Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   nach Virus Desktop schwarz (https://www.trojaner-board.de/90659-virus-desktop-schwarz.html)

Franzi5385 11.09.2010 18:38
nach Virus Desktop schwarz
 
Hey zusammen,

ich habe heute ahnungslos meinen Computer gestartet und war kurz auf der MSN Homepage als mir Antivir einen Haufen Trojanerwarnungen angab. Ich habe sie alle gelöscht und wollte einen Scan machen, aber der Virus hat wohl mein Antivir ausgesetzt, denn nichts geht mehr. Zudem funzte mein Internet nicht mehr. Ich habe also neugestartet. Er hat auch geladen und ich hatte auch den blauen Startbildschirm auf dem steht, dass er lädt und Willkommen bei Windows 7 blabla aber nach dem Laden wird der Bildschirm einfach schwarz. Ich kann nur meine Maus sehen und den Task-Manager öffnen. Also hab ich mir den ccleaner und malwarebytes auf einen Stick gezogen und über den Task-Manager gestartet. Bei beiden Systemscans hat er ne Menge Sachen gefunden, die ich alle gelöscht habe. Nur ist mein Bildschirm immer noch schwarz....grrrrrrr....
Hat jemand eine Idee. Es gibt eine Menge ähnlicher Fälle in verschiedenen Foren, aber alle doch irgendwie anders als meiner.
Wäre super froh über einfache Hilfe, hab zwar ein bisschen Ahnung, bin aber trotzdem nur ein ahnungsloses Mädchen :)

markusg 11.09.2010 18:40
öffne mal malwarebytes, logdateien und poste das scan log.
wie sieht es aus, kommst du in den abgesicherten modus? ist bei den meisten pcs die f8-taste drücken bei pc start, wenn ja, nutze dort combofix und poste das log.
bitte erstelle und poste ein combofix log.
Ein Leitfaden und Tutorium zur Nutzung von ComboFix

Franzi5385 11.09.2010 18:47
ok hier ist die log datei vom ersten scan mit malewarebytes:
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 4052

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

11.09.2010 18:01:59
mbam-log-2010-09-11 (18-01-59).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 301158
Laufzeit: 6 Stunde(n), 30 Minute(n), 14 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 3
Infizierte Registrierungswerte: 2
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 2

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_CURRENT_USER\SOFTWARE\BMIMZMHMFM (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Handle (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\ROUA3O12PW (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\microsoft driver setup (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\microsoft driver setup (Worm.Palevo) -> Quarantined and deleted successfully.

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
C:\Windows\cfdrive32.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Windows\Tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job (Trojan.Downloader) -> Quarantined and deleted successfully.




combofix kommt gleich nach. Danke für deine schnelle Antwort :daumenhoc

markusg 11.09.2010 18:53
kein problem :-)

Franzi5385 11.09.2010 19:13
mhhh also combofix scheint nicht richtig zu funktionieren. Er startet den scan und nach ein paar Minuten sagt er, dass er Rootaktivitäten entdeckt hat und neustarten muss. Das ganze Spiel hatten wir jetzt dreimal....
hab mal über hijackthis ein logfile gemacht, vll bringt das was:

HiJackthis Logfile:
Code:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:40:49, on 11.09.2010
Platform: Unknown Windows (WinNT 6.01.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
c:\Program Files\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
C:\Windows\system32\taskmgr.exe
C:\Windows\System32\rundll32.exe
F:\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_ch&c=93&bd=Pavilion&pf=cndt
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2431245
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_ch&c=93&bd=Pavilion&pf=cndt
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_ch&c=93&bd=Pavilion&pf=cndt
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:6092
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: softonic-de3 Toolbar - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files\softonic-de3\tbsoft.dll
F2 - REG:system.ini: UserInit=C:\Windows\system32\userinit.exe
O1 - Hosts: ::1 localhost
O1 - Hosts: 122.224.6.164 cao.iwillhavebigdick.com
O1 - Hosts: 173.192.153.178 www.888.com
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: (no name) - {60FB86A3-32C0-4A66-B5E0-45CA6EFF6137} - c:\windows\system32\dlo5ace.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: softonic-de3 Toolbar - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files\softonic-de3\tbsoft.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: softonic-de3 Toolbar - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files\softonic-de3\tbsoft.dll
O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [HP Remote Software] C:\Program Files\Hewlett-Packard\HP Remote\HP REMOTE V1.0.5.exe
O4 - HKLM\..\Run: [HP Software Update] c:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\program files\hewlett-packard\HP odometer\hpsysdrv.exe
O4 - HKLM\..\Run: [SmartMenu] %ProgramFiles%\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\RunOnce: [WinSat] winsat dwm -xml results.xml
O4 - HKCU\..\Run: [Google Update] "C:\Users\Franzi\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [HPADVISOR] c:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKLM\..\Policies\Explorer\Run: [a5x3tq] C:\Users\Franzi\AppData\Local\Temp\202fbh.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETZWERKDIENST')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: NETGEAR WG111v3 Smart Wizard.lnk = C:\Program Files\NETGEAR\WG111v3\WG111v3.exe
O8 - Extra context menu item: An vorhandene PDF-Datei anfügen - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: In Adobe PDF konvertieren - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Linkziel in Adobe PDF konvertieren - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: HP Smart Web Printing ein- oder ausblenden - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O13 - Gopher Prefix:
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Dienst "Bonjour" (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: ExtraFilm upload service (EFUploadSrv) - Textalk AB - C:\Program Files\ExtraFilm Designer CH DE\EFUploadSrv.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\HP Game Console\GameConsoleService.exe
O23 - Service: Gizmo Central - Arainia Solutions - C:\Program Files\Gizmo\gservice.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe

--
End of file - 9064 bytes
--- --- ---



grüsse,
franzi

markusg 11.09.2010 19:15
ok versuche
Lade
http://filepony.de/download-defogger/
herunter und speichere es auf Deinem Desktop.

Doppelklicke DeFogger, um das Tool zu starten.

• Es öffnet sich das Programm-Fenster des Tools.
• Klick auf den Button Disable, um die CD- Emulation-Treiber zu deaktivieren.
• Klicke Ja, um fortzufahren.
• Wenn die Nachricht 'Finished!' erscheint,
• klicke OK.
• DeFogger wird nun einen Reboot erfragen - klicke OK
• Poste mir das defogger_disable.log hier in den Thread. Keinesfalls die Treiber reaktivieren, bevor es angewiesen wird.

und danach combofix

Franzi5385 11.09.2010 19:26
defogger funktioniert bis "Finished", er fragt aber nicht nach einem Reboot...:headbang:

markusg 11.09.2010 19:34
dann führe ihn mal per hand aus. hast du combofix auch im abgesicherten modus ausgeführt?

Franzi5385 11.09.2010 19:37
öhh nein... aber ich komme nicht wirklich rein. Vorhin hats geklappt, aber jetzt grad nicht. Ich versuchs weiter...
Du meinst also, dass ich defogger starten soll und nach finish mache ich einen normalen Neustart, gehe aber in den abgesicherten modus? oder muss defogger auch im abgesicherten modus gestartet werden?

markusg 11.09.2010 19:38
nein, nach defogger in den abgesicherten modus starten bitte.

Franzi5385 11.09.2010 19:48
keine chance, ich komme nicht in den verdammten abgesicherten modus... ich schmeisse´das ding gleich aus dem fenster...

markusg 11.09.2010 19:50
ok versuchen wir was anderes.
1. öffne malwarebytes, registerkarte aktualisierung, programm updaten, mache dann nen komplett scan, funde löschen, log posten.
2.
ootl:
Systemscan mit OTL
download otl:
http://filepony.de/download-otl/

Doppelklick auf die OTL.exe
(user von Windows 7 und Vista: Rechtsklick als Administrator ausführen)
1. Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
2. Hake an "scan all users"
3. Unter "Extra Registry wähle:
"Use Safelist" "LOP Check" "Purity Check"
4. Kopiere in die Textbox:
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
5. Klicke "Scan"
6. 2 reporte werden erstellt:
OTL.Txt
Extras.Txt
beide logs posten

Franzi5385 11.09.2010 19:54
ok bin im abgesicherten modus. allerdings war dazu ein kaltstart nötig und ich weiss nicht ob der defogger dann aktiv ist?! ich lass jetzt grad combofix durchlaufen. mal schauen was passiert...

Franzi5385 11.09.2010 19:56
gut hat wieder neugestartet... probiere jetzt die andere Variante...

Franzi5385 11.09.2010 20:48
Hier schonmal die logs von OTL:
OTL Logfile:
Code:
OTL logfile created on: 11.09.2010 21:24:25 - Run 1
OTL by OldTimer - Version 3.2.12.0    Folder = F:\
 Ultimate Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 58,00% Memory free
7,00 Gb Paging File | 5,00 Gb Available in Paging File | 78,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 451,64 Gb Total Space | 242,56 Gb Free Space | 53,71% Space Free | Partition Type: NTFS
Drive D: | 14,12 Gb Total Space | 1,96 Gb Free Space | 13,91% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
Drive F: | 7,45 Gb Total Space | 2,86 Gb Free Space | 38,44% Space Free | Partition Type: FAT32
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive K: | 7,46 Gb Total Space | 6,77 Gb Free Space | 90,73% Space Free | Partition Type: FAT32
 
Computer Name: FRANZI-PC
Current User Name: Franzi
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Processes (SafeList) ==========
 
PRC - F:\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Microsoft Office\Office12\WINWORD.EXE (Microsoft Corporation)
PRC - C:\Programme\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
PRC - C:\Programme\Gizmo\gservice.exe (Arainia Solutions)
PRC - C:\Programme\Common Files\logishrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
PRC - c:\Programme\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe (CyberLink)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Programme\ExtraFilm Designer CH DE\EFUploadSrv.exe (Textalk AB)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
 
 
========== Modules (SafeList) ==========
 
MOD - F:\OTL.exe (OldTimer Tools)
MOD - C:\Windows\System32\dlo5ACE.dll (aglrqmtrat Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.4053_none_d1c738ec43578ea1\ATL80.dll (Microsoft Corporation)
MOD - C:\Windows\System32\rsaenh.dll (Microsoft Corporation)
MOD - C:\Windows\System32\winnsi.dll (Microsoft Corporation)
MOD - C:\Windows\System32\WindowsCodecs.dll (Microsoft Corporation)
MOD - C:\Windows\System32\sspicli.dll (Microsoft Corporation)
MOD - C:\Windows\System32\srvcli.dll (Microsoft Corporation)
MOD - C:\Windows\System32\slc.dll (Microsoft Corporation)
MOD - C:\Windows\System32\sechost.dll (Microsoft Corporation)
MOD - C:\Windows\System32\samcli.dll (Microsoft Corporation)
MOD - C:\Windows\System32\RpcRtRemote.dll (Microsoft Corporation)
MOD - C:\Windows\System32\profapi.dll (Microsoft Corporation)
MOD - C:\Windows\System32\netutils.dll (Microsoft Corporation)
MOD - C:\Windows\System32\ncrypt.dll (Microsoft Corporation)
MOD - C:\Windows\System32\mssign32.dll (Microsoft Corporation)
MOD - C:\Windows\System32\KernelBase.dll (Microsoft Corporation)
MOD - C:\Windows\System32\IPHLPAPI.DLL (Microsoft Corporation)
MOD - C:\Windows\System32\EhStorShell.dll (Microsoft Corporation)
MOD - C:\Windows\System32\dwmapi.dll (Microsoft Corporation)
MOD - C:\Windows\System32\devobj.dll (Microsoft Corporation)
MOD - C:\Windows\System32\cryptsp.dll (Microsoft Corporation)
MOD - C:\Windows\System32\cryptbase.dll (Microsoft Corporation)
MOD - C:\Windows\System32\cscapi.dll (Microsoft Corporation)
MOD - C:\Windows\System32\cfgmgr32.dll (Microsoft Corporation)
MOD - C:\Windows\System32\bcrypt.dll (Microsoft Corporation)
MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll (Microsoft Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4927_none_d08a205e442db5b5\msvcr80.dll (Microsoft Corporation)
MOD - C:\Programme\Microsoft Office\Office12\GrooveUtil.dll (Microsoft Corporation)
MOD - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
MOD - C:\Programme\Microsoft Office\Office12\GrooveNew.dll (Microsoft Corporation)
MOD - C:\Programme\Microsoft CAPICOM 2.1.0.2\Lib\X86\capicom.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (wlviqgbn) -- C:\Windows\System32\dlo5ACE.dll (aglrqmtrat Corporation)
SRV - (Akamai) -- c:\Programme\Common Files\Akamai\rswin_3746.dll ()
SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (WatAdminSvc) -- C:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (Gizmo Central) -- C:\Programme\Gizmo\gservice.exe (Arainia Solutions)
SRV - (LVPrcSrv) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (WwanSvc) -- C:\Windows\System32\wwansvc.dll (Microsoft Corporation)
SRV - (WbioSrvc) -- C:\Windows\System32\wbiosrvc.dll (Microsoft Corporation)
SRV - (Power) -- C:\Windows\System32\umpo.dll (Microsoft Corporation)
SRV - (Themes) -- C:\Windows\System32\themeservice.dll (Microsoft Corporation)
SRV - (sppuinotify) -- C:\Windows\System32\sppuinotify.dll (Microsoft Corporation)
SRV - (RpcEptMapper) -- C:\Windows\System32\RpcEpMap.dll (Microsoft Corporation)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)
SRV - (PNRPsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation)
SRV - (p2pimsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation)
SRV - (HomeGroupProvider) -- C:\Windows\System32\provsvc.dll (Microsoft Corporation)
SRV - (PNRPAutoReg) -- C:\Windows\System32\pnrpauto.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (HomeGroupListener) -- C:\Windows\System32\ListSvc.dll (Microsoft Corporation)
SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation)
SRV - (Dhcp) -- C:\Windows\System32\dhcpcore.dll (Microsoft Corporation)
SRV - (defragsvc) -- C:\Windows\System32\defragsvc.dll (Microsoft Corporation)
SRV - (BDESVC) -- C:\Windows\System32\bdesvc.dll (Microsoft Corporation)
SRV - (AxInstSV) ActiveX-Installer (AxInstSV) -- C:\Windows\System32\AxInstSv.dll (Microsoft Corporation)
SRV - (AppIDSvc) -- C:\Windows\System32\appidsvc.dll (Microsoft Corporation)
SRV - (sppsvc) -- C:\Windows\System32\sppsvc.exe (Microsoft Corporation)
SRV - (EFUploadSrv) -- C:\Program Files\ExtraFilm Designer CH DE\EFUploadSrv.exe (Textalk AB)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (ezSharedSvc) -- C:\Windows\System32\ezsvc7.dll (EasyBits Sofware AS)
SRV - (GameConsoleService) -- C:\Program Files\HP Games\HP Game Console\GameConsoleService.exe (WildTangent, Inc.)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (catchme) -- C:\Users\Franzi\AppData\Local\Temp\catchme.sys File not found
DRV - (MBAMSwissArmy) -- C:\Windows\System32\drivers\mbamswissarmy.sys (Malwarebytes Corporation)
DRV - (GizmoDrv) -- C:\Windows\System32\drivers\gizmodrv.sys (Arainia Solutions LLC)
DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys (Duplex Secure Ltd.)
DRV - (vpcnfltr) -- C:\Windows\System32\drivers\vpcnfltr.sys (Microsoft Corporation)
DRV - (vpcvmm) -- C:\Windows\System32\drivers\vpcvmm.sys (Microsoft Corporation)
DRV - (vpcbus) -- C:\Windows\System32\drivers\vpchbus.sys (Microsoft Corporation)
DRV - (vpcusb) -- C:\Windows\System32\drivers\vpcusb.sys (Microsoft Corporation)
DRV - (KSecPkg) -- C:\Windows\System32\Drivers\ksecpkg.sys (Microsoft Corporation)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (LVPr2Mon) -- C:\Windows\System32\drivers\LVPr2Mon.sys ()
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.)
DRV - (igfx) -- C:\Windows\System32\drivers\igdkmd32.sys (Intel Corporation)
DRV - (cmdide) -- C:\Windows\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.)
DRV - (adpahci) -- C:\Windows\system32\DRIVERS\adpahci.sys (Adaptec, Inc.)
DRV - (adp94xx) -- C:\Windows\system32\DRIVERS\adp94xx.sys (Adaptec, Inc.)
DRV - (amdsbs) -- C:\Windows\system32\DRIVERS\amdsbs.sys (AMD Technologies Inc.)
DRV - (adpu320) -- C:\Windows\system32\DRIVERS\adpu320.sys (Adaptec, Inc.)
DRV - (arcsas) -- C:\Windows\system32\DRIVERS\arcsas.sys (Adaptec, Inc.)
DRV - (amdsata) -- C:\Windows\system32\DRIVERS\amdsata.sys (Advanced Micro Devices)
DRV - (arc) -- C:\Windows\system32\DRIVERS\arc.sys (Adaptec, Inc.)
DRV - (amdxata) -- C:\Windows\system32\DRIVERS\amdxata.sys (Advanced Micro Devices)
DRV - (aliide) -- C:\Windows\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)
DRV - (nvstor) -- C:\Windows\system32\DRIVERS\nvstor.sys (NVIDIA Corporation)
DRV - (nvraid) -- C:\Windows\system32\DRIVERS\nvraid.sys (NVIDIA Corporation)
DRV - (nfrd960) -- C:\Windows\system32\DRIVERS\nfrd960.sys (IBM Corporation)
DRV - (LSI_SAS) -- C:\Windows\system32\DRIVERS\lsi_sas.sys (LSI Corporation)
DRV - (iaStorV) -- C:\Windows\system32\DRIVERS\iaStorV.sys (Intel Corporation)
DRV - (MegaSR) -- C:\Windows\system32\DRIVERS\MegaSR.sys (LSI Corporation, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\DRIVERS\lsi_scsi.sys (LSI Corporation)
DRV - (LSI_FC) -- C:\Windows\system32\DRIVERS\lsi_fc.sys (LSI Corporation)
DRV - (LSI_SAS2) -- C:\Windows\system32\DRIVERS\lsi_sas2.sys (LSI Corporation)
DRV - (iirsp) -- C:\Windows\system32\DRIVERS\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (megasas) -- C:\Windows\system32\DRIVERS\megasas.sys (LSI Corporation)
DRV - (hwpolicy) -- C:\Windows\System32\drivers\hwpolicy.sys (Microsoft Corporation)
DRV - (elxstor) -- C:\Windows\system32\DRIVERS\elxstor.sys (Emulex)
DRV - (aic78xx) -- C:\Windows\system32\DRIVERS\djsvs.sys (Adaptec, Inc.)
DRV - (HpSAMD) -- C:\Windows\system32\DRIVERS\HpSAMD.sys (Hewlett-Packard Company)
DRV - (FsDepends) -- C:\Windows\System32\drivers\fsdepends.sys (Microsoft Corporation)
DRV - (vsmraid) -- C:\Windows\system32\DRIVERS\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (vmbus) -- C:\Windows\system32\DRIVERS\vmbus.sys (Microsoft Corporation)
DRV - (vhdmp) -- C:\Windows\system32\DRIVERS\vhdmp.sys (Microsoft Corporation)
DRV - (storflt) -- C:\Windows\system32\DRIVERS\vmstorfl.sys (Microsoft Corporation)
DRV - (vdrvroot) -- C:\Windows\system32\DRIVERS\vdrvroot.sys (Microsoft Corporation)
DRV - (storvsc) -- C:\Windows\system32\DRIVERS\storvsc.sys (Microsoft Corporation)
DRV - (WIMMount) -- C:\Windows\System32\drivers\wimmount.sys (Microsoft Corporation)
DRV - (viaide) -- C:\Windows\system32\DRIVERS\viaide.sys (VIA Technologies, Inc.)
DRV - (ql2300) -- C:\Windows\system32\DRIVERS\ql2300.sys (QLogic Corporation)
DRV - (rdyboost) -- C:\Windows\System32\drivers\rdyboost.sys (Microsoft Corporation)
DRV - (ql40xx) -- C:\Windows\system32\DRIVERS\ql40xx.sys (QLogic Corporation)
DRV - (SiSRaid4) -- C:\Windows\system32\DRIVERS\sisraid4.sys (Silicon Integrated Systems)
DRV - (pcw) -- C:\Windows\System32\drivers\pcw.sys (Microsoft Corporation)
DRV - (SiSRaid2) -- C:\Windows\system32\DRIVERS\SiSRaid2.sys (Silicon Integrated Systems Corp.)
DRV - (stexstor) -- C:\Windows\system32\DRIVERS\stexstor.sys (Promise Technology)
DRV - (CNG) -- C:\Windows\System32\Drivers\cng.sys (Microsoft Corporation)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\System32\Drivers\Brserid.sys (Brother Industries Ltd.)
DRV - (rdpbus) -- C:\Windows\System32\drivers\rdpbus.sys (Microsoft Corporation)
DRV - (RDPREFMP) -- C:\Windows\System32\drivers\RDPREFMP.sys (Microsoft Corporation)
DRV - (RasAgileVpn) WAN Miniport (IKEv2) -- C:\Windows\System32\drivers\agilevpn.sys (Microsoft Corporation)
DRV - (WfpLwf) -- C:\Windows\System32\drivers\wfplwf.sys (Microsoft Corporation)
DRV - (NdisCap) -- C:\Windows\System32\drivers\ndiscap.sys (Microsoft Corporation)
DRV - (vwifibus) -- C:\Windows\System32\drivers\vwifibus.sys (Microsoft Corporation)
DRV - (1394ohci) -- C:\Windows\system32\DRIVERS\1394ohci.sys (Microsoft Corporation)
DRV - (UmPass) -- C:\Windows\system32\DRIVERS\umpass.sys (Microsoft Corporation)
DRV - (usbaudio) USB-Audiotreiber (WDM) -- C:\Windows\System32\drivers\USBAUDIO.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (mshidkmdf) -- C:\Windows\System32\drivers\mshidkmdf.sys (Microsoft Corporation)
DRV - (MTConfig) -- C:\Windows\system32\DRIVERS\MTConfig.sys (Microsoft Corporation)
DRV - (CompositeBus) -- C:\Windows\System32\drivers\CompositeBus.sys (Microsoft Corporation)
DRV - (AppID) -- C:\Windows\system32\drivers\appid.sys (Microsoft Corporation)
DRV - (scfilter) -- C:\Windows\System32\drivers\scfilter.sys (Microsoft Corporation)
DRV - (s3cap) -- C:\Windows\system32\DRIVERS\vms3cap.sys (Microsoft Corporation)
DRV - (VMBusHID) -- C:\Windows\system32\DRIVERS\VMBusHID.sys (Microsoft Corporation)
DRV - (discache) -- C:\Windows\System32\drivers\discache.sys (Microsoft Corporation)
DRV - (HidBatt) -- C:\Windows\system32\DRIVERS\HidBatt.sys (Microsoft Corporation)
DRV - (AcpiPmi) -- C:\Windows\system32\DRIVERS\acpipmi.sys (Microsoft Corporation)
DRV - (AmdPPM) -- C:\Windows\system32\DRIVERS\amdppm.sys (Microsoft Corporation)
DRV - (hcw85cir) -- C:\Windows\system32\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV - (BrUsbMdm) -- C:\Windows\System32\Drivers\BrUsbMdm.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\System32\Drivers\BrUsbSer.sys (Brother Industries Ltd.)
DRV - (BrSerWdm) -- C:\Windows\System32\Drivers\BrSerWdm.sys (Brother Industries Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\DRIVERS\BrFiltLo.sys (Brother Industries, Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\DRIVERS\BrFiltUp.sys (Brother Industries, Ltd.)
DRV - (b57nd60x) -- C:\Windows\System32\drivers\b57nd60x.sys (Broadcom Corporation)
DRV - (ebdrv) -- C:\Windows\system32\DRIVERS\evbdx.sys (Broadcom Corporation)
DRV - (b06bdrv) -- C:\Windows\system32\DRIVERS\bxvbdx.sys (Broadcom Corporation)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation                                            )
DRV - (acedrv11) -- C:\Windows\System32\drivers\acedrv11.sys (Protect Software GmbH)
DRV - (adfs) -- C:\Windows\System32\drivers\adfs.sys (Adobe Systems, Inc.)
DRV - (LVUSBSta) -- C:\Windows\System32\drivers\LVUSBSta.sys (Logitech Inc.)
DRV - (LVRS) -- C:\Windows\System32\drivers\lvrs.sys (Logitech Inc.)
DRV - (PID_PEPI) Logitech QuickCam IM(PID_PEPI) -- C:\Windows\System32\drivers\LV302V32.SYS (Logitech Inc.)
DRV - (pepifilter) -- C:\Windows\System32\drivers\lv302af.sys (Logitech Inc.)
DRV - (RTL8187B) -- C:\Windows\System32\drivers\wg111v3.sys (NETGEAR Inc.                          )
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/
IE - HKLM\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - Reg Error: Key error. File not found
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-2691724045-2314604569-2155052543-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/
IE - HKU\S-1-5-21-2691724045-2314604569-2155052543-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\S-1-5-21-2691724045-2314604569-2155052543-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
 
FF - HKLM\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010.01.22 11:23:36 | 000,000,000 | ---D | M]
 
 
O1 HOSTS File: ([2010.09.11 19:43:12 | 000,000,734 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O2 - BHO: () - {60FB86A3-32C0-4A66-B5E0-45CA6EFF6137} - C:\Windows\System32\dlo5ACE.dll (aglrqmtrat Corporation)
O3 - HKU\S-1-5-21-2691724045-2314604569-2155052543-1000\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [combofix] C:\ComboFix\CF14261.cfx File not found
O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Programme\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [HP Remote Software] C:\Programme\Hewlett-Packard\HP Remote\HP REMOTE V1.0.5.exe ()
O4 - HKLM..\Run: [hpsysdrv] c:\Programme\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Hewlett-Packard)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [SmartMenu] C:\Programme\Hewlett-Packard\HP MediaSmart\SmartMenu.exe (Hewlett-Packard)
O4 - HKLM..\RunOnce: []  File not found
O4 - HKLM..\RunOnce: [combofix] C:\ComboFix\CF14261.cfx File not found
O4 - HKLM..\RunOnce: [GrpConv] C:\Windows\System32\grpconv.exe (Microsoft Corporation)
O4 - HKLM..\RunOnceEx: [flags] Reg Error: Invalid data type. File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: a5x3tq = C:\Users\Franzi\AppData\Local\Temp\202fbh.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O8 - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: HP Smart Web Printing ein- oder ausblenden - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) -  File not found
O20 - HKLM Winlogon: TaskMan - (C:\Users\Franzi\AppData\Roaming\ohydy.exe) - C:\Users\Franzi\AppData\Roaming\ohydy.exe (wcwC)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O24 - Desktop WallPaper: C:\Windows\web\Wallpaper\img11.jpg
O24 - Desktop BackupWallPaper: C:\Windows\web\Wallpaper\img11.jpg
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{ca88f6a1-adba-11df-82dc-0026189921df}\Shell - "" = AutoRun
O33 - MountPoints2\{ca88f6a1-adba-11df-82dc-0026189921df}\Shell\AutoRun\command - "" = K:\WD SmartWare.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2010.09.11 20:52:46 | 000,000,000 | --SD | C] -- C:\ComboFix
[2010.09.11 20:52:27 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2010.09.11 19:59:22 | 002,898,464 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\System32\RtkAPO.dll
[2010.09.11 19:59:22 | 002,744,800 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\System32\drivers\RTKVHDA.sys
[2010.09.11 19:59:22 | 001,265,696 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\System32\RtkPgExt.dll
[2010.09.11 19:59:22 | 000,551,456 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\System32\RTSndMgr.cpl
[2010.09.11 19:59:22 | 000,326,176 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\System32\RtkApoApi.dll
[2010.09.11 19:59:22 | 000,052,256 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\System32\RtkCoInst.dll
[2010.09.11 19:59:21 | 000,290,304 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\System32\RP3DHT32.dll
[2010.09.11 19:59:21 | 000,290,304 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\System32\RP3DAA32.dll
[2010.09.11 19:59:21 | 000,266,240 | ---- | C] (Fortemedia Corporation) -- C:\Windows\System32\FMAPO.dll
[2010.09.11 19:59:21 | 000,142,848 | ---- | C] (Andrea Electronics Corporation) -- C:\Windows\System32\AERTACap.dll
[2010.09.11 19:59:21 | 000,125,952 | ---- | C] (Andrea Electronics Corporation) -- C:\Windows\System32\AERTARen.dll
[2010.09.11 19:49:48 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2010.09.11 19:49:48 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2010.09.11 19:49:48 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2010.09.11 19:48:46 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010.09.11 19:48:19 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010.09.11 12:24:21 | 000,729,600 | ---- | C] (aglrqmtrat Corporation) -- C:\Windows\System32\dlo5ACE.dll
[2010.09.11 11:26:02 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2010.09.11 11:00:04 | 000,000,000 | ---D | C] -- C:\Users\Franzi\AppData\Roaming\Malwarebytes
[2010.09.11 10:59:34 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010.09.11 10:59:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010.09.11 10:59:31 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010.09.11 10:59:31 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2010.09.11 10:52:31 | 000,000,000 | ---D | C] -- C:\Programme\CCleaner
[2010.09.11 10:17:34 | 000,000,000 | ---D | C] -- C:\Users\Franzi\AppData\Local\cnuygikyr
[2010.09.11 10:17:33 | 000,000,000 | ---D | C] -- C:\Users\Franzi\AppData\Roaming\eaaygqwhe
[2010.09.11 10:17:33 | 000,000,000 | ---D | C] -- C:\Users\Franzi\AppData\Local\eaaygqwhe
[2010.09.11 10:17:32 | 000,106,496 | RHS- | C] (wcwC) -- C:\Users\Franzi\AppData\Roaming\ohydy.exe
[2010.09.11 10:17:18 | 000,000,000 | -H-D | C] -- C:\Users\Public\Documents\Server
[2010.08.29 13:12:11 | 000,000,000 | ---D | C] -- C:\Programme\Ask.com
[2010.08.29 13:11:46 | 000,000,000 | ---D | C] -- C:\Programme\uTorrent
[2010.08.29 13:11:32 | 000,000,000 | ---D | C] -- C:\Programme\softonic-de3
[2010.08.29 13:11:32 | 000,000,000 | ---D | C] -- C:\Programme\Conduit
[2010.08.29 13:11:07 | 000,000,000 | ---D | C] -- C:\Users\Franzi\AppData\Roaming\uTorrent
[2010.08.29 13:10:51 | 000,327,472 | ---- | C] (BitTorrent, Inc.) -- C:\Users\Franzi\Desktop\utorrent2.0.3.exe
[2010.08.29 12:34:07 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2010.08.22 18:07:27 | 000,000,000 | ---D | C] -- C:\Users\Franzi\AppData\Roaming\vlc
[2010.08.22 18:05:08 | 000,000,000 | ---D | C] -- C:\Programme\VideoLAN
[2010.08.22 10:28:37 | 000,000,000 | ---D | C] -- C:\Users\Franzi\AppData\Roaming\TSR
[2010.08.21 08:57:22 | 000,000,000 | ---D | C] -- C:\Users\Franzi\Desktop\Neuer Ordner
[2010.08.14 07:10:41 | 000,197,632 | ---- | C] (Intel(R) Corporation) -- C:\Windows\System32\ir32_32.dll
[2010.08.14 07:10:41 | 000,082,944 | ---- | C] (Radius Inc.) -- C:\Windows\System32\iccvid.dll
[2010.08.14 07:10:32 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rtutils.dll
[2010.08.14 07:10:29 | 003,955,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2010.08.14 07:10:29 | 003,899,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2010.08.14 07:10:23 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2010.08.14 07:10:23 | 000,606,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2010.08.14 07:10:23 | 000,381,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2010.08.14 07:10:23 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2010.08.14 07:10:23 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2010.08.14 07:10:23 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2010.08.14 07:10:23 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2010.08.14 07:10:23 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2010.08.14 07:10:05 | 002,326,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2010.09.11 21:25:16 | 000,841,728 | ---- | M] () -- C:\Windows\System32\drivers\ovfmoi.sys
[2010.09.11 21:24:25 | 003,407,872 | -HS- | M] () -- C:\Users\Franzi\NTUSER.DAT
[2010.09.11 21:05:16 | 000,006,512 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010.09.11 21:05:16 | 000,006,512 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010.09.11 21:04:08 | 001,536,104 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010.09.11 21:04:08 | 000,669,780 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2010.09.11 21:04:08 | 000,628,020 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010.09.11 21:04:08 | 000,136,208 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2010.09.11 21:04:08 | 000,111,598 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010.09.11 20:56:31 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010.09.11 20:56:24 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.09.11 20:56:08 | 2791,186,432 | -HS- | M] () -- C:\hiberfil.sys
[2010.09.11 20:27:57 | 000,000,305 | ---- | M] () -- C:\Users\Franzi\Desktop\ComboFix - Verknüpfung.lnk
[2010.09.11 20:18:37 | 000,000,020 | ---- | M] () -- C:\Users\Franzi\defogger_reenable
[2010.09.11 20:16:40 | 000,050,477 | ---- | M] () -- C:\Users\Franzi\Desktop\Defogger.exe
[2010.09.11 19:48:23 | 000,018,122 | ---- | M] () -- C:\results.xml
[2010.09.11 19:44:00 | 000,001,122 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2691724045-2314604569-2155052543-1000UA.job
[2010.09.11 19:43:12 | 000,000,734 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2010.09.11 12:24:21 | 000,729,600 | ---- | M] (aglrqmtrat Corporation) -- C:\Windows\System32\dlo5ACE.dll
[2010.09.11 11:05:41 | 000,106,052 | ---- | M] () -- C:\Users\Franzi\Desktop\cc_20100911_110454.reg
[2010.09.11 10:59:37 | 000,000,985 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.09.11 10:52:44 | 000,000,971 | ---- | M] () -- C:\Users\Franzi\Desktop\CCleaner.lnk
[2010.09.11 10:17:20 | 000,106,496 | RHS- | M] (wcwC) -- C:\Users\Franzi\AppData\Roaming\ohydy.exe
[2010.09.11 09:44:00 | 000,001,070 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2691724045-2314604569-2155052543-1000Core.job
[2010.09.10 23:35:07 | 002,705,782 | -H-- | M] () -- C:\Users\Franzi\AppData\Local\IconCache.db
[2010.09.10 15:45:05 | 000,002,235 | ---- | M] () -- C:\Users\Franzi\Desktop\Google Chrome.lnk
[2010.09.10 14:03:37 | 000,002,242 | ---- | M] () -- C:\Users\Public\Desktop\Die Sims™ 3 Gib Gas-Accessoires.lnk
[2010.09.10 11:51:29 | 000,668,422 | ---- | M] () -- C:\Users\Franzi\Documents\praes06.pdf
[2010.08.29 13:11:05 | 000,327,472 | ---- | M] (BitTorrent, Inc.) -- C:\Users\Franzi\Desktop\utorrent2.0.3.exe
[2010.08.22 09:48:28 | 000,001,169 | ---- | M] () -- C:\Users\Public\Desktop\TSR Launcher.lnk
[2010.08.21 09:04:36 | 000,001,809 | ---- | M] () -- C:\Users\Franzi\Desktop\UseNeXT.lnk
[2010.08.15 03:20:23 | 002,365,040 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2010.09.11 20:27:57 | 000,000,305 | ---- | C] () -- C:\Users\Franzi\Desktop\ComboFix - Verknüpfung.lnk
[2010.09.11 20:27:16 | 000,050,477 | ---- | C] () -- C:\Users\Franzi\Desktop\Defogger.exe
[2010.09.11 20:18:22 | 000,000,020 | ---- | C] () -- C:\Users\Franzi\defogger_reenable
[2010.09.11 19:49:48 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2010.09.11 19:49:48 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2010.09.11 19:49:48 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2010.09.11 19:49:48 | 000,077,312 | ---- | C] () -- C:\Windows\MBR.exe
[2010.09.11 19:49:48 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2010.09.11 19:48:23 | 000,018,122 | ---- | C] () -- C:\results.xml
[2010.09.11 11:05:34 | 000,106,052 | ---- | C] () -- C:\Users\Franzi\Desktop\cc_20100911_110454.reg
[2010.09.11 10:59:37 | 000,000,985 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.09.11 10:52:44 | 000,000,971 | ---- | C] () -- C:\Users\Franzi\Desktop\CCleaner.lnk
[2010.09.11 10:18:00 | 000,841,728 | ---- | C] () -- C:\Windows\System32\drivers\ovfmoi.sys
[2010.09.10 14:03:37 | 000,002,242 | ---- | C] () -- C:\Users\Public\Desktop\Die Sims™ 3 Gib Gas-Accessoires.lnk
[2010.09.10 11:51:29 | 000,668,422 | ---- | C] () -- C:\Users\Franzi\Documents\praes06.pdf
[2010.08.22 09:48:28 | 000,001,169 | ---- | C] () -- C:\Users\Public\Desktop\TSR Launcher.lnk
[2010.03.03 10:45:38 | 002,747,253 | ---- | C] () -- C:\Users\Franzi\AppData\Local\tmpBILDER 118.JPG
[2010.02.12 23:47:37 | 000,000,025 | ---- | C] () -- C:\Users\Franzi\AppData\Roaming\bdfvconp.ini
[2010.01.22 11:10:07 | 000,001,160 | ---- | C] () -- C:\ProgramData\hpzinstall.log
[2010.01.20 21:41:54 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009.10.07 02:46:36 | 000,025,752 | ---- | C] () -- C:\Windows\System32\drivers\LVPr2Mon.sys
[2009.10.07 02:23:08 | 000,013,584 | ---- | C] () -- C:\Windows\System32\drivers\iKeyLFT2.dll
[2009.07.14 02:55:09 | 000,587,776 | ---- | C] () -- C:\Windows\System32\hpotscl1.dll
[2009.07.14 01:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009.06.29 17:09:45 | 000,354,816 | ---- | C] () -- C:\Windows\System32\pythoncom26.dll
[2009.06.29 17:09:45 | 000,108,032 | ---- | C] () -- C:\Windows\System32\pywintypes26.dll
[2008.07.26 15:42:52 | 000,066,482 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini
 
========== LOP Check ==========
 
[2010.01.22 09:36:33 | 000,000,000 | ---D | M] -- C:\Users\Franzi\AppData\Roaming\BitDefender
[2010.09.11 10:17:57 | 000,000,000 | ---D | M] -- C:\Users\Franzi\AppData\Roaming\C2EC17786274D80DF27A2E69F8A4852F
[2010.01.20 18:24:41 | 000,000,000 | ---D | M] -- C:\Users\Franzi\AppData\Roaming\DAEMON Tools Lite
[2010.09.11 10:17:33 | 000,000,000 | ---D | M] -- C:\Users\Franzi\AppData\Roaming\eaaygqwhe
[2010.03.21 20:55:31 | 000,000,000 | ---D | M] -- C:\Users\Franzi\AppData\Roaming\ExtraFilm
[2010.02.13 23:22:04 | 000,000,000 | ---D | M] -- C:\Users\Franzi\AppData\Roaming\Gizmo
[2010.01.30 14:55:46 | 000,000,000 | ---D | M] -- C:\Users\Franzi\AppData\Roaming\Leadertech
[2010.07.18 09:28:20 | 000,000,000 | ---D | M] -- C:\Users\Franzi\AppData\Roaming\MudTV
[2010.03.14 20:57:46 | 000,000,000 | ---D | M] -- C:\Users\Franzi\AppData\Roaming\ProtectDisc
[2010.08.22 10:28:37 | 000,000,000 | ---D | M] -- C:\Users\Franzi\AppData\Roaming\TSR
[2010.09.10 15:29:17 | 000,000,000 | ---D | M] -- C:\Users\Franzi\AppData\Roaming\UseNeXT
[2010.09.11 10:21:17 | 000,000,000 | ---D | M] -- C:\Users\Franzi\AppData\Roaming\uTorrent
[2010.03.03 09:44:39 | 000,000,000 | ---D | M] -- C:\Users\Franzi\AppData\Roaming\WinBatch
[2010.07.31 13:11:06 | 000,000,456 | ---- | M] () -- C:\Windows\Tasks\PCDRScheduledMaintenance-Delay.job
[2010.07.31 10:00:28 | 000,000,552 | ---- | M] () -- C:\Windows\Tasks\PCDRScheduledMaintenance.job
[2010.09.08 09:47:36 | 000,032,630 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2010.02.26 12:13:19 | 000,000,000 | ---D | M] -- C:\Users\Franzi\AppData\Roaming\Adobe
[2010.01.20 22:03:55 | 000,000,000 | ---D | M] -- C:\Users\Franzi\AppData\Roaming\Apple Computer
[2010.01.22 09:36:33 | 000,000,000 | ---D | M] -- C:\Users\Franzi\AppData\Roaming\BitDefender
[2010.09.11 10:17:57 | 000,000,000 | ---D | M] -- C:\Users\Franzi\AppData\Roaming\C2EC17786274D80DF27A2E69F8A4852F
[2010.01.20 18:24:41 | 000,000,000 | ---D | M] -- C:\Users\Franzi\AppData\Roaming\DAEMON Tools Lite
[2010.09.11 10:17:33 | 000,000,000 | ---D | M] -- C:\Users\Franzi\AppData\Roaming\eaaygqwhe
[2010.03.21 20:55:31 | 000,000,000 | ---D | M] -- C:\Users\Franzi\AppData\Roaming\ExtraFilm
[2010.02.13 23:22:04 | 000,000,000 | ---D | M] -- C:\Users\Franzi\AppData\Roaming\Gizmo
[2010.01.20 18:24:41 | 000,000,000 | ---D | M] -- C:\Users\Franzi\AppData\Roaming\Hewlett-Packard
[2010.01.28 18:43:10 | 000,000,000 | ---D | M] -- C:\Users\Franzi\AppData\Roaming\HP
[2010.01.20 18:24:41 | 000,000,000 | ---D | M] -- C:\Users\Franzi\AppData\Roaming\HP TCS
[2010.05.09 15:00:50 | 000,000,000 | ---D | M] -- C:\Users\Franzi\AppData\Roaming\Identities
[2010.01.30 14:55:46 | 000,000,000 | ---D | M] -- C:\Users\Franzi\AppData\Roaming\Leadertech
[2010.01.20 18:24:41 | 000,000,000 | ---D | M] -- C:\Users\Franzi\AppData\Roaming\Macromedia
[2010.09.11 11:00:04 | 000,000,000 | ---D | M] -- C:\Users\Franzi\AppData\Roaming\Malwarebytes
[2009.07.14 10:56:41 | 000,000,000 | ---D | M] -- C:\Users\Franzi\AppData\Roaming\Media Center Programs
[2010.06.06 17:59:11 | 000,000,000 | --SD | M] -- C:\Users\Franzi\AppData\Roaming\Microsoft
[2010.03.05 09:02:26 | 000,000,000 | ---D | M] -- C:\Users\Franzi\AppData\Roaming\Mozilla
[2010.07.18 09:28:20 | 000,000,000 | ---D | M] -- C:\Users\Franzi\AppData\Roaming\MudTV
[2010.03.14 20:57:46 | 000,000,000 | ---D | M] -- C:\Users\Franzi\AppData\Roaming\ProtectDisc
[2010.02.19 11:37:12 | 000,000,000 | RH-D | M] -- C:\Users\Franzi\AppData\Roaming\SecuROM
[2010.07.20 07:56:01 | 000,000,000 | ---D | M] -- C:\Users\Franzi\AppData\Roaming\Skype
[2010.07.20 07:12:35 | 000,000,000 | ---D | M] -- C:\Users\Franzi\AppData\Roaming\skypePM
[2010.08.22 10:28:37 | 000,000,000 | ---D | M] -- C:\Users\Franzi\AppData\Roaming\TSR
[2010.09.10 15:29:17 | 000,000,000 | ---D | M] -- C:\Users\Franzi\AppData\Roaming\UseNeXT
[2010.09.11 10:21:17 | 000,000,000 | ---D | M] -- C:\Users\Franzi\AppData\Roaming\uTorrent
[2010.08.22 18:07:31 | 000,000,000 | ---D | M] -- C:\Users\Franzi\AppData\Roaming\vlc
[2010.03.03 09:44:39 | 000,000,000 | ---D | M] -- C:\Users\Franzi\AppData\Roaming\WinBatch
[2010.02.14 09:21:33 | 000,000,000 | ---D | M] -- C:\Users\Franzi\AppData\Roaming\WinRAR
 
< %APPDATA%\*.exe /s >
[2010.09.11 10:17:20 | 000,106,496 | RHS- | M] (wcwC) -- C:\Users\Franzi\AppData\Roaming\ohydy.exe
[2010.09.11 10:17:20 | 000,245,248 | ---- | M] (Security Suites Corporation) -- C:\Users\Franzi\AppData\Roaming\eaaygqwhe\ndwaajnuqiw.exe
[2010.07.17 08:38:44 | 000,053,632 | ---- | M] (Adobe Systems Inc.) -- C:\Users\Franzi\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
[2010.02.12 16:54:52 | 000,010,134 | R--- | M] () -- C:\Users\Franzi\AppData\Roaming\Microsoft\Installer\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}\ARPPRODUCTICON.exe
 
< %SYSTEMDRIVE%\*.exe >
 
 
< MD5 for: AGP440.SYS  >
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_65848c2d7375a720\AGP440.sys
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Qoobox\32788R22FWJFW\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_f64b9c35a3a5be81\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
 
< MD5 for: IASTORV.SYS  >
[2009.07.14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\System32\drivers\iaStorV.sys
[2009.07.14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_18cccb83b34e1453\iaStorV.sys
[2009.07.14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\System32\netlogon.dll
[2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2009.07.14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\System32\drivers\nvstor.sys
[2009.07.14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_5bde3fe2945bce9e\nvstor.sys
[2009.07.14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\System32\scecli.dll
[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll
 
< MD5 for: USER32.DLL  >
[2009.07.14 03:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\System32\user32.dll
[2009.07.14 03:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\System32\userinit.exe
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2009.10.28 08:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\System32\winlogon.exe
[2009.10.28 08:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe
[2009.10.28 07:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe
[2009.07.14 03:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009.07.14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2009.07.14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_4f5cf6f829213bb2\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
[2010.09.11 21:30:53 | 000,841,728 | ---- | M] () Unable to obtain MD5 -- C:\Windows\System32\drivers\ovfmoi.sys
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
[1 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ]
< End of report >
--- --- ---







und hier das Extra log:OTL Logfile:
Code:
OTL Extras logfile created on: 11.09.2010 21:24:25 - Run 1
OTL by OldTimer - Version 3.2.12.0    Folder = F:\
 Ultimate Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 58,00% Memory free
7,00 Gb Paging File | 5,00 Gb Available in Paging File | 78,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 451,64 Gb Total Space | 242,56 Gb Free Space | 53,71% Space Free | Partition Type: NTFS
Drive D: | 14,12 Gb Total Space | 1,96 Gb Free Space | 13,91% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
Drive F: | 7,45 Gb Total Space | 2,86 Gb Free Space | 38,44% Space Free | Partition Type: FAT32
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive K: | 7,46 Gb Total Space | 6,77 Gb Free Space | 90,73% Space Free | Partition Type: FAT32
 
Computer Name: FRANZI-PC
Current User Name: Franzi
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-2691724045-2314604569-2155052543-1000\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- C:\Users\Franzi\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~3\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- Reg Error: Key error.
Folder [explore] -- Reg Error: Value error.
Drive [find] -- Reg Error: Key error.
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0295F89F-F698-4101-9A7D-49F407EC2D82}" = HP Active Support Library
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{098A2A49-7CF3-4F08-A38D-FB879117152A}" = Adobe Color NA Extra Settings CS4
"{0CB9668D-F979-4F31-B8B8-67FE90F929F8}" = Bonjour
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0D67A4E4-5BE0-4C9A-8AD8-AB552B433F23}" = Adobe Setup
"{0DC0E85F-36E4-463B-B3EA-4CD8ED2222A1}" = Adobe Color EU Recommended Settings CS4
"{0EF5BEA9-B9D3-46d7-8958-FB69A0BAEACC}" = Status
"{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
"{1CC069FA-1A86-402E-9787-3F04E652C67A}" = HP Support Information
"{1EC71BFB-01A3-4239-B6AF-B1AE656B15C0}" = TrayApp
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{2640314A-2D9A-4F58-B501-DB109CD9DBA2}" = DJ_AIO_ProductContext
"{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java(TM) 6 Update 18
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{2FF8C687-DB7D-4adc-A5DC-57983EC25046}" = DeviceDiscovery
"{32DACAC3-6538-405D-915E-8F2D026F199C}" = DJ_AIO_Software_min
"{33cc8e60-d6db-45be-9276-b6698187688a}" = F2100
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{3C92B2E6-380D-4fef-B4DF-4A3B4B669771}" = Copy
"{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4
"{3D9892BB-A751-4E48-ADC8-E4289956CE1D}" = QuickTime
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{47F36D92-E58E-456D-B73C-3382737E4C42}" = HP Update
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4E7C28C7-D5DA-4E9F-A1CA-60490B54AE35}" = UnloadSupport
"{4FBCEA31-5D18-4212-9231-DE7CF1BE7DBB}" = Logitech Vid
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{5396FBD8-8BD7-47F9-92AE-F62F13D5A11D}" = NETGEAR WG111v3 wireless USB 2.0 adapter
"{55979C41-7D6A-49CC-B591-64AC1BBE2C8B}" = HP Picasso Media Center Add-In
"{5F240DB8-0D74-4F13-86C3-929760392A8D}" = HP Remote Software
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
"{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{681B698F-C997-42C3-B184-B489C6CA24C9}" = HPPhotoSmartDiscLabelContent1
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
"{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}" = HPSSupply
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{71828142-5A24-4BD0-97E7-976DA08CE6CF}" = Die Sims™ 3 Luxus-Accessoires
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73A43E42-3658-4DD9-8551-FACDA3632538}" = HP Advisor
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{773C485E-B148-45CB-BF38-84FC208D960A}" = TSR Merlin
"{784BEA84-FA66-4B19-BB80-7B545F248AC6}" = HP Total Care Setup
"{7AB3A249-FB81-416B-917A-A2A10E74C503}" = iTunes
"{7B15D70E-9449-4CFB-B9BC-798465B2BD5C}" = Norton Internet Security
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{85991ED2-010C-4930-96FA-52F43C2CE98A}" = Apple Mobile Device Support
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{9082C257-9729-4009-8299-6916CD556EAC}" = TSR Launcher
"{910F4A29-1134-49E0-AD8B-56E4A3152BD1}" = Die Sims™ 3 Traumkarrieren
"{92127AF5-FDD8-4ADF-BC40-C356C9EE0B7D}" = 32 Bit HP CIO Components Installer
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9CC89170-000B-457D-91F1-53691F85B223}" = Python 2.6.1
"{A0640EC2-B97E-4FC1-AD14-227C9E386BB4}" = HP Recovery Manager RSS
"{A67BB21E-D419-45BB-AB86-7D87D14BBCE2}" = Safari
"{AC76BA86-1033-F400-7760-000000000004}" = Adobe Acrobat 9 Pro - English, Français, Deutsch
"{AC76BA86-1033-F400-7760-000000000004}{AC76BA86-1033-F400-7760-000000000004}" = Adobe Acrobat 9 Pro - English, Français, Deutsch
"{AC76BA86-7AD7-1031-7B44-A93000000001}" = Adobe Reader 9.3.3 - Deutsch
"{AD99B476-6FB7-4985-A3C3-E40595A7E6DE}" = DJ_AIO_Software
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B2D328BE-45AD-4D92-96F9-2151490A203E}" = Apple Application Support
"{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video
"{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4
"{B84739A3-F943-47E4-95D8-96381EF5AC48}" = HP Customer Experience Enhancements
"{B8AC1A89-FFD1-4F97-8051-E505A160F562}" = HP Odometer
"{BA26FFA5-6D47-47DB-BE56-34C357B5F8CC}" = Die Sims™ 3 Reiseabenteuer
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = Die Sims™ 3
"{C1920D73-7374-49d9-8C37-58A6E49078A5}" = F2100_Help
"{C27BC2A2-30DD-4014-B22E-63EB0DB572F9}" = Logitech Webcam Software
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D79113E7-274C-470B-BD46-01B10219DF6A}" = HPPhotosmartEssential
"{D86B0E2E-DF9A-441C-AF77-8D1A0FF00FA6}" = AIO_Scan
"{DC635845-46D3-404B-BCB1-FC4A91091AFA}" = SmartWebPrinting
"{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"{E17141A6-211D-5854-61D9-69827A430D82}" = EA Download Manager UI
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E4848436-0345-47E2-B648-8B522FCDA623}" = Adobe Photoshop CS4
"{E9E34215-82EF-4909-BE2F-F581F0DC9062}" = DirectX for Managed Code Update (Summer 2004)
"{EB773820-0871-46A8-9B96-F2B04F8B34F0}" = HP Deskjet All-In-One Driver Software 13.0 Rel. 1
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{ED436EA8-4145-4703-AE5D-4D09DD24AF5A}" = Die Sims™ 3 Gib Gas-Accessoires
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"{FF202088-CF66-4DCA-B1C3-185E7044CEE6}" = HP MediaSmart SmartMenu
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe_faf656ef605427ee2f42989c3ad31b8" = Adobe Photoshop CS4
"Akamai" = Akamai NetSession Interface
"Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.10
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"AviSynth" = AviSynth 2.5
"Canon RAW Codec" = Canon RAW Codec
"CCleaner" = CCleaner
"com.ea.Vault.919CACB699904AC5D41B606703500DD39747C02D.1" = EA Download Manager UI
"Die Kunst des Mordens - Karten des Schicksals_is1" = Die Kunst des Mordens - Karten des Schicksals
"EA Download Manager" = EA Download Manager
"ENTERPRISE" = Microsoft Office Enterprise 2007
"ExtraFilmDesignerCH DE" = ExtraFilm Designer CH DE
"Gizmo Central" = Gizmo Central
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HijackThis" = HijackThis 2.0.2
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HP Photosmart Essential" = HP Photosmart Essential 3.5
"HP Smart Web Printing" = HP Smart Web Printing 4.51
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 13.0
"InstallShield_{5396FBD8-8BD7-47F9-92AE-F62F13D5A11D}" = NETGEAR WG111v3 wireless USB 2.0 adapter
"InstallShield_{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video
"InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"PC-Doctor for Windows" = Hardware Diagnose Tools
"PDF Blender" = PDF Blender
"ProtectDisc Driver 11" = ProtectDisc Driver, Version 11
"PSP Video 9" = PSP Video 9 5.04
"pywin32-py2.6" = Python 2.6 pywin32-212
"Shop for HP Supplies" = Shop for HP Supplies
"softonic-de3 Toolbar" = softonic-de3 Toolbar
"TS3 Install Helper Monkey" = TS3 Install Helper Monkey
"UseNeXT_is1" = UseNeXT
"uTorrent" = µTorrent
"VLC media player" = VLC media player 0.9.9
"WildTangent hp Master Uninstall" = HP Games
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-2691724045-2314604569-2155052543-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
 
========== Last 10 Event Log Errors ==========
 
Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!
 
< End of report >
--- --- ---





Der Malwarescan läuft leider noch... schicke es sobald es fertig ist hinterher.
Danke für deine Mühen :)

Franzi5385 11.09.2010 21:07
und hier von malwarebyte:


Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 4595

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

11.09.2010 22:06:26
mbam-log-2010-09-11 (22-06-26).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 318162
Laufzeit: 1 Stunde(n), 5 Minute(n), 16 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 1
Infizierte Registrierungswerte: 2
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 10

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_CURRENT_USER\SOFTWARE\wnxmal (Rogue.SecuritySuite) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\a5x3tq (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\taskman (Worm.Palevo) -> Quarantined and deleted successfully.

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
C:\Users\Franzi\AppData\Local\cnuygikyr\nllsimquqiw.exe (Rogue.SecuritySuite) -> Quarantined and deleted successfully.
C:\Users\Franzi\AppData\Local\eaaygqwhe\ndwaajnuqiw.exe (Rogue.SecuritySuite) -> Quarantined and deleted successfully.
C:\Users\Franzi\AppData\Local\Temp\BC5D.tmp (Rootkit.Dropper) -> Quarantined and deleted successfully.
C:\Users\Franzi\AppData\Local\Temp\cxysr.exe (Rogue.SecuritySuite) -> Quarantined and deleted successfully.
C:\Users\Franzi\AppData\Local\Temp\BBA2.tmp (Rootkit.Dropper) -> Quarantined and deleted successfully.
C:\Users\Franzi\AppData\Local\Temp\BBF0.tmp (Rootkit.Dropper) -> Quarantined and deleted successfully.
C:\Users\Franzi\AppData\Local\Temp\sxcfgslr.exe (Rogue.SecuritySuite) -> Quarantined and deleted successfully.
C:\Users\Franzi\AppData\Roaming\eaaygqwhe\ndwaajnuqiw.exe (Rogue.SecuritySuite) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\ovfmoi.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\Users\Franzi\AppData\Roaming\ohydy.exe (Worm.Palevo) -> Quarantined and deleted successfully.

markusg 11.09.2010 21:14
ok, mach mal n neustart und nen malwarebytes quick scan, log posten, und sag mir mal ob dein desktop wieder richtig is

Franzi5385 12.09.2010 07:55
Guten Morgen,
Quickscan erledigt. Hier daslogfile:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 4595

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

12.09.2010 08:53:25
mbam-log-2010-09-12 (08-53-25).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 138690
Laufzeit: 8 Minute(n), 10 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 1

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
C:\Windows\system32\Drivers\ovfmoi.sys (Rootkit.Agent) -> Quarantined and deleted successfully.





Bildschirm ist allerdings immer noch schwarz wie die Nacht....
Woran könnte das denn liegen?

Franzi5385 12.09.2010 09:03
Also die letzte infizierte Datei:

"C:\Windows\system32\Drivers\ovfmoi.sys (Rootkit.Agent) -> Quarantined and deleted successfully."

ist irgendwie nicht gelöscht wurden. Ich habe es jetzt noch zweimal gescannt und nach jedem neustart findet er das selbe Problem wieder. Ich habe es schon von Hand versucht. Ich lösche die Datei, sie verschwindet und zwei sekunden später ist sie wieder da...:kloppen:

markusg 12.09.2010 10:26
immer mit der ruhe


download den avenger:
Avenger
führe ihn wie beschrieben aus, unter windows 7 mit rechtsklick, als admin starten.
füge das folgende script ein.

Drivers to disable:
ovfmoi
Drivers to delete:
ovfmoi
files to delete:
C:\Windows\system32\Drivers\ovfmoi.sys

Führe das script wie beschrieben aus, der pc sollte neu starten und das log des avenger sollte geöffnet werden. poste dessen inhalt.

Franzi5385 12.09.2010 10:58
So hier das logfile von Avenger:


Logfile of The Avenger Version 2.0, (c) by Swandog46
hxxp://swandog46.geekstogo.com

Platform: Windows Vista

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!

Driver "ovfmoi" disabled successfully.
Driver "ovfmoi" deleted successfully.
File "C:\Windows\system32\Drivers\ovfmoi.sys" deleted successfully.

Completed script processing.

*******************

Finished! Terminate.





Habe vorhin noch mit GMER einen Scan gemacht, da hats das Logfile gegeben:


GMER Logfile:
Code:
GMER 1.0.15.15281 - hxxp://www.gmer.net
Rootkit scan 2010-09-12 11:36:29
Windows 6.1.7600
Running: s26i6f9e.exe; Driver: C:\Users\Franzi\AppData\Local\Temp\pgryipog.sys


---- System - GMER 1.0.15 ----

SSDT            9150D83C                                                                                                              ZwCreateThread
SSDT            9150D828                                                                                                              ZwOpenProcess
SSDT            9150D82D                                                                                                              ZwOpenThread
SSDT            9150D837                                                                                                              ZwTerminateProcess

INT 0x1F        \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)                              83247AF8
INT 0x37        \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)                              83247104
INT 0xC1        \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)                              832473F4
INT 0xD1        \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)                              832302D8
INT 0xD2        \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)                              8322F898
INT 0xDF        \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)                              832471DC
INT 0xE1        \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)                              83247958
INT 0xE3        \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)                              832476F8
INT 0xFD        \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)                              83247F2C
INT 0xFE        \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)                              832481A8

---- Kernel code sections - GMER 1.0.15 ----

.text          ntkrnlpa.exe!ZwSaveKeyEx + 13AD                                                                                      82E60599 1 Byte  [06]
.text          ntkrnlpa.exe!KiDispatchInterrupt + 5A2                                                                                82E84F52 19 Bytes  [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text          ntkrnlpa.exe!RtlSidHashLookup + 34C                                                                                  82E8C85C 4 Bytes  [3C, D8, 50, 91] {CMP AL, 0xd8; PUSH EAX; XCHG ECX, EAX}
.text          ntkrnlpa.exe!RtlSidHashLookup + 4E8                                                                                  82E8C9F8 4 Bytes  [28, D8, 50, 91] {SUB AL, BL; PUSH EAX; XCHG ECX, EAX}
.text          ntkrnlpa.exe!RtlSidHashLookup + 508                                                                                  82E8CA18 4 Bytes  [2D, D8, 50, 91]
.text          ntkrnlpa.exe!RtlSidHashLookup + 7B8                                                                                  82E8CCC8 4 Bytes  [37, D8, 50, 91] {AAA ; FCOM DWORD [EAX-0x6f]}
?              System32\drivers\mnweaqh.sys                                                                                          Das System kann den angegebenen Pfad nicht finden. !
?              System32\drivers\jarh.sys                                                                                            Das System kann den angegebenen Pfad nicht finden. !
?              System32\Drivers\ovfmoi.sys                                                                                          Ein an das System angeschlossenes Gerät funktioniert nicht. !
.reloc          C:\Windows\system32\drivers\acedrv11.sys                                                                              section is executable [0xAEE36300, 0x25D4C, 0xE0000060]
.text          peauth.sys                                                                                                            AEE73C9D 28 Bytes  [C4, A0, BD, 73, ED, CF, 3B, ...]
.text          peauth.sys                                                                                                            AEE73CC1 28 Bytes  [C4, A0, BD, 73, ED, CF, 3B, ...]
PAGE            peauth.sys                                                                                                            AEE79B9B 72 Bytes  [09, B5, 0D, 40, DC, 7B, AE, ...]
PAGE            peauth.sys                                                                                                            AEE79BEC 111 Bytes  [D9, 58, C4, 78, F1, C5, 78, ...]
PAGE            peauth.sys                                                                                                            AEE79E20 101 Bytes  [C9, 6B, 38, 53, 06, EB, FF, ...]
PAGE            ...                                                                                                                 

---- User code sections - GMER 1.0.15 ----

.text          C:\Windows\system32\svchost.exe[1140] ntdll.dll!DbgBreakPoint                                                        76EA3574 1 Byte  [C3]
.text          C:\Windows\system32\svchost.exe[1140] ntdll.dll!NtProtectVirtualMemory                                                76EB5380 5 Bytes  JMP 0041000A
.text          C:\Windows\system32\svchost.exe[1140] ntdll.dll!NtWriteVirtualMemory                                                  76EB5F00 5 Bytes  JMP 0042000A
.text          C:\Windows\system32\svchost.exe[1140] ntdll.dll!KiUserExceptionDispatcher                                            76EB6448 5 Bytes  JMP 0040000A
.text          C:\Windows\system32\svchost.exe[1140] ole32.dll!CoCreateInstance                                                      756457FC 5 Bytes  JMP 004C000A
.text          C:\Windows\system32\svchost.exe[1140] USER32.dll!GetCursorPos                                                        7542C198 5 Bytes  JMP 00E9000A
?              C:\Windows\System32\svchost.exe[2636]                                                                                image checksum mismatch; number of sections mismatch; time/date stamp mismatch; unknown module: OLEAUT32.dll
.text          C:\Windows\system32\taskmgr.exe[2880] ntdll.dll!DbgBreakPoint                                                        76EA3574 1 Byte  [C3]

---- User IAT/EAT - GMER 1.0.15 ----

IAT            C:\Windows\System32\svchost.exe[2636] @ C:\Windows\System32\svchost.exe [msvcrt.dll!__wgetmainargs]                  01A6B6E9
IAT            C:\Windows\System32\svchost.exe[2636] @ C:\Windows\System32\svchost.exe [msvcrt.dll!_exit]                            5409E800
IAT            C:\Windows\System32\svchost.exe[2636] @ C:\Windows\System32\svchost.exe [msvcrt.dll!_XcptFilter]                      68500000
IAT            C:\Windows\System32\svchost.exe[2636] @ C:\Windows\System32\svchost.exe [msvcrt.dll!exit]                            0F6DEAD8
IAT            C:\Windows\System32\svchost.exe[2636] @ C:\Windows\System32\svchost.exe [msvcrt.dll!_initterm]                        00113EE8
IAT            C:\Windows\System32\svchost.exe[2636] @ C:\Windows\System32\svchost.exe [msvcrt.dll!_amsg_exit]                      F8BD8D00
IAT            C:\Windows\System32\svchost.exe[2636] @ C:\Windows\System32\svchost.exe [msvcrt.dll!__setusermatherr]                E81394A3
IAT            C:\Windows\System32\svchost.exe[2636] @ C:\Windows\System32\svchost.exe [msvcrt.dll!memcpy]                          00000C58
IAT            C:\Windows\System32\svchost.exe[2636] @ C:\Windows\System32\svchost.exe [msvcrt.dll!_controlfp]                      59756668
IAT            C:\Windows\System32\svchost.exe[2636] @ C:\Windows\System32\svchost.exe [msvcrt.dll!_except_handler4_common]          04C76661
IAT            C:\Windows\System32\svchost.exe[2636] @ C:\Windows\System32\svchost.exe [msvcrt.dll!?terminate@@YAXXZ]                838FFE24
IAT            C:\Windows\System32\svchost.exe[2636] @ C:\Windows\System32\svchost.exe [msvcrt.dll!__set_app_type]                  66F9FFC6
IAT            C:\Windows\System32\svchost.exe[2636] @ C:\Windows\System32\svchost.exe [msvcrt.dll!__p__fmode]                      0CE1BA0F
IAT            C:\Windows\System32\svchost.exe[2636] @ C:\Windows\System32\svchost.exe [msvcrt.dll!__p__commode]                    85C330F5
IAT            C:\Windows\System32\svchost.exe[2636] @ C:\Windows\System32\svchost.exe [msvcrt.dll!_cexit]                          12CEE9FE
IAT            C:\Windows\System32\svchost.exe[2636] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!LocalAlloc]                    00458F24
IAT            C:\Windows\System32\svchost.exe[2636] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!CloseHandle]                    042444C6
IAT            C:\Windows\System32\svchost.exe[2636] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!DelayLoadFailureHook]          8D9C9C92
IAT            C:\Windows\System32\svchost.exe[2636] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!GetProcAddress]                E9302464
IAT            C:\Windows\System32\svchost.exe[2636] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!GetLastError]                  000053DA
IAT            C:\Windows\System32\svchost.exe[2636] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!FreeLibrary]                    005BE7E9
IAT            C:\Windows\System32\svchost.exe[2636] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!InterlockedCompareExchange]    514EE900
IAT            C:\Windows\System32\svchost.exe[2636] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!LoadLibraryExA]                35E90000
IAT            C:\Windows\System32\svchost.exe[2636] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!InterlockedExchange]            9C0001AD
IAT            C:\Windows\System32\svchost.exe[2636] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!Sleep]                          892434FF
IAT            C:\Windows\System32\svchost.exe[2636] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!SetUnhandledExceptionFilter]    6604247C
IAT            C:\Windows\System32\svchost.exe[2636] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!GetModuleHandleA]              0C89CF0F
IAT            C:\Windows\System32\svchost.exe[2636] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!QueryPerformanceCounter]        A0B98D24
IAT            C:\Windows\System32\svchost.exe[2636] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!GetTickCount]                  F7B8C753
IAT            C:\Windows\System32\svchost.exe[2636] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!GetSystemTimeAsFileTime]        24BC8DD7
IAT            C:\Windows\System32\svchost.exe[2636] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!UnhandledExceptionFilter]      BA86FAAB
IAT            C:\Windows\System32\svchost.exe[2636] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!DeactivateActCtx]              BA0F669C
IAT            C:\Windows\System32\svchost.exe[2636] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!LoadLibraryExW]                879C0AFF
IAT            C:\Windows\System32\svchost.exe[2636] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!ActivateActCtx]                0F66242C
IAT            C:\Windows\System32\svchost.exe[2636] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!lstrcmpW]                      5304E5BA
IAT            C:\Windows\System32\svchost.exe[2636] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!RegCloseKey]                    8DC7D366
IAT            C:\Windows\System32\svchost.exe[2636] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!RegOpenKeyExW]                  5F73E52C
IAT            C:\Windows\System32\svchost.exe[2636] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!HeapSetInformation]            CFD3E1F2
IAT            C:\Windows\System32\svchost.exe[2636] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!lstrcmpiW]                      FF896652
IAT            C:\Windows\System32\svchost.exe[2636] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!lstrlenW]                      35FF6056
IAT            C:\Windows\System32\svchost.exe[2636] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!LCMapStringW]                  [004011C5] C:\Windows\System32\svchost.exe (Hostprozess für Windows-Dienste/Microsoft Corporation)
IAT            C:\Windows\System32\svchost.exe[2636] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!RegQueryValueExW]              1C24448F
IAT            C:\Windows\System32\svchost.exe[2636] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!ReleaseActCtx]                  005638E9
IAT            C:\Windows\System32\svchost.exe[2636] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!CreateActCtxW]                  F6F5F800
IAT            C:\Windows\System32\svchost.exe[2636] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!ExpandEnvironmentStringsW]      C4F766D2
IAT            C:\Windows\System32\svchost.exe[2636] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!GetCommandLineW]                ED831B48
IAT            C:\Windows\System32\svchost.exe[2636] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!ExitProcess]                    FCEC8302
IAT            C:\Windows\System32\svchost.exe[2636] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!SetProcessAffinityUpdateMode]  54A0800F
IAT            C:\Windows\System32\svchost.exe[2636] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!RegDisablePredefinedCacheEx]    D0200000
IAT            C:\Windows\System32\svchost.exe[2636] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!GetProcessHeap]                81E85024
IAT            C:\Windows\System32\svchost.exe[2636] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!SetErrorMode]                  9C00000D
IAT            C:\Windows\System32\svchost.exe[2636] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!RegisterWaitForSingleObjectEx]  2824448F
IAT            C:\Windows\System32\svchost.exe[2636] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!LocalFree]                      2474FF50
IAT            C:\Windows\System32\svchost.exe[2636] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!HeapFree]                      00458F2C
IAT            C:\Windows\System32\svchost.exe[2636] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!WideCharToMultiByte]            2489669C
IAT            C:\Windows\System32\svchost.exe[2636] @ C:\Windows\System32\svchost.exe [ntdll.dll!RtlAllocateHeap]                  E8000053
IAT            C:\Windows\System32\svchost.exe[2636] @ C:\Windows\System32\svchost.exe [ntdll.dll!RtlLengthRequiredSid]              0000510A
IAT            C:\Windows\System32\svchost.exe[2636] @ C:\Windows\System32\svchost.exe [ntdll.dll!RtlSubAuthoritySid]                C450E9D5
IAT            C:\Windows\System32\svchost.exe[2636] @ C:\Windows\System32\svchost.exe [ntdll.dll!RtlInitializeSid]                  74FF0001
IAT            C:\Windows\System32\svchost.exe[2636] @ C:\Windows\System32\svchost.exe [ntdll.dll!RtlCopySid]                        458F0424
IAT            C:\Windows\System32\svchost.exe[2636] @ C:\Windows\System32\svchost.exe [ntdll.dll!RtlSubAuthorityCountSid]          60579C00
IAT            C:\Windows\System32\svchost.exe[2636] @ C:\Windows\System32\svchost.exe [ntdll.dll!RtlInitializeCriticalSection]      24648D9C
IAT            C:\Windows\System32\svchost.exe[2636] @ C:\Windows\System32\svchost.exe [ntdll.dll!RtlSetProcessIsCritical]          5318E934
IAT            C:\Windows\System32\svchost.exe[2636] @ C:\Windows\System32\svchost.exe [ntdll.dll!RtlImageNtHeader]                  8B660000
IAT            C:\Windows\System32\svchost.exe[2636] @ C:\Windows\System32\svchost.exe [ntdll.dll!RtlUnhandledExceptionFilter]      56B1E900
IAT            C:\Windows\System32\svchost.exe[2636] @ C:\Windows\System32\svchost.exe [ntdll.dll!EtwEventWrite]                    7E270000
IAT            C:\Windows\System32\svchost.exe[2636] @ C:\Windows\System32\svchost.exe [ntdll.dll!EtwEventEnabled]                  C421E9B1
IAT            C:\Windows\System32\svchost.exe[2636] @ C:\Windows\System32\svchost.exe [ntdll.dll!EtwEventRegister]                  C3300001
IAT            C:\Windows\System32\svchost.exe[2636] @ C:\Windows\System32\svchost.exe [ntdll.dll!RtlFreeHeap]                      005A4AE9
IAT            C:\Windows\System32\svchost.exe[2636] @ C:\Windows\System32\svchost.exe [RPCRT4.dll!RpcMgmtSetServerStackSize]        D6F7C5D3
IAT            C:\Windows\System32\svchost.exe[2636] @ C:\Windows\System32\svchost.exe [RPCRT4.dll!I_RpcMapWin32Status]              00090AE8
IAT            C:\Windows\System32\svchost.exe[2636] @ C:\Windows\System32\svchost.exe [RPCRT4.dll!RpcServerUnregisterIf]            242C8700
IAT            C:\Windows\System32\svchost.exe[2636] @ C:\Windows\System32\svchost.exe [RPCRT4.dll!RpcMgmtWaitServerListen]          EAB60F66
IAT            C:\Windows\System32\svchost.exe[2636] @ C:\Windows\System32\svchost.exe [RPCRT4.dll!RpcMgmtStopServerListening]      4AE8F960
IAT            C:\Windows\System32\svchost.exe[2636] @ C:\Windows\System32\svchost.exe [RPCRT4.dll!RpcServerUnregisterIfEx]          D0000014
IAT            C:\Windows\System32\svchost.exe[2636] @ C:\Windows\System32\svchost.exe [RPCRT4.dll!RpcServerRegisterIf]              89DC88E0
IAT            C:\Windows\System32\svchost.exe[2636] @ C:\Windows\System32\svchost.exe [RPCRT4.dll!RpcServerUseProtseqEpW]          83D084E8
IAT            C:\Windows\System32\svchost.exe[2636] @ C:\Windows\System32\svchost.exe [RPCRT4.dll!RpcServerListen]                  E99C02ED
IAT            C:\Windows\System32\rundll32.exe[3488] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress]                [74F15E25] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT            C:\Windows\System32\rundll32.exe[3488] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress]                  [74F15E25] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT            C:\Windows\System32\rundll32.exe[3488] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress]                [74F15E25] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT            C:\Windows\System32\rundll32.exe[3488] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress]              [74F15E25] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT            C:\Windows\System32\rundll32.exe[3488] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!GetProcAddress]                [74F15E25] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT            C:\Windows\System32\rundll32.exe[3488] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress]                [74F15E25] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

Device          \FileSystem\Ntfs \Ntfs                                                                                                8680E0A0
Device          \Driver\ACPI_HAL \Device\00000051                                                                                    halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

AttachedDevice  \Driver\volmgr \Device\HarddiskVolume1                                                                                fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume2                                                                                fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume3                                                                                fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume4                                                                                fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume5                                                                                fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume6                                                                                fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume7                                                                                fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume8                                                                                fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \FileSystem\fastfat \Fat                                                                                              fltmgr.sys (Microsoft Dateisystem-Filter-Manager/Microsoft Corporation)

Device          -> \Driver\atapi \Device\Harddisk0\DR0                                                                              86666EC5

---- Registry - GMER 1.0.15 ----

Reg            HKLM\SYSTEM\CurrentControlSet\services\ovfmoi@Type                                                                    1
Reg            HKLM\SYSTEM\CurrentControlSet\services\ovfmoi@Start                                                                  0
Reg            HKLM\SYSTEM\CurrentControlSet\services\ovfmoi@ErrorControl                                                            0
Reg            HKLM\SYSTEM\CurrentControlSet\services\ovfmoi@Group                                                                  Boot Bus Extender
Reg            HKLM\SYSTEM\ControlSet002\services\ovfmoi@Type                                                                        1
Reg            HKLM\SYSTEM\ControlSet002\services\ovfmoi@Start                                                                      0
Reg            HKLM\SYSTEM\ControlSet002\services\ovfmoi@ErrorControl                                                                0
Reg            HKLM\SYSTEM\ControlSet002\services\ovfmoi@Group                                                                      Boot Bus Extender

---- Files - GMER 1.0.15 ----

File            C:\Windows\system32\drivers\atapi.sys                                                                                suspicious modification

---- EOF - GMER 1.0.15 ----
--- --- ---





Nach Neustart ist der Bildschirm immer noch schwarz, aber die Datei ist weg. In dem Logfile von GMER ist diese datei auch zu sehen, aber daneben auch noch zwei andere aus dem selben Ordner. Könnten das auch solche Dateien sein?

markusg 12.09.2010 11:00
bitte mache nur die von mir genannten scans.
jetzt versuch combofix, programm sollte laufen jetzt. poste das log.

Franzi5385 12.09.2010 11:42
combofix funktionert. hat auch gescannt, jetzt hängt er aber schon seit mind. 20 min bei folgender mitteilung:

System file is infected!! Attempting to restore
C:\windows\System32\wininit.exe

Ist es normal, dass es solange braucht?

Franzi5385 12.09.2010 11:49
oh schon gut... jetzt kams dann endlich. und hier ist das logfile:


Combofix Logfile:
Code:
ComboFix 10-09-11.01 - Franzi 12.09.2010  12:05:29.1.4 - x86
Microsoft Windows 7 Ultimate  6.1.7600.0.1252.49.1031.18.3549.2503 [GMT 2:00]
ausgeführt von:: F:\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\cleanup.exe
C:\zip.exe

c:\windows\System32\wininit.exe . . . ist infiziert!!

.
(((((((((((((((((((((((  Dateien erstellt von 2010-08-12 bis 2010-09-12  ))))))))))))))))))))))))))))))
.

2010-09-12 10:42 . 2010-09-12 10:42        --------        d-----w-        c:\users\Franzi\AppData\Local\temp
2010-09-11 17:59 . 2009-08-04 15:48        2744800        ----a-w-        c:\windows\system32\drivers\RTKVHDA.sys
2010-09-11 17:59 . 2009-08-04 15:17        1265696        ----a-w-        c:\windows\system32\RtkPgExt.dll
2010-09-11 17:59 . 2009-08-04 15:17        326176        ----a-w-        c:\windows\system32\RtkApoApi.dll
2010-09-11 17:59 . 2009-08-04 15:17        2898464        ----a-w-        c:\windows\system32\RtkAPO.dll
2010-09-11 17:59 . 2009-07-21 20:01        266240        ----a-w-        c:\windows\system32\FMAPO.dll
2010-09-11 17:59 . 2009-04-16 08:14        142848        ----a-w-        c:\windows\system32\AERTACap.dll
2010-09-11 17:59 . 2009-03-31 12:07        125952        ----a-w-        c:\windows\system32\AERTARen.dll
2010-09-11 17:59 . 2009-03-09 03:32        290304        ----a-w-        c:\windows\system32\RP3DHT32.dll
2010-09-11 17:59 . 2009-03-09 03:30        290304        ----a-w-        c:\windows\system32\RP3DAA32.dll
2010-09-11 10:24 . 2010-09-11 10:24        729600        ----a-w-        c:\windows\system32\dlo5ACE.dll
2010-09-11 09:00 . 2010-09-11 09:00        --------        d-----w-        c:\users\Franzi\AppData\Roaming\Malwarebytes
2010-09-11 08:59 . 2010-04-29 13:39        38224        ----a-w-        c:\windows\system32\drivers\mbamswissarmy.sys
2010-09-11 08:59 . 2010-09-11 08:59        --------        d-----w-        c:\programdata\Malwarebytes
2010-09-11 08:59 . 2010-09-11 08:59        --------        d-----w-        c:\program files\Malwarebytes' Anti-Malware
2010-09-11 08:59 . 2010-04-29 13:39        20952        ----a-w-        c:\windows\system32\drivers\mbam.sys
2010-09-11 08:52 . 2010-09-11 08:52        --------        d-----w-        c:\program files\CCleaner
2010-09-11 08:17 . 2010-09-11 20:06        --------        d-----w-        c:\users\Franzi\AppData\Local\cnuygikyr
2010-09-11 08:17 . 2010-09-11 20:06        --------        d-----w-        c:\users\Franzi\AppData\Roaming\eaaygqwhe
2010-09-11 08:17 . 2010-09-11 20:06        --------        d-----w-        c:\users\Franzi\AppData\Local\eaaygqwhe
2010-08-29 11:11 . 2010-08-30 16:07        --------        d-----w-        c:\program files\uTorrent
2010-08-29 11:11 . 2010-09-11 17:43        --------        d-----w-        c:\program files\softonic-de3
2010-08-29 11:11 . 2010-08-29 11:11        --------        d-----w-        c:\program files\Conduit
2010-08-29 11:11 . 2010-09-11 08:21        --------        d-----w-        c:\users\Franzi\AppData\Roaming\uTorrent
2010-08-29 10:34 . 2010-08-29 10:34        --------        d-----w-        c:\windows\Sun
2010-08-24 17:16 . 2010-04-07 07:10        571904        ----a-w-        c:\windows\system32\oleaut32.dll
2010-08-22 16:07 . 2010-08-22 16:07        --------        d-----w-        c:\users\Franzi\AppData\Roaming\vlc
2010-08-22 16:05 . 2010-08-22 16:05        --------        d-----w-        c:\program files\VideoLAN
2010-08-22 08:28 . 2010-08-22 08:28        --------        d-----w-        c:\users\Franzi\AppData\Roaming\TSR

.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-12 10:42 . 2010-05-04 15:03        --------        d-----w-        c:\program files\Common Files\Akamai
2010-09-12 10:08 . 2009-07-14 08:47        669780        ----a-w-        c:\windows\system32\perfh007.dat
2010-09-12 10:08 . 2009-07-14 08:47        136208        ----a-w-        c:\windows\system32\perfc007.dat
2010-09-12 09:50 . 2010-09-12 09:50        574        ----a-w-        C:\cleanup.bat
2010-09-12 09:50 . 2010-09-12 09:50        0        ----a-w-        C:\backup.reg
2010-09-11 20:14 . 2009-06-29 15:27        --------        d--h--w-        c:\program files\Temp
2010-09-11 10:24 . 2010-09-11 10:24        0        ----a-w-        c:\windows\system32\dlo5ACE.tmp
2010-09-11 08:17 . 2010-07-20 20:01        --------        d-----w-        c:\users\Franzi\AppData\Roaming\C2EC17786274D80DF27A2E69F8A4852F
2010-09-10 13:29 . 2010-01-20 13:43        --------        d-----w-        c:\users\Franzi\AppData\Roaming\UseNeXT
2010-09-10 12:03 . 2010-02-12 14:38        --------        d-----w-        c:\program files\Electronic Arts
2010-09-10 12:03 . 2009-06-29 15:27        --------        d--h--w-        c:\program files\InstallShield Installation Information
2010-08-22 07:48 . 2010-02-18 19:03        --------        d-----w-        c:\program files\The Sims Resource
2010-08-21 07:04 . 2010-01-20 13:43        --------        d-----w-        c:\program files\UseNeXT
2010-08-17 18:39 . 2010-02-12 21:49        --------        d-----w-        c:\program files\Common Files\Adobe AIR
2010-08-17 18:38 . 2010-02-12 21:49        53632        ----a-w-        c:\users\Default\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-08-15 01:03 . 2010-01-20 12:47        --------        d-----w-        c:\program files\Microsoft Works
2010-08-15 01:02 . 2010-01-20 14:10        --------        d-----w-        c:\programdata\Microsoft Help
2010-07-29 06:30 . 2010-08-14 05:10        197632        ----a-w-        c:\windows\system32\ir32_32.dll
2010-07-29 06:30 . 2010-08-14 05:10        82944        ----a-w-        c:\windows\system32\iccvid.dll
2010-07-23 13:42 . 2010-01-24 09:09        --------        d-----w-        c:\program files\Common Files\Adobe
2010-07-20 05:56 . 2010-01-20 14:32        --------        d-----w-        c:\users\Franzi\AppData\Roaming\Skype
2010-07-20 05:49 . 2010-07-20 05:49        --------        d-----w-        c:\program files\Common Files\Skype
2010-07-20 05:12 . 2010-01-20 14:35        --------        d-----w-        c:\users\Franzi\AppData\Roaming\skypePM
2010-07-18 07:28 . 2010-03-31 14:59        --------        d-----w-        c:\users\Franzi\AppData\Roaming\MudTV
2010-07-17 06:38 . 2010-07-17 06:42        53632        ----a-w-        c:\users\Franzi\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-06-30 06:25 . 2010-08-14 05:10        978432        ----a-w-        c:\windows\system32\wininet.dll
2010-06-22 02:47 . 2010-08-14 05:10        310784        ----a-w-        c:\windows\system32\drivers\srv.sys
2010-06-22 02:47 . 2010-08-14 05:10        307200        ----a-w-        c:\windows\system32\drivers\srv2.sys
2010-06-22 02:47 . 2010-08-14 05:10        113664        ----a-w-        c:\windows\system32\drivers\srvnet.sys
2010-06-19 06:33 . 2010-08-14 05:10        3955080        ----a-w-        c:\windows\system32\ntkrnlpa.exe
2010-06-19 06:33 . 2010-08-14 05:10        3899784        ----a-w-        c:\windows\system32\ntoskrnl.exe
2010-06-19 06:23 . 2010-08-14 05:10        37376        ----a-w-        c:\windows\system32\rtutils.dll
2010-06-19 04:07 . 2010-08-14 05:10        2326016        ----a-w-        c:\windows\system32\win32k.sys
2010-06-16 05:48 . 2010-08-14 05:10        224256        ----a-w-        c:\windows\system32\schannel.dll
2010-06-15 18:01 . 2010-06-15 18:01        72504        ----a-w-        c:\programdata\Apple Computer\Installer Cache\iTunes 9.2.0.61\SetupAdmin.exe
2009-06-10 21:26 . 2009-07-14 02:04        9633792        --sha-r-        c:\windows\Fonts\StaticCache.dat
2009-07-14 01:14 . 2009-07-13 23:42        396800        --sha-w-        c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe
.

------- Sigcheck -------

[-] 2009-07-13 . ADD2ADE1C2B285AB8378D2DAAF991481 . 17920 . . [6.1.7600.16385] . . c:\windows\System32\drivers\asyncmac.sys

[-] 2009-07-13 . 505506526A9D467307B3C393DEDAF858 . 6144 . . [6.1.7600.16385] . . c:\windows\System32\drivers\beep.sys

[-] 2009-07-13 . F9756A98D69098DCA8945D62858A812C . 4608 . . [6.1.7600.16385] . . c:\windows\System32\drivers\null.sys

[-] 2009-07-14 . 598E1280E7FF3744F4B8329366CC5635 . 102400 . . [6.1.7600.16385] . . c:\windows\System32\browser.dll

[-] 2009-07-14 . F42309C4191C506B71DB5D1126D26318 . 22528 . . [6.1.7600.16385] . . c:\windows\System32\lsass.exe

[-] 2009-07-14 . 7CCCFCA7510684768DA22092D1FA4DB2 . 280576 . . [6.1.7600.16385] . . c:\windows\System32\netman.dll

[-] 2009-07-14 . 53F476476F55A27F580661BDE09C4EC4 . 589312 . . [7.5.7600.16385] . . c:\windows\System32\qmgr.dll

[-] 2009-07-14 . B82CD39E336973359D7C9BF911E8E84F . 376320 . . [6.1.7600.16385] . . c:\windows\System32\rpcss.dll

[-] 2009-07-14 . 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 . 259072 . . [6.1.7600.16385] . . c:\windows\System32\services.exe

[-] 2009-07-14 . 49B6DD6AB3715B7A67965F17194E98A9 . 316416 . . [6.1.7600.16385] . . c:\windows\System32\spoolsv.exe

[-] 2009-10-28 . 37CDB7E72EB66BA85A87CBE37E7F03FD . 285696 . . [6.1.7600.16385] . . c:\windows\System32\winlogon.exe

[-] 2009-07-14 . B0DA80FF42A0819D162A86612896AAF2 . 47104 . . [7.3.7600.16385] . . c:\windows\System32\wuauclt.exe

[-] 2009-07-14 . B62AA1BB1F63839051441D2C6DD7B775 . 530432 . . [5.82] . . c:\windows\System32\comctl32.dll

[-] 2009-07-14 . 9C231178CE4FB385F4B54B0A9080B8A4 . 135680 . . [6.1.7600.16385] . . c:\windows\System32\cryptsvc.dll

[-] 2009-07-14 . F6916EFC29D9953D5D0DF06882AE8E16 . 271360 . . [2001.12.8530.16385] . . c:\windows\System32\es.dll

[-] 2009-07-14 . 5DF8132ADF721329234403189FC94E16 . 118272 . . [6.1.7600.16385] . . c:\windows\System32\imm32.dll

[-] 2009-12-08 . 0369BA73CE6D918745579B24339765E8 . 857088 . . [6.1.7600.16385] . . c:\windows\System32\kernel32.dll

[-] 2009-07-14 . 5987EA8A82C53359BCD2C29D6588583E . 22016 . . [6.1.7600.16385] . . c:\windows\System32\linkinfo.dll

[-] 2009-07-14 . 4F154D2C9C6DF951FD6E5AABBAE6B5EE . 26624 . . [6.1.7600.16385] . . c:\windows\System32\lpk.dll

[-] 2010-06-30 . BDFD710842C8A25DD27254D91DE60AC6 . 5971456 . . [8.00.7600.16385] . . c:\windows\System32\mshtml.dll

[-] 2009-07-14 . E46D48A7FE961401F1CBF85531CDF05D . 690688 . . [7.0.7600.16385] . . c:\windows\System32\msvcrt.dll

[-] 2009-07-14 . 11A41F17527ED75D6B758FDD7F4FD00D . 232448 . . [6.1.7600.16385] . . c:\windows\System32\mswsock.dll

[-] 2009-07-14 . EAA75D9000B71F10EEC04D2AE6C60E81 . 563712 . . [6.1.7600.16385] . . c:\windows\System32\netlogon.dll

[-] 2009-07-14 . 08DFDBD2FD4EA951DC46B1C7661ED35A . 145408 . . [6.1.7600.16385] . . c:\windows\System32\powrprof.dll

[-] 2009-07-14 . 26073302DAEA83CC5B944C546D6B47D2 . 175616 . . [6.1.7600.16385] . . c:\windows\System32\scecli.dll

[-] 2009-07-14 . 40CAEEE0EAF1B8569F7C8DF6420F2CB9 . 2560 . . [6.1.7600.16385] . . c:\windows\System32\sfc.dll

[-] 2009-07-14 . 54A47F6B5E09A77E61649109C6A08866 . 20992 . . [6.1.7600.16385] . . c:\windows\System32\svchost.exe

[-] 2009-07-14 . 2F46B0C70A4ADC8C90CF825DA3B4FEAF . 241664 . . [6.1.7600.16385] . . c:\windows\System32\tapisrv.dll

[-] 2009-07-14 . 34B7E222E81FAFA885F0C5F2CFA56861 . 811520 . . [6.1.7600.16385] . . c:\windows\System32\user32.dll

[-] 2009-07-14 . 6DE80F60D7DE9CE6B8C2DDFDF79EF175 . 26112 . . [6.1.7600.16385] . . c:\windows\System32\userinit.exe

[-] 2010-06-30 . 250267CE6217C1AB4517F22FB7EA13E8 . 978432 . . [8.00.7600.16385] . . c:\windows\System32\wininet.dll

[-] 2009-07-14 . DAAE8A9B8C0ACC7F858454132553C30D . 206336 . . [6.1.7600.16385] . . c:\windows\System32\ws2_32.dll

[-] 2009-07-14 . 808AABDF9337312195CAFF76D1804786 . 4608 . . [6.1.7600.16385] . . c:\windows\System32\ws2help.dll


[-] 2009-07-14 . 4ACB903AD1693858A918907358CBD9E4 . 1412608 . . [6.1.7600.16385] . . c:\windows\System32\ole32.dll

[-] 2009-07-14 . 50BA656134F78AF64E4DD3C8B6FEFD7E . 12288 . . [6.1.7600.16385] . . c:\windows\System32\cngaudit.dll

[-] 2009-07-14 . FD31E3104989B37DE2EF2FA18B7457CD . 96256 . . [6.1.7600.16385] . . c:\windows\System32\wininit.exe

[-] 2009-07-14 . 4A3CDCEF8ED41B221F3DBEF5792FB52D . 8704 . . [6.1.7600.16385] . . c:\windows\System32\ctfmon.exe

[-] 2009-07-14 . CD2E48FA5B29EE2B3B5858056D246EF2 . 328192 . . [6.1.7600.16385] . . c:\windows\System32\shsvcs.dll

[-] 2009-07-14 . CB9A8683F4EF2BF99E123D79950D7935 . 112640 . . [6.1.7600.16385] . . c:\windows\System32\regsvc.dll

[-] 2009-07-14 . 3E8B0C453E25613A1F59762A5C42AA75 . 743424 . . [6.1.7600.16385] . . c:\windows\System32\schedsvc.dll

[-] 2009-07-14 . D887C9FD02AC9FA880F6E5027A43E118 . 162816 . . [6.1.7600.16385] . . c:\windows\System32\ssdpsrv.dll

[-] 2009-07-14 . A01E50A04D7B1960B33E92B9080E6A94 . 543232 . . [6.1.7600.16385] . . c:\windows\System32\termsrv.dll

[-] 2009-07-14 . A45D184DF6A8803DA13A0B329517A64A . 149504 . . [6.1.7600.16385] . . c:\windows\System32\appmgmts.dll

[-] 2009-07-14 . A1E91B5B5273573FC132B683E550B5E6 . 19456 . . [6.1.7600.16385] . . c:\windows\System32\ias.dll

[-] 2009-07-14 01:15 . F8742FC618ECBDA92A406725197E93AE . 924944 . . [4.1.6140] . . c:\windows\System32\mfc40u.dll

[-] 2009-07-14 . 833FBB672460EFCE8011D262175FAD33 . 266752 . . [6.1.7600.16385] . . c:\windows\System32\upnphost.dll

[-] 2009-07-14 . 0E85C11F8850D524B02181C6E02BA9AE . 453632 . . [6.1.7600.16385] . . c:\windows\System32\dsound.dll

[-] 2009-07-14 . 7459301D21C2E21468823F73042D9F87 . 1826816 . . [6.1.7600.16385] . . c:\windows\System32\d3d9.dll

[-] 2009-07-14 . 198552AEFECA69D646867EC8D792DE95 . 531968 . . [6.1.7600.16385] . . c:\windows\System32\ddraw.dll

[-] 2009-07-14 01:16 . C10459DBDC2099C5A8428CB7D87DB85F . 90112 . . [6.1.7600.16385] . . c:\windows\System32\olepro32.dll

[-] 2009-07-14 . EDD2AD141DEBD425D74A52A4D7BE6AC4 . 39424 . . [6.1.7600.16385] . . c:\windows\System32\perfctrs.dll

[-] 2009-07-14 . 702254574E7E52052DE39408457B7149 . 21504 . . [6.1.7600.16385] . . c:\windows\System32\version.dll

c:\windows\explorer.exe ... Fehlt !!
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{60FB86A3-32C0-4A66-B5E0-45CA6EFF6137}]
2010-09-11 10:24        729600        ----a-w-        c:\windows\System32\dlo5ACE.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Enhanced Storage]
@="{60FB86A3-32C0-4A66-B5E0-45CA6EFF6137}"
[HKEY_CLASSES_ROOT\CLSID\{60FB86A3-32C0-4A66-B5E0-45CA6EFF6137}]
2010-09-11 10:24        729600        ----a-w-        c:\windows\System32\dlo5ACE.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="c:\users\Franzi\AppData\Local\Google\Update\GoogleUpdate.exe" [2010-01-20 135664]
"HPADVISOR"="c:\program files\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2009-04-04 1644088]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883840]
"ccleaner"="c:\program files\CCleaner\CCleaner.exe" [2010-08-26 1779512]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-12-04 75016]
"HP Remote Software"="c:\program files\Hewlett-Packard\HP Remote\HP REMOTE V1.0.5.exe" [2009-02-06 143360]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"hpsysdrv"="c:\program files\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768]
"SmartMenu"="c:\program files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" [2009-03-05 915512]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-07-22 150528]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-04-29 1090952]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-07-24 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-07-24 174104]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-07-24 151064]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-9-20 270336]
NETGEAR WG111v3 Smart Wizard.lnk - c:\program files\NETGEAR\WG111v3\WG111v3.exe [2007-9-14 1695744]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)

[HKLM\~\startupfolder\C:^Users^Franzi^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk]
path=c:\users\Franzi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk
backup=c:\windows\pss\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
2008-06-11 20:43        640376        ----a-w-        c:\program files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Acrobat Speed Launcher]
2008-06-12 00:25        37232        ----a-w-        c:\program files\Adobe\Acrobat 9.0\Acrobat\acrobat_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-06-09 08:06        976832        ----a-r-        c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-06-20 02:04        35760        ----a-w-        c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS4ServiceManager]
2008-08-14 06:58        611712        ----a-w-        c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDAgent]
2009-03-19 08:54        1148200        ----a-w-        c:\program files\Hewlett-Packard\Media\DVD\DVDAgent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GizmoDriveDelegate]
2010-02-13 21:12        390752        ----a-w-        c:\progra~1\Gizmo\gdrive.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2008-10-25 10:44        31072        ----a-w-        c:\program files\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-06-15 14:33        141624        ----a-w-        c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Vid]
2009-07-16 14:35        5458704        ----a-w-        c:\program files\Logitech\Logitech Vid\Vid.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
2009-10-14 12:36        2793304        ----a-w-        c:\program files\Logitech\Logitech WebCam Software\LWS.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-03-18 20:16        421888        ----a-w-        c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2010-05-13 15:57        26192168        ----a-r-        c:\program files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-01-11 14:21        246504        ----a-w-        c:\program files\Common Files\Java\Java Update\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent]
2010-08-29 11:18        328568        ----a-w-        c:\program files\uTorrent\uTorrent.exe

2;2 wlviqgbn;Gizmo Device Helper;c:\windows\System32\svchost.exe [x]
R0 lsns;lsns;c:\windows\System32\drivers\ylaud.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe [2009-07-14 20992]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [2010-06-05 1343400]
R4 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-01-31 691696]
S1 GizmoDrv;Gizmo Device Driver; [x]
S2 acedrv11;acedrv11;c:\windows\system32\drivers\acedrv11.sys [2009-01-19 277544]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 20992]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2009-05-13 108289]
S2 EFUploadSrv;ExtraFilm upload service;c:\program files\ExtraFilm Designer CH DE\EFUploadSrv.exe [2009-07-09 1716224]
S2 Gizmo Central;Gizmo Central;c:\program files\Gizmo\gservice.exe [2010-02-13 31856]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2010-04-29 38224]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-08-20 189440]
S3 RTL8187B;NETGEAR WG111v3 54Mbps Wireless USB 2.0 Adapter Vista Driver;c:\windows\system32\DRIVERS\wg111v3.sys [2007-04-23 227328]


--- Andere Dienste/Treiber im Speicher ---

*NewlyCreated* - MBAMSWISSARMY

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12        REG_MULTI_SZ          Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt        REG_MULTI_SZ          hpqcxs08 hpqddsvc
Akamai        REG_MULTI_SZ          Akamai

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
wlviqgbn
.
Inhalt des "geplante Tasks" Ordners

2010-09-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2691724045-2314604569-2155052543-1000Core.job
- c:\users\Franzi\AppData\Local\Google\Update\GoogleUpdate.exe [2010-01-20 13:38]

2010-09-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2691724045-2314604569-2155052543-1000UA.job
- c:\users\Franzi\AppData\Local\Google\Update\GoogleUpdate.exe [2010-01-20 13:38]

2010-07-31 c:\windows\Tasks\PCDRScheduledMaintenance-Delay.job
- c:\program files\PC-Doctor for Windows\pcdr5cuiw32.exe [2009-02-02 19:00]

2010-07-31 c:\windows\Tasks\PCDRScheduledMaintenance.job
- c:\program files\PC-Doctor for Windows\pcdr5cuiw32.exe [2009-02-02 19:00]
.
.
------- Zusätzlicher Suchlauf -------
.
uInternet Settings,ProxyOverride = <local>
IE: An vorhandene PDF-Datei anfügen - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: In Adobe PDF konvertieren - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Linkziel an vorhandene PDF-Datei anhängen - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Linkziel in Adobe PDF konvertieren - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -

MSConfigStartUp-jlyposcy - c:\users\Franzi\AppData\Local\cnuygikyr\nllsimquqiw.exe
MSConfigStartUp-nwxwfgps - c:\users\Franzi\AppData\Roaming\eaaygqwhe\ndwaajnuqiw.exe
AddRemove-Die Kunst des Mordens - Karten des Schicksals_is1 - c:\program files\City Interactive\Die Kunst des Mordens - Karten des Schicksals\unins000.exe


.
--------------------- Gesperrte Registrierungsschluessel ---------------------

[HKEY_USERS\S-1-5-21-2691724045-2314604569-2155052543-1000\Software\SecuROM\License information*]
"datasecu"=hex:10,99,ae,34,ac,fb,71,af,3b,33,32,82,0a,0a,c9,ae,bb,b7,11,f4,a9,
  0e,f1,f6,4d,57,bf,24,78,04,94,4e,21,ee,d5,40,86,6f,91,18,9b,1c,75,c7,67,8f,\
"rkeysecu"=hex:9a,1a,04,33,4f,ad,6f,c6,5a,87,36,b5,09,48,c8,bc

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2010-09-12  12:46:11
ComboFix-quarantined-files.txt  2010-09-12 10:46

Vor Suchlauf: 13 Verzeichnis(se), 264.493.932.544 Bytes frei
Nach Suchlauf: 21 Verzeichnis(se), 264.565.809.152 Bytes frei

- - End Of File - - CBFDF63D702C91AB0FC0DD944C051644
--- --- ---

markusg 12.09.2010 14:36
• Starte bitte die OTL.exe.
• Kopiere nun das Folgende in die Textbox.

:OTL
SRV - (wlviqgbn) -- C:\Windows\System32\dlo5ACE.dll (aglrqmtrat Corporation)
DRV - (catchme) -- C:\Users\Franzi\AppData\Local\Temp\catchme.sys File not found
IE - HKLM\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - Reg Error: Key error. File not found
O2 - BHO: () - {60FB86A3-32C0-4A66-B5E0-45CA6EFF6137} - C:\Windows\System32\dlo5ACE.dll (aglrqmtrat Corporation)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [combofix] C:\ComboFix\CF14261.cfx File not found
O4 - HKLM..\RunOnce: [] File not found
O4 - HKLM..\RunOnce: [combofix] C:\ComboFix\CF14261.cfx File not found
O4 - HKLM..\RunOnceEx: [flags] Reg Error: Invalid data type. File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: a5x3tq = C:\Users\Franzi\AppData\Local\Temp\202fbh.exe File not found
O20 - HKLM Winlogon: TaskMan - (C:\Users\Franzi\AppData\Roaming\ohydy.exe) - C:\Users\Franzi\AppData\Roaming\ohydy.exe (wcwC)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O33 - MountPoints2\{ca88f6a1-adba-11df-82dc-0026189921df}\Shell\AutoRun\command - "" = K:\WD SmartWare.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
[2010.09.11 10:17:34 | 000,000,000 | ---D | C] -- C:\Users\Franzi\AppData\Local\cnuygikyr
[2010.09.11 10:17:33 | 000,000,000 | ---D | C] -- C:\Users\Franzi\AppData\Roaming\eaaygqwhe
[2010.09.11 10:17:33 | 000,000,000 | ---D | C] -- C:\Users\Franzi\AppData\Local\eaaygqwhe
[2010.09.11 10:17:18 | 000,000,000 | -H-D | C] -- C:\Users\Public\Documents\Server
[2010.09.11 10:17:57 | 000,000,000 | ---D | M] -- C:\Users\Franzi\AppData\Roaming\C2EC17786274D80DF27A2E69F8A4852F
:Files
C:\Windows\System32\dlo5ACE.dll
:Commands
[purity]
[EMPTYFLASH]
[emptytemp]
[Reboot]
• Schliesse bitte nun alle Programme.
• Klicke nun bitte auf den Fix Button.
• OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
• Nach dem Neustart findest Du ein Textdokument dieses posten


Alle Zeitangaben in WEZ +1. Es ist jetzt 12:05 Uhr.

Copyright ©2000-2024, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130