-        c:\windows\system32\inetcomm.dll

2011-05-13 10:35 . 2011-05-13 10:35        142296        ----a-w-        c:\program files\mozilla firefox\components\browsercomps.dll

.

.

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))

.

.

*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-04-16 3872080]

"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-05-23 2424192]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-11-02 281768]

"ETDWare"="c:\program files\Elantech\ETDCtrl.exe" [2010-04-13 548744]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-25 136216]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-25 171032]

"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-25 170520]

"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2011-05-29 1047656]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]

"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-05-29 449584]

.

c:\users\Tam*s\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

OpenOffice.org 3.3.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2011-05-16 2151128]

R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-05-29 366640]

R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [2011-02-04 15232]

R3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [x]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]

S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2010-09-23 64288]

S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-12-12 691696]

S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-17 12872]

S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2010-05-10 67656]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]

S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2011-04-29 136360]

S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [2010-04-13 109960]

S3 tenCapture;tenCapture;c:\windows\system32\DRIVERS\tenCapture.sys [2007-04-21 9344]

S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]

.

.

Inhalt des "geplante Tasks" Ordners

.

2011-03-05 c:\windows\Tasks\DriverEasy Scheduled Scan.job

- c:\program files\Easeware\DriverEasy\DriverEasy.exe [2010-11-05 19:29]

.

.

------- Zusätzlicher Suchlauf -------

.

TCP: DhcpNameServer = 192.168.178.1

FF - ProfilePath - c:\users\Tamás\AppData\Roaming\Mozilla\Firefox\Profiles\hsyjdiac.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2431245&SearchSource=3&q={searchTerms}

FF - prefs.js: browser.search.selectedEngine - Amazon.de

FF - prefs.js: browser.startup.homepage - google.de

FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?FORM=IEFM1&q=

.

.

--------------------- Gesperrte Registrierungsschluessel ---------------------

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Zeit der Fertigstellung: 2011-06-01  16:52:54

ComboFix-quarantined-files.txt  2011-06-01 14:52

ComboFix2.txt  2011-05-31 21:24

.

Vor Suchlauf: 14 Verzeichnis(se), 267.268.984.832 Bytes frei

Nach Suchlauf: 15 Verzeichnis(se), 267.287.355.392 Bytes frei

.

- - End Of File - - B3DD0A51F2A0E9948FE4CC431E742FC7

--- --- ---

Sieht unauffällig aus. Vllt mag dein Rechner den tdsskiller einfach nicht :D
Abgesehen vom tdsskiller der nicht startet noch andere Probleme?

Ähm...mein Thunderbird ist weg?! Wenn ichs nun neu installiere sind alle Mails wohl weg. Ist da noch was zu retten?

Ansonsten kommt nach dem Windows Start noch ne Fehlermeldung...

Nein die Mails sind in deinem Profil - NICHT im Programmverzeichnis. Du kannst es neu installieren, ohne deine Mails zu verlieren. Trotzdem bietet sich ein backup vorher an. => http://filepony.de/download-mozbackup/

Hallo Arne,

jetzt läuft alles wieder wie gewohnt. Keine Auffälligkeiten.
Soll ich noch auf irgendwas achten?

Ich danke Dir für Deine Mühe!!! :daumenhoc
Tamás

Dann wären wir durch! :abklatsch:

Bitte abschließend die Updates prüfen, unten mein Leitfaden dazu.
Für noch mehr Sicherheit solltest Du nach der beseitigten Infektion auch möglichst alle Passwörter ändern.

Microsoftupdate

Windows XP: Besuch mit dem IE die MS-Updateseite und lass Dir alle wichtigen Updates installieren.

Windows Vista/7: Anleitung Windows-Update

PDF-Reader aktualisieren
Dein Adobe Reader ist nicht aktuell, was ein großes Sicherheitsrisiko darstellt. Du solltest daher besser die alte Version über Systemsteuerung => Software deinstallieren, indem Du dort auf "Adobe Reader x.0" klickst und das Programm entfernst.

Ich empfehle einen alternativen PDF-Reader wie SumatraPDF oder Foxit PDF Reader, beide sind sehr viel schlanker und flotter als der AdobeReader.

Bitte überprüf bei der Gelegenheit auch die Aktualität des Flashplayers, hier der direkte Downloadlink:

Mozilla und andere Browser => http://filepony.de/?q=Flash+Player
Internet Explorer => http://fpdownload.adobe.com/get/flas..._player_ax.exe

Java-Update
Veraltete Java-Installationen sind ein Sicherheitsrisiko, daher solltest Du die alten Versionen löschen (falls vorhanden, am besten mit JavaRa) und auf die neuste aktualisieren. Beende dazu alle Programme (v.a. die Browser), klick danach auf Start, Systemsteuerung, Software und deinstalliere darüber alle aufgelisteten Java-Versionen. Lad Dir danach von hier das aktuelle Java SE Runtime Environment (JRE) herunter und installiere es.