Trojaner-Board - Bekomme Meldung "Troj/JSRedir-HZ" und "MW:JS:JJ677"

Trojaner-Board (https://www.trojaner-board.de/)

- Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)

- - Bekomme Meldung "Troj/JSRedir-HZ" und "MW:JS:JJ677" (https://www.trojaner-board.de/125185-bekomme-meldung-troj-jsredir-hz-mw-js-jj677.html)

Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix

Lade dir ComboFix hier herunter auf deinen Desktop.

Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.

Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.

Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.

Wichtiger Hinweis:

Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:

Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.

startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.

Code:

ComboFix 12-10-04.02 - Stefan 07.10.2012  23:02:26.1.2 - x86

ausgeführt von:: c:\users\Stefan\Desktop\ComboFix.exe

.

.

((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

C:\install.exe

c:\program files\ExcellentAdDisplay

c:\program files\ExcellentAdDisplay\uninstall.exe

c:\program files\Windows Live\Messenger\msacm32.dll

c:\users\Stefan\AppData\Roaming\AcroIEHelpe.txt

c:\users\Stefan\AppData\Roaming\srvblck2.tmp

c:\users\Stefan\Favorites\mxfilerelatedcache.mxc2

c:\windows\IsUn0407.exe

c:\windows\system32\URTTemp

c:\windows\system32\URTTemp\regtlib.exe

.

c:\windows\system32\comres.dll . . . ist infiziert!!

.

Infizierte Kopie von c:\windows\system32\comres.dll wurde gefunden und desinfiziert 

Kopie von - c:\windows\winsxs\x86_microsoft-windows-com-complus.res_31bf3856ad364e35_6.0.6001.18000_none_2cb0dad7e631d923\comres.dll wurde wiederhergestellt 

.

.

(((((((((((((((((((((((   Dateien erstellt von 2012-09-08 bis 2012-10-08  ))))))))))))))))))))))))))))))

.

.

2012-10-07 21:12 . 2012-10-08 05:11        --------        d-----w-        c:\users\Stefan\AppData\Local\temp

2012-10-07 21:12 . 2012-10-07 21:12        --------        d-----w-        c:\users\Mika\AppData\Local\temp

2012-10-07 21:12 . 2012-10-07 21:12        --------        d-----w-        c:\users\Marek\AppData\Local\temp

2012-10-07 21:12 . 2012-10-07 21:12        --------        d-----w-        c:\users\Default\AppData\Local\temp

2012-10-07 21:12 . 2012-10-07 21:12        --------        d-----w-        c:\users\Alexandra\AppData\Local\temp

2012-10-07 21:11 . 2008-01-19 05:48        1291264        ----a-w-        c:\windows\system32\comres.dll

2012-10-07 20:11 . 2012-10-07 20:11        --------        d-----w-        C:\_OTL

2012-10-05 18:19 . 2012-10-05 18:19        --------        d-----w-        c:\program files\ESET

2012-09-10 17:49 . 2012-09-10 17:49        477168        ----a-w-        c:\windows\system32\npdeployJava1.dll

2012-09-10 17:49 . 2012-09-10 17:49        --------        d-----w-        c:\program files\Java

.

.

.

((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-09-10 17:49 . 2010-09-29 17:02        473072        ----a-w-        c:\windows\system32\deployJava1.dll

2012-09-07 15:04 . 2011-01-17 18:44        22856        ----a-w-        c:\windows\system32\drivers\mbam.sys

2012-09-03 17:32 . 2012-03-31 15:40        696520        ----a-w-        c:\windows\system32\FlashPlayerApp.exe

2012-09-03 17:32 . 2011-05-19 05:54        73416        ----a-w-        c:\windows\system32\FlashPlayerCPLApp.cpl

2012-08-30 21:08 . 2012-08-30 21:08        6656        ----a-r-        c:\users\Stefan\AppData\Roaming\Microsoft\Installer\{9DBDBDAB-E729-451E-A7A7-858607C08E98}\zacman.exe

.

.

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))

.

.

*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2010-10-06 23:36        94208        ----a-w-        c:\users\Stefan\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2010-10-06 23:36        94208        ----a-w-        c:\users\Stefan\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2010-10-06 23:36        94208        ----a-w-        c:\users\Stefan\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]

"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-09-26 4780928]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RtHDVCpl"="RtHDVCpl.exe" [2007-11-14 4706304]

"toolbar_eula_launcher"="c:\program files\GoogleEULA\EULALauncher.exe" [2007-02-09 16896]

"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 648072]

"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-12-14 86016]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-12-14 8530464]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-12-14 81920]

"EaseUs Watch"="c:\program files\EASEUS\Todo Backup 2.0\bin\EuWatch.exe" [2011-01-22 69000]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]

"NBAgent"="c:\program files\Nero\Nero BackItUp & Burn\Nero BackItUp\NBAgent.exe" [2010-04-30 1086760]

"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]

"LWS"="c:\program files\Logitech\LWS\Webcam Software\LWS.exe" [2011-11-11 205336]

"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-08-08 348664]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

.

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

2011-05-04 17:54        551296        ----a-w-        c:\program files\SUPERAntiSpyware\SASWINLO.DLL

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"mixer1"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]

@=""

.

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Server4PC.lnk]

path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Server4PC.lnk

backup=c:\windows\pss\Server4PC.lnk.CommonStartup

backupExtension=.CommonStartup

.

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]

path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\WinZip Quick Pick.lnk

backup=c:\windows\pss\WinZip Quick Pick.lnk.CommonStartup

backupExtension=.CommonStartup

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]

2007-12-03 13:21        2213160        ----a-w-        c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

2007-03-01 13:57        153136        ----a-w-        c:\program files\Common Files\Nero\Lib\NeroCheck.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrayServer]

2006-10-04 15:41        86016        ----a-w-        c:\magix\Video_deluxe_2007_PLUS\Trayserver.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]

2008-01-19 07:38        1008184        ----a-w-        c:\program files\Windows Defender\MSASCui.exe

.

R3 3xHybrid;Philips SAA713x PCI Card;c:\windows\system32\DRIVERS\3xHybrid.sys [x]

R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]

S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [x]

S2 AAV UpdateService;AAV UpdateService;c:\program files\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe [x]

S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x]

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

WindowsMobile        REG_MULTI_SZ           wcescomm rapimgr

LocalServiceRestricted        REG_MULTI_SZ           WcesComm RapiMgr

bthsvcs        REG_MULTI_SZ           BthServ

LocalServiceAndNoImpersonation        REG_MULTI_SZ           FontCache

.

Inhalt des "geplante Tasks" Ordners

.

2012-10-08 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-31 17:32]

.

2012-10-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-15 16:57]

.

2012-10-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-15 16:57]

.

.

------- Zusätzlicher Suchlauf -------

.

uStart Page = hxxp://www.google.de/

mSearch Bar = hxxp://www.google.com/ie

IE: Add to Evernote 4.0 - c:\program files\Evernote\Evernote\EvernoteIE.dll/204

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: Free YouTube Download - c:\users\Stefan\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm

IE: Free YouTube to MP3 Converter - c:\users\Stefan\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm

IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html

IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000

IE: {{0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-25/4

TCP: DhcpNameServer = 192.168.178.1

DPF: {34DC6011-88B5-4EA9-BA7A-DC7B4F4437FE} - hxxp://photoservice.fujicolor.eu/ips-opdata/objects/jordan.cab

DPF: {6678BE91-1E04-4A4A-9C32-63145EA79C2A} - hxxp://fifa-online.easports.com/fo3-theme/addons/EAFO3AXLauncher.cab

.

- - - - Entfernte verwaiste Registrierungseinträge - - - -

.

HKLM-Run-IMBooster - c:\program files\Iminent\IMBooster\imbooster.exe

AddRemove-Worms2 - c:\windows\IsUn0407.exe

AddRemove-UnityWebPlayer - c:\users\Stefan\AppData\Local\Unity\WebPlayer\Uninstall.exe

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net

Rootkit scan 2012-10-08 07:10

Windows 6.0.6002 Service Pack 2 NTFS

.

Scanne versteckte Prozesse... 

.

Scanne versteckte Autostarteinträge... 

.

Scanne versteckte Dateien... 

.

Scan erfolgreich abgeschlossen

versteckte Dateien: 0

.

**************************************************************************

.

--------------------- Gesperrte Registrierungsschluessel ---------------------

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

--------------------- Durch laufende Prozesse gestartete DLLs ---------------------

.

- - - - - - - > 'Explorer.exe'(1524)

c:\users\Stefan\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

------------------------ Weitere laufende Prozesse ------------------------

.

c:\program files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe

c:\program files\Avira\AntiVir Desktop\sched.exe

c:\program files\Avira\AntiVir Desktop\avguard.exe

c:\program files\EASEUS\Todo Backup 2.0\bin\Agent.exe

c:\program files\Motorola\MotoHelper\MotoHelperService.exe

c:\program files\Nero\Nero8\Nero BackItUp\NBService.exe

c:\windows\system32\PnkBstrA.exe

c:\program files\CyberLink\Shared Files\RichVideo.exe

c:\progra~1\COMMON~1\X10\Common\x10nets.exe

c:\windows\system32\WUDFHost.exe

c:\program files\Avira\AntiVir Desktop\avshadow.exe

c:\program files\Motorola\MotoHelper\MotoHelperAgent.exe

c:\windows\system32\wbem\unsecapp.exe

c:\program files\Windows Media Player\wmpnscfg.exe

c:\program files\Windows Media Player\wmpnetwk.exe

.

**************************************************************************

.

Zeit der Fertigstellung: 2012-10-08  07:15:47 - PC wurde neu gestartet

ComboFix-quarantined-files.txt  2012-10-08 05:15

.

Vor Suchlauf: 16 Verzeichnis(se), 120.038.522.880 Bytes frei

Nach Suchlauf: 21 Verzeichnis(se), 126.102.495.232 Bytes frei

.

- - End Of File - - AE193780CBFBCE4E1A38995DC0C99E97

Combofix - Scripten

1. Starte das Notepad (Start / Ausführen / notepad[Enter])

2. Jetzt füge mit copy/paste den ganzen Inhalt der untenstehenden Codebox in das Notepad Fenster ein.

Code:

Dirlook::

c:\users\Stefan\AppData\Roaming\Microsoft\Installer\{9DBDBDAB-E729-451E-A7A7-858607C08E98}
 

Filelook::

c:\users\Stefan\AppData\Roaming\Microsoft\Installer\{9DBDBDAB-E729-451E-A7A7-858607C08E98}\zacman.exe

3. Speichere im Notepad als CFScript.txt auf dem Desktop.

4. Deaktivere den Guard Deines Antivirenprogramms und eine eventuell vorhandene Software Firewall.
(Auch Guards von Ad-, Spyware Programmen und den Tea Timer (wenn vorhanden) !)

5. Dann ziehe die CFScript.txt auf die cofi.exe, so wie es im unteren Bild zu sehen ist. Damit wird Combofix neu gestartet.

http://users.pandora.be/bluepatchy/m...s/CFScript.gif

6. Nach dem Neustart (es wird gefragt ob Du neustarten willst), poste bitte die folgenden Log Dateien:
Combofix.txt

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

Hallo!

Nach dem Start erhalte ich folgende Meldung, dann bricht das Programm ab.

Zitat:

CFSript Namensfehler

Hast Du versucht, CFScript auszuführen?

Der Name, CFSript scheint nicht korrekt buchstabiert zu sein.

Zitat:

Der Name, CFSript scheint nicht korrekt buchstabiert zu sein.

Es heißt CFScript.txt und nicht CFSript :pfeiff:

Kein Problem, das tut meiner begeisterung über diesen Service hier keinen Abbruch!

Die Datei heißt log.txt, aber ich denke, die ist gemeint...

Code:

ComboFix 12-10-09.01 - Stefan 09.10.2012  19:20:36.1.2 - x86

ausgeführt von:: c:\users\Stefan\Desktop\ComboFix.exe

Benutzte Befehlsschalter :: c:\users\Stefan\Desktop\CFScript.txt

.

.

(((((((((((((((((((((((   Dateien erstellt von 2012-09-09 bis 2012-10-09  ))))))))))))))))))))))))))))))

.

.

2012-10-09 17:31 . 2012-10-09 17:31        --------        d-----w-        c:\users\Stefan\AppData\Local\temp

2012-10-09 17:31 . 2012-10-09 17:31        --------        d-----w-        c:\users\Mika\AppData\Local\temp

2012-10-09 17:31 . 2012-10-09 17:31        --------        d-----w-        c:\users\Marek\AppData\Local\temp

2012-10-09 17:31 . 2012-10-09 17:31        --------        d-----w-        c:\users\Default\AppData\Local\temp

2012-10-09 17:31 . 2012-10-09 17:31        --------        d-----w-        c:\users\Alexandra\AppData\Local\temp

2012-10-07 21:11 . 2008-01-19 05:48        1291264        ----a-w-        c:\windows\system32\comres.dll

2012-10-07 20:11 . 2012-10-07 20:11        --------        d-----w-        C:\_OTL

2012-10-05 18:19 . 2012-10-05 18:19        --------        d-----w-        c:\program files\ESET

2012-09-10 17:49 . 2012-09-10 17:49        477168        ----a-w-        c:\windows\system32\npdeployJava1.dll

2012-09-10 17:49 . 2012-09-10 17:49        --------        d-----w-        c:\program files\Java

.

.

.

((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-10-08 19:06 . 2012-03-31 15:40        696760        ----a-w-        c:\windows\system32\FlashPlayerApp.exe

2012-10-08 19:06 . 2011-05-19 05:54        73656        ----a-w-        c:\windows\system32\FlashPlayerCPLApp.cpl

2012-09-10 17:49 . 2010-09-29 17:02        473072        ----a-w-        c:\windows\system32\deployJava1.dll

2012-09-07 15:04 . 2011-01-17 18:44        22856        ----a-w-        c:\windows\system32\drivers\mbam.sys

2012-08-30 21:08 . 2012-08-30 21:08        6656        ----a-r-        c:\users\Stefan\AppData\Roaming\Microsoft\Installer\{9DBDBDAB-E729-451E-A7A7-858607C08E98}\zacman.exe

.

.

((((((((((((((((((((((((((((((((((((((((((((   Look   )))))))))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

--- c:\users\Stefan\AppData\Roaming\Microsoft\Installer\{9DBDBDAB-E729-451E-A7A7-858607C08E98}\zacman.exe ---

Company: ------

File Description: ------

File Version: ------

Product Name: ------

Copyright: ------

Original Filename: ------

File size: 6656

Created time: 2012-08-30 21:08

Modified time: 2012-08-30 21:08

MD5: 7E5E80A7E78D6C6C181E1ED23E57FD06

SHA1: 54D55F37FD9ACC06E7474FFC72F2EB5A3E9E677E

.

---- Directory of c:\users\Stefan\AppData\Roaming\Microsoft\Installer\{9DBDBDAB-E729-451E-A7A7-858607C08E98} ----

.

2012-08-30 21:08 . 2012-08-30 21:08        6656        ----a-r-        c:\users\Stefan\AppData\Roaming\Microsoft\Installer\{9DBDBDAB-E729-451E-A7A7-858607C08E98}\zacman.exe

.

.

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))

.

.

*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2010-10-06 23:36        94208        ----a-w-        c:\users\Stefan\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2010-10-06 23:36        94208        ----a-w-        c:\users\Stefan\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2010-10-06 23:36        94208        ----a-w-        c:\users\Stefan\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]

"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-09-26 4780928]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RtHDVCpl"="RtHDVCpl.exe" [2007-11-14 4706304]

"toolbar_eula_launcher"="c:\program files\GoogleEULA\EULALauncher.exe" [2007-02-09 16896]

"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 648072]

"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-12-14 86016]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-12-14 8530464]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-12-14 81920]

"EaseUs Watch"="c:\program files\EASEUS\Todo Backup 2.0\bin\EuWatch.exe" [2011-01-22 69000]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]

"NBAgent"="c:\program files\Nero\Nero BackItUp & Burn\Nero BackItUp\NBAgent.exe" [2010-04-30 1086760]

"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]

"LWS"="c:\program files\Logitech\LWS\Webcam Software\LWS.exe" [2011-11-11 205336]

"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-08-08 348664]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

.

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

2011-05-04 17:54        551296        ----a-w-        c:\program files\SUPERAntiSpyware\SASWINLO.DLL

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"mixer1"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]

@=""

.

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Server4PC.lnk]

path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Server4PC.lnk

backup=c:\windows\pss\Server4PC.lnk.CommonStartup

backupExtension=.CommonStartup

.

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]

path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\WinZip Quick Pick.lnk

backup=c:\windows\pss\WinZip Quick Pick.lnk.CommonStartup

backupExtension=.CommonStartup

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]

2007-12-03 13:21        2213160        ----a-w-        c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

2007-03-01 13:57        153136        ----a-w-        c:\program files\Common Files\Nero\Lib\NeroCheck.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrayServer]

2006-10-04 15:41        86016        ----a-w-        c:\magix\Video_deluxe_2007_PLUS\Trayserver.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]

2008-01-19 07:38        1008184        ----a-w-        c:\program files\Windows Defender\MSASCui.exe

.

R3 3xHybrid;Philips SAA713x PCI Card;c:\windows\system32\DRIVERS\3xHybrid.sys [x]

R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]

S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [x]

S2 AAV UpdateService;AAV UpdateService;c:\program files\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe [x]

S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x]

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

WindowsMobile        REG_MULTI_SZ           wcescomm rapimgr

LocalServiceRestricted        REG_MULTI_SZ           WcesComm RapiMgr

bthsvcs        REG_MULTI_SZ           BthServ

LocalServiceAndNoImpersonation        REG_MULTI_SZ           FontCache

.

Inhalt des "geplante Tasks" Ordners

.

2012-10-08 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-31 19:06]

.

2012-10-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-15 16:57]

.

2012-10-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-15 16:57]

.

.

------- Zusätzlicher Suchlauf -------

.

uStart Page = hxxp://www.google.de/

mSearch Bar = hxxp://www.google.com/ie

IE: Add to Evernote 4.0 - c:\program files\Evernote\Evernote\EvernoteIE.dll/204

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: Free YouTube Download - c:\users\Stefan\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm

IE: Free YouTube to MP3 Converter - c:\users\Stefan\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm

IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html

IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000

IE: {{0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-25/4

TCP: DhcpNameServer = 192.168.178.1

DPF: {34DC6011-88B5-4EA9-BA7A-DC7B4F4437FE} - hxxp://photoservice.fujicolor.eu/ips-opdata/objects/jordan.cab

DPF: {6678BE91-1E04-4A4A-9C32-63145EA79C2A} - hxxp://fifa-online.easports.com/fo3-theme/addons/EAFO3AXLauncher.cab

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net

Rootkit scan 2012-10-09 19:31

Windows 6.0.6002 Service Pack 2 NTFS

.

Scanne versteckte Prozesse... 

.

Scanne versteckte Autostarteinträge... 

.

Scanne versteckte Dateien... 

.

Scan erfolgreich abgeschlossen

versteckte Dateien: 0

.

**************************************************************************

.

--------------------- Gesperrte Registrierungsschluessel ---------------------

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

--------------------- Durch laufende Prozesse gestartete DLLs ---------------------

.

- - - - - - - > 'Explorer.exe'(5460)

c:\users\Stefan\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

Zeit der Fertigstellung: 2012-10-09  19:34:02

ComboFix-quarantined-files.txt  2012-10-09 17:34

ComboFix2.txt  2012-10-08 05:15

.

Vor Suchlauf: 19 Verzeichnis(se), 122.669.768.704 Bytes frei

Nach Suchlauf: 20 Verzeichnis(se), 122.703.675.392 Bytes frei

.

- - End Of File - - 34958095763F88146474D56E6649323A

Code:

c:\users\Stefan\AppData\Roaming\Microsoft\Installer\{9DBDBDAB-E729-451E-A7A7-858607C08E98}\zacman.exe

Bitte diese Datei bei Virustotal auswerten lassen und den Ergebnislink posten. Falls Du die Datei nicht siehst, musst Du sie evtl. vorher sichtbar machen.
Wenn die Datei schon ausgewertet sein sollte, bitte eine weitere Auswertung starten.

https://www.virustotal.com/file/6af6f4e69e9e509a41df3ab89f1abc1c139b199aa6631852590a7f6d6a296e9c/analysis/1349807951/

Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.

Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM!

Downloade dir bitte

aswMBR.exe und speichere die Datei auf deinem Desktop.

Starte die aswMBR.exe - (aswMBR.exe Anleitung)
Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
Klicke auf Scan.
Warte bitte bis Scan finished successfully im DOS-Fenster steht.
Drücke auf Save Log und speichere diese auf dem Desktop.

Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).

Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes:
Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.

Zunächst Gmer:

Code:

GMER 1.0.15.15641 - hxxp://www.gmer.net

Rootkit scan 2012-10-09 23:03:53

Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\0000005b ST350083 rev.3.AA

Running: j7r0yzdj.exe; Driver: C:\Users\Stefan\AppData\Local\Temp\ugdiqpob.sys
 
 

---- System - GMER 1.0.15 ----
 

SSDT            8DE9F546                                                                                                     ZwCreateSection

SSDT            8DE9F550                                                                                                     ZwRequestWaitReplyPort

SSDT            8DE9F54B                                                                                                     ZwSetContextThread

SSDT            8DE9F555                                                                                                     ZwSetSecurityObject

SSDT            8DE9F55A                                                                                                     ZwSystemDebugControl

SSDT            \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS                                                           ZwTerminateProcess [0x8E629640]
 

---- Kernel code sections - GMER 1.0.15 ----
 

.text           ntkrnlpa.exe!KeSetEvent + 215                                                                                82EAC8D8 4 Bytes  [46, F5, E9, 8D]

.text           ntkrnlpa.exe!KeSetEvent + 539                                                                                82EACBFC 4 Bytes  [50, F5, E9, 8D]

.text           ntkrnlpa.exe!KeSetEvent + 56D                                                                                82EACC30 4 Bytes  [4B, F5, E9, 8D]

.text           ntkrnlpa.exe!KeSetEvent + 5D1                                                                                82EACC94 4 Bytes  [55, F5, E9, 8D]

.text           ntkrnlpa.exe!KeSetEvent + 619                                                                                82EACCDC 4 Bytes  [5A, F5, E9, 8D]

.text           ...                                                                                                          

.text           C:\Windows\system32\DRIVERS\nvlddmkm.sys                                                                     section is writeable [0x8D005340, 0x39ED97, 0xE8000020]

.text           C:\Windows\system32\drivers\ACEDRV07.sys                                                                     section is writeable [0x9C604000, 0x328BA, 0xE8000020]

.pklstb         C:\Windows\system32\drivers\ACEDRV07.sys                                                                     entry point in ".pklstb" section [0x9C648000]

.relo2          C:\Windows\system32\drivers\ACEDRV07.sys                                                                     unknown last section [0x9C664000, 0x8E, 0x42000040]

.text           C:\Windows\system32\DRIVERS\atksgt.sys                                                                       section is writeable [0x9F512300, 0x3AF78, 0xE8000020]

.text           C:\Windows\system32\DRIVERS\lirsgt.sys                                                                       section is writeable [0x9F555300, 0x1BCE, 0xE8000020]

?               C:\Windows\system32\Drivers\PROCEXP113.SYS                                                                   Das System kann die angegebene Datei nicht finden. !

?               C:\Users\Stefan\AppData\Local\Temp\catchme.sys                                                               Das System kann die angegebene Datei nicht finden. !
 

---- User IAT/EAT - GMER 1.0.15 ----
 

IAT             C:\Windows\Explorer.exe[5460] @ C:\Windows\Explorer.exe [gdiplus.dll!GdiplusShutdown]                        [73F97817] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT             C:\Windows\Explorer.exe[5460] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipCloneImage]                         [73FDB4E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT             C:\Windows\Explorer.exe[5460] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipDrawImageRectI]                     [73F9BB22] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT             C:\Windows\Explorer.exe[5460] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipSetInterpolationMode]               [73F8F695] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT             C:\Windows\Explorer.exe[5460] @ C:\Windows\Explorer.exe [gdiplus.dll!GdiplusStartup]                         [73F975E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT             C:\Windows\Explorer.exe[5460] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipCreateFromHDC]                      [73F8E7CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT             C:\Windows\Explorer.exe[5460] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipCreateBitmapFromStreamICM]          [73FC73F5] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT             C:\Windows\Explorer.exe[5460] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipCreateBitmapFromStream]             [73F9DA60] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT             C:\Windows\Explorer.exe[5460] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipGetImageHeight]                     [73F8FFFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT             C:\Windows\Explorer.exe[5460] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipGetImageWidth]                      [73F8FF61] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT             C:\Windows\Explorer.exe[5460] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipDisposeImage]                       [73F871CF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT             C:\Windows\Explorer.exe[5460] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipLoadImageFromFileICM]               [7401CAE2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT             C:\Windows\Explorer.exe[5460] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipLoadImageFromFile]                  [73FBC8D8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT             C:\Windows\Explorer.exe[5460] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipDeleteGraphics]                     [73F8D968] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT             C:\Windows\Explorer.exe[5460] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipFree]                               [73F86853] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT             C:\Windows\Explorer.exe[5460] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipAlloc]                              [73F8687E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT             C:\Windows\Explorer.exe[5460] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipSetCompositingMode]                 [73F92AD1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
 

---- Devices - GMER 1.0.15 ----
 

Device                                                                                                                       Ntfs.sys (NT-Dateisystemtreiber/Microsoft Corporation)

Device                                                                                                                       fastfat.SYS (Fast FAT File System Driver/Microsoft Corporation)
 

AttachedDevice  \Driver\volsnap \Device\HarddiskVolumeShadowCopy1                                                            eubakup.sys (Disk Backup Driver/CHENGDU YIWO Tech Development Co., Ltd)

AttachedDevice  \Driver\volsnap \Device\HarddiskVolumeShadowCopy2                                                            eubakup.sys (Disk Backup Driver/CHENGDU YIWO Tech Development Co., Ltd)

AttachedDevice  \Driver\volsnap \Device\HarddiskVolumeShadowCopy3                                                            eubakup.sys (Disk Backup Driver/CHENGDU YIWO Tech Development Co., Ltd)

AttachedDevice  \Driver\volsnap \Device\HarddiskVolumeShadowCopy4                                                            eubakup.sys (Disk Backup Driver/CHENGDU YIWO Tech Development Co., Ltd)

AttachedDevice  \Driver\volsnap \Device\HarddiskVolumeShadowCopy5                                                            eubakup.sys (Disk Backup Driver/CHENGDU YIWO Tech Development Co., Ltd)

AttachedDevice  \Driver\volsnap \Device\HarddiskVolumeShadowCopy6                                                            eubakup.sys (Disk Backup Driver/CHENGDU YIWO Tech Development Co., Ltd)

AttachedDevice  \Driver\volsnap \Device\HarddiskVolumeShadowCopy7                                                            eubakup.sys (Disk Backup Driver/CHENGDU YIWO Tech Development Co., Ltd)

AttachedDevice  \Driver\volsnap \Device\HarddiskVolumeShadowCopy8                                                            eubakup.sys (Disk Backup Driver/CHENGDU YIWO Tech Development Co., Ltd)

AttachedDevice  \Driver\volsnap \Device\HarddiskVolumeShadowCopy9                                                            eubakup.sys (Disk Backup Driver/CHENGDU YIWO Tech Development Co., Ltd)

AttachedDevice  \Driver\volmgr \Device\HarddiskVolume1                                                                       eubakup.sys (Disk Backup Driver/CHENGDU YIWO Tech Development Co., Ltd)

AttachedDevice  \Driver\volmgr \Device\HarddiskVolume2                                                                       eubakup.sys (Disk Backup Driver/CHENGDU YIWO Tech Development Co., Ltd)

AttachedDevice  \Driver\volmgr \Device\HarddiskVolume3                                                                       eubakup.sys (Disk Backup Driver/CHENGDU YIWO Tech Development Co., Ltd)

AttachedDevice  \Driver\volmgr \Device\HarddiskVolume4                                                                       eubakup.sys (Disk Backup Driver/CHENGDU YIWO Tech Development Co., Ltd)

AttachedDevice  \Driver\volmgr \Device\HarddiskVolume5                                                                       eubakup.sys (Disk Backup Driver/CHENGDU YIWO Tech Development Co., Ltd)

AttachedDevice  \Driver\volsnap \Device\HarddiskVolumeShadowCopy10                                                           eubakup.sys (Disk Backup Driver/CHENGDU YIWO Tech Development Co., Ltd)

AttachedDevice  \Driver\volsnap \Device\HarddiskVolumeShadowCopy11                                                           eubakup.sys (Disk Backup Driver/CHENGDU YIWO Tech Development Co., Ltd)

AttachedDevice  \Driver\volsnap \Device\HarddiskVolumeShadowCopy12                                                           eubakup.sys (Disk Backup Driver/CHENGDU YIWO Tech Development Co., Ltd)

AttachedDevice  \Driver\volsnap \Device\HarddiskVolumeShadowCopy13                                                           eubakup.sys (Disk Backup Driver/CHENGDU YIWO Tech Development Co., Ltd)

AttachedDevice  \Driver\volsnap \Device\HarddiskVolumeShadowCopy20                                                           eubakup.sys (Disk Backup Driver/CHENGDU YIWO Tech Development Co., Ltd)

AttachedDevice  \Driver\volsnap \Device\HarddiskVolumeShadowCopy14                                                           eubakup.sys (Disk Backup Driver/CHENGDU YIWO Tech Development Co., Ltd)

AttachedDevice  \Driver\volsnap \Device\HarddiskVolumeShadowCopy21                                                           eubakup.sys (Disk Backup Driver/CHENGDU YIWO Tech Development Co., Ltd)

AttachedDevice  \Driver\volsnap \Device\HarddiskVolumeShadowCopy22                                                           eubakup.sys (Disk Backup Driver/CHENGDU YIWO Tech Development Co., Ltd)

AttachedDevice  \Driver\volsnap \Device\HarddiskVolumeShadowCopy15                                                           eubakup.sys (Disk Backup Driver/CHENGDU YIWO Tech Development Co., Ltd)

AttachedDevice  \Driver\volsnap \Device\HarddiskVolumeShadowCopy23                                                           eubakup.sys (Disk Backup Driver/CHENGDU YIWO Tech Development Co., Ltd)

AttachedDevice  \Driver\volsnap \Device\HarddiskVolumeShadowCopy16                                                           eubakup.sys (Disk Backup Driver/CHENGDU YIWO Tech Development Co., Ltd)

AttachedDevice  \Driver\volsnap \Device\HarddiskVolumeShadowCopy24                                                           eubakup.sys (Disk Backup Driver/CHENGDU YIWO Tech Development Co., Ltd)

AttachedDevice  \Driver\volsnap \Device\HarddiskVolumeShadowCopy17                                                           eubakup.sys (Disk Backup Driver/CHENGDU YIWO Tech Development Co., Ltd)

AttachedDevice  \Driver\volsnap \Device\HarddiskVolumeShadowCopy25                                                           eubakup.sys (Disk Backup Driver/CHENGDU YIWO Tech Development Co., Ltd)

AttachedDevice  \Driver\volsnap \Device\HarddiskVolumeShadowCopy18                                                           eubakup.sys (Disk Backup Driver/CHENGDU YIWO Tech Development Co., Ltd)

AttachedDevice  \Driver\volsnap \Device\HarddiskVolumeShadowCopy26                                                           eubakup.sys (Disk Backup Driver/CHENGDU YIWO Tech Development Co., Ltd)

AttachedDevice  \Driver\volsnap \Device\HarddiskVolumeShadowCopy19                                                           eubakup.sys (Disk Backup Driver/CHENGDU YIWO Tech Development Co., Ltd)

AttachedDevice  \Driver\volsnap \Device\HarddiskVolumeShadowCopy27                                                           eubakup.sys (Disk Backup Driver/CHENGDU YIWO Tech Development Co., Ltd)

AttachedDevice  \Driver\volsnap \Device\HarddiskVolumeShadowCopy28                                                           eubakup.sys (Disk Backup Driver/CHENGDU YIWO Tech Development Co., Ltd)

AttachedDevice  \Driver\volsnap \Device\HarddiskVolumeShadowCopy29                                                           eubakup.sys (Disk Backup Driver/CHENGDU YIWO Tech Development Co., Ltd)

AttachedDevice                                                                                                               fltmgr.sys (Microsoft Dateisystem-Filter-Manager/Microsoft Corporation)
 

---- Registry - GMER 1.0.15 ----
 

Reg             HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\00158307cde2                                  

Reg             HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\00158307cde2 (not active ControlSet)              

Reg             HKLM\SOFTWARE\Classes\CLSID\{B6A930A0-A4F5-43A5-9B4E-6189A6C2B9E8}@\24!s!\24!y!c!`!s!i!\22!t!t!\22!i!c!s!j!  19583823
 

---- EOF - GMER 1.0.15 ----

Und hier die Osam.log

Und noch die die aswmbr.txt

Warum denn in den Anhang?!

Die Logs bitte nur in den Anhang (gezippt) legen, wenn sie zu groß sind um direkt gepostet zu werden!
Ansonsten bitte alles nach Möglichkeit hier in CODE-Tags posten. Das ist einfacher übersichtlicher und man spart sich ne Menge Rumklickerei

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:

hier steht das Log

`Tschuldigung, da habe ich nicht drüber nachgedacht :stirn:

Code:

Report of OSAM: Autorun Manager v5.0.11926.0

hxxp://www.online-solutions.ru/en/

Saved at 23:10:14 on 09.10.2012
 

OS: Windows Vista Home Premium Edition Service Pack 2 (Build 6002), 32-bit

Default Browser: Unable to get information
 

Scanner Settings

[x] Rootkits detection (hidden registry)

[x] Rootkits detection (hidden files)

[x] Retrieve files information

[x] Check Microsoft signatures
 

Filters

[ ] Trusted entries

[ ] Empty entries

[x] Hidden registry entries (rootkit activity)

[x] Exclusively opened files

[x] Not found files

[x] Files without detailed information

[x] Existing files

[ ] Non-startable services

[ ] Non-startable drivers

[x] Active entries

[x] Disabled entries
 
 

[Common]

-----( %SystemRoot%\Tasks )-----

"GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe

"GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe

"Adobe Flash Player Updater.job" - "Adobe Systems Incorporated" - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
 

[Control Panel Objects]

-----( %SystemRoot%\system32 )-----

"CplMCDec.cpl" - "MainConcept AG" - C:\Windows\system32\CplMCDec.cpl

"Ddbaccpl.cpl" - "DataDesign AG" - C:\Windows\system32\Ddbaccpl.cpl

"ddBACCTM.cpl" - "DataDesign AG" - C:\Windows\system32\ddBACCTM.cpl

"DivXControlPanelApplet.cpl" - "DivX, Inc." - C:\Windows\system32\DivXControlPanelApplet.cpl

"FlashPlayerCPLApp.cpl" - "Adobe Systems Incorporated" - C:\Windows\system32\FlashPlayerCPLApp.cpl

"PhysX.cpl" - ? - C:\Windows\system32\PhysX.cpl

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----

"CplMCDec" - "MainConcept AG" - C:\Windows\System32\CplMCDec.cpl

"CplMCDec_x86" - ? - C:\Windows\SysWOW64\CplMCDec.cpl  (File not found)

"mlcfg32.cpl" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\MLCFG32.CPL

"Nero BackItUp and BurnRights" - "Nero AG" - C:\Program Files\Nero\Nero BackItUp & Burn\Nero BurnRights\NeroBurnRights_bb.cpl

"QuickTime" - "Apple Inc." - C:\Program Files\QuickTime\QTSystem\QuickTime.cpl
 

[Drivers]

-----( HKLM\SYSTEM\CurrentControlSet\Services )-----

"ACEDRV07" (ACEDRV07) - "Protect Software GmbH" - C:\Windows\system32\drivers\ACEDRV07.sys

"atksgt" (atksgt) - ? - C:\Windows\System32\DRIVERS\atksgt.sys  (File found, but it contains no detailed information)

"avgntflt" (avgntflt) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avgntflt.sys

"avipbb" (avipbb) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avipbb.sys

"avkmgr" (avkmgr) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avkmgr.sys

"catchme" (catchme) - ? - C:\Users\Stefan\AppData\Local\Temp\catchme.sys  (File not found)

"Dynamically loaded UxdDrv" (uxddrv) - ? - E:\DIAGNOSE\WSTGER\uxddrv.sys  (File not found)

"EUBAKUP" (EUBAKUP) - "CHENGDU YIWO Tech Development Co., Ltd" - C:\Windows\System32\drivers\eubakup.sys

"EUDSKACS" (EUDSKACS) - "CHENGDU YIWO Tech Development Co., Ltd" - C:\Windows\system32\drivers\eudskacs.sys

"EUFS" (EUFS) - "CHENGDU YIWO Tech Development Co., Ltd" - C:\Windows\System32\drivers\eufs.sys

"lirsgt" (lirsgt) - ? - C:\Windows\System32\DRIVERS\lirsgt.sys  (File found, but it contains no detailed information)

"Logitech HD Webcam C270(UVC)" (LVUVC) - "Logitech Inc." - C:\Windows\System32\DRIVERS\lvuvc.sys

"Logitech RightSound Filter Driver" (LVRS) - "Logitech Inc." - C:\Windows\System32\DRIVERS\lvrs.sys

"mbr" (mbr) - ? - C:\ComboFix\mbr.sys  (Hidden registry entry, rootkit activity | File not found)

"PxHelp20" (PxHelp20) - "Sonic Solutions" - C:\Windows\System32\Drivers\PxHelp20.sys

"SASDIFSV" (SASDIFSV) - "SUPERAdBlocker.com and SUPERAntiSpyware.com" - C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS

"SASKUTIL" (SASKUTIL) - "SUPERAdBlocker.com and SUPERAntiSpyware.com" - C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS

"ssmdrv" (ssmdrv) - "Avira GmbH" - C:\Windows\System32\DRIVERS\ssmdrv.sys

"ugdiqpob" (ugdiqpob) - ? - C:\Users\Stefan\AppData\Local\Temp\ugdiqpob.sys  (Hidden registry entry, rootkit activity | File not found)
 

[Explorer]

-----( HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----

{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? -   (File not found | COM-object registry key not found)

{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? -   (File not found | COM-object registry key not found)

{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? -   (File not found | COM-object registry key not found)

{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? -   (File not found | COM-object registry key not found)

-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----

{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll

-----( HKLM\Software\Classes\Protocols\Filter )-----

{807563E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL

-----( HKLM\Software\Classes\Protocols\Handler )-----

{314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll

{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

{0A9007C0-4076-11D3-8789-0000F8105754} "Microsoft Infotech Storage Protocol for IE 4.0" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )-----

{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} "SABShellExecuteHook Class" - "SuperAdBlocker.com" - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----

{911051fa-c21c-4246-b470-070cd8df6dc4} ".cab or .zip files" - ? -   (File not found | COM-object registry key not found)

{23170F69-40C1-278A-1000-000100020000} "7-Zip Shell Extension" - "Igor Pavlov" - C:\Program Files\7-Zip\7-zip.dll

{1b24a030-9b20-49bc-97ac-1be4426f9e59} "ActiveDirectory Folder" - ? -   (File not found | COM-object registry key not found)

{34449847-FD14-4fc8-A75A-7432F5181EFB} "ActiveDirectory Folder" - ? -   (File not found | COM-object registry key not found)

{5F327514-6C5E-4d60-8F16-D07FA08A78ED} "Auto Update Property Sheet Extension" - ? -   (File not found | COM-object registry key not found)

{0F8604A5-4ECE-4DE1-BA7D-CF10F8AA4F48} "Contacts folder" - ? -   (File not found | COM-object registry key not found)

{4CCEFB41-18FA-11D3-9EF3-00A0C9E897FD} "CorelDRAW Shell Extension Component" - "Corel Corporation" - C:\Program Files\Corel\Corel Graphics 11\DRAW\CDRVIEWER\CrlShell110.dll

{2C2577C2-63A7-40e3-9B7F-586602617ECB} "Explorer Query Band" - ? -   (File not found | COM-object registry key not found)

{FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} "IE User Assist" - ? -   (File not found | COM-object registry key not found)

{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\msohevi.dll

{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll

{5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C} "Microsoft Office OneNote Namespace Extension for Windows Desktop Search" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\ONFILTER.DLL

{00020d75-0000-0000-c000-000000000046} "Microsoft Office Outlook" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\MLSHEXT.DLL

{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll

{97F68CE3-7146-45FF-BE24-D9A7DD7CB8A2} "NeroCoverEdLiveIcons Class" - "Nero AG" - C:\Program Files\Nero\Nero8\Nero CoverDesigner\CoverEdExtension.dll

{0006F045-0000-0000-C000-000000000046} "Outlook File Icon Extension" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\OLKFSTUB.DLL

{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} "RealOne Player Context Menu Class" - "RealNetworks, Inc." - C:\Program Files\Real\RealPlayer\rpshell.dll

{C8494E42-ACDD-4739-B0FB-217361E4894F} "Sam Account Folder" - ? -   (File not found | COM-object registry key not found)

{E29F9716-5C08-4FCD-955A-119FDB5A522D} "Sam Account Folder" - ? -   (File not found | COM-object registry key not found)

{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira Operations GmbH & Co. KG" - C:\Program Files\Avira\AntiVir Desktop\shlext.dll

{52B87208-9CCF-42C9-B88E-069281105805} "Trojan Remover Shell Extension" - ? -   (File not found | COM-object registry key not found)

{da67b8ad-e81b-4c70-9b91b417b5e33527} "Windows Search Shell Service" - ? -   (File not found | COM-object registry key not found)

{E0D79304-84BE-11CE-9641-444553540000} "WinZip" - "WinZip Computing, S.L." - C:\Program Files\WinZip\wzshlstb.dll

{E0D79305-84BE-11CE-9641-444553540000} "WinZip" - "WinZip Computing, S.L." - C:\Program Files\WinZip\wzshlstb.dll

{E0D79306-84BE-11CE-9641-444553540000} "WinZip" - "WinZip Computing, S.L." - C:\Program Files\WinZip\wzshlstb.dll

{E0D79307-84BE-11CE-9641-444553540000} "WinZip" - "WinZip Computing, S.L." - C:\Program Files\WinZip\wzshlstb.dll
 

[Internet Explorer]

-----( HKCU\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars )-----

{097102B5-B85D-947E-1FAC-91A86E47930F} "{097102B5-B85D-947E-1FAC-91A86E47930F}" - ? -   (File not found | COM-object registry key not found)

-----( HKCU\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----

"eBay - Der weltweite Online-Marktplatz" - ? - hxxp://rover.ebay.com/rover/1/707-37276-17534-15/4  (HTTP value)

-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----

ITBar7Height "ITBar7Height" - ? -   (File not found | COM-object registry key not found)

<binary data> "ITBar7Layout" - ? -   (File not found | COM-object registry key not found)

-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----

{4F63D44B-6274-4D60-8AB1-CAA7116B8AF3} "A9Helper.A9" - ? - C:\Windows\Downloaded Program Files\A9.ocx / file:///E:/components/A9.ocx

{6678BE91-1E04-4A4A-9C32-63145EA79C2A} "EAFO3AXLauncher Control" - "Electronic Arts Inc." - C:\Windows\DOWNLO~1\EAFO3A~1.OCX / hxxp://fifa-online.easports.com/fo3-theme/addons/EAFO3AXLauncher.cab

{22E5D91F-89E6-4405-AD9C-0AF27BA6F06B} "HidInputMonitorX Control" - "TODO: <Company name>" - C:\Windows\DOWNLO~1\HIDINP~1.OCX / file:///E:/components/hidinputmonitorx.ocx

{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_35" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab

{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} "Java Plug-in 1.6.0_35" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab

{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_35" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_35.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab

{34DC6011-88B5-4EA9-BA7A-DC7B4F4437FE} "JordanUploader Class" - "IPLabs GmbH" - C:\Windows\Downloaded Program Files\JordanApplet.dll / hxxp://photoservice.fujicolor.eu/ips-opdata/objects/jordan.cab

{F27237D7-93C8-44C2-AC6E-D6057B9A918F} "JuniperSetupClientControl Class" - "Juniper Networks" - C:\Windows\Downloaded Program Files\JuniperSetupClient.ocx / https://seva.f-i.de/dana-cached/sc/JuniperSetupClient.cab

{6E32070A-766D-4EE6-879C-DC1FA91D2FC3} "MUWebControl Class" - "Microsoft Corporation" - C:\Windows\system32\muweb.dll / hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1231834711663

{7530BFB8-7293-4D34-9923-61A11451AFC5} "OnlineScanner Control" - "ESET" - C:\PROGRA~1\ESET\ESETON~1\ONLINE~1.OCX / hxxp://download.eset.com/special/eos/OnlineScanner.cab

{7030CC6C-1A88-4591-BB5A-651B9F7F0C30} "WMVHDRatingCtrl Class" - ? - C:\Windows\Downloaded Program Files\wmvhdrating.ocx / file:///E:/components/wmvhdrating.ocx

{8FFBE65D-2C9C-4669-84BD-5829DC0B603C} "{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}" - ? -   (File not found | COM-object registry key not found) / hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab

{E2883E8F-472F-4FB0-9522-AC9BF37916A7} "{E2883E8F-472F-4FB0-9522-AC9BF37916A7}" - ? -   (File not found | COM-object registry key not found) / hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----

"@C:\Program Files\Evernote\Evernote\Resource.dll,-101" - ? - res://C:\Program Files\Evernote\Evernote\EvernoteIE.dll/204  (File not found)

{2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} "@C:\Windows\WindowsMobile\INetRepl.dll,-222" - "Microsoft Corporation" - C:\Windows\WindowsMobile\INetRepl.dll

{48E73304-E1D6-4330-914C-F5F514E3486C} "An OneNote senden" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll

{2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} "ClsidExtension" - "Microsoft Corporation" - C:\Windows\WindowsMobile\INetRepl.dll

"eBay - Der weltweite Online-Marktplatz" - ? - hxxp://rover.ebay.com/rover/1/707-37276-17534-25/4  (HTTP value)

{FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Research" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----

{18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

{326E768D-4182-46FD-9C16-1449A49795F4} "DivX Plus Web Player HTML5 <video>" - "DivX, LLC" - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll

{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2ssv.dll

{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} "Java(tm) Plug-In SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\ssv.dll
 

[Logon]

-----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )-----

"desktop.ini" - ? - C:\Users\Stefan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini

"Dropbox.lnk" - "Dropbox, Inc." - C:\Users\Stefan\AppData\Roaming\Dropbox\bin\Dropbox.exe  (Shortcut exists | File exists)

"EvernoteClipper.lnk" - "Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041" - C:\Program Files\Evernote\Evernote\EvernoteClipper.exe  (Shortcut exists | File exists)

-----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )-----

"desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini

-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----

"SUPERAntiSpyware" - "SUPERAntiSpyware.com" - C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

-----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )-----

"StartupPrograms" - ? - rdpclip  (File not found)

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----

"Adobe ARM" - "Adobe Systems Incorporated" - "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

"avgnt" - "Avira Operations GmbH & Co. KG" - "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min

"DivXUpdate" - ? - "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW

"EaseUs Watch" - "CHENGDU YIWO Tech Development Co., Ltd" - "C:\Program Files\EASEUS\Todo Backup 2.0\bin\EuWatch.exe"

"LWS" - "Logitech Inc." - C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe -hide

"NBAgent" - "Nero AG" - "C:\Program Files\Nero\Nero BackItUp & Burn\Nero BackItUp\NBAgent.exe" /WinStart

"SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

"toolbar_eula_launcher" - " " - C:\Program Files\GoogleEULA\EULALauncher.exe
 

[Print Monitors]

-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----

"avm:" - "AVM Berlin GmbH" - C:\Windows\system32\avmprmon.dll

"Microsoft Document Imaging Writer Monitor" - "Microsoft Corporation" - C:\Windows\system32\mdimon.dll

"Send To Microsoft OneNote Monitor" - "Microsoft Corporation" - C:\Windows\system32\msonpmon.dll
 

[Services]

-----( HKLM\SYSTEM\CurrentControlSet\Services )-----

"@c:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100" (WPFFontCache_v0400) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe

"AAV UpdateService" (AAV UpdateService) - ? - C:\Program Files\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe

"Adobe Acrobat Update Service" (AdobeARMservice) - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe

"Adobe Flash Player Update Service" (AdobeFlashPlayerUpdateSvc) - "Adobe Systems Incorporated" - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

"Avira Echtzeit Scanner" (AntiVirService) - "Avira Operations GmbH & Co. KG" - C:\Program Files\Avira\AntiVir Desktop\avguard.exe

"Avira Planer" (AntiVirSchedulerService) - "Avira Operations GmbH & Co. KG" - C:\Program Files\Avira\AntiVir Desktop\sched.exe

"Cyberlink RichVideo Service(CRVS)" (RichVideo) - ? - C:\Program Files\CyberLink\Shared Files\RichVideo.exe

"EASEUS Agent" (EASEUS Agent) - "CHENGDU YIWO Tech Development Co., Ltd" - C:\Program Files\EASEUS\Todo Backup 2.0\bin\Agent.exe

"Google Software Updater" (gusvc) - "Google" - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

"Google Update Service (gupdate)" (gupdate) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe

"Google Update-Dienst (gupdatem)" (gupdatem) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe

"GoogleDesktopManager" (GoogleDesktopManager) - "Google" - C:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe

"Macromedia Licensing Service" (Macromedia Licensing Service) - ? - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe

"Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

"Microsoft Office Diagnostics Service" (odserv) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE

"MotoHelper Service" (MotoHelper) - ? - C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe

"Nero BackItUp Scheduler 3" (Nero BackItUp Scheduler 3) - "Nero AG" - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe

"NMIndexingService" (NMIndexingService) - "Nero AG" - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe

"Office Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE

"PnkBstrA" (PnkBstrA) - ? - C:\Windows\system32\PnkBstrA.exe  (File found, but it contains no detailed information)

"SAS Core Service" (!SASCORE) - "SUPERAntiSpyware.com" - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE

"Skype Updater" (SkypeUpdate) - "Skype Technologies" - C:\Program Files\Skype\Updater\Updater.exe

"UMVPFSrv" (UMVPFSrv) - "Logitech Inc." - C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe

"X10 Device Network Service" (x10nets) - "X10" - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
 

[Winlogon]

-----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify )-----

"!SASWinLogon" - "SUPERAntiSpyware.com" - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
 

===[ Logfile end ]=========================================[ Logfile end ]===
 

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru

Code:

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software

Run date: 2012-10-09 23:13:18

-----------------------------

23:13:18.881    OS Version: Windows 6.0.6002 Service Pack 2

23:13:18.881    Number of processors: 2 586 0xF0B

23:13:18.881    ComputerName: STEFAN-PC  UserName: Stefan

23:13:20.862    Initialize success

23:14:27.201    AVAST engine defs: 12100901

23:14:45.953    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\0000005b

23:14:45.953    Disk 0 Vendor: ST350083 3.AA Size: 476940MB BusType: 6

23:14:46.155    Disk 0 MBR read successfully

23:14:46.171    Disk 0 MBR scan

23:14:46.171    Disk 0 Windows VISTA default MBR code

23:14:46.171    Disk 0 Partition - 00     0F Extended LBA             20646 MB offset 934484985

23:14:46.233    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS       456291 MB offset 63

23:14:46.405    Disk 0 Partition 2 00     0B        FAT32 MSDOS5.0    20646 MB offset 934485048

23:14:46.530    Disk 0 scanning sectors +976768065

23:14:47.123    Disk 0 scanning C:\Windows\system32\drivers

23:16:21.471    Service scanning

23:16:41.174    Service uxddrv E:\DIAGNOSE\WSTGER\uxddrv.sys **LOCKED** 21

23:16:44.622    Modules scanning

23:18:54.507    Disk 0 trace - called modules:

23:18:54.601    ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll storport.sys nvstor32.sys 

23:18:54.617    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86b55878]

23:18:54.617    3 CLASSPNP.SYS[88db68b3] -> nt!IofCallDriver -> [0x85484db8]

23:18:54.632    5 acpi.sys[8069c6bc] -> nt!IofCallDriver -> \Device\0000005b[0x85e13950]

23:18:55.818    AVAST engine scan C:\Windows

23:25:19.219    AVAST engine scan C:\Windows\system32

23:50:08.660    AVAST engine scan C:\Windows\system32\drivers

00:00:23.940    AVAST engine scan C:\Users\Stefan

00:56:28.080    AVAST engine scan C:\ProgramData

01:20:51.001    Scan finished successfully

06:35:06.394    Disk 0 MBR has been saved successfully to "C:\Users\Stefan\Desktop\MBR.dat"

06:35:06.394    The log file has been saved successfully to "C:\Users\Stefan\Desktop\aswMBR.txt"

Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SASW und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!