Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Avira nicht installierbar, Rechner langsam und Win32 und andere Trojaner an Board (https://www.trojaner-board.de/108837-avira-installierbar-rechner-langsam-win32-andere-trojaner-board.html)

KatieIchigo 31.01.2012 22:02

Avira nicht installierbar, Rechner langsam und Win32 und andere Trojaner an Board
 
Hilfe Hilfe. Ich werf ihn sonst an die Wand (vielleicht wird ein Frosch draus, wer weiß!).
Ich bin ziemlich schlecht mit COmputern, aber immerhin jetzt schon so weit, dass ich weiß, was ein Logfile ist.
Nun lese ich aber dass hickjackthis.de für dieses Forum nicht erwünscht ist.
Bevor ich die Anweisungen befolge die man hier bekommt, "kurze" Frage, vielleicht kann ja so schon jemand was dazu sagen (wär genial):

Computer fing vor paar Tagen an, ganz langsam zu werden. Wollte Avira Antivir runterladen - geht nicht, wegen Resten von alter Version. Avira Regcleaner funktioniert auch nicht. Im abgesicherten Modus alles gelöscht, wo Avira draufstand. Immer noch dasselbe. Ich kann das nciht installieren. Ach ja, wenn ich auf Ausführen, Regedit gehe, steht da in der Registry schon noch was mit Avira drin, das kann ich aber nicht löschen, auch nicht im abgesicherten Modus. Ist das vielleicht das Problem?

Kaspersky Probeversion runtergeladen: findet 34 Trojaner, auch Win 32. Oder war es das Trojanervernichteprogramm, was ich danach runtergeladen hab (Trojan Remover). Nach letzterem jedenfalls, oder nee nach einem MalwareSuchundReparierprogramm, sagt Kasperky bei neuerlichem Durchlauf, er findet nichts mehr.

Ich google Win 32 und komme nicht weiter.

Computer (Windows XP) läuft immer langsamer und ich werd immer bescheuerter.
Was tun?

Nach den Anweisungen Logfile erstellen und hier posten? Oder gibts irgendwas was ich jetzt selber tun kann?
Beachte: Ich kenn mich da echt nicht aus!!
Gibts irgendwas, was ich vielleicht falsch mach?

Wär super, wenn jemand was dazu sagt...
Danke...

Nachtrag:
Mir fällt auf, dass das Internet und alles jetzt wieder normal schnell ging - erst als ich ein Video aufgemacht (youtube, bwz. arte.tv) wurde wieder alles saulangsam. Ich erinner mich jetzt auch wieder, dass vor ein paar Tagen immer das Flash-Plugin abgestürzt ist beim Videogucken. Den Flashplayer hab ich dann erfolgreich nochmal neu installiert. Das Abstürzen ist seitdem auch wohl nicht mehr passiert.
Grüße
Katie

cosinus 01.02.2012 12:39

Zitat:

Kaspersky Probeversion runtergeladen: findet 34 Trojaner, auch Win 32. Oder war es das Trojanervernichteprogramm,
Ohne die Logs von Kaspersky wird das hier nichts. :glaskugel:
Alles davon (und evtl. anderen Scannern) muss hier gepostet werden.

Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:

hier steht das Log

KatieIchigo 01.02.2012 17:00

Danke Arne,

ich hoffe, dass entspricht so ungefährt dem, was Du meinst, als erstes die Untersuchung von Kaspersky:
Code:

Rootkit-Suche: wurde abgeschlossen vor 19 Stunden  (Ereignisse: 95, Objekte: 1417, Zeit: 00:13:06)       
        Aufgabe wurde abgeschlossen        31.01.2012 21:03:34                Untersuchung des Computers       
AdbeRdr60enu.exe        Gepackt: UPX        31.01.2012 21:02:04                Untersuchung des Computers       
AdobeUpdateManager.exe        Gepackt: PECompact        31.01.2012 20:59:44                Untersuchung des Computers       
Armadillo        Gepackt: Armadillo        31.01.2012 20:58:48                Untersuchung des Computers       
Rmvtrjan.exe        Gepackt: Armadillo        31.01.2012 20:58:48                Untersuchung des Computers       
Armadillo        Gepackt: Armadillo        31.01.2012 20:58:47                Untersuchung des Computers       
Rmvtrjan.exe        Gepackt: Armadillo        31.01.2012 20:58:47                Untersuchung des Computers       
PecBundle        Gepackt: PECompact        31.01.2012 20:58:26                Untersuchung des Computers       
PE_Patch.PECompact        Gepackt: PecBundle        31.01.2012 20:58:26                Untersuchung des Computers       
XEBShell.dll        Gepackt: PE_Patch.PECompact        31.01.2012 20:58:26                Untersuchung des Computers       
Acer.scr        Gepackt: ASPack        31.01.2012 20:56:41                Untersuchung des Computers       
WANARP.SYS        Gepackt: PE_Patch        31.01.2012 20:56:14                Untersuchung des Computers       
VOLSNAP.SYS        Gepackt: PE_Patch        31.01.2012 20:56:13                Untersuchung des Computers       
VGA.SYS        Gepackt: PE_Patch        31.01.2012 20:56:13                Untersuchung des Computers       
USBUHCI.SYS        Gepackt: PE_Patch        31.01.2012 20:56:12                Untersuchung des Computers       
USBSTOR.SYS        Gepackt: PE_Patch        31.01.2012 20:56:12                Untersuchung des Computers       
USBHUB.SYS        Gepackt: PE_Patch        31.01.2012 20:56:12                Untersuchung des Computers       
USBEHCI.SYS        Gepackt: PE_Patch        31.01.2012 20:56:12                Untersuchung des Computers       
UPDATE.SYS        Gepackt: PE_Patch        31.01.2012 20:56:11                Untersuchung des Computers       
UDFS.SYS        Gepackt: PE_Patch        31.01.2012 20:56:11                Untersuchung des Computers       
TERMDD.SYS        Gepackt: PE_Patch        31.01.2012 20:56:11                Untersuchung des Computers       
TDTCP.SYS        Gepackt: PE_Patch        31.01.2012 20:56:10                Untersuchung des Computers       
TDPIPE.SYS        Gepackt: PE_Patch        31.01.2012 20:56:10                Untersuchung des Computers       
SWMIDI.SYS        Gepackt: PE_Patch        31.01.2012 20:56:09                Untersuchung des Computers       
SWENUM.SYS        Gepackt: PE_Patch        31.01.2012 20:56:09                Untersuchung des Computers       
SR.SYS        Gepackt: PE_Patch        31.01.2012 20:56:08                Untersuchung des Computers       
SPLITTER.SYS        Gepackt: PE_Patch        31.01.2012 20:56:08                Untersuchung des Computers       
SFLOPPY.SYS        Gepackt: PE_Patch        31.01.2012 20:56:07                Untersuchung des Computers       
SECDRV.SYS        Gepackt: PE_Patch        31.01.2012 20:56:06                Untersuchung des Computers       
SCSIPORT.SYS        Gepackt: PE_Patch        31.01.2012 20:56:06                Untersuchung des Computers       
RFCOMM.SYS        Gepackt: PE_Patch        31.01.2012 20:56:04                Untersuchung des Computers       
REDBOOK.SYS        Gepackt: PE_Patch        31.01.2012 20:56:03                Untersuchung des Computers       
RDPWD.SYS        Gepackt: PE_Patch        31.01.2012 20:56:03                Untersuchung des Computers       
RASPPPOE.SYS        Gepackt: PE_Patch        31.01.2012 20:56:02                Untersuchung des Computers       
PSCHED.SYS        Gepackt: PE_Patch        31.01.2012 20:56:01                Untersuchung des Computers       
PCMCIA.SYS        Gepackt: PE_Patch        31.01.2012 20:56:00                Untersuchung des Computers       
PCI.SYS        Gepackt: PE_Patch        31.01.2012 20:55:59                Untersuchung des Computers       
PARTMGR.SYS        Gepackt: PE_Patch        31.01.2012 20:55:58                Untersuchung des Computers       
PARPORT.SYS        Gepackt: PE_Patch        31.01.2012 20:55:58                Untersuchung des Computers       
OHCI1394.SYS        Gepackt: PE_Patch        31.01.2012 20:55:58                Untersuchung des Computers       
NSCIRDA.SYS        Gepackt: PE_Patch        31.01.2012 20:55:56                Untersuchung des Computers       
NPFS.SYS        Gepackt: PE_Patch        31.01.2012 20:55:56                Untersuchung des Computers       
NIC1394.SYS        Gepackt: PE_Patch        31.01.2012 20:55:56                Untersuchung des Computers       
NETBIOS.SYS        Gepackt: PE_Patch        31.01.2012 20:55:54                Untersuchung des Computers       
NDPROXY.SYS        Gepackt: PE_Patch        31.01.2012 20:55:54                Untersuchung des Computers       
NDISUIO.SYS        Gepackt: PE_Patch        31.01.2012 20:55:53                Untersuchung des Computers       
NDISTAPI.SYS        Gepackt: PE_Patch        31.01.2012 20:55:53                Untersuchung des Computers       
MSSMBIOS.SYS        Gepackt: PE_Patch        31.01.2012 20:55:51                Untersuchung des Computers       
MSPQM.SYS        Gepackt: PE_Patch        31.01.2012 20:55:51                Untersuchung des Computers       
MSPCLOCK.SYS        Gepackt: PE_Patch        31.01.2012 20:55:51                Untersuchung des Computers       
MSKSSRV.SYS        Gepackt: PE_Patch        31.01.2012 20:55:51                Untersuchung des Computers       
MSIRCOMM.SYS        Gepackt: PE_Patch        31.01.2012 20:55:50                Untersuchung des Computers       
MSFS.SYS        Gepackt: PE_Patch        31.01.2012 20:55:50                Untersuchung des Computers       
MRXDAV.SYS        Gepackt: PE_Patch        31.01.2012 20:55:48                Untersuchung des Computers       
MOUNTMGR.SYS        Gepackt: PE_Patch        31.01.2012 20:55:48                Untersuchung des Computers       
MOUCLASS.SYS        Gepackt: PE_Patch        31.01.2012 20:55:48                Untersuchung des Computers       
MODEM.SYS        Gepackt: PE_Patch        31.01.2012 20:55:48                Untersuchung des Computers       
KSECDD.SYS        Gepackt: PE_Patch        31.01.2012 20:55:47                Untersuchung des Computers       
KMIXER.SYS        Gepackt: PE_Patch        31.01.2012 20:55:46                Untersuchung des Computers       
KBDCLASS.SYS        Gepackt: PE_Patch        31.01.2012 20:55:38                Untersuchung des Computers       
ISAPNP.SYS        Gepackt: PE_Patch        31.01.2012 20:55:37                Untersuchung des Computers       
IRENUM.SYS        Gepackt: PE_Patch        31.01.2012 20:55:37                Untersuchung des Computers       
IRDA.SYS        Gepackt: PE_Patch        31.01.2012 20:55:37                Untersuchung des Computers       
IPNAT.SYS        Gepackt: PE_Patch        31.01.2012 20:55:36                Untersuchung des Computers       
IPINIP.SYS        Gepackt: PE_Patch        31.01.2012 20:55:36                Untersuchung des Computers       
IP6FW.SYS        Gepackt: PE_Patch        31.01.2012 20:55:35                Untersuchung des Computers       
INTELPPM.SYS        Gepackt: PE_Patch        31.01.2012 20:55:35                Untersuchung des Computers       
INTELIDE.SYS        Gepackt: PE_Patch        31.01.2012 20:55:34                Untersuchung des Computers       
IMAPI.SYS        Gepackt: PE_Patch        31.01.2012 20:55:33                Untersuchung des Computers       
HTTP.SYS        Gepackt: PE_Patch        31.01.2012 20:55:27                Untersuchung des Computers       
MSGPC.SYS        Gepackt: PE_Patch        31.01.2012 20:55:27                Untersuchung des Computers       
fltMgr.sys        Gepackt: PE_Patch        31.01.2012 20:55:24                Untersuchung des Computers       
FLPYDISK.SYS        Gepackt: PE_Patch        31.01.2012 20:55:24                Untersuchung des Computers       
FIPS.SYS        Gepackt: PE_Patch        31.01.2012 20:55:23                Untersuchung des Computers       
FDC.SYS        Gepackt: PE_Patch        31.01.2012 20:55:23                Untersuchung des Computers       
DRMKAUD.SYS        Gepackt: PE_Patch        31.01.2012 20:55:21                Untersuchung des Computers       
DMusic.sys        Gepackt: PE_Patch        31.01.2012 20:55:21                Untersuchung des Computers       
DMIO.SYS        Gepackt: PE_Patch        31.01.2012 20:55:20                Untersuchung des Computers       
DMBOOT.SYS        Gepackt: PE_Patch        31.01.2012 20:55:18                Untersuchung des Computers       
DISK.SYS        Gepackt: PE_Patch        31.01.2012 20:55:15                Untersuchung des Computers       
COMPBATT.SYS        Gepackt: PE_Patch        31.01.2012 20:55:09                Untersuchung des Computers       
CmBatt.sys        Gepackt: PE_Patch        31.01.2012 20:55:06                Untersuchung des Computers       
CDROM.SYS        Gepackt: PE_Patch        31.01.2012 20:54:58                Untersuchung des Computers       
BTHUSB.SYS        Gepackt: PE_Patch        31.01.2012 20:54:56                Untersuchung des Computers       
BTHPORT.SYS        Gepackt: PE_Patch        31.01.2012 20:54:55                Untersuchung des Computers       
BTHPAN.SYS        Gepackt: PE_Patch        31.01.2012 20:54:55                Untersuchung des Computers       
BthEnum.sys        Gepackt: PE_Patch        31.01.2012 20:54:54                Untersuchung des Computers       
ATMARPC.SYS        Gepackt: PE_Patch        31.01.2012 20:54:51                Untersuchung des Computers       
ATAPI.SYS        Gepackt: PE_Patch        31.01.2012 20:54:48                Untersuchung des Computers       
ASYNCMAC.SYS        Gepackt: PE_Patch        31.01.2012 20:54:48                Untersuchung des Computers       
ARP1394.SYS        Gepackt: PE_Patch        31.01.2012 20:54:46                Untersuchung des Computers       
AEC.SYS        Gepackt: PE_Patch        31.01.2012 20:54:43                Untersuchung des Computers       
ACPI.SYS        Gepackt: PE_Patch        31.01.2012 20:54:42                Untersuchung des Computers       
Trjscan.exe        Gepackt: ASPack        31.01.2012 20:53:15                Untersuchung des Computers       
        Aufgabe wurde gestartet        31.01.2012 20:50:25                Untersuchung des Computers

dann hier von dem trojan remover, da finde ich zwei solche teile:
Code:

***** THE SYSTEM HAS BEEN RESTARTED *****
31.01.2012 16:31:33: Trojan Remover has been restarted
31.01.2012 16:31:33: Trojan Remover closed
************************************************************


***** NORMAL SCAN FOR ACTIVE MALWARE *****
Trojan Remover Ver 6.8.2.2595. For information, email support@simplysup.com
[Unregistered version]
Scan started at: 14:56:29 31 Jan 2012
Using Database v7835
Operating System:  Windows XP Home Edition (SP3) [Build: 5.1.2600]
File System:      FAT32
UserData directory: C:\Dokumente und Einstellungen\katie\Anwendungsdaten\Simply Super Software\Trojan Remover\
Database directory: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Simply Super Software\Trojan Remover\Data\
Logfile directory:  C:\Dokumente und Einstellungen\katie\Eigene Dateien\Simply Super Software\Trojan Remover Logfiles\
Program directory:  C:\Programme\Trojan Remover\
Running with Administrator privileges

************************************************************

************************************************************
14:56:29: ----- SCANNING FOR ROOTKIT SERVICES -----
No hidden Services were detected.

************************************************************
14:56:30: Scanning -----WINDOWS REGISTRY-----
--------------------
Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon
This key's "Shell" value calls the following program(s):
Key value: [Explorer.exe]
File: Explorer.exe
C:\WINDOWS\Explorer.exe
1036800 bytes
Created:  01.01.1980 00:00
Modified: 14.04.2008 03:22
Company:  Microsoft Corporation
----------
This key's "Userinit" value calls the following program(s):
Key value: [C:\WINDOWS\system32\userinit.exe,]
File: C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\system32\userinit.exe
26624 bytes
Created:  01.01.1980 00:00
Modified: 14.04.2008 03:23
Company:  Microsoft Corporation
----------
This key's "System" value appears to be blank
----------
This key's "UIHost" value calls the following program:
Key value: [logonui.exe]
File: logonui.exe
C:\WINDOWS\system32\logonui.exe
515072 bytes
Created:  01.01.1980 00:00
Modified: 14.04.2008 03:22
Company:  Microsoft Corporation
----------
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
--------------------
Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
Value Name: load
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Value Name: LaunchApp
Value Data: Alaunch
C:\WINDOWS\Alaunch.exe
499712 bytes
Created:  01.01.1980 00:00
Modified: 02.11.2004 19:07
Company:  Acer Inc.
--------------------
Value Name: SynTPLpr
Value Data: C:\Programme\Synaptics\SynTP\SynTPLpr.exe
C:\Programme\Synaptics\SynTP\SynTPLpr.exe
98394 bytes
Created:  27.12.2004 12:18
Modified: 07.10.2004 22:44
Company:  Synaptics, Inc.
--------------------
Value Name: SynTPEnh
Value Data: C:\Programme\Synaptics\SynTP\SynTPEnh.exe
C:\Programme\Synaptics\SynTP\SynTPEnh.exe
688218 bytes
Created:  27.12.2004 12:18
Modified: 07.10.2004 22:43
Company:  Synaptics, Inc.
--------------------
Value Name: BluetoothAuthenticationAgent
Value Data: rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
C:\WINDOWS\system32\bthprops.cpl
110592 bytes
Created:  04.08.2004 00:58
Modified: 14.04.2008 03:23
Company:  Microsoft Corporation
--------------------
Value Name: IMJPMIG8.1
Value Data: "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE
208952 bytes
Created:  27.12.2004 12:22
Modified: 04.08.2004 05:00
Company:  Microsoft Corporation
--------------------
Value Name: MSPY2002
Value Data: C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe
59392 bytes
Created:  27.12.2004 12:22
Modified: 04.08.2004 05:00
Company:  [no info]
--------------------
Value Name: PHIME2002ASync
Value Data: C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE
455168 bytes
Created:  27.12.2004 12:22
Modified: 04.08.2004 05:00
Company:  Microsoft Corporation
--------------------
Value Name: PHIME2002A
Value Data: C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE
455168 bytes
Created:  27.12.2004 12:22
Modified: 04.08.2004 05:00
Company:  Microsoft Corporation
--------------------
Value Name: IgfxTray
Value Data: C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\igfxtray.exe - [file not found to scan]
--------------------
Value Name: HotKeysCmds
Value Data: C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\hkcmd.exe
126976 bytes
Created:  01.01.1980 00:00
Modified: 07.10.2004 16:27
Company:  Intel Corporation
--------------------
Value Name: PCMService
Value Data: "C:\Programme\Arcade\PCMService.exe"
C:\Programme\Arcade\PCMService.exe
81920 bytes
Created:  27.12.2004 12:24
Modified: 27.08.2004 16:50
Company:  CyberLink Corp.
--------------------
Value Name: EPM-DM
Value Data: c:\acer\epm\epm-dm.exe
c:\acer\epm\epm-dm.exe
176128 bytes
Created:  09.01.2010 21:14
Modified: 22.12.2004 17:42
Company:  Acer Inc
--------------------
Value Name: ePowerManagement
Value Data: C:\Acer\ePM\ePM.exe boot
C:\Acer\ePM\ePM.exe
2889216 bytes
Created:  09.01.2010 21:14
Modified: 22.12.2004 13:37
Company:  Acer Value Labs, Taiwan
--------------------
Value Name: LManager
Value Data: C:\Programme\Launch Manager\QtZgAcer.EXE
C:\Programme\Launch Manager\QtZgAcer.EXE
311296 bytes
Created:  09.01.2010 21:15
Modified: 09.12.2004 12:50
Company:  Dritek System Inc.
--------------------
Value Name: eRecoveryService
Value Data: C:\Windows\System32\Check.exe
C:\Windows\System32\Check.exe
245760 bytes
Created:  09.01.2010 21:15
Modified: 24.11.2004 17:34
Company:  acer Inc.
--------------------
Value Name: avgnt
Value Data: "C:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min
C:\Programme\Avira\AntiVir Desktop\avgnt.exe - [file not found to scan]
--------------------
Value Name: QuickTime Task
Value Data: "C:\Programme\QuickTime\QTTask.exe" -atboottime
C:\Programme\QuickTime\QTTask.exe
421888 bytes
Created:  24.10.2011 14:28
Modified: 24.10.2011 14:28
Company:  Apple Inc.
--------------------
Value Name: APSDaemon
Value Data: "C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\APSDaemon.exe"
C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\APSDaemon.exe
59240 bytes
Created:  27.09.2011 07:22
Modified: 27.09.2011 07:22
Company:  Apple Inc.
--------------------
Value Name: SunJavaUpdateSched
Value Data: "C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe"
C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe
254696 bytes
Created:  09.06.2011 13:06
Modified: 09.06.2011 13:06
Company:  Sun Microsystems, Inc.
--------------------
Value Name: AVP
Value Data: "C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe"
C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe
202296 bytes
Created:  24.04.2011 23:15
Modified: 24.04.2011 23:15
Company:  Kaspersky Lab ZAO
--------------------
Value Name: TrojanScanner
Value Data: C:\Programme\Trojan Remover\Trjscan.exe /boot
C:\Programme\Trojan Remover\Trjscan.exe
1167296 bytes
Created:  31.01.2012 14:47
Modified: 05.07.2010 12:49
Company:  Simply Super Software
--------------------
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
This Registry Key appears to be empty
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Value Name: CTFMON.EXE
Value Data: C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\ctfmon.exe
15360 bytes
Created:  01.01.1980 00:00
Modified: 14.04.2008 03:22
Company:  Microsoft Corporation
--------------------
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
This Registry Key appears to be empty

************************************************************
14:56:36: Scanning -----SHELLEXECUTEHOOKS-----
ValueName: {AEB6717E-7E19-11d0-97EE-00C04FD91972}
File:      shell32.dll - this file is expected and has been left in place
----------

************************************************************
14:56:36: Scanning -----HIDDEN REGISTRY ENTRIES-----
Taskdir check completed
----------
No Hidden File-loading Registry Entries found
----------

************************************************************
14:56:36: Scanning -----ACTIVE SCREENSAVER-----
ScreenSaver: C:\WINDOWS\system32\logon.scr
C:\WINDOWS\system32\logon.scr
220672 bytes
Created:  01.01.1980 00:00
Modified: 14.04.2008 03:23
Company:  Microsoft Corporation
--------------------

************************************************************
14:56:36: Scanning ----- REGISTRY ACTIVE SETUP KEYS -----
Key:  {44BBA840-CC51-11CF-AAFA-00AA00B6015C}
Path: "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
C:\Programme\Outlook Express\setup50.exe - [file not found to scan]
----------
Key:  {7790769C-0471-11d2-AF11-00C04FA35D02}
Path: "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
C:\Programme\Outlook Express\setup50.exe - [file not found to scan]
----------
Key:  {94de52c8-2d59-4f1b-883e-79663d2d9a8c}
Path: rundll32.exe C:\WINDOWS\system32\Setup\FxsOcm.dll,XP_UninstallProvider
C:\WINDOWS\system32\Setup\FxsOcm.dll
132608 bytes
Created:  01.01.1980 00:00
Modified: 14.04.2008 03:22
Company:  Microsoft Corporation
----------

************************************************************
14:56:37: Scanning ----- SERVICEDLL REGISTRY KEYS -----
Key: AppMgmt
%SystemRoot%\System32\appmgmts.dll - file is globally excluded (file cannot be found)
--------------------
Key: HidServ
%SystemRoot%\System32\hidserv.dll - file is globally excluded (file cannot be found)
--------------------

************************************************************
14:56:39: Scanning ----- SERVICES REGISTRY KEYS -----
Key:      AntiVirSchedulerService
ImagePath: "C:\Programme\Avira\AntiVir Desktop\sched.exe"
C:\Programme\Avira\AntiVir Desktop\sched.exe - [file not found to scan]
----------
Key:      AntiVirService
ImagePath: "C:\Programme\Avira\AntiVir Desktop\avguard.exe"
C:\Programme\Avira\AntiVir Desktop\avguard.exe - [file not found to scan]
----------
Key:      atapi
ImagePath: system32\DRIVERS\atapi.sys
C:\WINDOWS\system32\DRIVERS\atapi.sys
96512 bytes
Created:  03.08.2004 22:59
Modified: 13.04.2008 19:40
Company:  Microsoft Corporation
----------
Key:      avgio
ImagePath: \??\C:\Programme\Avira\AntiVir Desktop\avgio.sys
C:\Programme\Avira\AntiVir Desktop\avgio.sys - [file not found to scan]
----------
Key:      AVP
ImagePath: "C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe" -r
C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe
202296 bytes
Created:  24.04.2011 23:15
Modified: 24.04.2011 23:15
Company:  Kaspersky Lab ZAO
----------
Key:      b57w2k
ImagePath: system32\DRIVERS\b57xp32.sys
C:\WINDOWS\system32\DRIVERS\b57xp32.sys
175360 bytes
Created:  01.01.1980 00:00
Modified: 21.05.2003 18:47
Company:  Broadcom Corporation
----------
Key:      CAMCAUD
ImagePath: system32\drivers\camcaud.sys
C:\WINDOWS\system32\drivers\camcaud.sys
34048 bytes
Created:  01.01.1980 00:00
Modified: 24.06.2004 22:29
Company:  Conexant Systems Inc.
----------
Key:      CAMCHALA
ImagePath: system32\drivers\camchal.sys
C:\WINDOWS\system32\drivers\camchal.sys
276480 bytes
Created:  01.01.1980 00:00
Modified: 24.06.2004 22:31
Company:  Conexant Systems Inc.
----------
Key:      cpudrv
ImagePath: \??\C:\Programme\SystemRequirementsLab\cpudrv.sys
C:\Programme\SystemRequirementsLab\cpudrv.sys
11336 bytes
Created:  18.12.2009 11:58
Modified: 18.12.2009 11:58
Company:  [no info]
----------
Key:      DKbFltr
ImagePath: System32\Drivers\DKbFltr.sys
C:\WINDOWS\System32\Drivers\DKbFltr.sys
16896 bytes
Created:  09.01.2010 21:15
Modified: 08.12.2004 14:10
Company:  Dritek System Inc.
----------
Key:      EpmPsd
ImagePath: \??\C:\WINDOWS\system32\drivers\epm-psd.sys
C:\WINDOWS\system32\drivers\epm-psd.sys
4096 bytes
Created:  09.01.2010 21:14
Modified: 19.07.2004 13:10
Company:  Acer Value Labs, USA
----------
Key:      EpmShd
ImagePath: \??\C:\WINDOWS\system32\drivers\epm-shd.sys
C:\WINDOWS\system32\drivers\epm-shd.sys
78208 bytes
Created:  09.01.2010 21:14
Modified: 02.09.2004 17:27
Company:  Acer Value Labs, USA
----------
Key:      ggflt
ImagePath: system32\DRIVERS\ggflt.sys
C:\WINDOWS\system32\DRIVERS\ggflt.sys
13224 bytes
Created:  03.03.2010 13:52
Modified: 03.03.2010 13:52
Company:  Sony Ericsson Mobile Communications
----------
Key:      ggsemc
ImagePath: system32\DRIVERS\ggsemc.sys
C:\WINDOWS\system32\DRIVERS\ggsemc.sys
25512 bytes
Created:  03.03.2010 13:52
Modified: 03.03.2010 13:52
Company:  Sony Ericsson Mobile Communications
----------
Key:      HSFHWICH
ImagePath: system32\DRIVERS\HSFHWICH.sys
C:\WINDOWS\system32\DRIVERS\HSFHWICH.sys
200064 bytes
Created:  01.01.1980 00:00
Modified: 09.06.2004 23:00
Company:  Conexant Systems, Inc.
----------
Key:      int15.sys
ImagePath: \??\C:\Programme\acer\eRecovery\int15.sys
C:\Programme\acer\eRecovery\int15.sys
-R- 69632 bytes
Created:  09.01.2010 21:15
Modified: 03.11.2004 09:06
Company:  [no info]
----------
Key:      KL1
ImagePath: system32\DRIVERS\kl1.sys
C:\WINDOWS\system32\DRIVERS\kl1.sys
133208 bytes
Created:  04.03.2011 13:23
Modified: 04.03.2011 13:23
Company:  Kaspersky Lab ZAO
----------
Key:      kl2
ImagePath: system32\DRIVERS\kl2.sys
C:\WINDOWS\system32\DRIVERS\kl2.sys
11352 bytes
Created:  04.03.2011 13:23
Modified: 04.03.2011 13:23
Company:  Kaspersky Lab ZAO
----------
Key:      klim5
ImagePath: system32\DRIVERS\klim5.sys
C:\WINDOWS\system32\DRIVERS\klim5.sys
34608 bytes
Created:  10.03.2011 18:34
Modified: 10.03.2011 18:34
Company:  Kaspersky Lab ZAO
----------
Key:      klmouflt
ImagePath: system32\DRIVERS\klmouflt.sys
C:\WINDOWS\system32\DRIVERS\klmouflt.sys
19472 bytes
Created:  02.11.2009 20:27
Modified: 02.11.2009 20:27
Company:  Kaspersky Lab
----------
Key:      NCHSSVAD
ImagePath: system32\drivers\nchssvad.sys
C:\WINDOWS\system32\drivers\nchssvad.sys
33848 bytes
Created:  09.01.2010 22:41
Modified: 09.01.2010 22:41
Company:  NCH Swift Sound
----------
Key:      NSCIRDA
ImagePath: system32\DRIVERS\nscirda.sys
C:\WINDOWS\system32\DRIVERS\nscirda.sys
28672 bytes
Created:  27.12.2004 12:03
Modified: 13.04.2008 19:54
Company:  National Semiconductor Corporation
----------
Key:      s115bus
ImagePath: system32\DRIVERS\s115bus.sys
C:\WINDOWS\system32\DRIVERS\s115bus.sys
-R- 83208 bytes
Created:  06.04.2010 22:05
Modified: 23.04.2007 15:54
Company:  MCCI Corporation
----------
Key:      s115mdfl
ImagePath: system32\DRIVERS\s115mdfl.sys
C:\WINDOWS\system32\DRIVERS\s115mdfl.sys
-R- 15112 bytes
Created:  06.04.2010 22:05
Modified: 23.04.2007 15:54
Company:  MCCI Corporation
----------
Key:      s115mdm
ImagePath: system32\DRIVERS\s115mdm.sys
C:\WINDOWS\system32\DRIVERS\s115mdm.sys
-R- 108680 bytes
Created:  06.04.2010 22:05
Modified: 23.04.2007 15:54
Company:  MCCI Corporation
----------
Key:      s115mgmt
ImagePath: system32\DRIVERS\s115mgmt.sys
C:\WINDOWS\system32\DRIVERS\s115mgmt.sys
-R- 100488 bytes
Created:  06.04.2010 22:05
Modified: 23.04.2007 15:54
Company:  MCCI Corporation
----------
Key:      s115obex
ImagePath: system32\DRIVERS\s115obex.sys
C:\WINDOWS\system32\DRIVERS\s115obex.sys
-R- 98568 bytes
Created:  06.04.2010 22:05
Modified: 23.04.2007 15:54
Company:  MCCI Corporation
----------
Key:      seehcri
ImagePath: system32\DRIVERS\seehcri.sys
C:\WINDOWS\system32\DRIVERS\seehcri.sys
27632 bytes
Created:  03.03.2010 13:52
Modified: 03.03.2010 13:52
Company:  Sony Ericsson Mobile Communications
----------
Key:      SwPrv
ImagePath: C:\WINDOWS\system32\dllhost.exe /Processid:{0F4618CA-F9AA-471A-B1B0-EE0F3EE4CD72}
C:\WINDOWS\system32\dllhost.exe
5120 bytes
Created:  01.01.1980 00:00
Modified: 14.04.2008 03:22
Company:  Microsoft Corporation
----------
Key:      SynTP
ImagePath: system32\DRIVERS\SynTP.sys
C:\WINDOWS\system32\DRIVERS\SynTP.sys
185824 bytes
Created:  27.12.2004 12:18
Modified: 07.10.2004 22:33
Company:  Synaptics, Inc.
----------
Key:      tifm21
ImagePath: system32\drivers\tifm21.sys
C:\WINDOWS\system32\drivers\tifm21.sys
146304 bytes
Created:  13.09.2004 13:40
Modified: 13.09.2004 13:40
Company:  Texas Instruments
----------
Key:      w29n51
ImagePath: system32\DRIVERS\w29n51.sys
C:\WINDOWS\system32\DRIVERS\w29n51.sys
2216064 bytes
Created:  01.01.1980 00:00
Modified: 11.11.2009 14:26
Company:  Intel® Corporation
----------
Key:      WMPNetworkSvc
ImagePath: "C:\Programme\Windows Media Player\WMPNetwk.exe"
C:\Programme\Windows Media Player\WMPNetwk.exe
920576 bytes
Created:  03.11.2006 09:56
Modified: 03.11.2006 09:56
Company:  Microsoft Corporation
----------
Key:      WPFFontCache_v0400
ImagePath: C:\WINDOWS\Microsoft.NET\Framework\v4.0.21006\WPF\WPFFontCache_v0400.exe
C:\WINDOWS\Microsoft.NET\Framework\v4.0.21006\WPF\WPFFontCache_v0400.exe - [file not found to scan]
----------

************************************************************
14:56:50: Scanning -----VXD ENTRIES-----

************************************************************
14:56:50: Scanning ----- WINLOGON\NOTIFY DLLS -----
Key    : igfxcui
DLLName: igfxsrvc.dll
C:\WINDOWS\system32\igfxsrvc.dll
344064 bytes
Created:  01.01.1980 00:00
Modified: 07.10.2004 16:27
Company:  Intel Corporation
----------
Key    : klogon
DLLName: C:\WINDOWS\system32\klogon.dll
C:\WINDOWS\system32\klogon.dll
229776 bytes
Created:  24.04.2011 23:13
Modified: 24.04.2011 23:13
Company:  Kaspersky Lab ZAO
----------

************************************************************
14:56:50: Scanning ----- CONTEXTMENUHANDLERS -----
Key:  Kaspersky Anti-Virus
CLSID: {dd230880-495a-11d1-b064-008048ec2fc5}
Path:  C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 2012\shellex.dll
C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 2012\shellex.dll
180624 bytes
Created:  13.10.2011 20:41
Modified: 13.10.2011 20:41
Company:  Kaspersky Lab ZAO
----------
Key:  Shell Extension for Malware scanning
CLSID: {45AC2688-0253-4ED8-97DE-B5370FA7D48A}
File:  [CLSID does not appear to reference a file]
----------

************************************************************
14:56:51: Scanning ----- FOLDER\COLUMNHANDLERS -----
Key:  {C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}
File: "C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll"
C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
401920 bytes
Created:  19.05.2010 15:37
Modified: 19.05.2010 15:37
Company:  OpenOffice.org
----------

************************************************************
14:56:51: Scanning ----- BROWSER HELPER OBJECTS -----
Key: {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C}
BHO: C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 2012\ievkbd.dll
C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 2012\ievkbd.dll
86416 bytes
Created:  24.04.2011 23:13
Modified: 24.04.2011 23:13
Company:  Kaspersky Lab ZAO
----------
Key: {E33CF602-D945-461A-83F0-819F76A199F8}
BHO: C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 2012\klwtbbho.dll
C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 2012\klwtbbho.dll
229776 bytes
Created:  24.04.2011 23:13
Modified: 24.04.2011 23:13
Company:  Kaspersky Lab ZAO
----------

************************************************************
14:56:51: Scanning ----- SHELLSERVICEOBJECTS -----

************************************************************
14:56:51: Scanning ----- SHAREDTASKSCHEDULER ENTRIES -----

************************************************************
14:56:51: Scanning ----- IMAGEFILE DEBUGGERS -----
No "Debugger" entries found.

************************************************************
14:56:51: Scanning ----- APPINIT_DLLS -----
The AppInit_DLLs value is blank or does not exist

************************************************************
14:56:52: Scanning ----- SECURITY PROVIDER DLLS -----

************************************************************
14:56:52: Scanning ------ COMMON STARTUP GROUP ------
[C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart]
The Common Startup Group attempts to load the following file(s) at boot time:
C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\desktop.ini
-HS- 84 bytes
Created:  27.12.2004 12:01
Modified: 27.12.2004 12:08
Company:  [no info]
--------------------

************************************************************
No User Startup Groups were located to check

************************************************************
14:56:52: Scanning ----- SCHEDULED TASKS -----
Taskname:      AppleSoftwareUpdate
File:          C:\Programme\Apple Software Update\SoftwareUpdate.exe
C:\Programme\Apple Software Update\SoftwareUpdate.exe
561984 bytes
Created:  01.06.2011 17:57
Modified: 01.06.2011 17:57
Company:  Apple Inc.
Parameters:    -task
Schedule:      Um 20:03 wöchentlich jeden Do, ab dem 13.07.2011
Next Run Time: 02.02.2012 20:03:00
Status:        Ready
Creator:      SYSTEM
Comments:     
----------

************************************************************
14:56:52: Scanning ----- SHELLICONOVERLAYIDENTIFIERS -----

************************************************************
14:56:52: Scanning ----- DEVICE DRIVER ENTRIES -----

************************************************************
14:56:52: ----- ADDITIONAL CHECKS -----
PE386 rootkit checks completed
----------
Winlogon registry rootkit checks completed
----------
Heuristic checks for hidden files/drivers completed
----------
Layered Service Provider entries checks completed
----------
Windows Explorer Policies checks completed
----------
Desktop Wallpaper: C:\Dokumente und Einstellungen\katie\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
C:\Dokumente und Einstellungen\katie\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
1361942 bytes
Created:  09.01.2010 22:25
Modified: 22.01.2012 21:23
Company:  [no info]
----------
Web Desktop Wallpaper: %USERPROFILE%\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
C:\Dokumente und Einstellungen\katie\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
1361942 bytes
Created:  09.01.2010 22:25
Modified: 22.01.2012 21:23
Company:  [no info]
----------
Checks for rogue DNS NameServers completed
----------
Checking for specific malicious files:
C:\WINDOWS\system32\drivers\str.sys - Rootkit.Agent
C:\WINDOWS\system32\drivers\str.sys
327743 bytes
Created:  21.03.2011 22:48
Modified: 13.04.2011 23:59
Company:  [no info]
C:\WINDOWS\system32\drivers\str.sys - file renamed to: C:\WINDOWS\system32\drivers\str.sys.vir
----------
Additional checks completed

************************************************************
14:57:05: Scanning ----- RUNNING PROCESSES -----

C:\WINDOWS\System32\smss.exe
50688 bytes
Created:  01.01.1980 00:00
Modified: 14.04.2008 03:23
Company:  Microsoft Corporation
[no modules loaded]
--------------------
C:\WINDOWS\system32\winlogon.exe
513024 bytes
Created:  01.01.1980 00:00
Modified: 14.04.2008 03:23
Company:  Microsoft Corporation
[no modules loaded]
--------------------
C:\WINDOWS\system32\services.exe
111104 bytes
Created:  01.01.1980 00:00
Modified: 09.02.2009 12:21
Company:  Microsoft Corporation
[no modules loaded]
--------------------
C:\WINDOWS\system32\lsass.exe
13312 bytes
Created:  01.01.1980 00:00
Modified: 14.04.2008 03:22
Company:  Microsoft Corporation
[no modules loaded]
--------------------
C:\WINDOWS\system32\Ati2evxx.exe
413696 bytes
Created:  01.01.1980 00:00
Modified: 09.11.2004 05:32
Company:  ATI Technologies Inc.
[no modules loaded]
--------------------
C:\WINDOWS\system32\svchost.exe
14336 bytes
Created:  01.01.1980 00:00
Modified: 14.04.2008 03:23
Company:  Microsoft Corporation
[no modules loaded]
--------------------
C:\WINDOWS\System32\svchost.exe - file already scanned
[no modules loaded]
--------------------
C:\WINDOWS\system32\spoolsv.exe
58880 bytes
Created:  01.01.1980 00:00
Modified: 17.08.2010 14:17
Company:  Microsoft Corporation
[no modules loaded]
--------------------
C:\WINDOWS\system32\Ati2evxx.exe - file already scanned
[no modules loaded]
--------------------
C:\WINDOWS\Explorer.EXE - file already scanned
[94 loaded modules in total]
--------------------
C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe - file already scanned
[no modules loaded]
--------------------
C:\Programme\Java\jre6\bin\jqs.exe
153376 bytes
Created:  17.01.2010 19:36
Modified: 10.11.2011 05:54
Company:  Sun Microsystems, Inc.
[no modules loaded]
--------------------
C:\WINDOWS\system32\wuauclt.exe
53472 bytes
Created:  27.12.2004 12:06
Modified: 06.08.2009 19:24
Company:  Microsoft Corporation
[no modules loaded]
--------------------
C:\Programme\Synaptics\SynTP\SynTPLpr.exe - file already scanned
[21 loaded modules in total]
--------------------
C:\Programme\Synaptics\SynTP\SynTPEnh.exe - file already scanned
[28 loaded modules in total]
--------------------
C:\WINDOWS\system32\rundll32.exe
33792 bytes
Created:  01.01.1980 00:00
Modified: 14.04.2008 03:23
Company:  Microsoft Corporation
[35 loaded modules in total]
--------------------
C:\Programme\Arcade\PCMService.exe - file already scanned
[29 loaded modules in total]
--------------------
C:\acer\epm\epm-dm.exe - file already scanned
[25 loaded modules in total]
--------------------
C:\Programme\Launch Manager\QtZgAcer.EXE - file already scanned
[50 loaded modules in total]
--------------------
C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe - file already scanned
[21 loaded modules in total]
--------------------
C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe - file already scanned
[no modules loaded]
--------------------
C:\WINDOWS\system32\ctfmon.exe - file already scanned
[27 loaded modules in total]
--------------------
C:\Programme\acer\eRecovery\Monitor.exe
352256 bytes
Created:  09.01.2010 21:15
Modified: 08.12.2004 17:21
Company:  acer Inc.
[46 loaded modules in total]
--------------------
C:\WINDOWS\system32\wbem\wmiapsrv.exe
126464 bytes
Created:  27.12.2004 12:05
Modified: 14.04.2008 03:23
Company:  Microsoft Corporation
[no modules loaded]
--------------------
C:\Dokumente und Einstellungen\katie\Anwendungsdaten\Simply Super Software\Trojan Remover\etc7.exe
FileSize:          3687344
[This is a Trojan Remover component]
[69 loaded modules in total]
--------------------

************************************************************
14:57:43: Checking HOSTS file
No malicious entries were found in the HOSTS file

************************************************************
14:57:43: Scanning ------ %TEMP% DIRECTORY ------
No files found to scan
************************************************************
14:57:43: Scanning ------ C:\WINDOWS\Temp DIRECTORY ------
C:\WINDOWS\Temp\kls5F86.tmp appears to be in-use/locked
C:\WINDOWS\Temp\kls5F86.tmp - file backed up to C:\WINDOWS\Temp\kls5F86.tmp.vir
C:\WINDOWS\Temp\kls5F86.tmp - file has been neutralised
C:\WINDOWS\Temp\kls5F86.tmp - file renamed to: C:\WINDOWS\Temp\kls5F86.tmp.vir
************************************************************
16:28:55: Scanning ------ ROOT DIRECTORY ------

************************************************************
16:28:56: ------ Scan for other files to remove ------
No malware-related files found to remove

************************************************************
------ INTERNET EXPLORER HOME/START/SEARCH SETTINGS ------
HKLM\Software\Microsoft\Internet Explorer\Main\"Start Page":
hxxp://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
HKLM\Software\Microsoft\Internet Explorer\Main\"Local Page":
%SystemRoot%\system32\blank.htm
HKLM\Software\Microsoft\Internet Explorer\Main\"Search Page":
hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main\"Default_Page_URL":
hxxp://global.acer.com
HKLM\Software\Microsoft\Internet Explorer\Main\"Default_Search_URL":
hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Search\"CustomizeSearch":
hxxp://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
HKLM\Software\Microsoft\Internet Explorer\Search\"SearchAssistant":
hxxp://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
HKCU\Software\Microsoft\Internet Explorer\Main\"Start Page":
hxxp://www.cablesurf.de/welcome.html
HKCU\Software\Microsoft\Internet Explorer\Main\"Local Page":
C:\WINDOWS\system32\blank.htm
HKCU\Software\Microsoft\Internet Explorer\Main\"Search Page":
hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

************************************************************
=== ONE OR MORE FILES WERE RENAMED OR REMOVED ===
Scan completed at: 16:28:57 31 Jan 2012
Total Scan time: 01:32:27
-------------------------------------------------------------------------
Trojan Remover needs to restart the system to complete operations
31.01.2012 16:29:04: restart commenced
************************************************************

und:
Code:

[31.01.2012 14:48:30] Updater Program Update 1.3.7 successfully downloaded and will be installed after a reboot
[31.01.2012 14:48:41] Database file reflist.dta successfully downloaded and installed
[31.01.2012 14:48:41] Database file trj_list.dta successfully downloaded and installed
[31.01.2012 14:48:41] Database file epack.dta successfully downloaded and installed
[31.01.2012 14:48:41] Database file trjlist2.dta successfully downloaded and installed
[31.01.2012 14:48:41] Database file trjlist3.dta successfully downloaded and installed
[31.01.2012 14:48:41] Database file trjlist4.dta successfully downloaded and installed
[31.01.2012 14:48:41] Database file trjlist5.dta successfully downloaded and installed
[31.01.2012 14:48:41] Database file trjlist6.dta successfully downloaded and installed
[31.01.2012 14:48:41] Database file trjlist7.dta successfully downloaded and installed
[31.01.2012 14:48:41] Database file trjlist8.dta successfully downloaded and installed
[31.01.2012 14:48:41] Database file trjlist9.dta successfully downloaded and installed
[31.01.2012 14:48:41] Database file trjlist10.dta successfully downloaded and installed
[31.01.2012 14:48:41] Database file trjlist11.dta successfully downloaded and installed
[31.01.2012 14:48:41] Database file trjlist12.dta successfully downloaded and installed
[31.01.2012 14:48:41] Database file trjlist13.dta successfully downloaded and installed
[31.01.2012 14:48:41] Database file trjlist14.dta successfully downloaded and installed
[31.01.2012 14:48:41] Database file trjlist15.dta successfully downloaded and installed
[31.01.2012 14:48:41] Database file trjlist16.dta successfully downloaded and installed
[31.01.2012 14:48:41] Database file trjlist17.dta successfully downloaded and installed
[31.01.2012 14:48:41] Database file trjlist18.dta successfully downloaded and installed
[31.01.2012 14:48:41] Database file trjlist19.dta successfully downloaded and installed
[31.01.2012 14:48:41] Database file trjlist20.dta successfully downloaded and installed
[31.01.2012 14:48:41] Database file trjlist21.dta successfully downloaded and installed
[31.01.2012 14:48:41] Database file trjlist22.dta successfully downloaded and installed
[31.01.2012 14:48:41] Database file trjlist23.dta successfully downloaded and installed
[31.01.2012 14:48:41] Database file trjlist24.dta successfully downloaded and installed
[31.01.2012 14:48:41] Database file trjlist25.dta successfully downloaded and installed
[31.01.2012 14:48:41] Database file trjlist26.dta successfully downloaded and installed
[31.01.2012 14:48:41] Database file trjlist27.dta successfully downloaded and installed
[31.01.2012 14:48:41] Database file trjlist28.dta successfully downloaded and installed
[31.01.2012 14:48:41] Database file trjlist29.dta successfully downloaded and installed
[31.01.2012 14:48:41] Database file trjlist30.dta successfully downloaded and installed
[31.01.2012 14:48:41] Database file trjlist31.dta successfully downloaded and installed
[31.01.2012 14:48:41] Database file trjlist32.dta successfully downloaded and installed
[31.01.2012 14:48:41] Database file trjlist33.dta successfully downloaded and installed
[31.01.2012 14:48:41] trweb1.tru Update 1.5.0 successfully downloaded and installed
------------------------------------------------------------

[31.01.2012 14:48:05] Manual Update check started
[31.01.2012 14:48:05] Version 1.3.6 Build 1093
[31.01.2012 14:48:05] URL Database version: 1.4.7
[31.01.2012 14:48:06] connecting to Download Server 2
[31.01.2012 14:48:12] Updater 1.3.7 found to download
[31.01.2012 14:48:12] Database update 7835 found to download


cosinus 02.02.2012 11:28

Ist nicht wirklich das was ich mir vorgstellt hab aber egal

Bitte nun routinemäßig einen Vollscan mit malwarebytes machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Außerdem müssen alle Funde entfernt werden.

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!



ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset





Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:

hier steht das Log


Alle Zeitangaben in WEZ +1. Es ist jetzt 17:17 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131