Trojaner-Board
Seite 1 von 3 1 23
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Antimalware Doctor eingefangen - Malwarebytes hängt sich auf (https://www.trojaner-board.de/90099-antimalware-doctor-eingefangen-malwarebytes-haengt.html)

hans147 27.08.2010 18:49
Antimalware Doctor eingefangen - Malwarebytes hängt sich auf
 
Hallo liebes Forum,

gestern Abend habe ich mir auch den Antimalware Doctor eingefangen. Nachdem ich zahlreiche Foren durchstöbert habe, habe ich die Anweisungen hier aus dem Forum befolgt, rkill auszuführen und dann malwarebytes durchlaufen zu lassen.

rkill ließ sich auch ohne Probleme ausführen, allerdings hängt sich Malwarebytes auf. Das Programm ist hängen geblieben bei:

"Durchsuche zur Zeit:
C:\Program Files\Movie Maker\OmdProject.dll"

bei einem Scan mit AntiVir, den ich vorher im abgesicherten Modus durchgeführt habe, hat sich das Programm ebenfalls beim Durchsuchen dieses Ordners aufgehängt.

Gleichzeitig erscheint ein Dialog-Fenster mit dem Titel

"Security Warning

Application cannot be executed. the file crashreporter.exe is infected.
Do you want to activate your antivirus software now?"

Das ist, wie ich annehme, eine Meldung vom Antimalware Doctor, oder?! Schlißen kann ich das nicht.

Der Task-Manager lässt sich ebenfall nicht aufrufen. Wenn ich das probiere, wird der Bildschrim nach einer Zeit schwarz und es erscheint noch eine weitere Meldung:

"Fehler beim Erstellen des Sicherheitsoptionen-Dialogfeldes

Fehler-Sicherheitsoptionen"

Nichts hilft, außer das Drücken des Netzschalters.

Kann mir jemand weiterhelfen?

ok, ich habe gerade eine quick scan mit malwarebytes durchgeführt. das ging. Ich hab die Anweisungen befolgt und die infizierten Dateien löschen lassen.
Wie im Forum beschrieben poste ich jetzt mal den Bericht.

Wird jemand da schlau raus und kann mir sagen, wie ich weiter vorgehen soll?

Herzlichen Dank schon mal im Voraus!




Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 4488

Windows 6.0.6001 Service Pack 1
Internet Explorer 7.0.6001.18000

27.08.2010 16:11:05
mbam-log-2010-08-27 (16-11-05).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 139559
Laufzeit: 6 Minute(n), 15 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 2
Infizierte Registrierungswerte: 9
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 9

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_CURRENT_USER\Software\Antimalware Doctor Inc (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Antimalware Doctor (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cmxnwersao.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\xwarcemson.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\newsecureapp70700.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\*upd_debug.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\*upd_debug.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cngfuawj (Trojan.FakeAlert.Gen) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\nfljvkga (Trojan.FakeAlert.Gen) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\gdukhsmn (Trojan.FakeAlert.Gen) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\whxvarjy (Trojan.FakeAlert.Gen) -> Quarantined and deleted successfully.

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
C:\Users\***\AppData\Local\Temp\cmxnwersao.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Users\***\AppData\Local\Temp\xwarcemson.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Users\***\AppData\Roaming\C57572CD1FEB9F1B2EAB4009BCD77F4C\newsecureapp70700.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Users\***\AppData\Roaming\C57572CD1FEB9F1B2EAB4009BCD77F4C\upd_debug.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Users\***\AppData\Local\Windows\winhelp.exe (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
C:\Users\***\AppData\Local\naspbrjkh\tlvhgwxshdw.exe (Trojan.FakeAlert.Gen) -> Quarantined and deleted successfully.
C:\Users\***\AppData\Local\gneocswlw\tlmmfgfshdw.exe (Trojan.FakeAlert.Gen) -> Quarantined and deleted successfully.
C:\Users\***\AppData\Local\qbvoclkep\tshpkcwshdw.exe (Trojan.FakeAlert.Gen) -> Quarantined and deleted successfully.
C:\Users\***\AppData\Local\lbmnculnq\tkkcaicshdw.exe (Trojan.FakeAlert.Gen) -> Quarantined and deleted successfully.

...einen Systemscan mit OTL habe ich nun ebenfalls durchgeführt. Die log-File hänge ich hier ebenfalls an:OTL Logfile:
Code:
OTL logfile created on: 27.08.2010 16:24:06 - Run 1
OTL by OldTimer - Version 3.2.10.0    Folder = C:\Users\***\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 62,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 82,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 116,44 Gb Total Space | 21,82 Gb Free Space | 18,74% Space Free | Partition Type: NTFS
Drive D: | 106,68 Gb Total Space | 2,33 Gb Free Space | 2,18% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
Drive F: | 7,40 Gb Total Space | 6,34 Gb Free Space | 85,67% Space Free | Partition Type: FAT32
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: HÄNZ-PC
Current User Name: ***
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\***\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
PRC - C:\Program Files\pdf24\pdf24.exe (Geek Software GmbH)
PRC - C:\Program Files\Tobit Radio.fx\Server\rfx-server.exe ()
PRC - C:\Program Files\Application Updater\ApplicationUpdater.exe (Spigot, Inc.)
PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Windows\ASScrPro.exe ()
PRC - C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (Realtek Semiconductor)
PRC - D:\Tobit ClipInc\Server\ClipInc-Server.exe ()
PRC - C:\Program files\P4G\BatteryLife.exe (ATK)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.)
PRC - C:\Program Files\ASUS\ATK Hotkey\HControl.exe (ASUS)
PRC - C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)
PRC - C:\Program Files\ASUS\ATK Hotkey\ATKOSD.exe (ASUS)
PRC - C:\Program Files\ASUS\SmartLogon\sensorsrv.exe (ASUS)
PRC - C:\Program Files\ASUS\Splendid\ACMON.exe (ATK)
PRC - C:\Program Files\ASUS\ASUS Data Security Manager\ADSMTray.exe (ASUSTek Computer Inc.)
PRC - C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe (ASUSTek Computer Inc.)
PRC - C:\Program Files\ASUS\ATK Hotkey\WDC.exe ()
PRC - C:\Windows\System32\conime.exe (Microsoft Corporation)
PRC - C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
PRC - C:\Program Files\ASUS\ATK Hotkey\HControlUser.exe ()
PRC - C:\Program Files\ASUS\ASUS Live Update\ALU.exe ()
PRC - C:\Program Files\ASUS\ATK Hotkey\MsgTranAgt.exe ()
PRC - C:\Program Files\ATKOSD2\ATKOSD2.exe ()
PRC - C:\Program Files\ASUS\ATK Hotkey\ASLDRSrv.exe ()
PRC - C:\Program Files\ASUS\ATK Hotkey\KBFiltr.exe ()
PRC - C:\Program Files\ATKGFNEX\GFNEXSrv.exe ()
PRC - C:\Program Files\Wireless Console 2\wcourier.exe ()
PRC - C:\Windows\System32\ACEngSvr.exe (ASUSTeK)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\***\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (GoogleDesktopManager-051210-111108) -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
SRV - (Radio.fx) -- C:\Program Files\Tobit Radio.fx\Server\rfx-server.exe ()
SRV - (Application Updater) -- C:\Program Files\Application Updater\ApplicationUpdater.exe (Spigot, Inc.)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (ClipInc001) -- D:\Tobit ClipInc\Server\ClipInc-Server.exe ()
SRV - (CVPND) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.)
SRV - (ADSMService) -- C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe (ASUSTek Computer Inc.)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SRV - (ASLDRService) -- C:\Program Files\ASUS\ATK Hotkey\ASLDRSrv.exe ()
SRV - (ATKGFNEXSrv) -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe ()
SRV - (IDriverT) -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe (Macrovision Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (NwlnkFwd) -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- C:\Windows\System32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- C:\Windows\System32\DRIVERS\ipinip.sys File not found
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgio) -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.)
DRV - (igfx) -- C:\Windows\System32\drivers\igdkmd32.sys (Intel Corporation)
DRV - (CVPNDRVA) -- C:\Windows\System32\drivers\CVPNDRVA.sys (Cisco Systems, Inc.)
DRV - (SNP2UVC) USB2.0 PC Camera (SNP2UVC) -- C:\Windows\System32\drivers\snp2uvc.sys ()
DRV - (rimmptsk) -- C:\Windows\System32\drivers\rimmptsk.sys (REDC)
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
DRV - (DNE) -- C:\Windows\System32\drivers\dne2000.sys (Deterministic Networks, Inc.)
DRV - (MegaSR) -- C:\Windows\system32\drivers\megasr.sys (LSI Corporation, Inc.)
DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Corporation)
DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)
DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (SynTP) -- C:\Windows\System32\drivers\SynTP.sys (Synaptics, Inc.)
DRV - (iaStor) -- C:\Windows\system32\DRIVERS\iaStor.sys (Intel Corporation)
DRV - (AsDsm) -- C:\Windows\System32\drivers\AsDsm.sys (Windows (R) Codename Longhorn DDK provider)
DRV - (rimsptsk) -- C:\Windows\System32\drivers\rimsptsk.sys (REDC)
DRV - (ASMMAP) -- C:\Program Files\ATKGFNEX\ASMMAP.sys ()
DRV - (RTL8023xp) -- C:\Windows\System32\drivers\Rtnicxp.sys (Realtek Semiconductor Corporation                          )
DRV - (kbfiltr) -- C:\Windows\System32\drivers\kbfiltr.sys ( )
DRV - (CVirtA) -- C:\Windows\System32\drivers\CVirtA.sys (Cisco Systems, Inc.)
DRV - (MTsensor) -- C:\Windows\System32\drivers\ATKACPI.sys (ATK0100)
DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (smserial) -- C:\Windows\System32\drivers\smserial.sys (Motorola Inc.)
DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
DRV - (yukonwlh) -- C:\Windows\System32\drivers\yk60x86.sys (Marvell)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = iGoogle
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = iGoogle
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = iGoogle
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = iGoogle
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\pdfforge Toolbar\SearchSettings.dll (Spigot, Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:6522
 
========== FireFox ==========
 
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=302398"
FF - prefs.js..browser.startup.homepage: "www.tagesschau.de"
FF - prefs.js..extensions.enabledItems: pdfforge@mybrowserbar.com:1.1.2
FF - prefs.js..extensions.enabledItems: searchsettings@spigot.com:1.2.3
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.5\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.07.09 09:52:47 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.02.03 12:40:30 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.24\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2010.07.09 09:52:47 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.24\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
 
[2009.07.09 00:48:56 | 000,000,000 | ---D | M] -- C:\Users\Hänz\AppData\Roaming\mozilla\Extensions
[2009.07.09 00:48:56 | 000,000,000 | ---D | M] -- C:\Users\Hänz\AppData\Roaming\mozilla\Firefox\Profiles\uorrjzqe.default\extensions
[2010.07.19 10:50:01 | 000,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2010.07.19 10:49:57 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files\mozilla firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2009.06.24 14:37:42 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2009.06.24 14:37:42 | 000,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2009.06.24 14:37:42 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2009.06.24 14:37:42 | 000,000,986 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2009.06.24 14:37:42 | 000,000,801 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O1 - Hosts: ::1            localhost
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\IE\1.1.2\pdfforgeToolbarIE.dll File not found
O2 - BHO: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\pdfforge Toolbar\SearchSettings.dll (Spigot, Inc.)
O3 - HKLM\..\Toolbar: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\IE\1.1.2\pdfforgeToolbarIE.dll File not found
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ADSMTray] C:\Program Files\ASUS\ASUS Data Security Manager\ADSMTray.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [ASUS Camera ScreenSaver] C:\Windows\ASScrProlog.exe ()
O4 - HKLM..\Run: [ASUS Screen Saver Protector] C:\Windows\ASScrPro.exe ()
O4 - HKLM..\Run: [ATKOSD2] C:\Program Files\ATKOSD2\ATKOSD2.exe ()
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [CLMLServer] C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [Google Desktop Search] C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
O4 - HKLM..\Run: [HControlUser] C:\Program Files\ASUS\ATK Hotkey\HControlUser.exe ()
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NeroCheck] C:\Windows\System32\\NeroCheck.exe ()
O4 - HKLM..\Run: [P2Go_Menu] C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [PDFPrint] C:\Program Files\pdf24\pdf24.exe (Geek Software GmbH)
O4 - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SearchSettings] C:\Program Files\pdfforge Toolbar\SearchSettings.exe (Spigot, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\RunOnce: [*hostcacheadm.exe] C:\Users\Hänz\hostcacheadm.exe ()
O4 - Startup: C:\Users\Hänz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Hänz\AppData\Roaming\Dropbox\bin\Dropbox.exe ()
O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {00000130-9980-0010-8000-00AA00389B71} hxxp://codecs.microsoft.com/codecs/i386/ACELPACM.CAB (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) - C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL (Google)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Users\Hänz\Desktop\PresseLive\rise_against_tim_mcilrath_2_2.JPG
O24 - Desktop BackupWallPaper: C:\Users\Hänz\Desktop\PresseLive\rise_against_tim_mcilrath_2_2.JPG
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{3f7803a7-9e31-11df-8ef7-00248c454e09}\Shell - "" = AutoRun
O33 - MountPoints2\{3f7803a7-9e31-11df-8ef7-00248c454e09}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -- File not found
O33 - MountPoints2\{b9ffb112-2e99-11df-9ea0-00248c454e09}\Shell - "" = AutoRun
O33 - MountPoints2\{b9ffb112-2e99-11df-9ea0-00248c454e09}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -- File not found
O33 - MountPoints2\{c0a31e53-a6e1-11df-9da2-00248c454e09}\Shell - "" = AutoRun
O33 - MountPoints2\{c0a31e53-a6e1-11df-9da2-00248c454e09}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2010.08.27 16:22:11 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
[2010.08.27 13:50:01 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Malwarebytes
[2010.08.27 13:49:51 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010.08.27 13:49:49 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010.08.27 13:49:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010.08.27 13:49:48 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010.08.27 13:48:10 | 006,153,648 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Users\***\Desktop\mbam-setup.exe
[2010.08.27 00:09:06 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\lbmnculnq
[2010.08.27 00:09:04 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\qbvoclkep
[2010.08.27 00:08:57 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\gneocswlw
[2010.08.27 00:08:54 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\naspbrjkh
[2010.08.27 00:08:45 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Windows
[2010.08.27 00:08:44 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Windows Server
[2010.08.27 00:08:11 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\C57572CD1FEB9F1B2EAB4009BCD77F4C
[2010.08.24 15:26:34 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\HDRVersuche
[2010.08.24 15:22:02 | 000,000,000 | ---D | C] -- C:\Users\***\LuminanceHDR
[2010.08.24 15:21:53 | 000,000,000 | ---D | C] -- C:\Program Files\Luminance HDR
[2010.08.24 15:19:15 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\luminance-hdr_2.0.0
[2010.08.23 16:05:22 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\Rakaa -- Crown Of Thorns [Decon, 2010]
[2010.08.17 13:02:37 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\Marvin und Ball
[2010.08.11 21:17:35 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\(Ambient, Electronic) Clubroot - II - MMX - 2010, MP3, 320 kbps [mikkisays.net]
[2010.08.03 18:35:04 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\DPP Tutorial
[2010.07.30 01:03:26 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\ISL
[2010.07.30 01:02:55 | 000,000,000 | ---D | C] -- C:\Program Files\ISL
[2010.07.30 01:00:39 | 000,000,000 | ---D | C] -- C:\Windows\Downloaded Installations
[2008.07.23 01:56:59 | 000,176,128 | ---- | C] ( ) -- C:\Windows\System32\csnp2uvc.dll
[2007.01.24 05:08:39 | 000,005,632 | ---- | C] ( ) -- C:\Windows\System32\drivers\kbfiltr.sys
 
========== Files - Modified Within 30 Days ==========
 
[2010.08.27 16:25:43 | 002,097,152 | -HS- | M] () -- C:\Users\***\NTUSER.DAT
[2010.08.27 16:22:13 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
[2010.08.27 16:12:29 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010.08.27 16:12:29 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010.08.27 16:12:25 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010.08.27 16:12:20 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.08.27 16:12:18 | 3212,042,240 | -HS- | M] () -- C:\hiberfil.sys
[2010.08.27 16:11:28 | 000,524,288 | -HS- | M] () -- C:\Users\Hänz\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regtrans-ms
[2010.08.27 16:11:28 | 000,065,536 | -HS- | M] () -- C:\Users\Hänz\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2010.08.27 16:11:27 | 001,457,229 | -H-- | M] () -- C:\Users\Hänz\AppData\Local\IconCache.db
[2010.08.27 16:11:05 | 000,154,112 | ---- | M] () -- C:\Users\Hänz\hostcacheadm.exe
[2010.08.27 16:00:27 | 000,045,056 | ---- | M] () -- C:\Windows\System32\acovcnt.exe
[2010.08.27 15:37:58 | 000,000,680 | ---- | M] () -- C:\Users\Hänz\AppData\Local\d3d9caps.dat
[2010.08.27 14:46:36 | 000,000,825 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.08.27 13:48:10 | 006,153,648 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Users\Hänz\Desktop\mbam-setup.exe
[2010.08.27 13:42:58 | 000,363,520 | ---- | M] () -- C:\Users\Hänz\Desktop\rkill.com
[2010.08.26 23:58:57 | 003,835,678 | ---- | M] () -- C:\Users\Hänz\Desktop\Erdmöbel - Nah bei dir.mp3
[2010.08.26 15:51:26 | 002,571,776 | ---- | M] () -- C:\Users\Hänz\Desktop\100825_Nowbakht_6_Korrekturen von Hänz Kapitel 4_26_08_2010.doc
[2010.08.26 15:30:23 | 000,000,416 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{F98472F7-C93A-43A1-A35B-ABC61E9D366F}.job
[2010.08.26 14:35:57 | 000,028,672 | ---- | M] () -- C:\Users\Hänz\Desktop\MZ Geigle Sandbaumhüter.doc
[2010.08.26 11:46:01 | 000,163,987 | ---- | M] () -- C:\Users\Hänz\.recently-used.xbel
[2010.08.24 15:21:58 | 000,000,789 | ---- | M] () -- C:\Users\Public\Desktop\Luminance HDR.lnk
[2010.08.24 15:18:51 | 002,450,689 | ---- | M] () -- C:\Users\Hänz\Desktop\luminance-hdr_2.0.0.tar.gz
[2010.08.24 01:42:50 | 000,070,144 | ---- | M] () -- C:\Users\Hänz\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.08.23 16:09:37 | 109,940,472 | ---- | M] () -- C:\Users\Hänz\Desktop\Mit -- Nanonotes [V2, 2010].zip
[2010.08.23 16:08:45 | 067,260,254 | ---- | M] () -- C:\Users\Hänz\Desktop\Matthew Dear -- Black City [Ghostly, 2010].zip
[2010.08.23 16:04:55 | 101,569,962 | ---- | M] () -- C:\Users\Hänz\Desktop\Oriol -- Night And Day [Planet Mu, 2010].zip
[2010.08.23 15:58:37 | 000,107,697 | ---- | M] () -- C:\Users\Hänz\Desktop\Ernst-Moritz-Arndt-Universi....pdf
[2010.08.23 12:40:55 | 000,108,013 | ---- | M] () -- C:\Users\Hänz\Desktop\PR Den Haag D 15. September oder 1. Oktober 2010.pdf
[2010.08.16 18:27:40 | 001,418,806 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010.08.16 18:27:40 | 000,618,442 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2010.08.16 18:27:40 | 000,587,178 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010.08.16 18:27:40 | 000,122,842 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2010.08.16 18:27:40 | 000,101,250 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010.08.03 20:08:34 | 000,000,944 | ---- | M] () -- C:\Users\Public\Desktop\Digital Photo Professional.lnk
[2010.07.29 15:54:14 | 000,524,288 | -HS- | M] () -- C:\Users\Hänz\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
 
========== Files Created - No Company Name ==========
 
[2010.08.27 16:11:05 | 000,154,112 | ---- | C] () -- C:\Users\Hänz\hostcacheadm.exe
[2010.08.27 16:00:01 | 3212,042,240 | -HS- | C] () -- C:\hiberfil.sys
[2010.08.27 13:49:53 | 000,000,825 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.08.27 13:42:57 | 000,363,520 | ---- | C] () -- C:\Users\Hänz\Desktop\rkill.com
[2010.08.27 00:48:02 | 000,000,680 | ---- | C] () -- C:\Users\Hänz\AppData\Local\d3d9caps.dat
[2010.08.26 23:58:34 | 003,835,678 | ---- | C] () -- C:\Users\Hänz\Desktop\Erdmöbel - Nah bei dir.mp3
[2010.08.26 15:51:25 | 002,571,776 | ---- | C] () -- C:\Users\Hänz\Desktop\100825_Nowbakht_6_Korrekturen von Hänz Kapitel 4_26_08_2010.doc
[2010.08.26 14:12:47 | 000,028,672 | ---- | C] () -- C:\Users\Hänz\Desktop\MZ Geigle Sandbaumhüter.doc
[2010.08.26 11:46:01 | 000,163,987 | ---- | C] () -- C:\Users\Hänz\.recently-used.xbel
[2010.08.24 15:21:58 | 000,000,789 | ---- | C] () -- C:\Users\Public\Desktop\Luminance HDR.lnk
[2010.08.24 15:18:50 | 002,450,689 | ---- | C] () -- C:\Users\Hänz\Desktop\luminance-hdr_2.0.0.tar.gz
[2010.08.23 16:05:15 | 067,260,254 | ---- | C] () -- C:\Users\Hänz\Desktop\Matthew Dear -- Black City [Ghostly, 2010].zip
[2010.08.23 16:05:09 | 109,940,472 | ---- | C] () -- C:\Users\Hänz\Desktop\Mit -- Nanonotes [V2, 2010].zip
[2010.08.23 16:00:31 | 101,569,962 | ---- | C] () -- C:\Users\Hänz\Desktop\Oriol -- Night And Day [Planet Mu, 2010].zip
[2010.08.23 15:58:36 | 000,107,697 | ---- | C] () -- C:\Users\Hänz\Desktop\Ernst-Moritz-Arndt-Universi....pdf
[2010.08.23 12:40:55 | 000,108,013 | ---- | C] () -- C:\Users\Hänz\Desktop\PR Den Haag D 15. September oder 1. Oktober 2010.pdf
[2010.07.13 18:08:45 | 000,004,096 | -H-- | C] () -- C:\Users\Hänz\AppData\Local\keyfile3.drm
[2010.02.11 13:19:37 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll
[2010.02.06 12:37:11 | 000,000,055 | ---- | C] () -- C:\Windows\cryavitowmv.ini
[2009.07.15 17:22:18 | 000,000,034 | ---- | C] () -- C:\Windows\cdplayer.ini
[2009.07.14 09:27:15 | 000,070,144 | ---- | C] () -- C:\Users\Hänz\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.07.10 13:14:16 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
[2009.07.09 16:48:42 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009.07.09 15:05:01 | 000,554,496 | ---- | C] () -- C:\Windows\System32\dvmsg.dll
[2009.02.24 05:11:42 | 000,140,288 | ---- | C] () -- C:\Windows\System32\igfxtvcx.dll
[2009.02.24 04:57:52 | 000,012,288 | ---- | C] () -- C:\Windows\impborl.dll
[2008.08.29 14:58:26 | 000,197,408 | ---- | C] () -- C:\Windows\System32\vpnapi.dll
[2008.07.23 01:59:59 | 001,772,544 | ---- | C] () -- C:\Windows\System32\drivers\snp2uvc.sys
[2008.07.23 01:57:59 | 000,015,497 | ---- | C] () -- C:\Windows\snp2uvc.ini
[2008.07.23 01:56:59 | 000,028,160 | ---- | C] () -- C:\Windows\System32\drivers\sncduvc.sys
[2008.04.16 12:43:39 | 000,000,010 | ---- | C] () -- C:\Windows\System32\ABLKSR.ini
[2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.03.08 12:57:59 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2003.02.20 17:53:42 | 000,005,702 | ---- | C] () -- C:\Windows\System32\OUTLPERF.INI
[2002.08.31 07:00:00 | 000,001,770 | -H-- | C] () -- C:\Windows\System32\msisl$.dll
< End of report >
--- --- ---


...und hier die zweite log-File:OTL EXTRAS Logfile:
Code:
OTL Extras logfile created on: 27.08.2010 16:24:06 - Run 1
OTL by OldTimer - Version 3.2.10.0    Folder = C:\Users\Hänz\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 62,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 82,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 116,44 Gb Total Space | 21,82 Gb Free Space | 18,74% Space Free | Partition Type: NTFS
Drive D: | 106,68 Gb Total Space | 2,33 Gb Free Space | 2,18% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
Drive F: | 7,40 Gb Total Space | 6,34 Gb Free Space | 85,67% Space Free | Partition Type: FAT32
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: HÄNZ-PC
Current User Name: Hänz
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [Digital Photo Professional] -- C:\Program Files\Canon\Digital Photo Professional\DPPViewer.exe /path "%1" (CANON INC.)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02A24FD3-63BA-473D-9E1F-6DEE7FA6D6B3}" = protocol=17 | dir=in | app=c:\program files\tobit radio.fx\server\rfx-server.exe |
"{12D83608-9499-4D25-B82D-C2A2272984AD}" = protocol=6 | dir=in | app=c:\users\hänz\appdata\roaming\dropbox\bin\dropbox.exe |
"{3E829DBA-3451-4C0B-904D-AF2EC93DA4B4}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{5F1A3EE9-5DA9-40EF-9FD1-E430C5AEEBAA}" = protocol=6 | dir=in | app=c:\program files\tobit radio.fx\server\rfx-server.exe |
"{8E1D4E5B-6544-4B36-96F4-E5FCF81B3D14}" = protocol=17 | dir=in | app=c:\users\hänz\appdata\roaming\dropbox\bin\dropbox.exe |
"{8EEA962B-64D2-4825-AC5E-AA785A8BF3FC}" = protocol=17 | dir=in | app=d:\tobit clipinc\player\clipinc-player.exe |
"{95538F67-CE87-424F-A8BE-14E0D8AD2AFF}" = protocol=17 | dir=in | app=c:\program files\tobit radio.fx\client\rfx-client.exe |
"{99C01370-2B8B-445B-BE8A-23E5476FB364}" = protocol=6 | dir=in | app=d:\tobit clipinc\player\clipinc-player.exe |
"{AE46B3AC-86EC-4CCE-AB30-16229870D5B6}" = protocol=6 | dir=in | app=c:\program files\tobit radio.fx\client\rfx-client.exe |
"{B5AD102A-4F1E-4741-9C1D-C332FB3CAE76}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{BF97F3B6-734B-40C7-A850-760A5912E769}" = protocol=17 | dir=in | app=d:\tobit clipinc\server\clipinc-server.exe |
"{C01EFC9C-D178-4B1E-A5E9-C29280D544D1}" = protocol=6 | dir=in | app=d:\tobit clipinc\server\clipinc-server.exe |
"{CD2670B6-71BA-40F7-B855-0BF399CD4D61}" = protocol=6 | dir=in | app=d:\tobit clipinc\player\radiorecorder.exe |
"{E0C385FA-BA8E-449B-A72E-5B040C348D52}" = protocol=17 | dir=in | app=d:\tobit clipinc\player\radiorecorder.exe |
"{FC7783CF-3C7E-4830-838F-F8E25424C099}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"TCP Query User{608F1311-9097-431F-8E68-6E771070BBC1}C:\program files\zattoo\zattood.exe" = protocol=6 | dir=in | app=c:\program files\zattoo\zattood.exe |
"TCP Query User{90467992-E63B-43BC-B991-77F5D8B63EFF}C:\program files\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files\videolan\vlc\vlc.exe |
"TCP Query User{AA713469-2D09-4011-821C-631348A8C48D}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{21D590A2-E299-44D3-BE86-02E450F778A8}C:\program files\zattoo\zattood.exe" = protocol=17 | dir=in | app=c:\program files\zattoo\zattood.exe |
"UDP Query User{ADE99BA1-BDE6-4D89-9D3E-BF4B590447C4}C:\program files\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files\videolan\vlc\vlc.exe |
"UDP Query User{F7D27824-49B3-4036-AD36-860EE7A08CD4}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{0969AF05-4FF6-4C00-9406-43599238DE0D}" = ASUS Splendid Video Enhancement Technology
"{0E7DBD52-B097-4F2B-A7C7-F105B0D20FDB}" = LightScribe System Software  1.14.17.1
"{1C8521E5-5A7B-4A4E-A9CD-AD53116EAEE0}" = ASUS Data Security Manager
"{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}" = ASUS LifeFrame3
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java(TM) 6 Update 17
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Client Installation Program
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"{415B2719-AD3A-4944-B404-C472DB6085B3}" = Cisco EAP-FAST Module
"{51FB15F4-AD27-43BC-AD4B-DD0354FB6BBD}" = Cisco Systems VPN Client 5.0.04.0300
"{5791B7D3-8B34-4218-9750-6A8E45D0AD32}" = pdfforge Toolbar v1.1.2
"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.55.03
"{5C1DB4ED-E9B4-402D-BB14-D75D97D6C1A6}" = ATKOSD2
"{62CF8923-31DC-4285-A23C-17CE5AA6A679}" = Express Gate
"{64452561-169F-4A36-A2FF-B5E118EC65F5}" = ASUS SmartLogon
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{669C7BD8-DAA2-49B6-966C-F1E2AAE6B17E}" = Cisco PEAP Module
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{7020FC34-6E04-4858-924D-354B28CB2402}_is1" = Luminance HDR 2.0.0
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7C05592D-424B-46CB-B505-E0013E8E75C9}" = ATK Hotkey
"{80557F5B-A54A-4700-8E19-8E4DA16508A5}" = SILKYPIX Developer Studio 3.0G
"{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator
"{83770D14-21B9-44B3-8689-F7B523F94560}" = Cisco LEAP Module
"{83F73CB1-7705-49D1-9852-84D839CA2A45}" = Wireless Console 2
"{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}" = ASUS Power4Gear Hybrid
"{9D48531D-2135-49FC-BC29-ACCDA5396A76}" = ASUS MultiFrame
"{A4D7B764-4140-11D4-88EB-0050DA3579C0}" = Nero - Burning Rom
"{AC76BA86-7AD7-1031-7B44-A81200000003}" = Adobe Reader 8.1.2 - Deutsch
"{AE46ABD3-D625-467F-B5A7-8D3FFF077F0D}" = Realtek 8139 and 8139C+ Ethernet Network Card Driver for Windows Vista
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D3D54F3E-C5C3-443D-978F-87A72E5616E8}" = ATK Generic Function Service
"{DC905847-D537-427F-BF91-47CC7ACCDE58}" = ASUS FancyStart
"{DE10AB76-4756-4913-BE25-55D1C1051F9A}" = WinFlash
"{E657B243-9AD4-4ECC-BE81-4CCF8D667FD0}" = ASUS Live Update
"{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}" = ASUS Virtual Camera
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Asus_Camera_ScreenSaver" = Asus_Camera_ScreenSaver
"Audacity_is1" = Audacity 1.2.6
"Audiograbber" = Audiograbber 1.83 SE
"Audiograbber-Lame" = Audiograbber Lame-MP3-Plugin
"AVI To WMV Converter_is1" = AVI To WMV Converter 1.00
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"DPP" = Canon Utilities Digital Photo Professional 3.8
"EOS Utility" = Canon Utilities EOS Utility
"Google Desktop" = Google Desktop
"GPL Ghostscript 8.70" = GPL Ghostscript 8.70
"GSview 4.9" = GSview 4.9
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"InstallShield_{80557F5B-A54A-4700-8E19-8E4DA16508A5}" = SILKYPIX Developer Studio 3.0G
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MozBackup" = MozBackup 1.4.9
"Mozilla Firefox (3.5)" = Mozilla Firefox (3.5)
"Mozilla Thunderbird (2.0.0.24)" = Mozilla Thunderbird (2.0.0.24)
"Neat Image_is1" = Neat Image v6 Demo (with plug-in)
"PhotoStitch" = Canon Utilities PhotoStitch
"Picasa2" = Picasa 2
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TBBackup (Testversion)_is1" = TBBackup - Thunderbird Datensicherung (Testversion)
"Tobit ClipInc Server" = WDR RadioRecorder
"Tobit Radio.fx Server 1" = WDR RadioRecorder
"TVWiz" = Intel(R) TV Wizard
"USB 2.0 UVC 1.3M WebCam" = USB 2.0 UVC 1.3M WebCam
"VLC media player" = VLC media player 1.0.0
"WinGimp-2.0_is1" = GIMP 2.6.7
"WinRAR archiver" = WinRAR
"Zattoo" = Zattoo 3.3.4 Beta
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"uTorrent" = µTorrent
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 20.08.2010 19:34:57 | Computer Name = Hänz-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
 
Error - 20.08.2010 19:36:01 | Computer Name = Hänz-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 20.08.2010 19:40:00 | Computer Name = Hänz-PC | Source = Application Hang | ID = 1002
Description = Programm Explorer.EXE, Version 6.0.6001.18164 arbeitet nicht mehr
mit Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet
 "Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen
über das Problem zu suchen.  Prozess-ID: 6c4  Anfangszeit: 01cb40c03922d311  Zeitpunkt
 der Beendigung: 97
 
Error - 21.08.2010 07:02:21 | Computer Name = Hänz-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
 
Error - 21.08.2010 07:03:29 | Computer Name = Hänz-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 21.08.2010 19:07:04 | Computer Name = Hänz-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
 
Error - 21.08.2010 19:08:12 | Computer Name = Hänz-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 21.08.2010 20:11:12 | Computer Name = Hänz-PC | Source = Application Hang | ID = 1002
Description = Programm Explorer.EXE, Version 6.0.6001.18164 arbeitet nicht mehr
mit Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet
 "Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen
über das Problem zu suchen.  Prozess-ID: 660  Anfangszeit: 01cb41858138aa2c  Zeitpunkt
 der Beendigung: 93
 
Error - 22.08.2010 06:10:12 | Computer Name = Hänz-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
 
Error - 22.08.2010 06:11:26 | Computer Name = Hänz-PC | Source = WinMgmt | ID = 10
Description =
 
[ System Events ]
Error - 27.08.2010 08:57:16 | Computer Name = Hänz-PC | Source = Service Control Manager | ID = 7001
Description =
 
Error - 27.08.2010 08:57:16 | Computer Name = Hänz-PC | Source = Service Control Manager | ID = 7026
Description =
 
Error - 27.08.2010 08:57:16 | Computer Name = Hänz-PC | Source = Service Control Manager | ID = 7001
Description =
 
Error - 27.08.2010 08:57:16 | Computer Name = Hänz-PC | Source = Service Control Manager | ID = 7001
Description =
 
Error - 27.08.2010 08:57:16 | Computer Name = Hänz-PC | Source = Service Control Manager | ID = 7001
Description =
 
Error - 27.08.2010 08:57:16 | Computer Name = Hänz-PC | Source = Service Control Manager | ID = 7001
Description =
 
Error - 27.08.2010 10:00:06 | Computer Name = Hänz-PC | Source = HTTP | ID = 15016
Description =
 
Error - 27.08.2010 10:00:46 | Computer Name = Hänz-PC | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001
Description =
 
Error - 27.08.2010 10:12:25 | Computer Name = Hänz-PC | Source = HTTP | ID = 15016
Description =
 
Error - 27.08.2010 10:13:01 | Computer Name = Hänz-PC | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001
Description =
 
 
< End of report >
--- --- ---

UPDATE:

...also, ich habe jetzt nochmal einen vollständigen Scan mit Malwarebytes ausprobiert, aber keine Chance - das Programm bleibt immer bei der "OmdProject.dll" hängen - die gehört zum Movie Maker und ist anscheinend harmlos, das Programm kann aber nicht deinstalliert werden.

Das einzige, was ich also machen kann, ist ein Quick Scan mit Malwarebytes. Das funktioniert, allerdings findet der jedes Mal, wenn ich den Scan durchführe, wieder neue infizierte Dateien.

Ein Komplettscan mit SUPERAntiSpyware hat überhaupt nicht funktioniert - Rechner hat sich aufgehängt, ging gar nichts mehr.

Beim Start von Windows erscheint immer rechts unten an der Symbolleiste ein Infofenster, in dem steht, dass einige Autostartprogramme, die für den Start eine Berechtigung brauchen, von Windows geblockt werden. Ist das auch eine Mitteilung vom Antimalware Doctor?

Bitte sagt mir, wie ich weiter vorgehen soll. Ich habe soweit alles über das Problem gelesen, was hier im Forum und auf anderen Seiten steht. Ich würde ja auch gerne auf eigene Faust versuchen, das Problem zu beheben, aber hier im Forum wird immer darauf hingewiesen, dass man unbedingt den Anweisungen der Profis folgen soll, und da ich leider nur sehr begrenzte Ahnung hab, lass ich das dann lieber.

Also, bitte helft mir irgendwie weiter!

Vielen Dank, Johannes

Ich hänge hier jetzt nochmal die log-Datei vom letzten QuickScan an:



Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 4490

Windows 6.0.6001 Service Pack 1
Internet Explorer 7.0.6001.18000

27.08.2010 19:35:52
mbam-log-2010-08-27 (19-35-52).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 134454
Laufzeit: 4 Minute(n), 59 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 2
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 1

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\*auditressvc.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\*auditressvc.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
C:\Program Files\auditressvc.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.

cosinus 27.08.2010 20:41
Beende alle Programme, starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)


Code:
:OTL
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:6522
O4 - HKCU..\RunOnce: [*hostcacheadm.exe] C:\Users\Hänz\hostcacheadm.exe ()
O33 - MountPoints2\{3f7803a7-9e31-11df-8ef7-00248c454e09}\Shell - "" = AutoRun
O33 - MountPoints2\{3f7803a7-9e31-11df-8ef7-00248c454e09}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -- File not found
O33 - MountPoints2\{b9ffb112-2e99-11df-9ea0-00248c454e09}\Shell - "" = AutoRun
O33 - MountPoints2\{b9ffb112-2e99-11df-9ea0-00248c454e09}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -- File not found
O33 - MountPoints2\{c0a31e53-a6e1-11df-9da2-00248c454e09}\Shell - "" = AutoRun
O33 - MountPoints2\{c0a31e53-a6e1-11df-9da2-00248c454e09}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -- File not found
[2010.08.27 00:09:06 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\lbmnculnq
[2010.08.27 00:09:04 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\qbvoclkep
[2010.08.27 00:08:57 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\gneocswlw
[2010.08.27 00:08:54 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\naspbrjkh
[2010.08.27 00:08:45 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Windows
[2010.08.27 00:08:44 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Windows Server
[2010.08.27 00:08:11 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\C57572CD1FEB9F1B2EAB4009BCD77F4C
[2010.08.27 16:11:05 | 000,154,112 | ---- | C] () -- C:\Users\Hänz\hostcacheadm.exe
:Commands
[purity]
[resethosts]
[emptytemp]
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

hans147 28.08.2010 15:06
Hi Arne!

Vielen Dank für deine Antwort.

ich bin wie beschrieben vorgegangen, hier das Logfile:




All processes killed
========== OTL ==========
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce\\*hostcacheadm.exe not found.
Invalid CLSID key: *hostcacheadm.exe
File C:\Users\Hänz\hostcacheadm.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3f7803a7-9e31-11df-8ef7-00248c454e09}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3f7803a7-9e31-11df-8ef7-00248c454e09}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3f7803a7-9e31-11df-8ef7-00248c454e09}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3f7803a7-9e31-11df-8ef7-00248c454e09}\ not found.
File H:\LaunchU3.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b9ffb112-2e99-11df-9ea0-00248c454e09}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b9ffb112-2e99-11df-9ea0-00248c454e09}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b9ffb112-2e99-11df-9ea0-00248c454e09}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b9ffb112-2e99-11df-9ea0-00248c454e09}\ not found.
File G:\LaunchU3.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c0a31e53-a6e1-11df-9da2-00248c454e09}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c0a31e53-a6e1-11df-9da2-00248c454e09}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c0a31e53-a6e1-11df-9da2-00248c454e09}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c0a31e53-a6e1-11df-9da2-00248c454e09}\ not found.
File G:\LaunchU3.exe not found.
Folder C:\Users\***\AppData\Local\lbmnculnq\ not found.
Folder C:\Users\***\AppData\Local\qbvoclkep\ not found.
Folder C:\Users\***\AppData\Local\gneocswlw\ not found.
Folder C:\Users\***\AppData\Local\naspbrjkh\ not found.
Folder C:\Users\***\AppData\Local\Windows\ not found.
Folder C:\Users\***\AppData\Local\Windows Server\ not found.
Folder C:\Users\***\AppData\Roaming\C57572CD1FEB9F1B2EAB4009BCD77F4C\ not found.
File C:\Users\Hänz\hostcacheadm.exe not found.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Hänz
->Temp folder emptied: 8059544 bytes
->Temporary Internet Files folder emptied: 184978 bytes
->Java cache emptied: 50187345 bytes
->FireFox cache emptied: 66371611 bytes
->Flash cache emptied: 5559 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 278470 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 119,00 mb


OTL by OldTimer - Version 3.2.10.0 log created on 08282010_155858

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

cosinus 28.08.2010 18:51
Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Lade dir ComboFix hier herunter auf deinen Desktop. Benenne es beim Runterladen um in cofi.exe.
http://saved.im/mtm0nzyzmzd5/cofi.jpg
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

hans147 28.08.2010 20:25
Hi Arne!

ComboFix ausgeführt, hier ist das logfile:

Combofix Logfile:
Code:
ComboFix 10-08-27.03 - Hänz 28.08.2010  20:37:57.1.2 - x86
Microsoft® Windows Vista™ Home Premium  6.0.6001.1.1252.49.1031.18.3062.2004 [GMT 2:00]
ausgeführt von:: c:\users\Hänz\Desktop\cofi.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\pdfforge Toolbar\SearchSettings.dll
c:\programdata\aclparsentfs.exe
c:\users\Hänz\AppData\Roaming\C57572CD1FEB9F1B2EAB4009BCD77F4C
c:\users\Hänz\AppData\Roaming\C57572CD1FEB9F1B2EAB4009BCD77F4C\enemies-names.txt
c:\users\Hänz\AppData\Roaming\C57572CD1FEB9F1B2EAB4009BCD77F4C\local.ini
c:\users\Hänz\AppData\Roaming\C57572CD1FEB9F1B2EAB4009BCD77F4C\lsrslt.ini
c:\windows\system32\Drivers\ecuqijel.sys

.
(((((((((((((((((((((((((((((((((((((((  Treiber/Dienste  )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_qffeyr


(((((((((((((((((((((((  Dateien erstellt von 2010-07-28 bis 2010-08-28  ))))))))))))))))))))))))))))))
.

2010-08-28 13:58 . 2010-08-28 13:58        --------        d-----w-        C:\_OTL
2010-08-27 16:43 . 2010-08-27 16:43        --------        d-----w-        c:\programdata\SUPERAntiSpyware.com
2010-08-27 16:43 . 2010-08-27 16:43        --------        d-----w-        c:\program files\SUPERAntiSpyware
2010-08-27 14:57 . 2010-08-27 14:57        --------        d-----w-        c:\program files\CCleaner
2010-08-27 11:49 . 2010-04-29 10:19        38224        ----a-w-        c:\windows\system32\drivers\mbamswissarmy.sys
2010-08-27 11:49 . 2010-08-27 11:49        --------        d-----w-        c:\programdata\Malwarebytes
2010-08-27 11:49 . 2010-04-29 10:19        20952        ----a-w-        c:\windows\system32\drivers\mbam.sys
2010-08-27 11:49 . 2010-08-27 12:46        --------        d-----w-        c:\program files\Malwarebytes' Anti-Malware

.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-28 19:07 . 2009-02-24 03:11        45056        ----a-w-        c:\windows\system32\acovcnt.exe
2010-08-28 18:58 . 2010-02-11 11:19        --------        d-----w-        c:\program files\pdfforge Toolbar
2010-08-28 18:12 . 2010-08-28 18:12        362        ----a-w-        c:\windows\Fonts\moidvkoa
2010-08-27 15:20 . 2009-02-24 00:54        --------        d--h--w-        c:\program files\InstallShield Installation Information
2010-08-16 16:27 . 2008-04-16 11:11        618442        ----a-w-        c:\windows\system32\perfh007.dat
2010-08-16 16:27 . 2008-04-16 11:11        122842        ----a-w-        c:\windows\system32\perfc007.dat
2010-08-03 18:08 . 2010-07-27 18:40        --------        d-----w-        c:\program files\Canon
2010-08-03 18:06 . 2010-07-27 18:38        --------        d-----w-        c:\program files\Common Files\Canon
2010-07-19 08:49 . 2010-07-19 08:49        --------        d-----w-        c:\program files\Common Files\Skype
2010-07-08 21:23 . 2009-07-09 08:08        119808        ----a-w-        c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.

((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1]
@="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}"
[HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}]
2007-06-02 01:08        143360        ----a-w-        c:\program files\ASUS\ASUS Data Security Manager\OverlayIconShlExt1.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19        94208        ----a-w-        c:\users\Hänz\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19        94208        ----a-w-        c:\users\Hänz\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19        94208        ----a-w-        c:\users\Hänz\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"CLMLServer"="c:\program files\CyberLink\Power2Go\CLMLSvc.exe" [2008-07-19 104936]
"P2Go_Menu"="c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216]
"HControlUser"="c:\program files\ASUS\ATK Hotkey\HControlUser.exe" [2008-01-12 98304]
"ADSMTray"="c:\program files\ASUS\ASUS Data Security Manager\ADSMTray.exe" [2008-04-01 266240]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-11-20 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-11-20 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-11-20 150552]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2008-12-23 6707744]
"ASUS Camera ScreenSaver"="c:\windows\ASScrProlog.exe" [2009-02-24 37232]
"ASUS Screen Saver Protector"="c:\windows\ASScrPro.exe" [2009-02-24 33136]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-12-05 1029416]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2010-01-06 149280]
"SearchSettings"="c:\program files\pdfforge Toolbar\SearchSettings.exe" [2010-01-08 974848]
"PDFPrint"="c:\program files\pdf24\pdf24.exe" [2010-03-11 208528]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-04-29 1090952]

c:\users\H„nz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\H„nz\AppData\Roaming\Dropbox\bin\Dropbox.exe [2010-2-26 21979992]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
VPN Client.lnk - c:\windows\Installer\{51FB15F4-AD27-43BC-AD4B-DD0354FB6BBD}\Icon3E5562ED7.ico [2009-12-15 6144]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^FancyStart daemon.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\FancyStart daemon.lnk
backup=c:\windows\pss\FancyStart daemon.lnk.CommonStartup
backupExtension=.CommonStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-01-11 20:16        39792        ----a-w-        c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATKOSD2]
2007-10-18 03:04        7737344        ----a-w-        c:\program files\ATKOSD2\ATKOSD2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]
2008-01-21 02:25        125952        ----a-w-        c:\windows\ehome\ehtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
2010-07-08 21:23        30192        ----a-w-        c:\program files\Google\Google Desktop Search\GoogleDesktop.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]
2003-09-10 09:07        155648        ----a-w-        c:\windows\System32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2008-01-21 02:25        202240        ----a-w-        c:\program files\Windows Media Player\wmpnscfg.exe

R3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2010-07-08 30192]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-17 12872]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2010-05-10 67656]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2009-05-13 108289]
S2 Application Updater;Application Updater;c:\program files\Application Updater\ApplicationUpdater.exe [2010-01-07 380928]
S2 ClipInc001;ClipInc 001;d:\tobit clipinc\Server\ClipInc-Server.exe 001 [x]
S2 Radio.fx;Radio.fx Server;c:\program files\Tobit Radio.fx\Server\rfx-server.exe [2010-02-24 2426120]


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-06-09 18:14        451872        ----a-w-        c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Inhalt des "geplante Tasks" Ordners

2010-08-28 c:\windows\Tasks\User_Feed_Synchronization-{F98472F7-C93A-43A1-A35B-ABC61E9D366F}.job
- c:\windows\system32\msfeedssync.exe [2008-01-21 02:24]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.com/ig/redirectdomain?brand=ASUS&bmod=ASUS
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=ASUS&bmod=ASUS
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: {2E2C3808-3073-4DF4-BFDB-70C19B9EBAEC} = 212.7.148.97,8.8.8.8,145.253.2.171,217.5.100.185
FF - ProfilePath - c:\users\Hänz\AppData\Roaming\Mozilla\Firefox\Profiles\uorrjzqe.default\
FF - prefs.js: browser.startup.homepage - www.tagesschau.de
FF - component: c:\program files\Mozilla Firefox\components\GoogleDesktopMozilla.dll
FF - component: c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\components\SkypeFfComponent.dll
FF - component: c:\program files\pdfforge Toolbar\FF\components\pdfforgeToolbarFF.dll
FF - component: c:\program files\pdfforge Toolbar\SSFF\components\SearchSettingsFF.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Picasa2\npPicasa2.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2010-08-28 21:08
Windows 6.0.6001 Service Pack 1 NTFS

Scanne versteckte Prozesse...

Scanne versteckte Autostarteinträge...

Scanne versteckte Dateien...


c:\windows\TEMP\TMP0000000A2E281406B49674C3 524288 bytes
C:\ADSM_PData_0150

Scan erfolgreich abgeschlossen
versteckte Dateien: 2

**************************************************************************
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------

- - - - - - - > 'Explorer.exe'(3812)
c:\program files\ASUS\ASUS Data Security Manager\OverlayIconShlExt.dll
c:\program files\ASUS\ASUS Data Security Manager\OverlayIconShlExt1.dll
c:\users\Hänz\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files\ASUS\ASUS Data Security Manager\ADSMSrv.exe
c:\program files\ASUS\ATK Hotkey\ASLDRSrv.exe
c:\program files\ATKGFNEX\GFNEXSrv.exe
c:\windows\system32\WLANExt.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
d:\tobit clipinc\Server\ClipInc-Server.exe
c:\program files\Cisco Systems\VPN Client\cvpnd.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\ASUS\SmartLogon\sensorsrv.exe
c:\program files\P4G\BatteryLife.exe
c:\program files\ASUS\ATK Hotkey\MsgTranAgt.exe
c:\program files\ASUS\ATK Hotkey\HControl.exe
c:\program files\ASUS\Splendid\ACMON.exe
c:\program files\Wireless Console 2\wcourier.exe
c:\windows\System32\ACEngSvr.exe
c:\program files\ASUS\ATK Hotkey\ATKOSD.exe
c:\program files\ASUS\ATK Hotkey\KBFiltr.exe
c:\program files\ASUS\ATK Hotkey\WDC.exe
c:\windows\servicing\TrustedInstaller.exe
c:\windows\system32\conime.exe
c:\windows\system32\igfxsrvc.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2010-08-28  21:14:00 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2010-08-28 19:13

Vor Suchlauf: 8 Verzeichnis(se), 26.816.278.528 Bytes frei
Nach Suchlauf: 14 Verzeichnis(se), 26.459.070.464 Bytes frei

- - End Of File - - 8BC4516225618CCEF53F189A880ABB35
--- --- ---

cosinus 29.08.2010 19:55
Combofix - Scripten

1. Starte das Notepad (Start / Ausführen / notepad[Enter])

2. Jetzt füge mit copy/paste den ganzen Inhalt der untenstehenden Codebox in das Notepad Fenster ein.

Code:
Filelook::
c:\windows\system32\acovcnt.exe
c:\windows\Fonts\moidvkoa
3. Speichere im Notepad als CFScript.txt auf dem Desktop.

4. Deaktivere den Guard Deines Antivirenprogramms und eine eventuell vorhandene Software Firewall.
(Auch Guards von Ad-, Spyware Programmen und den Tea Timer (wenn vorhanden) !)

5. Dann ziehe die CFScript.txt auf die cofi.exe, so wie es im unteren Bild zu sehen ist. Damit wird Combofix neu gestartet.

http://users.pandora.be/bluepatchy/m...s/CFScript.gif

6. Nach dem Neustart (es wird gefragt ob Du neustarten willst), poste bitte die folgenden Log Dateien:
Combofix.txt

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

hans147 29.08.2010 20:46
Hi Arne!

Es wurde nicht gefragt, ob ich neu starten wollte, und der Rechner hat auch erst gar nicht reagiert, aber nach einer Weile (ca. 10 min.) hat er dann doch den Neustart durchgeführt.

Hier ist die combofix.txt:

Combofix Logfile:
Code:
ComboFix 10-08-28.02 - Hänz 29.08.2010  21:09:46.2.2 - x86
Microsoft® Windows Vista™ Home Premium  6.0.6001.1.1252.49.1031.18.3062.1774 [GMT 2:00]
ausgeführt von:: c:\users\Hänz\Desktop\cofi.exe
Benutzte Befehlsschalter :: c:\users\Hänz\Desktop\CFScript.txt
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

(((((((((((((((((((((((  Dateien erstellt von 2010-07-28 bis 2010-08-29  ))))))))))))))))))))))))))))))
.

2010-08-29 19:30 . 2010-08-29 19:30        --------        d-----w-        c:\users\Public\AppData\Local\temp
2010-08-29 19:30 . 2010-08-29 19:30        --------        d-----w-        c:\users\Default\AppData\Local\temp
2010-08-28 13:58 . 2010-08-28 13:58        --------        d-----w-        C:\_OTL
2010-08-27 16:43 . 2010-08-27 16:43        --------        d-----w-        c:\programdata\SUPERAntiSpyware.com
2010-08-27 16:43 . 2010-08-27 16:43        --------        d-----w-        c:\program files\SUPERAntiSpyware
2010-08-27 14:57 . 2010-08-27 14:57        --------        d-----w-        c:\program files\CCleaner
2010-08-27 11:49 . 2010-04-29 10:19        38224        ----a-w-        c:\windows\system32\drivers\mbamswissarmy.sys
2010-08-27 11:49 . 2010-08-27 11:49        --------        d-----w-        c:\programdata\Malwarebytes
2010-08-27 11:49 . 2010-04-29 10:19        20952        ----a-w-        c:\windows\system32\drivers\mbam.sys
2010-08-27 11:49 . 2010-08-27 12:46        --------        d-----w-        c:\program files\Malwarebytes' Anti-Malware

.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-29 00:48 . 2009-02-24 03:11        45056        ----a-w-        c:\windows\system32\acovcnt.exe
2010-08-28 18:58 . 2010-02-11 11:19        --------        d-----w-        c:\program files\pdfforge Toolbar
2010-08-28 18:12 . 2010-08-28 18:12        362        ----a-w-        c:\windows\Fonts\moidvkoa
2010-08-27 15:20 . 2009-02-24 00:54        --------        d--h--w-        c:\program files\InstallShield Installation Information
2010-08-16 16:27 . 2008-04-16 11:11        618442        ----a-w-        c:\windows\system32\perfh007.dat
2010-08-16 16:27 . 2008-04-16 11:11        122842        ----a-w-        c:\windows\system32\perfc007.dat
2010-08-03 18:08 . 2010-07-27 18:40        --------        d-----w-        c:\program files\Canon
2010-08-03 18:06 . 2010-07-27 18:38        --------        d-----w-        c:\program files\Common Files\Canon
2010-07-19 08:49 . 2010-07-19 08:49        --------        d-----w-        c:\program files\Common Files\Skype
2010-07-08 21:23 . 2009-07-09 08:08        119808        ----a-w-        c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.

((((((((((((((((((((((((((((((((((((((((((((  Look  )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

--- c:\windows\Fonts\moidvkoa ---
Company: ------
File Description: ------
File Version: ------
Product Name: ------
Copyright: ------
Original Filename: ------
File size: 362
Created time: 2010-08-28 18:12
Modified time: 2010-08-28 18:12
MD5: E0338178DCB60F1A876B0DEA12624B9C
SHA1: 8E405F11392B422F7EA8E6F1851378394082AD76


--- c:\windows\system32\acovcnt.exe ---
Company: ------
File Description: ------
File Version: ------
Product Name: ------
Copyright: ------
Original Filename: ------
File size: 45056
Created time: 2009-02-24 03:11
Modified time: 2010-08-29 00:48
MD5: 6BCAF46E2B7FA9ACE92B4D39F3037C5C
SHA1: 6D5A81E3CF59832D73F28D6E87F51D073C3E4095


((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1]
@="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}"
[HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}]
2007-06-02 01:08        143360        ----a-w-        c:\program files\ASUS\ASUS Data Security Manager\OverlayIconShlExt1.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19        94208        ----a-w-        c:\users\Hänz\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19        94208        ----a-w-        c:\users\Hänz\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19        94208        ----a-w-        c:\users\Hänz\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"CLMLServer"="c:\program files\CyberLink\Power2Go\CLMLSvc.exe" [2008-07-19 104936]
"P2Go_Menu"="c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216]
"HControlUser"="c:\program files\ASUS\ATK Hotkey\HControlUser.exe" [2008-01-12 98304]
"ADSMTray"="c:\program files\ASUS\ASUS Data Security Manager\ADSMTray.exe" [2008-04-01 266240]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-11-20 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-11-20 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-11-20 150552]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2008-12-23 6707744]
"ASUS Camera ScreenSaver"="c:\windows\ASScrProlog.exe" [2009-02-24 37232]
"ASUS Screen Saver Protector"="c:\windows\ASScrPro.exe" [2009-02-24 33136]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-12-05 1029416]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2010-01-06 149280]
"SearchSettings"="c:\program files\pdfforge Toolbar\SearchSettings.exe" [2010-01-08 974848]
"PDFPrint"="c:\program files\pdf24\pdf24.exe" [2010-03-11 208528]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-04-29 1090952]

c:\users\H„nz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\H„nz\AppData\Roaming\Dropbox\bin\Dropbox.exe [2010-2-26 21979992]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
VPN Client.lnk - c:\windows\Installer\{51FB15F4-AD27-43BC-AD4B-DD0354FB6BBD}\Icon3E5562ED7.ico [2009-12-15 6144]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^FancyStart daemon.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\FancyStart daemon.lnk
backup=c:\windows\pss\FancyStart daemon.lnk.CommonStartup
backupExtension=.CommonStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-01-11 20:16        39792        ----a-w-        c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATKOSD2]
2007-10-18 03:04        7737344        ----a-w-        c:\program files\ATKOSD2\ATKOSD2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]
2008-01-21 02:25        125952        ----a-w-        c:\windows\ehome\ehtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
2010-07-08 21:23        30192        ----a-w-        c:\program files\Google\Google Desktop Search\GoogleDesktop.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]
2003-09-10 09:07        155648        ----a-w-        c:\windows\System32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2008-01-21 02:25        202240        ----a-w-        c:\program files\Windows Media Player\wmpnscfg.exe

R3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2010-07-08 30192]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-17 12872]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2010-05-10 67656]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2009-05-13 108289]
S2 Application Updater;Application Updater;c:\program files\Application Updater\ApplicationUpdater.exe [2010-01-07 380928]
S2 ClipInc001;ClipInc 001;d:\tobit clipinc\Server\ClipInc-Server.exe 001 [x]
S2 Radio.fx;Radio.fx Server;c:\program files\Tobit Radio.fx\Server\rfx-server.exe [2010-02-24 2426120]


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-06-09 18:14        451872        ----a-w-        c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Inhalt des "geplante Tasks" Ordners

2010-08-29 c:\windows\Tasks\User_Feed_Synchronization-{F98472F7-C93A-43A1-A35B-ABC61E9D366F}.job
- c:\windows\system32\msfeedssync.exe [2008-01-21 02:24]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.com/ig/redirectdomain?brand=ASUS&bmod=ASUS
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=ASUS&bmod=ASUS
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: {2E2C3808-3073-4DF4-BFDB-70C19B9EBAEC} = 212.7.148.97,8.8.8.8,145.253.2.171,217.5.100.185
FF - ProfilePath - c:\users\Hänz\AppData\Roaming\Mozilla\Firefox\Profiles\uorrjzqe.default\
FF - prefs.js: browser.startup.homepage - www.tagesschau.de
FF - component: c:\program files\Mozilla Firefox\components\GoogleDesktopMozilla.dll
FF - component: c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\components\SkypeFfComponent.dll
FF - component: c:\program files\pdfforge Toolbar\FF\components\pdfforgeToolbarFF.dll
FF - component: c:\program files\pdfforge Toolbar\SSFF\components\SearchSettingsFF.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Picasa2\npPicasa2.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2010-08-29 21:30
Windows 6.0.6001 Service Pack 1 NTFS

Scanne versteckte Prozesse...

Scanne versteckte Autostarteinträge...

Scanne versteckte Dateien...


C:\ADSM_PData_0150

Scan erfolgreich abgeschlossen
versteckte Dateien: 1

**************************************************************************
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------

- - - - - - - > 'Explorer.exe'(5988)
c:\program files\ASUS\ASUS Data Security Manager\OverlayIconShlExt.dll
c:\program files\ASUS\ASUS Data Security Manager\OverlayIconShlExt1.dll
c:\users\Hänz\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll
.
Zeit der Fertigstellung: 2010-08-29  21:33:18
ComboFix-quarantined-files.txt  2010-08-29 19:33
ComboFix2.txt  2010-08-28 19:14

Vor Suchlauf: 13 Verzeichnis(se), 22.424.629.248 Bytes frei
Nach Suchlauf: 13 Verzeichnis(se), 22.427.738.112 Bytes frei

- - End Of File - - 73695685AA1040423E89140839EFEC26
--- --- ---

cosinus 29.08.2010 20:48
Bitte mal den Avenger anwenden:

1.) Lade Dir von hier Avenger:
Swandog46's Public Anti-Malware Tools (Download, linksseitig)

2.) Entpack das zip-Archiv, führe die Datei "avenger.exe" aus (unter Vista per Rechtsklick => als Administrator ausführen). Die Haken unten wie abgebildet setzen:

http://mitglied.lycos.de/efunction/tb123/avenger.png

3.) Kopiere Dir exakt die Zeilen aus dem folgenden Code-Feld:
Code:
files to delete:
c:\windows\system32\acovcnt.exe
c:\windows\Fonts\moidvkoa
4.) Geh in "The Avenger" nun oben auf "Load Script", dort auf "Paste from Clipboard".

5.) Der Code-Text hier aus meinem Beitrag müsste nun unter "Input Script here" in "The Avenger" zu sehen sein.

6.) Falls dem so ist, klick unten rechts auf "Execute". Bestätige die nächste Abfrage mit "Ja", die Frage zu "Reboot now" (Neustart des Systems) ebenso.

7.) Nach dem Neustart erhältst Du ein LogFile von Avenger eingeblendet. Kopiere dessen Inhalt und poste ihn hier.

8.) Die Datei c:\avenger\backup.zip bei File-Upload.net hochladen und hier verlinken

hans147 30.08.2010 11:24
Hi Arne!

Avenger wie beschrieben ausgeführt:


Logfile of The Avenger Version 2.0, (c) by Swandog46
hxxp://swandog46.geekstogo.com

Platform: Windows Vista

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!

File "c:\windows\system32\acovcnt.exe" deleted successfully.
File "c:\windows\Fonts\moidvkoa" deleted successfully.

Completed script processing.

*******************

Finished! Terminate.


Und hier der Link zur backup.zip:

hxxp://www.file-upload.net/download-2786080/backup.zip.html

cosinus 30.08.2010 11:28
Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus

Anschließend den bootkit_remover herunterladen. Entpacke das Tool in einen eigenen Ordner auf dem Desktop und führe in diesem Ordner die Datei remove.exe aus.

Wenn Du Windows Vista oder Windows 7 verwendest, musst Du die remover.exe über ein Rechtsklick => als Administrator ausführen

Ein schwarzes Fenster wird sich öffnen und automatisch nach bösartigen Veränderungen im MBR suchen.
Poste dann bitte, ob es Veränderungen gibt und wenn ja in welchem device. Am besten alles posten was die remover.exe ausgibt.

hans147 30.08.2010 12:16
GMER Logfile:
Code:
GMER 1.0.15.15281 - GMER - Rootkit Detector and Remover
Rootkit scan 2010-08-30 13:02:11
Windows 6.0.6001 Service Pack 1
Running: 3zs4wx4w.exe; Driver: C:\Users\HNZ~1\AppData\Local\Temp\kwldipow.sys


---- System - GMER 1.0.15 ----

SSDT            ABA9C71C                                                                                              ZwCreateThread
SSDT            ABA9C708                                                                                              ZwOpenProcess
SSDT            ABA9C70D                                                                                              ZwOpenThread
SSDT            ABA9C717                                                                                              ZwTerminateProcess

---- Kernel code sections - GMER 1.0.15 ----

.text          ntkrnlpa.exe!KeSetTimerEx + 454                                                                      820EFA18 4 Bytes  [1C, C7, A9, AB]
.text          ntkrnlpa.exe!KeSetTimerEx + 624                                                                      820EFBE8 4 Bytes  [08, C7, A9, AB]
.text          ntkrnlpa.exe!KeSetTimerEx + 640                                                                      820EFC04 4 Bytes  [0D, C7, A9, AB]
.text          ntkrnlpa.exe!KeSetTimerEx + 854                                                                      820EFE18 4 Bytes  [17, C7, A9, AB]
?              system32\drivers\yfhkji.sys                                                                          Das System kann den angegebenen Pfad nicht finden. !

---- User code sections - GMER 1.0.15 ----

.text          D:\Tobit ClipInc\Server\ClipInc-Server.exe[2392] kernel32.dll!SetUnhandledExceptionFilter            75FC6E2D 5 Bytes  JMP 0049E7A0 D:\Tobit ClipInc\Server\ClipInc-Server.exe
.text          C:\Program Files\Tobit Radio.fx\Server\rfx-server.exe[2604] kernel32.dll!SetUnhandledExceptionFilter  75FC6E2D 5 Bytes  JMP 0046F540 C:\Program Files\Tobit Radio.fx\Server\rfx-server.exe

---- Devices - GMER 1.0.15 ----

AttachedDevice  \FileSystem\Ntfs \Ntfs                                                                                AsDsm.sys (Data Security Manager Driver/Windows (R) Codename Longhorn DDK provider)
AttachedDevice  \Driver\kbdclass \Device\KeyboardClass0                                                              Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice  \Driver\kbdclass \Device\KeyboardClass1                                                              Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice  \FileSystem\fastfat \Fat                                                                              fltmgr.sys (Microsoft Dateisystem-Filter-Manager/Microsoft Corporation)

---- Files - GMER 1.0.15 ----

File            C:\ADSM_PData_0150                                                                                    0 bytes
File            C:\ADSM_PData_0150\DB                                                                                0 bytes
File            C:\ADSM_PData_0150\DB\SI.db                                                                          624 bytes
File            C:\ADSM_PData_0150\DB\UL.db                                                                          16 bytes
File            C:\ADSM_PData_0150\DB\VL.db                                                                          16 bytes
File            C:\ADSM_PData_0150\DB\WAL.db                                                                          2048 bytes
File            C:\ADSM_PData_0150\DB\_avt                                                                            512 bytes
File            C:\ADSM_PData_0150\DragWait.exe                                                                      315392 bytes executable
File            C:\ADSM_PData_0150\_avt                                                                              512 bytes
File            C:\Program Files\ASUS\ASUS Data Security Manager\driver\x86                                          0 bytes
File            C:\Program Files\ASUS\ASUS Data Security Manager\driver\x86\AsDsm.sys                                29752 bytes executable
File            C:\Program Files\ASUS\ASUS Data Security Manager\driver\x86\_avt                                      512 bytes

---- EOF - GMER 1.0.15 ----
--- --- ---



Der Rest kommt später!

hans147 30.08.2010 14:33
so, hier das OSAM-logfile:


OSAM Logfile:
Code:
Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 15:31:28 on 30.08.2010

OS: Windows Vista Home Premium Edition Service Pack 1 (Build 6001), 32-bit
Default Browser: Mozilla Corporation Firefox 3.5

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[AppInit DLLs]
-----( HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows )-----
"AppInit_DLLs" - "Google" - C:\PROGRA~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"ASMMAP" (ASMMAP) - ? - C:\Program Files\ATKGFNEX\ASMMAP.sys
"avgio" (avgio) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\avgio.sys
"avgntflt" (avgntflt) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avgntflt.sys
"avipbb" (avipbb) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avipbb.sys
"catchme" (catchme) - ? - C:\Users\HNZ~1\AppData\Local\Temp\catchme.sys  (File not found)
"Cisco Systems Inc. IPSec Driver" (CVPNDRVA) - "Cisco Systems, Inc." - C:\Windows\system32\Drivers\CVPNDRVA.sys
"Data Security Manager Driver" (AsDsm) - "Windows (R) Codename Longhorn DDK provider" - C:\Windows\system32\drivers\AsDsm.sys
"IP in IP Tunnel Driver" (IpInIp) - ? - C:\Windows\System32\DRIVERS\ipinip.sys  (File not found)
"IPX Traffic Filter Driver" (NwlnkFlt) - ? - C:\Windows\System32\DRIVERS\nwlnkflt.sys  (File not found)
"IPX Traffic Forwarder Driver" (NwlnkFwd) - ? - C:\Windows\System32\DRIVERS\nwlnkfwd.sys  (File not found)
"PxHelp20" (PxHelp20) - "Sonic Solutions" - C:\Windows\System32\Drivers\PxHelp20.sys
"SASDIFSV" (SASDIFSV) - "SUPERAdBlocker.com and SUPERAntiSpyware.com" - C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
"SASKUTIL" (SASKUTIL) - "SUPERAdBlocker.com and SUPERAntiSpyware.com" - C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
"ssmdrv" (ssmdrv) - "Avira GmbH" - C:\Windows\System32\DRIVERS\ssmdrv.sys

[Explorer]
-----( HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? -  (File not found | COM-object registry key not found)
{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? -  (File not found | COM-object registry key not found)
{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? -  (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components )-----
{10880D85-AAD9-4558-ABDC-2AB1552D831F} "LightScribe Control Panel" - "Hewlett-Packard Company" - "C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
-----( HKLM\Software\Classes\Protocols\Filter )-----
{807553E5-5146-11D5-A672-00B0D022E945} "text/xml" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL
-----( HKLM\Software\Classes\Protocols\Handler )-----
{32505114-5902-49B2-880A-1F7738E5A384} "Data Page Plugable Protocal mso-offdap11 Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL
{3D9F03FA-7A94-11D3-BE81-0050048385D1} "Data Page Pluggable Protocol mso-offdap Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL
{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )-----
{AEB6717E-7E19-11d0-97EE-00C04FD91972} "{AEB6717E-7E19-11d0-97EE-00C04FD91972}" - ? -  (File not found | COM-object registry key not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{911051fa-c21c-4246-b470-070cd8df6dc4} ".cab or .zip files" - ? -  (File not found | COM-object registry key not found)
{1b24a030-9b20-49bc-97ac-1be4426f9e59} "ActiveDirectory Folder" - ? -  (File not found | COM-object registry key not found)
{34449847-FD14-4fc8-A75A-7432F5181EFB} "ActiveDirectory Folder" - ? -  (File not found | COM-object registry key not found)
{0F8604A5-4ECE-4DE1-BA7D-CF10F8AA4F48} "Contacts folder" - ? -  (File not found | COM-object registry key not found)
{2C2577C2-63A7-40e3-9B7F-586602617ECB} "Explorer Query Band" - ? -  (File not found | COM-object registry key not found)
{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\OFFICE11\msohev.dll
{00020D75-0000-0000-C000-000000000046} "Microsoft Office Outlook" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\OFFICE11\MLSHEXT.DLL
{0006F045-0000-0000-C000-000000000046} "Outlook-Dateisymbolerweiterung" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\OFFICE11\OLKFSTUB.DLL
{C8494E42-ACDD-4739-B0FB-217361E4894F} "Sam Account Folder" - ? -  (File not found | COM-object registry key not found)
{E29F9716-5C08-4FCD-955A-119FDB5A522D} "Sam Account Folder" - ? -  (File not found | COM-object registry key not found)
{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\shlext.dll
{BDEADF00-C265-11D0-BCED-00A0C90AB50F} "Webordner" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
{da67b8ad-e81b-4c70-9b91b417b5e33527} "Windows Search Shell Service" - ? -  (File not found | COM-object registry key not found)
{B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - ? - C:\Program Files\WinRAR\rarext.dll

[Internet Explorer]
-----( HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks )-----
{E312764E-7706-43F1-8DAB-FCDD2B1E416D} "{E312764E-7706-43F1-8DAB-FCDD2B1E416D}" - ? -  (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} "Java Plug-in 1.6.0_17" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_17" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_17.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
{00000130-9980-0010-8000-00AA00389B71} "{00000130-9980-0010-8000-00AA00389B71}" - ? -  (File not found | COM-object registry key not found) / hxxp://codecs.microsoft.com/codecs/i386/ACELPACM.CAB
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
{FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Recherchieren" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} "Adobe PDF Reader" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2ssv.dll

[Logon]
-----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\Users\Hänz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
"Dropbox.lnk" - ? - C:\Users\Hänz\AppData\Roaming\Dropbox\bin\Dropbox.exe  (Shortcut exists | File exists)
-----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
"VPN Client.lnk" - "Cisco Systems, Inc." - C:\Program Files\Cisco Systems\VPN Client\vpngui.exe  (Shortcut exists | File exists)
-----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )-----
"StartupPrograms" - ? - rdpclip  (File not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"ADSMTray" - "ASUSTek Computer Inc." - C:\Program Files\ASUS\ASUS Data Security Manager\ADSMTray.exe
"ASUS Camera ScreenSaver" - ? - C:\Windows\ASScrProlog.exe  (File found, but it contains no detailed information)
"ASUS Screen Saver Protector" - ? - C:\Windows\ASScrPro.exe
"avgnt" - "Avira GmbH" - "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
"CLMLServer" - "CyberLink" - "C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe"
"HControlUser" - ? - C:\Program Files\ASUS\ATK Hotkey\HControlUser.exe
"Malwarebytes Anti-Malware (reboot)" - "Malwarebytes Corporation" - "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
"P2Go_Menu" - "CyberLink Corp." - "C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
"PDFPrint" - "Geek Software GmbH" - C:\Program Files\pdf24\pdf24.exe
"SearchSettings" - "Spigot, Inc." - C:\Program Files\pdfforge Toolbar\SearchSettings.exe
"SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Program Files\Java\jre6\bin\jusched.exe"

[Network Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Control\NetworkProvider\Order )-----
"Login Filter" - "ASUSTek Computer Inc." - C:\Program Files\ASUS\ASUS Data Security Manager\ASPWDFLT.dll

[Print Monitors]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----
"Microsoft Document Imaging Writer Monitor" - "Microsoft Corporation" - C:\Windows\system32\mdimon.dll
"PDFCreator" - ? - C:\Windows\system32\pdfcmnnt.dll  (File found, but it contains no detailed information)

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"ADSM Service" (ADSMService) - "ASUSTek Computer Inc." - C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe
"Application Updater" (Application Updater) - "Spigot, Inc." - C:\Program Files\Application Updater\ApplicationUpdater.exe
"ASLDR Service" (ASLDRService) - ? - C:\Program Files\ASUS\ATK Hotkey\ASLDRSrv.exe
"ATKGFNEX Service" (ATKGFNEXSrv) - ? - C:\Program Files\ATKGFNEX\GFNEXSrv.exe
"Avira AntiVir Guard" (AntiVirService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
"Avira AntiVir Planer" (AntiVirSchedulerService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\sched.exe
"Cisco Systems, Inc. VPN Service" (CVPND) - "Cisco Systems, Inc." - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
"ClipInc 001" (ClipInc001) - ? - D:\Tobit ClipInc\Server\ClipInc-Server.exe
"Google Desktop Manager 5.9.1005.12335" (GoogleDesktopManager-051210-111108) - "Google" - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
"Google Updater Service" (gusvc) - "Google" - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
"InstallDriver Table Manager" (IDriverT) - "Macrovision Corporation" - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
"LightScribeService Direct Disc Labeling Service" (LightScribeService) - "Hewlett-Packard Company" - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
"Office Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
"Radio.fx Server" (Radio.fx) - ? - C:\Program Files\Tobit Radio.fx\Server\rfx-server.exe

===[ Logfile end ]=========================================[ Logfile end ]===
--- --- ---

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru

hans147 30.08.2010 14:40
Liste der Anhänge anzeigen (Anzahl: 1)
und hier das Ergebnis vom bootkit remover:

(ich wusste nicht wie ich den Inhalt kopieren kann, deshalb habe ich einen Screenshot angelegt, ich hoffe das ist ok so?!)

cosinus 30.08.2010 14:50
Ich brauch nen Gegencheck des MBR mit MBRCheck:

Downloade Dir bitte MBRCheck (by a_d_13) und speichere die Datei auf dem Desktop.
  • Doppelklick auf die MBRCheck.exe.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Das Tool braucht nur eine Sekunde.
  • Danach solltest du eine MBRCheck_<Datum>_<Uhrzeit>.txt auf dem Desktop finden.
Poste mir bitte den Inhalt des .txt Dokumentes

hans147 30.08.2010 14:53
MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows Vista Home Premium Edition
Windows Information: Service Pack 1 (build 6001), 32-bit
Base Board Manufacturer: ASUSTeK Computer Inc.
BIOS Manufacturer: American Megatrends Inc.
System Manufacturer: ASUSTeK Computer Inc.
System Product Name: X58LE
Logical Drives Mask: 0x0000001c

Kernel Drivers (total 153):
0x8201C000 \SystemRoot\system32\ntkrnlpa.exe
0x823D5000 \SystemRoot\system32\hal.dll
0x8040E000 \SystemRoot\system32\kdcom.dll
0x80416000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x80476000 \SystemRoot\system32\PSHED.dll
0x80487000 \SystemRoot\system32\BOOTVID.dll
0x8048F000 \SystemRoot\system32\CLFS.SYS
0x804D0000 \SystemRoot\system32\CI.dll
0x8060D000 \SystemRoot\system32\drivers\Wdf01000.sys
0x80689000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x80696000 \SystemRoot\system32\drivers\acpi.sys
0x806DC000 \SystemRoot\system32\drivers\WMILIB.SYS
0x806E5000 \SystemRoot\system32\drivers\msisadrv.sys
0x806ED000 \SystemRoot\system32\drivers\pci.sys
0x80714000 \SystemRoot\System32\drivers\partmgr.sys
0x80723000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x80726000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x80730000 \SystemRoot\system32\drivers\volmgr.sys
0x8073F000 \SystemRoot\System32\drivers\volmgrx.sys
0x80789000 \SystemRoot\system32\drivers\intelide.sys
0x80790000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0x8079E000 \SystemRoot\system32\DRIVERS\pcmcia.sys
0x807CB000 \SystemRoot\System32\drivers\mountmgr.sys
0x82600000 \SystemRoot\system32\DRIVERS\iaStor.sys
0x826C8000 \SystemRoot\system32\drivers\atapi.sys
0x826D0000 \SystemRoot\system32\drivers\ataport.SYS
0x826EE000 \SystemRoot\system32\drivers\msahci.sys
0x826F8000 \SystemRoot\system32\drivers\fltmgr.sys
0x8272A000 \SystemRoot\system32\drivers\fileinfo.sys
0x8273A000 \SystemRoot\System32\Drivers\AsDsm.sys
0x82744000 \SystemRoot\System32\Drivers\PxHelp20.sys
0x8274D000 \SystemRoot\System32\Drivers\ksecdd.sys
0x8A205000 \SystemRoot\system32\drivers\ndis.sys
0x8A310000 \SystemRoot\system32\drivers\msrpc.sys
0x8A33B000 \SystemRoot\system32\drivers\NETIO.SYS
0x8A40F000 \SystemRoot\System32\drivers\tcpip.sys
0x8A4F8000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x8A608000 \SystemRoot\System32\Drivers\Ntfs.sys
0x8A717000 \SystemRoot\system32\drivers\volsnap.sys
0x8A750000 \SystemRoot\System32\Drivers\spldr.sys
0x8A758000 \SystemRoot\System32\Drivers\mup.sys
0x8A767000 \SystemRoot\System32\drivers\ecache.sys
0x8A78E000 \SystemRoot\system32\drivers\disk.sys
0x8A79F000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x8A7C0000 \SystemRoot\system32\drivers\crcdisk.sys
0x8A7D6000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x8A7E1000 \SystemRoot\system32\DRIVERS\tunmp.sys
0x8A7EA000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x8DE0B000 \SystemRoot\system32\DRIVERS\igdkmd32.sys
0x8E708000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x8E7A7000 \SystemRoot\System32\drivers\watchdog.sys
0x8E7B4000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x8E7BF000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x8A5DB000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x8A5EA000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x8EA06000 \SystemRoot\system32\DRIVERS\athr.sys
0x8EAEA000 \SystemRoot\system32\DRIVERS\sdbus.sys
0x8EB04000 \SystemRoot\system32\DRIVERS\rimmptsk.sys
0x8EB15000 \SystemRoot\system32\DRIVERS\rimsptsk.sys
0x8EB29000 \SystemRoot\system32\DRIVERS\Rtnicxp.sys
0x8EB3A000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x8EB4D000 \SystemRoot\system32\DRIVERS\kbfiltr.sys
0x8EB4F000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x8EB5A000 \SystemRoot\system32\DRIVERS\SynTP.sys
0x8EB89000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x8EB8B000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x8EB96000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x8EBAE000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x8EBB2000 \SystemRoot\system32\DRIVERS\ATKACPI.sys
0x8EBBA000 \SystemRoot\system32\DRIVERS\dne2000.sys
0x8A375000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0x8A3A3000 \SystemRoot\system32\DRIVERS\storport.sys
0x8EBD8000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x8EBE3000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x8DE00000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x827BE000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x8A400000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x8A3E4000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x827E1000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x807DB000 \SystemRoot\system32\DRIVERS\termdd.sys
0x8EBFA000 \SystemRoot\system32\DRIVERS\swenum.sys
0x805B0000 \SystemRoot\system32\DRIVERS\ks.sys
0x827F6000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x807EB000 \SystemRoot\system32\DRIVERS\umbus.sys
0x8EC0D000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x8EC41000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x8EE05000 \SystemRoot\system32\drivers\RTKVHDA.sys
0x8F02C000 \SystemRoot\system32\drivers\portcls.sys
0x8F059000 \SystemRoot\system32\drivers\drmk.sys
0x8F07E000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x8F087000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x8F090000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x8F0A0000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x8F0A7000 \SystemRoot\System32\Drivers\Null.SYS
0x8F0AE000 \SystemRoot\System32\Drivers\Beep.SYS
0x8F0B5000 \SystemRoot\System32\drivers\vga.sys
0x8F0C1000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x8F0E2000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x8F0EA000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x8F0F2000 \SystemRoot\system32\drivers\rdpencdd.sys
0x8F0FA000 \SystemRoot\System32\Drivers\Msfs.SYS
0x8F105000 \SystemRoot\System32\Drivers\Npfs.SYS
0x8F113000 \SystemRoot\System32\DRIVERS\rasacd.sys
0x8F11C000 \SystemRoot\system32\DRIVERS\tdx.sys
0x8F132000 \SystemRoot\system32\DRIVERS\smb.sys
0x8F146000 \SystemRoot\system32\drivers\afd.sys
0x8F18E000 \SystemRoot\System32\DRIVERS\netbt.sys
0x8F1C0000 \SystemRoot\system32\DRIVERS\pacer.sys
0x8F1D6000 \SystemRoot\system32\DRIVERS\netbios.sys
0x8F1E4000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x8F1F7000 \SystemRoot\system32\DRIVERS\ssmdrv.sys
0x8EC52000 \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
0x8EC74000 \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
0x8EC7A000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x8ECB6000 \SystemRoot\system32\drivers\nsiproxy.sys
0x8ECC0000 \SystemRoot\System32\Drivers\dfsc.sys
0x8F204000 \SystemRoot\system32\DRIVERS\snp2uvc.sys
0x8F3B5000 \SystemRoot\system32\DRIVERS\STREAM.SYS
0x8F3C2000 \SystemRoot\system32\DRIVERS\sncduvc.SYS
0x8F3C9000 \SystemRoot\system32\DRIVERS\avipbb.sys
0x8F3E5000 \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys
0x8F3E7000 \SystemRoot\System32\Drivers\crashdmp.sys
0x8ECD7000 \SystemRoot\System32\Drivers\dump_iaStor.sys
0x96E00000 \SystemRoot\System32\win32k.sys
0x8F3F4000 \SystemRoot\System32\drivers\Dxapi.sys
0x8ED9F000 \SystemRoot\system32\DRIVERS\monitor.sys
0x97020000 \SystemRoot\System32\TSDDD.dll
0x97040000 \SystemRoot\System32\cdd.dll
0x8EDAE000 \SystemRoot\system32\drivers\luafv.sys
0x8EDC9000 \SystemRoot\system32\DRIVERS\avgntflt.sys
0x8EDDD000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x8A513000 \SystemRoot\system32\drivers\spsys.sys
0x80E09000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x80E33000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x80E3D000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x80E50000 \??\C:\Program Files\ATKGFNEX\ASMMAP.sys
0x80E57000 \SystemRoot\system32\drivers\HTTP.sys
0x80EC2000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x80EDF000 \SystemRoot\system32\DRIVERS\bowser.sys
0x80EF8000 \SystemRoot\System32\drivers\mpsdrv.sys
0x80F0D000 \SystemRoot\system32\drivers\mrxdav.sys
0x80F2D000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x80F4C000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x80F85000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x80F9D000 \SystemRoot\System32\DRIVERS\srv2.sys
0xAC609000 \SystemRoot\System32\DRIVERS\srv.sys
0xAC655000 \??\C:\Windows\system32\Drivers\CVPNDRVA.sys
0xAC6E5000 \SystemRoot\system32\drivers\peauth.sys
0xAC7C3000 \SystemRoot\System32\Drivers\fastfat.SYS
0xAC7EB000 \SystemRoot\System32\Drivers\secdrv.SYS
0x80FC4000 \SystemRoot\System32\drivers\tcpipreg.sys
0x80FD0000 \SystemRoot\system32\DRIVERS\cdfs.sys
0x76EC0000 \Windows\System32\ntdll.dll

Processes (total 75):
0 System Idle Process
4 System
508 C:\Windows\System32\smss.exe
628 csrss.exe
672 C:\Windows\System32\wininit.exe
684 csrss.exe
716 C:\Windows\System32\services.exe
748 C:\Windows\System32\lsass.exe
756 C:\Windows\System32\winlogon.exe
788 C:\Windows\System32\lsm.exe
928 C:\Windows\System32\svchost.exe
1008 C:\Windows\System32\svchost.exe
1144 C:\Windows\System32\svchost.exe
1168 C:\Windows\System32\svchost.exe
1216 C:\Windows\System32\svchost.exe
1300 C:\Windows\System32\audiodg.exe
1324 C:\Windows\System32\SLsvc.exe
1364 C:\Windows\System32\svchost.exe
1488 C:\Windows\System32\svchost.exe
1612 C:\Program Files\ASUS\SmartLogon\smartlogon.exe
1688 C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe
1700 C:\Program Files\ASUS\ATK Hotkey\AsLdrSrv.exe
1716 C:\Program Files\ATKGFNEX\GFNEXSrv.exe
1756 C:\Windows\System32\wlanext.exe
1828 C:\Windows\System32\taskeng.exe
1884 C:\Windows\System32\spoolsv.exe
1908 C:\Program Files\Avira\AntiVir Desktop\sched.exe
1928 C:\Windows\System32\svchost.exe
1120 C:\Windows\System32\taskeng.exe
1652 C:\Windows\System32\dwm.exe
2032 C:\Program Files\ASUS\SmartLogon\sensorsrv.exe
2024 C:\Windows\System32\taskeng.exe
1640 C:\Program Files\ASUS\ASUS Live Update\ALU.exe
2020 C:\Program Files\P4G\BatteryLife.exe
2056 C:\Windows\explorer.exe
2236 C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe
2260 C:\Program Files\ASUS\ATK Hotkey\HControlUser.exe
2272 C:\Program Files\ASUS\ASUS Data Security Manager\ADSMTray.exe
2280 C:\Windows\System32\igfxtray.exe
2288 C:\Windows\System32\hkcmd.exe
2304 C:\Windows\System32\igfxpers.exe
2328 C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
2352 C:\Windows\ASScrPro.exe
2364 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
2384 C:\Windows\System32\igfxsrvc.exe
2392 C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
2524 C:\Program Files\ASUS\ATK Hotkey\MsgTranAgt.exe
2532 C:\Program Files\ASUS\ATK Hotkey\HControl.exe
2540 C:\Program Files\ASUS\Splendid\ACMON.exe
2552 C:\Program Files\Wireless Console 2\wcourier.exe
2564 C:\Program Files\Java\jre6\bin\jusched.exe
2600 C:\Program Files\pdf24\pdf24.exe
2620 ACEngSvr.exe
2820 C:\Program Files\ASUS\ATK Hotkey\ATKOSD.exe
2844 C:\Program Files\ASUS\ATK Hotkey\KBFiltr.exe
2856 C:\Program Files\ASUS\ATK Hotkey\WDC.exe
2960 C:\Program Files\Avira\AntiVir Desktop\avguard.exe
2992 C:\Program Files\Application Updater\ApplicationUpdater.exe
3016 D:\Tobit ClipInc\Server\ClipInc-Server.exe
3036 C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
3080 C:\Program Files\Common Files\LightScribe\LSSrvc.exe
3224 C:\Windows\System32\svchost.exe
3244 C:\Program Files\Tobit Radio.fx\Server\rfx-server.exe
3280 C:\Windows\System32\svchost.exe
3348 C:\Windows\System32\svchost.exe
3428 C:\Windows\System32\SearchIndexer.exe
3876 C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
552 C:\Windows\System32\wuauclt.exe
3872 C:\Windows\System32\conime.exe
3728 C:\Program Files\Mozilla Firefox\firefox.exe
2688 C:\Windows\System32\SearchProtocolHost.exe
1632 C:\Windows\System32\SearchFilterHost.exe
3204 dllhost.exe
2428 dllhost.exe
3564 C:\Users\Hänz\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000002`71167600 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x0000001f`8d1db400 (NTFS)

PhysicalDrive0 Model Number: ST9250320AS, Rev: 0303

Size Device Name MBR Status
--------------------------------------------
232 GB \\.\PhysicalDrive0 Unknown MBR code
SHA1: 16FACB29D75458833E397367B1DA17929157C2B3


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:

Done!


Alle Zeitangaben in WEZ +1. Es ist jetzt 02:16 Uhr.
Seite 1 von 3 1 23
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131