Malware Protection Virus - Alles sauber?

vihille · 15.08.2011, 09:13

Guten Morgen,

ich hab mir diesen nervigen Malware Protection Virus eingefangen. Es hat sich dieses Fake Anti-Viren-Programm geöffnet und alle Programme wurden geblockt. Zusätzlich sind noch der Großteil meiner Dateien versteckt.

- Ich hab den PC im abgesichterten Modus gestartet
- rkill 2x ausgeführt
- einen vollständigen (aktualisierten) Malwarebytes-Scan durchgeführt
- dann OTH laufen lassen
- nochmal einen Quickscan mit Malwarebytes ausgeführt
- Neustart
- Defogger
- Neustart
- OTL

OTL.TXTOTL Logfile:

Code:

ATTFilter

OTL logfile created on: 15.08.2011 10:00:12 - Run 2
OTL by OldTimer - Version 3.2.23.0 Folder = C:\Users\Vincent\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19120)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1021,31 Mb Total Physical Memory | 373,64 Mb Available Physical Memory | 36,58% Memory free
2,25 Gb Paging File | 1,43 Gb Available in Paging File | 63,62% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 143,82 Gb Total Space | 43,30 Gb Free Space | 30,11% Space Free | Partition Type: NTFS
Drive D: | 5,23 Gb Total Space | 1,18 Gb Free Space | 22,61% Space Free | Partition Type: NTFS
Drive G: | 465,76 Gb Total Space | 13,69 Gb Free Space | 2,94% Space Free | Partition Type: NTFS
 
Computer Name: VINCENT-PC | User Name: Vincent | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Users\Vincent\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Unlocker\UnlockerAssistant.exe ()
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Defender\MSASCui.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
PRC - C:\Programme\Maxtor\Sync\SyncServices.exe (Seagate Technology LLC)
PRC - C:\Programme\Dell\MFP_DELL\deMntrService.exe (Dell)
PRC - C:\Windows\System32\spool\drivers\w32x86\3\E_FATICDE.EXE (SEIKO EPSON CORPORATION)
PRC - C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe (Macrovision Corporation)
PRC - C:\Programme\HP\QuickPlay\Kernel\TV\CLSched.exe ()
PRC - C:\Programme\HP\QuickPlay\Kernel\TV\CLCapSvc.exe ()
PRC - C:\Programme\Symantec\LiveUpdate\AluSchedulerSvc.exe (Symantec Corporation)
PRC - C:\Windows\System32\PSIService.exe ()
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\Vincent\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (CLTNetCnService) -- File not found
SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (OpenVPNService) -- C:\Programme\OpenVPN\bin\openvpnserv.exe ()
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (Maxtor Sync Service) -- C:\Program Files\Maxtor\Sync\SyncServices.exe (Seagate Technology LLC)
SRV - (deMntrService) -- C:\Program Files\Dell\MFP_DELL\deMntrService.exe (Dell)
SRV - (adonym Update Service) -- C:\Program Files\adonym\adonymService.exe ( )
SRV - (adonymServiceUpdater) -- C:\Program Files\adonym\adonymServiceUpdater.exe ( )
SRV - (SSScsiSV) -- C:\Programme\Common Files\Sony Shared\AVLib\SSScsiSV.exe (Sony Corporation)
SRV - (SonicStage Back-End Service) -- C:\Program Files\Common Files\Sony Shared\AVLib\SsBeSvc.exe (Sony Corporation)
SRV - (MSCSPTISRV) -- C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe (Sony Corporation)
SRV - (SPTISRV) -- C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe (Sony Corporation)
SRV - (PACSPTISVR) -- C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe ()
SRV - (CLSched) CyberLink Task Scheduler (CTS) -- C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe ()
SRV - (CLCapSvc) CyberLink Background Capture Service (CBCS) -- C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe ()
SRV - (LiveUpdate) -- C:\Programme\Symantec\LiveUpdate\LuComServer_3_2.EXE (Symantec Corporation)
SRV - (Automatisches LiveUpdate - Scheduler) -- C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (Symantec Corporation)
SRV - (ProtexisLicensing) -- C:\Windows\System32\PSIService.exe ()
SRV - (AddFiltr) -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe (Hewlett-Packard Development Company, L.P.)
SRV - (ServiceLayer) -- C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe (Nokia.)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (MBAMSwissArmy) -- C:\Windows\System32\drivers\mbamswissarmy.sys (Malwarebytes Corporation)
DRV - (tap0901) -- C:\Windows\System32\drivers\tap0901.sys (The OpenVPN Project)
DRV - (CnxtHdAudService) -- C:\Windows\System32\drivers\CHDRT32.sys (Conexant Systems Inc.)
DRV - (e1express) Intel(R) -- C:\Windows\System32\drivers\e1e6032.sys (Intel Corporation)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (AVIRA GmbH)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (hwdatacard) -- C:\Windows\System32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
DRV - (QuarticsWPMirror) -- C:\Windows\System32\drivers\QuarticsWPMirror.sys (Quartics LLC)
DRV - (QuarticsWP) -- C:\Windows\System32\drivers\QuarticsWP.sys (Quartics LLC)
DRV - (DESVUSB) -- C:\Windows\System32\drivers\desrvusb.sys (Olivetti-Engineering SA)
DRV - (MXOPSWD) -- C:\Windows\System32\drivers\mxopswd.sys (Maxtor Corp.)
DRV - (sfvfs02) StarForce Protection VFS Driver (version 2.x) -- C:\Windows\System32\drivers\sfvfs02.sys (Protection Technology (StarForce))
DRV - (ST50220) -- C:\Windows\System32\drivers\ST50220.sys (Sonix)
DRV - (HdAudAddService) -- C:\Windows\System32\drivers\CHDART.sys (Conexant Systems Inc.)
DRV - (rimmptsk) -- C:\Windows\System32\drivers\rimmptsk.sys (REDC)
DRV - (rimsptsk) -- C:\Windows\System32\drivers\rimsptsk.sys (REDC)
DRV - (rismxdp) -- C:\Windows\System32\drivers\rixdptsk.sys (REDC)
DRV - (NETw3v32) Intel(R) -- C:\Windows\System32\drivers\NETw3v32.sys (Intel® Corporation)
DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio.sys (Conexant Systems, Inc.)
DRV - (sfdrv01) StarForce Protection Environment Driver (version 1.x) -- C:\Windows\System32\drivers\sfdrv01.sys (Protection Technology (StarForce))
DRV - (eabfiltr) -- C:\Windows\System32\drivers\eabfiltr.sys (Hewlett-Packard Development Company, L.P.)
DRV - (HBtnKey) -- C:\Windows\System32\drivers\CPQBttn.sys (Hewlett-Packard Development Company, L.P.)
DRV - (sfhlp02) StarForce Protection Helper Driver (version 2.x) -- C:\Windows\System32\drivers\sfhlp02.sys (Protection Technology (StarForce))
DRV - (Nokia USB Phone Parent) -- C:\Windows\System32\drivers\nmwcd.sys (Nokia)
DRV - (Nokia USB Port) -- C:\Windows\System32\drivers\nmwcdcj.sys (Nokia)
DRV - (Nokia USB Modem) -- C:\Windows\System32\drivers\nmwcdcm.sys (Nokia)
DRV - (Nokia USB Generic) -- C:\Windows\System32\drivers\nmwcdc.sys (Nokia)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=DE_DE&c=71&bd=Pavilion&pf=laptop
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=DE_DE&c=71&bd=Pavilion&pf=laptop
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledItems: dvscontextmenuy@dvdvideosoft.com:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.1.7&q="
FF - prefs.js..network.proxy.no_proxies_on: "*.local"
 
FF - HKLM\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.06.28 07:34:56 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.05.13 11:56:19 | 000,000,000 | ---D | M]
 
[2009.01.17 13:36:34 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Vincent\AppData\Roaming\mozilla\Extensions
[2011.06.21 23:33:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Vincent\AppData\Roaming\mozilla\Firefox\Profiles\uzvm1syi.default\extensions
[2011.05.25 09:27:20 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Vincent\AppData\Roaming\mozilla\Firefox\Profiles\uzvm1syi.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011.06.21 23:33:57 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Users\Vincent\AppData\Roaming\mozilla\Firefox\Profiles\uzvm1syi.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2011.08.15 01:00:20 | 000,001,056 | ---- | M] () -- C:\Users\Vincent\AppData\Roaming\Mozilla\Firefox\Profiles\uzvm1syi.default\searchplugins\icqplugin.xml
[2011.03.20 12:21:01 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2010.08.15 18:12:13 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2009.01.17 13:36:32 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions\talkback@mozilla.org
File not found (No name found) -- 
[2010.08.15 18:12:13 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2011.06.28 07:34:55 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Programme\Mozilla Firefox\components\browsercomps.dll
[2010.08.15 18:09:54 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll
[2011.05.13 11:56:08 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2011.05.13 11:56:08 | 000,002,252 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\bing.xml
[2011.05.13 11:56:08 | 000,001,153 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2011.05.13 11:56:08 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2011.05.13 11:56:08 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2011.05.13 11:56:09 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (WebSpeechBHO Class) - {83A30C59-3A50-49E6-9DAF-4923C4EA3C23} - C:\Programme\Common Files\WebSpeech.4.0\LgxIEBar.dll (G DATA Software AG)
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Programme\Google\GoogleToolbar2.dll (Google Germany GmbH)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Programme\Google\GoogleToolbar2.dll (Google Germany GmbH)
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKLM\..\Toolbar: (Veoh Browser Plug-in) - {D0943516-5076-4020-A3B5-AEFAF26AB263} - File not found
O3 - HKCU\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Programme\Google\GoogleToolbar2.dll (Google Germany GmbH)
O3 - HKCU\..\Toolbar\WebBrowser: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NWEReboot] File not found
O4 - HKLM..\Run: [UnlockerAssistant] C:\Program Files\Unlocker\UnlockerAssistant.exe ()
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [] File not found
O4 - HKCU..\Run: [EPSON Stylus DX7400 Series] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_FATICDE.EXE (SEIKO EPSON CORPORATION)
O4 - HKCU..\Run: [ISUSPM] C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe (Macrovision Corporation)
O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [Launcher] C:\Windows\SMINST\Launcher.exe (soft thinks)
O4 - Startup: C:\Users\Vincent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Product Registration.lnk = File not found
O4 - Startup: C:\Users\Vincent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Stickies.lnk = C:\Programme\stickies\stickies.exe (Zhorn Software)
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Programme\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Save YouTube Video as MP3 - C:\Program Files\Common Files\DVDVideoSoft\Dll\IEContextMenuY.dll (DVSTeam)
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: WebSpeech - {1CE4DE72-7FCC-4eb8-8F66-AE6A56A0A54D} - C:\Programme\Common Files\WebSpeech.4.0\LgxIEBar.dll (G DATA Software AG)
O9 - Extra 'Tools' menuitem : Seite/Markierung vorlesen (WebSpeech) - {1CE4DE72-7FCC-4eb8-8F66-AE6A56A0A54D} - C:\Programme\Common Files\WebSpeech.4.0\LgxIEBar.dll (G DATA Software AG)
O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Programme\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Programme\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab (QuickTime Object)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/5/b/0/5b0d4654-aa20-495c-b89f-c1c34c691085/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} hxxp://gfx2.hotmail.com/mail/w3/resources/VistaMSNPUpldde-de.cab (MSN Photo Upload Tool)
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} hxxp://messenger.zone.msn.com/DE-DE/a-UNO1/GAME_UNO1.cab (UnoCtrl Class)
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} hxxp://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab (System Requirements Lab Class)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} hxxp://download.divx.com/player/DivXBrowserPlugin.cab (DivXBrowserPlugin Object)
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} hxxp://static.ak.studivz.net/photouploader/ImageUploader4.cab?nocache=20071219-1 (Image Uploader Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {BA162249-F2C5-4851-8ADC-FC58CB424243} hxxp://static.pe.studivz.net/photouploader/ImageUploader5.cab?nocache=1206910536 (Image Uploader Control)
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} hxxp://icq.oberon-media.com/Gameshell/GameHost/1.0/OberonGameHost.cab (Oberon Flash Game Host)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - File not found
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Vincent\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Vincent\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2005.09.11 17:18:54 | 000,000,340 | -HS- | M] () - D:\AUTOMODE -- [ NTFS ]
O32 - AutoRun File - [2008.12.15 11:52:18 | 000,000,080 | ---- | M] () - G:\Autorun.inf -- [ NTFS ]
O33 - MountPoints2\{235bce2d-53f7-11de-87f7-001a6b211ad2}\Shell - "" = AutoRun
O33 - MountPoints2\{235bce2d-53f7-11de-87f7-001a6b211ad2}\Shell\AutoRun\command - "" = F:\StartVMCLite.exe
O33 - MountPoints2\{235bce35-53f7-11de-87f7-001a6b211ad2}\Shell - "" = AutoRun
O33 - MountPoints2\{235bce35-53f7-11de-87f7-001a6b211ad2}\Shell\AutoRun\command - "" = F:\StartVMCLite.exe
O33 - MountPoints2\{3adf0d12-77f1-11df-9b5e-001a6b211ad2}\Shell\AutoRun\command - "" = C:\Windows\System32\cmd.exe -- [2008.01.19 09:33:04 | 000,318,976 | ---- | M] (Microsoft Corporation)
O33 - MountPoints2\{3adf0d12-77f1-11df-9b5e-001a6b211ad2}\Shell\explore\command - "" = C:\Windows\System32\cmd.exe -- [2008.01.19 09:33:04 | 000,318,976 | ---- | M] (Microsoft Corporation)
O33 - MountPoints2\{3adf0d12-77f1-11df-9b5e-001a6b211ad2}\Shell\open\command - "" = C:\Windows\System32\cmd.exe -- [2008.01.19 09:33:04 | 000,318,976 | ---- | M] (Microsoft Corporation)
O33 - MountPoints2\{4526b870-6fcd-11df-aa23-001a6b211ad2}\Shell\AutoRun\command - "" = C:\Windows\System32\cmd.exe -- [2008.01.19 09:33:04 | 000,318,976 | ---- | M] (Microsoft Corporation)
O33 - MountPoints2\{4526b870-6fcd-11df-aa23-001a6b211ad2}\Shell\explore\command - "" = C:\Windows\System32\cmd.exe -- [2008.01.19 09:33:04 | 000,318,976 | ---- | M] (Microsoft Corporation)
O33 - MountPoints2\{4526b870-6fcd-11df-aa23-001a6b211ad2}\Shell\open\command - "" = C:\Windows\System32\cmd.exe -- [2008.01.19 09:33:04 | 000,318,976 | ---- | M] (Microsoft Corporation)
O33 - MountPoints2\{8b5b7e97-960c-11dd-89ef-001a6b211ad2}\Shell\AutoRun\command - "" = wscript.exe .\.vbs
O33 - MountPoints2\{8b5b7e97-960c-11dd-89ef-001a6b211ad2}\Shell\open\command - "" = wscript.exe .\.vbs
O33 - MountPoints2\{b8cea898-fda1-11dd-82c4-001a6b211ad2}\Shell - "" = AutoRun
O33 - MountPoints2\{b8cea898-fda1-11dd-82c4-001a6b211ad2}\Shell\AutoRun\command - "" = G:\LaunchU3.exe
O33 - MountPoints2\{c453a39c-b7e7-11df-8cf8-001a6b211ad2}\Shell - "" = AutoRun
O33 - MountPoints2\{c453a39c-b7e7-11df-8cf8-001a6b211ad2}\Shell\AutoRun\command - "" = F:\StartVMCLite.exe
O33 - MountPoints2\{c453a39d-b7e7-11df-8cf8-001a6b211ad2}\Shell - "" = AutoRun
O33 - MountPoints2\{c453a39d-b7e7-11df-8cf8-001a6b211ad2}\Shell\AutoRun\command - "" = F:\StartVMCLite.exe
O33 - MountPoints2\{e1d7b08d-cde4-11de-9aff-001a6b211ad2}\Shell\AutoRun\command - "" = AutoRun\AutoStart.exe
O33 - MountPoints2\{e1d7b08d-cde4-11de-9aff-001a6b211ad2}\Shell\Explore\Command - "" = AutoRun\AutoStart.exe
O33 - MountPoints2\{e1d7b08d-cde4-11de-9aff-001a6b211ad2}\Shell\Open\Command - "" = AutoRun\AutoStart.exe
O33 - MountPoints2\{ef0fb2ff-a14b-11de-a7c6-001a6b211ad2}\Shell - "" = AutoRun
O33 - MountPoints2\{ef0fb2ff-a14b-11de-a7c6-001a6b211ad2}\Shell\AutoRun\command - "" = F:\StartVMCLite.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.08.15 09:21:25 | 000,258,560 | ---- | C] (OldTimer Tools) -- C:\Users\Vincent\Desktop\OTH.scr
[2011.08.12 19:31:34 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011.08.10 14:52:24 | 000,404,640 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2011.08.10 00:54:01 | 000,375,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll
[2011.08.10 00:52:40 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2011.08.10 00:52:35 | 000,174,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2011.08.10 00:52:31 | 000,602,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2011.08.10 00:52:31 | 000,105,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2011.08.10 00:52:30 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2011.08.10 00:52:29 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2011.08.10 00:52:29 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2011.08.10 00:52:28 | 000,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2011.08.10 00:52:27 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2011.08.10 00:52:26 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2011.08.10 00:52:25 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2011.08.10 00:52:06 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2011.08.10 00:52:04 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2011.08.10 00:52:04 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2011.08.10 00:52:03 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2011.08.10 00:52:03 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2011.08.10 00:52:02 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2011.08.10 00:52:01 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011.08.10 00:50:12 | 003,602,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2011.08.10 00:50:11 | 003,550,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2011.08.08 10:26:10 | 000,000,000 | ---D | C] -- C:\Users\Vincent\Desktop\Strafrecht Hausarbeit
[2011.08.08 09:31:36 | 000,000,000 | ---D | C] -- C:\Users\Vincent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OpenVPN
[2011.08.08 09:31:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenVPN
[2011.08.08 09:31:35 | 000,000,000 | ---D | C] -- C:\Programme\OpenVPN
[2011.07.17 01:37:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ICQ7.5
[2011.07.17 01:37:01 | 000,000,000 | ---D | C] -- C:\Programme\ICQ7.5
[2007.09.07 20:52:01 | 000,126,976 | ---- | C] ( ) -- C:\Windows\System32\Interop.SHDocVw.dll
[2007.09.07 20:52:01 | 000,049,152 | ---- | C] ( ) -- C:\Windows\System32\AxInterop.SHDocVw.dll
[1 C:\Users\Vincent\AppData\Local\*.tmp files -> C:\Users\Vincent\AppData\Local\*.tmp -> ]
[1 C:\Users\Vincent\*.tmp files -> C:\Users\Vincent\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011.08.15 09:55:32 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011.08.15 09:55:21 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011.08.15 09:55:21 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011.08.15 09:55:14 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.08.15 09:55:08 | 1071,702,016 | -HS- | M] () -- C:\hiberfil.sys
[2011.08.15 09:53:49 | 000,001,076 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2011.08.15 09:52:08 | 000,000,000 | ---- | M] () -- C:\Users\Vincent\defogger_reenable
[2011.08.15 09:49:12 | 000,050,477 | ---- | M] () -- C:\Users\Vincent\Desktop\Defogger.exe
[2011.08.15 09:38:11 | 000,001,100 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011.08.15 09:21:01 | 000,258,560 | ---- | M] (OldTimer Tools) -- C:\Users\Vincent\Desktop\OTH.scr
[2011.08.14 22:52:18 | 000,115,200 | ---- | M] () -- C:\Users\Vincent\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.08.14 18:00:00 | 000,000,412 | ---- | M] () -- C:\Windows\tasks\Norton Security Scan.job
[2011.08.12 19:32:47 | 000,628,742 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.08.12 19:32:47 | 000,595,996 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.08.12 19:32:47 | 000,104,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.08.12 19:32:46 | 000,126,260 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.08.11 10:19:31 | 000,702,336 | ---- | M] () -- C:\Users\Vincent\Documents\931960285img5150122477l.jpg
[2011.08.11 08:47:42 | 158,804,141 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011.08.10 14:52:24 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2011.08.10 14:15:40 | 000,006,192 | ---- | M] () -- C:\Users\Vincent\Documents\1401780-1247540871-Autobots.gif
[2011.08.10 14:13:11 | 000,003,615 | ---- | M] () -- C:\Users\Vincent\Documents\lens1465314_transformers.jpg
[2011.08.08 12:44:46 | 000,576,454 | ---- | M] () -- C:\Users\Vincent\Documents\6ae5b04e0386de8e96bbf848c3963964.jpg
[2011.08.08 10:03:28 | 000,128,318 | ---- | M] () -- C:\Users\Vincent\Documents\2291486256e48694a611ooy9.jpg
[2011.08.08 10:03:20 | 000,135,180 | ---- | M] () -- C:\Users\Vincent\Documents\22914859320c6d4f2d72oth0.jpg
[2011.08.08 10:02:41 | 000,091,031 | ---- | M] () -- C:\Users\Vincent\Documents\g55black.jpg
[2011.08.08 10:02:20 | 000,948,576 | ---- | M] () -- C:\Users\Vincent\Documents\5496425195_9dc56a7f0b_o.jpg
[2011.08.08 09:47:56 | 000,165,386 | ---- | M] () -- C:\Users\Vincent\Documents\dsc0201sa.jpg
[2011.08.08 09:47:49 | 000,150,872 | ---- | M] () -- C:\Users\Vincent\Documents\dsc0198do.jpg
[2011.08.08 09:34:36 | 000,000,918 | ---- | M] () -- C:\Users\Vincent\Desktop\OpenVPN GUI.lnk
[2011.08.08 08:26:09 | 000,339,920 | ---- | M] () -- C:\Users\Vincent\Documents\wallpaper-i1280x1024.jpg
[2011.08.06 20:40:31 | 000,000,422 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{9BB5E2AA-C05E-4E5A-92E4-9E4C19C017B3}.job
[2011.08.02 09:57:07 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.07.23 13:04:18 | 000,105,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2011.07.23 13:01:07 | 000,611,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2011.07.23 13:00:36 | 000,602,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2011.07.23 13:00:36 | 000,055,296 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2011.07.23 13:00:05 | 000,043,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2011.07.23 12:59:57 | 000,025,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2011.07.23 12:59:52 | 001,469,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2011.07.23 12:59:35 | 000,164,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2011.07.23 12:59:34 | 000,184,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2011.07.23 12:59:34 | 000,109,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2011.07.23 12:59:34 | 000,071,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2011.07.23 12:59:34 | 000,055,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2011.07.23 12:59:29 | 000,387,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2011.07.23 12:03:47 | 000,385,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2011.07.23 11:27:04 | 000,133,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2011.07.23 11:26:52 | 000,174,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2011.07.23 11:26:12 | 000,013,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2011.07.23 11:25:38 | 001,638,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011.07.22 09:26:59 | 002,087,556 | ---- | M] () -- C:\Users\Vincent\Documents\IMGP2715.JPG
[2011.07.22 09:26:45 | 002,099,679 | ---- | M] () -- C:\Users\Vincent\Documents\IMGP2701.JPG
[1 C:\Users\Vincent\AppData\Local\*.tmp files -> C:\Users\Vincent\AppData\Local\*.tmp -> ]
[1 C:\Users\Vincent\*.tmp files -> C:\Users\Vincent\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011.08.15 09:52:08 | 000,000,000 | ---- | C] () -- C:\Users\Vincent\defogger_reenable
[2011.08.15 09:51:07 | 000,050,477 | ---- | C] () -- C:\Users\Vincent\Desktop\Defogger.exe
[2011.08.15 09:35:51 | 1071,702,016 | -HS- | C] () -- C:\hiberfil.sys
[2011.08.11 10:19:14 | 000,702,336 | ---- | C] () -- C:\Users\Vincent\Documents\931960285img5150122477l.jpg
[2011.08.10 14:15:34 | 000,006,192 | ---- | C] () -- C:\Users\Vincent\Documents\1401780-1247540871-Autobots.gif
[2011.08.10 14:12:51 | 000,003,615 | ---- | C] () -- C:\Users\Vincent\Documents\lens1465314_transformers.jpg
[2011.08.08 12:44:39 | 000,576,454 | ---- | C] () -- C:\Users\Vincent\Documents\6ae5b04e0386de8e96bbf848c3963964.jpg
[2011.08.08 10:03:27 | 000,128,318 | ---- | C] () -- C:\Users\Vincent\Documents\2291486256e48694a611ooy9.jpg
[2011.08.08 10:03:17 | 000,135,180 | ---- | C] () -- C:\Users\Vincent\Documents\22914859320c6d4f2d72oth0.jpg
[2011.08.08 10:02:41 | 000,091,031 | ---- | C] () -- C:\Users\Vincent\Documents\g55black.jpg
[2011.08.08 10:02:16 | 000,948,576 | ---- | C] () -- C:\Users\Vincent\Documents\5496425195_9dc56a7f0b_o.jpg
[2011.08.08 09:47:54 | 000,165,386 | ---- | C] () -- C:\Users\Vincent\Documents\dsc0201sa.jpg
[2011.08.08 09:47:41 | 000,150,872 | ---- | C] () -- C:\Users\Vincent\Documents\dsc0198do.jpg
[2011.08.08 09:34:36 | 000,000,918 | ---- | C] () -- C:\Users\Vincent\Desktop\OpenVPN GUI.lnk
[2011.08.08 08:26:00 | 000,339,920 | ---- | C] () -- C:\Users\Vincent\Documents\wallpaper-i1280x1024.jpg
[2011.07.22 09:26:31 | 002,087,556 | ---- | C] () -- C:\Users\Vincent\Documents\IMGP2715.JPG
[2011.07.22 09:26:19 | 002,099,679 | ---- | C] () -- C:\Users\Vincent\Documents\IMGP2701.JPG
[2011.05.24 23:23:30 | 000,000,344 | -H-- | C] () -- C:\ProgramData\43769592
[2009.09.24 11:46:41 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009.09.24 11:46:41 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009.08.11 00:29:04 | 000,007,052 | -H-- | C] () -- C:\Users\Vincent\AppData\Local\d3d9caps.dat
[2009.06.03 10:40:25 | 000,043,520 | ---- | C] () -- C:\Windows\System32\CmdLineExt03.dll
[2009.02.07 00:41:35 | 000,000,553 | ---- | C] () -- C:\Windows\eReg.dat
[2009.01.27 14:22:44 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008.11.06 18:37:32 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
[2008.11.06 18:33:02 | 000,012,288 | ---- | C] () -- C:\Windows\System32\DivXWMPExtType.dll
[2008.10.31 18:58:57 | 000,111,932 | ---- | C] () -- C:\Windows\System32\EPPICPrinterDB.dat
[2008.10.31 18:58:57 | 000,031,053 | ---- | C] () -- C:\Windows\System32\EPPICPattern131.dat
[2008.10.31 18:58:57 | 000,027,417 | ---- | C] () -- C:\Windows\System32\EPPICPattern121.dat
[2008.10.31 18:58:57 | 000,024,903 | ---- | C] () -- C:\Windows\System32\EPPICPattern3.dat
[2008.10.31 18:58:57 | 000,021,390 | ---- | C] () -- C:\Windows\System32\EPPICPattern5.dat
[2008.10.31 18:58:57 | 000,020,148 | ---- | C] () -- C:\Windows\System32\EPPICPattern2.dat
[2008.10.31 18:58:57 | 000,011,811 | ---- | C] () -- C:\Windows\System32\EPPICPattern4.dat
[2008.10.31 18:58:57 | 000,004,943 | ---- | C] () -- C:\Windows\System32\EPPICPattern6.dat
[2008.10.31 18:58:57 | 000,001,146 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_DU.dat
[2008.10.31 18:58:57 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_PT.dat
[2008.10.31 18:58:57 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_BP.dat
[2008.10.31 18:58:57 | 000,001,136 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_ES.dat
[2008.10.31 18:58:57 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_FR.dat
[2008.10.31 18:58:57 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_CF.dat
[2008.10.31 18:58:57 | 000,001,120 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_IT.dat
[2008.10.31 18:58:57 | 000,001,107 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_GE.dat
[2008.10.31 18:58:57 | 000,001,104 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_EN.dat
[2008.10.31 18:58:57 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini
[2008.10.31 18:58:56 | 000,026,154 | ---- | C] () -- C:\Windows\System32\EPPICPattern1.dat
[2008.10.31 18:49:55 | 000,000,025 | ---- | C] () -- C:\Windows\CDE DX7400DEFGIPS.ini
[2008.10.15 13:02:37 | 000,000,048 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2008.07.13 17:26:33 | 000,006,751 | ---- | C] () -- C:\ProgramData\LUUnInstall.LiveUpdate
[2008.07.04 12:48:12 | 000,000,088 | RHS- | C] () -- C:\Windows\System32\C1E486C548.sys
[2008.07.04 12:48:11 | 000,002,828 | -HS- | C] () -- C:\Windows\System32\KGyGaAvL.sys
[2008.07.03 17:51:40 | 001,369,680 | ---- | C] () -- C:\ProgramData\pswi_preloaded.exe
[2008.07.03 17:50:22 | 000,000,412 | ---- | C] () -- C:\Windows\MAXLINK.INI
[2008.02.18 14:20:44 | 000,002,476 | -H-- | C] () -- C:\Users\Vincent\AppData\Roaming\NMM-MetaData.db
[2007.12.11 14:49:32 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
[2007.10.31 17:08:19 | 000,013,015 | ---- | C] () -- C:\Windows\System32\SpoonUninstall-dBpoweramp Music Converter.dat
[2007.10.31 17:08:17 | 004,229,496 | ---- | C] () -- C:\Windows\System32\SpoonUninstall.exe
[2007.08.19 19:03:46 | 000,394,240 | ---- | C] () -- C:\Windows\System32\Smab.dll
[2007.08.19 19:03:45 | 000,066,560 | ---- | C] () -- C:\Windows\MOTA113.exe
[2007.08.19 19:03:45 | 000,027,648 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll
[2007.08.19 19:03:44 | 000,502,784 | ---- | C] () -- C:\Windows\x2.64.exe
[2007.08.19 19:03:44 | 000,240,128 | ---- | C] () -- C:\Windows\System32\x.264.exe
[2007.08.19 19:03:44 | 000,217,073 | ---- | C] () -- C:\Windows\meta4.exe
[2007.06.28 19:30:55 | 000,532,480 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Sony.dll
[2007.06.25 13:01:38 | 000,000,238 | -H-- | C] () -- C:\Users\Vincent\AppData\Roaming\wklnhst.dat
[2007.06.18 20:03:14 | 000,084,268 | -H-- | C] () -- C:\Users\Vincent\AppData\Roaming\nvModes.001
[2007.06.18 18:03:30 | 000,115,200 | ---- | C] () -- C:\Users\Vincent\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007.06.18 18:00:24 | 000,084,268 | -H-- | C] () -- C:\Users\Vincent\AppData\Roaming\nvModes.dat
[2007.06.06 09:32:52 | 000,002,699 | ---- | C] () -- C:\Windows\System32\d1wiaUiStr.bin
[2006.12.21 05:34:29 | 000,001,076 | ---- | C] () -- C:\Windows\bthservsdp.dat
[2006.11.29 09:32:42 | 000,000,000 | ---- | C] () -- C:\Windows\System32\px.ini
[2006.11.03 17:25:56 | 000,389,120 | ---- | C] () -- C:\Windows\System32\btwhidcs.dll
[2006.11.02 20:40:12 | 000,174,656 | ---- | C] () -- C:\Windows\System32\PSIService.exe
[2006.11.02 17:33:31 | 000,628,742 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2006.11.02 17:33:31 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2006.11.02 17:33:31 | 000,126,260 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2006.11.02 17:33:31 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2006.11.02 14:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 14:47:37 | 001,684,128 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 12:33:01 | 000,595,996 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006.11.02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006.11.02 12:33:01 | 000,104,070 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006.11.02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006.11.02 12:25:21 | 000,061,440 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll
[2006.11.02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006.11.02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006.11.02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.11.02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006.09.19 09:02:40 | 000,520,192 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Roxio.dll
[2006.09.19 09:02:40 | 000,204,800 | ---- | C] () -- C:\Windows\System32\CddbFileTaggerRoxio.dll
[2006.03.10 01:58:00 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2005.12.07 13:31:00 | 000,202,752 | R--- | C] () -- C:\Windows\System32\CddbCdda.dll
[2005.05.08 06:06:00 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll
[2003.02.20 18:53:42 | 000,005,702 | ---- | C] () -- C:\Windows\System32\OUTLPERF.INI
[2001.11.14 12:56:00 | 001,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll
 
========== LOP Check ==========
 
[2011.04.21 10:39:45 | 000,000,000 | ---D | M] -- C:\Users\Vincent\AppData\Roaming\.minecraft
[2009.06.03 10:40:35 | 000,000,000 | -H-D | M] -- C:\Users\Vincent\AppData\Roaming\Atari
[2009.02.04 08:30:22 | 000,000,000 | -H-D | M] -- C:\Users\Vincent\AppData\Roaming\Clone2Go DVD to iPod Converter
[2010.03.07 20:08:03 | 000,000,000 | ---D | M] -- C:\Users\Vincent\AppData\Roaming\EPSON
[2011.05.25 09:27:14 | 000,000,000 | ---D | M] -- C:\Users\Vincent\AppData\Roaming\Facebook
[2011.05.25 09:27:14 | 000,000,000 | ---D | M] -- C:\Users\Vincent\AppData\Roaming\gtk-2.0
[2011.08.14 18:57:57 | 000,000,000 | ---D | M] -- C:\Users\Vincent\AppData\Roaming\ICQ
[2007.06.18 14:26:48 | 000,000,000 | -H-D | M] -- C:\Users\Vincent\AppData\Roaming\ICQ Toolbar
[2008.07.05 18:40:23 | 000,000,000 | -H-D | M] -- C:\Users\Vincent\AppData\Roaming\Leadertech
[2007.12.07 21:15:45 | 000,000,000 | -H-D | M] -- C:\Users\Vincent\AppData\Roaming\Nokia
[2007.12.07 21:07:23 | 000,000,000 | -H-D | M] -- C:\Users\Vincent\AppData\Roaming\PC Suite
[2008.07.03 17:50:03 | 000,000,000 | -H-D | M] -- C:\Users\Vincent\AppData\Roaming\ScanSoft
[2008.01.29 16:37:10 | 000,000,000 | -H-D | M] -- C:\Users\Vincent\AppData\Roaming\SlySoft
[2011.08.15 09:58:14 | 000,000,000 | ---D | M] -- C:\Users\Vincent\AppData\Roaming\stickies
[2007.06.25 13:01:49 | 000,000,000 | -H-D | M] -- C:\Users\Vincent\AppData\Roaming\Template
[2011.08.15 09:53:45 | 000,032,634 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011.08.06 20:40:31 | 000,000,422 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{9BB5E2AA-C05E-4E5A-92E4-9E4C19C017B3}.job
 
========== Purity Check ==========
 
 
 
< End of report >

--- --- ---

Vielen Dank für eure Hilfe!

Gruß Vincent

cosinus · 16.08.2011, 14:29

Und warum postest du die Log von Malwarebytes nicht?
Bitte alle posten die da sind.

vihille · 17.08.2011, 16:31

Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org

Datenbank Version: 7468

Windows 6.0.6002 Service Pack 2 (Safe Mode)
Internet Explorer 8.0.6001.19120

15.08.2011 09:34:23
mbam-log-2011-08-15 (09-34-23).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 161137
Laufzeit: 3 Minute(n), 52 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 1
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 3

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Security Protection (Spyware.Passwords.XGen) -> Value: Security Protection -> Quarantined and deleted successfully.

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
c:\Users\Vincent\AppData\Roaming\defender.exe (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
c:\Users\Vincent\AppData\Local\Temp\63D6.tmp (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
c:\Users\Vincent\AppData\Local\Temp\70B3.tmp (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.

cosinus · 17.08.2011, 21:11

Zitat:

Art des Suchlaufs: Quick-Scan

Bitte routinemäßig einen Vollscan mit Malwarebytes machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!

vihille · 22.08.2011, 23:17

Malwarebytes' Anti-Malware 1.51.1.1800
Malwarebytes : Free anti-malware, anti-virus and spyware removal download

Datenbank Version: 7538

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.19120

23.08.2011 00:16:06
mbam-log-2011-08-23 (00-16-06).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|)
Durchsuchte Objekte: 422269
Laufzeit: 2 Stunde(n), 10 Minute(n), 50 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)

cosinus · 23.08.2011, 10:44

Führe auch bitte ESET aus, danach sehen wir weiter.

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

n.

vihille · 23.08.2011, 15:39

# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6528
# api_version=3.0.2
# EOSSerial=0fdfa9c1618f154e8bc988ebdd0a58ca
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-08-23 02:26:18
# local_time=2011-08-23 04:26:18 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=4096 16777215 100 0 0 0 0 0
# compatibility_mode=5892 16776573 100 100 59129 151630930 0 0
# compatibility_mode=8192 67108863 100 0 226 226 0 0
# scanned=294605
# found=2
# cleaned=0
# scan_time=11375
C:\Users\Vincent\AppData\Local\Temp\jar_cache64619.tmp Java/TrojanDownloader.OpenStream.NBM trojan (unable to clean) 00000000000000000000000000000000 I
C:\Users\Vincent\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\37\1bea39e5-1f14f7d9 Java/Exploit.Agent.NAL trojan (unable to clean) 00000000000000000000000000000000 I

cosinus · 23.08.2011, 16:21

Sind das tatsächlich alle Funde gewesen? Malwarebytes auch nicht mehr gefunden oder hast du noch weitere Logs?

vihille · 23.08.2011, 16:43

Hab noch Logs von Malwarebytes gefunden!

a)
Malwarebytes' Anti-Malware 1.51.0.1200
Malwarebytes : Free anti-malware, anti-virus and spyware removal download

Datenbank Version: 6737

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.19048

03.06.2011 01:47:16
mbam-log-2011-06-03 (01-47-15).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|G:\|)
Durchsuchte Objekte: 401561
Laufzeit: 2 Stunde(n), 17 Minute(n), 44 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)

b)
Malwarebytes' Anti-Malware 1.50.1.1100
Malwarebytes : Free anti-malware, anti-virus and spyware removal download

Datenbank Version: 6697

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.19048

31.05.2011 00:35:31
mbam-log-2011-05-31 (00-35-31).txt

Art des Suchlaufs: Vollständiger Suchlauf (G:\|)
Durchsuchte Objekte: 168286
Laufzeit: 9 Minute(n), 10 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)

c)
Malwarebytes' Anti-Malware 1.50.1.1100
Malwarebytes : Free anti-malware, anti-virus and spyware removal download

Datenbank Version: 6697

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.19048

30.05.2011 10:26:57
mbam-log-2011-05-30 (10-26-56).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|)
Durchsuchte Objekte: 379043
Laufzeit: 2 Stunde(n), 36 Minute(n), 11 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)

d)
Malwarebytes' Anti-Malware 1.50.1.1100
Malwarebytes : Free anti-malware, anti-virus and spyware removal download

Datenbank Version: 6678

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.19048

26.05.2011 01:22:19
mbam-log-2011-05-26 (01-22-19).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 379372
Laufzeit: 2 Stunde(n), 1 Minute(n), 20 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 7
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 9

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{055FD26D-3A88-4e15-963D-DC8493744B1D} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{055FD26D-3A88-4e15-963D-DC8493744B1D} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{77D6DDFA-7834-4541-B2B3-A8B0FB0E3924} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ToolBand.XTTBPos00.1 (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ToolBand.XTTBPos00 (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{055FD26D-3A88-4E15-963D-DC8493744B1D} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{055FD26D-3A88-4E15-963D-DC8493744B1D} (Trojan.BHO) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
c:\program files\worms world party\WWP\install fix - wwp.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\program files\worms world party\WWP\uninstall fix - wwp.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\Users\Vincent\AppData\Local\Temp\err.log180629579 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\Users\Vincent\AppData\Local\Temp\tmpA54.tmp (Trojan.FakeMS.Gen) -> Quarantined and deleted successfully.
c:\Users\Vincent\AppData\Local\Temp\305C.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully.
c:\Users\Vincent\AppData\Local\Temp\305D.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully.
c:\Windows\Temp\Ado66D5.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Windows\Temp\set4EB4.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully.
c:\program files\icqtoolbar\toolbaru.dll (Trojan.BHO) -> Quarantined and deleted successfully.

cosinus · 23.08.2011, 19:38

Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:

ATTFilter

:OTL
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..keyword.URL: "http://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.1.7&q="
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=DE_DE&c=71&bd=Pavilion&pf=laptop
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=DE_DE&c=71&bd=Pavilion&pf=laptop
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.icq.com/
IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKCU\..\Toolbar\WebBrowser: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2005.09.11 17:18:54 | 000,000,340 | -HS- | M] () - D:\AUTOMODE -- [ NTFS ]
O32 - AutoRun File - [2008.12.15 11:52:18 | 000,000,080 | ---- | M] () - G:\Autorun.inf -- [ NTFS ]
O33 - MountPoints2\{235bce2d-53f7-11de-87f7-001a6b211ad2}\Shell - "" = AutoRun
O33 - MountPoints2\{235bce2d-53f7-11de-87f7-001a6b211ad2}\Shell\AutoRun\command - "" = F:\StartVMCLite.exe
O33 - MountPoints2\{235bce35-53f7-11de-87f7-001a6b211ad2}\Shell - "" = AutoRun
O33 - MountPoints2\{235bce35-53f7-11de-87f7-001a6b211ad2}\Shell\AutoRun\command - "" = F:\StartVMCLite.exe
O33 - MountPoints2\{3adf0d12-77f1-11df-9b5e-001a6b211ad2}\Shell\AutoRun\command - "" = C:\Windows\System32\cmd.exe -- [2008.01.19 09:33:04 | 000,318,976 | ---- | M] (Microsoft Corporation)
O33 - MountPoints2\{3adf0d12-77f1-11df-9b5e-001a6b211ad2}\Shell\explore\command - "" = C:\Windows\System32\cmd.exe -- [2008.01.19 09:33:04 | 000,318,976 | ---- | M] (Microsoft Corporation)
O33 - MountPoints2\{3adf0d12-77f1-11df-9b5e-001a6b211ad2}\Shell\open\command - "" = C:\Windows\System32\cmd.exe -- [2008.01.19 09:33:04 | 000,318,976 | ---- | M] (Microsoft Corporation)
O33 - MountPoints2\{4526b870-6fcd-11df-aa23-001a6b211ad2}\Shell\AutoRun\command - "" = C:\Windows\System32\cmd.exe -- [2008.01.19 09:33:04 | 000,318,976 | ---- | M] (Microsoft Corporation)
O33 - MountPoints2\{4526b870-6fcd-11df-aa23-001a6b211ad2}\Shell\explore\command - "" = C:\Windows\System32\cmd.exe -- [2008.01.19 09:33:04 | 000,318,976 | ---- | M] (Microsoft Corporation)
O33 - MountPoints2\{4526b870-6fcd-11df-aa23-001a6b211ad2}\Shell\open\command - "" = C:\Windows\System32\cmd.exe -- [2008.01.19 09:33:04 | 000,318,976 | ---- | M] (Microsoft Corporation)
O33 - MountPoints2\{8b5b7e97-960c-11dd-89ef-001a6b211ad2}\Shell\AutoRun\command - "" = wscript.exe .\.vbs
O33 - MountPoints2\{8b5b7e97-960c-11dd-89ef-001a6b211ad2}\Shell\open\command - "" = wscript.exe .\.vbs
O33 - MountPoints2\{b8cea898-fda1-11dd-82c4-001a6b211ad2}\Shell - "" = AutoRun
O33 - MountPoints2\{b8cea898-fda1-11dd-82c4-001a6b211ad2}\Shell\AutoRun\command - "" = G:\LaunchU3.exe
O33 - MountPoints2\{c453a39c-b7e7-11df-8cf8-001a6b211ad2}\Shell - "" = AutoRun
O33 - MountPoints2\{c453a39c-b7e7-11df-8cf8-001a6b211ad2}\Shell\AutoRun\command - "" = F:\StartVMCLite.exe
O33 - MountPoints2\{c453a39d-b7e7-11df-8cf8-001a6b211ad2}\Shell - "" = AutoRun
O33 - MountPoints2\{c453a39d-b7e7-11df-8cf8-001a6b211ad2}\Shell\AutoRun\command - "" = F:\StartVMCLite.exe
O33 - MountPoints2\{e1d7b08d-cde4-11de-9aff-001a6b211ad2}\Shell\AutoRun\command - "" = AutoRun\AutoStart.exe
O33 - MountPoints2\{e1d7b08d-cde4-11de-9aff-001a6b211ad2}\Shell\Explore\Command - "" = AutoRun\AutoStart.exe
O33 - MountPoints2\{e1d7b08d-cde4-11de-9aff-001a6b211ad2}\Shell\Open\Command - "" = AutoRun\AutoStart.exe
O33 - MountPoints2\{ef0fb2ff-a14b-11de-a7c6-001a6b211ad2}\Shell - "" = AutoRun
O33 - MountPoints2\{ef0fb2ff-a14b-11de-a7c6-001a6b211ad2}\Shell\AutoRun\command - "" = F:\StartVMCLite.exe
[2011.05.24 23:23:30 | 000,000,344 | -H-- | C] () -- C:\ProgramData\43769592
[2009.06.03 10:40:25 | 000,043,520 | ---- | C] () -- C:\Windows\System32\CmdLineExt03.dll
[2008.07.04 12:48:12 | 000,000,088 | RHS- | C] () -- C:\Windows\System32\C1E486C548.sys
[2008.07.04 12:48:11 | 000,002,828 | -HS- | C] () -- C:\Windows\System32\KGyGaAvL.sys
:Commands
[purity]
[resethosts]

Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

vihille · 23.08.2011, 23:05

========== OTL ==========
Prefs.js: "ICQ Search" removed from browser.search.defaultenginename
Prefs.js: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.1.7&q=" removed from keyword.URL
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{855F3B16-6D32-4fe6-8A56-BBB695989046} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4fe6-8A56-BBB695989046}\ deleted successfully.
C:\Programme\ICQ6Toolbar\ICQToolBar.dll moved successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{855F3B16-6D32-4fe6-8A56-BBB695989046} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4fe6-8A56-BBB695989046}\ not found.
File C:\Programme\ICQ6Toolbar\ICQToolBar.dll not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{855F3B16-6D32-4FE6-8A56-BBB695989046} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4FE6-8A56-BBB695989046}\ not found.
File C:\Programme\ICQ6Toolbar\ICQToolBar.dll not found.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\autoexec.bat moved successfully.
D:\AUTOMODE moved successfully.
File G:\Autorun.inf not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{235bce2d-53f7-11de-87f7-001a6b211ad2}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{235bce2d-53f7-11de-87f7-001a6b211ad2}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{235bce2d-53f7-11de-87f7-001a6b211ad2}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{235bce2d-53f7-11de-87f7-001a6b211ad2}\ not found.
File F:\StartVMCLite.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{235bce35-53f7-11de-87f7-001a6b211ad2}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{235bce35-53f7-11de-87f7-001a6b211ad2}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{235bce35-53f7-11de-87f7-001a6b211ad2}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{235bce35-53f7-11de-87f7-001a6b211ad2}\ not found.
File F:\StartVMCLite.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3adf0d12-77f1-11df-9b5e-001a6b211ad2}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3adf0d12-77f1-11df-9b5e-001a6b211ad2}\ not found.
File move failed. C:\Windows\System32\cmd.exe scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3adf0d12-77f1-11df-9b5e-001a6b211ad2}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3adf0d12-77f1-11df-9b5e-001a6b211ad2}\ not found.
File move failed. C:\Windows\System32\cmd.exe scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3adf0d12-77f1-11df-9b5e-001a6b211ad2}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3adf0d12-77f1-11df-9b5e-001a6b211ad2}\ not found.
File move failed. C:\Windows\System32\cmd.exe scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4526b870-6fcd-11df-aa23-001a6b211ad2}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4526b870-6fcd-11df-aa23-001a6b211ad2}\ not found.
File move failed. C:\Windows\System32\cmd.exe scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4526b870-6fcd-11df-aa23-001a6b211ad2}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4526b870-6fcd-11df-aa23-001a6b211ad2}\ not found.
File move failed. C:\Windows\System32\cmd.exe scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4526b870-6fcd-11df-aa23-001a6b211ad2}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4526b870-6fcd-11df-aa23-001a6b211ad2}\ not found.
File move failed. C:\Windows\System32\cmd.exe scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8b5b7e97-960c-11dd-89ef-001a6b211ad2}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8b5b7e97-960c-11dd-89ef-001a6b211ad2}\ not found.
File wscript.exe .\.vbs not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8b5b7e97-960c-11dd-89ef-001a6b211ad2}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8b5b7e97-960c-11dd-89ef-001a6b211ad2}\ not found.
File wscript.exe .\.vbs not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b8cea898-fda1-11dd-82c4-001a6b211ad2}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b8cea898-fda1-11dd-82c4-001a6b211ad2}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b8cea898-fda1-11dd-82c4-001a6b211ad2}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b8cea898-fda1-11dd-82c4-001a6b211ad2}\ not found.
File G:\LaunchU3.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c453a39c-b7e7-11df-8cf8-001a6b211ad2}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c453a39c-b7e7-11df-8cf8-001a6b211ad2}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c453a39c-b7e7-11df-8cf8-001a6b211ad2}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c453a39c-b7e7-11df-8cf8-001a6b211ad2}\ not found.
File F:\StartVMCLite.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c453a39d-b7e7-11df-8cf8-001a6b211ad2}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c453a39d-b7e7-11df-8cf8-001a6b211ad2}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c453a39d-b7e7-11df-8cf8-001a6b211ad2}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c453a39d-b7e7-11df-8cf8-001a6b211ad2}\ not found.
File F:\StartVMCLite.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e1d7b08d-cde4-11de-9aff-001a6b211ad2}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e1d7b08d-cde4-11de-9aff-001a6b211ad2}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e1d7b08d-cde4-11de-9aff-001a6b211ad2}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e1d7b08d-cde4-11de-9aff-001a6b211ad2}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e1d7b08d-cde4-11de-9aff-001a6b211ad2}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e1d7b08d-cde4-11de-9aff-001a6b211ad2}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ef0fb2ff-a14b-11de-a7c6-001a6b211ad2}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ef0fb2ff-a14b-11de-a7c6-001a6b211ad2}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ef0fb2ff-a14b-11de-a7c6-001a6b211ad2}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ef0fb2ff-a14b-11de-a7c6-001a6b211ad2}\ not found.
File F:\StartVMCLite.exe not found.
C:\ProgramData\43769592 moved successfully.
C:\Windows\System32\CmdLineExt03.dll moved successfully.
C:\Windows\System32\C1E486C548.sys moved successfully.
C:\Windows\System32\KGyGaAvL.sys moved successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.23.0 log created on 08232011_235659

Files\Folders moved on Reboot...
File move failed. C:\Windows\System32\cmd.exe scheduled to be moved on reboot.

Registry entries deleted on Reboot...

cosinus · 24.08.2011, 09:36

Bitte nun dieses Tool von Kaspersky ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

Das Tool so einstellen wie unten im Bild angegeben - also beide Haken setzen, auf Start scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.

Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, Verknüpfungen auf dem Desktop oder im Startmenü unter "alle Programme" fehlen, bitte unhide ausführen:
Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop.
Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )

Windows-Vista und Windows-7-User müssen das Tool per Rechtsklick als Administrator ausführen!

vihille · 24.08.2011, 10:11

2011/08/24 11:07:27.0866 2504 TDSS rootkit removing tool 2.5.17.0 Aug 22 2011 15:46:57
2011/08/24 11:07:28.0089 2504 ================================================================================
2011/08/24 11:07:28.0090 2504 SystemInfo:
2011/08/24 11:07:28.0090 2504
2011/08/24 11:07:28.0090 2504 OS Version: 6.0.6002 ServicePack: 2.0
2011/08/24 11:07:28.0090 2504 Product type: Workstation
2011/08/24 11:07:28.0090 2504 ComputerName: VINCENT-PC
2011/08/24 11:07:28.0090 2504 UserName: Vincent
2011/08/24 11:07:28.0090 2504 Windows directory: C:\Windows
2011/08/24 11:07:28.0090 2504 System windows directory: C:\Windows
2011/08/24 11:07:28.0090 2504 Processor architecture: Intel x86
2011/08/24 11:07:28.0090 2504 Number of processors: 2
2011/08/24 11:07:28.0090 2504 Page size: 0x1000
2011/08/24 11:07:28.0090 2504 Boot type: Normal boot
2011/08/24 11:07:28.0090 2504 ================================================================================
2011/08/24 11:07:33.0714 2504 Initialize success
2011/08/24 11:08:10.0265 2288 ================================================================================
2011/08/24 11:08:10.0265 2288 Scan started
2011/08/24 11:08:10.0265 2288 Mode: Manual;
2011/08/24 11:08:10.0265 2288 ================================================================================
2011/08/24 11:08:13.0107 2288 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
2011/08/24 11:08:13.0232 2288 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
2011/08/24 11:08:13.0295 2288 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
2011/08/24 11:08:13.0347 2288 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
2011/08/24 11:08:13.0390 2288 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
2011/08/24 11:08:13.0564 2288 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
2011/08/24 11:08:13.0630 2288 agp440 (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys
2011/08/24 11:08:13.0676 2288 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
2011/08/24 11:08:13.0727 2288 aliide (90395b64600ebb4552e26e178c94b2e4) C:\Windows\system32\drivers\aliide.sys
2011/08/24 11:08:13.0765 2288 amdagp (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys
2011/08/24 11:08:13.0824 2288 amdide (0577df1d323fe75a739c787893d300ea) C:\Windows\system32\drivers\amdide.sys
2011/08/24 11:08:13.0864 2288 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
2011/08/24 11:08:13.0900 2288 AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys
2011/08/24 11:08:13.0981 2288 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
2011/08/24 11:08:14.0046 2288 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
2011/08/24 11:08:14.0108 2288 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/08/24 11:08:14.0181 2288 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
2011/08/24 11:08:14.0287 2288 BCM43XV (cf6a67c90951e3e763d2135dede44b85) C:\Windows\system32\DRIVERS\bcmwl6.sys
2011/08/24 11:08:14.0341 2288 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
2011/08/24 11:08:14.0550 2288 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
2011/08/24 11:08:14.0613 2288 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
2011/08/24 11:08:14.0654 2288 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
2011/08/24 11:08:14.0707 2288 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
2011/08/24 11:08:14.0752 2288 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
2011/08/24 11:08:14.0789 2288 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
2011/08/24 11:08:14.0828 2288 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
2011/08/24 11:08:14.0927 2288 BthEnum (6d39c954799b63ba866910234cf7d726) C:\Windows\system32\DRIVERS\BthEnum.sys
2011/08/24 11:08:15.0014 2288 BTHMODEM (9a966a8e86d1771911ae34a20d11bff3) C:\Windows\system32\DRIVERS\bthmodem.sys
2011/08/24 11:08:15.0101 2288 BthPan (5904efa25f829bf84ea6fb045134a1d8) C:\Windows\system32\DRIVERS\bthpan.sys
2011/08/24 11:08:15.0202 2288 BTHPORT (611ff3f2f095c8d4a6d4cfd9dcc09793) C:\Windows\system32\Drivers\BTHport.sys
2011/08/24 11:08:15.0302 2288 BTHUSB (d330803eab2a15caec7f011f1d4cb30e) C:\Windows\system32\Drivers\BTHUSB.sys
2011/08/24 11:08:15.0344 2288 btwaudio (4a28e7bd365377d0512b7ef8c7596d2c) C:\Windows\system32\drivers\btwaudio.sys
2011/08/24 11:08:15.0394 2288 btwavdt (5ffde57253d665067b0886612817eb11) C:\Windows\system32\drivers\btwavdt.sys
2011/08/24 11:08:15.0445 2288 btwrchid (ab07dc8b05c31a4f95fc73019be9db15) C:\Windows\system32\DRIVERS\btwrchid.sys
2011/08/24 11:08:15.0578 2288 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
2011/08/24 11:08:15.0664 2288 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
2011/08/24 11:08:15.0723 2288 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
2011/08/24 11:08:15.0788 2288 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
2011/08/24 11:08:15.0901 2288 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/08/24 11:08:15.0942 2288 cmdide (45201046c776ffdaf3fc8a0029c581c8) C:\Windows\system32\drivers\cmdide.sys
2011/08/24 11:08:16.0036 2288 CnxtHdAudService (a4d44ab8423791db757b38150ec599a4) C:\Windows\system32\drivers\CHDRT32.sys
2011/08/24 11:08:16.0095 2288 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
2011/08/24 11:08:16.0132 2288 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
2011/08/24 11:08:16.0183 2288 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
2011/08/24 11:08:16.0315 2288 DESVUSB (92ade7f1b2e1c69e85a3a9040eec37b4) C:\Windows\system32\DRIVERS\desrvusb.sys
2011/08/24 11:08:16.0362 2288 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
2011/08/24 11:08:16.0596 2288 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
2011/08/24 11:08:16.0688 2288 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
2011/08/24 11:08:16.0784 2288 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
2011/08/24 11:08:16.0850 2288 E100B (c0b00e55cf82d122d25983c7a6a53dea) C:\Windows\system32\DRIVERS\e100b325.sys
2011/08/24 11:08:16.0952 2288 e1express (908ed85b7806e8af3af5e9b74f7809d4) C:\Windows\system32\DRIVERS\e1e6032.sys
2011/08/24 11:08:17.0001 2288 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
2011/08/24 11:08:17.0053 2288 eabfiltr (a6476585b4fefee46a9f42e4d2bfdfa4) C:\Windows\system32\DRIVERS\eabfiltr.sys
2011/08/24 11:08:17.0165 2288 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
2011/08/24 11:08:17.0259 2288 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
2011/08/24 11:08:17.0383 2288 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
2011/08/24 11:08:17.0495 2288 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
2011/08/24 11:08:17.0571 2288 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys
2011/08/24 11:08:17.0644 2288 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
2011/08/24 11:08:17.0686 2288 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
2011/08/24 11:08:17.0721 2288 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/08/24 11:08:17.0793 2288 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
2011/08/24 11:08:17.0864 2288 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
2011/08/24 11:08:17.0894 2288 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
2011/08/24 11:08:18.0074 2288 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\Drivers\GEARAspiWDM.sys
2011/08/24 11:08:18.0183 2288 HBtnKey (de15777902a5d9121857d155873a1d1b) C:\Windows\system32\DRIVERS\cpqbttn.sys
2011/08/24 11:08:18.0235 2288 HdAudAddService (de4020f928a2f8a6327f5687f36d361b) C:\Windows\system32\drivers\CHDART.sys
2011/08/24 11:08:18.0333 2288 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/08/24 11:08:18.0397 2288 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
2011/08/24 11:08:18.0436 2288 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
2011/08/24 11:08:18.0595 2288 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
2011/08/24 11:08:18.0660 2288 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
2011/08/24 11:08:18.0733 2288 HSFHWAZL (46d67209550973257601a533e2ac5785) C:\Windows\system32\DRIVERS\VSTAZL3.SYS
2011/08/24 11:08:18.0816 2288 HSF_DPV (53229dcf431d76434816cd29251168a0) C:\Windows\system32\DRIVERS\HSX_DPV.sys
2011/08/24 11:08:18.0907 2288 HSXHWAZL (31f949d452201f2f0af0c88d7db512cd) C:\Windows\system32\DRIVERS\HSXHWAZL.sys
2011/08/24 11:08:18.0998 2288 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
2011/08/24 11:08:19.0068 2288 hwdatacard (4e370a583e78b614918c8f2cd5b733ef) C:\Windows\system32\DRIVERS\ewusbmdm.sys
2011/08/24 11:08:19.0123 2288 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
2011/08/24 11:08:19.0218 2288 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/08/24 11:08:19.0326 2288 ialm (496db78e6a0c4c44023d9a92b4a7ac31) C:\Windows\system32\DRIVERS\igdkmd32.sys
2011/08/24 11:08:19.0413 2288 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
2011/08/24 11:08:19.0526 2288 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
2011/08/24 11:08:19.0605 2288 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
2011/08/24 11:08:19.0675 2288 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
2011/08/24 11:08:19.0741 2288 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/08/24 11:08:19.0808 2288 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
2011/08/24 11:08:19.0860 2288 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
2011/08/24 11:08:19.0929 2288 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
2011/08/24 11:08:19.0961 2288 isapnp (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys
2011/08/24 11:08:20.0056 2288 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/08/24 11:08:20.0097 2288 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
2011/08/24 11:08:20.0131 2288 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
2011/08/24 11:08:20.0199 2288 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/08/24 11:08:20.0273 2288 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/08/24 11:08:20.0340 2288 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
2011/08/24 11:08:20.0444 2288 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
2011/08/24 11:08:20.0548 2288 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
2011/08/24 11:08:20.0596 2288 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
2011/08/24 11:08:20.0638 2288 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
2011/08/24 11:08:20.0698 2288 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
2011/08/24 11:08:20.0763 2288 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
2011/08/24 11:08:20.0817 2288 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
2011/08/24 11:08:20.0879 2288 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
2011/08/24 11:08:20.0944 2288 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
2011/08/24 11:08:21.0010 2288 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
2011/08/24 11:08:21.0046 2288 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
2011/08/24 11:08:21.0108 2288 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
2011/08/24 11:08:21.0179 2288 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
2011/08/24 11:08:21.0240 2288 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
2011/08/24 11:08:21.0306 2288 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
2011/08/24 11:08:21.0376 2288 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
2011/08/24 11:08:21.0432 2288 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/08/24 11:08:21.0554 2288 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/08/24 11:08:21.0592 2288 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/08/24 11:08:21.0670 2288 msahci (5457dcfa7c0da43522f4d9d4049c1472) C:\Windows\system32\drivers\msahci.sys
2011/08/24 11:08:21.0741 2288 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
2011/08/24 11:08:21.0823 2288 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
2011/08/24 11:08:21.0882 2288 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
2011/08/24 11:08:21.0970 2288 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
2011/08/24 11:08:22.0019 2288 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/08/24 11:08:22.0075 2288 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
2011/08/24 11:08:22.0174 2288 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
2011/08/24 11:08:22.0212 2288 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/08/24 11:08:22.0251 2288 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
2011/08/24 11:08:22.0288 2288 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
2011/08/24 11:08:22.0356 2288 MXOPSWD (216ac775320f64de28cfeb7c179c4ff9) C:\Windows\system32\DRIVERS\mxopswd.sys
2011/08/24 11:08:22.0442 2288 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
2011/08/24 11:08:22.0611 2288 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
2011/08/24 11:08:22.0673 2288 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/08/24 11:08:22.0725 2288 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/08/24 11:08:22.0802 2288 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/08/24 11:08:22.0868 2288 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
2011/08/24 11:08:22.0906 2288 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
2011/08/24 11:08:22.0986 2288 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
2011/08/24 11:08:23.0139 2288 NETw3v32 (acc6170d80c69e50145b370023b64ed3) C:\Windows\system32\DRIVERS\NETw3v32.sys
2011/08/24 11:08:23.0293 2288 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
2011/08/24 11:08:23.0382 2288 Nokia USB Generic (5abb6b2461c4eb0afdf1bf7f03963d59) C:\Windows\system32\drivers\nmwcdc.sys
2011/08/24 11:08:23.0418 2288 Nokia USB Modem (353c16d21eec1f11306270040b3713c1) C:\Windows\system32\drivers\nmwcdcm.sys
2011/08/24 11:08:23.0559 2288 Nokia USB Phone Parent (f5b1200c75b160c81e7e48cc0489aa5e) C:\Windows\system32\drivers\nmwcd.sys
2011/08/24 11:08:23.0606 2288 Nokia USB Port (353c16d21eec1f11306270040b3713c1) C:\Windows\system32\drivers\nmwcdcj.sys
2011/08/24 11:08:23.0681 2288 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
2011/08/24 11:08:23.0733 2288 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
2011/08/24 11:08:23.0855 2288 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
2011/08/24 11:08:23.0943 2288 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
2011/08/24 11:08:24.0004 2288 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
2011/08/24 11:08:24.0358 2288 nvlddmkm (61f15452c97cd29e5841f56537204411) C:\Windows\system32\DRIVERS\nvlddmkm.sys
2011/08/24 11:08:24.0786 2288 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys
2011/08/24 11:08:24.0825 2288 nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys
2011/08/24 11:08:24.0868 2288 nv_agp (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys
2011/08/24 11:08:25.0005 2288 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
2011/08/24 11:08:25.0109 2288 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
2011/08/24 11:08:25.0182 2288 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
2011/08/24 11:08:25.0214 2288 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
2011/08/24 11:08:25.0301 2288 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
2011/08/24 11:08:25.0345 2288 pciide (3b1901e401473e03eb8c874271e50c26) C:\Windows\system32\drivers\pciide.sys
2011/08/24 11:08:25.0389 2288 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
2011/08/24 11:08:25.0567 2288 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
2011/08/24 11:08:25.0735 2288 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
2011/08/24 11:08:25.0778 2288 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
2011/08/24 11:08:25.0874 2288 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
2011/08/24 11:08:25.0927 2288 PxHelp20 (1962166e0ceb740704f30fa55ad3d509) C:\Windows\system32\Drivers\PxHelp20.sys
2011/08/24 11:08:26.0001 2288 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
2011/08/24 11:08:26.0070 2288 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
2011/08/24 11:08:26.0121 2288 QuarticsWP (ccbf3fee56b29d5922a90f0818273f6b) C:\Windows\system32\DRIVERS\QuarticsWP.sys
2011/08/24 11:08:26.0182 2288 QuarticsWPMirror (ca9a9599674dbc9ae1b09199b6a87345) C:\Windows\system32\DRIVERS\QuarticsWPMirror.sys
2011/08/24 11:08:26.0243 2288 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
2011/08/24 11:08:26.0309 2288 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
2011/08/24 11:08:26.0396 2288 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/08/24 11:08:26.0543 2288 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/08/24 11:08:26.0624 2288 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
2011/08/24 11:08:26.0698 2288 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
2011/08/24 11:08:26.0749 2288 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/08/24 11:08:26.0820 2288 rdpdr (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys
2011/08/24 11:08:26.0862 2288 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
2011/08/24 11:08:26.0924 2288 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
2011/08/24 11:08:27.0031 2288 RFCOMM (6482707f9f4da0ecbab43b2e0398a101) C:\Windows\system32\DRIVERS\rfcomm.sys
2011/08/24 11:08:27.0071 2288 rimmptsk (d85e3fa9f5b1f29bb4ed185c450d1470) C:\Windows\system32\DRIVERS\rimmptsk.sys
2011/08/24 11:08:27.0106 2288 rimsptsk (db8eb01c58c9fada00c70b1775278ae0) C:\Windows\system32\DRIVERS\rimsptsk.sys
2011/08/24 11:08:27.0141 2288 rismxdp (6c1f93c0760c9f79a1869d07233df39d) C:\Windows\system32\DRIVERS\rixdptsk.sys
2011/08/24 11:08:27.0209 2288 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
2011/08/24 11:08:27.0322 2288 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
2011/08/24 11:08:27.0438 2288 sdbus (8f36b54688c31eed4580129040c6a3d3) C:\Windows\system32\DRIVERS\sdbus.sys
2011/08/24 11:08:27.0545 2288 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2011/08/24 11:08:27.0599 2288 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
2011/08/24 11:08:27.0641 2288 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
2011/08/24 11:08:27.0699 2288 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
2011/08/24 11:08:27.0812 2288 sfdrv01 (aad95fe3e005489c7156fa111f744eaf) C:\Windows\system32\drivers\sfdrv01.sys
2011/08/24 11:08:27.0876 2288 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\DRIVERS\sffdisk.sys
2011/08/24 11:08:27.0912 2288 sffp_mmc (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys
2011/08/24 11:08:27.0987 2288 sffp_sd (9f66a46c55d6f1ccabc79bb7afccc545) C:\Windows\system32\DRIVERS\sffp_sd.sys
2011/08/24 11:08:28.0023 2288 sfhlp02 (daad4c099ebf5094d32c373ac1ac0f3c) C:\Windows\system32\drivers\sfhlp02.sys
2011/08/24 11:08:28.0091 2288 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
2011/08/24 11:08:28.0188 2288 sfvfs02 (197cef62eb4bc043e1578529fa2b9a48) C:\Windows\system32\drivers\sfvfs02.sys
2011/08/24 11:08:28.0266 2288 sisagp (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys
2011/08/24 11:08:28.0307 2288 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
2011/08/24 11:08:28.0347 2288 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
2011/08/24 11:08:28.0423 2288 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
2011/08/24 11:08:28.0591 2288 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
2011/08/24 11:08:28.0662 2288 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
2011/08/24 11:08:28.0717 2288 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
2011/08/24 11:08:28.0756 2288 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
2011/08/24 11:08:28.0841 2288 ssmdrv (71d609c5dff067906d930bde031c4cfe) C:\Windows\system32\DRIVERS\ssmdrv.sys
2011/08/24 11:08:28.0934 2288 ST50220 (5194be02a9ffbd0ebad22bb750fb5cf6) C:\Windows\system32\Drivers\ST50220.sys
2011/08/24 11:08:29.0037 2288 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
2011/08/24 11:08:29.0096 2288 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
2011/08/24 11:08:29.0140 2288 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
2011/08/24 11:08:29.0185 2288 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
2011/08/24 11:08:29.0252 2288 SynTP (81cf7aa63bb3cca31e1d1944c0a45fc7) C:\Windows\system32\DRIVERS\SynTP.sys
2011/08/24 11:08:29.0380 2288 tap0901 (5c7c939bbd03784fe58c80578d065cc9) C:\Windows\system32\DRIVERS\tap0901.sys
2011/08/24 11:08:29.0490 2288 Tcpip (2756186e287139310997090797e0182b) C:\Windows\system32\drivers\tcpip.sys
2011/08/24 11:08:29.0560 2288 Tcpip6 (2756186e287139310997090797e0182b) C:\Windows\system32\DRIVERS\tcpip.sys
2011/08/24 11:08:29.0629 2288 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
2011/08/24 11:08:29.0681 2288 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
2011/08/24 11:08:29.0715 2288 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
2011/08/24 11:08:29.0788 2288 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
2011/08/24 11:08:29.0860 2288 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
2011/08/24 11:08:29.0964 2288 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/08/24 11:08:30.0007 2288 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
2011/08/24 11:08:30.0071 2288 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
2011/08/24 11:08:30.0121 2288 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
2011/08/24 11:08:30.0198 2288 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
2011/08/24 11:08:30.0269 2288 uliagpkx (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys
2011/08/24 11:08:30.0315 2288 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
2011/08/24 11:08:30.0364 2288 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
2011/08/24 11:08:30.0406 2288 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
2011/08/24 11:08:30.0542 2288 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
2011/08/24 11:08:30.0681 2288 UnlockerDriver5 (f365fa561c3ab455d8685770d208691a) C:\Program Files\Unlocker\UnlockerDriver5.sys
2011/08/24 11:08:30.0770 2288 USBAAPL (d4fb6ecc60a428564ba8768b0e23c0fc) C:\Windows\system32\Drivers\usbaapl.sys
2011/08/24 11:08:30.0825 2288 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/08/24 11:08:30.0880 2288 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
2011/08/24 11:08:30.0959 2288 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
2011/08/24 11:08:30.0993 2288 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
2011/08/24 11:08:31.0039 2288 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
2011/08/24 11:08:31.0097 2288 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
2011/08/24 11:08:31.0159 2288 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
2011/08/24 11:08:31.0241 2288 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/08/24 11:08:31.0309 2288 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/08/24 11:08:31.0375 2288 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
2011/08/24 11:08:31.0428 2288 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/08/24 11:08:31.0518 2288 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
2011/08/24 11:08:31.0569 2288 viaagp (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys
2011/08/24 11:08:31.0617 2288 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
2011/08/24 11:08:31.0658 2288 viaide (fd2e3175fcada350c7ab4521dca187ec) C:\Windows\system32\drivers\viaide.sys
2011/08/24 11:08:31.0718 2288 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
2011/08/24 11:08:31.0800 2288 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
2011/08/24 11:08:31.0880 2288 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
2011/08/24 11:08:31.0938 2288 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
2011/08/24 11:08:32.0007 2288 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
2011/08/24 11:08:32.0054 2288 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/08/24 11:08:32.0077 2288 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/08/24 11:08:32.0146 2288 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
2011/08/24 11:08:32.0209 2288 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
2011/08/24 11:08:32.0356 2288 winachsf (6d2350bb6e77e800fc4be4e5b7a2e89a) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
2011/08/24 11:08:32.0553 2288 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
2011/08/24 11:08:32.0662 2288 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
2011/08/24 11:08:32.0729 2288 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
2011/08/24 11:08:32.0834 2288 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/08/24 11:08:32.0890 2288 XAudio (5a7ff9a18ff6d7e0527fe3abf9204ef8) C:\Windows\system32\DRIVERS\xaudio.sys
2011/08/24 11:08:32.0977 2288 MBR (0x1B8) (1a1a06f62e891045814007163c1c76c3) \Device\Harddisk0\DR0
2011/08/24 11:08:33.0025 2288 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk1\DR3
2011/08/24 11:08:33.0043 2288 Boot (0x1200) (c31695cc2b8204f2ba5dc1293355d647) \Device\Harddisk0\DR0\Partition0
2011/08/24 11:08:33.0059 2288 Boot (0x1200) (0043fb97d1d54de3fd6d5536689e95d7) \Device\Harddisk0\DR0\Partition1
2011/08/24 11:08:33.0078 2288 Boot (0x1200) (499a086cf926761cfdc6f743caf8cc89) \Device\Harddisk1\DR3\Partition0
2011/08/24 11:08:33.0089 2288 ================================================================================
2011/08/24 11:08:33.0089 2288 Scan finished
2011/08/24 11:08:33.0089 2288 ================================================================================
2011/08/24 11:08:33.0103 3932 Detected object count: 0
2011/08/24 11:08:33.0103 3932 Actual detected object count: 0

cosinus · 24.08.2011, 13:13

Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix

Lade dir ComboFix hier herunter auf deinen Desktop.

Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.

Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.

Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.

Wichtiger Hinweis:

Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

vihille · 24.08.2011, 16:20

Combofix Logfile:

Code:

ATTFilter

ComboFix 11-08-24.02 - Vincent 24.08.2011  16:44:48.1.2 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.49.1031.18.1021.456 [GMT 2:00]
ausgeführt von:: c:\users\Vincent\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\pswi_preloaded.exe
c:\users\Vincent\AppData\Roaming\Adobe\shed
c:\users\Vincent\WWP - Vista Colour Fix.exe
c:\windows\system32\comct332.ocx
.
.
(((((((((((((((((((((((   Dateien erstellt von 2011-07-24 bis 2011-08-24  ))))))))))))))))))))))))))))))
.
.
2011-08-24 15:03 . 2011-08-24 15:03	--------	d-----w-	c:\users\Default\AppData\Local\temp
2011-08-23 21:56 . 2011-08-23 21:56	--------	d-----w-	C:\_OTL
2011-08-23 16:39 . 2011-08-12 02:44	7152464	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{1A37D2C4-76BE-4F24-89B2-D92F5C1495C8}\mpengine.dll
2011-08-23 11:12 . 2011-08-23 11:12	--------	d-----w-	c:\program files\ESET
2011-08-10 12:52 . 2011-08-10 12:52	404640	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2011-08-09 22:54 . 2011-06-17 16:03	375808	----a-w-	c:\windows\system32\winsrv.dll
2011-08-09 22:53 . 2011-07-06 15:31	214016	----a-w-	c:\windows\system32\drivers\mrxsmb10.sys
2011-08-09 22:51 . 2011-06-06 10:59	2409784	----a-w-	c:\program files\Windows Mail\OESpamFilter.dat
2011-08-09 22:50 . 2011-06-20 08:54	3602832	----a-w-	c:\windows\system32\ntkrnlpa.exe
2011-08-09 22:50 . 2011-06-20 08:54	3550096	----a-w-	c:\windows\system32\ntoskrnl.exe
2011-08-09 22:49 . 2011-06-17 20:13	905104	----a-w-	c:\windows\system32\drivers\tcpip.sys
2011-08-08 07:31 . 2011-08-08 07:34	--------	d-----w-	c:\program files\OpenVPN
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-07-06 17:52 . 2011-05-25 21:10	41272	----a-w-	c:\windows\system32\drivers\mbamswissarmy.sys
2011-07-06 17:52 . 2011-05-25 21:09	22712	----a-w-	c:\windows\system32\drivers\mbam.sys
2011-06-02 13:34 . 2011-07-12 23:07	2043392	----a-w-	c:\windows\system32\win32k.sys
2011-08-18 11:04 . 2011-05-13 09:56	134104	----a-w-	c:\program files\mozilla firefox\components\browsercomps.dll
2006-05-03 10:06	163328	--sh--r-	c:\windows\System32\flvDX.dll
2007-02-21 11:47	31232	--sh--r-	c:\windows\System32\msfDX.dll
2008-03-16 13:30	216064	--sh--r-	c:\windows\System32\nbDX.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
"ISUSPM"="c:\programdata\Macrovision\FLEXnet Connect\6\ISUSPM.exe" [2007-03-29 222128]
"AdobeUpdater"="c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2008-09-26 2356088]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-11-15 815104]
"QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-11-06 159744]
"WAWifiMessage"="c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2006-10-18 317152]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2006-10-18 472800]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-14 39792]
"UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2009-10-26 15872]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-11-06 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-11-06 8534560]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-11-06 81920]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-10-08 47904]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-03-07 421160]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2011-07-06 1047656]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="c:\windows\SMINST\launcher.exe" [2006-11-08 44128]
.
c:\users\Vincent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Product Registration.lnk - c:\users\Vincent\AppData\Local\Temp\is-FELSR.tmp\ATR1.exe [N/A]
Stickies.lnk - c:\program files\stickies\stickies.exe [2010-4-27 1101824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Reader - Schnellstart.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Reader - Schnellstart.lnk
backup=c:\windows\pss\Adobe Reader - Schnellstart.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk
backup=c:\windows\pss\Adobe Reader Synchronizer.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^BTTray.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\BTTray.lnk
backup=c:\windows\pss\BTTray.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeUpdater]
2008-09-26 09:02	2356088	----a-r-	c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\adonym 2.1]
2007-06-03 09:24	856064	----a-w-	c:\program files\adonym\adonym.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DeStatusMon]
2007-06-28 12:07	286720	----a-w-	c:\program files\Dell\MFP_DELL\deDvcStatus.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Health Check Scheduler]
2006-12-04 20:39	46704	----a-w-	c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2005-02-17 07:11	49152	----a-w-	c:\program files\HP\HP Software Update\hpwuSchd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-03-07 13:33	421160	----a-w-	c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mxomssmenu]
2007-09-06 13:53	169264	----a-w-	c:\program files\Maxtor\OneTouch Status\MaxMenuMgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OpwareSE4]
2007-03-12 16:10	79400	----a-w-	c:\program files\ScanSoft\OmniPageSE4\OpWareSE4.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PcSync]
2006-06-27 15:21	1449984	----a-w-	c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QPService]
2006-12-03 00:32	167936	----a-w-	c:\program files\HP\QuickPlay\QPService.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-29 16:38	421888	----a-w-	c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ScanSoft OmniPage SE 4-reminder]
2007-02-01 11:46	255528	----a-w-	c:\program files\ScanSoft\OmniPageSE4\Ereg\Ereg.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
2006-10-25 07:03	210472	----a-w-	c:\program files\Common Files\ScanSoft Shared\SSBkgdUpdate\SSBkgdUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2006-12-21 04:38	77824	----a-w-	c:\program files\Java\jre1.6.0\bin\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
R2 adonym Update Service;adonym Update Service;c:\program files\adonym\adonymService.exe [2007-06-03 106496]
R2 adonymServiceUpdater;adonymServiceUpdater;c:\program files\adonym\adonymServiceUpdater.exe [2007-06-03 40960]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-04-17 136176]
R3 DESVUSB;Dell service driver;c:\windows\system32\DRIVERS\desrvusb.sys [2007-05-11 17536]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2011-04-17 136176]
R3 QuarticsWP;QuarticsWP_Display_Driver;c:\windows\system32\DRIVERS\QuarticsWP.sys [2007-08-03 17497]
R3 ST50220;Sonix ST50220 USB Video Camera Driver;c:\windows\system32\Drivers\ST50220.sys [2006-11-24 26752]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S2 Automatisches LiveUpdate - Scheduler;Automatisches LiveUpdate - Scheduler;c:\program files\Symantec\LiveUpdate\ALUSchedulerSvc.exe [2006-11-08 194240]
S2 deMntrService;Dell AIO Center Service;c:\program files\Dell\MFP_DELL\deMntrService.exe [2007-06-28 131072]
S3 QuarticsWPMirror;QuarticsWPMirror_Display_Driver;c:\windows\system32\DRIVERS\QuarticsWPMirror.sys [2007-08-03 22841]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - 43811057
*Deregistered* - 43811057
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs	REG_MULTI_SZ   	BthServ
LocalServiceAndNoImpersonation	REG_MULTI_SZ   	FontCache
.
Inhalt des "geplante Tasks" Ordners
.
2011-08-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-04-17 09:43]
.
2011-08-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-04-17 09:43]
.
2011-08-06 c:\windows\Tasks\User_Feed_Synchronization-{9BB5E2AA-C05E-4E5A-92E4-9E4C19C017B3}.job
- c:\windows\system32\msfeedssync.exe [2011-08-09 09:26]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = 
mStart Page = 
IE: Bild an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: Save YouTube Video as MP3 - c:\program files\Common Files\DVDVideoSoft\Dll\IEContextMenuY.dll/scriptY2MP3.htm
IE: Seite an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {{7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - c:\program files\ICQ7.5\ICQ.exe
IE: {{1CE4DE72-7FCC-4eb8-8F66-AE6A56A0A54D} - {0854DA01-5BF8-4E9D-A0E9-3CD5500AFB8C} - c:\progra~1\COMMON~1\WEBSPE~1.0\LgxIEBar.dll
TCP: DhcpNameServer = 10.0.0.1
DPF: {BA162249-F2C5-4851-8ADC-FC58CB424243} - hxxp://static.pe.studivz.net/photouploader/ImageUploader5.cab?nocache=1206910536
FF - ProfilePath - c:\users\Vincent\AppData\Roaming\Mozilla\Firefox\Profiles\uzvm1syi.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKLM-Run-NWEReboot - (no file)
MSConfigStartUp-AnyDVD - c:\program files\SlySoft\AnyDVD\AnyDVD.exe
MSConfigStartUp-BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe
MSConfigStartUp-Corel Photo Downloader - c:\program files\Corel\Corel Snapfire Plus\Corel Photo Downloader.exe
MSConfigStartUp-RestartNeroSetup - c:\users\Vincent\AppData\Local\Temp\NERO13890\Setupx.exe
AddRemove-DVD Ripper Wizard - c:\progra~1\DVDRIP~1\UNWISE.EXE
AddRemove-Meine CEWE FOTOWELT - c:\program files\CeWe Color\Meine CEWE FOTOWELT\uninstall.exe
AddRemove-SUPER © - c:\progra~1\ERIGHT~1\SUPER\Setup.exe
AddRemove-WinGimp-2.0_is1 - c:\program files\GIMP-2.0\setup\unins000.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2011-08-24 17:05
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse... 
.
Scanne versteckte Autostarteinträge... 
.
Scanne versteckte Dateien... 
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-3099767173-875529574-4026955592-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*'*e&]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-3099767173-875529574-4026955592-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*'*e&\OpenWithList]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-3099767173-875529574-4026955592-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*e&R*o*n*j*a*e&\OpenWithList]
@Class="Shell"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Zeit der Fertigstellung: 2011-08-24  17:18:37
ComboFix-quarantined-files.txt  2011-08-24 15:18
.
Vor Suchlauf: 10 Verzeichnis(se), 47.275.880.448 Bytes frei
Nach Suchlauf: 18 Verzeichnis(se), 49.055.035.392 Bytes frei
.
- - End Of File - - 89C50A2D2102781D206DDE198E86A292

--- --- ---

16.08.2011, 14:29	#2
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Malware Protection Virus - Alles sauber? Und warum postest du die Log von Malwarebytes nicht? Bitte alle posten die da sind. __________________ __________________

23.08.2011, 16:21	#8
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Malware Protection Virus - Alles sauber? Sind das tatsächlich alle Funde gewesen? Malwarebytes auch nicht mehr gefunden oder hast du noch weitere Logs? __________________ Logfiles bitte immer in CODE-Tags posten

Malware Protection Virus - Alles sauber?

Log-Analyse und Auswertung: Malware Protection Virus - Alles sauber?