Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   100 Tan Trojaner auf meinem Rechner Windows 7 (https://www.trojaner-board.de/90362-100-tan-trojaner-meinem-rechner-windows-7-a.html)

rummenige80 03.09.2010 18:19
100 Tan Trojaner auf meinem Rechner Windows 7
 
Hallo,
habe mir einen 100 Tan Trojaner gefangen und will ihn nun loswerden, ohne den ganzen Rechner neu zu installieren. Scans mit Antivir oder AntiMalware waren nicht erfolgreich, bzw. es wurde nichts gefunden. Konto bzw. Pin ist gesperrt. Wir kann ich den Trojaner entfernen?Benutze seid neuestem Windows 7.
Vielen Dank für ihre Hilfe

cosinus 03.09.2010 19:52
Systemscan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles hier in den Thread.

rummenige80 04.09.2010 12:01
Hallo,
hier sind meine Log Files von OTLOTL Logfile:
Code:
OTL logfile created on: 04.09.2010 12:51:07 - Run 1
OTL by OldTimer - Version 3.2.11.0    Folder = C:\Users\***\Downloads
 Ultimate Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 65,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 81,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 193,56 Gb Total Space | 72,74 Gb Free Space | 37,58% Space Free | Partition Type: NTFS
Drive D: | 39,32 Gb Total Space | 30,39 Gb Free Space | 77,30% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: ***-PC
Current User Name: ***
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\***\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Google\Google Desktop Search\GoogleDesktop.exe (Google)
PRC - C:\Programme\Mozilla Firefox\plugin-container.exe (Mozilla Corporation)
PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Programme\DivX\DivX Update\DivXUpdate.exe ()
PRC - C:\Programme\Emsisoft Anti-Malware\a2service.exe (Emsi Software GmbH)
PRC - C:\Programme\Mozilla Thunderbird\thunderbird.exe (Mozilla Corporation)
PRC - C:\Programme\TomTom HOME 2\TomTomHOMEService.exe (TomTom)
PRC - C:\Programme\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
PRC - C:\Programme\CDBurnerXP\NMSAccessU.exe ()
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation)
PRC - C:\Programme\Java\jre6\bin\jucheck.exe (Sun Microsystems, Inc.)
PRC - C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
PRC - C:\Programme\phonostar\ps_timer.exe (phonostar)
PRC - C:\Programme\phonostar\ps_agent.exe (phonostar)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Programme\OpenOffice.org 3\program\soffice.bin (OpenOffice.org)
PRC - C:\Programme\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Programme\Logitech\Z-5 Speakers\Z-5 Speakers.exe (Logitech(c))
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Programme\HomeCinema\Power2Go\CLMLSvc.exe (CyberLink)
PRC - C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
PRC - C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
PRC - C:\Programme\Launch Manager\WisLMSvc.exe (Wistron Corp.)
PRC - C:\Programme\Launch Manager\WButton.exe (Wistron)
PRC - C:\Programme\Launch Manager\HotkeyApp.exe (Wistron)
PRC - C:\Programme\Launch Manager\LaunchAp.exe ()
PRC - C:\Programme\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.)
PRC - C:\Programme\HomeCinema\PowerDVD\PDVDServ.exe (Cyberlink Corp.)
PRC - C:\Programme\Launch Manager\OSD.exe (Wistron Corp.)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\***\Downloads\OTL.exe (OldTimer Tools)
MOD - C:\Windows\System32\sspicli.dll (Microsoft Corporation)
MOD - C:\Windows\System32\sechost.dll (Microsoft Corporation)
MOD - C:\Windows\System32\samcli.dll (Microsoft Corporation)
MOD - C:\Windows\System32\profapi.dll (Microsoft Corporation)
MOD - C:\Windows\System32\netutils.dll (Microsoft Corporation)
MOD - C:\Windows\System32\KernelBase.dll (Microsoft Corporation)
MOD - C:\Windows\System32\dwmapi.dll (Microsoft Corporation)
MOD - C:\Windows\System32\devobj.dll (Microsoft Corporation)
MOD - C:\Windows\System32\cryptbase.dll (Microsoft Corporation)
MOD - C:\Windows\System32\cfgmgr32.dll (Microsoft Corporation)
MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (GoogleDesktopManager-051210-111108) -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
SRV - (a2AntiMalware) -- C:\Program Files\Emsisoft Anti-Malware\a2service.exe (Emsi Software GmbH)
SRV - (TomTomHOMEService) -- C:\Programme\TomTom HOME 2\TomTomHOMEService.exe (TomTom)
SRV - (NMSAccessU) -- C:\Programme\CDBurnerXP\NMSAccessU.exe ()
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (WwanSvc) -- C:\Windows\System32\wwansvc.dll (Microsoft Corporation)
SRV - (WbioSrvc) -- C:\Windows\System32\wbiosrvc.dll (Microsoft Corporation)
SRV - (Power) -- C:\Windows\System32\umpo.dll (Microsoft Corporation)
SRV - (Themes) -- C:\Windows\System32\themeservice.dll (Microsoft Corporation)
SRV - (sppuinotify) -- C:\Windows\System32\sppuinotify.dll (Microsoft Corporation)
SRV - (RpcEptMapper) -- C:\Windows\System32\RpcEpMap.dll (Microsoft Corporation)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)
SRV - (PNRPsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation)
SRV - (p2pimsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation)
SRV - (HomeGroupProvider) -- C:\Windows\System32\provsvc.dll (Microsoft Corporation)
SRV - (PNRPAutoReg) -- C:\Windows\System32\pnrpauto.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (HomeGroupListener) -- C:\Windows\System32\ListSvc.dll (Microsoft Corporation)
SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation)
SRV - (Dhcp) -- C:\Windows\System32\dhcpcore.dll (Microsoft Corporation)
SRV - (defragsvc) -- C:\Windows\System32\defragsvc.dll (Microsoft Corporation)
SRV - (BDESVC) -- C:\Windows\System32\bdesvc.dll (Microsoft Corporation)
SRV - (AxInstSV) ActiveX-Installer (AxInstSV) -- C:\Windows\System32\AxInstSv.dll (Microsoft Corporation)
SRV - (AppIDSvc) -- C:\Windows\System32\appidsvc.dll (Microsoft Corporation)
SRV - (sppsvc) -- C:\Windows\System32\sppsvc.exe (Microsoft Corporation)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (IAANTMON) Intel(R) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
SRV - (WisLMSvc) -- C:\Program Files\Launch Manager\WisLMSvc.exe (Wistron Corp.)
SRV - (IDriverT) -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe (Macrovision Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (a2acc) -- C:\Programme\Emsisoft Anti-Malware\a2accx86.sys (Emsi Software GmbH)
DRV - (KSecPkg) -- C:\Windows\System32\Drivers\ksecpkg.sys (Microsoft Corporation)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (StarOpen) -- C:\Windows\System32\drivers\StarOpen.sys ()
DRV - (igfx) -- C:\Windows\System32\drivers\igdkmd32.sys (Intel Corporation)
DRV - (cmdide) -- C:\Windows\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.)
DRV - (adpahci) -- C:\Windows\system32\DRIVERS\adpahci.sys (Adaptec, Inc.)
DRV - (adp94xx) -- C:\Windows\system32\DRIVERS\adp94xx.sys (Adaptec, Inc.)
DRV - (amdsbs) -- C:\Windows\system32\DRIVERS\amdsbs.sys (AMD Technologies Inc.)
DRV - (adpu320) -- C:\Windows\system32\DRIVERS\adpu320.sys (Adaptec, Inc.)
DRV - (arcsas) -- C:\Windows\system32\DRIVERS\arcsas.sys (Adaptec, Inc.)
DRV - (amdsata) -- C:\Windows\system32\DRIVERS\amdsata.sys (Advanced Micro Devices)
DRV - (arc) -- C:\Windows\system32\DRIVERS\arc.sys (Adaptec, Inc.)
DRV - (amdxata) -- C:\Windows\system32\DRIVERS\amdxata.sys (Advanced Micro Devices)
DRV - (aliide) -- C:\Windows\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)
DRV - (nvstor) -- C:\Windows\system32\DRIVERS\nvstor.sys (NVIDIA Corporation)
DRV - (nvraid) -- C:\Windows\system32\DRIVERS\nvraid.sys (NVIDIA Corporation)
DRV - (nfrd960) -- C:\Windows\system32\DRIVERS\nfrd960.sys (IBM Corporation)
DRV - (LSI_SAS) -- C:\Windows\system32\DRIVERS\lsi_sas.sys (LSI Corporation)
DRV - (iaStorV) -- C:\Windows\system32\DRIVERS\iaStorV.sys (Intel Corporation)
DRV - (MegaSR) -- C:\Windows\system32\DRIVERS\MegaSR.sys (LSI Corporation, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\DRIVERS\lsi_scsi.sys (LSI Corporation)
DRV - (LSI_FC) -- C:\Windows\system32\DRIVERS\lsi_fc.sys (LSI Corporation)
DRV - (LSI_SAS2) -- C:\Windows\system32\DRIVERS\lsi_sas2.sys (LSI Corporation)
DRV - (iirsp) -- C:\Windows\system32\DRIVERS\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (megasas) -- C:\Windows\system32\DRIVERS\megasas.sys (LSI Corporation)
DRV - (hwpolicy) -- C:\Windows\System32\drivers\hwpolicy.sys (Microsoft Corporation)
DRV - (elxstor) -- C:\Windows\system32\DRIVERS\elxstor.sys (Emulex)
DRV - (aic78xx) -- C:\Windows\system32\DRIVERS\djsvs.sys (Adaptec, Inc.)
DRV - (HpSAMD) -- C:\Windows\system32\DRIVERS\HpSAMD.sys (Hewlett-Packard Company)
DRV - (FsDepends) -- C:\Windows\System32\drivers\fsdepends.sys (Microsoft Corporation)
DRV - (vsmraid) -- C:\Windows\system32\DRIVERS\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (vmbus) -- C:\Windows\system32\DRIVERS\vmbus.sys (Microsoft Corporation)
DRV - (vhdmp) -- C:\Windows\system32\DRIVERS\vhdmp.sys (Microsoft Corporation)
DRV - (storflt) -- C:\Windows\system32\DRIVERS\vmstorfl.sys (Microsoft Corporation)
DRV - (vdrvroot) -- C:\Windows\system32\DRIVERS\vdrvroot.sys (Microsoft Corporation)
DRV - (storvsc) -- C:\Windows\system32\DRIVERS\storvsc.sys (Microsoft Corporation)
DRV - (WIMMount) -- C:\Windows\System32\drivers\wimmount.sys (Microsoft Corporation)
DRV - (viaide) -- C:\Windows\system32\DRIVERS\viaide.sys (VIA Technologies, Inc.)
DRV - (ql2300) -- C:\Windows\system32\DRIVERS\ql2300.sys (QLogic Corporation)
DRV - (rdyboost) -- C:\Windows\System32\drivers\rdyboost.sys (Microsoft Corporation)
DRV - (ql40xx) -- C:\Windows\system32\DRIVERS\ql40xx.sys (QLogic Corporation)
DRV - (SiSRaid4) -- C:\Windows\system32\DRIVERS\sisraid4.sys (Silicon Integrated Systems)
DRV - (pcw) -- C:\Windows\System32\drivers\pcw.sys (Microsoft Corporation)
DRV - (SiSRaid2) -- C:\Windows\system32\DRIVERS\SiSRaid2.sys (Silicon Integrated Systems Corp.)
DRV - (stexstor) -- C:\Windows\system32\DRIVERS\stexstor.sys (Promise Technology)
DRV - (CNG) -- C:\Windows\System32\Drivers\cng.sys (Microsoft Corporation)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\System32\Drivers\Brserid.sys (Brother Industries Ltd.)
DRV - (rdpbus) -- C:\Windows\System32\drivers\rdpbus.sys (Microsoft Corporation)
DRV - (RDPREFMP) -- C:\Windows\System32\drivers\RDPREFMP.sys (Microsoft Corporation)
DRV - (RasAgileVpn) WAN Miniport (IKEv2) -- C:\Windows\System32\drivers\agilevpn.sys (Microsoft Corporation)
DRV - (WfpLwf) -- C:\Windows\System32\drivers\wfplwf.sys (Microsoft Corporation)
DRV - (NdisCap) -- C:\Windows\System32\drivers\ndiscap.sys (Microsoft Corporation)
DRV - (vwififlt) -- C:\Windows\System32\drivers\vwififlt.sys (Microsoft Corporation)
DRV - (vwifibus) -- C:\Windows\System32\drivers\vwifibus.sys (Microsoft Corporation)
DRV - (1394ohci) -- C:\Windows\system32\DRIVERS\1394ohci.sys (Microsoft Corporation)
DRV - (UmPass) -- C:\Windows\system32\DRIVERS\umpass.sys (Microsoft Corporation)
DRV - (mshidkmdf) -- C:\Windows\System32\drivers\mshidkmdf.sys (Microsoft Corporation)
DRV - (MTConfig) -- C:\Windows\system32\DRIVERS\MTConfig.sys (Microsoft Corporation)
DRV - (CompositeBus) -- C:\Windows\System32\drivers\CompositeBus.sys (Microsoft Corporation)
DRV - (AppID) -- C:\Windows\system32\drivers\appid.sys (Microsoft Corporation)
DRV - (scfilter) -- C:\Windows\System32\drivers\scfilter.sys (Microsoft Corporation)
DRV - (s3cap) -- C:\Windows\system32\DRIVERS\vms3cap.sys (Microsoft Corporation)
DRV - (VMBusHID) -- C:\Windows\system32\DRIVERS\VMBusHID.sys (Microsoft Corporation)
DRV - (discache) -- C:\Windows\System32\drivers\discache.sys (Microsoft Corporation)
DRV - (HidBatt) -- C:\Windows\system32\DRIVERS\HidBatt.sys (Microsoft Corporation)
DRV - (AcpiPmi) -- C:\Windows\system32\DRIVERS\acpipmi.sys (Microsoft Corporation)
DRV - (AmdPPM) -- C:\Windows\system32\DRIVERS\amdppm.sys (Microsoft Corporation)
DRV - (hcw85cir) -- C:\Windows\system32\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV - (BrUsbMdm) -- C:\Windows\System32\Drivers\BrUsbMdm.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\System32\Drivers\BrUsbSer.sys (Brother Industries Ltd.)
DRV - (BrSerWdm) -- C:\Windows\System32\Drivers\BrSerWdm.sys (Brother Industries Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\DRIVERS\BrFiltLo.sys (Brother Industries, Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\DRIVERS\BrFiltUp.sys (Brother Industries, Ltd.)
DRV - (netr73) -- C:\Windows\System32\drivers\netr73.sys (Ralink Technology, Corp.)
DRV - (netr28) -- C:\Windows\System32\drivers\netr28.sys (Ralink Technology, Corp.)
DRV - (b57nd60x) -- C:\Windows\System32\drivers\b57nd60x.sys (Broadcom Corporation)
DRV - (ebdrv) -- C:\Windows\system32\DRIVERS\evbdx.sys (Broadcom Corporation)
DRV - (b06bdrv) -- C:\Windows\system32\DRIVERS\bxvbdx.sys (Broadcom Corporation)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (RTSTOR) -- C:\Windows\System32\drivers\RTSTOR.sys (Realtek Semiconductor Corp.)
DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.)
DRV - (iaStor) -- C:\Windows\system32\DRIVERS\iaStor.sys (Intel Corporation)
DRV - (SynTP) -- C:\Windows\System32\drivers\SynTP.sys (Synaptics, Inc.)
DRV - (ATSWPDRV) AuthenTec TruePrint USB Driver (SwipeSensor) -- C:\Windows\System32\drivers\atswpdrv.sys (AuthenTec, Inc.)
DRV - (Si3531) -- C:\Windows\system32\DRIVERS\Si3531.sys (Silicon Image, Inc)
DRV - (SiFilter) -- C:\Windows\system32\DRIVERS\SiWinAcc.sys (Silicon Image, Inc.)
DRV - (SiRemFil) -- C:\Windows\system32\DRIVERS\SiRemFil.sys (Silicon Image, Inc.)
DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation                                            )
DRV - (Hotkey) -- C:\Windows\System32\drivers\HOTKEY.sys ()
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.medion.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.medion.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/ig"
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198
FF - prefs.js..extensions.enabledItems: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065}:2.7.1.3
 
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.08.31 10:58:49 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.08.26 01:36:01 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.24\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2010.08.31 10:58:49 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.24\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2010.08.26 01:36:04 | 000,000,000 | ---D | M]
 
[2010.08.26 01:44:05 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Extensions
[2010.05.18 22:22:02 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Extensions\home2@tomtom.com
[2010.09.02 23:42:30 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\hprz0t1k.default\extensions
[2010.08.26 01:44:06 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\hprz0t1k.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.08.25 19:07:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\hprz0t1k.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}-trash
[2010.09.01 16:05:01 | 000,000,000 | ---D | M] (softonic-de3 Toolbar) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\hprz0t1k.default\extensions\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}
[2010.01.22 19:55:05 | 000,002,280 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\FireFox\Profiles\hprz0t1k.default\searchplugins\google-und-download-suche.xml
[2010.08.26 01:36:00 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions
[2010.08.26 01:36:00 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Programme\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2010.08.22 18:06:55 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.08.22 18:06:55 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.08.22 18:06:55 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.08.22 18:06:55 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.08.22 18:06:55 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O1 - Hosts: ::1            localhost
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll (Google Inc.)
O2 - BHO: (Lexmark ) - {D2C5E510-BE6D-42CC-9F61-E4F939078474} - C:\Programme\Lexmark Printable Web\bho.dll ()
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [CLMLServer] C:\Program Files\HomeCinema\Power2Go\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [Google Desktop Search] C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
O4 - HKLM..\Run: [HotkeyApp] C:\Program Files\Launch Manager\HotkeyApp.exe (Wistron)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [LanguageShortcut] C:\Program Files\HomeCinema\PowerDVD\Language\Language.exe ()
O4 - HKLM..\Run: [LaunchAp] C:\Program Files\Launch Manager\LaunchAp.exe ()
O4 - HKLM..\Run: [LMgrOSD] C:\Program Files\Launch Manager\OSD.exe (Wistron Corp.)
O4 - HKLM..\Run: [RemoteControl] C:\Program Files\HomeCinema\PowerDVD\PDVDServ.exe (Cyberlink Corp.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [snpstd3] C:\Windows\vsnpstd3.exe ()
O4 - HKLM..\Run: [SynTPStart] C:\Programme\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [toolbar_eula_launcher] C:\Programme\GoogleEULA\EULALauncher.exe ( )
O4 - HKLM..\Run: [UpdatePPShortCut] C:\Program Files\HomeCinema\PowerProducer\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [Wbutton] C:\Program Files\Launch Manager\Wbutton.exe (Wistron)
O4 - HKLM..\Run: [Z-5 Speakers] C:\Programme\Logitech\Z-5 Speakers\Z-5 Speakers.exe (Logitech(c))
O4 - HKCU..\Run: [{7DD630D7-9FAE-5DD2-FCAE-8923F7FF69BA}] C:\Users\***\AppData\Roaming\Adqiek\xayvc.exe ()
O4 - HKCU..\Run: [PhonostarAgent] C:\Programme\phonostar\ps_agent.exe (phonostar)
O4 - HKCU..\Run: [PhonostarTimer] C:\Programme\phonostar\ps_timer.exe (phonostar)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKCU..\Run: [TomTomHOME.exe] C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll (Google Inc.)
O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : In Windows Live Writer in &Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 195.50.140.178 192.168.0.1
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GO36F4~1.DLL) - C:\Programme\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O24 - Desktop WallPaper: C:\Users\***\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\***\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2010.09.03 09:24:16 | 000,000,000 | ---D | C] -- C:\Programme\YouTube Downloader
[2010.09.03 09:22:05 | 000,000,000 | ---D | C] -- C:\Programme\Emsisoft Anti-Malware
[2010.09.03 09:22:05 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\Anti-Malware
[2010.09.02 00:18:34 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Amazon
[2010.09.02 00:18:00 | 000,000,000 | ---D | C] -- C:\Programme\Amazon
[2010.09.01 20:06:53 | 000,000,000 | ---D | C] -- C:\ProgramData\DivX
[2010.09.01 16:47:15 | 000,387,904 | ---- | C] (Panda Security) -- C:\Users\***\Desktop\StubInstaller.exe
[2010.09.01 16:08:00 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Panda Security
[2010.09.01 16:07:06 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\SurfSecret Privacy Suite
[2010.09.01 16:06:09 | 000,000,000 | ---D | C] -- C:\Programme\Panda Security
[2010.09.01 16:06:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Panda Security
[2010.09.01 16:05:03 | 000,000,000 | ---D | C] -- C:\Programme\Conduit
[2010.09.01 16:01:50 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\TrojanHunter
[2010.09.01 14:16:30 | 000,000,000 | ---D | C] -- C:\Programme\TrojanHunter 5.3
[2010.08.29 15:49:01 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Adqiek
[2010.08.27 14:31:58 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Anabh
[2010.08.26 14:31:17 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\MakeDiscVideo
[2010.08.26 14:31:16 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\MakeDisc
[2010.08.26 14:31:11 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\PowerCinema
[2010.08.26 14:30:22 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Deployment
[2010.08.26 14:29:50 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Microsoft Games
[2010.08.26 10:06:23 | 000,295,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHost.exe
[2010.08.26 10:06:23 | 000,099,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHostProxy.dll
[2010.08.26 10:06:23 | 000,049,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netfxperf.dll
[2010.08.26 10:02:30 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\browserchoice.exe
[2010.08.26 09:53:46 | 000,398,336 | ---- | C] (Intel(R) Corporation) -- C:\Windows\System32\TVWizudlg.exe
[2010.08.26 09:53:30 | 000,000,000 | -HSD | C] -- C:\ProgramData\Vorlagen
[2010.08.26 09:53:30 | 000,000,000 | -HSD | C] -- C:\ProgramData\Startmenü
[2010.08.26 09:53:30 | 000,000,000 | -HSD | C] -- C:\Recovery
[2010.08.26 09:53:30 | 000,000,000 | -HSD | C] -- C:\Programme\Gemeinsame Dateien
[2010.08.26 09:53:30 | 000,000,000 | -HSD | C] -- C:\ProgramData\Favoriten
[2010.08.26 09:53:30 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Videos
[2010.08.26 09:53:30 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Musik
[2010.08.26 09:53:30 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Bilder
[2010.08.26 09:53:30 | 000,000,000 | -HSD | C] -- C:\ProgramData\Dokumente
[2010.08.26 09:53:30 | 000,000,000 | -HSD | C] -- C:\ProgramData\Anwendungsdaten
[2010.08.26 03:12:45 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2010.08.26 03:12:27 | 003,955,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2010.08.26 03:12:27 | 003,899,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2010.08.26 03:12:25 | 000,197,632 | ---- | C] (Intel(R) Corporation) -- C:\Windows\System32\ir32_32.dll
[2010.08.26 03:12:25 | 000,082,944 | ---- | C] (Radius Inc.) -- C:\Windows\System32\iccvid.dll
[2010.08.26 03:12:23 | 002,614,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\explorer.exe
[2010.08.26 03:12:21 | 001,037,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\lsasrv.dll
[2010.08.26 03:12:21 | 000,133,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ksecpkg.sys
[2010.08.26 03:12:19 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rtutils.dll
[2010.08.26 03:12:07 | 001,320,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CertEnroll.dll
[2010.08.26 03:12:07 | 000,507,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winload.exe
[2010.08.26 03:12:06 | 012,625,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmploc.DLL
[2010.08.26 03:12:06 | 000,442,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winresume.exe
[2010.08.26 03:12:03 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\asycfilt.dll
[2010.08.26 03:12:01 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2010.08.26 03:11:56 | 000,108,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\t2embed.dll
[2010.08.26 03:11:50 | 001,328,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\quartz.dll
[2010.08.26 03:11:49 | 000,091,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\avifil32.dll
[2010.08.26 03:11:49 | 000,084,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mciavi32.dll
[2010.08.26 03:11:45 | 000,606,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2010.08.26 03:11:44 | 000,381,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2010.08.26 03:11:44 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2010.08.26 03:11:44 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2010.08.26 03:11:43 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2010.08.26 03:11:43 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2010.08.26 03:11:43 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2010.08.26 03:11:43 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2010.08.26 03:11:36 | 000,427,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
[2010.08.26 03:11:34 | 002,326,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2010.08.26 03:01:25 | 000,000,000 | ---D | C] -- C:\Windows\System32\x64
[2010.08.26 03:01:23 | 000,293,888 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2010.08.26 03:01:23 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fontsub.dll
[2010.08.26 03:01:23 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2010.08.26 02:24:07 | 000,000,000 | ---D | C] -- C:\Windows\Panther
[2010.08.26 02:11:54 | 000,000,000 | -H-D | C] -- C:\$WINDOWS.~Q
[2010.08.26 02:04:34 | 000,000,000 | -H-D | C] -- C:\$INPLACE.~TR
[2010.08.26 01:29:27 | 000,000,000 | --SD | C] -- C:\Users\***\AppData\Roaming\Microsoft
[2010.08.26 01:29:27 | 000,000,000 | R--D | C] -- C:\Users\***\Videos
[2010.08.26 01:29:27 | 000,000,000 | R--D | C] -- C:\Users\***\Saved Games
[2010.08.26 01:29:27 | 000,000,000 | R--D | C] -- C:\Users\***\Pictures
[2010.08.26 01:29:27 | 000,000,000 | R--D | C] -- C:\Users\***\Music
[2010.08.26 01:29:27 | 000,000,000 | R--D | C] -- C:\Users\***\Links
[2010.08.26 01:29:27 | 000,000,000 | R--D | C] -- C:\Users\***\Favorites
[2010.08.26 01:29:27 | 000,000,000 | R--D | C] -- C:\Users\***\Downloads
[2010.08.26 01:29:27 | 000,000,000 | R--D | C] -- C:\Users\***\Documents
[2010.08.26 01:29:27 | 000,000,000 | R--D | C] -- C:\Users\***\Desktop
[2010.08.26 01:29:27 | 000,000,000 | -HSD | C] -- C:\Users\***\Vorlagen
[2010.08.26 01:29:27 | 000,000,000 | -HSD | C] -- C:\Users\***\AppData\Local\Verlauf
[2010.08.26 01:29:27 | 000,000,000 | -HSD | C] -- C:\Users\***\AppData\Local\Temporary Internet Files
[2010.08.26 01:29:27 | 000,000,000 | -HSD | C] -- C:\Users\***\Startmenü
[2010.08.26 01:29:27 | 000,000,000 | -HSD | C] -- C:\Users\***\SendTo
[2010.08.26 01:29:27 | 000,000,000 | -HSD | C] -- C:\Users\***\Recent
[2010.08.26 01:29:27 | 000,000,000 | -HSD | C] -- C:\Users\***\Netzwerkumgebung
[2010.08.26 01:29:27 | 000,000,000 | -HSD | C] -- C:\Users\***\Lokale Einstellungen
[2010.08.26 01:29:27 | 000,000,000 | -HSD | C] -- C:\Users\***\Documents\Eigene Videos
[2010.08.26 01:29:27 | 000,000,000 | -HSD | C] -- C:\Users\***\Documents\Eigene Musik
[2010.08.26 01:29:27 | 000,000,000 | -HSD | C] -- C:\Users\***\Eigene Dateien
[2010.08.26 01:29:27 | 000,000,000 | -HSD | C] -- C:\Users\***\Documents\Eigene Bilder
[2010.08.26 01:29:27 | 000,000,000 | -HSD | C] -- C:\Users\***\Druckumgebung
[2010.08.26 01:29:27 | 000,000,000 | -HSD | C] -- C:\Users\***\Cookies
[2010.08.26 01:29:27 | 000,000,000 | -HSD | C] -- C:\Users\***\AppData\Local\Anwendungsdaten
[2010.08.26 01:29:27 | 000,000,000 | -HSD | C] -- C:\Users\***\Anwendungsdaten
[2010.08.26 01:29:27 | 000,000,000 | -H-D | C] -- C:\Users\***\AppData
[2010.08.26 01:29:27 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Temp
[2010.08.26 01:29:27 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Microsoft
[2010.08.26 01:29:27 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Media Center Programs
[2010.08.26 01:28:14 | 000,000,000 | ---D | C] -- C:\Windows\System32\RTCOM
[2010.08.26 01:28:10 | 000,000,000 | ---D | C] -- C:\Programme\Synaptics
[2010.08.26 01:25:29 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch
[2010.08.14 22:04:10 | 000,000,000 | ---D | C] -- C:\c64f907d095ef816e47e4bf2e6fb51
[2005.09.13 00:45:06 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\vsnpstd3.dll
[2004.02.16 20:59:52 | 000,061,440 | ---- | C] ( ) -- C:\Windows\System32\csnpstd3.dll
 
========== Files - Modified Within 30 Days ==========
 
[2010.09.04 12:54:06 | 002,621,440 | -HS- | M] () -- C:\Users\***\NTUSER.DAT
[2010.09.04 12:52:48 | 000,065,536 | ---- | M] () -- C:\Users\***\cert8.db
[2010.09.04 12:52:48 | 000,016,384 | ---- | M] () -- C:\Users\***\key3.db
[2010.09.04 12:52:48 | 000,015,935 | ---- | M] () -- C:\Users\***\prefs.js
[2010.09.04 12:52:48 | 000,013,833 | ---- | M] () -- C:\Users\***\panacea.dat
[2010.09.04 12:52:48 | 000,000,010 | ---- | M] () -- C:\Users\***\virtualFolders.dat
[2010.09.04 12:46:56 | 000,009,504 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010.09.04 12:46:56 | 000,009,504 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010.09.04 12:44:04 | 000,000,474 | ---- | M] () -- C:\Users\***\extensions.cache
[2010.09.04 12:42:01 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010.09.04 12:40:03 | 000,000,374 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts.ics
[2010.09.04 12:39:33 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010.09.04 12:39:25 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010.09.04 12:39:21 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.09.04 12:39:16 | 2408,390,656 | -HS- | M] () -- C:\hiberfil.sys
[2010.09.03 19:21:50 | 002,325,949 | -H-- | M] () -- C:\Users\***\AppData\Local\IconCache.db
[2010.09.03 18:40:12 | 000,000,206 | ---- | M] () -- C:\Users\***\downloads.rdf
[2010.09.03 18:39:46 | 000,010,201 | ---- | M] () -- C:\Users\***\mimeTypes.rdf
[2010.09.03 15:46:25 | 000,000,556 | -H-- | M] () -- C:\Windows\tasks\Norton Security Scan for ***.job
[2010.09.03 09:24:17 | 000,001,088 | ---- | M] () -- C:\Users\Public\Desktop\YouTube Downloader.lnk
[2010.09.03 09:22:30 | 000,000,979 | ---- | M] () -- C:\Users\Public\Desktop\Emsisoft Anti-Malware.lnk
[2010.09.02 00:22:37 | 001,472,002 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010.09.02 00:22:37 | 000,643,866 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2010.09.02 00:22:37 | 000,607,190 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010.09.02 00:22:37 | 000,126,394 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2010.09.02 00:22:37 | 000,103,568 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010.09.01 20:08:54 | 000,001,591 | ---- | M] () -- C:\Users\***\Desktop\DivX Movies.lnk
[2010.09.01 20:08:37 | 000,001,090 | ---- | M] () -- C:\Users\Public\Desktop\DivX Plus Player.lnk
[2010.09.01 20:08:24 | 000,001,130 | ---- | M] () -- C:\Users\Public\Desktop\DivX Plus Converter.lnk
[2010.09.01 16:04:45 | 000,242,184 | ---- | M] () -- C:\Users\***\Desktop\PandaCloudAntivirus__112.exe
[2010.09.01 15:39:28 | 000,171,527 | ---- | M] () -- C:\Users\***\abook.mab
[2010.09.01 15:32:39 | 000,935,012 | ---- | M] () -- C:\Users\***\XPC.mfl
[2010.09.01 14:16:38 | 000,059,392 | R--- | M] () -- C:\Windows\System32\streamhlp.dll
[2010.08.31 23:13:42 | 000,005,120 | ---- | M] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.08.31 11:56:50 | 000,026,219 | ---- | M] () -- C:\Users\***\localstore.rdf
[2010.08.31 11:56:24 | 002,817,277 | ---- | M] () -- C:\Users\***\XUL.mfl
[2010.08.31 11:06:14 | 000,169,696 | ---- | M] () -- C:\Users\***\compreg.dat
[2010.08.31 11:06:13 | 000,098,082 | ---- | M] () -- C:\Users\***\xpti.dat
[2010.08.26 16:32:39 | 000,070,368 | ---- | M] () -- C:\Users\***\Documents\sozialbudget.jpg
[2010.08.26 16:30:48 | 000,061,505 | ---- | M] () -- C:\Users\***\Documents\bundessteuer.jpg
[2010.08.26 14:24:54 | 000,330,824 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010.08.26 10:00:30 | 000,004,215 | ---- | M] () -- C:\Users\***\extensions.rdf
[2010.08.26 09:54:30 | 000,080,112 | ---- | M] () -- C:\Users\***\AppData\Local\GDIPFONTCACHEV1.DAT
[2010.08.26 09:53:37 | 000,000,020 | -HS- | M] () -- C:\Users\***\ntuser.ini
[2010.08.26 02:23:53 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK
[2010.08.26 02:08:57 | 000,057,050 | ---- | M] () -- C:\Windows\System32\license.rtf
[2010.08.26 01:55:42 | 000,021,532 | ---- | M] () -- C:\Windows\System32\emptyregdb.dat
[2010.08.26 01:29:28 | 000,524,288 | -HS- | M] () -- C:\Users\***\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000002.regtrans-ms
[2010.08.26 01:29:28 | 000,524,288 | -HS- | M] () -- C:\Users\***\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000001.regtrans-ms
[2010.08.26 01:29:28 | 000,065,536 | -HS- | M] () -- C:\Users\***\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TM.blf
[2010.08.26 01:28:13 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_SynTP_01000.Wdf
[2010.08.26 01:27:48 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2010.08.26 01:00:33 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010.08.26 01:00:33 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010.08.26 00:23:25 | 000,002,544 | ---- | M] () -- C:\Windows\diagwrn.xml
[2010.08.26 00:23:25 | 000,001,890 | ---- | M] () -- C:\Windows\diagerr.xml
[2010.08.23 15:42:34 | 000,001,975 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
 
========== Files Created - No Company Name ==========
 
[2010.09.03 09:24:17 | 000,001,088 | ---- | C] () -- C:\Users\Public\Desktop\YouTube Downloader.lnk
[2010.09.03 09:22:30 | 000,000,979 | ---- | C] () -- C:\Users\Public\Desktop\Emsisoft Anti-Malware.lnk
[2010.09.01 20:08:37 | 000,001,090 | ---- | C] () -- C:\Users\Public\Desktop\DivX Plus Player.lnk
[2010.09.01 20:08:24 | 000,001,130 | ---- | C] () -- C:\Users\Public\Desktop\DivX Plus Converter.lnk
[2010.09.01 16:04:43 | 000,242,184 | ---- | C] () -- C:\Users\***\Desktop\PandaCloudAntivirus__112.exe
[2010.09.01 14:16:30 | 000,059,392 | R--- | C] () -- C:\Windows\System32\streamhlp.dll
[2010.08.31 16:26:11 | 000,005,120 | ---- | C] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.08.26 16:32:39 | 000,070,368 | ---- | C] () -- C:\Users\***\Documents\sozialbudget.jpg
[2010.08.26 16:30:47 | 000,061,505 | ---- | C] () -- C:\Users\***\Documents\bundessteuer.jpg
[2010.08.26 09:53:46 | 000,140,288 | ---- | C] () -- C:\Windows\System32\igfxtvcx.dll
[2010.08.26 09:53:46 | 000,121,232 | ---- | C] () -- C:\Windows\System32\IScrNB.bmp
[2010.08.26 09:53:37 | 000,000,020 | -HS- | C] () -- C:\Users\***\ntuser.ini
[2010.08.26 02:10:25 | 2408,390,656 | -HS- | C] () -- C:\hiberfil.sys
[2010.08.26 01:55:42 | 000,021,532 | ---- | C] () -- C:\Windows\System32\emptyregdb.dat
[2010.08.26 01:29:27 | 002,621,440 | -HS- | C] () -- C:\Users\***\NTUSER.DAT
[2010.08.26 01:29:27 | 000,524,288 | -HS- | C] () -- C:\Users\***\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000002.regtrans-ms
[2010.08.26 01:29:27 | 000,524,288 | -HS- | C] () -- C:\Users\***\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000001.regtrans-ms
[2010.08.26 01:29:27 | 000,262,144 | -HS- | C] () -- C:\Users\***\ntuser.dat.LOG1
[2010.08.26 01:29:27 | 000,065,536 | -HS- | C] () -- C:\Users\***\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TM.blf
[2010.08.26 01:29:27 | 000,000,000 | -HS- | C] () -- C:\Users\***\ntuser.dat.LOG2
[2010.08.26 01:28:28 | 000,009,504 | -H-- | C] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010.08.26 01:28:28 | 000,009,504 | -H-- | C] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010.08.26 01:28:13 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_SynTP_01000.Wdf
[2010.08.26 01:27:48 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2010.08.25 23:11:18 | 000,002,544 | ---- | C] () -- C:\Windows\diagwrn.xml
[2010.08.25 23:11:18 | 000,001,890 | ---- | C] () -- C:\Windows\diagerr.xml
[2010.02.25 23:50:15 | 000,007,168 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen.sys
[2009.09.15 23:04:39 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2009.07.14 01:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009.06.16 23:40:46 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009.06.15 20:02:57 | 000,000,000 | ---- | C] () -- C:\Users\***\AppData\Roaming\Default.PLS
[2009.06.08 19:06:06 | 000,005,444 | ---- | C] () -- C:\Users\***\AppData\Roaming\wklnhst.dat
[2009.06.06 16:22:36 | 000,554,496 | ---- | C] () -- C:\Windows\System32\dvmsg.dll
[2008.07.21 15:30:17 | 000,009,867 | ---- | C] () -- C:\Windows\System32\drivers\HOTKEY.sys
[2008.01.03 13:11:24 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2006.11.01 08:54:30 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2006.11.01 08:52:38 | 000,765,952 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2006.05.26 15:29:14 | 000,005,120 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2006.04.03 14:26:36 | 000,000,547 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll.manifest
[2005.10.13 17:19:12 | 008,701,824 | ---- | C] () -- C:\Windows\System32\drivers\snpstd3.sys
[2004.02.28 00:36:18 | 000,015,498 | ---- | C] () -- C:\Windows\snpstd3.ini
[2003.05.15 08:39:50 | 000,155,136 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2002.05.15 06:58:38 | 000,122,880 | ---- | C] () -- C:\Windows\System32\v2k2_dec.dll
< End of report >
--- --- ---

cosinus 04.09.2010 16:04
Beende alle Programme, starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Hinweis: Falls Du Deinen Benutzernamen unkenntlich gemacht hast, musst Du das Ausgesternte in Deinen richtigen Benutzernamen wieder verwandeln, sonst funktioniert das Script nicht!!

Code:
:OTL
O4 - HKCU..\Run: [{7DD630D7-9FAE-5DD2-FCAE-8923F7FF69BA}] C:\Users\***\AppData\Roaming\Adqiek\xayvc.exe ()
[2010.08.29 15:49:01 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Adqiek
[2010.08.27 14:31:58 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Anabh
:Commands
[purity]
[resethosts]
[emptytemp]
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

rummenige80 05.09.2010 21:33
Okay, danke habe bisher alles ausgeführt, hier ist der Log File

All processes killed
========== OTL ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\{7DD630D7-9FAE-5DD2-FCAE-8923F7FF69BA} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7DD630D7-9FAE-5DD2-FCAE-8923F7FF69BA}\ not found.
File C:\Users\***\AppData\Roaming\Adqiek\xayvc.exe not found.
C:\Users\Nils\AppData\Roaming\Adqiek folder moved successfully.
C:\Users\Nils\AppData\Roaming\Anabh folder moved successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 144862 bytes

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Nils
->Temp folder emptied: 52082089 bytes
->Temporary Internet Files folder emptied: 47112741 bytes
->Java cache emptied: 94143909 bytes
->FireFox cache emptied: 39618371 bytes
->Google Chrome cache emptied: 16002059 bytes
->Flash cache emptied: 49289 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1036491 bytes
RecycleBin emptied: 22361466 bytes

Total Files Cleaned = 260,00 mb


OTL by OldTimer - Version 3.2.11.0 log created on 09052010_222711

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

cosinus 05.09.2010 21:39
Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Lade dir ComboFix hier herunter auf deinen Desktop. Benenne es beim Runterladen um in cofi.exe.
http://saved.im/mtm0nzyzmzd5/cofi.jpg
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

rummenige80 06.09.2010 14:06
Hallo,
CCLeaner durchgeführt und anschließend die Combofix
Hier die LOGs
Combofix Logfile:
Code:
ComboFix 10-09-04.06 - Nils 06.09.2010  14:40:36.1.2 - x86
Microsoft Windows 7 Ultimate  6.1.7600.0.1252.49.1031.18.3062.2144 [GMT 2:00]
ausgeführt von:: c:\users\Nils\Desktop\cofi.exe
.

((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\Nils\cookies.txt

.
(((((((((((((((((((((((  Dateien erstellt von 2010-08-06 bis 2010-09-06  ))))))))))))))))))))))))))))))
.

2010-09-06 12:24 . 2010-09-06 12:24        --------        d-----w-        c:\program files\CCleaner
2010-09-05 20:27 . 2010-09-05 20:27        --------        d-----w-        C:\_OTL
2010-09-03 07:24 . 2010-09-03 07:24        --------        d-----w-        c:\program files\YouTube Downloader
2010-09-03 07:22 . 2010-09-03 09:05        --------        d-----w-        c:\program files\Emsisoft Anti-Malware
2010-09-01 22:18 . 2010-09-01 22:18        --------        d-----w-        c:\users\Nils\AppData\Roaming\Amazon
2010-09-01 22:18 . 2010-09-01 22:18        --------        d-----w-        c:\program files\Amazon
2010-09-01 18:06 . 2010-09-01 18:06        144696        ----a-w-        c:\programdata\DivX\RunAsUser\RUNASUSERPROCESS.exe
2010-09-01 18:06 . 2010-09-01 18:08        --------        d-----w-        c:\programdata\DivX
2010-09-01 14:08 . 2010-09-01 14:08        --------        d-----w-        c:\users\Nils\AppData\Roaming\Panda Security
2010-09-01 14:07 . 2010-09-01 14:07        --------        d-----w-        c:\users\Nils\AppData\Roaming\SurfSecret Privacy Suite
2010-09-01 14:06 . 2010-09-01 15:11        --------        d-----w-        c:\program files\Panda Security
2010-09-01 14:06 . 2010-09-01 14:06        --------        d-----w-        c:\programdata\Panda Security
2010-09-01 14:05 . 2010-09-01 14:05        --------        d-----w-        c:\program files\Conduit
2010-09-01 14:05 . 2010-06-08 09:29        52224        ----a-w-        c:\users\Nils\AppData\Roaming\Mozilla\Firefox\Profiles\hprz0t1k.default\extensions\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}\components\FFExternalAlert.dll
2010-09-01 14:05 . 2010-06-08 09:29        101376        ----a-w-        c:\users\Nils\AppData\Roaming\Mozilla\Firefox\Profiles\hprz0t1k.default\extensions\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}\components\RadioWMPCore.dll
2010-09-01 14:01 . 2010-09-01 14:01        --------        d-----w-        c:\users\Nils\AppData\Roaming\TrojanHunter
2010-09-01 12:16 . 2010-09-01 14:03        --------        d-----w-        c:\program files\TrojanHunter 5.3
2010-08-26 12:31 . 2010-08-26 12:31        --------        d-----w-        c:\users\Nils\AppData\Local\MakeDisc
2010-08-26 12:31 . 2010-08-26 12:31        --------        d-----w-        c:\users\Nils\AppData\Local\PowerCinema
2010-08-26 12:30 . 2010-08-26 12:30        --------        d-----w-        c:\users\Nils\AppData\Local\Deployment
2010-08-26 12:29 . 2010-08-26 12:30        --------        d-----w-        c:\users\Nils\AppData\Local\Microsoft Games
2010-08-26 08:06 . 2009-09-10 05:52        257024        ----a-w-        c:\windows\system32\msv1_0.dll
2010-08-26 08:06 . 2009-11-25 10:47        99176        ----a-w-        c:\windows\system32\PresentationHostProxy.dll
2010-08-26 08:06 . 2009-11-25 10:47        49472        ----a-w-        c:\windows\system32\netfxperf.dll
2010-08-26 08:06 . 2009-11-25 10:47        297808        ----a-w-        c:\windows\system32\mscoree.dll
2010-08-26 08:06 . 2009-11-25 10:47        295264        ----a-w-        c:\windows\system32\PresentationHost.exe
2010-08-26 08:06 . 2009-11-25 10:47        1130824        ----a-w-        c:\windows\system32\dfshim.dll
2010-08-26 08:02 . 2010-02-11 07:10        293376        ----a-w-        c:\windows\system32\browserchoice.exe
2010-08-26 07:54 . 2010-08-26 07:54        80112        ----a-w-        c:\users\Nils\AppData\Local\GDIPFONTCACHEV1.DAT
2010-08-26 01:12 . 2010-06-14 06:12        1286016        ----a-w-        c:\windows\system32\drivers\tcpip.sys
2010-08-26 01:11 . 2009-10-19 14:10        108544        ----a-w-        c:\windows\system32\t2embed.dll
2010-08-26 01:01 . 2010-08-26 01:01        --------        d-----w-        c:\windows\system32\x64
2010-08-26 01:01 . 2010-05-27 07:24        34304        ----a-w-        c:\windows\system32\atmlib.dll
2010-08-26 01:01 . 2010-05-27 03:49        293888        ----a-w-        c:\windows\system32\atmfd.dll
2010-08-26 01:01 . 2009-10-19 14:10        70656        ----a-w-        c:\windows\system32\fontsub.dll
2010-08-26 00:24 . 2010-08-26 07:53        --------        d-----w-        c:\windows\Panther
2010-08-26 00:21 . 2010-01-09 06:52        132608        ----a-w-        c:\windows\system32\cabview.dll
2010-08-26 00:21 . 2009-12-29 06:55        172032        ----a-w-        c:\windows\system32\wintrust.dll
2010-08-26 00:13 . 2010-09-05 17:27        --------        d-----w-        c:\windows\system32\wbem\Performance
2010-08-26 00:11 . 2010-08-25 23:57        --------        d-----w-        C:\$WINDOWS.~Q
2010-08-26 00:04 . 2010-08-26 00:08        --------        d-----w-        C:\$INPLACE.~TR
2010-08-25 23:55 . 2010-08-25 23:55        21532        ----a-w-        c:\windows\system32\emptyregdb.dat
2010-08-25 23:28 . 2010-08-25 23:28        --------        d-----w-        c:\windows\system32\RTCOM
2010-08-25 23:28 . 2010-08-25 23:28        --------        d-----w-        c:\program files\Synaptics
2010-08-25 22:26 . 2010-08-25 22:26        --------        d-----w-        c:\windows\system32\Spool\prtprocs\w32x86\1
2010-08-14 20:04 . 2010-08-14 20:04        --------        d-----w-        C:\c64f907d095ef816e47e4bf2e6fb51

.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-06 12:38 . 2009-06-05 19:04        14480        ----a-w-        c:\users\Nils\panacea.dat
2010-09-06 12:27 . 2009-08-02 14:08        --------        d-----w-        c:\users\Nils\AppData\Roaming\Media Player Classic
2010-09-06 12:27 . 2009-06-05 19:04        10        ----a-w-        c:\users\Nils\virtualFolders.dat
2010-09-06 08:28 . 2009-06-07 23:35        --------        d-----w-        c:\users\Nils\AppData\Roaming\TeraCopy
2010-09-06 08:23 . 2009-08-30 20:30        --------        d-----w-        c:\programdata\Soulseek
2010-09-05 20:21 . 2009-06-15 19:35        1        ----a-w-        c:\users\Nils\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-09-05 17:27 . 2009-07-14 08:47        643866        ----a-w-        c:\windows\system32\perfh007.dat
2010-09-05 17:27 . 2009-07-14 08:47        126394        ----a-w-        c:\windows\system32\perfc007.dat
2010-09-01 18:09 . 2010-09-01 18:08        57344        ----a-w-        c:\programdata\DivX\RunAsUser\RUNASUSERPROCESS.dll
2010-08-31 09:06 . 2009-06-05 19:06        169696        ----a-w-        c:\users\Nils\compreg.dat
2010-08-31 09:06 . 2009-06-05 19:06        98082        ----a-w-        c:\users\Nils\xpti.dat
2010-08-29 18:28 . 2009-11-24 21:45        --------        d-----w-        c:\program files\phonostar-Player
2010-08-29 18:28 . 2010-01-24 17:46        11756056        ----a-w-        c:\users\Nils\AppData\Roaming\phonostar GmbH\phonostar-Player\update.exe
2010-08-26 12:31 . 2009-06-15 18:03        --------        d-----w-        c:\users\Nils\AppData\Roaming\CyberLink
2010-08-26 12:23 . 2009-07-14 02:37        --------        d-----w-        c:\program files\Windows Mail
2010-08-26 07:53 . 2008-07-21 08:10        --------        d-----w-        c:\program files\Intel
2010-08-26 07:53 . 2010-08-26 07:53        --------        d-sh--we        c:\programdata\Vorlagen
2010-08-26 07:53 . 2010-08-26 07:53        --------        d-sh--we        c:\programdata\Startmenü
2010-08-26 07:53 . 2010-08-26 07:53        --------        d-sh--we        c:\programdata\Favoriten
2010-08-26 07:53 . 2010-08-26 07:53        --------        d-sh--we        c:\programdata\Dokumente
2010-08-26 07:53 . 2010-08-26 07:53        --------        d-sh--we        c:\programdata\Anwendungsdaten
2010-08-26 07:53 . 2010-08-26 07:53        --------        d-sh--we        c:\program files\Gemeinsame Dateien
2010-08-25 23:43 . 2010-05-19 13:43        --------        d-----w-        c:\users\Nils\AppData\Roaming\Leadertech
2010-08-25 23:43 . 2010-01-25 21:33        --------        d-----w-        c:\users\Nils\AppData\Roaming\elsterformular
2010-08-25 23:43 . 2009-10-13 15:48        --------        d-----w-        c:\users\Nils\AppData\Roaming\Lexmark Productivity Studio
2010-08-25 23:43 . 2010-02-25 21:50        --------        d-----w-        c:\users\Nils\AppData\Roaming\Canneverbe Limited
2010-08-25 23:38 . 2008-07-21 14:03        --------        d-----w-        c:\users\Administrator\AppData\Roaming\Nero
2010-08-25 23:38 . 2008-11-03 07:38        --------        d-----w-        c:\users\Administrator\AppData\Roaming\BullGuard
2010-08-25 23:38 . 2008-07-21 08:17        --------        d-----w-        c:\users\Administrator\AppData\Roaming\InstallShield
2010-08-25 23:38 . 2010-05-18 20:22        --------        d-----w-        c:\programdata\TomTom
2010-08-25 23:38 . 2009-06-07 23:50        --------        d-----w-        c:\programdata\WindowsSearch
2010-08-25 23:38 . 2008-11-03 06:38        --------        d-----w-        c:\programdata\WLInstaller
2010-08-25 23:36 . 2010-05-12 16:00        --------        d-----w-        c:\program files\Norton Security Scan
2010-08-25 23:36 . 2009-12-09 22:30        --------        d-----w-        c:\program files\NortonInstaller
2010-08-25 23:36 . 2009-06-19 21:52        --------        d-----w-        c:\program files\Native Instruments
2010-08-25 23:36 . 2009-06-05 15:47        --------        d-----w-        c:\program files\Mozilla Thunderbird
2010-08-25 23:32 . 2008-11-03 10:00        --------        d---a-w-        c:\program files\GoogleEULA
2010-08-25 23:32 . 2008-11-03 09:59        --------        d-----w-        c:\program files\Google
2010-08-25 23:32 . 2010-01-25 21:31        --------        d-----w-        c:\program files\ElsterFormular
2010-08-25 23:32 . 2008-07-21 13:18        --------        d-----w-        c:\program files\Fingerprint Sensor
2010-08-25 23:28 . 2010-08-25 23:28        0        ---ha-w-        c:\windows\system32\drivers\Msft_Kernel_SynTP_01000.Wdf
2010-08-25 23:27 . 2010-08-25 23:27        0        ---ha-w-        c:\windows\system32\drivers\Msft_User_WpdFs_01_09_00.Wdf
2010-08-25 21:47 . 2010-05-30 20:49        --------        d-----w-        c:\users\Nils\AppData\Roaming\AbelCam
2010-08-23 14:55 . 2009-11-24 21:45        1314304        ----a-w-        c:\users\Nils\AppData\Roaming\phonostar GmbH\phonostar-Player\skins\phonostarSkin.dll
2010-07-29 06:30 . 2010-08-26 01:12        197632        ----a-w-        c:\windows\system32\ir32_32.dll
2010-07-29 06:30 . 2010-08-26 01:12        82944        ----a-w-        c:\windows\system32\iccvid.dll
2010-07-17 15:04 . 2009-06-05 19:04        65087        ----a-w-        c:\users\Nils\training.dat
2010-07-10 14:11 . 2010-05-30 13:26        --------        d-----w-        c:\program files\Common Files\Symantec Shared
2010-06-30 06:25 . 2010-08-26 01:11        978432        ----a-w-        c:\windows\system32\wininet.dll
2010-06-22 02:47 . 2010-08-26 01:12        310784        ----a-w-        c:\windows\system32\drivers\srv.sys
2010-06-22 02:47 . 2010-08-26 01:12        307200        ----a-w-        c:\windows\system32\drivers\srv2.sys
2010-06-22 02:47 . 2010-08-26 01:12        113664        ----a-w-        c:\windows\system32\drivers\srvnet.sys
2010-06-19 06:33 . 2010-08-26 01:12        3955080        ----a-w-        c:\windows\system32\ntkrnlpa.exe
2010-06-19 06:33 . 2010-08-26 01:12        3899784        ----a-w-        c:\windows\system32\ntoskrnl.exe
2010-06-19 06:23 . 2010-08-26 01:12        37376        ----a-w-        c:\windows\system32\rtutils.dll
2010-06-19 04:07 . 2010-08-26 01:11        2326016        ----a-w-        c:\windows\system32\win32k.sys
2010-06-16 05:48 . 2010-08-26 01:12        224256        ----a-w-        c:\windows\system32\schannel.dll
2010-06-15 19:36 . 2010-06-15 19:36        1079048        ----a-w-        c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2010-08-30 18:48 . 2010-08-30 18:48        119808        ----a-w-        c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
2009-06-10 21:26 . 2009-07-14 02:04        9633792        --sha-r-        c:\windows\Fonts\StaticCache.dat
2009-07-14 01:14 . 2009-07-13 23:42        396800        --sha-w-        c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe
.

((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2009-07-14 144384]
"PhonostarAgent"="c:\program files\phonostar\ps_agent.exe" [2009-05-13 98304]
"PhonostarTimer"="c:\program files\phonostar\ps_timer.exe" [2009-05-13 126976]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-06-04 39408]
"TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe" [2009-11-13 247144]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-08-31 102400]
"RtHDVCpl"="RtHDVCpl.exe" [2007-12-17 4718592]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"CLMLServer"="c:\program files\HomeCinema\Power2Go\CLMLSvc.exe" [2007-10-17 128296]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-08-30 30192]
"HotkeyApp"="c:\program files\Launch Manager\HotkeyApp.exe" [2007-09-06 188416]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-10-03 178712]
"LanguageShortcut"="c:\program files\HomeCinema\PowerDVD\Language\Language.exe" [2007-01-08 52256]
"LaunchAp"="c:\program files\Launch Manager\LaunchAp.exe" [2007-09-01 32768]
"LMgrOSD"="c:\program files\Launch Manager\OSD.exe" [2006-12-26 180224]
"RemoteControl"="c:\program files\HomeCinema\PowerDVD\PDVDServ.exe" [2007-02-09 71216]
"snpstd3"="c:\windows\vsnpstd3.exe" [2005-09-05 339968]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-06-15 148888]
"toolbar_eula_launcher"="c:\program files\GoogleEULA\EULALauncher.exe" [2007-02-09 16896]
"UpdatePPShortCut"="c:\program files\HomeCinema\PowerProducer\MUITransfer\MUIStartMenu.exe" [2007-09-13 222504]
"Wbutton"="c:\program files\Launch Manager\Wbutton.exe" [2007-09-07 86016]
"Z-5 Speakers"="c:\program files\Logitech\Z-5 Speakers\Z-5 Speakers.exe" [2008-09-22 550160]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-23 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-23 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-23 150552]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-08-20 1164584]

c:\users\Nils\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.1.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-4-16 384000]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-04-17 135664]
R3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2010-08-30 30192]
R3 netr73;RT73 USB-Drahtlos-LAN-Kartentreiber für Vista;c:\windows\system32\DRIVERS\netr73.sys [2009-07-13 545792]
S0 Si3531;SiI-3531 SATA Controller;c:\windows\system32\DRIVERS\Si3531.sys [2007-06-01 210736]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 a2AntiMalware;Emsisoft Anti-Malware 5.0 - Service;c:\program files\Emsisoft Anti-Malware\a2service.exe [2010-07-28 1935656]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2009-05-13 108289]
S2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [2009-11-13 92008]
S3 a2acc;a2acc;c:\program files\EMSISOFT ANTI-MALWARE\a2accx86.sys [2010-06-28 71008]
S3 netr28;Ralink 802.11n-Drahtlostreiber für Windows Vista;c:\windows\system32\DRIVERS\netr28.sys [2009-07-13 530944]
S3 WisLMSvc;WisLMSvc;c:\program files\Launch Manager\WisLMSvc.exe [2007-09-11 118784]

.
Inhalt des "geplante Tasks" Ordners

2010-09-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-17 18:25]

2010-09-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-17 18:25]

2010-09-03 c:\windows\Tasks\Norton Security Scan for Nils.job
- c:\program files\Norton Security Scan\Norton Security Scan\Engine\2.7.3.34\Nss.exe [2010-05-12 16:00]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.de/
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
FF - ProfilePath - c:\users\Nils\AppData\Roaming\Mozilla\Firefox\Profiles\hprz0t1k.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/ig
FF - component: c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\components\SkypeFfComponent.dll
FF - component: c:\users\Nils\AppData\Roaming\Mozilla\Firefox\Profiles\hprz0t1k.default\extensions\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}\components\FFExternalAlert.dll
FF - component: c:\users\Nils\AppData\Roaming\Mozilla\Firefox\Profiles\hprz0t1k.default\extensions\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}\components\RadioWMPCore.dll
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX Richtlinien ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2010-09-06  14:56:19
ComboFix-quarantined-files.txt  2010-09-06 12:56

Vor Suchlauf: 14 Verzeichnis(se), 77.806.534.656 Bytes frei
Nach Suchlauf: 20 Verzeichnis(se), 77.724.327.936 Bytes frei

- - End Of File - - B5ECADED076C13C12CA7E2715689ED11
--- --- ---

cosinus 06.09.2010 15:06
Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus

Anschließend den bootkit_remover herunterladen. Entpacke das Tool in einen eigenen Ordner auf dem Desktop und führe in diesem Ordner die Datei remove.exe aus.

Wenn Du Windows Vista oder Windows 7 verwendest, musst Du die remover.exe über ein Rechtsklick => als Administrator ausführen

Ein schwarzes Fenster wird sich öffnen und automatisch nach bösartigen Veränderungen im MBR suchen.
Poste dann bitte, ob es Veränderungen gibt und wenn ja in welchem device. Am besten alles posten was die remover.exe ausgibt.

rummenige80 06.09.2010 17:33
Hallo,
Gmer kann nicht ausgeführt werden, ich versuche es aber noch einmal
LOG
Problemsignatur:
Problemereignisname: APPCRASH
Anwendungsname: htn97hzk.exe
Anwendungsversion: 1.0.15.15281
Anwendungszeitstempel: 4b2763f0
Fehlermodulname: htn97hzk.exe
Fehlermodulversion: 1.0.15.15281
Fehlermodulzeitstempel: 4b2763f0
Ausnahmecode: c0000005
Ausnahmeoffset: 0000c4b1
Betriebsystemversion: 6.1.7600.2.0.0.256.1
Gebietsschema-ID: 1031
Zusatzinformation 1: 0a9e
Zusatzinformation 2: 0a9e372d3b4ad19135b953a78882e789
Zusatzinformation 3: 0a9e
Zusatzinformation 4: 0a9e372d3b4ad19135b953a78882e789

Lesen Sie unsere Datenschutzbestimmungen online:
hxxp://go.microsoft.com/fwlink/?linkid=104288&clcid=0x0407

Wenn die Onlinedatenschutzbestimmungen nicht verfügbar sind, lesen Sie unsere Datenschutzbestimmungen offline:
C:\Windows\system32\de-DE\erofflps.txt

rummenige80 06.09.2010 18:30
Hallo,
kann remover.exe ausführen, aber nicht die daten übermitteln, da es DOS ebene ist,
Es ist am Ende mit grüner Schrift und sagt was mit
Physical Drive0 okay und wo boot sector ist etc.
Vielen Dank bis hier, hoffe bald alles gelöst zu haben.

Der log file für OSam ist hier:
OSAM Logfile:
Code:
Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 19:21:01 on 06.09.2010

OS: Windows 7 Ultimate Edition (Build 7600), 32-bit
Default Browser: Mozilla Corporation Firefox 3.6.8

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[AppInit DLLs]
-----( HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows )-----
"AppInit_DLLs" - "Google" - C:\PROGRA~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll

[Common]
-----( %SystemRoot%\Tasks )-----
"GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"Norton Security Scan for Nils.job" - "Symantec Corporation" - C:\Program Files\Norton Security Scan\Norton Security Scan\Engine\2.7.3.34\Nss.exe

[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"DivXControlPanelApplet.cpl" - "DivX, Inc." - C:\Windows\system32\DivXControlPanelApplet.cpl
"ImageDrive.cpl" - "Ahead Software AG" - C:\Windows\system32\ImageDrive.cpl
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"QuickTime" - "Apple Computer, Inc." - C:\Program Files\Ringz Studio\Storm Codec\QTSystem\QuickTime.cpl

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"a2acc" (a2acc) - "Emsi Software GmbH" - C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\a2accx86.sys
"avgio" (avgio) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\avgio.sys
"avgntflt" (avgntflt) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avgntflt.sys
"avipbb" (avipbb) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avipbb.sys
"catchme" (catchme) - ? - C:\Users\Nils\AppData\Local\Temp\catchme.sys  (File not found)
"Hotkey" (Hotkey) - ? - C:\Windows\system32\drivers\Hotkey.sys  (File found, but it contains no detailed information)
"ssmdrv" (ssmdrv) - "Avira GmbH" - C:\Windows\System32\DRIVERS\ssmdrv.sys
"StarOpen" (StarOpen) - ? - C:\Windows\system32\drivers\StarOpen.sys  (File found, but it contains no detailed information)

[Explorer]
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
-----( HKLM\Software\Classes\Protocols\Handler )-----
{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
{0A9007C0-4076-11D3-8789-0000F8105754} "Microsoft Infotech Storage Protocol for IE 4.0" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll
{91774881-D725-4E58-B298-07617B9B86A8} "Skype IE add-on Pluggable Protocol" - "Skype Technologies S.A." - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )-----
{AEB6717E-7E19-11d0-97EE-00C04FD91972} "{AEB6717E-7E19-11d0-97EE-00C04FD91972}" - ? -  (File not found | COM-object registry key not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{911051fa-c21c-4246-b470-070cd8df6dc4} ".cab or .zip files" - ? -  (File not found | COM-object registry key not found)
{23170F69-40C1-278A-1000-000100020000} "7-Zip Shell Extension" - "Igor Pavlov" - C:\Program Files\7-Zip\7-zip.dll
{1b24a030-9b20-49bc-97ac-1be4426f9e59} "ActiveDirectory Folder" - ? -  (File not found | COM-object registry key not found)
{34449847-FD14-4fc8-A75A-7432F5181EFB} "ActiveDirectory Folder" - ? -  (File not found | COM-object registry key not found)
{0F8604A5-4ECE-4DE1-BA7D-CF10F8AA4F48} "Contacts folder" - ? -  (File not found | COM-object registry key not found)
{D8D1CE8C-B1EB-4E95-B63B-1531BA60E992} "DivX Property Handler" - "DivX, Inc." - C:\Program Files\DivX\DivX Plus Media Foundation Components\DivXPropertyHandler.dll
{83238FAE-D346-4E12-8734-D42F7554B3E6} "DivX Thumbnail Provider" - "DivX, Inc." - C:\Program Files\DivX\DivX Plus Media Foundation Components\DivXThumbnailProvider.dll
{2C2577C2-63A7-40e3-9B7F-586602617ECB} "Explorer Query Band" - ? -  (File not found | COM-object registry key not found)
{00020d75-0000-0000-c000-000000000046} "lnkfile" - ? -  (File not found | COM-object registry key not found)
{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "OpenOffice.org Column Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{087B3AE3-E237-4467-B8DB-5A38AB959AC9} "OpenOffice.org Infotip Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{63542C48-9552-494A-84F7-73AA6A7C99C1} "OpenOffice.org Property Sheet Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{3B092F0C-7696-40E3-A80F-68D74DA84210} "OpenOffice.org Thumbnail Viewer" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{C8494E42-ACDD-4739-B0FB-217361E4894F} "Sam Account Folder" - ? -  (File not found | COM-object registry key not found)
{E29F9716-5C08-4FCD-955A-119FDB5A522D} "Sam Account Folder" - ? -  (File not found | COM-object registry key not found)
{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\shlext.dll
{A7005AF0-D6E8-48AF-8DFA-023B1CF660A7} "TeraCopy" - ? - C:\Program Files\TeraCopy\TeraCopy.dll  (File found, but it contains no detailed information)
{da67b8ad-e81b-4c70-9b91b417b5e33527} "Windows Search Shell Service" - ? -  (File not found | COM-object registry key not found)

[Internet Explorer]
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
<binary data> "Google Toolbar" - "Google Inc." - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
ITBar7Height "ITBar7Height" - ? -  (File not found | COM-object registry key not found)
<binary data> "ITBar7Layout" - ? -  (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_13" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} "Java Plug-in 1.6.0_13" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_13" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_13.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
{8FFBE65D-2C9C-4669-84BD-5829DC0B603C} "{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}" - ? -  (File not found | COM-object registry key not found) / hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
{5F7B1267-94A9-47F5-98DB-E99415F33AEC} "In Blog veröffentlichen" - "Microsoft Corporation" - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
{898EA8C8-E7FF-479B-8935-AEC46303B9E5} "Skype add-on for Internet Explorer" - "Skype Technologies S.A." - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )-----
<binary data> "Google Toolbar" - "Google Inc." - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
{AA58ED58-01DD-4d91-8333-CF10577473F7} "Google Toolbar Helper" - "Google Inc." - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} "Google Toolbar Notifier BHO" - "Google Inc." - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2ssv.dll
{D2C5E510-BE6D-42CC-9F61-E4F939078474} "Lexmark " - ? - C:\Program Files\Lexmark Printable Web\bho.dll
{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} "Skype add-on for Internet Explorer" - "Skype Technologies S.A." - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

[Logon]
-----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\Users\Nils\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
"OpenOffice.org 3.1.lnk" - ? - C:\Program Files\OpenOffice.org 3\program\quickstart.exe  (Shortcut exists | File found, but it contains no detailed information | File exists)
-----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----
"PhonostarAgent" - ? - C:\Program Files\phonostar\ps_agent.exe
"PhonostarTimer" - ? - C:\Program Files\phonostar\ps_timer.exe
"swg" - "Google Inc." - "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
"TomTomHOME.exe" - "TomTom" - "C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe"
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"Adobe Reader Speed Launcher" - "Adobe Systems Incorporated" - "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"avgnt" - "Avira GmbH" - "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
"CLMLServer" - "CyberLink" - "C:\Program Files\HomeCinema\Power2Go\CLMLSvc.exe"
"DivXUpdate" - ? - "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
"Google Desktop Search" - "Google" - "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
"HotkeyApp" - "Wistron" - "C:\Program Files\Launch Manager\HotkeyApp.exe"
"IAAnotif" - "Intel Corporation" - "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
"LanguageShortcut" - ? - "C:\Program Files\HomeCinema\PowerDVD\Language\Language.exe"
"LaunchAp" - ? - "C:\Program Files\Launch Manager\LaunchAp.exe"
"LMgrOSD" - "Wistron Corp." - "C:\Program Files\Launch Manager\OSD.exe"
"RemoteControl" - "Cyberlink Corp." - "C:\Program Files\HomeCinema\PowerDVD\PDVDServ.exe"
"snpstd3" - ? - C:\Windows\vsnpstd3.exe
"SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Program Files\Java\jre6\bin\jusched.exe"
"toolbar_eula_launcher" - " " - C:\Program Files\GoogleEULA\EULALauncher.exe
"UpdatePPShortCut" - "CyberLink Corp." - "C:\Program Files\HomeCinema\PowerProducer\MUITransfer\MUIStartMenu.exe" "C:\Program Files\HomeCinema\PowerProducer" update "Software\CyberLink\PowerProducer\4.0"
"Wbutton" - "Wistron" - "C:\Program Files\Launch Manager\Wbutton.exe"
"Z-5 Speakers" - "Logitech(c)" - C:\Program Files\Logitech\Z-5 Speakers\Z-5 Speakers.exe

[Print Monitors]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----
"BJ Language Monitor3_3" - "CANON INC." - C:\Windows\system32\CNBLM3_3.DLL

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"Avira AntiVir Guard" (AntiVirService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
"Avira AntiVir Planer" (AntiVirSchedulerService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\sched.exe
"Cyberlink RichVideo Service(CRVS)" (RichVideo) - ? - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
"Emsisoft Anti-Malware 5.0 - Service" (a2AntiMalware) - "Emsi Software GmbH" - C:\Program Files\Emsisoft Anti-Malware\a2service.exe
"Google Desktop Manager 5.9.1005.12335" (GoogleDesktopManager-051210-111108) - "Google" - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
"Google Software Updater" (gusvc) - "Google" - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
"Google Update Service (gupdate)" (gupdate) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"InstallDriver Table Manager" (IDriverT) - "Macrovision Corporation" - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
"Intel(R) Matrix Storage Event Monitor" (IAANTMON) - "Intel Corporation" - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
"NMSAccessU" (NMSAccessU) - ? - C:\Program Files\CDBurnerXP\NMSAccessU.exe  (File found, but it contains no detailed information)
"TomTomHOMEService" (TomTomHOMEService) - "TomTom" - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
"WisLMSvc" (WisLMSvc) - "Wistron Corp." - C:\Program Files\Launch Manager\WisLMSvc.exe

===[ Logfile end ]=========================================[ Logfile end ]===
--- --- ---

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru

cosinus 06.09.2010 19:41
Ich brauch noch einen gegencheck:

Downloade Dir bitte MBRCheck (by a_d_13) und speichere die Datei auf dem Desktop.
  • Doppelklick auf die MBRCheck.exe.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Das Tool braucht nur eine Sekunde.
  • Danach solltest du eine MBRCheck_<Datum>_<Uhrzeit>.txt auf dem Desktop finden.
Poste mir bitte den Inhalt des .txt Dokumentes

rummenige80 06.09.2010 20:56
MBRCheck:
MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows 7 Ultimate Edition
Windows Information: (build 7600), 32-bit
Base Board Manufacturer: MEDION
BIOS Manufacturer: Phoenix Technologies LTD
System Manufacturer: MEDION
System Product Name: WIM2210
Logical Drives Mask: 0x0000001c

Kernel Drivers (total 193):
0x82E40000 \SystemRoot\system32\ntkrnlpa.exe
0x82E09000 \SystemRoot\system32\halmacpi.dll
0x80BA5000 \SystemRoot\system32\kdcom.dll
0x8B03B000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x8B0B3000 \SystemRoot\system32\PSHED.dll
0x8B0C4000 \SystemRoot\system32\BOOTVID.dll
0x8B0CC000 \SystemRoot\system32\CLFS.SYS
0x8B10E000 \SystemRoot\system32\CI.dll
0x8B22B000 \SystemRoot\system32\drivers\Wdf01000.sys
0x8B29C000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x8B2AA000 \SystemRoot\system32\DRIVERS\ACPI.sys
0x8B2F2000 \SystemRoot\system32\DRIVERS\WMILIB.SYS
0x8B2FB000 \SystemRoot\system32\DRIVERS\msisadrv.sys
0x8B303000 \SystemRoot\system32\DRIVERS\pci.sys
0x8B32D000 \SystemRoot\system32\DRIVERS\vdrvroot.sys
0x8B338000 \SystemRoot\System32\drivers\partmgr.sys
0x8B349000 \SystemRoot\system32\DRIVERS\volmgr.sys
0x8B359000 \SystemRoot\System32\drivers\volmgrx.sys
0x8B3A4000 \SystemRoot\system32\DRIVERS\intelide.sys
0x8B3AB000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS
0x8B3B9000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x8B3C1000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x8B3CC000 \SystemRoot\System32\drivers\mountmgr.sys
0x8B42A000 \SystemRoot\system32\DRIVERS\iaStor.sys
0x8B4F2000 \SystemRoot\system32\DRIVERS\atapi.sys
0x8B4FB000 \SystemRoot\system32\DRIVERS\ataport.SYS
0x8B51E000 \SystemRoot\system32\DRIVERS\Si3531.sys
0x8B554000 \SystemRoot\system32\DRIVERS\SCSIPORT.SYS
0x8B57A000 \SystemRoot\system32\DRIVERS\amdxata.sys
0x8B583000 \SystemRoot\system32\drivers\fltmgr.sys
0x8B5B7000 \SystemRoot\system32\drivers\fileinfo.sys
0x8B5C8000 \SystemRoot\system32\DRIVERS\SiWinAcc.sys
0x8B63E000 \SystemRoot\System32\Drivers\Ntfs.sys
0x8B76D000 \SystemRoot\System32\Drivers\msrpc.sys
0x8B798000 \SystemRoot\System32\Drivers\ksecdd.sys
0x8B815000 \SystemRoot\System32\Drivers\cng.sys
0x8B872000 \SystemRoot\System32\drivers\pcw.sys
0x8B880000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x8B889000 \SystemRoot\system32\drivers\ndis.sys
0x8B940000 \SystemRoot\system32\drivers\NETIO.SYS
0x8B97E000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x8BA2D000 \SystemRoot\System32\drivers\tcpip.sys
0x8BB76000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x8BBA7000 \SystemRoot\system32\DRIVERS\vmstorfl.sys
0x8BBB0000 \SystemRoot\system32\DRIVERS\volsnap.sys
0x8BBEF000 \SystemRoot\System32\Drivers\spldr.sys
0x8BA00000 \SystemRoot\System32\drivers\rdyboost.sys
0x8BBF7000 \SystemRoot\system32\DRIVERS\SiRemFil.sys
0x8B9A3000 \SystemRoot\System32\Drivers\mup.sys
0x8B9B3000 \SystemRoot\System32\drivers\hwpolicy.sys
0x8B9BB000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x8B9ED000 \SystemRoot\system32\DRIVERS\disk.sys
0x8B7AB000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
0x8F506000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x8F525000 \SystemRoot\System32\Drivers\Null.SYS
0x8F52C000 \SystemRoot\System32\Drivers\Beep.SYS
0x8F533000 \SystemRoot\System32\drivers\vga.sys
0x8F53F000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x8F560000 \SystemRoot\System32\drivers\watchdog.sys
0x8F56D000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x8F575000 \SystemRoot\system32\drivers\rdpencdd.sys
0x8F57D000 \SystemRoot\system32\drivers\rdprefmp.sys
0x8F585000 \SystemRoot\System32\Drivers\Msfs.SYS
0x8F590000 \SystemRoot\System32\Drivers\Npfs.SYS
0x8F59E000 \SystemRoot\system32\DRIVERS\tdx.sys
0x8F5B5000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x9103A000 \SystemRoot\system32\drivers\afd.sys
0x91094000 \SystemRoot\System32\DRIVERS\netbt.sys
0x910C6000 \SystemRoot\system32\DRIVERS\wfplwf.sys
0x910CD000 \SystemRoot\system32\DRIVERS\pacer.sys
0x910EC000 \SystemRoot\system32\DRIVERS\vwififlt.sys
0x910FD000 \SystemRoot\system32\DRIVERS\netbios.sys
0x9110B000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x9111E000 \SystemRoot\system32\DRIVERS\termdd.sys
0x9112E000 \SystemRoot\system32\DRIVERS\ssmdrv.sys
0x91134000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x91175000 \SystemRoot\system32\drivers\nsiproxy.sys
0x9117F000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x91189000 \SystemRoot\System32\Drivers\Hotkey.SYS
0x9118C000 \SystemRoot\System32\drivers\discache.sys
0x91198000 \SystemRoot\system32\drivers\csc.sys
0x91000000 \SystemRoot\System32\Drivers\dfsc.sys
0x91018000 \SystemRoot\system32\DRIVERS\blbdrive.sys
0x8F5C0000 \SystemRoot\system32\DRIVERS\avipbb.sys
0x91026000 \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys
0x8F5DC000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x91028000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0x8F400000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x91A1D000 \SystemRoot\system32\DRIVERS\igdkmd32.sys
0x91F26000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x8B600000 \SystemRoot\System32\drivers\dxgmms1.sys
0x91FDD000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x9081C000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x90867000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x90876000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x90895000 \SystemRoot\system32\DRIVERS\Rtlh86.sys
0x908AD000 \SystemRoot\system32\DRIVERS\netr28.sys
0x90936000 \SystemRoot\system32\DRIVERS\vwifibus.sys
0x90940000 \SystemRoot\System32\Drivers\fastfat.SYS
0x9096A000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x9096E000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x90986000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x90993000 \SystemRoot\system32\DRIVERS\SynTP.sys
0x909C1000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x909C3000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x909D0000 \SystemRoot\system32\DRIVERS\CompositeBus.sys
0x909DD000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
0x90800000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x909EF000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x8B7D0000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x91FE8000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x91A00000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x8F412000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x8B7F2000 \SystemRoot\system32\DRIVERS\rdpbus.sys
0x909FA000 \SystemRoot\system32\DRIVERS\swenum.sys
0x8B5CB000 \SystemRoot\system32\DRIVERS\ks.sys
0x8B400000 \SystemRoot\system32\DRIVERS\umbus.sys
0x8B1B9000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x8B40E000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x9200B000 \SystemRoot\system32\drivers\RTKVHDA.sys
0x8B000000 \SystemRoot\system32\drivers\portcls.sys
0x8B3E2000 \SystemRoot\system32\drivers\drmk.sys
0x93F40000 \SystemRoot\System32\win32k.sys
0x92000000 \SystemRoot\System32\drivers\Dxapi.sys
0x8F429000 \SystemRoot\System32\Drivers\crashdmp.sys
0x8F436000 \SystemRoot\system32\DRIVERS\monitor.sys
0x81E1A000 \SystemRoot\System32\Drivers\dump_iaStor.sys
0x81EE2000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x81EF3000 \SystemRoot\system32\drivers\RTSTOR.SYS
0x941A0000 \SystemRoot\System32\TSDDD.dll
0x941D0000 \SystemRoot\System32\cdd.dll
0x81F07000 \SystemRoot\system32\drivers\luafv.sys
0x81F22000 \SystemRoot\system32\DRIVERS\avgntflt.sys
0x81F36000 \SystemRoot\system32\drivers\WudfPf.sys
0x81F50000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x81F60000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x81FA6000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x81FB6000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x8F441000 \SystemRoot\system32\drivers\HTTP.sys
0x81FC9000 \SystemRoot\system32\DRIVERS\bowser.sys
0x81FE2000 \SystemRoot\System32\drivers\mpsdrv.sys
0x8F4C6000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x98A06000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x98A41000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x98A74000 \??\C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\a2accx86.sys
0x98A84000 \SystemRoot\system32\drivers\peauth.sys
0x98B1B000 \SystemRoot\System32\Drivers\secdrv.SYS
0x98B25000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x98B46000 \SystemRoot\System32\drivers\tcpipreg.sys
0x98B53000 \SystemRoot\System32\DRIVERS\srv2.sys
0x98BA2000 \SystemRoot\System32\DRIVERS\srv.sys
0x8B200000 \SystemRoot\System32\drivers\ipnat.sys
0xB6E15000 \SystemRoot\system32\drivers\spsys.sys
0xB6E7F000 \SystemRoot\system32\DRIVERS\asyncmac.sys
0x777E0000 \Windows\System32\ntdll.dll
0x477B0000 \Windows\System32\smss.exe
0x77A20000 \Windows\System32\apisetschema.dll
0x001F0000 \Windows\System32\autochk.exe
0x776A0000 \Windows\System32\urlmon.dll
0x77970000 \Windows\System32\advapi32.dll
0x77620000 \Windows\System32\comdlg32.dll
0x77550000 \Windows\System32\user32.dll
0x774A0000 \Windows\System32\rpcrt4.dll
0x77340000 \Windows\System32\ole32.dll
0x77950000 \Windows\System32\imm32.dll
0x77260000 \Windows\System32\kernel32.dll
0x771D0000 \Windows\System32\clbcatq.dll
0x770D0000 \Windows\System32\wininet.dll
0x77920000 \Windows\System32\imagehlp.dll
0x77070000 \Windows\System32\difxapi.dll
0x77050000 \Windows\System32\sechost.dll
0x76FF0000 \Windows\System32\shlwapi.dll
0x76F20000 \Windows\System32\msctf.dll
0x76D20000 \Windows\System32\iertutil.dll
0x76CD0000 \Windows\System32\Wldap32.dll
0x76B30000 \Windows\System32\setupapi.dll
0x76AF0000 \Windows\System32\ws2_32.dll
0x76A50000 \Windows\System32\usp10.dll
0x76A40000 \Windows\System32\lpk.dll
0x769B0000 \Windows\System32\oleaut32.dll
0x75D60000 \Windows\System32\shell32.dll
0x75D50000 \Windows\System32\normaliz.dll
0x75D40000 \Windows\System32\nsi.dll
0x75D30000 \Windows\System32\psapi.dll
0x75CE0000 \Windows\System32\gdi32.dll
0x75C30000 \Windows\System32\msvcrt.dll
0x75C00000 \Windows\System32\wintrust.dll
0x75AE0000 \Windows\System32\crypt32.dll
0x75AB0000 \Windows\System32\cfgmgr32.dll
0x75A90000 \Windows\System32\devobj.dll
0x75A00000 \Windows\System32\comctl32.dll
0x759B0000 \Windows\System32\KernelBase.dll
0x759A0000 \Windows\System32\msasn1.dll

Processes (total 73):
0 System Idle Process
4 System
292 C:\Windows\System32\smss.exe
416 csrss.exe
480 C:\Windows\System32\wininit.exe
488 csrss.exe
536 C:\Windows\System32\services.exe
552 C:\Windows\System32\lsass.exe
560 C:\Windows\System32\lsm.exe
660 C:\Windows\System32\svchost.exe
748 C:\Windows\System32\svchost.exe
820 C:\Windows\System32\svchost.exe
852 C:\Windows\System32\svchost.exe
876 C:\Windows\System32\svchost.exe
948 C:\Windows\System32\winlogon.exe
1068 C:\Windows\System32\audiodg.exe
1128 C:\Windows\System32\svchost.exe
1236 C:\Windows\System32\svchost.exe
1356 C:\Windows\System32\spoolsv.exe
1396 C:\Program Files\Avira\AntiVir Desktop\sched.exe
1416 C:\Windows\System32\svchost.exe
1540 C:\Program Files\Emsisoft Anti-Malware\a2service.exe
1652 C:\Program Files\Avira\AntiVir Desktop\avguard.exe
1756 C:\Windows\System32\svchost.exe
1864 C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
1900 C:\Program Files\CDBurnerXP\NMSAccessU.exe
2000 C:\Windows\System32\taskhost.exe
2044 C:\Windows\System32\taskeng.exe
112 C:\Program Files\CyberLink\Shared Files\RichVideo.exe
1460 C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
1280 C:\Windows\System32\dwm.exe
2180 C:\Windows\System32\taskeng.exe
2432 C:\Windows\explorer.exe
2552 C:\Program Files\Synaptics\SynTP\SynTPStart.exe
2588 C:\Windows\RtHDVCpl.exe
2596 C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe
2632 C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
2684 C:\Program Files\HomeCinema\Power2Go\CLMLSvc.exe
2692 C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
2720 C:\Program Files\Launch Manager\HotkeyApp.exe
2728 C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
2776 C:\Program Files\Launch Manager\LaunchAp.exe
2788 C:\Program Files\Launch Manager\OSD.exe
2796 C:\Program Files\HomeCinema\PowerDVD\PDVDServ.exe
2876 C:\Program Files\Java\jre6\bin\jusched.exe
2948 C:\Program Files\Launch Manager\WButton.exe
2960 C:\Program Files\Logitech\Z-5 Speakers\Z-5 Speakers.exe
2972 C:\Windows\System32\igfxtray.exe
3000 C:\Windows\System32\hkcmd.exe
3028 C:\Windows\System32\igfxpers.exe
3040 C:\Windows\System32\igfxsrvc.exe
3068 C:\Program Files\DivX\DivX Update\DivXUpdate.exe
3104 C:\Program Files\Windows Sidebar\sidebar.exe
3152 C:\Program Files\phonostar\ps_agent.exe
3224 C:\Program Files\phonostar\ps_timer.exe
3260 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
3272 C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe
3360 C:\Program Files\OpenOffice.org 3\program\soffice.exe
3400 C:\Program Files\OpenOffice.org 3\program\soffice.bin
3428 C:\Windows\System32\SearchIndexer.exe
3160 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
3572 C:\Windows\System32\alg.exe
1844 C:\Program Files\Launch Manager\WisLMSvc.exe
1940 C:\Windows\System32\svchost.exe
2820 WmiPrvSE.exe
612 C:\Program Files\Mozilla Thunderbird\thunderbird.exe
4548 C:\Windows\System32\sppsvc.exe
4576 C:\Windows\System32\svchost.exe
5196 WmiPrvSE.exe
5380 dllhost.exe
5416 dllhost.exe
5456 C:\Users\Nils\Desktop\MBRCheck.exe
5464 C:\Windows\System32\conhost.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000030`63866400 (FAT32)

PhysicalDrive0 Model Number: WDCWD2500BEVS-00UST0, Rev: 01.01A01

Size Device Name MBR Status
--------------------------------------------
232 GB \\.\PhysicalDrive0 Windows 7 MBR code detected
SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79


Done!

cosinus 06.09.2010 21:03
Code:
232 GB \\.\PhysicalDrive0 Windows 7 MBR code detected
SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79
Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SASW und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!

rummenige80 06.09.2010 21:32
Hallo,
Malwarebyte war erfolgreich:
Kann ich noch wissen, welcher der vielen Dateien nun auf meinem Desktop, buw. Rechner bleiben sollen, oder welche Antimalware bzw. Antivirus Programme den Schutz erhöhen.
Vielen Dank
Werde nun noch den nächsten Scan durchführen.

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 4557

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

06.09.2010 22:30:15
mbam-log-2010-09-06 (22-30-15).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 143086
Laufzeit: 11 Minute(n), 3 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)

cosinus 06.09.2010 21:41
Zitat:
Art des Suchlaufs: Quick-Scan
Bitte einen Vollscan machen :schmoll:

rummenige80 07.09.2010 05:54
Hallo
Vollscan mit AntiSpyware erfolgreich:
Hier der LOG:
SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com

Generated 09/07/2010 at 00:49 AM

Application Version : 4.42.1000

Core Rules Database Version : 5460
Trace Rules Database Version: 3272

Scan type : Complete Scan
Total Scan Time : 02:02:09

Memory items scanned : 807
Memory threats detected : 0
Registry items scanned : 9542
Registry threats detected : 0
File items scanned : 116050
File threats detected : 0

Muss nun Malbytes Vollscan im Laufe des Tages nachholen.

rummenige80 08.09.2010 13:40
Hallo Vollscan mit Malwarebyte:
Welche Dateien kann ich denn jetzt löschen, bzw welche soll ich immer als Schutz laufen lassen?
Vielen Dank
Log:
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 4564

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

08.09.2010 11:31:34
mbam-log-2010-09-08 (11-31-34).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|F:\|)
Durchsuchte Objekte: 307515
Laufzeit: 11 Stunde(n), 41 Minute(n), 28 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)

cosinus 08.09.2010 14:02
Sieht ok aus.
Noch Probleme oder weitere Funde in der Zwischenzeit?

rummenige80 08.09.2010 14:35
Nein, vielen Dank, keine weiteren Probleme
Gruß

cosinus 08.09.2010 14:59
Wir sind dann durch! :)

Bitte abschließend die Updates prüfen, unten mein Leitfaden dazu.
Für noch mehr Sicherheit solltest Du nach der beseitigten Infektion auch möglichst alle Passwörter ändern.


Microsoftupdate

Windows XP: Besuch mit dem IE die MS-Updateseite und lass Dir alle wichtigen Updates installieren.

Windows Vista/7: Anleitung Windows-Update



PDF-Reader aktualisieren
Dein Adobe Reader ist nicht aktuell, was ein großes Sicherheitsrisiko darstellt. Du solltest daher besser die alte Version über Systemsteuerung => Software deinstallieren, indem Du dort auf "Adobe Reader x.0" klickst und das Programm entfernst.

Ich empfehle einen alternativen PDF-Reader wie SumatraPDF oder Foxit PDF Reader, beide sind sehr viel schlanker und flotter als der AdobeReader.

Bitte überprüf bei der Gelegenheit auch die Aktualität des Flashplayers, hier der direkte Downloadlink => http://filepony.de/?q=Flash+Player


Java-Update
Veraltete Java-Installationen sind ein Sicherheitsrisiko, daher solltest Du die alten Versionen löschen (falls vorhanden, am besten mit JavaRa) und auf die neuste aktualisieren. Beende dazu alle Programme (v.a. die Browser), klick danach auf Start, Systemsteuerung, Software und deinstalliere darüber alle aufgelisteten Java-Versionen. Lad Dir danach von hier das aktuelle Java SE Runtime Environment (JRE) herunter und installiere es.


Alle Zeitangaben in WEZ +1. Es ist jetzt 16:20 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131