Trojaner-Board
Seite 2 von 3 1 2 3
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Trojaner: PSW.Generic9.RDX in services.exe (908) (https://www.trojaner-board.de/108454-trojaner-psw-generic9-rdx-services-exe-908-a.html)

cosinus 30.01.2012 13:19
Zitat:
13:15:30.0937 1220 \Device\Harddisk1\DR1 ( Backdoor.Win32.Sinowal.knf )
Den Sinowal (und auch nur diesen Eintrag!!) bitte mit dem TDSS-Killer löschen lassen, starte Windows danach neu und mach ein neues Log mit diesem Tool. Poste es wieder mit CODE-Tags umschlossen.

Wurschtkopp 30.01.2012 13:26
Weiter gehts:

Code:
13:24:14.0984 2956        TDSS rootkit removing tool 2.7.7.0 Jan 24 2012 16:44:27
13:24:15.0000 2956        ============================================================
13:24:15.0000 2956        Current date / time: 2012/01/30 13:24:15.0000
13:24:15.0000 2956        SystemInfo:
13:24:15.0000 2956       
13:24:15.0000 2956        OS Version: 5.1.2600 ServicePack: 3.0
13:24:15.0000 2956        Product type: Workstation
13:24:15.0000 2956        ComputerName: ICH-0112C52BCD8
13:24:15.0000 2956        UserName: Ich
13:24:15.0000 2956        Windows directory: C:\WINDOWS
13:24:15.0000 2956        System windows directory: C:\WINDOWS
13:24:15.0000 2956        Processor architecture: Intel x86
13:24:15.0000 2956        Number of processors: 1
13:24:15.0000 2956        Page size: 0x1000
13:24:15.0000 2956        Boot type: Normal boot
13:24:15.0000 2956        ============================================================
13:24:15.0937 2956        Drive \Device\Harddisk0\DR0 - Size: 0x2E93D2DE00 (186.31 Gb), SectorSize: 0x200, Cylinders: 0x5EA22, SectorsPerTrack: 0x3F, TracksPerCylinder: 0x10, Type 'K0', Flags 0x00000058
13:24:15.0937 2956        Drive \Device\Harddisk1\DR1 - Size: 0x89E89C000 (34.48 Gb), SectorSize: 0x200, Cylinders: 0x1194, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000058
13:24:16.0046 2956        Initialize success
13:24:19.0968 2312        ============================================================
13:24:19.0968 2312        Scan started
13:24:19.0968 2312        Mode: Manual; SigCheck; TDLFS;
13:24:19.0968 2312        ============================================================
13:24:20.0718 2312        Abiosdsk - ok
13:24:20.0765 2312        abp480n5 - ok
13:24:20.0875 2312        ACPI            (ac407f1a62c3a300b4f2b5a9f1d55b2c) C:\WINDOWS\system32\DRIVERS\ACPI.sys
13:24:24.0312 2312        ACPI - ok
13:24:24.0531 2312        ACPIEC          (9e1ca3160dafb159ca14f83b1e317f75) C:\WINDOWS\system32\drivers\ACPIEC.sys
13:24:24.0781 2312        ACPIEC - ok
13:24:24.0812 2312        adpu160m - ok
13:24:24.0859 2312        aec            (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
13:24:25.0031 2312        aec - ok
13:24:25.0125 2312        AFD            (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
13:24:25.0187 2312        AFD - ok
13:24:25.0234 2312        Aha154x - ok
13:24:25.0250 2312        aic78u2 - ok
13:24:25.0265 2312        aic78xx - ok
13:24:25.0312 2312        AliIde - ok
13:24:25.0343 2312        amsint - ok
13:24:25.0453 2312        Arp1394        (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
13:24:25.0578 2312        Arp1394 - ok
13:24:25.0625 2312        asc - ok
13:24:25.0687 2312        asc3350p - ok
13:24:25.0750 2312        asc3550 - ok
13:24:25.0843 2312        AsyncMac        (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
13:24:25.0953 2312        AsyncMac - ok
13:24:26.0015 2312        atapi          (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
13:24:26.0171 2312        atapi - ok
13:24:26.0234 2312        Atdisk - ok
13:24:26.0281 2312        Atmarpc        (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
13:24:26.0468 2312        Atmarpc - ok
13:24:26.0546 2312        audstub        (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
13:24:26.0671 2312        audstub - ok
13:24:26.0734 2312        AVGIDSDriver    (2d18221aab3db2d408d6c55c0f23090a) C:\WINDOWS\system32\DRIVERS\AVGIDSDriver.Sys
13:24:26.0750 2312        AVGIDSDriver - ok
13:24:26.0812 2312        AVGIDSEH        (1af676db3f3d4cc709cfab2571cf5fc3) C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys
13:24:26.0875 2312        AVGIDSEH - ok
13:24:26.0906 2312        AVGIDSFilter    (4c51e233c87f9ec7598551de554bc99d) C:\WINDOWS\system32\DRIVERS\AVGIDSFilter.Sys
13:24:26.0984 2312        AVGIDSFilter - ok
13:24:27.0000 2312        AVGIDSShim      (c3fc426e54f55c1cc3219e415b88e10c) C:\WINDOWS\system32\DRIVERS\AVGIDSShim.Sys
13:24:27.0078 2312        AVGIDSShim - ok
13:24:27.0125 2312        Avgldx86        (4e796d3d2c3182b13b3e3b5a2ad4ef0a) C:\WINDOWS\system32\DRIVERS\avgldx86.sys
13:24:27.0140 2312        Avgldx86 - ok
13:24:27.0156 2312        Avgmfx86        (5639de66b37d02bd22df4cf3155fba60) C:\WINDOWS\system32\DRIVERS\avgmfx86.sys
13:24:27.0218 2312        Avgmfx86 - ok
13:24:27.0265 2312        Avgrkx86        (d1baf652eda0ae70896276a1fb32c2d4) C:\WINDOWS\system32\DRIVERS\avgrkx86.sys
13:24:27.0296 2312        Avgrkx86 - ok
13:24:27.0328 2312        Avgtdix        (aaf0ebcad95f2164cffb544e00392498) C:\WINDOWS\system32\DRIVERS\avgtdix.sys
13:24:27.0468 2312        Avgtdix - ok
13:24:27.0500 2312        Beep            (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
13:24:27.0828 2312        Beep - ok
13:24:27.0890 2312        cbidf2k        (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
13:24:28.0046 2312        cbidf2k - ok
13:24:28.0093 2312        cd20xrnt - ok
13:24:28.0125 2312        Cdaudio        (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
13:24:28.0265 2312        Cdaudio - ok
13:24:28.0312 2312        Cdfs            (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
13:24:28.0484 2312        Cdfs - ok
13:24:28.0515 2312        Cdrom          (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
13:24:28.0656 2312        Cdrom - ok
13:24:28.0703 2312        Changer - ok
13:24:28.0765 2312        CmdIde - ok
13:24:28.0812 2312        Cpqarray - ok
13:24:28.0984 2312        ctac32k        (39e4d8f8e627eca4a76d9843606bae0a) C:\WINDOWS\system32\drivers\ctac32k.sys
13:24:29.0156 2312        ctac32k - ok
13:24:29.0250 2312        ctaud2k        (de80bd73c255f8fecaf271c04a022a2f) C:\WINDOWS\system32\drivers\ctaud2k.sys
13:24:29.0328 2312        ctaud2k - ok
13:24:29.0421 2312        ctdvda2k        (18779d6877a2f4ff2f23193fee44b095) C:\WINDOWS\system32\drivers\ctdvda2k.sys
13:24:29.0484 2312        ctdvda2k - ok
13:24:29.0531 2312        ctprxy2k        (a07820a06bfdbffa1d207c7778205a4d) C:\WINDOWS\system32\drivers\ctprxy2k.sys
13:24:29.0593 2312        ctprxy2k - ok
13:24:29.0656 2312        ctsfm2k        (d29b3eeb5155a06b94f8d75c126a9c0c) C:\WINDOWS\system32\drivers\ctsfm2k.sys
13:24:29.0703 2312        ctsfm2k - ok
13:24:29.0765 2312        dac2w2k - ok
13:24:29.0828 2312        dac960nt - ok
13:24:29.0921 2312        Disk            (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
13:24:30.0062 2312        Disk - ok
13:24:30.0296 2312        dmboot          (0dcfc8395a99fecbb1ef771cec7fe4ea) C:\WINDOWS\system32\drivers\dmboot.sys
13:24:30.0531 2312        dmboot - ok
13:24:30.0718 2312        dmio            (53720ab12b48719d00e327da470a619a) C:\WINDOWS\system32\drivers\dmio.sys
13:24:30.0875 2312        dmio - ok
13:24:30.0921 2312        dmload          (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
13:24:31.0078 2312        dmload - ok
13:24:31.0125 2312        DMusic          (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
13:24:31.0250 2312        DMusic - ok
13:24:31.0265 2312        dpti2o - ok
13:24:31.0296 2312        drmkaud        (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
13:24:31.0390 2312        drmkaud - ok
13:24:31.0500 2312        emupia          (39fbced3e762b85846b3da494fcd33fe) C:\WINDOWS\system32\drivers\emupia2k.sys
13:24:31.0531 2312        emupia - ok
13:24:31.0656 2312        Fastfat        (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
13:24:31.0781 2312        Fastfat - ok
13:24:31.0828 2312        Fdc            (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
13:24:31.0984 2312        Fdc - ok
13:24:32.0046 2312        Fips            (b0678a548587c5f1967b0d70bacad6c1) C:\WINDOWS\system32\drivers\Fips.sys
13:24:32.0187 2312        Fips - ok
13:24:32.0234 2312        Flpydisk        (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
13:24:32.0359 2312        Flpydisk - ok
13:24:32.0406 2312        FltMgr          (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
13:24:32.0546 2312        FltMgr - ok
13:24:32.0640 2312        Fs_Rec          (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
13:24:32.0750 2312        Fs_Rec - ok
13:24:32.0781 2312        Ftdisk          (8f1955ce42e1484714b542f341647778) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
13:24:32.0921 2312        Ftdisk - ok
13:24:32.0937 2312        gameenum        (065639773d8b03f33577f6cdaea21063) C:\WINDOWS\system32\DRIVERS\gameenum.sys
13:24:33.0062 2312        gameenum - ok
13:24:33.0140 2312        Gpc            (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
13:24:33.0281 2312        Gpc - ok
13:24:33.0484 2312        ha10kx2k        (848f9033ad1c2c6f7ee7e65c2daf45f1) C:\WINDOWS\system32\drivers\ha10kx2k.sys
13:24:33.0609 2312        ha10kx2k - ok
13:24:33.0671 2312        hap16v2k        (d2fe992041527ef54e438a3fc82d3b23) C:\WINDOWS\system32\drivers\hap16v2k.sys
13:24:33.0718 2312        hap16v2k - ok
13:24:33.0781 2312        HidUsb          (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
13:24:33.0906 2312        HidUsb - ok
13:24:33.0937 2312        hpn - ok
13:24:34.0000 2312        HTTP            (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
13:24:34.0078 2312        HTTP - ok
13:24:34.0093 2312        i2omgmt - ok
13:24:34.0109 2312        i2omp - ok
13:24:34.0156 2312        i8042prt        (e283b97cfbeb86c1d86baed5f7846a92) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
13:24:34.0296 2312        i8042prt - ok
13:24:34.0359 2312        Imapi          (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
13:24:34.0484 2312        Imapi - ok
13:24:34.0515 2312        ini910u - ok
13:24:34.0546 2312        IntelIde - ok
13:24:34.0593 2312        Ip6Fw          (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
13:24:34.0734 2312        Ip6Fw - ok
13:24:34.0843 2312        IpFilterDriver  (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
13:24:34.0984 2312        IpFilterDriver - ok
13:24:35.0031 2312        IpInIp          (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
13:24:35.0171 2312        IpInIp - ok
13:24:35.0203 2312        IpNat          (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
13:24:35.0343 2312        IpNat - ok
13:24:35.0421 2312        IPSec          (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
13:24:35.0562 2312        IPSec - ok
13:24:35.0625 2312        IRENUM          (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
13:24:35.0687 2312        IRENUM - ok
13:24:35.0734 2312        isapnp          (6dfb88f64135c525433e87648bda30de) C:\WINDOWS\system32\DRIVERS\isapnp.sys
13:24:35.0859 2312        isapnp - ok
13:24:35.0906 2312        Kbdclass        (1704d8c4c8807b889e43c649b478a452) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
13:24:36.0046 2312        Kbdclass - ok
13:24:36.0093 2312        kmixer          (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
13:24:36.0218 2312        kmixer - ok
13:24:36.0265 2312        KSecDD          (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
13:24:36.0359 2312        KSecDD - ok
13:24:36.0421 2312        Lavasoft Kernexplorer - ok
13:24:36.0453 2312        lbrtfdc - ok
13:24:36.0531 2312        mnmdd          (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
13:24:36.0640 2312        mnmdd - ok
13:24:36.0687 2312        Modem          (6fb74ebd4ec57a6f1781de3852cc3362) C:\WINDOWS\system32\drivers\Modem.sys
13:24:36.0828 2312        Modem - ok
13:24:36.0875 2312        Mouclass        (b24ce8005deab254c0251e15cb71d802) C:\WINDOWS\system32\DRIVERS\mouclass.sys
13:24:37.0015 2312        Mouclass - ok
13:24:37.0078 2312        mouhid          (66a6f73c74e1791464160a7065ce711a) C:\WINDOWS\system32\DRIVERS\mouhid.sys
13:24:37.0218 2312        mouhid - ok
13:24:37.0328 2312        MountMgr        (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
13:24:37.0453 2312        MountMgr - ok
13:24:37.0484 2312        mraid35x - ok
13:24:37.0531 2312        MRxDAV          (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
13:24:37.0656 2312        MRxDAV - ok
13:24:37.0765 2312        MRxSmb          (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
13:24:37.0859 2312        MRxSmb - ok
13:24:37.0921 2312        Msfs            (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
13:24:38.0062 2312        Msfs - ok
13:24:38.0187 2312        MSKSSRV        (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
13:24:38.0328 2312        MSKSSRV - ok
13:24:38.0406 2312        MSPCLOCK        (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
13:24:38.0531 2312        MSPCLOCK - ok
13:24:38.0578 2312        MSPQM          (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
13:24:38.0734 2312        MSPQM - ok
13:24:38.0796 2312        mssmbios        (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
13:24:38.0921 2312        mssmbios - ok
13:24:38.0953 2312        ms_mpu401      (ca3e22598f411199adc2dfee76cd0ae0) C:\WINDOWS\system32\drivers\msmpu401.sys
13:24:39.0093 2312        ms_mpu401 - ok
13:24:39.0156 2312        MTsensor        (d48659bb24c48345d926ecb45c1ebdf5) C:\WINDOWS\system32\DRIVERS\ASACPI.sys
13:24:39.0203 2312        MTsensor - ok
13:24:39.0265 2312        Mup            (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
13:24:39.0296 2312        Mup - ok
13:24:39.0359 2312        NDIS            (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
13:24:39.0500 2312        NDIS - ok
13:24:39.0546 2312        NdisTapi        (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
13:24:39.0593 2312        NdisTapi - ok
13:24:39.0671 2312        Ndisuio        (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
13:24:39.0812 2312        Ndisuio - ok
13:24:39.0875 2312        NdisWan        (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
13:24:40.0000 2312        NdisWan - ok
13:24:40.0078 2312        NDProxy        (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
13:24:40.0140 2312        NDProxy - ok
13:24:40.0187 2312        NetBIOS        (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
13:24:40.0328 2312        NetBIOS - ok
13:24:40.0406 2312        NetBT          (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
13:24:40.0515 2312        NetBT - ok
13:24:40.0593 2312        NIC1394        (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
13:24:40.0718 2312        NIC1394 - ok
13:24:40.0781 2312        Npfs            (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
13:24:40.0890 2312        Npfs - ok
13:24:40.0984 2312        Ntfs            (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
13:24:41.0171 2312        Ntfs - ok
13:24:41.0218 2312        Null            (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
13:24:41.0343 2312        Null - ok
13:24:42.0406 2312        nv              (b9b1bb146eb9a83dcf0f5635b09d3d43) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
13:24:44.0468 2312        nv - ok
13:24:44.0625 2312        nvatabus        (c8daa008f9e390b9da504c1cd0da1ee9) C:\WINDOWS\system32\DRIVERS\nvatabus.sys
13:24:44.0640 2312        nvatabus ( UnsignedFile.Multi.Generic ) - warning
13:24:44.0640 2312        nvatabus - detected UnsignedFile.Multi.Generic (1)
13:24:44.0687 2312        NVENETFD        (7d275ecda4628318912f6c945d5cf963) C:\WINDOWS\system32\DRIVERS\NVENETFD.sys
13:24:44.0750 2312        NVENETFD - ok
13:24:44.0828 2312        nvgts          (ea98bfe4931bd13d747d647c1859796e) C:\WINDOWS\system32\DRIVERS\nvgts.sys
13:24:44.0828 2312        nvgts - ok
13:24:44.0906 2312        nvnetbus        (b64aacefad2be5bff5353fe681253c67) C:\WINDOWS\system32\DRIVERS\nvnetbus.sys
13:24:44.0968 2312        nvnetbus - ok
13:24:45.0062 2312        NwlnkFlt        (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
13:24:45.0203 2312        NwlnkFlt - ok
13:24:45.0234 2312        NwlnkFwd        (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
13:24:45.0343 2312        NwlnkFwd - ok
13:24:45.0406 2312        ohci1394        (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
13:24:45.0656 2312        ohci1394 - ok
13:24:45.0718 2312        ossrv          (64631723b13cbcc153294347535844be) C:\WINDOWS\system32\drivers\ctoss2k.sys
13:24:45.0781 2312        ossrv - ok
13:24:45.0828 2312        Parport        (f84785660305b9b903fb3bca8ba29837) C:\WINDOWS\system32\DRIVERS\parport.sys
13:24:46.0000 2312        Parport - ok
13:24:46.0046 2312        PartMgr        (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
13:24:46.0156 2312        PartMgr - ok
13:24:46.0187 2312        ParVdm          (c2bf987829099a3eaa2ca6a0a90ecb4f) C:\WINDOWS\system32\drivers\ParVdm.sys
13:24:46.0296 2312        ParVdm - ok
13:24:46.0328 2312        PCI            (387e8dedc343aa2d1efbc30580273acd) C:\WINDOWS\system32\DRIVERS\pci.sys
13:24:46.0437 2312        PCI - ok
13:24:46.0453 2312        PCIDump - ok
13:24:46.0484 2312        PCIIde          (59ba86d9a61cbcf4df8e598c331f5b82) C:\WINDOWS\system32\DRIVERS\pciide.sys
13:24:46.0593 2312        PCIIde - ok
13:24:46.0625 2312        Pcmcia          (a2a966b77d61847d61a3051df87c8c97) C:\WINDOWS\system32\drivers\Pcmcia.sys
13:24:46.0734 2312        Pcmcia - ok
13:24:46.0750 2312        PDCOMP - ok
13:24:46.0750 2312        PDFRAME - ok
13:24:46.0765 2312        PDRELI - ok
13:24:46.0781 2312        PDRFRAME - ok
13:24:46.0796 2312        perc2 - ok
13:24:46.0812 2312        perc2hib - ok
13:24:46.0875 2312        PfDetNT        (c8a2d6ff660ac601b7bb9a9b16a5c25e) C:\WINDOWS\system32\drivers\PfModNT.sys
13:24:46.0875 2312        PfDetNT - ok
13:24:46.0906 2312        PptpMiniport    (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
13:24:47.0015 2312        PptpMiniport - ok
13:24:47.0046 2312        Processor      (2cb55427c58679f49ad600fccba76360) C:\WINDOWS\system32\DRIVERS\processr.sys
13:24:47.0156 2312        Processor - ok
13:24:47.0187 2312        PSched          (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
13:24:47.0296 2312        PSched - ok
13:24:47.0312 2312        Ptilink        (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
13:24:47.0406 2312        Ptilink - ok
13:24:47.0437 2312        PxHelp20        (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
13:24:47.0437 2312        PxHelp20 - ok
13:24:47.0453 2312        ql1080 - ok
13:24:47.0484 2312        Ql10wnt - ok
13:24:47.0500 2312        ql12160 - ok
13:24:47.0500 2312        ql1240 - ok
13:24:47.0515 2312        ql1280 - ok
13:24:47.0546 2312        RasAcd          (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
13:24:47.0671 2312        RasAcd - ok
13:24:47.0687 2312        Rasl2tp        (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
13:24:47.0796 2312        Rasl2tp - ok
13:24:47.0812 2312        RasPppoe        (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
13:24:47.0906 2312        RasPppoe - ok
13:24:47.0921 2312        Raspti          (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
13:24:48.0046 2312        Raspti - ok
13:24:48.0062 2312        Rdbss          (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
13:24:48.0156 2312        Rdbss - ok
13:24:48.0171 2312        RDPCDD          (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
13:24:48.0281 2312        RDPCDD - ok
13:24:48.0312 2312        RDPWD          (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
13:24:48.0343 2312        RDPWD - ok
13:24:48.0375 2312        redbook        (ed761d453856f795a7fe056e42c36365) C:\WINDOWS\system32\DRIVERS\redbook.sys
13:24:48.0484 2312        redbook - ok
13:24:48.0531 2312        Secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
13:24:48.0578 2312        Secdrv - ok
13:24:48.0609 2312        serenum        (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
13:24:48.0718 2312        serenum - ok
13:24:48.0750 2312        Serial          (cf24eb4f0412c82bcd1f4f35a025e31d) C:\WINDOWS\system32\DRIVERS\serial.sys
13:24:48.0859 2312        Serial - ok
13:24:48.0890 2312        Sfloppy        (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
13:24:48.0984 2312        Sfloppy - ok
13:24:49.0000 2312        Simbad - ok
13:24:49.0015 2312        Sparrow - ok
13:24:49.0046 2312        splitter        (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
13:24:49.0171 2312        splitter - ok
13:24:49.0203 2312        sr              (50fa898f8c032796d3b1b9951bb5a90f) C:\WINDOWS\system32\DRIVERS\sr.sys
13:24:49.0250 2312        sr - ok
13:24:49.0281 2312        Srv            (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
13:24:49.0343 2312        Srv - ok
13:24:49.0390 2312        StarOpen        (f92254b0bcfcd10caac7bccc7cb7f467) C:\WINDOWS\system32\drivers\StarOpen.sys
13:24:49.0390 2312        StarOpen ( UnsignedFile.Multi.Generic ) - warning
13:24:49.0390 2312        StarOpen - detected UnsignedFile.Multi.Generic (1)
13:24:49.0406 2312        swenum          (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
13:24:49.0500 2312        swenum - ok
13:24:49.0531 2312        swmidi          (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
13:24:49.0656 2312        swmidi - ok
13:24:49.0671 2312        symc810 - ok
13:24:49.0687 2312        symc8xx - ok
13:24:49.0703 2312        sym_hi - ok
13:24:49.0718 2312        sym_u3 - ok
13:24:49.0734 2312        sysaudio        (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
13:24:49.0828 2312        sysaudio - ok
13:24:49.0890 2312        Tcpip          (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
13:24:49.0937 2312        Tcpip - ok
13:24:49.0953 2312        TDPIPE          (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
13:24:50.0046 2312        TDPIPE - ok
13:24:50.0062 2312        TDTCP          (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
13:24:50.0171 2312        TDTCP - ok
13:24:50.0203 2312        TermDD          (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
13:24:50.0312 2312        TermDD - ok
13:24:50.0328 2312        TosIde - ok
13:24:50.0375 2312        Udfs            (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
13:24:50.0468 2312        Udfs - ok
13:24:50.0484 2312        ultra - ok
13:24:50.0515 2312        Update          (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
13:24:50.0625 2312        Update - ok
13:24:50.0656 2312        usbccgp        (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
13:24:50.0765 2312        usbccgp - ok
13:24:50.0812 2312        usbehci        (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
13:24:50.0906 2312        usbehci - ok
13:24:50.0921 2312        usbhub          (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
13:24:51.0031 2312        usbhub - ok
13:24:51.0046 2312        usbohci        (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
13:24:51.0156 2312        usbohci - ok
13:24:51.0187 2312        usbprint        (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
13:24:51.0296 2312        usbprint - ok
13:24:51.0312 2312        usbscan        (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
13:24:51.0421 2312        usbscan - ok
13:24:51.0453 2312        USBSTOR        (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
13:24:51.0546 2312        USBSTOR - ok
13:24:51.0578 2312        VgaSave        (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
13:24:51.0687 2312        VgaSave - ok
13:24:51.0687 2312        ViaIde - ok
13:24:51.0718 2312        VolSnap        (a5a712f4e880874a477af790b5186e1d) C:\WINDOWS\system32\drivers\VolSnap.sys
13:24:51.0828 2312        VolSnap - ok
13:24:51.0875 2312        Wanarp          (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
13:24:51.0968 2312        Wanarp - ok
13:24:51.0984 2312        WDICA - ok
13:24:52.0031 2312        wdmaud          (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
13:24:52.0156 2312        wdmaud - ok
13:24:52.0234 2312        WS2IFSL        (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
13:24:52.0328 2312        WS2IFSL - ok
13:24:52.0359 2312        xcpip - ok
13:24:52.0375 2312        xpsec - ok
13:24:52.0390 2312        yjlck5l8.sys - ok
13:24:52.0468 2312        MBR (0x1B8)    (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
13:24:52.0515 2312        \Device\Harddisk0\DR0 - ok
13:24:52.0546 2312        MBR (0x1B8)    (72b8ce41af0de751c946802b3ed844b4) \Device\Harddisk1\DR1
13:24:52.0671 2312        \Device\Harddisk1\DR1 - ok
13:24:52.0750 2312        Boot (0x1200)  (fb4d094934f7b17682ad395bfe5b8266) \Device\Harddisk0\DR0\Partition0
13:24:52.0750 2312        \Device\Harddisk0\DR0\Partition0 - ok
13:24:52.0750 2312        Boot (0x1200)  (4c273b1809c7eed5d127e27c1de43e37) \Device\Harddisk1\DR1\Partition0
13:24:52.0750 2312        \Device\Harddisk1\DR1\Partition0 - ok
13:24:52.0750 2312        ============================================================
13:24:52.0750 2312        Scan finished
13:24:52.0750 2312        ============================================================
13:24:52.0859 2980        Detected object count: 2
13:24:52.0859 2980        Actual detected object count: 2
13:24:56.0078 2980        nvatabus ( UnsignedFile.Multi.Generic ) - skipped by user
13:24:56.0078 2980        nvatabus ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:24:56.0078 2980        StarOpen ( UnsignedFile.Multi.Generic ) - skipped by user
13:24:56.0078 2980        StarOpen ( UnsignedFile.Multi.Generic ) - User select action: Skip

cosinus 30.01.2012 13:40
Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.

Wurschtkopp 30.01.2012 14:11
Und hier das Combofix-Log:

[code]
Combofix Logfile:
Code:
ComboFix 12-01-30.01 - Ich 30.01.2012  13:58:52.1.1 - x86
Microsoft Windows XP Home Edition  5.1.2600.3.1252.49.1031.18.3071.2503 [GMT 1:00]
ausgeführt von:: c:\dokumente und einstellungen\Ich\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2011 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\dokumente und einstellungen\All Users\Anwendungsdaten\TEMP
c:\dokumente und einstellungen\Ich\WINDOWS
c:\windows\desktop
c:\windows\desktop\Teststs\gantt.xls
c:\windows\system32\AVSredirect.dll
c:\windows\unin0407.exe
G:\install.exe
.
.
(((((((((((((((((((((((((((((((((((((((  Treiber/Dienste  )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_xcpip
.
.
(((((((((((((((((((((((  Dateien erstellt von 2011-12-28 bis 2012-01-30  ))))))))))))))))))))))))))))))
.
.
2012-01-30 11:52 . 2012-01-30 11:52        --------        d-----w-        C:\_OTL
2012-01-28 11:22 . 2012-01-28 11:22        --------        d-----w-        c:\programme\ESET
2012-01-26 09:43 . 2012-01-26 09:43        --------        d-----w-        c:\programme\Malwarebytes' Anti-Malware
2012-01-26 09:43 . 2011-12-10 14:24        20464        ----a-w-        c:\windows\system32\drivers\mbam.sys
2012-01-22 11:50 . 2012-01-22 11:50        --------        d-----w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\PC Tools
2012-01-22 11:45 . 2012-01-22 11:46        --------        d-----w-        c:\dokumente und einstellungen\Administrator
2012-01-22 11:36 . 2012-01-22 11:36        --------        d-----w-        c:\dokumente und einstellungen\Ich\Anwendungsdaten\Simply Super Software
2012-01-21 22:21 . 2012-01-21 22:21        --------        d-----w-        c:\dokumente und einstellungen\Ich\Anwendungsdaten\Malwarebytes
2012-01-21 22:21 . 2012-01-21 22:21        --------        d-----w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\Malwarebytes
2012-01-06 10:52 . 2012-01-06 11:59        --------        d-----w-        c:\dokumente und einstellungen\Ich\Anwendungsdaten\Exodus
2012-01-06 10:50 . 2002-12-05 13:16        84992        ----a-w-        c:\windows\system32\atl70.dll
2012-01-06 10:50 . 2001-03-08 17:30        24064        ----a-w-        c:\windows\system32\msxml3a.dll
2012-01-06 10:46 . 2012-01-06 10:50        --------        d-----w-        c:\dokumente und einstellungen\Ich\Anwendungsdaten\.purple
2012-01-04 09:22 . 2012-01-04 09:22        --------        d-----w-        c:\programme\Microsoft Silverlight
2012-01-03 13:10 . 2012-01-03 13:10        182672        ----a-w-        c:\programme\Internet Explorer\Plugins\nppdf32.dll
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-28 11:29 . 2011-08-25 19:00        414368        ----a-w-        c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-25 21:57 . 2008-04-14 05:52        293888        ----a-w-        c:\windows\system32\winsrv.dll
2011-11-23 14:40 . 2008-04-14 05:23        1859712        ----a-w-        c:\windows\system32\win32k.sys
2011-11-20 06:12 . 2008-04-14 05:52        61952        ----a-w-        c:\windows\system32\packager.exe
2011-11-16 14:21 . 2008-04-14 05:52        354816        ----a-w-        c:\windows\system32\winhttp.dll
2011-11-16 14:21 . 2008-04-14 05:52        152064        ----a-w-        c:\windows\system32\schannel.dll
2011-11-04 19:13 . 2008-04-14 05:52        916992        ----a-w-        c:\windows\system32\wininet.dll
2011-11-04 19:13 . 2008-04-14 05:53        1469440        ------w-        c:\windows\system32\inetcpl.cpl
2011-11-04 19:13 . 2008-04-14 05:52        43520        ------w-        c:\windows\system32\licmgr10.dll
2011-11-04 11:23 . 2008-04-14 05:25        385024        ----a-w-        c:\windows\system32\html.iec
2011-11-03 15:28 . 2008-04-14 05:52        387072        ----a-w-        c:\windows\system32\qdvd.dll
2011-11-03 15:28 . 2008-04-14 05:52        1297920        ----a-w-        c:\windows\system32\quartz.dll
2011-11-01 16:07 . 2008-04-14 05:52        1288704        ----a-w-        c:\windows\system32\ole32.dll
2006-05-03 10:06        163328        --sh--r-        c:\windows\system32\flvDX.dll
2007-02-21 11:47        31232        --sh--r-        c:\windows\system32\msfDX.dll
2008-03-16 13:30        216064        --sh--r-        c:\windows\system32\nbDX.dll
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTHelper"="CTHELPER.EXE" [2003-10-06 24576]
"SBDrvDet"="c:\programme\Creative\SB Drive Det\SBDrvDet.exe" [2002-12-03 45056]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-10 90112]
"Wallpaper Juggler Monitor"="g:\programme\Wallpaper Juggler\WallpaperJugglerM.exe" [2004-09-22 40960]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-10-16 110696]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-10-16 13851752]
"nwiz"="c:\programme\NVIDIA Corporation\nView\nwiz.exe" [2010-08-25 1753192]
"AVG_TRAY"="c:\programme\AVG\AVG10\avgtray.exe" [2011-09-10 2338656]
"QuickTime Task"="c:\programme\QuickTime\QTTask.exe" [2011-07-05 421888]
"Adobe ARM"="c:\programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"APSDaemon"="c:\programme\Gemeinsame Dateien\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute        REG_MULTI_SZ          autocheck autochk *\0c:\progra~1\AVG\AVG10\avgchsvx.exe /sync\0c:\progra~1\AVG\AVG10\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@=""
.
[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^Ich^Startmenü^Programme^Autostart^OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk]
path=c:\dokumente und einstellungen\Ich\Startmenü\Programme\Autostart\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk
backup=c:\windows\pss\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-01-03 07:37        843712        ----a-w-        c:\programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2010-08-20 19:45        1164584        ----a-w-        c:\programme\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2011-07-05 16:36        421888        ----a-w-        c:\programme\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-05-14 10:44        248552        ----a-w-        c:\programme\Gemeinsame Dateien\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2010-07-12 16:32        74752        ----a-w-        g:\programme\Winamp\winampa.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"g:\\Programme\\AVG\\AVG10\\avgmfapx.exe"=
"c:\\Programme\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"g:\\Programme\\SopCast\\SopCast.exe"=
"g:\\Programme\\SopCast\\adv\\SopAdver.exe"=
"g:\\Programme\\TVUPlayer\\TVUPlayer.exe"=
"g:\\Programme\\Mozilla Firefox\\firefox.exe"=
"c:\\Programme\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\Programme\\Google\\Google Earth\\plugin\\geplugin.exe"=
"c:\\Programme\\AVG\\AVG10\\avgmfapx.exe"=
"c:\\Programme\\Skype\\Phone\\Skype.exe"=
"c:\\Programme\\Gemeinsame Dateien\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Programme\\Bonjour\\mDNSResponder.exe"=
"c:\\Programme\\AVG\\AVG10\\avgdiagex.exe"=
"c:\\Programme\\AVG\\AVG10\\avgnsx.exe"=
"c:\\Programme\\AVG\\AVG10\\avgemcx.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:Remote Desktop
"65533:TCP"= 65533:TCP:Services
"52344:TCP"= 52344:TCP:Services
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [22.02.2011 07:13 22992]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [19.01.2011 03:32 32592]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [07.01.2011 05:41 248656]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [10.02.2011 06:54 297168]
R2 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8;g:\programme\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [09.10.2009 04:45 169312]
R2 AVGIDSAgent;AVGIDSAgent;c:\programme\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [18.08.2011 00:33 7390560]
R2 avgwd;AVG WatchDog;c:\programme\AVG\AVG10\avgwdsvc.exe [08.02.2011 04:33 269520]
R2 PfDetNT;PfDetNT;c:\windows\system32\drivers\pfmodnt.sys [24.10.2010 14:23 15840]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [30.03.2011 16:17 134480]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [10.02.2011 06:53 24144]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [10.02.2011 06:53 27216]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18.03.2010 13:16 130384]
S2 gupdate;Google Update Service (gupdate);c:\programme\Google\Update\GoogleUpdate.exe [09.04.2011 12:57 136176]
S3 gupdatem;Google Update-Dienst (gupdatem);c:\programme\Google\Update\GoogleUpdate.exe [09.04.2011 12:57 136176]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;\??\g:\programme\Lavasoft\Ad-Aware\KernExplorer.sys --> g:\programme\Lavasoft\Ad-Aware\KernExplorer.sys [?]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18.03.2010 13:16 753504]
S3 xpsec;IPSEC-Treiber;c:\windows\system32\drivers\xpsec.sys --> c:\windows\system32\drivers\xpsec.sys [?]
S3 yjlck5l8.sys;yjlck5l8.sys;\??\c:\windows\system32\drivers\yjlck5l8.sys --> c:\windows\system32\drivers\yjlck5l8.sys [?]
.
Inhalt des "geplante Tasks" Ordners
.
2012-01-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\programme\Google\Update\GoogleUpdate.exe [2011-04-09 11:57]
.
2012-01-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programme\Google\Update\GoogleUpdate.exe [2011-04-09 11:57]
.
.
------- Zusätzlicher Suchlauf -------
.
uInternet Settings,ProxyOverride = *.local
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\dokumente und einstellungen\Ich\Anwendungsdaten\Mozilla\Firefox\Profiles\u3xjqo04.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.spiegel.de
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
MSConfigStartUp-Adobe Reader Speed Launcher - c:\programme\Adobe\Reader 9.0\Reader\Reader_sl.exe
MSConfigStartUp-FlashPlayerUpdate - c:\windows\system32\Macromed\Flash\FlashUtil10l_Plugin.exe
MSConfigStartUp-iTunesHelper - g:\programme\iTunes\iTunesHelper.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2012-01-30 14:04
Windows 5.1.2600 Service Pack 3 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-1123561945-1708537768-1801674531-1004\Software\SecuROM\License information*]
"datasecu"=hex:95,ed,15,74,f8,80,ec,6b,3e,84,02,83,2e,96,87,5f,7c,73,7f,b2,b7,
  f2,58,f5,7a,c9,58,e6,31,28,93,0d,4b,42,9e,9a,48,d8,98,30,6b,20,d6,1a,49,9d,\
"rkeysecu"=hex:9d,6e,f7,59,6d,f6,bf,21,f7,f5,28,f9,7c,7e,86,2f
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'explorer.exe'(3364)
c:\windows\system32\ctagent.dll
c:\windows\system32\msi.dll
c:\windows\system32\webcheck.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\progra~1\AVG\AVG10\avgchsvx.exe
c:\progra~1\AVG\AVG10\avgrsx.exe
c:\windows\system32\nvsvc32.exe
c:\programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\programme\Bonjour\mDNSResponder.exe
g:\programme\Java\bin\jqs.exe
g:\programme\CDBurnerXP\NMSAccessU.exe
c:\windows\system32\wdfmgr.exe
c:\programme\AVG\AVG10\avgnsx.exe
c:\programme\AVG\AVG10\avgemcx.exe
c:\windows\system32\CTHELPER.EXE
c:\windows\system32\RUNDLL32.EXE
c:\programme\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-01-30  14:08:10 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2012-01-30 13:08
.
Vor Suchlauf: 6 Verzeichnis(se), 15.424.954.368 Bytes frei
Nach Suchlauf: 11 Verzeichnis(se), 15.603.273.728 Bytes frei
.
WindowsXP-KB310994-SP2-Home-BootDisk-DEU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
.
- - End Of File - - F078598992F5D2C14895B6771D54F3FD
--- --- ---


Kurzer Hinweis noch: Mein Virenprogramm AVG hatte ich für den Scan deaktiviert und nicht ganz geschlossen. Diese Möglichkeite konnte ich leider nicht finden.

cosinus 30.01.2012 14:15
Combofix - Scripten

1. Starte das Notepad (Start / Ausführen / notepad[Enter])

2. Jetzt füge mit copy/paste den ganzen Inhalt der untenstehenden Codebox in das Notepad Fenster ein.

Code:
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"=-
"65533:TCP"=-
"52344:TCP"=-

File::
c:\windows\system32\drivers\xpsec.sys

Driver::
xpsec
3. Speichere im Notepad als CFScript.txt auf dem Desktop.

4. Deaktivere den Guard Deines Antivirenprogramms und eine eventuell vorhandene Software Firewall.
(Auch Guards von Ad-, Spyware Programmen und den Tea Timer (wenn vorhanden) !)

5. Dann ziehe die CFScript.txt auf die cofi.exe, so wie es im unteren Bild zu sehen ist. Damit wird Combofix neu gestartet.

http://users.pandora.be/bluepatchy/m...s/CFScript.gif

6. Nach dem Neustart (es wird gefragt ob Du neustarten willst), poste bitte die folgenden Log Dateien:
Combofix.txt

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

Wurschtkopp 30.01.2012 14:48
Eine wichtige Frage vorneweg: Nach dem Neustart hat sich die "AVG Identity Protection" gemeldet und zwar hat sie in der Datei: C:\Combofix\NIRCMDB.exe die Bedrohung Tool-NirCmd gefunden. Ich habe jetzt die Möglichkeit die Datei in Quarantäne zu verschieben oder zuzulassen. Was soll ich da tun?

Hier das Log:

Combofix Logfile:
Code:
ComboFix 12-01-30.01 - Ich 30.01.2012  14:23:28.2.1 - x86
Microsoft Windows XP Home Edition  5.1.2600.3.1252.49.1031.18.3071.2505 [GMT 1:00]
ausgeführt von:: c:\dokumente und einstellungen\Ich\Desktop\ComboFix.exe
Benutzte Befehlsschalter :: c:\dokumente und einstellungen\Ich\Desktop\CFScript.txt
AV: AVG Anti-Virus Free Edition 2011 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
FILE ::
"c:\windows\system32\drivers\xpsec.sys"
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
(((((((((((((((((((((((((((((((((((((((  Treiber/Dienste  )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_xpsec
.
.
(((((((((((((((((((((((  Dateien erstellt von 2011-12-28 bis 2012-01-30  ))))))))))))))))))))))))))))))
.
.
2012-01-30 11:52 . 2012-01-30 11:52        --------        d-----w-        C:\_OTL
2012-01-28 11:22 . 2012-01-28 11:22        --------        d-----w-        c:\programme\ESET
2012-01-26 09:43 . 2012-01-26 09:43        --------        d-----w-        c:\programme\Malwarebytes' Anti-Malware
2012-01-26 09:43 . 2011-12-10 14:24        20464        ----a-w-        c:\windows\system32\drivers\mbam.sys
2012-01-22 11:50 . 2012-01-22 11:50        --------        d-----w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\PC Tools
2012-01-22 11:45 . 2012-01-22 11:46        --------        d-----w-        c:\dokumente und einstellungen\Administrator
2012-01-22 11:36 . 2012-01-22 11:36        --------        d-----w-        c:\dokumente und einstellungen\Ich\Anwendungsdaten\Simply Super Software
2012-01-21 22:21 . 2012-01-21 22:21        --------        d-----w-        c:\dokumente und einstellungen\Ich\Anwendungsdaten\Malwarebytes
2012-01-21 22:21 . 2012-01-21 22:21        --------        d-----w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\Malwarebytes
2012-01-06 10:52 . 2012-01-06 11:59        --------        d-----w-        c:\dokumente und einstellungen\Ich\Anwendungsdaten\Exodus
2012-01-06 10:50 . 2002-12-05 13:16        84992        ----a-w-        c:\windows\system32\atl70.dll
2012-01-06 10:50 . 2001-03-08 17:30        24064        ----a-w-        c:\windows\system32\msxml3a.dll
2012-01-06 10:46 . 2012-01-06 10:50        --------        d-----w-        c:\dokumente und einstellungen\Ich\Anwendungsdaten\.purple
2012-01-04 09:22 . 2012-01-04 09:22        --------        d-----w-        c:\programme\Microsoft Silverlight
2012-01-03 13:10 . 2012-01-03 13:10        182672        ----a-w-        c:\programme\Internet Explorer\Plugins\nppdf32.dll
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-28 11:29 . 2011-08-25 19:00        414368        ----a-w-        c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-25 21:57 . 2008-04-14 05:52        293888        ----a-w-        c:\windows\system32\winsrv.dll
2011-11-23 14:40 . 2008-04-14 05:23        1859712        ----a-w-        c:\windows\system32\win32k.sys
2011-11-20 06:12 . 2008-04-14 05:52        61952        ----a-w-        c:\windows\system32\packager.exe
2011-11-16 14:21 . 2008-04-14 05:52        354816        ----a-w-        c:\windows\system32\winhttp.dll
2011-11-16 14:21 . 2008-04-14 05:52        152064        ----a-w-        c:\windows\system32\schannel.dll
2011-11-04 19:13 . 2008-04-14 05:52        916992        ----a-w-        c:\windows\system32\wininet.dll
2011-11-04 19:13 . 2008-04-14 05:53        1469440        ------w-        c:\windows\system32\inetcpl.cpl
2011-11-04 19:13 . 2008-04-14 05:52        43520        ------w-        c:\windows\system32\licmgr10.dll
2011-11-04 11:23 . 2008-04-14 05:25        385024        ----a-w-        c:\windows\system32\html.iec
2011-11-03 15:28 . 2008-04-14 05:52        387072        ----a-w-        c:\windows\system32\qdvd.dll
2011-11-03 15:28 . 2008-04-14 05:52        1297920        ----a-w-        c:\windows\system32\quartz.dll
2011-11-01 16:07 . 2008-04-14 05:52        1288704        ----a-w-        c:\windows\system32\ole32.dll
2006-05-03 10:06        163328        --sh--r-        c:\windows\system32\flvDX.dll
2007-02-21 11:47        31232        --sh--r-        c:\windows\system32\msfDX.dll
2008-03-16 13:30        216064        --sh--r-        c:\windows\system32\nbDX.dll
.
.
(((((((((((((((((((((((((((((  SnapShot@2012-01-30_13.04.17  )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-01-30 13:28 . 2012-01-30 13:28        16384              c:\windows\Temp\Perflib_Perfdata_75c.dat
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTHelper"="CTHELPER.EXE" [2003-10-06 24576]
"SBDrvDet"="c:\programme\Creative\SB Drive Det\SBDrvDet.exe" [2002-12-03 45056]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-10 90112]
"Wallpaper Juggler Monitor"="g:\programme\Wallpaper Juggler\WallpaperJugglerM.exe" [2004-09-22 40960]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-10-16 110696]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-10-16 13851752]
"nwiz"="c:\programme\NVIDIA Corporation\nView\nwiz.exe" [2010-08-25 1753192]
"AVG_TRAY"="c:\programme\AVG\AVG10\avgtray.exe" [2011-09-10 2338656]
"QuickTime Task"="c:\programme\QuickTime\QTTask.exe" [2011-07-05 421888]
"Adobe ARM"="c:\programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"APSDaemon"="c:\programme\Gemeinsame Dateien\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute        REG_MULTI_SZ          autocheck autochk *\0c:\progra~1\AVG\AVG10\avgchsvx.exe /sync\0c:\progra~1\AVG\AVG10\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@=""
.
[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^Ich^Startmenü^Programme^Autostart^OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk]
path=c:\dokumente und einstellungen\Ich\Startmenü\Programme\Autostart\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk
backup=c:\windows\pss\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-01-03 07:37        843712        ----a-w-        c:\programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2010-08-20 19:45        1164584        ----a-w-        c:\programme\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2011-07-05 16:36        421888        ----a-w-        c:\programme\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-05-14 10:44        248552        ----a-w-        c:\programme\Gemeinsame Dateien\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2010-07-12 16:32        74752        ----a-w-        g:\programme\Winamp\winampa.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"g:\\Programme\\AVG\\AVG10\\avgmfapx.exe"=
"c:\\Programme\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"g:\\Programme\\SopCast\\SopCast.exe"=
"g:\\Programme\\SopCast\\adv\\SopAdver.exe"=
"g:\\Programme\\TVUPlayer\\TVUPlayer.exe"=
"g:\\Programme\\Mozilla Firefox\\firefox.exe"=
"c:\\Programme\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\Programme\\Google\\Google Earth\\plugin\\geplugin.exe"=
"c:\\Programme\\AVG\\AVG10\\avgmfapx.exe"=
"c:\\Programme\\Skype\\Phone\\Skype.exe"=
"c:\\Programme\\Gemeinsame Dateien\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Programme\\Bonjour\\mDNSResponder.exe"=
"c:\\Programme\\AVG\\AVG10\\avgdiagex.exe"=
"c:\\Programme\\AVG\\AVG10\\avgnsx.exe"=
"c:\\Programme\\AVG\\AVG10\\avgemcx.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:Remote Desktop
"65533:TCP"= 65533:TCP:Services
"52344:TCP"= 52344:TCP:Services
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [22.02.2011 07:13 22992]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [19.01.2011 03:32 32592]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [07.01.2011 05:41 248656]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [10.02.2011 06:54 297168]
R2 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8;g:\programme\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [09.10.2009 04:45 169312]
R2 AVGIDSAgent;AVGIDSAgent;c:\programme\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [18.08.2011 00:33 7390560]
R2 avgwd;AVG WatchDog;c:\programme\AVG\AVG10\avgwdsvc.exe [08.02.2011 04:33 269520]
R2 PfDetNT;PfDetNT;c:\windows\system32\drivers\pfmodnt.sys [24.10.2010 14:23 15840]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [30.03.2011 16:17 134480]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [10.02.2011 06:53 24144]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [10.02.2011 06:53 27216]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18.03.2010 13:16 130384]
S2 gupdate;Google Update Service (gupdate);c:\programme\Google\Update\GoogleUpdate.exe [09.04.2011 12:57 136176]
S3 gupdatem;Google Update-Dienst (gupdatem);c:\programme\Google\Update\GoogleUpdate.exe [09.04.2011 12:57 136176]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;\??\g:\programme\Lavasoft\Ad-Aware\KernExplorer.sys --> g:\programme\Lavasoft\Ad-Aware\KernExplorer.sys [?]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18.03.2010 13:16 753504]
S3 yjlck5l8.sys;yjlck5l8.sys;\??\c:\windows\system32\drivers\yjlck5l8.sys --> c:\windows\system32\drivers\yjlck5l8.sys [?]
.
Inhalt des "geplante Tasks" Ordners
.
2012-01-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\programme\Google\Update\GoogleUpdate.exe [2011-04-09 11:57]
.
2012-01-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programme\Google\Update\GoogleUpdate.exe [2011-04-09 11:57]
.
.
------- Zusätzlicher Suchlauf -------
.
uInternet Settings,ProxyOverride = *.local
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\dokumente und einstellungen\Ich\Anwendungsdaten\Mozilla\Firefox\Profiles\u3xjqo04.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.spiegel.de
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2012-01-30 14:29
Windows 5.1.2600 Service Pack 3 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-1123561945-1708537768-1801674531-1004\Software\SecuROM\License information*]
"datasecu"=hex:95,ed,15,74,f8,80,ec,6b,3e,84,02,83,2e,96,87,5f,7c,73,7f,b2,b7,
  f2,58,f5,7a,c9,58,e6,31,28,93,0d,4b,42,9e,9a,48,d8,98,30,6b,20,d6,1a,49,9d,\
"rkeysecu"=hex:9d,6e,f7,59,6d,f6,bf,21,f7,f5,28,f9,7c,7e,86,2f
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'explorer.exe'(1576)
c:\windows\system32\ctagent.dll
c:\windows\system32\msi.dll
c:\windows\system32\webcheck.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\progra~1\AVG\AVG10\avgchsvx.exe
c:\progra~1\AVG\AVG10\avgrsx.exe
c:\windows\system32\nvsvc32.exe
c:\programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\programme\Bonjour\mDNSResponder.exe
g:\programme\Java\bin\jqs.exe
g:\programme\CDBurnerXP\NMSAccessU.exe
c:\windows\system32\wdfmgr.exe
c:\programme\AVG\AVG10\avgnsx.exe
c:\programme\AVG\AVG10\avgemcx.exe
c:\windows\system32\CTHELPER.EXE
c:\windows\system32\RUNDLL32.EXE
c:\programme\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-01-30  14:32:41 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2012-01-30 13:32
ComboFix2.txt  2012-01-30 13:08
.
Vor Suchlauf: 10 Verzeichnis(se), 15.611.203.584 Bytes frei
Nach Suchlauf: 11 Verzeichnis(se), 15.594.381.312 Bytes frei
.
- - End Of File - - 5ADB37BA2EF0CA7D939FF1D2AEC2B5D8
--- --- ---

cosinus 30.01.2012 14:59
Das ist ein Fehlalarm! Rate mal weswegen sonst der Virenscanner abgestellt werden muss wenn CF arbeiten soll!


Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.

Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM!

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
  • Starte die aswMBR.exe - (aswMBR.exe Anleitung)
    Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
    Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS-Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).

Wurschtkopp 30.01.2012 15:11
Ok. Nur um sicherzugehen: Die Bedrohung TR/Crypt.XPACK.Gen in C:\Combofix\HANDLE.3XE ist auch ein Fehlalarm? Kam direkt nachdem ich die andere Datei zugelassen habe.

Sorry, will aber jetzt nicht irgendwas falsch machen und warte daher nochmal mit den anderen Logs, bis ich wegen der Meldung Bescheid weiß.

cosinus 30.01.2012 15:39
Ja das sind Fehlalarme! Wenn CF am wekreln ist muss der Virenscanner aus sein!

Wurschtkopp 30.01.2012 19:52
Hier die neuen Logs:

GMER Logfile:
Code:
GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-01-30 16:12:31
Windows 5.1.2600 Service Pack 3 Harddisk1\DR1 -> \Device\Scsi\nvgts2Port2Path0Target0Lun0 WDC_WD36 rev.31.0
Running: k0lzty9v.exe; Driver: C:\DOKUME~1\Ich\LOKALE~1\Temp\uwgdqfow.sys


---- System - GMER 1.0.15 ----

SSDT            \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. )  ZwOpenProcess [0xB8391738]
SSDT            \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. )  ZwTerminateProcess [0xB83917DC]
SSDT            \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. )  ZwTerminateThread [0xB8391878]
SSDT            \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. )  ZwWriteVirtualMemory [0xB8391914]

---- Kernel code sections - GMER 1.0.15 ----

?              Combo-Fix.sys                                                                                                              Das System kann die angegebene Datei nicht finden. !
.text          C:\WINDOWS\system32\DRIVERS\nv4_mini.sys                                                                                    section is writeable [0xB72153A0, 0x5CC259, 0xE8000020]
?              C:\ComboFix\catchme.sys                                                                                                    Das System kann den angegebenen Pfad nicht finden. !
?              C:\WINDOWS\system32\Drivers\PROCEXP113.SYS                                                                                  Das System kann die angegebene Datei nicht finden. !

---- Devices - GMER 1.0.15 ----

AttachedDevice  \FileSystem\Ntfs \Ntfs                                                                                                      AVGIDSFilter.Sys (IDS Application Activity Monitor Filter Driver./AVG Technologies CZ, s.r.o. )
AttachedDevice  \Driver\Tcpip \Device\Ip                                                                                                    avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice  \Driver\Tcpip \Device\Tcp                                                                                                  avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice  \Driver\Tcpip \Device\Udp                                                                                                  avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice  \Driver\Tcpip \Device\RawIp                                                                                                avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice  \FileSystem\Fastfat \Fat                                                                                                    fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice  \FileSystem\Fastfat \Fat                                                                                                    AVGIDSFilter.Sys (IDS Application Activity Monitor Filter Driver./AVG Technologies CZ, s.r.o. )

---- EOF - GMER 1.0.15 ----
--- --- ---



OSAM Logfile:
Code:
Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 19:37:55 on 30.01.2012

OS: Windows XP Home Edition Service Pack 3 (Build 2600)
Default Browser: Mozilla Corporation Firefox 9.0.1

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Boot Execute]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Session Manager )-----
"BootExecute" - "AVG Technologies CZ, s.r.o." - C:\PROGRA~1\AVG\AVG10\avgchsvx.exe
"BootExecute" - "AVG Technologies CZ, s.r.o." - C:\PROGRA~1\AVG\AVG10\avgrsx.exe

[Common]
-----( %SystemRoot%\Tasks )-----
"GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Programme\Google\Update\GoogleUpdate.exe
"GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Programme\Google\Update\GoogleUpdate.exe

[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"AudioHQU.cpl" - "Creative Technology Ltd." - C:\WINDOWS\system32\AudioHQU.cpl
"DivXControlPanelApplet.cpl" - "DivX, Inc." - C:\WINDOWS\system32\DivXControlPanelApplet.cpl
"FlashPlayerCPLApp.cpl" - "Adobe Systems Incorporated" - C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
"infocardcpl.cpl" - "Microsoft Corporation" - C:\WINDOWS\system32\infocardcpl.cpl
"javacpl.cpl" - "Sun Microsystems, Inc." - C:\WINDOWS\system32\javacpl.cpl
"PhysX.cpl" - "NVIDIA Corporation" - C:\WINDOWS\system32\PhysX.cpl
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"QuickTime" - "Apple Inc." - C:\Programme\QuickTime\QTSystem\QuickTime.cpl

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"AVG Anti-Rootkit Driver" (Avgrkx86) - "AVG Technologies CZ, s.r.o." - C:\WINDOWS\System32\DRIVERS\avgrkx86.sys
"AVG AVI Loader Driver" (Avgldx86) - "AVG Technologies CZ, s.r.o." - C:\WINDOWS\System32\DRIVERS\avgldx86.sys
"AVG Mini-Filter Resident Anti-Virus Shield" (Avgmfx86) - "AVG Technologies CZ, s.r.o." - C:\WINDOWS\System32\DRIVERS\avgmfx86.sys
"AVG TDI Driver" (Avgtdix) - "AVG Technologies CZ, s.r.o." - C:\WINDOWS\System32\DRIVERS\avgtdix.sys
"AVGIDSDriver" (AVGIDSDriver) - "AVG Technologies CZ, s.r.o. " - C:\WINDOWS\System32\DRIVERS\AVGIDSDriver.Sys
"AVGIDSEH" (AVGIDSEH) - "AVG Technologies CZ, s.r.o. " - C:\WINDOWS\System32\DRIVERS\AVGIDSEH.Sys
"AVGIDSFilter" (AVGIDSFilter) - "AVG Technologies CZ, s.r.o. " - C:\WINDOWS\System32\DRIVERS\AVGIDSFilter.Sys
"AVGIDSShim" (AVGIDSShim) - "AVG Technologies CZ, s.r.o. " - C:\WINDOWS\System32\DRIVERS\AVGIDSShim.Sys
"catchme" (catchme) - ? - C:\ComboFix\catchme.sys  (File not found)
"Changer" (Changer) - ? - C:\WINDOWS\system32\drivers\Changer.sys  (File not found)
"i2omgmt" (i2omgmt) - ? - C:\WINDOWS\system32\drivers\i2omgmt.sys  (File not found)
"Lavasoft helper driver" (Lavasoft Kernexplorer) - ? - G:\Programme\Lavasoft\Ad-Aware\KernExplorer.sys  (File not found)
"lbrtfdc" (lbrtfdc) - ? - C:\WINDOWS\system32\drivers\lbrtfdc.sys  (File not found)
"nvatabus" (nvatabus) - "NVIDIA Corporation" - C:\WINDOWS\System32\DRIVERS\nvatabus.sys
"PCIDump" (PCIDump) - ? - C:\WINDOWS\system32\drivers\PCIDump.sys  (File not found)
"PDCOMP" (PDCOMP) - ? - C:\WINDOWS\system32\drivers\PDCOMP.sys  (File not found)
"PDFRAME" (PDFRAME) - ? - C:\WINDOWS\system32\drivers\PDFRAME.sys  (File not found)
"PDRELI" (PDRELI) - ? - C:\WINDOWS\system32\drivers\PDRELI.sys  (File not found)
"PDRFRAME" (PDRFRAME) - ? - C:\WINDOWS\system32\drivers\PDRFRAME.sys  (File not found)
"PxHelp20" (PxHelp20) - "Sonic Solutions" - C:\WINDOWS\System32\Drivers\PxHelp20.sys
"StarOpen" (StarOpen) - ? - C:\WINDOWS\system32\drivers\StarOpen.sys  (File found, but it contains no detailed information)
"WDICA" (WDICA) - ? - C:\WINDOWS\system32\drivers\WDICA.sys  (File not found)
"yjlck5l8.sys" (yjlck5l8.sys) - ? - C:\WINDOWS\system32\drivers\yjlck5l8.sys  (File not found)

[Explorer]
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.dll
-----( HKLM\Software\Classes\Protocols\Filter )-----
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
{807563E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
-----( HKLM\Software\Classes\Protocols\Handler )-----
{314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll
{F274614C-63F8-47D5-A4D1-FBDDE494F8D1} "XPLPPFilter Class" - "AVG Technologies CZ, s.r.o." - C:\Programme\AVG\AVG10\avgpp.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{23170F69-40C1-278A-1000-000100020000} "7-Zip Shell Extension" - "Igor Pavlov" - G:\Programme\7-Zip\7-zip.dll
{9F97547E-460A-42C5-AE0C-81C61FFAEBC3} "AVG Find Extension" - ? -  (File not found | COM-object registry key not found)
{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} "AVG Shell Extension Class" - "AVG Technologies CZ, s.r.o." - C:\Programme\AVG\AVG10\avgse.dll
{42071714-76d4-11d1-8b24-00a0c9068ff3} "CPL-Erweiterung für Anzeigeverschiebung" - ? -  (File not found | COM-object registry key not found)
{1CDB2949-8F65-4355-8456-263E7C208A5D} "Desktop Explorer" - "NVIDIA Corporation" - C:\Programme\NVIDIA Corporation\nView\nvshell.dll
{1E9B04FB-F9E5-4718-997B-B8DA88302A47} "Desktop Explorer Menu" - "NVIDIA Corporation" - C:\Programme\NVIDIA Corporation\nView\nvshell.dll
{A70C977A-BF00-412C-90B7-034C51DA2439} "DesktopContext Class" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvcpl.dll
{FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} "IE User Assist" - ? -  (File not found | COM-object registry key not found)
{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} "Kontextmenü für die Verschlüsselung" - ? -  (File not found | COM-object registry key not found)
{1AC77AE9-9EC6-405A-9F9B-C06AB3C10B71} "Microsoft Image Composite Editor" - ? -  (File not found | COM-object registry key not found)
{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Programme\Microsoft Office\Office12\msohevi.dll
{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\OFFICE12\msoshext.dll
{5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C} "Microsoft Office OneNote Namespace Extension for Windows Desktop Search" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\ONFILTER.DLL
{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\OFFICE12\msoshext.dll
{FFB699E0-306A-11d3-8BD1-00104B6F7516} "NVIDIA CPL Extension" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvcpl.dll
{1E9B04FB-F9E5-4718-997B-B8DA88302A48} "nView Desktop Context Menu" - "NVIDIA Corporation" - C:\Programme\NVIDIA Corporation\nView\nvshell.dll
{D0FAC080-AE1A-11ce-8016-CE90976DC901} "Picture Publisher File Viewer" - ? - C:\WINDOWS\system32\ppiv20.dll  (File found, but it contains no detailed information)
{E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} "Shell Icon Handler for Application References" - "Microsoft Corporation" - C:\WINDOWS\system32\dfshim.dll
{764BF0E1-F219-11ce-972D-00AA00A14F56} "Shellerweiterungen für die Dateikomprimierung" - ? -  (File not found | COM-object registry key not found)
{e82a2d71-5b2f-43a0-97b8-81be15854de8} "ShellLink for Application References" - "Microsoft Corporation" - C:\WINDOWS\system32\dfshim.dll
{52B87208-9CCF-42C9-B88E-069281105805} "Trojan Remover Shell Extension" - ? -  (File not found | COM-object registry key not found)
{BDEADF00-C265-11D0-BCED-00A0C90AB50F} "Web Folders" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Folders\MSONSEXT.DLL
{B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - "Alexander Roshal" - G:\Programme\WinRAR\rarext.dll

[Internet Explorer]
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
ITBar7Height "ITBar7Height" - ? -  (File not found | COM-object registry key not found)
<binary data> "ITBar7Layout" - ? -  (File not found | COM-object registry key not found)
<binary data> "ITBarLayout" - ? -  (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_22" - "Sun Microsystems, Inc." - G:\Programme\Java\bin\npjpi160_22.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} "Java Plug-in 1.6.0_22" - "Sun Microsystems, Inc." - G:\Programme\Java\bin\npjpi160_22.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_22" - "Sun Microsystems, Inc." - G:\Programme\Java\bin\npjpi160_22.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
{74DBCB52-F298-4110-951D-AD2FF67BC8AB} "NVIDIA Smart Scan" - "NVIDIA" - C:\WINDOWS\DOWNLO~1\NVIDIA~1.OCX / hxxp://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
{1E54D648-B804-468d-BC78-4AFFED8E262F} "System Requirements Lab Class" - "Husdawg, LLC" - C:\WINDOWS\Downloaded Program Files\sysreqlab_nvd.dll / hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
{E2883E8F-472F-4FB0-9522-AC9BF37916A7} "{E2883E8F-472F-4FB0-9522-AC9BF37916A7}" - ? -  (File not found | COM-object registry key not found) / hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
{48E73304-E1D6-4330-914C-F5F514E3486C} "An OneNote senden" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
{FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Research" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} "AVG Safe Search" - "AVG Technologies CZ, s.r.o." - C:\Programme\AVG\AVG10\avgssie.dll
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - G:\Programme\Java\bin\jp2ssv.dll
{E7E6F031-17CE-4C07-BC86-EABFE594F69C} "JQSIEStartDetectorImpl Class" - "Sun Microsystems, Inc." - G:\Programme\Java\lib\deploy\jqs\ie\jqs_plugin.dll

[Logon]
-----( %AllUsersProfile%\Startmenü\Programme\Autostart )-----
"desktop.ini" - ? - C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\desktop.ini
-----( %UserProfile%\Startmenü\Programme\Autostart )-----
"desktop.ini" - ? - C:\Dokumente und Einstellungen\Ich\Startmenü\Programme\Autostart\desktop.ini
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"Adobe ARM" - "Adobe Systems Incorporated" - "C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe"
"APSDaemon" - "Apple Inc." - "C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\APSDaemon.exe"
"AVG_TRAY" - "AVG Technologies CZ, s.r.o." - C:\Programme\AVG\AVG10\avgtray.exe
"CTHelper" - "Creative Technology Ltd" - CTHELPER.EXE
"NvCplDaemon" - "NVIDIA Corporation" - RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
"NvMediaCenter" - "NVIDIA Corporation" - RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
"nwiz" - "NVIDIA Corporation" - C:\Programme\NVIDIA Corporation\nView\nwiz.exe /installquiet
"QuickTime Task" - "Apple Inc." - "C:\Programme\QuickTime\QTTask.exe" -atboottime
"SBDrvDet" - "Creative Technology Ltd" - C:\Programme\Creative\SB Drive Det\SBDrvDet.exe /r
"UpdReg" - "Creative Technology Ltd." - C:\WINDOWS\UpdReg.EXE
"Wallpaper Juggler Monitor" - "Topdownloads Networks" - "G:\Programme\Wallpaper Juggler\WallpaperJugglerM.exe"

[Print Monitors]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----
"Send To Microsoft OneNote Monitor" - "Microsoft Corporation" - C:\WINDOWS\system32\msonpmon.dll

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
".NET Runtime Optimization Service v2.0.50727_X86" (clr_optimization_v2.0.50727_32) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
"Adobe Active File Monitor V8" (AdobeActiveFileMonitor8.0) - "Adobe Systems Incorporated" - g:\Programme\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe
"Anwendungsverwaltung" (AppMgmt) - ? - C:\WINDOWS\System32\appmgmts.dll  (File not found)
"Apple Mobile Device" (Apple Mobile Device) - "Apple Inc." - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe
"ASP.NET-Zustandsdienst" (aspnet_state) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
"AVG WatchDog" (avgwd) - "AVG Technologies CZ, s.r.o." - C:\Programme\AVG\AVG10\avgwdsvc.exe
"AVGIDSAgent" (AVGIDSAgent) - "AVG Technologies CZ, s.r.o." - C:\Programme\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
"Dienst "Bonjour"" (Bonjour Service) - "Apple Inc." - C:\Programme\Bonjour\mDNSResponder.exe
"FLEXnet Licensing Service" (FLEXnet Licensing Service) - "Acresso Software Inc." - C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
"Google Update Service (gupdate)" (gupdate) - "Google Inc." - C:\Programme\Google\Update\GoogleUpdate.exe
"Google Update-Dienst (gupdatem)" (gupdatem) - "Google Inc." - C:\Programme\Google\Update\GoogleUpdate.exe
"Java Quick Starter" (JavaQuickStarterService) - "Sun Microsystems, Inc." - G:\Programme\Java\bin\jqs.exe
"Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
"Microsoft Office Diagnostics Service" (odserv) - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE
"NMSAccess" (NMSAccess) - ? - G:\Programme\CDBurnerXP\NMSAccessU.exe  (File found, but it contains no detailed information)
"NVIDIA Display Driver Service" (nvsvc) - "NVIDIA Corporation" - C:\WINDOWS\system32\nvsvc32.exe
"Office  Source Engine" (ose) - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE
"Windows CardSpace" (idsvc) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
"Windows Presentation Foundation Font Cache 3.0.0.0" (FontCache3.0.0.0) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
"Windows Presentation Foundation Font Cache 4.0.0.0" (WPFFontCache_v0400) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe

[Winlogon]
-----( HKCU\Control Panel\IOProcs )-----
"MVB" - ? - mvfs32.dll  (File not found)
-----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions )-----
{c6dc5466-785a-11d2-84d0-00c04fb169f7} "Softwareinstallation" - ? - appmgmts.dll  (File not found)

[Winsock Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )-----
"mdnsNSP" - "Apple Inc." - C:\Programme\Bonjour\mdnsNSP.dll

===[ Logfile end ]=========================================[ Logfile end ]===
--- --- ---

aswMBR:

Code:
aswMBR version 0.9.9.1532 Copyright(c) 2011 AVAST Software
Run date: 2012-01-30 19:39:16
-----------------------------
19:39:16.000    OS Version: Windows 5.1.2600 Service Pack 3
19:39:16.000    Number of processors: 1 586 0x2701
19:39:16.000    ComputerName: ICH-0112C52BCD8  UserName: Ich
19:39:16.265    Initialize success
19:40:14.890    AVAST engine defs: 12013000
19:40:52.062    Disk 0  \Device\Harddisk0\DR0 -> \Device\Scsi\nvgts1Port1Path1Target1Lun0
19:40:52.062    Disk 0 Vendor: ST320082 3.03 Size: 190781MB BusType: 3
19:40:52.062    Disk 1 (boot) \Device\Harddisk1\DR1 -> \Device\Scsi\nvgts2Port2Path0Target0Lun0
19:40:52.062    Disk 1 Vendor: WDC_WD36 31.0 Size: 35304MB BusType: 3
19:40:52.062    Device \Driver\nvgts -> DriverStartIo SCSIPORT.SYS b7ee040e
19:40:52.078    Disk 1 MBR read successfully
19:40:52.093    Disk 1 MBR scan
19:40:52.171    Disk 1 Windows XP default MBR code
19:40:52.187    Disk 1 Partition 1 80 (A) 07    HPFS/NTFS NTFS        35302 MB offset 2048
19:40:52.218    Disk 1 scanning sectors +72300544
19:40:52.281    Disk 1 scanning C:\WINDOWS\system32\drivers
19:40:57.296    Service scanning
19:40:58.171    Modules scanning
19:41:01.843    Disk 1 trace - called modules:
19:41:01.843    ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll SCSIPORT.SYS nvgts.sys
19:41:01.843    1 nt!IofCallDriver -> \Device\Harddisk1\DR1[0x8ac64030]
19:41:01.843    3 CLASSPNP.SYS[b8108fd7] -> nt!IofCallDriver -> \Device\00000074[0x8ac0a750]
19:41:01.843    5 ACPI.sys[b7f7e620] -> nt!IofCallDriver -> \Device\Scsi\nvgts2Port2Path0Target0Lun0[0x8ac0a8e8]
19:41:02.078    AVAST engine scan C:\WINDOWS
19:41:04.906    AVAST engine scan C:\WINDOWS\system32
19:43:07.921    AVAST engine scan C:\WINDOWS\system32\drivers
19:43:15.328    AVAST engine scan C:\Dokumente und Einstellungen\Ich
19:45:46.031    AVAST engine scan C:\Dokumente und Einstellungen\All Users
19:47:53.750    Scan finished successfully
19:48:54.171    Disk 1 MBR has been saved successfully to "G:\Downloads\Virus\MBR.dat"
19:48:54.187    The log file has been saved successfully to "G:\Downloads\Virus\aswMBR.txt"

cosinus 30.01.2012 22:09
Zitat:
"yjlck5l8.sys" (yjlck5l8.sys) - ? - C:\WINDOWS\system32\drivers\yjlck5l8.sys (File not found)
Bitte mit OSAM deaktivieren und löschen (delete from storage) mach danach wieder ein neues Log mit OSAM

Wurschtkopp 31.01.2012 11:17
Hallo,
hier das neue Osam-Log:

Code:
Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 11:15:38 on 31.01.2012

OS: Windows XP Home Edition Service Pack 3 (Build 2600)
Default Browser: Mozilla Corporation Firefox 9.0.1

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Boot Execute]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Session Manager )-----
"BootExecute" - "AVG Technologies CZ, s.r.o." - C:\PROGRA~1\AVG\AVG10\avgchsvx.exe
"BootExecute" - "AVG Technologies CZ, s.r.o." - C:\PROGRA~1\AVG\AVG10\avgrsx.exe

[Common]
-----( %SystemRoot%\Tasks )-----
"GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Programme\Google\Update\GoogleUpdate.exe
"GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Programme\Google\Update\GoogleUpdate.exe

[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"AudioHQU.cpl" - "Creative Technology Ltd." - C:\WINDOWS\system32\AudioHQU.cpl
"DivXControlPanelApplet.cpl" - "DivX, Inc." - C:\WINDOWS\system32\DivXControlPanelApplet.cpl
"FlashPlayerCPLApp.cpl" - "Adobe Systems Incorporated" - C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
"infocardcpl.cpl" - "Microsoft Corporation" - C:\WINDOWS\system32\infocardcpl.cpl
"javacpl.cpl" - "Sun Microsystems, Inc." - C:\WINDOWS\system32\javacpl.cpl
"PhysX.cpl" - "NVIDIA Corporation" - C:\WINDOWS\system32\PhysX.cpl
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"QuickTime" - "Apple Inc." - C:\Programme\QuickTime\QTSystem\QuickTime.cpl

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"AVG Anti-Rootkit Driver" (Avgrkx86) - "AVG Technologies CZ, s.r.o." - C:\WINDOWS\System32\DRIVERS\avgrkx86.sys
"AVG AVI Loader Driver" (Avgldx86) - "AVG Technologies CZ, s.r.o." - C:\WINDOWS\System32\DRIVERS\avgldx86.sys
"AVG Mini-Filter Resident Anti-Virus Shield" (Avgmfx86) - "AVG Technologies CZ, s.r.o." - C:\WINDOWS\System32\DRIVERS\avgmfx86.sys
"AVG TDI Driver" (Avgtdix) - "AVG Technologies CZ, s.r.o." - C:\WINDOWS\System32\DRIVERS\avgtdix.sys
"AVGIDSDriver" (AVGIDSDriver) - "AVG Technologies CZ, s.r.o. " - C:\WINDOWS\System32\DRIVERS\AVGIDSDriver.Sys
"AVGIDSEH" (AVGIDSEH) - "AVG Technologies CZ, s.r.o. " - C:\WINDOWS\System32\DRIVERS\AVGIDSEH.Sys
"AVGIDSFilter" (AVGIDSFilter) - "AVG Technologies CZ, s.r.o. " - C:\WINDOWS\System32\DRIVERS\AVGIDSFilter.Sys
"AVGIDSShim" (AVGIDSShim) - "AVG Technologies CZ, s.r.o. " - C:\WINDOWS\System32\DRIVERS\AVGIDSShim.Sys
"catchme" (catchme) - ? - C:\ComboFix\catchme.sys  (File not found)
"Changer" (Changer) - ? - C:\WINDOWS\system32\drivers\Changer.sys  (File not found)
"i2omgmt" (i2omgmt) - ? - C:\WINDOWS\system32\drivers\i2omgmt.sys  (File not found)
"Lavasoft helper driver" (Lavasoft Kernexplorer) - ? - G:\Programme\Lavasoft\Ad-Aware\KernExplorer.sys  (File not found)
"lbrtfdc" (lbrtfdc) - ? - C:\WINDOWS\system32\drivers\lbrtfdc.sys  (File not found)
"nvatabus" (nvatabus) - "NVIDIA Corporation" - C:\WINDOWS\System32\DRIVERS\nvatabus.sys
"PCIDump" (PCIDump) - ? - C:\WINDOWS\system32\drivers\PCIDump.sys  (File not found)
"PDCOMP" (PDCOMP) - ? - C:\WINDOWS\system32\drivers\PDCOMP.sys  (File not found)
"PDFRAME" (PDFRAME) - ? - C:\WINDOWS\system32\drivers\PDFRAME.sys  (File not found)
"PDRELI" (PDRELI) - ? - C:\WINDOWS\system32\drivers\PDRELI.sys  (File not found)
"PDRFRAME" (PDRFRAME) - ? - C:\WINDOWS\system32\drivers\PDRFRAME.sys  (File not found)
"PxHelp20" (PxHelp20) - "Sonic Solutions" - C:\WINDOWS\System32\Drivers\PxHelp20.sys
"StarOpen" (StarOpen) - ? - C:\WINDOWS\system32\drivers\StarOpen.sys  (File found, but it contains no detailed information)
"WDICA" (WDICA) - ? - C:\WINDOWS\system32\drivers\WDICA.sys  (File not found)

[Explorer]
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.dll
-----( HKLM\Software\Classes\Protocols\Filter )-----
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
{807563E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
-----( HKLM\Software\Classes\Protocols\Handler )-----
{314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll
{F274614C-63F8-47D5-A4D1-FBDDE494F8D1} "XPLPPFilter Class" - "AVG Technologies CZ, s.r.o." - C:\Programme\AVG\AVG10\avgpp.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{23170F69-40C1-278A-1000-000100020000} "7-Zip Shell Extension" - "Igor Pavlov" - G:\Programme\7-Zip\7-zip.dll
{9F97547E-460A-42C5-AE0C-81C61FFAEBC3} "AVG Find Extension" - ? -  (File not found | COM-object registry key not found)
{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} "AVG Shell Extension Class" - "AVG Technologies CZ, s.r.o." - C:\Programme\AVG\AVG10\avgse.dll
{42071714-76d4-11d1-8b24-00a0c9068ff3} "CPL-Erweiterung für Anzeigeverschiebung" - ? -  (File not found | COM-object registry key not found)
{1CDB2949-8F65-4355-8456-263E7C208A5D} "Desktop Explorer" - "NVIDIA Corporation" - C:\Programme\NVIDIA Corporation\nView\nvshell.dll
{1E9B04FB-F9E5-4718-997B-B8DA88302A47} "Desktop Explorer Menu" - "NVIDIA Corporation" - C:\Programme\NVIDIA Corporation\nView\nvshell.dll
{A70C977A-BF00-412C-90B7-034C51DA2439} "DesktopContext Class" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvcpl.dll
{FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} "IE User Assist" - ? -  (File not found | COM-object registry key not found)
{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} "Kontextmenü für die Verschlüsselung" - ? -  (File not found | COM-object registry key not found)
{1AC77AE9-9EC6-405A-9F9B-C06AB3C10B71} "Microsoft Image Composite Editor" - ? -  (File not found | COM-object registry key not found)
{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Programme\Microsoft Office\Office12\msohevi.dll
{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\OFFICE12\msoshext.dll
{5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C} "Microsoft Office OneNote Namespace Extension for Windows Desktop Search" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\ONFILTER.DLL
{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\OFFICE12\msoshext.dll
{FFB699E0-306A-11d3-8BD1-00104B6F7516} "NVIDIA CPL Extension" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvcpl.dll
{1E9B04FB-F9E5-4718-997B-B8DA88302A48} "nView Desktop Context Menu" - "NVIDIA Corporation" - C:\Programme\NVIDIA Corporation\nView\nvshell.dll
{D0FAC080-AE1A-11ce-8016-CE90976DC901} "Picture Publisher File Viewer" - ? - C:\WINDOWS\system32\ppiv20.dll  (File found, but it contains no detailed information)
{E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} "Shell Icon Handler for Application References" - "Microsoft Corporation" - C:\WINDOWS\system32\dfshim.dll
{764BF0E1-F219-11ce-972D-00AA00A14F56} "Shellerweiterungen für die Dateikomprimierung" - ? -  (File not found | COM-object registry key not found)
{e82a2d71-5b2f-43a0-97b8-81be15854de8} "ShellLink for Application References" - "Microsoft Corporation" - C:\WINDOWS\system32\dfshim.dll
{52B87208-9CCF-42C9-B88E-069281105805} "Trojan Remover Shell Extension" - ? -  (File not found | COM-object registry key not found)
{BDEADF00-C265-11D0-BCED-00A0C90AB50F} "Web Folders" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Folders\MSONSEXT.DLL
{B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - "Alexander Roshal" - G:\Programme\WinRAR\rarext.dll

[Internet Explorer]
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
ITBar7Height "ITBar7Height" - ? -  (File not found | COM-object registry key not found)
<binary data> "ITBar7Layout" - ? -  (File not found | COM-object registry key not found)
<binary data> "ITBarLayout" - ? -  (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_22" - "Sun Microsystems, Inc." - G:\Programme\Java\bin\npjpi160_22.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} "Java Plug-in 1.6.0_22" - "Sun Microsystems, Inc." - G:\Programme\Java\bin\npjpi160_22.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_22" - "Sun Microsystems, Inc." - G:\Programme\Java\bin\npjpi160_22.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
{74DBCB52-F298-4110-951D-AD2FF67BC8AB} "NVIDIA Smart Scan" - "NVIDIA" - C:\WINDOWS\DOWNLO~1\NVIDIA~1.OCX / hxxp://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
{1E54D648-B804-468d-BC78-4AFFED8E262F} "System Requirements Lab Class" - "Husdawg, LLC" - C:\WINDOWS\Downloaded Program Files\sysreqlab_nvd.dll / hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
{E2883E8F-472F-4FB0-9522-AC9BF37916A7} "{E2883E8F-472F-4FB0-9522-AC9BF37916A7}" - ? -  (File not found | COM-object registry key not found) / hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
{48E73304-E1D6-4330-914C-F5F514E3486C} "An OneNote senden" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
{FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Research" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} "AVG Safe Search" - "AVG Technologies CZ, s.r.o." - C:\Programme\AVG\AVG10\avgssie.dll
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - G:\Programme\Java\bin\jp2ssv.dll
{E7E6F031-17CE-4C07-BC86-EABFE594F69C} "JQSIEStartDetectorImpl Class" - "Sun Microsystems, Inc." - G:\Programme\Java\lib\deploy\jqs\ie\jqs_plugin.dll

[Logon]
-----( %AllUsersProfile%\Startmenü\Programme\Autostart )-----
"desktop.ini" - ? - C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\desktop.ini
-----( %UserProfile%\Startmenü\Programme\Autostart )-----
"desktop.ini" - ? - C:\Dokumente und Einstellungen\Ich\Startmenü\Programme\Autostart\desktop.ini
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"Adobe ARM" - "Adobe Systems Incorporated" - "C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe"
"APSDaemon" - "Apple Inc." - "C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\APSDaemon.exe"
"AVG_TRAY" - "AVG Technologies CZ, s.r.o." - C:\Programme\AVG\AVG10\avgtray.exe
"CTHelper" - "Creative Technology Ltd" - CTHELPER.EXE
"NvCplDaemon" - "NVIDIA Corporation" - RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
"NvMediaCenter" - "NVIDIA Corporation" - RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
"nwiz" - "NVIDIA Corporation" - C:\Programme\NVIDIA Corporation\nView\nwiz.exe /installquiet
"QuickTime Task" - "Apple Inc." - "C:\Programme\QuickTime\QTTask.exe" -atboottime
"SBDrvDet" - "Creative Technology Ltd" - C:\Programme\Creative\SB Drive Det\SBDrvDet.exe /r
"UpdReg" - "Creative Technology Ltd." - C:\WINDOWS\UpdReg.EXE
"Wallpaper Juggler Monitor" - "Topdownloads Networks" - "G:\Programme\Wallpaper Juggler\WallpaperJugglerM.exe"

[Print Monitors]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----
"Send To Microsoft OneNote Monitor" - "Microsoft Corporation" - C:\WINDOWS\system32\msonpmon.dll

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
".NET Runtime Optimization Service v2.0.50727_X86" (clr_optimization_v2.0.50727_32) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
"Adobe Active File Monitor V8" (AdobeActiveFileMonitor8.0) - "Adobe Systems Incorporated" - g:\Programme\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe
"Anwendungsverwaltung" (AppMgmt) - ? - C:\WINDOWS\System32\appmgmts.dll  (File not found)
"Apple Mobile Device" (Apple Mobile Device) - "Apple Inc." - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe
"ASP.NET-Zustandsdienst" (aspnet_state) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
"AVG WatchDog" (avgwd) - "AVG Technologies CZ, s.r.o." - C:\Programme\AVG\AVG10\avgwdsvc.exe
"AVGIDSAgent" (AVGIDSAgent) - "AVG Technologies CZ, s.r.o." - C:\Programme\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
"Dienst "Bonjour"" (Bonjour Service) - "Apple Inc." - C:\Programme\Bonjour\mDNSResponder.exe
"FLEXnet Licensing Service" (FLEXnet Licensing Service) - "Acresso Software Inc." - C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
"Google Update Service (gupdate)" (gupdate) - "Google Inc." - C:\Programme\Google\Update\GoogleUpdate.exe
"Google Update-Dienst (gupdatem)" (gupdatem) - "Google Inc." - C:\Programme\Google\Update\GoogleUpdate.exe
"Java Quick Starter" (JavaQuickStarterService) - "Sun Microsystems, Inc." - G:\Programme\Java\bin\jqs.exe
"Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
"Microsoft Office Diagnostics Service" (odserv) - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE
"NMSAccess" (NMSAccess) - ? - G:\Programme\CDBurnerXP\NMSAccessU.exe  (File found, but it contains no detailed information)
"NVIDIA Display Driver Service" (nvsvc) - "NVIDIA Corporation" - C:\WINDOWS\system32\nvsvc32.exe
"Office  Source Engine" (ose) - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE
"Windows CardSpace" (idsvc) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
"Windows Presentation Foundation Font Cache 3.0.0.0" (FontCache3.0.0.0) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
"Windows Presentation Foundation Font Cache 4.0.0.0" (WPFFontCache_v0400) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe

[Winlogon]
-----( HKCU\Control Panel\IOProcs )-----
"MVB" - ? - mvfs32.dll  (File not found)
-----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions )-----
{c6dc5466-785a-11d2-84d0-00c04fb169f7} "Softwareinstallation" - ? - appmgmts.dll  (File not found)

[Winsock Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )-----
"mdnsNSP" - "Apple Inc." - C:\Programme\Bonjour\mdnsNSP.dll

===[ Logfile end ]=========================================[ Logfile end ]===
--- --- ---

cosinus 31.01.2012 12:33
Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SASW und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!


Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt:


ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Wurschtkopp 31.01.2012 17:56
Hallo,
habe jetzt alle Scans gemacht.

Malwarebytes hat was gefunden, das habe ich (wie in der Anleitung beschrieben) gelöscht. Auch Superantispyware hat was gefunden. Das habe ich noch nicht gelöscht.
Und ESET hat die beiden Sachen gefunden, die schon das erste mal gefunden wurden und die ich nicht löschen brauchte. (Habe mich allerdings verklickt und jetzt sind die in der Quarantäne gelandet.)

Aber hier einfach die Logs:

SUPERAntispyware:

Code:
SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com

Generated 01/31/2012 at 03:14 PM

Application Version : 5.0.1142

Core Rules Database Version : 8183
Trace Rules Database Version: 5995

Scan type      : Complete Scan
Total Scan Time : 01:36:21

Operating System Information
Windows XP Home Edition 32-bit, Service Pack 3 (Build 5.01.2600)
Administrator

Memory items scanned      : 455
Memory threats detected  : 0
Registry items scanned    : 23358
Registry threats detected : 0
File items scanned        : 95000
File threats detected    : 5

Adware.Tracking Cookie
        C:\DOKUMENTE UND EINSTELLUNGEN\ADMINISTRATOR\Cookies\GMDK29QA.txt [ Cookie:administrator@atdmt.com/ ]
        C:\DOKUMENTE UND EINSTELLUNGEN\ADMINISTRATOR\Cookies\X356TFUV.txt [ Cookie:administrator@c.atdmt.com/ ]
        C:\DOKUMENTE UND EINSTELLUNGEN\ADMINISTRATOR\Cookies\GN4AD8JH.txt [ Cookie:administrator@2o7.net/ ]
        C:\DOKUMENTE UND EINSTELLUNGEN\ADMINISTRATOR\Cookies\9CPVIKQS.txt [ Cookie:administrator@interclick.com/ ]
        C:\DOKUMENTE UND EINSTELLUNGEN\ADMINISTRATOR\Cookies\2XYV7OFV.txt [ Cookie:administrator@fastclick.net/ ]
Malwarebytes:

Code:
Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Datenbank Version: v2012.01.31.06

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Ich :: ICH-0112C52BCD8 [Administrator]

31.01.2012 17:07:00
mbam-log-2012-01-31 (17-07-00).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 280870
Laufzeit: 40 Minute(n), 59 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 1
C:\System Volume Information\_restore{A5880384-B3AA-447F-90D1-11EC07673D7C}\RP246\A0081781.sys (Trojan.Agent.RKH) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)
ESET:

Code:
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=431649e9b6f012408bd5b5443eddc38c
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-01-28 12:48:57
# local_time=2012-01-28 01:48:57 (+0100, Westeuropäische Normalzeit)
# country="Germany"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=1032 16777189 100 95 96524 70924879 0 0
# compatibility_mode=8192 67108863 100 0 3802 3802 0 0
# scanned=111350
# found=3
# cleaned=0
# scan_time=5023
C:\Dokumente und Einstellungen\Ich\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\16\1eddb450-1b6c4d03        Java/Exploit.CVE-2011-3544.AC trojan (unable to clean)        00000000000000000000000000000000        I
G:\Downloads\cnet_gantt-chart_L_zip.exe        a variant of Win32/InstallCore.D application (unable to clean)        00000000000000000000000000000000        I
G:\Downloads\PDFCreator-1_2_3_setup.exe        Win32/Adware.Toolbar.Dealio application (unable to clean)        00000000000000000000000000000000        I
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=431649e9b6f012408bd5b5443eddc38c
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-01-31 03:42:17
# local_time=2012-01-31 04:42:17 (+0100, Westeuropäische Normalzeit)
# country="Germany"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=1032 16777173 100 95 18872 71194406 0 0
# compatibility_mode=8192 67108863 100 0 273329 273329 0 0
# scanned=96405
# found=2
# cleaned=2
# scan_time=5096
G:\Downloads\cnet_gantt-chart_L_zip.exe        a variant of Win32/InstallCore.D application (cleaned by deleting - quarantined)        00000000000000000000000000000000        C
G:\Downloads\PDFCreator-1_2_3_setup.exe        Win32/Adware.Toolbar.Dealio application (deleted - quarantined)        00000000000000000000000000000000        C

cosinus 31.01.2012 20:55
Sieht ok aus, da wurden nur Cookies gefunden. Die können weg, die Funde von ESET kannst du ignorieren.
Cookies sind keine Schädlinge direkt, aber es besteht die Gefahr der missbräuchlichen Verwendung (eindeutige Wiedererkennung zB für gezielte Werbung o.ä. => HTTP-Cookie )

Ist das System nun wieder in Ordnung oder gibt's noch andere Funde oder Probleme?


Alle Zeitangaben in WEZ +1. Es ist jetzt 08:10 Uhr.
Seite 2 von 3 1 2 3
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55