Protection Center - Anti-Malware hat nicht geholfen

TheCaptain · 31.08.2011, 21:17

Hallo Leute! *Mein Opa hat mir heute seinen Laptop vorbeigebracht mit den Worten "Der stürzt nach dem Start sofort ab". Habe dann recht schnell rausgefunden, dass sich das bekannte "Protection Center" ausgebreitet hat. Hab den Laptop im abgesicherten Modus hochgefahren und bin der Anleitung des Forums gefolgt. Leider hat der Scan und die Bereinigung durch Malwarebytes noch nicht den gewünschten Erfolg gebracht, außer im abgesicherten Modus fährt sich der Laptop kurz nach dem Start sofort wieder runter. *Ich poste euch hier die nötigen Logfiles. Falls etwas fehlt oder ich was falsch gemacht habe, berichtigt mich bitte. Ich hoffe ihr könnt mir helfen. Schonmal danke im Vorraus! Da ich diesen Thread von unterwegs vom iPad aus poste kann ich die gezipten Logfiles erst später anfügen

Hier die OLTOTL Logfile:

Code:

ATTFilter

OTL logfile created on: 8/31/2011 5:03:03 PM - Run 1
OTL by OldTimer - Version 3.2.26.7 ****Folder = C:\Users\rudi\Desktop
Home Premium Edition *(Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

2.87 Gb Total Physical Memory | 1.59 Gb Available Physical Memory | 55.53% Memory free
5.73 Gb Paging File | 4.51 Gb Available in Paging File | 78.71% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 424.66 Gb Total Space | 387.97 Gb Free Space | 91.36% Space Free | Partition Type: NTFS
Drive D: | 40.00 Gb Total Space | 21.60 Gb Free Space | 53.99% Space Free | Partition Type: NTFS

Computer Name: RUDI-PC | User Name: rudi | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/08/31 17:00:25 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/08/31 16:46:32 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\rudi\Desktop\OTL.exe
PRC - [2011/02/26 07:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/09/02 13:43:10 | 000,355,720 | ---- | M] (BullGuard Ltd.) -- C:\Program Files\BullGuard Ltd\BullGuard\BullGuardUpdate.exe


========== Modules (No Company Name) ==========

MOD - [2011/08/31 17:00:24 | 001,846,232 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- *-- (BgRaSvc)
SRV - [2011/05/26 14:34:34 | 000,191,752 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/03/10 20:57:04 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE -- (BBUpdate)
SRV - [2010/09/02 13:57:36 | 000,058,248 | ---- | M] (BullGuard Ltd.) [Auto | Stopped] -- C:\Program Files\BullGuard Ltd\BullGuard\BsBrowser.dll -- (BsBrowser)
SRV - [2010/09/02 13:51:01 | 000,301,960 | ---- | M] (BullGuard Ltd.) [On_Demand | Stopped] -- C:\Program Files\BullGuard Ltd\BullGuard\BullGuardScanner.exe -- (BsScanner)
SRV - [2010/09/02 13:50:26 | 000,175,496 | ---- | M] (BullGuard Ltd.) [Auto | Stopped] -- C:\Program Files\BullGuard Ltd\BullGuard\BsMailProxy\BsMailProxy.dll -- (BsMailProxy)
SRV - [2010/09/02 13:50:15 | 000,270,728 | ---- | M] (BullGuard Ltd.) [Auto | Stopped] -- C:\Program Files\BullGuard Ltd\BullGuard\BsFileScan.dll -- (BsFileScan)
SRV - [2010/09/02 13:47:02 | 000,169,864 | ---- | M] (BullGuard Ltd.) [Auto | Running] -- C:\Program Files\BullGuard Ltd\BullGuard\BsMain.dll -- (BsMain)
SRV - [2010/09/02 13:43:10 | 000,355,720 | ---- | M] (BullGuard Ltd.) [Auto | Running] -- C:\Program Files\BullGuard Ltd\BullGuard\BullGuardUpdate.exe -- (BsUpdate)
SRV - [2010/04/24 01:10:54 | 000,209,768 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2010/04/24 01:10:44 | 000,483,688 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2010/03/04 05:16:06 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel(R)
SRV - [2009/12/10 08:48:26 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R)
SRV - [2009/12/10 08:48:24 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R)
SRV - [2009/10/23 02:05:40 | 000,118,560 | ---- | M] (Wistron Corp.) [On_Demand | Stopped] -- C:\Program Files\Launch Manager\WisLMSvc.exe -- (WisLMSvc)
SRV - [2009/07/14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV - [2009/03/03 12:45:11 | 000,296,400 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Verbindungsassistent\WTGService.exe -- (WTGService)
SRV - [2007/07/24 11:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) [Auto | Stopped] -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)


========== Driver Services (SafeList) ==========

DRV - [2010/09/02 13:48:54 | 000,056,400 | ---- | M] (BullGuard Ltd.) [File_System | System | Stopped] -- C:\Windows\System32\drivers\BdSpy.sys -- (BdSpy)
DRV - [2010/08/06 17:52:54 | 000,016,896 | ---- | M] (Siliten) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\InputFilter_FlexDef2c.sys -- (InputFilter_Hid_FlexDef2c) Siliten HID Devices(FlexDef2c)
DRV - [2010/05/24 15:46:34 | 000,193,056 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV - [2010/04/24 01:10:54 | 000,019,304 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Sftvollh.sys -- (Sftvol)
DRV - [2010/04/24 01:10:52 | 000,021,864 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\Sftredirlh.sys -- (Sftredir)
DRV - [2010/04/24 01:10:50 | 000,195,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Sftplaylh.sys -- (Sftplay)
DRV - [2010/04/24 01:10:44 | 000,550,760 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Sftfslh.sys -- (Sftfs)
DRV - [2010/03/04 17:53:08 | 000,067,624 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\L1C62x86.sys -- (L1C)
DRV - [2010/03/02 13:24:58 | 001,006,624 | ---- | M] (Realtek Semiconductor Corporation **************************) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rtl8192se.sys -- (rtl8192se)
DRV - [2010/02/27 05:01:22 | 000,132,480 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\Impcd.sys -- (Impcd)
DRV - [2010/02/03 19:06:34 | 000,232,960 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\IntcDAud.sys -- (IntcDAud) Intel(R)
DRV - [2009/09/18 04:54:14 | 000,041,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\system32\DRIVERS\HECI.sys -- (HECI) Intel(R)
DRV - [2009/07/14 01:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009/07/14 01:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2008/07/24 11:03:56 | 000,101,760 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://medion.msn.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://medion.msn.com/ [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.aldi.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "AutoConfigURL" = rudi

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Wikipedia (de)"
FF - prefs.js..network.proxy.type: 0


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: *File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\antiphishing@bullguard: C:\Program Files\BullGuard Ltd\BullGuard\Antiphishing\FF\antiphishing@bullguard\
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/08/31 17:00:25 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/07/24 17:53:40 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Thunderbird\Extensions\\{0E810812-F4BB-4309-942A-755587587A5E}: C:\Program Files\BullGuard Ltd\BullGuard\Spamfilter\TbSpamfilter

[2010/09/02 19:07:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\rudi\AppData\Roaming\mozilla\Extensions
[2011/07/04 17:01:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\rudi\AppData\Roaming\mozilla\Firefox\Profiles\vh0dubx9.default\extensions
[2011/05/18 19:54:36 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\rudi\AppData\Roaming\mozilla\Firefox\Profiles\vh0dubx9.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2011/06/06 13:55:07 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions
[2011/06/06 13:55:07 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
() (No name found) -- C:\USERS\RUDI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VH0DUBX9.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
() (No name found) -- C:\USERS\RUDI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VH0DUBX9.DEFAULT\EXTENSIONS\FINDER@MEINGUTSCHEINCODE.DE.XPI
[2011/08/31 17:00:25 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/06/06 13:54:54 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011/08/31 17:00:23 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011/08/31 17:00:23 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/08/31 17:00:23 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2011/08/31 17:00:23 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2011/08/31 17:00:23 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2011/08/31 17:00:23 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml

Hosts file not found
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (BGAntiphishingBHO Class) - {FC872B94-35E3-4B94-B028-184A2A1C7CCE} - *File not found
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O4 - HKLM..\Run: [BullGuard] *File not found
O4 - HKLM..\Run: [CLMLServer] C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [HotkeyApp] C:\Program Files\Launch Manager\HotkeyApp.exe (Wistron)
O4 - HKLM..\Run: [Launch SilverCrest GML807] C:\Program Files\SilverCrest GML807 Driver\MouClient_FD2_1001RL.exe (Siliten)
O4 - HKLM..\Run: [LMgrOSD] *File not found
O4 - HKLM..\Run: [LMgrVolOSD] C:\Program Files\Launch Manager\OSD.exe (Wistron Corp.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Wbutton] C:\Program Files\Launch Manager\Wbutton.exe (Wistron Corp.)
O4 - HKCU..\Run: [CTSyncU.exe] C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe ()
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\Windows\System32\Macromed\Flash\FlashUtil10m_Plugin.exe (Adobe Systems, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\rudi\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - *File not found
O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - *File not found
O9 - Extra Button: BullGuard - {27FD17FB-CF63-486b-B2BE-8D8781CBEA01} - *File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\BGLsp.dll (BullGuard Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\BGLsp.dll (BullGuard Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\BGLsp.dll (BullGuard Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\BGLsp.dll (BullGuard Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\BGLsp.dll (BullGuard Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\BGLsp.dll (BullGuard Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\BGLsp.dll (BullGuard Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\BGLsp.dll (BullGuard Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\System32\BGLsp.dll (BullGuard Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\System32\BGLsp.dll (BullGuard Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Windows\System32\BGLsp.dll (BullGuard Ltd.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.100.253
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - *File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{21a0d22b-b665-11df-988c-74f06d0acedc}\Shell - "" = AutoRun
O33 - MountPoints2\{21a0d22b-b665-11df-988c-74f06d0acedc}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{3db7fcb8-d561-11df-b131-00262dc0bc57}\Shell - "" = AutoRun
O33 - MountPoints2\{3db7fcb8-d561-11df-b131-00262dc0bc57}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{7b5b66ff-b676-11df-93b5-74f06d0acedc}\Shell - "" = AutoRun
O33 - MountPoints2\{7b5b66ff-b676-11df-93b5-74f06d0acedc}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *) - *File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

NetSvcs: FastUserSwitchingCompatibility - *File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - *File not found
NetSvcs: Ntmssvc - *File not found
NetSvcs: NWCWorkstation - *File not found
NetSvcs: Nwsapagent - *File not found
NetSvcs: SRService - *File not found
NetSvcs: WmdmPmSp - *File not found
NetSvcs: LogonHours - *File not found
NetSvcs: PCAudit - *File not found
NetSvcs: helpsvc - *File not found
NetSvcs: uploadmgr - *File not found


CREATERESTOREPOINT
Error creating restore point.

========== Files/Folders - Created Within 30 Days ==========

[2011/08/31 16:46:31 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\rudi\Desktop\OTL.exe
[2011/08/31 13:28:59 | 000,000,000 | ---D | C] -- C:\Users\rudi\AppData\Roaming\Malwarebytes
[2011/08/31 13:28:52 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011/08/31 13:28:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/08/31 13:28:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/08/31 13:28:49 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/08/31 13:28:49 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/08/31 13:27:58 | 009,466,208 | ---- | C] (Malwarebytes Corporation ***********************************) -- C:\Users\rudi\Desktop\herbert.exe
[2011/08/31 13:08:15 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2011/08/31 12:25:21 | 000,000,000 | ---D | C] -- C:\Users\rudi\AppData\Roaming\Opuxoz
[2011/08/31 12:23:09 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2011/08/28 13:07:01 | 000,000,000 | RHSD | C] -- C:\Users\rudi\M-1-74-6482-7942-8945
[2010/06/28 15:06:07 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/08/31 16:46:32 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\rudi\Desktop\OTL.exe
[2011/08/31 16:33:32 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/08/31 16:32:03 | 384,828,946 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/08/31 16:31:55 | 2307,862,528 | -HS- | M] () -- C:\hiberfil.sys
[2011/08/31 16:26:35 | 000,001,090 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/08/31 16:22:15 | 000,003,224 | ---- | M] () -- C:\bootsqm.dat
[2011/08/31 14:27:02 | 000,009,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/08/31 14:27:02 | 000,009,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/08/31 13:28:53 | 000,001,071 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/08/31 13:28:15 | 009,466,208 | ---- | M] (Malwarebytes Corporation ***********************************) -- C:\Users\rudi\Desktop\herbert.exe
[2011/08/31 12:50:10 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/08/31 10:43:37 | 000,654,610 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011/08/31 10:43:37 | 000,616,452 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/08/31 10:43:37 | 000,130,192 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011/08/31 10:43:37 | 000,106,574 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/08/31 10:42:18 | 000,002,290 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/08/31 16:22:15 | 000,003,224 | ---- | C] () -- C:\bootsqm.dat
[2011/08/31 13:28:53 | 000,001,071 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/08/31 13:06:59 | 384,828,946 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2011/08/28 19:42:17 | 000,069,632 | ---- | C] () -- C:\Users\rudi\AppData\Roaming\chrtmp
[2011/02/20 22:09:02 | 000,000,952 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
[2010/09/02 18:03:42 | 000,033,134 | ---- | C] () -- C:\Users\rudi\AppData\Roaming\UserTile.png
[2010/06/29 01:38:29 | 000,451,072 | ---- | C] () -- C:\Windows\System32\ISSRemoveSP.exe
[2010/06/29 01:28:10 | 000,000,032 | ---- | C] () -- C:\Windows\System32\drivers\rtkhdaud.dat
[2010/06/28 17:46:27 | 000,072,017 | ---- | C] () -- C:\Windows\System32\Uninstall ALDI SÜD Mah Jong.exe
[2010/06/28 15:06:08 | 000,208,896 | ---- | C] () -- C:\Windows\System32\iglhsip32.dll
[2010/06/28 15:06:08 | 000,143,360 | ---- | C] () -- C:\Windows\System32\iglhcp32.dll
[2010/06/28 15:06:07 | 000,870,560 | ---- | C] () -- C:\Windows\System32\igkrng575.bin
[2010/06/28 15:06:07 | 000,104,636 | ---- | C] () -- C:\Windows\System32\igfcg575m.bin
[2010/06/28 15:06:06 | 000,127,868 | ---- | C] () -- C:\Windows\System32\igcompkrng575.bin
[2010/06/28 15:06:06 | 000,000,151 | ---- | C] () -- C:\Windows\System32\GfxUI.exe.config
[2010/05/18 08:50:33 | 000,654,610 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2010/05/18 08:50:33 | 000,295,922 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2010/05/18 08:50:33 | 000,130,192 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2010/05/18 08:50:33 | 000,038,104 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2009/07/14 06:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/14 06:33:53 | 000,287,744 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/07/14 04:05:48 | 000,616,452 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009/07/14 04:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009/07/14 04:05:48 | 000,106,574 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009/07/14 04:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009/07/14 04:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009/07/14 04:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009/07/14 01:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/14 01:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009/06/10 23:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat

========== LOP Check ==========

[2011/08/23 00:52:44 | 000,000,000 | -HSD | M] -- C:\Users\rudi\AppData\Roaming\.#
[2010/09/02 10:32:52 | 000,000,000 | ---D | M] -- C:\Users\rudi\AppData\Roaming\Ashampoo
[2010/09/02 10:13:46 | 000,000,000 | ---D | M] -- C:\Users\rudi\AppData\Roaming\BullGuard
[2011/07/31 19:02:21 | 000,000,000 | ---D | M] -- C:\Users\rudi\AppData\Roaming\DVDVideoSoft
[2011/05/18 19:54:36 | 000,000,000 | ---D | M] -- C:\Users\rudi\AppData\Roaming\DVDVideoSoftIEHelpers
[2011/08/31 12:25:21 | 000,000,000 | ---D | M] -- C:\Users\rudi\AppData\Roaming\Opuxoz
[2011/08/26 01:10:38 | 000,000,000 | ---D | M] -- C:\Users\rudi\AppData\Roaming\SoftGrid Client
[2010/09/08 18:48:43 | 000,000,000 | ---D | M] -- C:\Users\rudi\AppData\Roaming\TP
[2010/11/03 19:59:38 | 000,000,000 | ---D | M] -- C:\Users\rudi\AppData\Roaming\Verbindungsassistent
[2011/06/22 09:14:34 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*. >
[2010/11/07 19:47:03 | 000,000,000 | -HSD | M] -- C:\$RECYCLE.BIN
[2011/02/12 19:19:46 | 000,000,000 | ---D | M] -- C:\685c0b2420b0b2a9a9
[2010/09/02 09:57:00 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2010/06/29 01:30:50 | 000,000,000 | ---D | M] -- C:\Intel
[2010/09/12 20:10:43 | 000,000,000 | RH-D | M] -- C:\MSOCache
[2010/11/01 22:36:14 | 000,000,000 | ---D | M] -- C:\Neuer Ordner
[2011/08/31 13:28:49 | 000,000,000 | R--D | M] -- C:\Program Files
[2011/08/31 13:28:52 | 000,000,000 | -H-D | M] -- C:\ProgramData
[2010/09/02 09:57:00 | 000,000,000 | -HSD | M] -- C:\Recovery
[2011/08/31 22:41:30 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2010/09/02 10:10:59 | 000,000,000 | R--D | M] -- C:\Users
[2011/08/31 16:32:03 | 000,000,000 | ---D | M] -- C:\Windows

< %PROGRAMFILES%\*.exe >

< %LOCALAPPDATA%\*.exe >

< %systemroot%\*. /mp /s >


< MD5 for: EXPLORER.EXE *>
[2011/02/26 07:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_54149f9ef14031fc\explorer.exe
[2009/07/14 03:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe
[2011/02/26 07:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_525b5180f3f95373\explorer.exe
[2010/05/18 10:45:00 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe
[2011/02/26 07:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\explorer.exe
[2011/02/26 07:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_51a3a583dafd0cef\explorer.exe
[2011/02/25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_5389023fd8245f84\explorer.exe
[2010/05/18 10:32:37 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe
[2010/05/18 10:32:37 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe
[2010/05/18 10:45:00 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe

< MD5 for: REGEDIT.EXE *>
[2009/07/14 03:14:30 | 000,398,336 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\regedit.exe
[2009/07/14 03:14:30 | 000,398,336 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\winsxs\x86_microsoft-windows-registry-editor_31bf3856ad364e35_6.1.7600.16385_none_f4050b883d2c3c08\regedit.exe

< MD5 for: USERINIT.EXE *>
[2009/07/14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\System32\userinit.exe
[2009/07/14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe

< MD5 for: WININIT.EXE *>
[2009/07/14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\System32\wininit.exe
[2009/07/14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe

< MD5 for: WINLOGON.EXE *>
[2010/05/18 10:45:00 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\System32\winlogon.exe
[2010/05/18 10:45:00 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe
[2010/05/18 10:45:00 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe
[2009/07/14 03:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2011-08-30 18:58:00

< End of report >

--- --- ---

cosinus · 01.09.2011, 23:30

Zitat:

*Ich poste euch hier die nötigen Logfiles.

Ja ich bitte darum

TheCaptain · 02.09.2011, 10:49

Ich hoffe diesmal hats geklappt: Die gezipten Logfiles im Anhang.

cosinus · 02.09.2011, 13:33

Bitte routinemäßig einen Vollscan mit Malwarebytes machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!

TheCaptain · 02.09.2011, 18:24

Das hier war der erste Scan, den ich gemacht habe mit 70(!) Funden:

Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org

Datenbank Version: 7619

Windows 6.1.7600 (Safe Mode)
Internet Explorer 8.0.7600.16385

31.08.2011 14:09:34
mbam-log-2011-08-31 (14-09-34).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 308303
Laufzeit: 37 Minute(n), 14 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 1
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 70

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Microsoft® Windows Update (Backdoor.IRCBot.WR) -> Value: Microsoft® Windows Update -> Quarantined and deleted successfully.

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
c:\Users\rudi\m-1-74-6482-7942-8945\winsvc.exe (Backdoor.IRCBot.WR) -> Quarantined and deleted successfully.
c:\Users\rudi\AppData\Local\microsoft\Windows\temporary internet files\Content.IE5\30IMFAPZ\stat[1].exe (Rootkit.TDSS) -> Quarantined and deleted successfully.
c:\Users\rudi\AppData\Local\microsoft\Windows\temporary internet files\Content.IE5\NVJOWRDW\stat[1].exe (Rootkit.TDSS) -> Quarantined and deleted successfully.
c:\Users\rudi\AppData\Local\microsoft\Windows\temporary internet files\Content.IE5\SU53Z30T\main[1].exe (Backdoor.IRCBot.WR) -> Quarantined and deleted successfully.
c:\Users\rudi\AppData\Local\microsoft\Windows\temporary internet files\Content.IE5\UQ19CIXP\ok[1].exe (Backdoor.IRCBot.WR) -> Quarantined and deleted successfully.
c:\Users\rudi\AppData\Local\microsoft\Windows\temporary internet files\Content.IE5\UQ19CIXP\stat[1].exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\rudi\AppData\Local\microsoft\Windows\temporary internet files\Content.IE5\UQ19CIXP\stl[1].exe (Backdoor.IRCBot.WR) -> Quarantined and deleted successfully.
c:\Users\rudi\AppData\Local\Temp\0.64376548605302.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\Users\rudi\AppData\Local\Temp\0383226.exe (Backdoor.IRCBot.WR) -> Quarantined and deleted successfully.
c:\Users\rudi\AppData\Local\Temp\1312241.exe (Backdoor.IRCBot.WR) -> Quarantined and deleted successfully.
c:\Users\rudi\AppData\Local\Temp\2151306.exe (Backdoor.IRCBot.WR) -> Quarantined and deleted successfully.
c:\Users\rudi\AppData\Local\Temp\2359887.exe (Backdoor.IRCBot.WR) -> Quarantined and deleted successfully.
c:\Users\rudi\AppData\Local\Temp\2B63.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\rudi\AppData\Local\Temp\3536795.exe (Backdoor.IRCBot.WR) -> Quarantined and deleted successfully.
c:\Users\rudi\AppData\Local\Temp\3624888.exe (Backdoor.IRCBot.WR) -> Quarantined and deleted successfully.
c:\Users\rudi\AppData\Local\Temp\3654494.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\rudi\AppData\Local\Temp\3706653.exe (Backdoor.IRCBot.WR) -> Quarantined and deleted successfully.
c:\Users\rudi\AppData\Local\Temp\3767284.exe (Backdoor.IRCBot.WR) -> Quarantined and deleted successfully.
c:\Users\rudi\AppData\Local\Temp\3957313.exe (Backdoor.IRCBot.WR) -> Quarantined and deleted successfully.
c:\Users\rudi\AppData\Local\Temp\4867371.exe (Backdoor.IRCBot.WR) -> Quarantined and deleted successfully.
c:\Users\rudi\AppData\Local\Temp\5497757.exe (Backdoor.IRCBot.WR) -> Quarantined and deleted successfully.
c:\Users\rudi\AppData\Local\Temp\5845815.exe (Rootkit.TDSS) -> Quarantined and deleted successfully.
c:\Users\rudi\AppData\Local\Temp\6054988.exe (Backdoor.IRCBot.WR) -> Quarantined and deleted successfully.
c:\Users\rudi\AppData\Local\Temp\6295122.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\rudi\AppData\Local\Temp\6594228.exe (Backdoor.IRCBot.WR) -> Quarantined and deleted successfully.
c:\Users\rudi\AppData\Local\Temp\6607219.exe (Backdoor.IRCBot.WR) -> Quarantined and deleted successfully.
c:\Users\rudi\AppData\Local\Temp\6731590.exe (Backdoor.IRCBot.WR) -> Quarantined and deleted successfully.
c:\Users\rudi\AppData\Local\Temp\7100441.exe (Backdoor.IRCBot.WR) -> Quarantined and deleted successfully.
c:\Users\rudi\AppData\Local\Temp\7152722.exe (Backdoor.IRCBot.WR) -> Quarantined and deleted successfully.
c:\Users\rudi\AppData\Local\Temp\71AE.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully.
c:\Users\rudi\AppData\Local\Temp\7676683.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\rudi\AppData\Local\Temp\78875.exe (Backdoor.IRCBot.WR) -> Quarantined and deleted successfully.
c:\Users\rudi\AppData\Local\Temp\7943560.exe (Backdoor.IRCBot.WR) -> Quarantined and deleted successfully.
c:\Users\rudi\AppData\Local\Temp\7973583.exe (Backdoor.IRCBot.WR) -> Quarantined and deleted successfully.
c:\Users\rudi\AppData\Local\Temp\87A4.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\rudi\AppData\Local\Temp\8942847.exe (Backdoor.IRCBot.WR) -> Quarantined and deleted successfully.
c:\Users\rudi\AppData\Local\Temp\9082668.exe (Rootkit.TDSS) -> Quarantined and deleted successfully.
c:\Users\rudi\AppData\Local\Temp\9794.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\rudi\AppData\Local\Temp\B019.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully.
c:\Users\rudi\AppData\Local\Temp\C41E.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully.
c:\Users\rudi\AppData\Local\Temp\setup1508226640.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\rudi\AppData\Local\Temp\setup1536145816.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\rudi\AppData\Local\Temp\setup155329568.exe (Rootkit.TDSS) -> Quarantined and deleted successfully.
c:\Users\rudi\AppData\Local\Temp\setup1692662584.exe (Rootkit.TDSS) -> Quarantined and deleted successfully.
c:\Users\rudi\AppData\Local\Temp\setup194569472.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\rudi\AppData\Local\Temp\setup2116970368.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\rudi\AppData\Local\Temp\setup2279928872.exe (Rootkit.TDSS) -> Quarantined and deleted successfully.
c:\Users\rudi\AppData\Local\Temp\setup2401885624.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\rudi\AppData\Local\Temp\setup2518587208.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\rudi\AppData\Local\Temp\setup2654075072.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\rudi\AppData\Local\Temp\setup2849794480.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\rudi\AppData\Local\Temp\setup3191075488.exe (Rootkit.TDSS) -> Quarantined and deleted successfully.
c:\Users\rudi\AppData\Local\Temp\setup3271199012.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\rudi\AppData\Local\Temp\setup3714177072.exe (Rootkit.TDSS) -> Quarantined and deleted successfully.
c:\Users\rudi\AppData\Local\Temp\setup3934541472.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\rudi\AppData\Local\Temp\setup3986242384.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\rudi\AppData\Local\Temp\setup4049136420.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\rudi\AppData\Local\Temp\setup674794996.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\rudi\AppData\Local\Temp\setup789581524.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\rudi\AppData\LocalLow\Sun\Java\deployment\cache\6.0\35\620a36a3-79abad71 (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\Users\rudi\downloads\pic04402011.jpg.scr (Backdoor.IRCBot.WR) -> Quarantined and deleted successfully.
c:\Windows\softwaredistribution\Download\2c2ccedb4df3da26ac099387547f04d8\BIT66A1.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Windows\Temp\70A3.tmp (Malware.Gen) -> Quarantined and deleted successfully.
c:\Users\rudi\AppData\Local\Temp\6042078.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Public\Desktop\control center.lnk (Rogue.ControlCenter) -> Quarantined and deleted successfully.
c:\Windows\Temp\0.4880132474961957.exe (Exploit.Drop.2) -> Quarantined and deleted successfully.
c:\Windows\Temp\0.9894269051104149.exe (Exploit.Drop.2) -> Quarantined and deleted successfully.
c:\Users\rudi\AppData\Roaming\Adobe\shed\thr1.chm (Malware.Trace) -> Quarantined and deleted successfully.
c:\Users\rudi\AppData\Roaming\Adobe\plugs\mmc22167726.txt (Trojan.Agent.Gen) -> Quarantined and deleted successfully.
c:\Users\rudi\AppData\Roaming\Adobe\plugs\mmc84.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully.

Und den Scan habe ich heute gemacht:

Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org

Datenbank Version: 7636

Windows 6.1.7600 (Safe Mode)
Internet Explorer 8.0.7600.16385

02.09.2011 19:11:01
mbam-log-2011-09-02 (19-11-01).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 286760
Laufzeit: 27 Minute(n), 2 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 1

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
c:\Windows\Temp\0.8402708139587759.exe (Exploit.Drop.2) -> Quarantined and deleted successfully.

cosinus · 04.09.2011, 12:56

Führ bitte auch ESET aus, danach sehen wir weiter:

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

TheCaptain · 04.09.2011, 17:51

Hier der ESET log:

ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6528
# api_version=3.0.2
# EOSSerial=8fa541586eac0a47be18a24e4cdd34b0
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-09-04 04:02:22
# local_time=2011-09-04 06:02:22 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7600 NT
# compatibility_mode=4609 16776574 60 20 268 48039311 0 0
# compatibility_mode=5893 16776573 100 94 417622 66779486 0 0
# compatibility_mode=8192 67108863 100 0 910 910 0 0
# scanned=129833
# found=5
# cleaned=0
# scan_time=3847
C:\Users\rudi\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\30IMFAPZ\ok[1].exe a variant of Win32/Injector.IYC trojan (unable to clean) 00000000000000000000000000000000 I
C:\Users\rudi\Downloads\MediaPlayer_Setup.exe a variant of Win32/SweetIM.A application (unable to clean) 00000000000000000000000000000000 I
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\20\4b513494-17799318 Java/Agent.DJ trojan (unable to clean) 00000000000000000000000000000000 I
C:\Windows\System32\drivers\tdx.sys a variant of Win32/Rootkit.Kryptik.DM trojan (unable to clean) 00000000000000000000000000000000 I
C:\Windows\winsxs\x86_microsoft-windows-tdi-over-tcpip_31bf3856ad364e35_6.1.7600.16385_none_ea141e6f3d693e28\tdx.sys a variant of Win32/Rootkit.Kryptik.DM trojan (unable to clean) 00000000000000000000000000000000 I

cosinus · 04.09.2011, 18:05

Kannst du die Funde mit ESET entfernen?

TheCaptain · 04.09.2011, 19:18

Mit dem Scanner den ich da runtergeladen habe kann ich aber nichts entfernen oder? Muss ich mir dann diese Testversion holen?

cosinus · 05.09.2011, 09:03

Zitat:

Gehe sicher das bei Remove Found Threats kein Hacken gesetzt ist.

Anleitung nicht gelesen? Im ersten Lauf von ESET sollst du keinen Fund entfernen lassen, wenn sich herausstellt, dass alles weg kann, dann kann man auch die Funde entfernen lassen.

TheCaptain · 05.09.2011, 12:59

Doch doch, ich bin der Anleitung genau so gefolgt. Habe dann jetzt ESET nochmal gestartet und den Hacken bei remove threats gesetzt. Als der Scan beendet war, waren plötzlich alle Desktopsymbole, bis auf den Papierkorb und 'Computer' verschwunden. Der Laptop hat sich dann selbstständig runtergefahren. Jetzt lässt er sich allerdings nicht mehr hochfahren. Das Bild bleibt Schwarz, nur oben Links blinkt ein kleiner Balken.

cosinus · 05.09.2011, 13:51

Da musst du mit OTLPE ran. Benötigt wird dafür ein zweiter (virenfreier!!) Windows-Rechner mit Brenner und einen CD-R oder CD-RW Rohling. Den infizierten Rechner von dieser selbstgebrannten OTLPE-CD dann booten.

Falls Du kein Brennprogramm installiert hast, lade dir bitte ISOBurner herunter. Das Programm wird Dir erlauben, OTLPE auf eine CD zu brennen und sie bootfähig zu machen. Du brauchst das Tool nur zu installieren, der Rest läuft automatisch => Wie brenne ich eine ISO Datei auf CD/DVD.

Lade OTLPENet.exe von OldTimer herunter und speichere sie auf Deinem Desktop. Anmerkung: Die Datei ist ca. 120 MB groß und es wird bei langsamer Internet-Verbindung ein wenig dauern, bis Du sie runtergeladen hast.
Wenn der Download fertig ist, mache einen Doppelklick auf die Datei und beantworte die Frage "Do you want to burn the CD?" mit Yes.
Lege eine leere CD in Deinen Brenner.
ImgBurn (oder Dein Brennprogramm) wird das Archiv extrahieren und OTLPE Network auf die CD brennen.
Wenn der Brenn-Vorgang abgeschlossen ist, wirst Du eine Dialogbox sehen => "Operation successfully completed".
Du kannst nun die Fenster des Brennprogramms schließen.

Nun boote von der OTLPE CD. Hinweis: Wie boote ich von CD

Dein System sollte nach einigen Minuten den REATOGO-X-PE Desktop anzeigen.
Mache einen Doppelklick auf das OTLPE Icon.
Wenn Du gefragt wirst "Do you wish to load the remote registry", dann wähle Yes.
Wenn Du gefragt wirst "Do you wish to load remote user profile(s) for scanning", dann wähle Yes.
Vergewissere Dich, dass die Box "Automatically Load All Remaining Users" gewählt ist und drücke OK.
OTLpe sollte nun starten.
Drücke Run Scan, um den Scan zu starten.
Wenn der Scan fertig ist, werden die Dateien C:\OTL.Txt und C:\Extras.Txt erstellt
Kopiere diese Datei auf Deinen USB-Stick, wenn Du keine Internetverbindung auf diesem System hast.
Bitte poste den Inhalt von C:\OTL.Txt und Extras.Txt.

TheCaptain · 05.09.2011, 16:09

Habe den Laptop per CD gebootet, es erschien der Ladebalken "starting reatogo-x-pe". Als der Balken voll geladen war kam ein Bluescreen mit folgendem Text:

"a problem has eben detected and windows has been shut down to prevent damage to your computer". Dann die Aufforderung dass ich den Computer neu starten soll falls das Problem zum ersten mal auftaucht, und dass ich die Festplatten kontrollieren soll. Ich habe den Laptop neu gestartet, allerdings erschien der Bluescreen erneut.

Unten steht noch "Technical Information: STOP: 0x0000007B (0xF78DA528, 0xC0000034 ...)

cosinus · 05.09.2011, 21:31

Geh mal ins BIOS deines Computers und stell den Plattencontroller von AHCI auf IDE bzw. Compatible um. Genauere Anleitungen kann man nicht posten, da fast jedes BIOS anders aussieht. Schau notfalls ins Handbuch.

Um das installierte Windows wieder booten zu können musst du natürlich auf AHCI wieder umstellen.

TheCaptain · 06.09.2011, 10:56

Ich habe auf IDE umgestellt, der Laptop ist auch hochgefahren. Wenn ich allerdings OTLPE öffne, erscheint ein Fenster mit "Browse for Folder". Egal welchen Ordner ich wähle es erscheint die Fehlermeldung "no Windows Installation Found"

02.09.2011, 13:33	#4
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Protection Center - Anti-Malware hat nicht geholfen Bitte routinemäßig einen Vollscan mit Malwarebytes machen und Log posten. Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten! __________________ Logfiles bitte immer in CODE-Tags posten

04.09.2011, 18:05	#8
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Protection Center - Anti-Malware hat nicht geholfen Kannst du die Funde mit ESET entfernen? __________________ Logfiles bitte immer in CODE-Tags posten

Protection Center - Anti-Malware hat nicht geholfen

Log-Analyse und Auswertung: Protection Center - Anti-Malware hat nicht geholfen