Trojaner-Board - partner37.mydomainadvisor.com

Trojaner-Board (https://www.trojaner-board.de/)

- Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)

- - partner37.mydomainadvisor.com (https://www.trojaner-board.de/124772-partner37-mydomainadvisor-com.html)

Hallo cosinus,

anbei die Logdatei von Combofix. Leider funktionieren die verschiedenen Ordner noch immer nicht...

Combofix Logfile:

Code:

ComboFix 12-10-08.03 - * 10.10.2012   7:36.1.2 - x86

Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.2804.2085 [GMT 2:00]

ausgeführt von:: c:\users\*\Desktop\ComboFix.exe

AV: AntiVir Desktop *Enabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}

SP: AntiVir Desktop *Enabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

 * Neuer Wiederherstellungspunkt wurde erstellt

.

.

((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\users\*\videos\vlc-1.1.11-win32.exe

c:\windows\$NtUninstallKB29222$

c:\windows\$NtUninstallKB29222$\195300660

c:\windows\$NtUninstallKB29222$\3261968459\@

c:\windows\$NtUninstallKB29222$\3261968459\bckfg.tmp

c:\windows\$NtUninstallKB29222$\3261968459\cfg.ini

c:\windows\$NtUninstallKB29222$\3261968459\Desktop.ini

c:\windows\$NtUninstallKB29222$\3261968459\keywords

c:\windows\$NtUninstallKB29222$\3261968459\kwrd.dll

c:\windows\$NtUninstallKB29222$\3261968459\L\xadqgnnk

c:\windows\$NtUninstallKB29222$\3261968459\U\00000001.@

c:\windows\$NtUninstallKB29222$\3261968459\U\00000002.@

c:\windows\$NtUninstallKB29222$\3261968459\U\00000004.@

c:\windows\$NtUninstallKB29222$\3261968459\U\80000000.@

c:\windows\$NtUninstallKB29222$\3261968459\U\80000004.@

c:\windows\$NtUninstallKB29222$\3261968459\U\80000032.@

c:\windows\IsUn0407.exe

c:\windows\system32\URTTemp

c:\windows\system32\URTTemp\regtlib.exe

.

.

(((((((((((((((((((((((   Dateien erstellt von 2012-09-10 bis 2012-10-10  ))))))))))))))))))))))))))))))

.

.

2012-10-10 05:54 . 2012-10-10 05:54        29904        ----a-w-        c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{1D6EBCB9-1679-4DC3-BE57-E3176420E59A}\MpKsl803654d6.sys

2012-10-10 05:50 . 2012-10-10 05:54        --------        d-----w-        c:\users\*\AppData\Local\temp

2012-10-10 05:50 . 2012-10-10 05:50        --------        d-----w-        c:\users\UpdatusUser\AppData\Local\temp

2012-10-10 05:50 . 2012-10-10 05:50        --------        d-----w-        c:\users\Default\AppData\Local\temp

2012-10-10 05:36 . 2012-10-10 05:36        29904        ----a-w-        c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{1D6EBCB9-1679-4DC3-BE57-E3176420E59A}\MpKslf63a307a.sys

2012-10-09 19:30 . 2012-08-30 08:17        6980552        ----a-w-        c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{1D6EBCB9-1679-4DC3-BE57-E3176420E59A}\mpengine.dll

2012-10-08 06:23 . 2012-08-30 08:17        6980552        ----a-w-        c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2012-10-04 08:16 . 2012-10-04 08:16        --------        d-----w-        C:\_OTL

2012-09-28 08:36 . 2012-09-28 08:36        --------        d-----w-        c:\program files\ESET

2012-09-26 06:24 . 2012-08-21 20:12        245760        ----a-w-        c:\windows\system32\OxpsConverter.exe

2012-09-23 05:49 . 2012-08-24 06:43        2382848        ----a-w-        c:\windows\system32\mshtml.tlb

2012-09-23 05:49 . 2012-08-24 07:34        140936        ----a-w-        c:\program files\Internet Explorer\sqmapi.dll

2012-09-23 05:49 . 2012-08-24 06:47        420864        ----a-w-        c:\windows\system32\vbscript.dll

2012-09-23 05:49 . 2012-08-24 06:48        194048        ----a-w-        c:\program files\Internet Explorer\IEShims.dll

2012-09-23 05:49 . 2012-08-24 06:47        142848        ----a-w-        c:\windows\system32\ieUnatt.exe

2012-09-12 07:58 . 2012-02-09 12:17        713784        ------w-        c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C61DB505-D973-4658-8FD1-6923D2EF8934}\gapaengine.dll

2012-09-12 07:51 . 2012-10-03 04:37        --------        d-----w-        c:\program files\Microsoft Security Client

2012-09-12 07:02 . 2012-09-12 07:02        --------        d-----w-        C:\ConvertTemp

2012-09-12 07:00 . 2012-09-12 07:02        --------        d-----w-        C:\Output

2012-09-12 06:59 . 2012-09-12 06:59        --------        d-----w-        c:\program files\Free Htm-Html to Image Jpg-Jpeg Converter

2012-09-12 06:58 . 2012-10-04 08:16        --------        d-----w-        c:\program files\blekkotb_031

2012-09-12 06:58 . 2012-09-12 06:58        --------        d-----w-        c:\users\*\AppData\Local\blekkotb_031

2012-09-12 06:36 . 2012-09-12 06:37        8281168        ----a-w-        c:\programdata\Microsoft\BingBar\BBSvc\7.1.391.0oemBingBarSetup-Partner.EXE

2012-09-12 06:28 . 2012-08-22 17:16        712048        ----a-w-        c:\windows\system32\drivers\ndis.sys

2012-09-12 06:28 . 2012-07-04 19:45        33280        ----a-w-        c:\windows\system32\drivers\RNDISMP.sys

2012-09-12 06:28 . 2012-08-22 17:16        1292144        ----a-w-        c:\windows\system32\drivers\tcpip.sys

2012-09-12 06:28 . 2012-08-22 17:16        240496        ----a-w-        c:\windows\system32\drivers\netio.sys

2012-09-12 06:28 . 2012-08-22 17:16        187760        ----a-w-        c:\windows\system32\drivers\FWPKCLNT.SYS

2012-09-12 06:28 . 2012-08-02 16:57        490496        ----a-w-        c:\windows\system32\d3d10level9.dll

.

.

.

((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-10-09 06:33 . 2012-06-08 10:53        696760        ----a-w-        c:\windows\system32\FlashPlayerApp.exe

2012-10-09 06:33 . 2011-07-04 21:05        73656        ----a-w-        c:\windows\system32\FlashPlayerCPLApp.cpl

2012-09-07 15:04 . 2011-12-08 19:01        22856        ----a-w-        c:\windows\system32\drivers\mbam.sys

2012-08-30 20:03 . 2012-08-30 20:03        193552        ----a-w-        c:\windows\system32\drivers\MpFilter.sys

2012-08-30 20:03 . 2012-03-20 18:44        99272        ----a-w-        c:\windows\system32\drivers\NisDrvWFP.sys

2012-08-10 17:26 . 2012-08-10 17:26        486512        ----a-w-        c:\windows\system32\NBMatS1SDK.dll

2012-08-10 17:26 . 2012-08-10 17:26        29232        ----a-w-        c:\windows\system32\drivers\FPSensor.sys

2012-08-10 17:26 . 2012-08-10 17:26        60976        ----a-w-        c:\windows\system32\drivers\mwlPSDVDisk.sys

2012-08-10 17:26 . 2012-08-10 17:26        18992        ----a-w-        c:\windows\system32\drivers\mwlPSDFilter.sys

2012-08-10 17:26 . 2012-08-10 17:26        16432        ----a-w-        c:\windows\system32\drivers\mwlPSDNserv.sys

2012-07-18 17:47 . 2012-08-18 16:40        2345984        ----a-w-        c:\windows\system32\win32k.sys

.

.

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))

.

.

*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Akamai NetSession Interface"="c:\users\*\AppData\Local\Akamai\netsession_win.exe" [2012-08-10 4440896]

"Window Hide Tool"="c:\program files\Window Hide Tool\Window Hide Tool.exe" [2008-01-18 307200]

"Spotify Web Helper"="c:\*\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2012-08-18 1193176]

"Steam"="c:\program files\Steam\Steam.exe" [2012-08-23 1353080]

"Facebook Update"="c:\users\*\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-09-09 138096]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-04-13 1808784]

"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-04-21 281768]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]

"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-04-10 142680]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-04-10 176472]

"Persistence"="c:\windows\system32\igfxpers.exe" [2011-04-10 175448]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]

"VitaKeyTSR"="c:\program files\EgisTec BioExcess\EgisTSR.exe" [2010-05-28 376176]

"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-09-12 947176]

.

c:\users\*\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Facebook Messenger.lnk - c:\users\*\AppData\Local\Facebook\Messenger\2.1.4651.0\FacebookMessenger.exe [2012-9-25 247728]

OpenOffice.org 3.3.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

VPN Client.lnk - c:\windows\Installer\{1CE60928-8325-49A8-8B06-633E48DD2B67}\Icon3E5562ED7.ico [2011-10-12 6144]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=c:\windows\System32\nvinit.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"aux"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages        REG_MULTI_SZ           kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

.

R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]

R3 androidusb;ADB Interface Driver;c:\windows\system32\Drivers\androidusb.sys [x]

R3 BBUpdate;BBUpdate;c:\program files\Microsoft\BingBar\7.1.391.0\SeaPort.exe [x]

R3 EagleXNt;EagleXNt;c:\windows\system32\drivers\EagleXNt.sys [x]

S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]

S2 ABBYY.Licensing.PDFTransformer.Classic.3.0;ABBYY PDF Transformer 3.0 - Lizenzierungsdienst;c:\program files\ABBYY PDF Transformer 3.0\NetworkLicenseServer.exe [x]

S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x]

S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [x]

S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [x]

S2 BBSvc;BingBar Service;c:\program files\Microsoft\BingBar\7.1.391.0\BBSvc.exe [x]

S2 EgisTec Data Security Service;EgisTec Data Security Service;c:\program files\EgisTec BioExcess\EgisDSService.exe [x]

S2 EgisTec Service;EgisTec Service;c:\program files\EgisTec BioExcess\EgisService.exe [x]

S2 FPSensor;EgisTec-Corp Fingerprint Reader Driver (FPSensor.sys);c:\windows\system32\Drivers\FPSensor.sys [x]

S2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]

S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [x]

S3 ACPIVPC;Lenovo Virtual Power Controller Driver;c:\windows\system32\DRIVERS\AcpiVpc.sys [x]

S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x]

S3 IntcDAud;Intel(R) Display-Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]

S3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\DRIVERS\L1C62x86.sys [x]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]

.

.

--- Andere Dienste/Treiber im Speicher ---

.

*NewlyCreated* - MPKSL803654D6

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

Akamai        REG_MULTI_SZ           Akamai

.

Inhalt des "geplante Tasks" Ordners

.

2012-10-10 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-08 06:33]

.

2012-10-09 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2839828771-2084243830-3291675471-1000Core.job

- c:\users\Vitus Sproten\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-09-09 20:05]

.

2012-10-10 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2839828771-2084243830-3291675471-1000UA.job

- c:\users\Vitus Sproten\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-09-09 20:05]

.

.

------- Zusätzlicher Suchlauf -------

.

uStart Page = hxxp://www.google.de/

uInternet Settings,ProxyOverride = <local>

IE: &Citavi Picker... - file://c:\programdata\Swiss Academic Software\Citavi Picker\Internet Explorer\ShowContextMenu.html

IE: Free YouTube Download - c:\users\*\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm

IE: Free YouTube to MP3 Converter - c:\users\*\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm

IE: Zur Filterliste hinzufügen (WebWasher) - hxxp://-Web.Washer-/ie_add

TCP: DhcpNameServer = 212.87.96.9 217.21.186.202

.

- - - - Entfernte verwaiste Registrierungseinträge - - - -

.

HKCU-Run-RDReminder - (no file)

HKCU-Run-KPeerNexonEU - c:\nexon\NEXON_EU_Downloader\nxEULauncher.exe

HKLM-Run-PDFPrint - c:\program files\PDF24\pdf24.exe

AddRemove-8461-7759-5462-8226 - c:\program files\Vuze\uninstall.exe

AddRemove-Dll-Files.com Fixer_is1 - c:\program files\Dll-Files.com Fixer\unins000.exe

AddRemove-eSpeak_is1 - c:\program files\eSpeak\unins000.exe

AddRemove-FIFA MANAGER 10_is1 - c:\program files\FIFA MANAGER 10\unins000.exe

AddRemove-Fraps - c:\fraps\uninstall.exe

AddRemove-IrfanView - c:\program files\IrfanView\iv_uninstall.exe

AddRemove-NetDevil_LEGO_Universe_is1 - c:\program files\LEGO Software\LEGO Universe\uninstall.exe

AddRemove-SimCity 3000 - c:\windows\IsUn0407.exe

AddRemove-SMS Free Sender_is1 - c:\program files\SMS Free Sender\unins000.exe

AddRemove-Untis 2011 - c:\program files\Untis\2011\uninstall.exe

AddRemove-{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1 - c:\program files\PDF24\unins000.exe

.

.

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Akamai]

"ServiceDll"="c:\program files\common files\akamai/netsession_win_5891ae0.dll"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc]

"ImagePath"="c:\windows\system32\GameMon.des -service"

.

--------------------- Gesperrte Registrierungsschluessel ---------------------

.

[HKEY_USERS\S-1-5-21-2839828771-2084243830-3291675471-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="WindowsLiveMail.Email.1"

.

[HKEY_USERS\S-1-5-21-2839828771-2084243830-3291675471-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="WindowsLiveMail.VCard.1"

.

[HKEY_USERS\S-1-5-21-2839828771-2084243830-3291675471-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC]

@DACL=(02 0000)

.

[HKEY_USERS\S-1-5-21-2839828771-2084243830-3291675471-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\G]

@DACL=(02 0000)

.

[HKEY_USERS\S-1-5-21-2839828771-2084243830-3291675471-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\H]

@DACL=(02 0000)

.

[HKEY_USERS\S-1-5-21-2839828771-2084243830-3291675471-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{04533bf9-c276-11e0-b121-f0def119d7dc}]

@DACL=(02 0000)

.

[HKEY_USERS\S-1-5-21-2839828771-2084243830-3291675471-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{236b843c-bc13-11e0-849c-f0def119d7dc}]

@DACL=(02 0000)

.

[HKEY_USERS\S-1-5-21-2839828771-2084243830-3291675471-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2ceb97ca-b1de-11e0-80ac-f0def119d7dc}]

@DACL=(02 0000)

.

[HKEY_USERS\S-1-5-21-2839828771-2084243830-3291675471-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2ceb97d0-b1de-11e0-80ac-f0def119d7dc}]

@DACL=(02 0000)

.

[HKEY_USERS\S-1-5-21-2839828771-2084243830-3291675471-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2ceb980e-b1de-11e0-80ac-f0def119d7dc}]

@DACL=(02 0000)

.

[HKEY_USERS\S-1-5-21-2839828771-2084243830-3291675471-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{446a82f8-0a1f-11e1-823b-00059a3c7800}]

@DACL=(02 0000)

.

[HKEY_USERS\S-1-5-21-2839828771-2084243830-3291675471-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5e16f381-6468-11e1-a9cc-f0def119d7dc}]

@DACL=(02 0000)

.

[HKEY_USERS\S-1-5-21-2839828771-2084243830-3291675471-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{608834fc-d6f7-11e0-aae9-f0def119d7dc}]

@DACL=(02 0000)

.

[HKEY_USERS\S-1-5-21-2839828771-2084243830-3291675471-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{73de3fb7-27fc-11e1-a742-f0def119d7dc}]

@DACL=(02 0000)

.

[HKEY_USERS\S-1-5-21-2839828771-2084243830-3291675471-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{73de3fbc-27fc-11e1-a742-f0def119d7dc}]

@DACL=(02 0000)

.

[HKEY_USERS\S-1-5-21-2839828771-2084243830-3291675471-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8431e353-a350-11e0-8960-806e6f6e6963}]

@DACL=(02 0000)

.

[HKEY_USERS\S-1-5-21-2839828771-2084243830-3291675471-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8431e354-a350-11e0-8960-806e6f6e6963}]

@DACL=(02 0000)

.

[HKEY_USERS\S-1-5-21-2839828771-2084243830-3291675471-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8431e357-a350-11e0-8960-806e6f6e6963}]

@DACL=(02 0000)

.

[HKEY_USERS\S-1-5-21-2839828771-2084243830-3291675471-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{898d3a34-13af-11e1-9534-f0def119d7dc}]

@DACL=(02 0000)

.

[HKEY_USERS\S-1-5-21-2839828771-2084243830-3291675471-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{92c2ce46-defa-11e0-bce8-f0def119d7dc}]

@DACL=(02 0000)

.

[HKEY_USERS\S-1-5-21-2839828771-2084243830-3291675471-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{aaaf675f-e55b-11e1-9069-f0def119d7dc}]

@DACL=(02 0000)

.

[HKEY_USERS\S-1-5-21-2839828771-2084243830-3291675471-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ae0d9465-15be-11e1-aa69-f0def119d7dc}]

@DACL=(02 0000)

.

[HKEY_USERS\S-1-5-21-2839828771-2084243830-3291675471-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{bffdf649-a3cf-11e0-98bf-f0def119d7dc}]

@DACL=(02 0000)

.

[HKEY_USERS\S-1-5-21-2839828771-2084243830-3291675471-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{bffdf656-a3cf-11e0-98bf-f0def119d7dc}]

@DACL=(02 0000)

.

[HKEY_USERS\S-1-5-21-2839828771-2084243830-3291675471-1000\Software\SecuROM\License information*]

@Allowed: (Read) (RestrictedCode)

"datasecu"=hex:9b,8d,2b,74,2e,cc,cf,97,1e,98,1f,de,67,9b,c4,ad,a5,a7,e6,05,63,

   6b,86,d3,81,d7,e6,b4,4a,09,49,79,18,57,2e,90,2f,39,34,41,ae,10,da,ce,1c,b1,\

"rkeysecu"=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Weitere laufende Prozesse ------------------------

.

c:\windows\system32\nvvsvc.exe

c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

c:\program files\Microsoft Security Client\MsMpEng.exe

c:\windows\system32\WLANExt.exe

c:\windows\system32\conhost.exe

c:\program files\Avira\AntiVir Desktop\avguard.exe

c:\windows\system32\taskhost.exe

c:\program files\Cisco Systems\VPN Client\cvpnd.exe

c:\program files\Avira\AntiVir Desktop\avshadow.exe

c:\windows\system32\conhost.exe

c:\windows\System32\rundll32.exe

c:\windows\system32\conhost.exe

c:\program files\OpenOffice.org 3\program\soffice.exe

c:\program files\OpenOffice.org 3\program\soffice.bin

c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe

c:\program files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe

c:\program files\Common Files\Steam\SteamService.exe

c:\windows\system32\sppsvc.exe

c:\program files\Microsoft Security Client\MpCmdRun.exe

c:\windows\system32\taskhost.exe

.

**************************************************************************

.

Zeit der Fertigstellung: 2012-10-10  08:01:30 - PC wurde neu gestartet

ComboFix-quarantined-files.txt  2012-10-10 06:01

.

Vor Suchlauf: 14 Verzeichnis(se), 336.068.591.616 Bytes frei

Nach Suchlauf: 17 Verzeichnis(se), 335.418.753.024 Bytes frei

.

- - End Of File - - 3F58CBC72DA09FEC73E40576C25B033E

[/CODE]
--- --- ---

Danke im Voraus

Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.

Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM!

Downloade dir bitte

aswMBR.exe und speichere die Datei auf deinem Desktop.

Starte die aswMBR.exe - (aswMBR.exe Anleitung)
Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
Klicke auf Scan.
Warte bitte bis Scan finished successfully im DOS-Fenster steht.
Drücke auf Save Log und speichere diese auf dem Desktop.

Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).

Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes:
Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.

Hier die nächsten logdateien :):

Code:

 aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software

Run date: 2012-10-10 19:46:48

-----------------------------

19:46:48.921    OS Version: Windows 6.1.7601 Service Pack 1

19:46:48.921    Number of processors: 2 586 0x2505

19:46:48.921    ComputerName: *-PC  UserName: *

19:46:51.701    Initialize success

19:53:01.819    AVAST engine defs: 12101000

19:53:29.871    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0

19:53:29.881    Disk 0 Vendor: WDC_WD5000BEVT-24A0RT0 01.01A02 Size: 476940MB BusType: 11

19:53:30.141    Disk 0 MBR read successfully

19:53:30.151    Disk 0 MBR scan

19:53:30.291    Disk 0 Windows 7 default MBR code

19:53:30.311    Disk 0 Partition 1 80 (A) 0C    FAT32 LBA FRDOS4.1    30004 MB offset 63

19:53:30.341    Disk 0 Partition - 00     0F Extended LBA             30004 MB offset 61448625

19:53:30.421    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS       415822 MB offset 122898432

19:53:30.531    Disk 0 Partition 3 00     12  Compaq diag NTFS         1109 MB offset 974501888

19:53:30.721    Disk 0 Partition 4 00     0C    FAT32 LBA IBM  7.1    30004 MB offset 61448688

19:53:30.971    Disk 0 scanning sectors +976773168

19:53:31.891    Disk 0 scanning C:\Windows\system32\drivers

19:55:26.464    Service scanning

19:56:11.881    Service MpKsl803654d6 c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{1D6EBCB9-1679-4DC3-BE57-E3176420E59A}\MpKsl803654d6.sys **LOCKED** 32

19:57:27.290    Modules scanning

19:59:39.662    Disk 0 trace - called modules:

19:59:39.800    ntkrnlpa.exe CLASSPNP.SYS disk.sys ataport.SYS halmacpi.dll PCIIDEX.SYS msahci.sys 

19:59:39.815    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86025030]

19:59:39.825    3 CLASSPNP.SYS[8a80459e] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x85f09030]

19:59:41.965    AVAST engine scan C:\Windows

20:02:23.441    AVAST engine scan C:\Windows\system32

20:20:20.174    AVAST engine scan C:\Windows\system32\drivers

20:26:07.819    AVAST engine scan C:\Users\*

21:54:22.200    AVAST engine scan C:\ProgramData

21:59:20.746    Scan finished successfully

23:05:01.810    Disk 0 MBR has been saved successfully to "C:\Users\*\Desktop\MBR.dat"

23:05:02.020    The log file has been saved successfully to "C:\Users\*\Desktop\aswMBR.txt"

OSAM Logfile:

Code:

Report of OSAM: Autorun Manager v5.0.11926.0

hxxp://www.online-solutions.ru/en/

Saved at 19:44:31 on 10.10.2012
 

OS: Windows 7 Home Premium Edition Service Pack 1 (Build 7601), 32-bit

Default Browser: Opera Software Opera Internet Browser 12.02
 

Scanner Settings

[x] Rootkits detection (hidden registry)

[x] Rootkits detection (hidden files)

[x] Retrieve files information

[x] Check Microsoft signatures
 

Filters

[ ] Trusted entries

[ ] Empty entries

[x] Hidden registry entries (rootkit activity)

[x] Exclusively opened files

[x] Not found files

[x] Files without detailed information

[x] Existing files

[ ] Non-startable services

[ ] Non-startable drivers

[x] Active entries

[x] Disabled entries
 
 

[Common]

-----( %SystemRoot%\Tasks )-----

"FacebookUpdateTaskUserS-1-5-21-2839828771-2084243830-3291675471-1000Core.job" - "Facebook Inc." - C:\Users\*\AppData\Local\Facebook\Update\FacebookUpdate.exe

"FacebookUpdateTaskUserS-1-5-21-2839828771-2084243830-3291675471-1000UA.job" - "Facebook Inc." - C:\Users\*\AppData\Local\Facebook\Update\FacebookUpdate.exe

"Adobe Flash Player Updater.job" - "Adobe Systems Incorporated" - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
 

[Control Panel Objects]

-----( %SystemRoot%\system32 )-----

"DivXControlPanelApplet.cpl" - "DivX, Inc." - C:\Windows\system32\DivXControlPanelApplet.cpl

"FlashPlayerCPLApp.cpl" - "Adobe Systems Incorporated" - C:\Windows\system32\FlashPlayerCPLApp.cpl

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----

"Pando" - "Pando Networks" - C:\Program Files\Pando Networks\Media Booster\PMB.cpl
 

[Drivers]

-----( HKLM\SYSTEM\CurrentControlSet\Services )-----

"avgntflt" (avgntflt) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avgntflt.sys

"avipbb" (avipbb) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avipbb.sys

"catchme" (catchme) - ? - C:\Users\*~1\AppData\Local\Temp\catchme.sys  (File not found)

"Cisco Systems Inc. IPSec Driver" (CVPNDRVA) - "Cisco Systems, Inc." - C:\Windows\system32\Drivers\CVPNDRVA.sys

"EagleXNt" (EagleXNt) - ? - C:\Windows\system32\drivers\EagleXNt.sys  (File not found)

"ffkdrpod" (ffkdrpod) - ? - C:\Users\VITUSS~1\AppData\Local\Temp\ffkdrpod.sys  (Hidden registry entry, rootkit activity | File not found)

"FssFltr" (fssfltr) - "Microsoft Corporation" - C:\Windows\System32\DRIVERS\fssfltr.sys

"MBAMProtector" (MBAMProtector) - "Malwarebytes Corporation" - C:\Windows\system32\drivers\mbam.sys

"mbr" (mbr) - ? - C:\Users\VITUSS~1\AppData\Local\Temp\mbr.sys  (Hidden registry entry, rootkit activity | File not found)

"MpKsl803654d6" (MpKsl803654d6) - "Microsoft Corporation" - c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{1D6EBCB9-1679-4DC3-BE57-E3176420E59A}\MpKsl803654d6.sys

"MpKslf63a307a" (MpKslf63a307a) - "Microsoft Corporation" - c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{1D6EBCB9-1679-4DC3-BE57-E3176420E59A}\MpKslf63a307a.sys

"ssmdrv" (ssmdrv) - "Avira GmbH" - C:\Windows\System32\DRIVERS\ssmdrv.sys
 

[Explorer]

-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----

{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" - ? -   (File not found | COM-object registry key not found)

{F9DB5320-233E-11D1-9F84-707F02C10627} "{F9DB5320-233E-11D1-9F84-707F02C10627}" - ? -   (File not found | COM-object registry key not found)

-----( HKLM\Software\Classes\Protocols\Handler )-----

{828030A1-22C1-4009-854F-8E305202313F} "livecall" - ? -   (File not found | COM-object registry key not found)

{828030A1-22C1-4009-854F-8E305202313F} "msnim" - ? -   (File not found | COM-object registry key not found)

{91774881-D725-4E58-B298-07617B9B86A8} "skype-ie-addon-data" - ? -   (File not found | COM-object registry key not found)

{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "skype4com" - ? -   (File not found | COM-object registry key not found)

{03C514A3-1EFB-4856-9F99-10D7BE1653C0} "wlmailhtml" - ? -   (File not found | COM-object registry key not found)

{E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} "wlpg" - ? -   (File not found | COM-object registry key not found)

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----

{23170F69-40C1-278A-1000-000100020000} "7-Zip Shell Extension" - ? -   (File not found | COM-object registry key not found)

{D8D1CE8C-B1EB-4E95-B63B-1531BA60E992} "DivX Property Handler" - ? -   (File not found | COM-object registry key not found)

{83238FAE-D346-4E12-8734-D42F7554B3E6} "DivX Thumbnail Provider" - ? -   (File not found | COM-object registry key not found)

{09A47860-11B0-4DA5-AFA5-26D86198A780} "EPP" - ? -   (File not found | COM-object registry key not found)

{653DCCC2-13DB-45B2-A389-427885776CFE} "IntelliPoint Activities Control Panel Property Page" - ? -   (File not found | COM-object registry key not found)

{124597D8-850A-41AE-849C-017A4FA99CA2} "IntelliPoint Buttons Control Panel Property Page" - ? -   (File not found | COM-object registry key not found)

{3BEABCC1-BF31-42df-88D9-A2955D6B8528} "IntelliPoint Sensitivity Control Panel Property Page" - ? -   (File not found | COM-object registry key not found)

{1184D0ED-DBCE-4170-8DBB-4D0C3905DA85} "IntelliPoint Touch Control Panel Property Page" - ? -   (File not found | COM-object registry key not found)

{C533AB49-9805-4972-8326-A084696B00F0} "IntelliPoint Touch Mouse Control Panel Property Page" - ? -   (File not found | COM-object registry key not found)

{AF90F543-6A3A-4C1B-8B16-ECEC073E69BE} "IntelliPoint Wheel Control Panel Property Page" - ? -   (File not found | COM-object registry key not found)

{20082881-FC36-4E47-9A7A-644C95FF749F} "IntelliPoint Wireless Control Panel Property Page" - ? -   (File not found | COM-object registry key not found)

{A929C4CE-FD36-4270-B4F5-34ECAC5BD63C} "NvAppShExt extension" - ? -   (File not found | COM-object registry key not found)

{A70C977A-BF00-412C-90B7-034C51DA2439} "NvCpl DesktopContext Class" - ? -   (File not found | COM-object registry key not found)

{3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} "NVIDIA Play On My TV Context Menu Extension" - ? -   (File not found | COM-object registry key not found)

{E97DEC16-A50D-49bb-AE24-CF682282E08D} "OpenGLShExt extension" - ? -   (File not found | COM-object registry key not found)

{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "OpenOffice.org Column Handler" - ? -   (File not found | COM-object registry key not found)

{087B3AE3-E237-4467-B8DB-5A38AB959AC9} "OpenOffice.org Infotip Handler" - ? -   (File not found | COM-object registry key not found)

{AE424E85-F6DF-4910-A6A9-438797986431} "OpenOffice.org Property Handler" - ? -   (File not found | COM-object registry key not found)

{63542C48-9552-494A-84F7-73AA6A7C99C1} "OpenOffice.org Property Sheet Handler" - ? -   (File not found | COM-object registry key not found)

{3B092F0C-7696-40E3-A80F-68D74DA84210} "OpenOffice.org Thumbnail Viewer" - ? -   (File not found | COM-object registry key not found)

{2DC8E5F2-C89C-4730-82C9-19120DEE5B0A} "PDFTransformer3ContextMenu" - ? -   (File not found | COM-object registry key not found)

{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - ? -   (File not found | COM-object registry key not found)

{2BE99FD4-A181-4996-BFA9-58C5FFD11F6C} "Windows Live Photo Gallery Autoplay Drop Target" - ? -   (File not found | COM-object registry key not found)

{00F30F90-3E96-453B-AFCD-D71989ECC2C7} "Windows Live Photo Gallery Autoplay Drop Target Shim" - ? -   (File not found | COM-object registry key not found)

{00F374B7-B390-4884-B372-2FC349F2172B} "Windows Live Photo Gallery Editor Drop Target" - ? -   (File not found | COM-object registry key not found)

{00F3712A-CA79-45B4-9E4D-D7891E7F8B9D} "Windows Live Photo Gallery Editor Drop Target Shim" - ? -   (File not found | COM-object registry key not found)

{00F30F64-AC33-42F5-8FD1-5DC2D3FDE06C} "Windows Live Photo Gallery Viewer Drop Target" - ? -   (File not found | COM-object registry key not found)

{00F346CB-35A4-465B-8B8F-65A29DBAB1F6} "Windows Live Photo Gallery Viewer Drop Target Shim" - ? -   (File not found | COM-object registry key not found)

{B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - "Alexander Roshal" - C:\Program Files\WinRAR\rarext.dll

{0563DB41-F538-4B37-A92D-4659049B7766} "WLMD Message Handler" - ? -   (File not found | COM-object registry key not found)

{00F33137-EE26-412F-8D71-F84E4C2C6625} "{00F33137-EE26-412F-8D71-F84E4C2C6625}" - ? -   (File not found | COM-object registry key not found)

{06A2568A-CED6-4187-BB20-400B8C02BE5A} "{06A2568A-CED6-4187-BB20-400B8C02BE5A}" - ? -   (File not found | COM-object registry key not found)
 

[Internet Explorer]

-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----

ITBar7Height "ITBar7Height" - ? -   (File not found | COM-object registry key not found)

<binary data> "ITBar7Layout" - ? -   (File not found | COM-object registry key not found)

-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----

{8AD9C840-044E-11D1-B3E9-00805F499D93} "{8AD9C840-044E-11D1-B3E9-00805F499D93}" - ? -   (File not found | COM-object registry key not found) / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} "{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}" - ? -   (File not found | COM-object registry key not found) / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} "{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}" - ? -   (File not found | COM-object registry key not found) / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}" - ? -   (File not found | COM-object registry key not found) / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

{E2883E8F-472F-4FB0-9522-AC9BF37916A7} "{E2883E8F-472F-4FB0-9522-AC9BF37916A7}" - ? -   (File not found | COM-object registry key not found) / hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

{E6F480FC-BD44-4CBA-B74A-89AF7842937D} "{E6F480FC-BD44-4CBA-B74A-89AF7842937D}" - ? -   (File not found | COM-object registry key not found) / hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.4.26.0.cab

-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----

{B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} "@C:\Program Files\Windows Live\Companion\companionlang.dll,-600" - ? -   (File not found | COM-object registry key not found)

{5F7B1267-94A9-47F5-98DB-E99415F33AEC} "@C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004" - ? -   (File not found | COM-object registry key not found)

{609D670F-B735-4da7-AC6D-F3BD358E325E} "Citavi Picker" - ? -   (File not found | COM-object registry key not found)

{898EA8C8-E7FF-479B-8935-AEC46303B9E5} "Skype Click to Call" - ? -   (File not found | COM-object registry key not found)

-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )-----

{8dcb7100-df86-4384-8842-8fa844297b3f} "Bing" - ? -   (File not found | COM-object registry key not found)

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----

{18DF081C-E8AD-4283-A596-FA578C2EBDC3} "{18DF081C-E8AD-4283-A596-FA578C2EBDC3}" - ? -   (File not found | COM-object registry key not found)

{326E768D-4182-46FD-9C16-1449A49795F4} "{326E768D-4182-46FD-9C16-1449A49795F4}" - ? -   (File not found | COM-object registry key not found)

{56CBB761-DA41-4E31-B270-B13B4B0A61D0} "{56CBB761-DA41-4E31-B270-B13B4B0A61D0}" - ? -   (File not found | COM-object registry key not found)

{609D670F-B735-4da7-AC6D-F3BD358E325E} "{609D670F-B735-4da7-AC6D-F3BD358E325E}" - ? -   (File not found | COM-object registry key not found)

{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} "{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}" - ? -   (File not found | COM-object registry key not found)

{9030D464-4C02-4ABF-8ECC-5164760863C6} "{9030D464-4C02-4ABF-8ECC-5164760863C6}" - ? -   (File not found | COM-object registry key not found)

{9FDDE16B-836F-4806-AB1F-1455CBEFF289} "{9FDDE16B-836F-4806-AB1F-1455CBEFF289}" - ? -   (File not found | COM-object registry key not found)

{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} "{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}" - ? -   (File not found | COM-object registry key not found)

{d2ce3e00-f94a-4740-988e-03dc2f38c34f} "{d2ce3e00-f94a-4740-988e-03dc2f38c34f}" - ? -   (File not found | COM-object registry key not found)

{DBC80044-A445-435b-BC74-9C25C1C588A9} "{DBC80044-A445-435b-BC74-9C25C1C588A9}" - ? -   (File not found | COM-object registry key not found)
 

[LSA Providers]

-----( HKLM\SYSTEM\CurrentControlSet\Control\Lsa )-----

"Security Packages" - "Microsoft Corp." - C:\Windows\system32\livessp.dll
 

[Logon]

-----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )-----

"desktop.ini" - ? - C:\Users\Vitus Sproten\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini

"Facebook Messenger.lnk" - "Facebook" - C:\Users\Vitus Sproten\AppData\Local\Facebook\Messenger\2.1.4651.0\FacebookMessenger.exe  (Shortcut exists | File exists)

"OpenOffice.org 3.3.lnk" - ? - C:\Program Files\OpenOffice.org 3\program\quickstart.exe  (Shortcut exists | File found, but it contains no detailed information | File exists)

-----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )-----

"desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini

"VPN Client.lnk" - "Cisco Systems, Inc." - C:\Program Files\Cisco Systems\VPN Client\vpngui.exe  (Shortcut exists | File exists)

-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----

"Akamai NetSession Interface" - "Akamai Technologies, Inc." - "C:\Users\Vitus Sproten\AppData\Local\Akamai\netsession_win.exe"

"Facebook Update" - "Facebook Inc." - "C:\Users\Vitus Sproten\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver

"Spotify Web Helper" - ? - "C:\Users\Vitus Sproten\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"  (File found, but it contains no detailed information)

"Steam" - "Valve Corporation" - "C:\Program Files\Steam\Steam.exe" -silent

"Window Hide Tool" - "FOMINE SOFTWARE" - C:\Program Files\Window Hide Tool\Window Hide Tool.exe

-----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )-----

"StartupPrograms" - ? - rdpclip  (File not found)

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----

"Adobe ARM" - "Adobe Systems Incorporated" - "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

"avgnt" - "Avira GmbH" - "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min

"DivXUpdate" - ? - "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW

"IntelliPoint" - "Microsoft Corporation" - "c:\Program Files\Microsoft IntelliPoint\ipoint.exe"

"MSC" - "Microsoft Corporation" - "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey

"SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

"VitaKeyTSR" - "Egis Technology Inc. " - "C:\Program Files\EgisTec BioExcess\EgisTSR.exe"
 

[Print Monitors]

-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----

"Nitro PDF Port Monitor" - "Nitro PDF Software" - C:\Windows\system32\nitrolocalmon2.dll

"PDF-XChange4-ABBYY" - "Tracker Software Products Ltd." - C:\Windows\system32\pxc40pma.dll
 

[Services]

-----( HKLM\SYSTEM\CurrentControlSet\Services )-----

"@c:\Program Files\Microsoft Security Client\MpAsDesc.dll,-243" (NisSrv) - "Microsoft Corporation" - c:\Program Files\Microsoft Security Client\NisSrv.exe

"ABBYY PDF Transformer 3.0 - Lizenzierungsdienst" (ABBYY.Licensing.PDFTransformer.Classic.3.0) - "ABBYY" - C:\Program Files\ABBYY PDF Transformer 3.0\NetworkLicenseServer.exe

"Adobe Acrobat Update Service" (AdobeARMservice) - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe

"Adobe Flash Player Update Service" (AdobeFlashPlayerUpdateSvc) - "Adobe Systems Incorporated" - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

"Akamai NetSession Interface" (Akamai) - "Akamai Technologies, Inc." - c:\program files\common files\akamai\netsession_win_5891ae0.dll

"Avira AntiVir Guard" (AntiVirService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\avguard.exe

"Avira AntiVir Planer" (AntiVirSchedulerService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\sched.exe

"BBUpdate" (BBUpdate) - "Microsoft Corporation." - C:\Program Files\Microsoft\BingBar\7.1.391.0\SeaPort.exe

"BingBar Service" (BBSvc) - "Microsoft Corporation." - C:\Program Files\Microsoft\BingBar\7.1.391.0\BBSvc.exe

"Cisco Systems, Inc. VPN Service" (CVPND) - "Cisco Systems, Inc." - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe

"EgisTec Data Security Service" (EgisTec Data Security Service) - "Egis Technology Inc. " - C:\Program Files\EgisTec BioExcess\EgisDSService.exe

"EgisTec Service" (EgisTec Service) - "Egis Technology Inc. " - C:\Program Files\EgisTec BioExcess\EgisService.exe

"MBAMScheduler" (MBAMScheduler) - "Malwarebytes Corporation" - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe

"MBAMService" (MBAMService) - "Malwarebytes Corporation" - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

"Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

"Microsoft Antimalware Service" (MsMpSvc) - "Microsoft Corporation" - c:\Program Files\Microsoft Security Client\MsMpEng.exe

"nProtect GameGuard Service" (npggsvc) - "INCA Internet Co., Ltd." - C:\Windows\system32\GameMon.des

"NVIDIA Display Driver Service" (nvsvc) - "NVIDIA Corporation" - C:\Windows\system32\nvvsvc.exe

"NVIDIA Stereoscopic 3D Driver Service" (Stereo Service) - "NVIDIA Corporation" - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

"NVIDIA Update Service Daemon" (nvUpdatusService) - "NVIDIA Corporation" - C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe

"Steam Client Service" (Steam Client Service) - "Valve Corporation" - C:\Program Files\Common Files\Steam\SteamService.exe

"Windows Live Family Safety Service" (fsssvc) - "Microsoft Corporation" - C:\Program Files\Windows Live\Family Safety\fsssvc.exe

"Windows Live ID Sign-in Assistant" (wlidsvc) - "Microsoft Corp." - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
 

[Winsock Providers]

-----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )-----

"WindowsLive Local NSP" - "Microsoft Corp." - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL

"WindowsLive NSP" - "Microsoft Corp." - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL
 

===[ Logfile end ]=========================================[ Logfile end ]===

--- --- ---

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru [/code]

Soll ich die Logfiledatei von gmer im nächsten Post im Anhang hochladen? Die Datei scheint zu groß für das Forum zu sein...

ja dann bitte packen und anhängen

So,

hier ist das Ding :)

Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SASW und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!

Schon fast am Ende :S? Dafür liegt aber noch einiges im Argen bei meinem PC ;(.
Also Malwarebytes konnte ich nicht mehr öffnen, auch eine neuinstallation/neuer Download des Programms hat nichts gebracht. Immer wieder kam diese Fehlermeldung: Run-time error '419': Permission to use object denied.

Dann hab ich schonmal vorerst einen Scan mit SUPERAntiSpyware durchgeführt. Hier die Logdatei:

Code:

 SUPERAntiSpyware Scan Log

hxxp://www.superantispyware.com
 

Generated 10/12/2012 at 11:29 AM
 

Application Version : 5.6.1010
 

Core Rules Database Version : 9391

Trace Rules Database Version: 7203
 

Scan type       : Complete Scan

Total Scan Time : 01:08:46
 

Operating System Information

Windows 7 Home Premium 32-bit, Service Pack 1 (Build 6.01.7601)

UAC On - Limited User
 

Memory items scanned      : 807

Memory threats detected   : 0

Registry items scanned    : 39527

Registry threats detected : 0

File items scanned        : 36443

File threats detected     : 65
 

Adware.Tracking Cookie

        C:\Users\*\AppData\Roaming\Microsoft\Windows\Cookies\*@ad.yieldmanager[2].txt [ /ad.yieldmanager ]

        C:\Users\*\AppData\Roaming\Microsoft\Windows\Cookies\*@adx.chip[2].txt [ /adx.chip ]

        C:\Users\*\AppData\Roaming\Microsoft\Windows\Cookies\*@apmebf[1].txt [ /apmebf ]

        C:\Users\*\AppData\Roaming\Microsoft\Windows\Cookies\*@atdmt[1].txt [ /atdmt ]

        C:\Users\*\AppData\Roaming\Microsoft\Windows\Cookies\*@atdmt[3].txt [ /atdmt ]

        C:\Users\*\AppData\Roaming\Microsoft\Windows\Cookies\*@content.yieldmanager[2].txt [ /content.yieldmanager ]

        C:\Users\*\AppData\Roaming\Microsoft\Windows\Cookies\*@content.yieldmanager[3].txt [ /content.yieldmanager ]

        C:\Users\*\AppData\Roaming\Microsoft\Windows\Cookies\*@content.yieldmanager[5].txt [ /content.yieldmanager ]

        C:\Users\*\AppData\Roaming\Microsoft\Windows\Cookies\*@doubleclick[1].txt [ /doubleclick ]

        C:\Users\*\AppData\Roaming\Microsoft\Windows\Cookies\*@doubleclick[2].txt [ /doubleclick ]

        C:\Users\*\AppData\Roaming\Microsoft\Windows\Cookies\*@mediaplex[2].txt [ /mediaplex ]

        C:\Users\*\AppData\Roaming\Microsoft\Windows\Cookies\*@smartadserver[2].txt [ /smartadserver ]

        C:\Users\*\AppData\Roaming\Microsoft\Windows\Cookies\W8WPX606.txt [ /mediaplex.com ]

        C:\Users\*\AppData\Roaming\Microsoft\Windows\Cookies\ZTXIGYED.txt [ /ads.ad4game.com ]

        C:\Users\*\AppData\Roaming\Microsoft\Windows\Cookies\K2KZTQ9U.txt [ /microsoftwllivemkt.112.2o7.net ]

        C:\Users\*\AppData\Roaming\Microsoft\Windows\Cookies\9019O8M1.txt [ /c.atdmt.com ]

        C:\Users\*\AppData\Roaming\Microsoft\Windows\Cookies\RPSLGDBR.txt [ /atdmt.com ]

        C:\Users\*\AppData\Roaming\Microsoft\Windows\Cookies\BTPRBY17.txt [ /zanox.com ]

        C:\Users\*\AppData\Roaming\Microsoft\Windows\Cookies\G3UNFBPN.txt [ /doubleclick.net ]

        C:\Users\*\AppData\Roaming\Microsoft\Windows\Cookies\6LIDKS5R.txt [ /bs.serving-sys.com ]

        C:\Users\*\AppData\Roaming\Microsoft\Windows\Cookies\QTS2SBIM.txt [ /fastclick.net ]

        C:\Users\*\AppData\Roaming\Microsoft\Windows\Cookies\VM82JA3N.txt [ /adx.kat.ph ]

        C:\Users\*\AppData\Roaming\Microsoft\Windows\Cookies\WWS3PE6J.txt [ /apmebf.com ]

        C:\Users\*\AppData\Roaming\Microsoft\Windows\Cookies\Q70BRYV4.txt [ /ad.zanox.com ]

        C:\Users\*\AppData\Roaming\Microsoft\Windows\Cookies\K0MI00GD.txt [ /ad.yieldmanager.com ]

        C:\Users\*\AppData\Roaming\Microsoft\Windows\Cookies\1XT9EG36.txt [ /adfarm1.adition.com ]

        C:\Users\*\AppData\Roaming\Microsoft\Windows\Cookies\DSWOXEL9.txt [ /serving-sys.com ]

        C:\USERS\*\AppData\Roaming\Microsoft\Windows\Cookies\D7CZCXMA.txt [ Cookie:*@clkads.com/adServe/banners ]

        C:\USERS\*\AppData\Roaming\Microsoft\Windows\Cookies\2UZT11YA.txt [ Cookie:*@clkads.com/adServe ]

        C:\USERS\*\AppData\Roaming\Microsoft\Windows\Cookies\Low\*@mediaplex[2].txt [ Cookie:*@mediaplex.com/ ]

        C:\USERS\*\AppData\Roaming\Microsoft\Windows\Cookies\Low\MFHXBFV0.txt [ Cookie:*@tracking.quisma.com/ ]

        C:\USERS\*\AppData\Roaming\Microsoft\Windows\Cookies\Low\2MV0SILX.txt [ Cookie:*@tracking.mlsat02.de/tmobile/ ]

        C:\USERS\*\AppData\Roaming\Microsoft\Windows\Cookies\Low\*@ad1.adfarm1.adition[1].txt [ Cookie:*@ad1.adfarm1.adition.com/ ]

        C:\USERS\*\AppData\Roaming\Microsoft\Windows\Cookies\Low\MQ08DCUL.txt [ Cookie:*@smartadserver.com/ ]

        C:\USERS\*\AppData\Roaming\Microsoft\Windows\Cookies\Low\4DQEK72M.txt [ Cookie:*@atdmt.com/ ]

        C:\USERS\*\AppData\Roaming\Microsoft\Windows\Cookies\Low\*@www.mediabiz[1].txt [ Cookie:*@www.mediabiz.de/ ]

        C:\USERS\*\AppData\Roaming\Microsoft\Windows\Cookies\Low\*@revsci[1].txt [ Cookie:*@revsci.net/ ]

        C:\USERS\*\AppData\Roaming\Microsoft\Windows\Cookies\Low\ZYU1Q79U.txt [ Cookie:*@zanox.com/ ]

        C:\USERS\*\AppData\Roaming\Microsoft\Windows\Cookies\Low\A6L6EI3E.txt [ Cookie:*@doubleclick.net/ ]

        C:\USERS\*\AppData\Roaming\Microsoft\Windows\Cookies\Low\P8U551TI.txt [ Cookie:*@ad4.adfarm1.adition.com/ ]

        C:\USERS\*\AppData\Roaming\Microsoft\Windows\Cookies\Low\T02HI171.txt [ Cookie:*@ad2.adfarm1.adition.com/ ]

        C:\USERS\*\AppData\Roaming\Microsoft\Windows\Cookies\Low\*@fastclick[1].txt [ Cookie:*@fastclick.net/ ]

        C:\USERS\*\AppData\Roaming\Microsoft\Windows\Cookies\Low\*@apmebf[2].txt [ Cookie:*@apmebf.com/ ]

        C:\USERS\*\AppData\Roaming\Microsoft\Windows\Cookies\Low\9VFXD0VV.txt [ Cookie:*@googleads.g.doubleclick.net/ ]

        C:\USERS\*\AppData\Roaming\Microsoft\Windows\Cookies\Low\2UXFEK1P.txt [ Cookie:*@adfarm1.adition.com/ ]

        C:\USERS\*\AppData\Roaming\Microsoft\Windows\Cookies\Low\ZGWGZ1CN.txt [ Cookie:*@serving-sys.com/ ]

        C:\USERS\*\AppData\Roaming\Microsoft\Windows\Cookies\Low\UF1K8L88.txt [ Cookie:*@adtech.de/ ]

        C:\USERS\*\AppData\Roaming\Microsoft\Windows\Cookies\Low\*@content.yieldmanager[1].txt [ Cookie:*@content.yieldmanager.com/ ]

        C:\USERS\*\AppData\Roaming\Microsoft\Windows\Cookies\Low\*@mediabiz[1].txt [ Cookie:*@mediabiz.de/ ]

        C:\USERS\*\Cookies\W8WPX606.txt [ Cookie:*@mediaplex.com/ ]

        C:\USERS\*\Cookies\D7CZCXMA.txt [ Cookie:*@clkads.com/adServe/banners ]

        C:\USERS\*\Cookies\RPSLGDBR.txt [ Cookie:*@atdmt.com/ ]

        C:\USERS\*\Cookies\BTPRBY17.txt [ Cookie:*@zanox.com/ ]

        C:\USERS\*\Cookies\2UZT11YA.txt [ Cookie:*@clkads.com/adServe ]

        C:\USERS\*\Cookies\G3UNFBPN.txt [ Cookie:*@doubleclick.net/ ]

        C:\USERS\*\Cookies\QTS2SBIM.txt [ Cookie:*@fastclick.net/ ]

        C:\USERS\*\Cookies\VM82JA3N.txt [ Cookie:*@adx.kat.ph/ ]

        C:\USERS\*\Cookies\WWS3PE6J.txt [ Cookie:*@apmebf.com/ ]

        C:\USERS\*\Cookies\1XT9EG36.txt [ Cookie:*@adfarm1.adition.com/ ]

        C:\USERS\*\Cookies\DSWOXEL9.txt [ Cookie:*@serving-sys.com/ ]

        eas.apm.emediate.eu [ C:\USERS\*\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\YCFSSCG5 ]

        C:\USERS\*\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\*@ADS.INTERGI[1].TXT [ /ADS.INTERGI ]

        objects.tremormedia.com [ C:\_OTL\MOVEDFILES\10042012_101604\C_WINDOWS\$NTUNINSTALLKB29222$\SYSTEMPROFILE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\258GGNS3 ]
 

Trojan.Agent/Gen-Multi

        C:\WINDOWS\SYSTEM32\COOLXPLABEL.OCX

        C:\WINDOWS\SYSTEM32\COOLXPCHECK.OCX

Erstell dir bitte mal testweise ein neues Benutzerkonto mit Adminrechten in Windows über die Systemsteuerung. Log dich aus und mit dem neuen Benutzer ein - startet Malwarebytes dort?

Wie kann ich ein Benutzerkonto erstellen wenn ich keinen Windosordner oder ähnliches öffnen kann? Sorry wenn's ne dämliche Frage ist... aber normalerweise geht das doch über die Systemsteuerung?

Du sollst doch nicht den Windows-Ordner öffnen, sondern die Systemsteuerung oder kommst du da auch nicht rein

Nee da komm ich auch nicht rein :(

Und du kannst das ganze auch nicht mehr im abgesicherten Modus machen?

so hallo cosinus,

ich schreib jetzt von meinem Handy aus, da men Laptop ziemlich im arsch ist. wenn ich versuche das ding zu starten bekomme ich nur einen schwarzen bildschirm. wenn ich das stromkabel rausziehe, dann stürzt er ab und ich bekomme beim neustart den abgesicherten modus vorgeschlagen. jetzt hab ich den abgesicherten modus vor mir, kann aber noch immer nichts von windows öffnen. keine systemsteuerung, keine ordner, kein WMP, auch nicht den ordner zum datenträger. internet hab ich jetzt im abgesicherten modus auch nicht mehr. hast du noch irgendeine Idee?

achja und hast du ne Idee wie ich mal ein paar daten retten könnte? wie gesagt wenn ich ne festplatte anschließen würde, könnte ich deren ordner nicht öffnen. echt grad am verzweifeln...

Zum Thema Datensicherung von infizierten Systemen oder solchen mit defekter Windows-Installation; mach das über ne Live-CD wie Knoppix, Ubuntu (zweiter Link in meiner Signatur) oder über PartedMagic. Grund: Bei einem Live-System sind keine Schädlinge des infizierten Windows-Systems aktiv, damit ist dann auch eine negative Beeinflussung des Backups durch Schädlinge ausgeschlossen.

Du brauchst natürlich auch ein Sicherungsmedium, am besten dürfte eine externe Platte sein. Sofern du nicht allzuviel sichern musst, kann auch ein USB-Stick ausreichen.

Hier eine kurze Anleitung zu PartedMagic, funktioniert prinzipell so aber fast genauso mit allen anderen Live-Systemen auch.

1. Lade Dir das ISO-Image von PartedMagic herunter, müssten ca. 180 MB sein
2. Brenn es per Imagebrennfunktion auf CD, geht zB mit ImgBurn unter Windows
3. Boote von der gebrannten CD, im Bootmenü von Option 1 starten und warten bis der Linux-Desktop oben ist

http://partedmagic.com/lib/exe/fetch...ia=desktop.png

4. Du müsstest ein Symbol "Mount Devices" finden, das doppelklicken
5. Mounte die Partitionen wo Windows installiert ist, meistens isses /dev/sda1 und natürlich noch etwaige andere Partitionen, wo noch Daten liegen und die gesichert werden müssen - natürlich auch die der externen Platte (du bekommmst nur Lese- und Schreibzugriffe auf die Dateisysteme, wenn diese gemountet sind)
6. Kopiere die Daten der internen Platte auf die externe Platte - kopiere nur persönliche Dateien, Musik, Videos, etc. auf die Backupplatte, KEINE ausführbaren Dateien wie Programme/Spiele/Setups!!
7. Wenn fertig, starte den Rechner neu, schalte die ext. Platte ab und boote von der Windows-DVD zur Neuinstallation (Anleitung beachten)