Trojaner-Board
Seite 2 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   50 Euro Virus (https://www.trojaner-board.de/107373-50-euro-virus.html)

A.Vidal 06.01.2012 19:34
oh, entschuldige, hab dich missverstanden :D
hier der Log nach dem Neustart :
Code:
19:31:47.0562 0356        TDSS rootkit removing tool 2.6.25.0 Dec 23 2011 14:51:16
19:31:47.0609 0356        ============================================================
19:31:47.0609 0356        Current date / time: 2012/01/06 19:31:47.0609
19:31:47.0609 0356        SystemInfo:
19:31:47.0609 0356       
19:31:47.0609 0356        OS Version: 5.1.2600 ServicePack: 2.0
19:31:47.0609 0356        Product type: Workstation
19:31:47.0609 0356        ComputerName: FELIX-7EE248200
19:31:47.0609 0356        UserName: Felix
19:31:47.0609 0356        Windows directory: C:\WINDOWS
19:31:47.0609 0356        System windows directory: C:\WINDOWS
19:31:47.0609 0356        Processor architecture: Intel x86
19:31:47.0609 0356        Number of processors: 1
19:31:47.0609 0356        Page size: 0x1000
19:31:47.0609 0356        Boot type: Normal boot
19:31:47.0609 0356        ============================================================
19:31:48.0015 0356        Initialize success
19:31:51.0109 3900        ============================================================
19:31:51.0109 3900        Scan started
19:31:51.0109 3900        Mode: Manual;
19:31:51.0109 3900        ============================================================
19:31:51.0421 3900        94072070 - ok
19:31:51.0468 3900        Abiosdsk - ok
19:31:51.0562 3900        abp480n5 - ok
19:31:51.0796 3900        ACPI            (94b4741d2cf9ed38140b831293d1601a) C:\WINDOWS\system32\DRIVERS\ACPI.sys
19:31:51.0796 3900        ACPI - ok
19:31:51.0968 3900        ACPIEC          (9e1ca3160dafb159ca14f83b1e317f75) C:\WINDOWS\system32\drivers\ACPIEC.sys
19:31:51.0968 3900        ACPIEC - ok
19:31:51.0984 3900        adpu160m - ok
19:31:52.0062 3900        aec            (1ee7b434ba961ef845de136224c30fec) C:\WINDOWS\system32\drivers\aec.sys
19:31:52.0078 3900        aec - ok
19:31:52.0171 3900        Afc            (a7b8a3a79d35215d798a300df49ed23f) C:\WINDOWS\system32\drivers\Afc.sys
19:31:52.0187 3900        Afc - ok
19:31:52.0250 3900        AFD            (6a0397376853e604de8e1e7a87fc08ac) C:\WINDOWS\System32\drivers\afd.sys
19:31:52.0265 3900        AFD - ok
19:31:52.0328 3900        Aha154x - ok
19:31:52.0359 3900        aic78u2 - ok
19:31:52.0390 3900        aic78xx - ok
19:31:52.0421 3900        AliIde - ok
19:31:52.0515 3900        Ambfilt        (267fc636801edc5ab28e14036349e3be) C:\WINDOWS\system32\drivers\Ambfilt.sys
19:31:52.0625 3900        Ambfilt - ok
19:31:52.0671 3900        amsint - ok
19:31:52.0750 3900        Arp1394        (f0d692b0bffb46e30eb3cea168bbc49f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
19:31:52.0765 3900        Arp1394 - ok
19:31:52.0781 3900        asc - ok
19:31:52.0812 3900        asc3350p - ok
19:31:52.0828 3900        asc3550 - ok
19:31:52.0875 3900        AsyncMac        (02000abf34af4c218c35d257024807d6) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
19:31:52.0890 3900        AsyncMac - ok
19:31:52.0921 3900        atapi          (cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOWS\system32\DRIVERS\atapi.sys
19:31:52.0937 3900        atapi - ok
19:31:53.0000 3900        Atdisk - ok
19:31:53.0062 3900        Atmarpc        (ec88da854ab7d7752ec8be11a741bb7f) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
19:31:53.0062 3900        Atmarpc - ok
19:31:53.0125 3900        audstub        (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
19:31:53.0125 3900        audstub - ok
19:31:53.0140 3900        Scan interrupted by user!
19:31:53.0140 3900        Scan interrupted by user!
19:31:53.0140 3900        Scan interrupted by user!
19:31:53.0140 3900        ============================================================
19:31:53.0140 3900        Scan finished
19:31:53.0140 3900        ============================================================
19:31:53.0140 3608        Detected object count: 0
19:31:53.0140 3608        Actual detected object count: 0
19:31:56.0843 1764        ============================================================
19:31:56.0843 1764        Scan started
19:31:56.0843 1764        Mode: Manual; SigCheck; TDLFS;
19:31:56.0843 1764        ============================================================
19:31:57.0062 1764        94072070 - ok
19:31:57.0093 1764        Abiosdsk - ok
19:31:57.0109 1764        abp480n5 - ok
19:31:57.0156 1764        ACPI            (94b4741d2cf9ed38140b831293d1601a) C:\WINDOWS\system32\DRIVERS\ACPI.sys
19:31:58.0359 1764        ACPI - ok
19:31:58.0453 1764        ACPIEC          (9e1ca3160dafb159ca14f83b1e317f75) C:\WINDOWS\system32\drivers\ACPIEC.sys
19:31:58.0593 1764        ACPIEC - ok
19:31:58.0656 1764        adpu160m - ok
19:31:58.0828 1764        aec            (1ee7b434ba961ef845de136224c30fec) C:\WINDOWS\system32\drivers\aec.sys
19:31:59.0171 1764        aec - ok
19:31:59.0359 1764        Afc            (a7b8a3a79d35215d798a300df49ed23f) C:\WINDOWS\system32\drivers\Afc.sys
19:31:59.0390 1764        Afc ( UnsignedFile.Multi.Generic ) - warning
19:31:59.0390 1764        Afc - detected UnsignedFile.Multi.Generic (1)
19:31:59.0500 1764        AFD            (6a0397376853e604de8e1e7a87fc08ac) C:\WINDOWS\System32\drivers\afd.sys
19:31:59.0546 1764        AFD - ok
19:31:59.0687 1764        Aha154x - ok
19:31:59.0750 1764        aic78u2 - ok
19:31:59.0812 1764        aic78xx - ok
19:31:59.0890 1764        AliIde - ok
19:32:00.0109 1764        Ambfilt        (267fc636801edc5ab28e14036349e3be) C:\WINDOWS\system32\drivers\Ambfilt.sys
19:32:00.0406 1764        Ambfilt - ok
19:32:00.0515 1764        amsint - ok
19:32:00.0562 1764        Arp1394        (f0d692b0bffb46e30eb3cea168bbc49f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
19:32:00.0687 1764        Arp1394 - ok
19:32:00.0765 1764        asc - ok
19:32:00.0796 1764        asc3350p - ok
19:32:00.0812 1764        asc3550 - ok
19:32:00.0859 1764        AsyncMac        (02000abf34af4c218c35d257024807d6) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
19:32:01.0000 1764        AsyncMac - ok
19:32:01.0093 1764        atapi          (cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOWS\system32\DRIVERS\atapi.sys
19:32:01.0234 1764        atapi - ok
19:32:01.0296 1764        Atdisk - ok
19:32:01.0359 1764        Atmarpc        (ec88da854ab7d7752ec8be11a741bb7f) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
19:32:01.0484 1764        Atmarpc - ok
19:32:01.0546 1764        audstub        (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
19:32:01.0687 1764        audstub - ok
19:32:01.0765 1764        avgio          (0b497c79824f8e1bf22fa6aacd3de3a0) C:\Programme\Avira\AntiVir Desktop\avgio.sys
19:32:01.0781 1764        avgio - ok
19:32:01.0875 1764        avgntflt        (1e4114685de1ffa9675e09c6a1fb3f4b) C:\WINDOWS\system32\DRIVERS\avgntflt.sys
19:32:01.0890 1764        avgntflt - ok
19:32:01.0921 1764        avipbb          (0f78d3dae6dedd99ae54c9491c62adf2) C:\WINDOWS\system32\DRIVERS\avipbb.sys
19:32:01.0953 1764        avipbb - ok
19:32:01.0984 1764        Beep            (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
19:32:02.0140 1764        Beep - ok
19:32:02.0296 1764        cbidf2k        (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
19:32:02.0453 1764        cbidf2k - ok
19:32:02.0500 1764        CCDECODE        (6163ed60b684bab19d3352ab22fc48b2) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
19:32:02.0625 1764        CCDECODE - ok
19:32:02.0703 1764        cd20xrnt - ok
19:32:02.0750 1764        Cdaudio        (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
19:32:02.0875 1764        Cdaudio - ok
19:32:02.0921 1764        Cdfs            (cd7d5152df32b47f4e36f710b35aae02) C:\WINDOWS\system32\drivers\Cdfs.sys
19:32:03.0046 1764        Cdfs - ok
19:32:03.0140 1764        Cdrom          (af9c19b3100fe010496b1a27181fbf72) C:\WINDOWS\system32\DRIVERS\cdrom.sys
19:32:03.0265 1764        Cdrom - ok
19:32:03.0265 1764        Changer - ok
19:32:03.0312 1764        CmdIde - ok
19:32:03.0343 1764        Cpqarray - ok
19:32:03.0375 1764        dac2w2k - ok
19:32:03.0390 1764        dac960nt - ok
19:32:03.0437 1764        Defrag32        (573ac4974e59a28ac5815bf56d59822c) C:\WINDOWS\system32\drivers\Defrag32.sys
19:32:03.0453 1764        Defrag32 - ok
19:32:03.0515 1764        Defrag32b      (739fd63e6ac4f3940ada9b31b8b5de14) C:\WINDOWS\system32\drivers\Defrag32b.sys
19:32:03.0531 1764        Defrag32b - ok
19:32:03.0593 1764        Disk            (00ca44e4534865f8a3b64f7c0984bff0) C:\WINDOWS\system32\DRIVERS\disk.sys
19:32:03.0734 1764        Disk - ok
19:32:03.0843 1764        dmboot          (5789b83ba87fc84c3568cf86cacef8ce) C:\WINDOWS\system32\drivers\dmboot.sys
19:32:04.0046 1764        dmboot - ok
19:32:04.0109 1764        dmio            (084eb0a50a4f7b4705c8a57f234e5291) C:\WINDOWS\system32\drivers\dmio.sys
19:32:04.0265 1764        dmio - ok
19:32:04.0328 1764        dmload          (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
19:32:04.0453 1764        dmload - ok
19:32:04.0531 1764        DMusic          (a6f881284ac1150e37d9ae47ff601267) C:\WINDOWS\system32\drivers\DMusic.sys
19:32:04.0656 1764        DMusic - ok
19:32:04.0734 1764        dpti2o - ok
19:32:04.0781 1764        drmkaud        (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOWS\system32\drivers\drmkaud.sys
19:32:04.0921 1764        drmkaud - ok
19:32:04.0953 1764        EagleNT - ok
19:32:05.0046 1764        Fastfat        (3117f595e9615e04f05a54fc15a03b20) C:\WINDOWS\system32\drivers\Fastfat.sys
19:32:05.0203 1764        Fastfat - ok
19:32:05.0265 1764        Fdc            (ced2e8396a8838e59d8fd529c680e02c) C:\WINDOWS\system32\DRIVERS\fdc.sys
19:32:05.0421 1764        Fdc - ok
19:32:05.0468 1764        Fips            (9e9af89f9b14aa6249065c309ce73bd8) C:\WINDOWS\system32\drivers\Fips.sys
19:32:05.0593 1764        Fips - ok
19:32:05.0687 1764        Flpydisk        (0dd1de43115b93f4d85e889d7a86f548) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
19:32:05.0812 1764        Flpydisk - ok
19:32:05.0937 1764        FltMgr          (5a85cd3d07273e3f6fe72ee9c6431632) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
19:32:06.0265 1764        FltMgr - ok
19:32:06.0375 1764        Fs_Rec          (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
19:32:06.0484 1764        Fs_Rec - ok
19:32:06.0515 1764        Ftdisk          (8f1955ce42e1484714b542f341647778) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
19:32:06.0640 1764        Ftdisk - ok
19:32:06.0750 1764        GEARAspiWDM    (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
19:32:06.0750 1764        GEARAspiWDM - ok
19:32:06.0796 1764        Gpc            (c0f1d4a21de5a415df8170616703debf) C:\WINDOWS\system32\DRIVERS\msgpc.sys
19:32:06.0937 1764        Gpc - ok
19:32:07.0031 1764        HDAudBus        (3fcc124b6e08ee0e9351f717dd136939) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
19:32:07.0031 1764        HDAudBus ( UnsignedFile.Multi.Generic ) - warning
19:32:07.0031 1764        HDAudBus - detected UnsignedFile.Multi.Generic (1)
19:32:07.0078 1764        hidusb          (1de6783b918f540149aa69943bdfeba8) C:\WINDOWS\system32\DRIVERS\hidusb.sys
19:32:07.0218 1764        hidusb - ok
19:32:07.0312 1764        hpn - ok
19:32:07.0359 1764        HTTP            (261bf53e1d1c21f04b4e748a6ed3d055) C:\WINDOWS\system32\Drivers\HTTP.sys
19:32:07.0421 1764        HTTP - ok
19:32:07.0453 1764        i2omgmt - ok
19:32:07.0468 1764        i2omp - ok
19:32:07.0515 1764        i8042prt        (7c575018d0413440d75432a78b88c899) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
19:32:07.0656 1764        i8042prt - ok
19:32:07.0765 1764        Imapi          (f8aa320c6a0409c0380e5d8a99d76ec6) C:\WINDOWS\system32\DRIVERS\imapi.sys
19:32:07.0890 1764        Imapi - ok
19:32:07.0906 1764        ini910u - ok
19:32:08.0078 1764        IntcAzAudAddService (db01625d8e286cd17b94dcf088713d7f) C:\WINDOWS\system32\drivers\RtkHDAud.sys
19:32:08.0625 1764        IntcAzAudAddService - ok
19:32:08.0718 1764        IntelIde - ok
19:32:08.0750 1764        Ip6Fw          (4448006b6bc60e6c027932cfc38d6855) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
19:32:08.0890 1764        Ip6Fw - ok
19:32:08.0984 1764        IpFilterDriver  (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
19:32:09.0125 1764        IpFilterDriver - ok
19:32:09.0218 1764        IpInIp          (e1ec7f5da720b640cd8fb8424f1b14bb) C:\WINDOWS\system32\DRIVERS\ipinip.sys
19:32:09.0359 1764        IpInIp - ok
19:32:09.0390 1764        IpNat          (472c75f85e631f8aa87d21c9fee6238d) C:\WINDOWS\system32\DRIVERS\ipnat.sys
19:32:09.0750 1764        IpNat - ok
19:32:09.0859 1764        IPSec          (64537aa5c003a6afeee1df819062d0d1) C:\WINDOWS\system32\DRIVERS\ipsec.sys
19:32:09.0968 1764        IPSec - ok
19:32:10.0015 1764        IRENUM          (50708daa1b1cbb7d6ac1cf8f56a24410) C:\WINDOWS\system32\DRIVERS\irenum.sys
19:32:10.0109 1764        IRENUM - ok
19:32:10.0218 1764        isapnp          (ce9b7afdf0a3d7dd8d1487262316b959) C:\WINDOWS\system32\DRIVERS\isapnp.sys
19:32:10.0343 1764        isapnp - ok
19:32:10.0406 1764        Kbdclass        (b128fc0a5cd83f669d5de4b58f77c7d6) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
19:32:10.0531 1764        Kbdclass - ok
19:32:10.0593 1764        kbdhid          (7ec877aa899323b92874fe62c7ddcde7) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
19:32:10.0718 1764        kbdhid - ok
19:32:10.0796 1764        kmixer          (8531438246ce9474e41ee1599904c0c7) C:\WINDOWS\system32\drivers\kmixer.sys
19:32:11.0171 1764        kmixer - ok
19:32:11.0234 1764        KSecDD          (1be7cc2535d760ae4d481576eb789f24) C:\WINDOWS\system32\drivers\KSecDD.sys
19:32:11.0281 1764        KSecDD - ok
19:32:11.0359 1764        lbrtfdc - ok
19:32:11.0406 1764        massfilter      (f0435fe3c1ec2659d2bbf073ca0752ee) C:\WINDOWS\system32\DRIVERS\massfilter.sys
19:32:11.0437 1764        massfilter - ok
19:32:11.0500 1764        MBAMProtector  (b7ca8cc3f978201856b6ab82f40953c3) C:\WINDOWS\system32\drivers\mbam.sys
19:32:11.0515 1764        MBAMProtector - ok
19:32:11.0578 1764        MBAMSwissArmy - ok
19:32:11.0625 1764        mnmdd          (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
19:32:11.0765 1764        mnmdd - ok
19:32:11.0843 1764        Modem          (91a3da4b12f6f1d760463a7f7857f748) C:\WINDOWS\system32\drivers\Modem.sys
19:32:11.0984 1764        Modem - ok
19:32:12.0078 1764        Monfilt        (c7d9f9717916b34c1b00dd4834af485c) C:\WINDOWS\system32\drivers\Monfilt.sys
19:32:12.0265 1764        Monfilt - ok
19:32:12.0359 1764        Mouclass        (71e15ca47fd947552054afb28536268f) C:\WINDOWS\system32\DRIVERS\mouclass.sys
19:32:12.0484 1764        Mouclass - ok
19:32:12.0562 1764        mouhid          (66a6f73c74e1791464160a7065ce711a) C:\WINDOWS\system32\DRIVERS\mouhid.sys
19:32:12.0671 1764        mouhid - ok
19:32:12.0734 1764        MountMgr        (65653f3b4477f3c63e68a9659f85ee2e) C:\WINDOWS\system32\drivers\MountMgr.sys
19:32:12.0875 1764        MountMgr - ok
19:32:12.0953 1764        mraid35x - ok
19:32:13.0000 1764        MRxDAV          (29414447eb5bde2f8397dc965dbb3156) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
19:32:13.0406 1764        MRxDAV - ok
19:32:13.0531 1764        MRxSmb          (3500e756812e716351f2d341ae1d5623) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
19:32:13.0609 1764        MRxSmb - ok
19:32:13.0656 1764        Msfs            (561b3a4333ca2dbdba28b5b956822519) C:\WINDOWS\system32\drivers\Msfs.sys
19:32:13.0796 1764        Msfs - ok
19:32:13.0921 1764        MSKSSRV        (ae431a8dd3c1d0d0610cdbac16057ad0) C:\WINDOWS\system32\drivers\MSKSSRV.sys
19:32:14.0031 1764        MSKSSRV - ok
19:32:14.0062 1764        MSPCLOCK        (13e75fef9dfeb08eeded9d0246e1f448) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
19:32:14.0187 1764        MSPCLOCK - ok
19:32:14.0296 1764        MSPQM          (1988a33ff19242576c3d0ef9ce785da7) C:\WINDOWS\system32\drivers\MSPQM.sys
19:32:14.0406 1764        MSPQM - ok
19:32:14.0468 1764        mssmbios        (469541f8bfd2b32659d5d463a6714bce) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
19:32:14.0578 1764        mssmbios - ok
19:32:14.0718 1764        MSTEE          (bf13612142995096ab084f2db7f40f77) C:\WINDOWS\system32\drivers\MSTEE.sys
19:32:14.0843 1764        MSTEE - ok
19:32:14.0906 1764        Mup            (82035e0f41c2dd05ae41d27fe6cf7de1) C:\WINDOWS\system32\drivers\Mup.sys
19:32:15.0046 1764        Mup - ok
19:32:15.0156 1764        NABTSFEC        (5c8dc6429c43dc6177c1fa5b76290d1a) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
19:32:15.0265 1764        NABTSFEC - ok
19:32:15.0312 1764        NDIS            (558635d3af1c7546d26067d5d9b6959e) C:\WINDOWS\system32\drivers\NDIS.sys
19:32:15.0453 1764        NDIS - ok
19:32:15.0468 1764        NdisIP          (520ce427a8b298f54112857bcf6bde15) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
19:32:15.0593 1764        NdisIP - ok
19:32:15.0687 1764        NdisTapi        (08d43bbdacdf23f34d79e44ed35c1b4c) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
19:32:15.0812 1764        NdisTapi - ok
19:32:15.0859 1764        Ndisuio        (5146c3d286e66c72328f6ce6e4d983a8) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
19:32:16.0203 1764        Ndisuio - ok
19:32:16.0296 1764        NdisWan        (0b90e255a9490166ab368cd55a529893) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
19:32:16.0406 1764        NdisWan - ok
19:32:16.0484 1764        NDProxy        (59fc3fb44d2669bc144fd87826bb571f) C:\WINDOWS\system32\drivers\NDProxy.sys
19:32:16.0609 1764        NDProxy - ok
19:32:16.0671 1764        NetBIOS        (3a2aca8fc1d7786902ca434998d7ceb4) C:\WINDOWS\system32\DRIVERS\netbios.sys
19:32:16.0796 1764        NetBIOS - ok
19:32:16.0843 1764        NetBT          (0c80e410cd2f47134407ee7dd19cc86b) C:\WINDOWS\system32\DRIVERS\netbt.sys
19:32:16.0984 1764        NetBT - ok
19:32:17.0109 1764        NIC1394        (5c5c53db4fef16cf87b9911c7e8c6fbc) C:\WINDOWS\system32\DRIVERS\nic1394.sys
19:32:17.0218 1764        NIC1394 - ok
19:32:17.0250 1764        NIOC            (660afb141d2b66d46bbce3d0167e693b) C:\WINDOWS\system32\NIOC.SYS
19:32:17.0281 1764        NIOC ( UnsignedFile.Multi.Generic ) - warning
19:32:17.0281 1764        NIOC - detected UnsignedFile.Multi.Generic (1)
19:32:17.0390 1764        Npfs            (4f601bcb8f64ea3ac0994f98fed03f8e) C:\WINDOWS\system32\drivers\Npfs.sys
19:32:17.0515 1764        Npfs - ok
19:32:17.0562 1764        Ntfs            (05ab81909514bfd69cbb1f2c147cf6b9) C:\WINDOWS\system32\drivers\Ntfs.sys
19:32:17.0984 1764        Ntfs - ok
19:32:18.0078 1764        Null            (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
19:32:18.0187 1764        Null - ok
19:32:18.0437 1764        nv              (30913cbf518396912e54c2c9f1dd0f09) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
19:32:19.0156 1764        nv - ok
19:32:19.0265 1764        nvata          (c03e15101f6d9e82cd9b0e7d715f5de3) C:\WINDOWS\system32\DRIVERS\nvata.sys
19:32:19.0296 1764        nvata - ok
19:32:19.0343 1764        NVENETFD        (cc34564bca235ebad8b308d871efa2df) C:\WINDOWS\system32\DRIVERS\NVENETFD.sys
19:32:19.0375 1764        NVENETFD - ok
19:32:19.0421 1764        nvnetbus        (46fdb8d07dd4fc81093b0acb243a525d) C:\WINDOWS\system32\DRIVERS\nvnetbus.sys
19:32:19.0468 1764        nvnetbus - ok
19:32:19.0562 1764        NwlnkFlt        (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
19:32:19.0687 1764        NwlnkFlt - ok
19:32:19.0734 1764        NwlnkFwd        (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
19:32:19.0843 1764        NwlnkFwd - ok
19:32:19.0937 1764        ohci1394        (fc128c3d7d5ad30a13742dc3737b9df7) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
19:32:20.0296 1764        ohci1394 - ok
19:32:20.0406 1764        ovt530          (71cffb1e06aa8978a7b4a346c191f8ba) C:\WINDOWS\system32\Drivers\ov530vid.sys
19:32:20.0421 1764        ovt530 ( UnsignedFile.Multi.Generic ) - warning
19:32:20.0421 1764        ovt530 - detected UnsignedFile.Multi.Generic (1)
19:32:20.0484 1764        Parport        (b2f17a2edb5450e61973a037f63a595b) C:\WINDOWS\system32\DRIVERS\parport.sys
19:32:20.0609 1764        Parport - ok
19:32:20.0703 1764        PartMgr        (3334430c29dc338092f79c38ef7b4cd0) C:\WINDOWS\system32\drivers\PartMgr.sys
19:32:20.0828 1764        PartMgr - ok
19:32:20.0859 1764        ParVdm          (c2bf987829099a3eaa2ca6a0a90ecb4f) C:\WINDOWS\system32\drivers\ParVdm.sys
19:32:20.0984 1764        ParVdm - ok
19:32:21.0062 1764        PCI            (6fb463e5b243fbd6f3d3c83f914d94fb) C:\WINDOWS\system32\DRIVERS\pci.sys
19:32:21.0187 1764        PCI - ok
19:32:21.0281 1764        PCIDump - ok
19:32:21.0328 1764        PCIIde          (59ba86d9a61cbcf4df8e598c331f5b82) C:\WINDOWS\system32\DRIVERS\pciide.sys
19:32:21.0453 1764        PCIIde - ok
19:32:21.0546 1764        Pcmcia          (e2363f4c1daff89abee5f593e13d8a05) C:\WINDOWS\system32\drivers\Pcmcia.sys
19:32:21.0671 1764        Pcmcia - ok
19:32:21.0750 1764        PDCOMP - ok
19:32:21.0781 1764        PDFRAME - ok
19:32:21.0796 1764        PDRELI - ok
19:32:21.0828 1764        PDRFRAME - ok
19:32:21.0859 1764        perc2 - ok
19:32:21.0875 1764        perc2hib - ok
19:32:21.0953 1764        PptpMiniport    (1c5cc65aac0783c344f16353e60b72ac) C:\WINDOWS\system32\DRIVERS\raspptp.sys
19:32:22.0078 1764        PptpMiniport - ok
19:32:22.0187 1764        PQNTDrv        (590f057b19488420f720bf6423388775) C:\WINDOWS\system32\drivers\PQNTDrv.sys
19:32:22.0187 1764        PQNTDrv ( UnsignedFile.Multi.Generic ) - warning
19:32:22.0187 1764        PQNTDrv - detected UnsignedFile.Multi.Generic (1)
19:32:22.0250 1764        PRISM_USB      (d5e90cd0e51130e0a1c3fec82684fb7d) C:\WINDOWS\system32\DRIVERS\PRISMUSB.sys
19:32:22.0343 1764        PRISM_USB - ok
19:32:22.0437 1764        Processor      (3d7f196e77f986c106e9320b81a5ebbf) C:\WINDOWS\system32\DRIVERS\processr.sys
19:32:22.0562 1764        Processor - ok
19:32:22.0687 1764        PSched          (48671f327553dcf1d27f6197f622a668) C:\WINDOWS\system32\DRIVERS\psched.sys
19:32:22.0796 1764        PSched - ok
19:32:22.0859 1764        Ptilink        (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
19:32:22.0984 1764        Ptilink - ok
19:32:23.0031 1764        ql1080 - ok
19:32:23.0046 1764        Ql10wnt - ok
19:32:23.0078 1764        ql12160 - ok
19:32:23.0093 1764        ql1240 - ok
19:32:23.0125 1764        ql1280 - ok
19:32:23.0156 1764        RasAcd          (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
19:32:23.0296 1764        RasAcd - ok
19:32:23.0390 1764        Rasl2tp        (98faeb4a4dcf812ba1c6fca4aa3e115c) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
19:32:23.0531 1764        Rasl2tp - ok
19:32:23.0625 1764        RasPppoe        (7306eeed8895454cbed4669be9f79faa) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
19:32:23.0734 1764        RasPppoe - ok
19:32:23.0781 1764        Raspti          (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
19:32:23.0921 1764        Raspti - ok
19:32:24.0015 1764        Rdbss          (ed375ce745c42a14f10753f7022ecd6a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
19:32:24.0406 1764        Rdbss - ok
19:32:24.0500 1764        RDPCDD          (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
19:32:24.0625 1764        RDPCDD - ok
19:32:24.0671 1764        rdpdr          (a2cae2c60bc37e0751ef9dda7ceaf4ad) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
19:32:24.0812 1764        rdpdr - ok
19:32:24.0906 1764        RDPWD          (047bea21274c8a4a233674a76c958c2c) C:\WINDOWS\system32\drivers\RDPWD.sys
19:32:25.0312 1764        RDPWD - ok
19:32:25.0343 1764        redbook        (aa56702e230860565cb8d43680f57f33) C:\WINDOWS\system32\DRIVERS\redbook.sys
19:32:25.0468 1764        redbook - ok
19:32:25.0546 1764        RT61            (57f390bf7af0f68bb804387cbc3a4f0d) C:\WINDOWS\system32\DRIVERS\RT61.sys
19:32:25.0593 1764        RT61 - ok
19:32:25.0640 1764        Scutum50        (f34c06d1c706a6d9433570b087a18b02) C:\WINDOWS\system32\Drivers\Scutum50.sys
19:32:25.0656 1764        Scutum50 ( UnsignedFile.Multi.Generic ) - warning
19:32:25.0656 1764        Scutum50 - detected UnsignedFile.Multi.Generic (1)
19:32:25.0734 1764        Secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
19:32:26.0109 1764        Secdrv - ok
19:32:26.0171 1764        serenum        (a2d868aeeff612e70e213c451a70cafb) C:\WINDOWS\system32\DRIVERS\serenum.sys
19:32:26.0281 1764        serenum - ok
19:32:26.0343 1764        Serial          (cd5b9995afcdb466c9efc048d167e3be) C:\WINDOWS\system32\DRIVERS\serial.sys
19:32:26.0453 1764        Serial - ok
19:32:26.0515 1764        Sfloppy        (0d13b6df6e9e101013a7afb0ce629fe0) C:\WINDOWS\system32\drivers\Sfloppy.sys
19:32:26.0640 1764        Sfloppy - ok
19:32:26.0718 1764        Simbad - ok
19:32:26.0781 1764        SLIP            (5caeed86821fa2c6139e32e9e05ccdc9) C:\WINDOWS\system32\DRIVERS\SLIP.sys
19:32:26.0906 1764        SLIP - ok
19:32:27.0000 1764        SONYPVU1        (a1eceeaa5c5e74b2499eb51d38185b84) C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS
19:32:27.0109 1764        SONYPVU1 - ok
19:32:27.0140 1764        Sparrow - ok
19:32:27.0187 1764        splitter        (9bb1dd670cb7505a90fc4e61d4aa8227) C:\WINDOWS\system32\drivers\splitter.sys
19:32:27.0562 1764        splitter - ok
19:32:27.0671 1764        sr              (e4200cb2f418d8fc4acdd7e38c419d6a) C:\WINDOWS\system32\DRIVERS\sr.sys
19:32:27.0750 1764        sr - ok
19:32:27.0812 1764        Srv            (d4af9861c3b6a2163d26dc6b9cf05e2a) C:\WINDOWS\system32\DRIVERS\srv.sys
19:32:27.0890 1764        Srv - ok
19:32:27.0968 1764        ssmdrv          (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
19:32:27.0968 1764        ssmdrv - ok
19:32:28.0046 1764        StarOpen        (f92254b0bcfcd10caac7bccc7cb7f467) C:\WINDOWS\system32\drivers\StarOpen.sys
19:32:28.0046 1764        StarOpen ( UnsignedFile.Multi.Generic ) - warning
19:32:28.0046 1764        StarOpen - detected UnsignedFile.Multi.Generic (1)
19:32:28.0078 1764        streamip        (284c57df5dc7abca656bc2b96a667afb) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
19:32:28.0203 1764        streamip - ok
19:32:28.0281 1764        swenum          (03c1bae4766e2450219d20b993d6e046) C:\WINDOWS\system32\DRIVERS\swenum.sys
19:32:28.0406 1764        swenum - ok
19:32:28.0484 1764        swmidi          (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOWS\system32\drivers\swmidi.sys
19:32:28.0593 1764        swmidi - ok
19:32:28.0640 1764        symc810 - ok
19:32:28.0671 1764        symc8xx - ok
19:32:28.0718 1764        sym_hi - ok
19:32:28.0750 1764        sym_u3 - ok
19:32:28.0796 1764        sysaudio        (650ad082d46bac0e64c9c0e0928492fd) C:\WINDOWS\system32\drivers\sysaudio.sys
19:32:28.0921 1764        sysaudio - ok
19:32:29.0046 1764        Tcpip          (744e57c99232201ae98c49168b918f48) C:\WINDOWS\system32\DRIVERS\tcpip.sys
19:32:29.0125 1764        Tcpip - ok
19:32:29.0171 1764        TDPIPE          (38d437cf2d98965f239b0abcd66dcb0f) C:\WINDOWS\system32\drivers\TDPIPE.sys
19:32:29.0296 1764        TDPIPE - ok
19:32:29.0375 1764        TDTCP          (ed0580af02502d00ad8c4c066b156be9) C:\WINDOWS\system32\drivers\TDTCP.sys
19:32:29.0500 1764        TDTCP - ok
19:32:29.0562 1764        TermDD          (a540a99c281d933f3d69d55e48727f47) C:\WINDOWS\system32\DRIVERS\termdd.sys
19:32:29.0687 1764        TermDD - ok
19:32:29.0750 1764        TosIde - ok
19:32:29.0812 1764        Udfs            (12f70256f140cd7d52c58c7048fde657) C:\WINDOWS\system32\drivers\Udfs.sys
19:32:29.0937 1764        Udfs - ok
19:32:30.0015 1764        ultra - ok
19:32:30.0062 1764        Update          (1f03139b77b21c6d84c688798808bc28) C:\WINDOWS\system32\DRIVERS\update.sys
19:32:30.0484 1764        Update - ok
19:32:30.0578 1764        USBAAPL        (d4fb6ecc60a428564ba8768b0e23c0fc) C:\WINDOWS\system32\Drivers\usbaapl.sys
19:32:30.0625 1764        USBAAPL - ok
19:32:30.0781 1764        usbaudio        (2f005eb50645d537fff23b472691c269) C:\WINDOWS\system32\drivers\usbaudio.sys
19:32:31.0203 1764        usbaudio - ok
19:32:31.0328 1764        usbccgp        (bffd9f120cc63bcbaa3d840f3eef9f79) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
19:32:31.0453 1764        usbccgp - ok
19:32:31.0515 1764        usbehci        (a45ea1550ea4b368c4fba7ca9d056bc9) C:\WINDOWS\system32\DRIVERS\usbehci.sys
19:32:31.0890 1764        usbehci - ok
19:32:32.0046 1764        usbhub          (6d46b1f89134892a862ac56b00ac11fe) C:\WINDOWS\system32\DRIVERS\usbhub.sys
19:32:32.0437 1764        usbhub - ok
19:32:32.0609 1764        usbohci        (555b2b2108c5085cc203202fec702d08) C:\WINDOWS\system32\DRIVERS\usbohci.sys
19:32:32.0984 1764        usbohci - ok
19:32:33.0093 1764        usbscan        (a6bc71402f4f7dd5b77fd7f4a8ddba85) C:\WINDOWS\system32\DRIVERS\usbscan.sys
19:32:33.0234 1764        usbscan - ok
19:32:33.0343 1764        USBSTOR        (6cd7b22193718f1d17a47a1cd6d37e75) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
19:32:33.0468 1764        USBSTOR - ok
19:32:33.0515 1764        VgaSave        (8a60edd72b4ea5aea8202daf0e427925) C:\WINDOWS\System32\drivers\vga.sys
19:32:33.0625 1764        VgaSave - ok
19:32:33.0687 1764        ViaIde - ok
19:32:33.0750 1764        VolSnap        (d6888520ff56d72a50437e371ca25fc9) C:\WINDOWS\system32\drivers\VolSnap.sys
19:32:33.0875 1764        VolSnap - ok
19:32:33.0968 1764        Wanarp          (984ef0b9788abf89974cfed4bfbaacbc) C:\WINDOWS\system32\DRIVERS\wanarp.sys
19:32:34.0078 1764        Wanarp - ok
19:32:34.0125 1764        WDICA - ok
19:32:34.0203 1764        wdmaud          (0bfa8203b8148fb4e54bc212c41ce497) C:\WINDOWS\system32\drivers\wdmaud.sys
19:32:34.0593 1764        wdmaud - ok
19:32:34.0718 1764        WSTCODEC        (d5842484f05e12121c511aa93f6439ec) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
19:32:34.0843 1764        WSTCODEC - ok
19:32:34.0921 1764        WudfPf          (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
19:32:34.0937 1764        WudfPf ( UnsignedFile.Multi.Generic ) - warning
19:32:34.0937 1764        WudfPf - detected UnsignedFile.Multi.Generic (1)
19:32:35.0000 1764        WudfRd          (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
19:32:35.0031 1764        WudfRd ( UnsignedFile.Multi.Generic ) - warning
19:32:35.0031 1764        WudfRd - detected UnsignedFile.Multi.Generic (1)
19:32:35.0093 1764        ZTEusbmdm6k    (c2215c6ada8b1e9feb507cee9b446661) C:\WINDOWS\system32\DRIVERS\ZTEusbmdm6k.sys
19:32:35.0156 1764        ZTEusbmdm6k - ok
19:32:35.0328 1764        ZTEusbnet      (9862f9d2ff50ae748ed42c022e6aac15) C:\WINDOWS\system32\DRIVERS\ZTEusbnet.sys
19:32:35.0406 1764        ZTEusbnet - ok
19:32:35.0484 1764        ZTEusbnmea      (f16ce3c7690ab7426dc96520d54a737e) C:\WINDOWS\system32\DRIVERS\ZTEusbnmea.sys
19:32:35.0531 1764        ZTEusbnmea - ok
19:32:35.0578 1764        ZTEusbser6k    (c2215c6ada8b1e9feb507cee9b446661) C:\WINDOWS\system32\DRIVERS\ZTEusbser6k.sys
19:32:35.0609 1764        ZTEusbser6k - ok
19:32:35.0687 1764        ZTEusbvoice    (f16ce3c7690ab7426dc96520d54a737e) C:\WINDOWS\system32\DRIVERS\ZTEusbvoice.sys
19:32:35.0703 1764        ZTEusbvoice - ok
19:32:35.0734 1764        MBR (0x1B8)    (72b8ce41af0de751c946802b3ed844b4) \Device\Harddisk0\DR0
19:32:35.0921 1764        \Device\Harddisk0\DR0 - ok
19:32:35.0921 1764        Boot (0x1200)  (40bcd8e6f2f0139cb678b33a81b69c9d) \Device\Harddisk0\DR0\Partition0
19:32:35.0921 1764        \Device\Harddisk0\DR0\Partition0 - ok
19:32:35.0937 1764        Boot (0x1200)  (3f699c253e720bf1c133bf5c8677d004) \Device\Harddisk0\DR0\Partition1
19:32:35.0937 1764        \Device\Harddisk0\DR0\Partition1 - ok
19:32:35.0968 1764        Boot (0x1200)  (da1a02adade8306271a083cd40b32b7c) \Device\Harddisk0\DR0\Partition2
19:32:35.0968 1764        \Device\Harddisk0\DR0\Partition2 - ok
19:32:35.0968 1764        ============================================================
19:32:35.0968 1764        Scan finished
19:32:35.0968 1764        ============================================================
19:32:36.0078 1604        Detected object count: 9
19:32:36.0078 1604        Actual detected object count: 9
19:32:38.0984 1604        Afc ( UnsignedFile.Multi.Generic ) - skipped by user
19:32:38.0984 1604        Afc ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:32:38.0984 1604        HDAudBus ( UnsignedFile.Multi.Generic ) - skipped by user
19:32:38.0984 1604        HDAudBus ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:32:38.0984 1604        NIOC ( UnsignedFile.Multi.Generic ) - skipped by user
19:32:38.0984 1604        NIOC ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:32:38.0984 1604        ovt530 ( UnsignedFile.Multi.Generic ) - skipped by user
19:32:38.0984 1604        ovt530 ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:32:38.0984 1604        PQNTDrv ( UnsignedFile.Multi.Generic ) - skipped by user
19:32:38.0984 1604        PQNTDrv ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:32:38.0984 1604        Scutum50 ( UnsignedFile.Multi.Generic ) - skipped by user
19:32:38.0984 1604        Scutum50 ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:32:38.0984 1604        StarOpen ( UnsignedFile.Multi.Generic ) - skipped by user
19:32:38.0984 1604        StarOpen ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:32:38.0984 1604        WudfPf ( UnsignedFile.Multi.Generic ) - skipped by user
19:32:38.0984 1604        WudfPf ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:32:39.0000 1604        WudfRd ( UnsignedFile.Multi.Generic ) - skipped by user
19:32:39.0000 1604        WudfRd ( UnsignedFile.Multi.Generic ) - User select action: Skip
tschuldige & mfG A.Vidal :)

cosinus 06.01.2012 19:46
Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.

A.Vidal 06.01.2012 20:19
ComboFix-Text :
Combofix Logfile:
Code:
ComboFix 12-01-06.01 - Felix 06.01.2012  201035.1.1 - x86
Microsoft Windows XP Professional  5.1.2600.2.1252.49.1031.18.1023.552 [GMT 100]
ausgeführt von cdokumente und einstellungenFelixDesktopComboFix.exe
AV AntiVir Desktop DisabledUpdated {AD166499-45F9-482A-A743-FDD3350758C7}
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
cdokumente und einstellungenFelixWINDOWS
ddownloadsCT2776682_BrotherSoft_Extreme.exe
.
.
(((((((((((((((((((((((  Dateien erstellt von 2011-12-06 bis 2012-01-06  ))))))))))))))))))))))))))))))
.
.
2012-01-05 2133 . 2012-01-05 2133        --------        d-----w-        C_OTL
2012-01-04 1821 . 2012-01-04 1821        --------        d-----w-        cprogrammeESET
2012-01-03 2031 . 2012-01-03 2031        --------        d-----w-        cdokumente und einstellungenFelixAnwendungsdatenMalwarebytes
2012-01-03 2031 . 2012-01-03 2031        --------        d-----w-        cdokumente und einstellungenAll UsersAnwendungsdatenMalwarebytes
2012-01-03 2031 . 2011-12-10 1424        20464        ----a-w-        cwindowssystem32driversmbam.sys
2012-01-03 2027 . 2012-01-03 2027        --------        d-----w-        cdokumente und einstellungenFelixAnwendungsdatenFree Download Manager
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
------- Sigcheck -------
Note Unsigned files aren't necessarily malware.
.
[-] 2008-04-14 . 052F968390A85D37D5EE8BE3AB2A83A2 . 406016 . . [1.0420.2600.5512] . . cwindowsSoftwareDistributionDownloada746b2abbbec3e139e29152ba22decd1usp10.dll
[-] 2008-01-12 . A2F03ADFB6C17E732FC42D51352EDCC3 . 502784 . . [1.0626.6000.20581] . . cwindowssystem32usp10.dll
.
[-] 2008-01-12 1928 . C51B4A5C05A5475708E3C81C7765B71D . 27136 . . [11.0.5721.5145] . . cwindowssystem32mspmsnsv.dll
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
Hinweis leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
Device Detector=DevDetect.exe -autorun [X]
D-Link Air USB Utility=cprogrammeD-LinkAir USB UtilityAirCFG.exe [2003-07-23 2695168]
avgnt=cprogrammeAviraAntiVir Desktopavgnt.exe [2010-11-10 281768]
NvMediaCenter=cwindowssystem32NvMcTray.dll [2010-04-03 110696]
NvCplDaemon=cwindowssystem32NvCpl.dll [2010-04-03 13670504]
RTHDCPL=RTHDCPL.EXE [2010-03-26 19522592]
MobileConnect=cprogrammeVodafoneVodafone Mobile ConnectBinMobileConnect.exe [2009-04-20 2327552]
SunJavaUpdateSched=cprogrammeGemeinsame DateienJavaJava Updatejusched.exe [2010-05-14 248552]
Adobe Reader Speed Launcher=dprogrammeAdobeReader 9.0ReaderReader_sl.exe [2010-09-23 35760]
Adobe ARM=cprogrammeGemeinsame DateienAdobeARM1.0AdobeARM.exe [2010-09-20 932288]
QuickTime Task=cprogrammeQuickTimeqttask.exe [2010-11-29 421888]
iTunesHelper=dprogrammeiTunesiTunesHelper.exe [2011-04-14 421160]
.
[HKEY_USERS.DEFAULTSoftwareMicrosoftWindowsCurrentVersionRun]
CTFMON.EXE=cwindowssystem32CTFMON.EXE [2004-08-04 15360]
.
[HKEY_USERS.DEFAULTSoftwareMicrosoftWindowsCurrentVersionRunOnce]
nltide_2=shell32 [X]
nltide_3=advpack.dll [2010-05-04 124928]
.
cdokumente und einstellungenFelixStartmenüProgrammeAutostart
FIFA 10-Registrierung.lnk - dprogrammeEA SPORTSFussball Manager 2004SupportEAregister.exe [2009-9-9 4374800]
Game Alarm.lnk - cgamesGame Alarmgamealarm.exe [2011-1-1 19721728]
OpenOffice.org 3.2.lnk - cprogrammeOpenOffice.org 3programquickstart.exe [2009-12-15 384000]
.
cdokumente und einstellungenAll UsersStartmenüProgrammeAutostart
Image Transfer.lnk - eprogrammeSony CorporationImage TransferSonyTray.exe [2007-8-13 73728]
Ralink Wireless Utility.lnk - cprogrammeRalinkCommonRaUI.exe [2010-5-6 1560576]
.
[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetcontrolsession manager]
BootExecute        REG_MULTI_SZ          pdboot.exe0autocheck autochk
.
[HKLM~servicessharedaccessparametersfirewallpolicystandardprofile]
EnableFirewall= 0 (0x0)
.
[HKLM~servicessharedaccessparametersfirewallpolicystandardprofileAuthorizedApplicationsList]
%windir%Network Diagnosticxpnetdiag.exe=
%windir%system32sessmgr.exe=
dProgrammeMetin2metin2.bin=
dProgrammeMetin2metin2client.bin=
cProgrammeMessengermsmsgs.exe=
dPES 2010pes2010.exe=
cProgrammeWindows LiveMessengermsnmsgr.exe=
cProgrammeBonjourmDNSResponder.exe=
dProgrammeiTunesiTunes.exe=
.
R2 WZCBDLService;WZCBDL Service;cprogrammeWZCBDL ServiceWZCBDLS.exe [19.03.2002 1115 36864]
R2 AntiVirSchedulerService;Avira AntiVir Planer;cprogrammeAviraAntiVir Desktopsched.exe [06.05.2010 0956 136360]
R2 MBAMService;MBAMService;dtrojaner-board-hilfeMalwarebytes' Anti-Malwarembamservice.exe [03.01.2012 2131 652872]
R2 NIOC;NIOC Service;cwindowssystem32NIOC.sys [27.09.2002 1721 22912]
R2 PDSched;PDScheduler;cprogrammeRaxcoPerfectDiskPDSched.exe [01.06.2006 2006 241731]
R2 Scutum50;Scutum50 NDIS Protocol Driver;cwindowssystem32driversScutum50.sys [06.05.2010 1041 19072]
R2 VMCService;Vodafone Mobile Connect Service;cprogrammeVodafoneVodafone Mobile ConnectBinVMCService.exe [20.04.2009 1620 9216]
R3 MBAMProtector;MBAMProtector;cwindowssystem32driversmbam.sys [03.01.2012 2131 20464]
S3 94072070;94072070; [x]
S3 Ambfilt;Ambfilt;cwindowssystem32driversAmbfilt.sys [06.05.2010 1017 1691480]
S3 massfilter;ZTE Mass Storage Filter Driver;cwindowssystem32driversmassfilter.sys [16.09.2010 1925 7680]
S3 MBAMSwissArmy;MBAMSwissArmy;cwindowssystem32driversmbamswissarmy.sys -- cwindowssystem32driversmbamswissarmy.sys []
S3 ovt530;Webcam Classic;cwindowssystem32driversov530vid.sys [08.06.2010 1502 161792]
S3 PRISM_USB;D-Link Air DWL-122 Wireless USB Adapter Driver;cwindowssystem32driversPRISMUSB.sys [06.05.2010 0950 636502]
S3 ZTEusbnet;ZTE USB-NDIS miniport;cwindowssystem32driversZTEusbnet.sys [16.09.2010 1925 110592]
S3 ZTEusbvoice;ZTE VoUSB Port;cwindowssystem32driverszteusbvoice.sys [16.09.2010 1925 105344]
.
--- Andere DiensteTreiber im Speicher ---
.
NewlyCreated - 03942727
Deregistered - 03942727
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page =
mLocal Page =
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = .local
IE Free YouTube to iPhone Converter - cdokumente und einstellungenFelixAnwendungsdatenDVDVideoSoftIEHelpersfreeyoutubetoiphoneconverter.htm
IE Free YouTube to Mp3 Converter - cdokumente und einstellungenFelixAnwendungsdatenDVDVideoSoftIEHelpersfreeyoutubetomp3converter.htm
TCP DhcpNameServer = 192.168.2.1
FF - ProfilePath - cdokumente und einstellungenFelixAnwendungsdatenMozillaFirefoxProfilesbfdh1rq7.default
FF - prefs.js browser.search.defaulturl -
FF - prefs.js browser.search.selectedEngine - Yahoo
FF - prefs.js browser.startup.homepage - www.google.de
FF - Ext Default {972ce4c6-7e08-4474-a285-3208198ce6fd} - dprogrammeMozillaextensions{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext Java Console {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - dprogrammeMozillaextensions{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext Microsoft .NET Framework Assistant {20a82645-c095-46ed-80e3-08825760534b} - %profile%extensions{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext Microsoft .NET Framework Assistant {20a82645-c095-46ed-80e3-08825760534b} - cwindowsMicrosoft.NETFrameworkv3.5Windows Presentation FoundationDotNetAssistantExtension
FF - Ext Java Quick Starter jqs@sun.com - cprogrammeJavajre6libdeployjqsff
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
AddRemove-QuickStores-Toolbar_is1 - cdokumente und einstellungenFelixAnwendungsdatenQuickStoresToolbarunins000.exe
.
.
.

.
catchme 0.3.1398 W2KXPVista - rootkitstealth malware detector by Gmer, httpwww.gmer.net
Rootkit scan 2012-01-06 2014
Windows 5.1.2600 Service Pack 2 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien 0
.

.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERSS-1-5-21-1292428093-1644491937-725345543-1004SoftwareSecuROMLicense information]
datasecu=hexcb,ed,4f,59,d4,fc,fc,f3,b4,04,cf,a4,84,5d,c2,79,85,83,25,78,0c,
  0f,26,86,05,7f,d3,76,e9,43,d1,cf,c4,5d,fa,c1,2d,4f,7a,10,df,d9,e3,44,8d,e1,
rkeysecu=hex83,bb,6c,fe,4c,83,e8,49,6a,69,b7,a2,51,22,83,96
.
Zeit der Fertigstellung 2012-01-06  201547
ComboFix-quarantined-files.txt  2012-01-06 1915
.
Vor Suchlauf 164.737.024 Bytes frei
Nach Suchlauf 171.175.936 Bytes frei
.
WindowsXP-KB310994-SP2-Pro-BootDisk-DEU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)WINDOWS
[operating systems]
ccmdconsBOOTSECT.DAT=Microsoft Windows Recovery Console cmdcons
UnsupportedDebug=do not select this debug
multi(0)disk(0)rdisk(0)partition(1)WINDOWS=Microsoft Windows XP Professional noexecute=optin fastdetect
.
- - End Of File - - 55180116B81B1820C310F67139A541C0
--- --- ---


mfG A.Vidal :)

cosinus 06.01.2012 20:22
Da stimmt was mit deinem Log nicht. Offensichtlich hast du alle Backslash-Verzeichnistrenner => \ entfernt.

A.Vidal 06.01.2012 20:27
Hmm, ich habe nichts verändert, ich schick nochmal die Textdatei, die automatisch im Ordner "C" gespeichert wurde

Combofix Logfile:
Code:
ComboFix 12-01-06.01 - Felix 06.01.2012  20:10:35.1.1 - x86
Microsoft Windows XP Professional  5.1.2600.2.1252.49.1031.18.1023.552 [GMT 1:00]
ausgeführt von:: c:\dokumente und einstellungen\Felix\Desktop\ComboFix.exe
AV: AntiVir Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\dokumente und einstellungen\Felix\WINDOWS
d:\downloads\CT2776682_BrotherSoft_Extreme.exe
.
.
(((((((((((((((((((((((  Dateien erstellt von 2011-12-06 bis 2012-01-06  ))))))))))))))))))))))))))))))
.
.
2012-01-05 21:33 . 2012-01-05 21:33        --------        d-----w-        C:\_OTL
2012-01-04 18:21 . 2012-01-04 18:21        --------        d-----w-        c:\programme\ESET
2012-01-03 20:31 . 2012-01-03 20:31        --------        d-----w-        c:\dokumente und einstellungen\Felix\Anwendungsdaten\Malwarebytes
2012-01-03 20:31 . 2012-01-03 20:31        --------        d-----w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\Malwarebytes
2012-01-03 20:31 . 2011-12-10 14:24        20464        ----a-w-        c:\windows\system32\drivers\mbam.sys
2012-01-03 20:27 . 2012-01-03 20:27        --------        d-----w-        c:\dokumente und einstellungen\Felix\Anwendungsdaten\Free Download Manager
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2008-04-14 . 052F968390A85D37D5EE8BE3AB2A83A2 . 406016 . . [1.0420.2600.5512] . . c:\windows\SoftwareDistribution\Download\a746b2abbbec3e139e29152ba22decd1\usp10.dll
[-] 2008-01-12 . A2F03ADFB6C17E732FC42D51352EDCC3 . 502784 . . [1.0626.6000.20581] . . c:\windows\system32\usp10.dll
.
[-] 2008-01-12 19:28 . C51B4A5C05A5475708E3C81C7765B71D . 27136 . . [11.0.5721.5145] . . c:\windows\system32\mspmsnsv.dll
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Device Detector"="DevDetect.exe -autorun" [X]
"D-Link Air USB Utility"="c:\programme\D-Link\Air USB Utility\AirCFG.exe" [2003-07-23 2695168]
"avgnt"="c:\programme\Avira\AntiVir Desktop\avgnt.exe" [2010-11-10 281768]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-04-03 110696]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-04-03 13670504]
"RTHDCPL"="RTHDCPL.EXE" [2010-03-26 19522592]
"MobileConnect"="c:\programme\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe" [2009-04-20 2327552]
"SunJavaUpdateSched"="c:\programme\Gemeinsame Dateien\Java\Java Update\jusched.exe" [2010-05-14 248552]
"Adobe Reader Speed Launcher"="d:\programme\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
"QuickTime Task"="c:\programme\QuickTime\qttask.exe" [2010-11-29 421888]
"iTunesHelper"="d:\programme\iTunes\iTunesHelper.exe" [2011-04-14 421160]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_2"="shell32" [X]
"nltide_3"="advpack.dll" [2010-05-04 124928]
.
c:\dokumente und einstellungen\Felix\Startmenü\Programme\Autostart\
FIFA 10-Registrierung.lnk - d:\programme\EA SPORTS\Fussball Manager 2004\Support\EAregister.exe [2009-9-9 4374800]
Game Alarm.lnk - c:\games\Game Alarm\gamealarm.exe [2011-1-1 19721728]
OpenOffice.org 3.2.lnk - c:\programme\OpenOffice.org 3\program\quickstart.exe [2009-12-15 384000]
.
c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\
Image Transfer.lnk - e:\programme\Sony Corporation\Image Transfer\SonyTray.exe [2007-8-13 73728]
Ralink Wireless Utility.lnk - c:\programme\Ralink\Common\RaUI.exe [2010-5-6 1560576]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute        REG_MULTI_SZ          pdboot.exe\0autocheck autochk *
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"d:\\Programme\\Metin2\\metin2.bin"=
"d:\\Programme\\Metin2\\metin2client.bin"=
"c:\\Programme\\Messenger\\msmsgs.exe"=
"d:\\PES 2010\\pes2010.exe"=
"c:\\Programme\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programme\\Bonjour\\mDNSResponder.exe"=
"d:\\Programme\\iTunes\\iTunes.exe"=
.
R?2 WZCBDLService;WZCBDL Service;c:\programme\WZCBDL Service\WZCBDLS.exe [19.03.2002 11:15 36864]
R2 AntiVirSchedulerService;Avira AntiVir Planer;c:\programme\Avira\AntiVir Desktop\sched.exe [06.05.2010 09:56 136360]
R2 MBAMService;MBAMService;d:\trojaner-board-hilfe\Malwarebytes' Anti-Malware\mbamservice.exe [03.01.2012 21:31 652872]
R2 NIOC;NIOC Service;c:\windows\system32\NIOC.sys [27.09.2002 17:21 22912]
R2 PDSched;PDScheduler;c:\programme\Raxco\PerfectDisk\PDSched.exe [01.06.2006 20:06 241731]
R2 Scutum50;Scutum50 NDIS Protocol Driver;c:\windows\system32\drivers\Scutum50.sys [06.05.2010 10:41 19072]
R2 VMCService;Vodafone Mobile Connect Service;c:\programme\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe [20.04.2009 16:20 9216]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [03.01.2012 21:31 20464]
S3 94072070;94072070; [x]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [06.05.2010 10:17 1691480]
S3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [16.09.2010 19:25 7680]
S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]
S3 ovt530;Webcam Classic;c:\windows\system32\drivers\ov530vid.sys [08.06.2010 15:02 161792]
S3 PRISM_USB;D-Link Air DWL-122 Wireless USB Adapter Driver;c:\windows\system32\drivers\PRISMUSB.sys [06.05.2010 09:50 636502]
S3 ZTEusbnet;ZTE USB-NDIS miniport;c:\windows\system32\drivers\ZTEusbnet.sys [16.09.2010 19:25 110592]
S3 ZTEusbvoice;ZTE VoUSB Port;c:\windows\system32\drivers\zteusbvoice.sys [16.09.2010 19:25 105344]
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - 03942727
*Deregistered* - 03942727
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page =
mLocal Page =
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
IE: Free YouTube to iPhone Converter - c:\dokumente und einstellungen\Felix\Anwendungsdaten\DVDVideoSoftIEHelpers\freeyoutubetoiphoneconverter.htm
IE: Free YouTube to Mp3 Converter - c:\dokumente und einstellungen\Felix\Anwendungsdaten\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\dokumente und einstellungen\Felix\Anwendungsdaten\Mozilla\Firefox\Profiles\bfdh1rq7.default\
FF - prefs.js: browser.search.defaulturl -
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - www.google.de
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - d:\programme\Mozilla\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - d:\programme\Mozilla\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: jqs@sun.com - c:\programme\Java\jre6\lib\deploy\jqs\ff
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
AddRemove-QuickStores-Toolbar_is1 - c:\dokumente und einstellungen\Felix\Anwendungsdaten\QuickStoresToolbar\unins000.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2012-01-06 20:14
Windows 5.1.2600 Service Pack 2 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-1292428093-1644491937-725345543-1004\Software\SecuROM\License information*]
"datasecu"=hex:cb,ed,4f,59,d4,fc,fc,f3,b4,04,cf,a4,84,5d,c2,79,85,83,25,78,0c,
  0f,26,86,05,7f,d3,76,e9,43,d1,cf,c4,5d,fa,c1,2d,4f,7a,10,df,d9,e3,44,8d,e1,\
"rkeysecu"=hex:83,bb,6c,fe,4c,83,e8,49,6a,69,b7,a2,51,22,83,96
.
Zeit der Fertigstellung: 2012-01-06  20:15:47
ComboFix-quarantined-files.txt  2012-01-06 19:15
.
Vor Suchlauf: 164.737.024 Bytes frei
Nach Suchlauf: 171.175.936 Bytes frei
.
WindowsXP-KB310994-SP2-Pro-BootDisk-DEU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - 55180116B81B1820C310F67139A541C0
--- --- ---


mfG A.Vidal

cosinus 06.01.2012 20:33
Combofix - Scripten

1. Starte das Notepad (Start / Ausführen / notepad[Enter])

2. Jetzt füge mit copy/paste den ganzen Inhalt der untenstehenden Codebox in das Notepad Fenster ein.

Code:
Registry::
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= -

Driver::
94072070
3. Speichere im Notepad als CFScript.txt auf dem Desktop.

4. Deaktivere den Guard Deines Antivirenprogramms und eine eventuell vorhandene Software Firewall.
(Auch Guards von Ad-, Spyware Programmen und den Tea Timer (wenn vorhanden) !)

5. Dann ziehe die CFScript.txt auf die cofi.exe, so wie es im unteren Bild zu sehen ist. Damit wird Combofix neu gestartet.

http://users.pandora.be/bluepatchy/m...s/CFScript.gif

6. Nach dem Neustart (es wird gefragt ob Du neustarten willst), poste bitte die folgenden Log Dateien:
Combofix.txt

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

A.Vidal 06.01.2012 21:34
Combofix Logfile:
Code:
ComboFix 12-01-06.01 - Felix 06.01.2012  21:20:51.2.1 - x86
Microsoft Windows XP Professional  5.1.2600.2.1252.49.1031.18.1023.517 [GMT 1:00]
ausgeführt von:: c:\dokumente und einstellungen\Felix\Desktop\ComboFix.exe
Benutzte Befehlsschalter :: c:\dokumente und einstellungen\Felix\Desktop\CFScript.txt
AV: AntiVir Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
(((((((((((((((((((((((((((((((((((((((  Treiber/Dienste  )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_94072070
-------\Service_94072070
.
.
(((((((((((((((((((((((  Dateien erstellt von 2011-12-06 bis 2012-01-06  ))))))))))))))))))))))))))))))
.
.
2012-01-06 20:26 . 2012-01-06 20:26        --------        d-----w-        c:\windows\system32\wbem\snmp
2012-01-06 20:26 . 2012-01-06 20:26        --------        d-----w-        c:\windows\system32\xircom
2012-01-06 20:26 . 2012-01-06 20:26        --------        d-----w-        c:\programme\microsoft frontpage
2012-01-05 21:33 . 2012-01-05 21:33        --------        d-----w-        C:\_OTL
2012-01-04 18:21 . 2012-01-04 18:21        --------        d-----w-        c:\programme\ESET
2012-01-03 20:31 . 2012-01-03 20:31        --------        d-----w-        c:\dokumente und einstellungen\Felix\Anwendungsdaten\Malwarebytes
2012-01-03 20:31 . 2012-01-03 20:31        --------        d-----w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\Malwarebytes
2012-01-03 20:31 . 2011-12-10 14:24        20464        ----a-w-        c:\windows\system32\drivers\mbam.sys
2012-01-03 20:27 . 2012-01-03 20:27        --------        d-----w-        c:\dokumente und einstellungen\Felix\Anwendungsdaten\Free Download Manager
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2008-04-14 . 052F968390A85D37D5EE8BE3AB2A83A2 . 406016 . . [1.0420.2600.5512] . . c:\windows\SoftwareDistribution\Download\a746b2abbbec3e139e29152ba22decd1\usp10.dll
[-] 2008-01-12 . A2F03ADFB6C17E732FC42D51352EDCC3 . 502784 . . [1.0626.6000.20581] . . c:\windows\system32\usp10.dll
.
[-] 2008-01-12 19:28 . C51B4A5C05A5475708E3C81C7765B71D . 27136 . . [11.0.5721.5145] . . c:\windows\system32\mspmsnsv.dll
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Device Detector"="DevDetect.exe -autorun" [X]
"D-Link Air USB Utility"="c:\programme\D-Link\Air USB Utility\AirCFG.exe" [2003-07-23 2695168]
"avgnt"="c:\programme\Avira\AntiVir Desktop\avgnt.exe" [2010-11-10 281768]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-04-03 110696]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-04-03 13670504]
"RTHDCPL"="RTHDCPL.EXE" [2010-03-26 19522592]
"MobileConnect"="c:\programme\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe" [2009-04-20 2327552]
"SunJavaUpdateSched"="c:\programme\Gemeinsame Dateien\Java\Java Update\jusched.exe" [2010-05-14 248552]
"Adobe Reader Speed Launcher"="d:\programme\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
"QuickTime Task"="c:\programme\QuickTime\qttask.exe" [2010-11-29 421888]
"iTunesHelper"="d:\programme\iTunes\iTunesHelper.exe" [2011-04-14 421160]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_2"="shell32" [X]
"nltide_3"="advpack.dll" [2010-05-04 124928]
.
c:\dokumente und einstellungen\Felix\Startmenü\Programme\Autostart\
FIFA 10-Registrierung.lnk - d:\programme\EA SPORTS\Fussball Manager 2004\Support\EAregister.exe [2009-9-9 4374800]
Game Alarm.lnk - c:\games\Game Alarm\gamealarm.exe [2011-1-1 19721728]
OpenOffice.org 3.2.lnk - c:\programme\OpenOffice.org 3\program\quickstart.exe [2009-12-15 384000]
.
c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\
Image Transfer.lnk - e:\programme\Sony Corporation\Image Transfer\SonyTray.exe [2007-8-13 73728]
Ralink Wireless Utility.lnk - c:\programme\Ralink\Common\RaUI.exe [2010-5-6 1560576]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute        REG_MULTI_SZ          pdboot.exe\0autocheck autochk *
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"d:\\Programme\\Metin2\\metin2.bin"=
"d:\\Programme\\Metin2\\metin2client.bin"=
"c:\\Programme\\Messenger\\msmsgs.exe"=
"d:\\PES 2010\\pes2010.exe"=
"c:\\Programme\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programme\\Bonjour\\mDNSResponder.exe"=
"d:\\Programme\\iTunes\\iTunes.exe"=
.
R2 AntiVirSchedulerService;Avira AntiVir Planer;c:\programme\Avira\AntiVir Desktop\sched.exe [06.05.2010 09:56 136360]
R2 MBAMService;MBAMService;d:\trojaner-board-hilfe\Malwarebytes' Anti-Malware\mbamservice.exe [03.01.2012 21:31 652872]
R2 NIOC;NIOC Service;c:\windows\system32\NIOC.sys [27.09.2002 17:21 22912]
R2 PDSched;PDScheduler;c:\programme\Raxco\PerfectDisk\PDSched.exe [01.06.2006 20:06 241731]
R2 Scutum50;Scutum50 NDIS Protocol Driver;c:\windows\system32\drivers\Scutum50.sys [06.05.2010 10:41 19072]
R2 VMCService;Vodafone Mobile Connect Service;c:\programme\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe [20.04.2009 16:20 9216]
R2 WZCBDLService;WZCBDL Service;c:\programme\WZCBDL Service\WZCBDLS.exe [19.03.2002 11:15 36864]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [03.01.2012 21:31 20464]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [06.05.2010 10:17 1691480]
S3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [16.09.2010 19:25 7680]
S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]
S3 ovt530;Webcam Classic;c:\windows\system32\drivers\ov530vid.sys [08.06.2010 15:02 161792]
S3 PRISM_USB;D-Link Air DWL-122 Wireless USB Adapter Driver;c:\windows\system32\drivers\PRISMUSB.sys [06.05.2010 09:50 636502]
S3 ZTEusbnet;ZTE USB-NDIS miniport;c:\windows\system32\drivers\ZTEusbnet.sys [16.09.2010 19:25 110592]
S3 ZTEusbvoice;ZTE VoUSB Port;c:\windows\system32\drivers\zteusbvoice.sys [16.09.2010 19:25 105344]
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page =
mLocal Page =
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
IE: Free YouTube to iPhone Converter - c:\dokumente und einstellungen\Felix\Anwendungsdaten\DVDVideoSoftIEHelpers\freeyoutubetoiphoneconverter.htm
IE: Free YouTube to Mp3 Converter - c:\dokumente und einstellungen\Felix\Anwendungsdaten\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\dokumente und einstellungen\Felix\Anwendungsdaten\Mozilla\Firefox\Profiles\bfdh1rq7.default\
FF - prefs.js: browser.search.defaulturl -
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - www.google.de
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - d:\programme\Mozilla\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - d:\programme\Mozilla\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: jqs@sun.com - c:\programme\Java\jre6\lib\deploy\jqs\ff
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2012-01-06 21:28
Windows 5.1.2600 Service Pack 2 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'explorer.exe'(3764)
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\wpdshserviceobj.dll
d:\programme\Hercules\WebCam Station\PhotoImpression\share\pihook.dll
c:\windows\system32\portabledevicetypes.dll
c:\windows\system32\portabledeviceapi.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\windows\system32\RUNDLL32.EXE
c:\windows\RTHDCPL.EXE
c:\programme\Gemeinsame Dateien\ACD Systems\DE\DevDetect.exe
c:\programme\OpenOffice.org 3\program\soffice.exe
c:\programme\OpenOffice.org 3\program\soffice.bin
c:\games\Game Alarm\Updater.exe
c:\programme\Avira\AntiVir Desktop\avguard.exe
c:\programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\programme\Bonjour\mDNSResponder.exe
c:\programme\Avira\AntiVir Desktop\avshadow.exe
c:\programme\Java\jre6\bin\jqs.exe
e:\programme\CDBurnerXP\NMSAccessU.exe
c:\programme\Ralink\Common\RaRegistry.exe
c:\programme\iPod\bin\iPodService.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-01-06  21:30:39 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2012-01-06 20:30
ComboFix2.txt  2012-01-06 19:15
.
Vor Suchlauf: 171.651.072 Bytes frei
Nach Suchlauf: 112.922.624 Bytes frei
.
- - End Of File - - CC3E72FF5856BFBF5E27C4A4A5DD538D
--- --- ---


mfG A.Vidal

cosinus 06.01.2012 21:53
Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.

Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM!

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
  • Starte die aswMBR.exe - (aswMBR.exe Anleitung)
    Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
    Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS-Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).

A.Vidal 06.01.2012 22:48
OSAM :
OSAM Logfile:
Code:
Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 22:01:02 on 06.01.2012

OS: Windows XP Professional Service Pack 2 (Build 2600)
Default Browser: Microsoft Corporation Internet Explorer 7.00.6000.21256

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Boot Execute]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Session Manager )-----
"BootExecute" - "Raxco Software, Inc." - C:\WINDOWS\system32\pdboot.exe

[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"FlashPlayerCPLApp.cpl" - "Adobe Systems Incorporated" - C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
"infocardcpl.cpl" - "Microsoft Corporation" - C:\WINDOWS\system32\infocardcpl.cpl
"javacpl.cpl" - "Sun Microsystems, Inc." - C:\WINDOWS\system32\javacpl.cpl
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"Avira AntiVir Personal" - "Avira GmbH" - C:\PROGRA~1\Avira\ANTIVI~1\avconfig.cpl
"QuickTime" - "Apple Inc." - C:\Programme\QuickTime\QTSystem\QuickTime.cpl

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"avgio" (avgio) - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\avgio.sys
"avgntflt" (avgntflt) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\avgntflt.sys
"avipbb" (avipbb) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\avipbb.sys
"catchme" (catchme) - ? - C:\ComboFix\catchme.sys  (File not found)
"Changer" (Changer) - ? - C:\WINDOWS\system32\drivers\Changer.sys  (File not found)
"Defrag32" (Defrag32) - "Raxco Software, Inc." - C:\WINDOWS\system32\drivers\Defrag32.sys
"Defrag32Boot" (Defrag32b) - "Raxco Software, Inc." - C:\WINDOWS\system32\drivers\Defrag32b.sys
"EagleNT" (EagleNT) - ? - C:\WINDOWS\system32\drivers\EagleNT.sys  (File not found)
"i2omgmt" (i2omgmt) - ? - C:\WINDOWS\system32\drivers\i2omgmt.sys  (File not found)
"lbrtfdc" (lbrtfdc) - ? - C:\WINDOWS\system32\drivers\lbrtfdc.sys  (File not found)
"MBAMProtector" (MBAMProtector) - "Malwarebytes Corporation" - C:\WINDOWS\system32\drivers\mbam.sys
"MBAMSwissArmy" (MBAMSwissArmy) - ? - C:\WINDOWS\system32\drivers\mbamswissarmy.sys  (File not found)
"mbr" (mbr) - ? - C:\DOKUME~1\Felix\LOKALE~1\Temp\mbr.sys  (Hidden registry entry, rootkit activity | File not found)
"Microsoft UAA-Bustreiber für High Definition Audio" (HDAudBus) - "Windows (R) Server 2003 DDK provider" - C:\WINDOWS\System32\DRIVERS\HDAudBus.sys
"NIOC Service" (NIOC) - "D-Link Corporation" - C:\WINDOWS\system32\NIOC.SYS
"PCIDump" (PCIDump) - ? - C:\WINDOWS\system32\drivers\PCIDump.sys  (File not found)
"PDCOMP" (PDCOMP) - ? - C:\WINDOWS\system32\drivers\PDCOMP.sys  (File not found)
"PDFRAME" (PDFRAME) - ? - C:\WINDOWS\system32\drivers\PDFRAME.sys  (File not found)
"PDRELI" (PDRELI) - ? - C:\WINDOWS\system32\drivers\PDRELI.sys  (File not found)
"PDRFRAME" (PDRFRAME) - ? - C:\WINDOWS\system32\drivers\PDRFRAME.sys  (File not found)
"PPdus ASPI Shell" (Afc) - "Arcsoft, Inc." - C:\WINDOWS\System32\drivers\Afc.sys
"PQNTDrv" (PQNTDrv) - "PowerQuest Corporation" - C:\WINDOWS\system32\drivers\PQNTDrv.sys
"Scutum50 NDIS Protocol Driver" (Scutum50) - "Printing Communications Assoc., Inc. (PCAUSA)" - C:\WINDOWS\System32\Drivers\Scutum50.sys
"ssmdrv" (ssmdrv) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\ssmdrv.sys
"StarOpen" (StarOpen) - ? - C:\WINDOWS\system32\drivers\StarOpen.sys  (File found, but it contains no detailed information)
"WDICA" (WDICA) - ? - C:\WINDOWS\system32\drivers\WDICA.sys  (File not found)
"Webcam Classic" (ovt530) - "OmniVision Technologies, Inc." - C:\WINDOWS\System32\Drivers\ov530vid.sys
"Windows Driver Foundation - User-mode Driver Framework Platform Driver" (WudfPf) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\WudfPf.sys
"Windows Driver Foundation - User-mode Driver Framework Reflector" (WudfRd) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\wudfrd.sys

[Explorer]
-----( HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components )-----
{89B4C1CD-B018-4511-B0A1-5476DBF70820} "StubPath" - "Microsoft Corporation" - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install
>{22d6f312-b0f6-11d0-94ab-0080c74c7e95} "Windows Media Player" - "Microsoft Corporation" - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.dll
{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" - ? - C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
-----( HKLM\Software\Classes\Protocols\Filter )-----
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
-----( HKLM\Software\Classes\Protocols\Handler )-----
{828030A1-22C1-4009-854F-8E305202313F} "livecall" - "Microsoft Corporation" - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
{828030A1-22C1-4009-854F-8E305202313F} "msnim" - "Microsoft Corporation" - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
{03C514A3-1EFB-4856-9F99-10D7BE1653C0} "Windows Live Mail HTML Asynchronous Pluggable Protocol Handler" - "Microsoft Corporation" - C:\Programme\Windows Live\Mail\mailcomm.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )-----
{AEB6717E-7E19-11d0-97EE-00C04FD91972} "{AEB6717E-7E19-11d0-97EE-00C04FD91972}" - ? -  (File not found | COM-object registry key not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{0563DB41-F538-4B37-A92D-4659049B7766} "CLSID_WLMCMimeFilter" - "Microsoft Corporation" - C:\Programme\Windows Live\Mail\mailcomm.dll
{42071714-76d4-11d1-8b24-00a0c9068ff3} "CPL-Erweiterung für Anzeigeverschiebung" - ? - deskpan.dll  (File not found)
{1CDB2949-8F65-4355-8456-263E7C208A5D} "Desktop Explorer" - "NVIDIA Corporation" - C:\Programme\NVIDIA Corporation\nView\nvshell.dll
{1E9B04FB-F9E5-4718-997B-B8DA88302A47} "Desktop Explorer Menu" - "NVIDIA Corporation" - C:\Programme\NVIDIA Corporation\nView\nvshell.dll
{A70C977A-BF00-412C-90B7-034C51DA2439} "DesktopContext Class" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvcpl.dll
{1D2680C9-0E2A-469d-B787-065558BC7D43} "Fusion Cache" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} "iTunes" - "Apple Inc." - D:\Programme\iTunes\iTunesMiniPlayer.dll
{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} "Kontextmenü für die Verschlüsselung" - ? -  (File not found | COM-object registry key not found)
{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE14\msoshext.dll
{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE14\msoshext.dll
{FFB699E0-306A-11d3-8BD1-00104B6F7516} "NVIDIA CPL Extension" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvcpl.dll
{1E9B04FB-F9E5-4718-997B-B8DA88302A48} "nView Desktop Context Menu" - "NVIDIA Corporation" - C:\Programme\NVIDIA Corporation\nView\nvshell.dll
{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "OpenOffice.org Column Handler" - ? - C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{087B3AE3-E237-4467-B8DB-5A38AB959AC9} "OpenOffice.org Infotip Handler" - ? - C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{63542C48-9552-494A-84F7-73AA6A7C99C1} "OpenOffice.org Property Sheet Handler" - ? - C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{3B092F0C-7696-40E3-A80F-68D74DA84210} "OpenOffice.org Thumbnail Viewer" - ? - C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{35786D3C-B075-49b9-88DD-029876E11C01} "Portable Devices" - "Microsoft Corporation" - C:\WINDOWS\system32\wpdshext.dll
{D6791A63-E7E2-4fee-BF52-5DED8E86E9B8} "Portable Devices Menu" - "Microsoft Corporation" - C:\WINDOWS\system32\wpdshext.dll
{640167b4-59b0-47a6-b335-a6b3c0695aea} "Portable Media Devices" - "Microsoft Corporation" - C:\WINDOWS\system32\audiodev.dll
{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\shlext.dll
{E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} "Shell Icon Handler for Application References" - "Microsoft Corporation" - C:\WINDOWS\system32\dfshim.dll
{764BF0E1-F219-11ce-972D-00AA00A14F56} "Shellerweiterungen für die Dateikomprimierung" - ? -  (File not found | COM-object registry key not found)
{e82a2d71-5b2f-43a0-97b8-81be15854de8} "ShellLink for Application References" - "Microsoft Corporation" - C:\WINDOWS\system32\dfshim.dll
{BDEADF00-C265-11D0-BCED-00A0C90AB50F} "Webordner" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Folders\msonsext.dll
{B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - ? - C:\Programme\WinRAR\rarext.dll  (File found, but it contains no detailed information)
{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD} "WMP Add To Playlist Launcher" - "Microsoft Corporation" - C:\WINDOWS\system32\wmpshell.dll
{8DD448E6-C188-4aed-AF92-44956194EB1F} "WMP Burn Audio CD Launcher" - "Microsoft Corporation" - C:\WINDOWS\system32\wmpshell.dll
{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C} "WMP Play As Playlist Launcher" - "Microsoft Corporation" - C:\WINDOWS\system32\wmpshell.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad )-----
{AAA288BA-9A4C-45B0-95D7-94D524869DB5} "WPDShServiceObj Class" - "Microsoft Corporation" - C:\WINDOWS\system32\wpdshserviceobj.dll

[Internet Explorer]
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
<binary data> "ITBar7Layout" - ? -  (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_21" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_21.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} "Java Plug-in 1.6.0_21" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_21.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_21" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_21.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
{C3F79A2B-B9B4-4A66-B012-3EE46475B072} "MessengerStatsClient Class" - "Microsoft Corporation" - C:\WINDOWS\Downloaded Program Files\MessengerStatsPAClient.dll / hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
{1E54D648-B804-468d-BC78-4AFFED8E262F} "System Requirements Lab Class" - "Husdawg, LLC" - C:\WINDOWS\Downloaded Program Files\sysreqlab_nvd.dll / hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )-----
{10EDB994-47F8-43F7-AE96-F2EA63E9F90F} "QuickStores-Toolbar" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jp2ssv.dll
{E7E6F031-17CE-4C07-BC86-EABFE594F69C} "JQSIEStartDetectorImpl Class" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
{10EDB994-47F8-43F7-AE96-F2EA63E9F90F} "QuickStores-Toolbar" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll

[Logon]
-----( %AllUsersProfile%\Startmenü\Programme\Autostart )-----
"desktop.ini" - ? - C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\desktop.ini
"Image Transfer.lnk" - ? - E:\Programme\Sony Corporation\Image Transfer\SonyTray.exe  (Shortcut exists | File found, but it contains no detailed information | File exists)
"Ralink Wireless Utility.lnk" - "Ralink Technology, Corp." - C:\Programme\Ralink\Common\RaUI.exe  (Shortcut exists | File exists)
-----( %UserProfile%\Startmenü\Programme\Autostart )-----
"desktop.ini" - ? - C:\Dokumente und Einstellungen\Felix\Startmenü\Programme\Autostart\desktop.ini
"FIFA 10-Registrierung.lnk" - "Leader Technologies" - D:\Programme\EA SPORTS\Fussball Manager 2004\Support\EAregister.exe  (Shortcut exists | File exists)
"Game Alarm.lnk" - "Europe Support Ltd. N.V." - C:\Games\Game Alarm\gamealarm.exe  (Shortcut exists | File exists)
"OpenOffice.org 3.2.lnk" - ? - C:\Programme\OpenOffice.org 3\program\quickstart.exe  (Shortcut exists | File found, but it contains no detailed information | File exists)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"Adobe ARM" - "Adobe Systems Incorporated" - "C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe"
"Adobe Reader Speed Launcher" - "Adobe Systems Incorporated" - "D:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"avgnt" - "Avira GmbH" - "C:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min
"D-Link Air USB Utility" - "D-Link" - C:\Programme\D-Link\Air USB Utility\AirCFG.exe
"Device Detector" - ? - DevDetect.exe -autorun  (File not found)
"iTunesHelper" - "Apple Inc." - "D:\Programme\iTunes\iTunesHelper.exe"
"MobileConnect" - "Vodafone" - %programfiles%\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe /silent
"NvCplDaemon" - "NVIDIA Corporation" - RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
"NvMediaCenter" - "NVIDIA Corporation" - RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
"QuickTime Task" - "Apple Inc." - "C:\Programme\QuickTime\qttask.exe" -atboottime
"SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe"

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
".NET Runtime Optimization Service v2.0.50727_X86" (clr_optimization_v2.0.50727_32) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
"Apple Mobile Device" (Apple Mobile Device) - "Apple Inc." - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe
"ASP.NET-Zustandsdienst" (aspnet_state) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
"Automatic Updates" (wuauserv) - "Microsoft Corporation" - C:\WINDOWS\system32\wuauserv.dll
"Avira AntiVir Guard" (AntiVirService) - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\avguard.exe
"Avira AntiVir Planer" (AntiVirSchedulerService) - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\sched.exe
"Dienst "Bonjour"" (Bonjour Service) - "Apple Inc." - C:\Programme\Bonjour\mDNSResponder.exe
"iPod-Dienst" (iPod Service) - "Apple Inc." - C:\Programme\iPod\bin\iPodService.exe
"Java Quick Starter" (JavaQuickStarterService) - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jqs.exe
"MBAMService" (MBAMService) - "Malwarebytes Corporation" - D:\Trojaner-Board-Hilfe\Malwarebytes' Anti-Malware\mbamservice.exe
"NMSAccess" (NMSAccess) - ? - E:\Programme\CDBurnerXP\NMSAccessU.exe  (File found, but it contains no detailed information)
"NVIDIA Display Driver Service" (nvsvc) - "NVIDIA Corporation" - C:\WINDOWS\system32\nvsvc32.exe
"PDEngine" (PDEngine) - "Raxco Software, Inc." - C:\Programme\Raxco\PerfectDisk\PDEngine.exe
"PDScheduler" (PDSched) - "Raxco Software, Inc." - C:\Programme\Raxco\PerfectDisk\PDSched.exe
"Portable Media Serial Number Service" (WmdmPmSN) - "Microsoft Corporation" - C:\WINDOWS\system32\mspmsnsv.dll
"Ralink Registry Writer" (RalinkRegistryWriter) - "Ralink Technology, Corp." - C:\Programme\Ralink\Common\RaRegistry.exe
"Vodafone Mobile Connect Service" (VMCService) - "Vodafone" - C:\Programme\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe
"Windows CardSpace" (idsvc) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
"Windows Driver Foundation - User-mode Driver Framework" (WudfSvc) - "Microsoft Corporation" - C:\WINDOWS\System32\WUDFSvc.dll
"Windows Installer" (MSIServer) - "Microsoft Corporation" - C:\WINDOWS\system32\msiexec.exe
"Windows Media Player-Netzwerkfreigabedienst" (WMPNetworkSvc) - "Microsoft Corporation" - C:\Programme\Windows Media Player\WMPNetwk.exe
"Windows Presentation Foundation Font Cache 3.0.0.0" (FontCache3.0.0.0) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
"WZCBDL Service" (WZCBDLService) - "D-Link" - C:\Programme\WZCBDL Service\WZCBDLS.exe

[Winlogon]
-----( HKCU\Control Panel\IOProcs )-----
"MVB" - ? - mvfs32.dll  (File not found)
-----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify )-----
"WgaLogon" - "Microsoft Corporation" - C:\WINDOWS\system32\WgaLogon.dll

[Winsock Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )-----
"mdnsNSP" - "Apple Inc." - C:\Programme\Bonjour\mdnsNSP.dll

===[ Logfile end ]=========================================[ Logfile end ]===
--- --- ---
If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru
[/CODE]

GMER :
GMER Logfile:
Code:
GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-01-06 22:23:23
Windows 5.1.2600 Service Pack 2 Harddisk0\DR0 -> \Device\00000066 Maxtor_6V160E0 rev.VA111900
Running: gmer.exe; Driver: C:\DOKUME~1\Felix\LOKALE~1\Temp\pgacraow.sys


---- System - GMER 1.0.15 ----

SSDT  EEDF57D4                                    ZwClose
SSDT  EEDF578E                                    ZwCreateKey
SSDT  EEDF57DE                                    ZwCreateSection
SSDT  EEDF5784                                    ZwCreateThread
SSDT  EEDF5793                                    ZwDeleteKey
SSDT  EEDF579D                                    ZwDeleteValueKey
SSDT  EEDF57CF                                    ZwDuplicateObject
SSDT  EEDF57A2                                    ZwLoadKey
SSDT  EEDF5770                                    ZwOpenProcess
SSDT  EEDF5775                                    ZwOpenThread
SSDT  EEDF57AC                                    ZwReplaceKey
SSDT  EEDF57A7                                    ZwRestoreKey
SSDT  EEDF57E3                                    ZwSetContextThread
SSDT  EEDF5798                                    ZwSetValueKey
SSDT  EEDF577F                                    ZwTerminateProcess

---- Kernel code sections - GMER 1.0.15 ----

?      Combo-Fix.sys                              Das System kann die angegebene Datei nicht finden. !
.text  C:\WINDOWS\system32\DRIVERS\nv4_mini.sys    section is writeable [0xF4464380, 0x566445, 0xE8000020]
?      C:\ComboFix\catchme.sys                    Das System kann den angegebenen Pfad nicht finden. !
?      C:\WINDOWS\system32\Drivers\PROCEXP113.SYS  Das System kann die angegebene Datei nicht finden. !

---- EOF - GMER 1.0.15 ----
--- --- ---


aswMBR:
Code:
aswMBR version 0.9.9.1297 Copyright(c) 2011 AVAST Software
Run date: 2012-01-06 22:28:34
-----------------------------
22:28:34.156    OS Version: Windows 5.1.2600 Service Pack 2
22:28:34.156    Number of processors: 1 586 0x5F02
22:28:34.156    ComputerName: FELIX-7EE248200  UserName: Felix
22:28:34.468    Initialize success
22:31:07.468    AVAST engine defs: 12010601
22:31:22.812    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000066
22:31:22.812    Disk 0 Vendor: Maxtor_6V160E0 VA111900 Size: 152626MB BusType: 3
22:31:22.812    Disk 0 MBR read successfully
22:31:22.812    Disk 0 MBR scan
22:31:22.875    Disk 0 Windows XP default MBR code
22:31:22.875    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS        10001 MB offset 63
22:31:22.906    Disk 0 Partition - 00    0F Extended LBA            71006 MB offset 20482875
22:31:22.921    Disk 0 Partition 2 00    07    HPFS/NTFS NTFS        71617 MB offset 165903255
22:31:22.937    Disk 0 Partition 3 00    07    HPFS/NTFS NTFS        71006 MB offset 20482938
22:31:22.937    Disk 0 scanning sectors +312576705
22:31:23.000    Disk 0 scanning C:\WINDOWS\system32\drivers
22:31:40.593    Service scanning
22:31:42.359    Modules scanning
22:31:59.000    Disk 0 trace - called modules:
22:31:59.015    ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll nvata.sys
22:31:59.015    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8678dab8]
22:31:59.015    3 CLASSPNP.SYS[f763d05b] -> nt!IofCallDriver -> \Device\00000067[0x867ab268]
22:31:59.015    5 ACPI.sys[f74b2620] -> nt!IofCallDriver -> \Device\00000066[0x866f9030]
22:31:59.265    AVAST engine scan C:\WINDOWS
22:32:14.796    AVAST engine scan C:\WINDOWS\system32
22:37:15.328    AVAST engine scan C:\WINDOWS\system32\drivers
22:37:40.593    AVAST engine scan C:\Dokumente und Einstellungen\Felix
22:42:44.406    AVAST engine scan C:\Dokumente und Einstellungen\All Users
22:43:13.953    Scan finished successfully
22:45:53.562    Disk 0 MBR has been saved successfully to "C:\Dokumente und Einstellungen\Felix\Desktop\MBR.dat"
22:45:53.562    The log file has been saved successfully to "C:\Dokumente und Einstellungen\Felix\Desktop\aswMBR.txt"
mfG A.Vidal :-D

cosinus 06.01.2012 23:19
Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SASW und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!


Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt:


ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


A.Vidal 07.01.2012 13:50
Der Scann mit SUPERAntiSpyware hat leider nicht funktioniert, die anderen beiden aber doch, hier die logs :

malewarebytes-log :
Code:
Malwarebytes Anti-Malware (Trial) 1.60.0.1800
www.malwarebytes.org

Database version: v2012.01.06.05

Windows XP Service Pack 2 x86 NTFS
Internet Explorer 7.0.5730.13
Felix :: FELIX-7EE248200 [administrator]

Protection: Disabled

06.01.2012 23:23:42
mbam-log-2012-01-06 (23-23-42).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 238637
Time elapsed: 50 minute(s), 41 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
log.txt. :
Code:
ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
esets_scanner_update returned -1 esets_gle=53251
# version=7
# IEXPLORE.EXE=7.00.6000.21256 (vista_ldr.100414-0533)
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=f6f5bce04eb1e244850d733064802690
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-01-07 11:02:20
# local_time=2012-01-07 12:02:20 (+0100, Westeuropäische Normalzeit)
# country="Germany"
# lang=1033
# osver=5.1.2600 NT Service Pack 2
# compatibility_mode=1797 16775125 100 93 545675 62462670 154973 0
# compatibility_mode=8192 67108863 100 0 228149 228149 0 0
# scanned=80547
# found=13
# cleaned=0
# scan_time=8325
C:\_OTL\MovedFiles\01052012_223350\C_Programme\Application Updater\ApplicationUpdater.exe        probably a variant of Win32/Adware.Toolbar.Dealio application (unable to clean)        00000000000000000000000000000000        I
C:\_OTL\MovedFiles\01052012_223350\C_Programme\GEMEINSAME DATEIEN\SPIGOT\Search Settings\SearchSettings.exe        a variant of Win32/Adware.Toolbar.Dealio application (unable to clean)        00000000000000000000000000000000        I
C:\_OTL\MovedFiles\01052012_223350\C_Programme\GEMEINSAME DATEIEN\SPIGOT\WTXPCOM\components\WidgiToolbarFF.dll        a variant of Win32/Adware.Toolbar.Dealio application (unable to clean)        00000000000000000000000000000000        I
C:\_OTL\MovedFiles\01052012_223350\C_Programme\GEMEINSAME DATEIEN\SPIGOT\WTXPCOM\components\WidgiToolbarFF.dll.10        a variant of Win32/Adware.Toolbar.Dealio application (unable to clean)        00000000000000000000000000000000        I
C:\_OTL\MovedFiles\01052012_223350\C_Programme\GEMEINSAME DATEIEN\SPIGOT\WTXPCOM\components\WidgiToolbarFF.dll.5        a variant of Win32/Adware.Toolbar.Dealio application (unable to clean)        00000000000000000000000000000000        I
C:\_OTL\MovedFiles\01052012_223350\C_Programme\GEMEINSAME DATEIEN\SPIGOT\WTXPCOM\components\WidgiToolbarFF.dll.6        a variant of Win32/Adware.Toolbar.Dealio application (unable to clean)        00000000000000000000000000000000        I
C:\_OTL\MovedFiles\01052012_223350\C_Programme\GEMEINSAME DATEIEN\SPIGOT\WTXPCOM\components\WidgiToolbarFF.dll.7        a variant of Win32/Adware.Toolbar.Dealio application (unable to clean)        00000000000000000000000000000000        I
C:\_OTL\MovedFiles\01052012_223350\C_Programme\GEMEINSAME DATEIEN\SPIGOT\WTXPCOM\components\WidgiToolbarFF.dll.8        a variant of Win32/Adware.Toolbar.Dealio application (unable to clean)        00000000000000000000000000000000        I
C:\_OTL\MovedFiles\01052012_223350\C_Programme\GEMEINSAME DATEIEN\SPIGOT\WTXPCOM\components\WidgiToolbarFF.dll.9        a variant of Win32/Adware.Toolbar.Dealio application (unable to clean)        00000000000000000000000000000000        I
D:\Mp3 to WMA Converter.exe        multiple threats (unable to clean)        00000000000000000000000000000000        I
D:\Programme\MsgPlusLive-484.exe        a variant of Win32/MessengerPlus application (unable to clean)        00000000000000000000000000000000        I
D:\Programme\msn messenger.exe        a variant of Win32/Adware.CiDHelp application (unable to clean)        00000000000000000000000000000000        I
D:\Programme\Setup19_FreeConverter.exe        Win32/Adware.Toolbar.Dealio application (unable to clean)        00000000000000000000000000000000        I
mfG A.Vidal =)

cosinus 07.01.2012 16:00
Ein paar Adware Funde und isolierte Schädling im Q-Ordner von OTL.
SASW fehlt noch

A.Vidal 07.01.2012 19:48
Zitat:
Ein paar Adware Funde und isolierte Schädling im Q-Ordner von OTL.
<- was genau meinst du damit, was soll ich machen ?

wie gesagt, SASW funktioniert irgendwie nicht, ich weiss nicht wieso, habe die Anleitung genau befolgt.

du meintest, dass ich meinen IE updaten sollte und mir das SP3 runterladen soll, könntest du mir diesbezüglich eventuell downloadlinks empfehlen ?

mfG A.Vidal :)

cosinus 07.01.2012 20:23
Das kann meinetwegen alles weg.
Was genau an SASW funktioniert nicht?

Können wir auch später noch versuchen, erstmal Updates für WindowsXP einspieln:
  1. Das SP3 von hier downloaden => Detail Seite Windows XP Service Pack 3-Netzwerkinstallationspaket für IT-Spezialisten und Entwickler (und ja es ist das richtige Paket für dich)
  2. Alle Programme beenden, Internetverbindung trennen, Virenscanner abstellen!
  3. SP3 instalieren, Anweisungen folgen - Installation sollte ca. 15-20 Minuten dauern. Kann auch schneller gehen, bei älteren Rechnern dauert es ca. ne halbe Stunde - nach der Installation Rechner neu starten
  4. IE8-Setup laden und ausführen => Internet Explorer 8 herunterladen - Microsoft Windows

Achte beim Setup des IE8 wieder dadrauf, dass vorher möglichst alle Programme beendet und der Virenscanner deaktiviert wurde. Im Setup selbst bitte nicht an dem Verbesserungsprogramm teilnehmen (oder wie MS das nennt) und auch KEINE Updates über das Setup installieren. Die installieren wir später, ich sag dir dann wie. Melde dich wenn der IE8 drauf ist.


Alle Zeitangaben in WEZ +1. Es ist jetzt 21:47 Uhr.
Seite 2 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131