partner37.mydomainadvisor.com

vitus333 · 10.10.2012, 07:09

Hallo cosinus,

anbei die Logdatei von Combofix. Leider funktionieren die verschiedenen Ordner noch immer nicht...

Combofix Logfile:

Code:

ATTFilter

ComboFix 12-10-08.03 - * 10.10.2012   7:36.1.2 - x86
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.2804.2085 [GMT 2:00]
ausgeführt von:: c:\users\*\Desktop\ComboFix.exe
AV: AntiVir Desktop *Enabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Enabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\*\videos\vlc-1.1.11-win32.exe
c:\windows\$NtUninstallKB29222$
c:\windows\$NtUninstallKB29222$\195300660
c:\windows\$NtUninstallKB29222$\3261968459\@
c:\windows\$NtUninstallKB29222$\3261968459\bckfg.tmp
c:\windows\$NtUninstallKB29222$\3261968459\cfg.ini
c:\windows\$NtUninstallKB29222$\3261968459\Desktop.ini
c:\windows\$NtUninstallKB29222$\3261968459\keywords
c:\windows\$NtUninstallKB29222$\3261968459\kwrd.dll
c:\windows\$NtUninstallKB29222$\3261968459\L\xadqgnnk
c:\windows\$NtUninstallKB29222$\3261968459\U\00000001.@
c:\windows\$NtUninstallKB29222$\3261968459\U\00000002.@
c:\windows\$NtUninstallKB29222$\3261968459\U\00000004.@
c:\windows\$NtUninstallKB29222$\3261968459\U\80000000.@
c:\windows\$NtUninstallKB29222$\3261968459\U\80000004.@
c:\windows\$NtUninstallKB29222$\3261968459\U\80000032.@
c:\windows\IsUn0407.exe
c:\windows\system32\URTTemp
c:\windows\system32\URTTemp\regtlib.exe
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-09-10 bis 2012-10-10  ))))))))))))))))))))))))))))))
.
.
2012-10-10 05:54 . 2012-10-10 05:54	29904	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{1D6EBCB9-1679-4DC3-BE57-E3176420E59A}\MpKsl803654d6.sys
2012-10-10 05:50 . 2012-10-10 05:54	--------	d-----w-	c:\users\*\AppData\Local\temp
2012-10-10 05:50 . 2012-10-10 05:50	--------	d-----w-	c:\users\UpdatusUser\AppData\Local\temp
2012-10-10 05:50 . 2012-10-10 05:50	--------	d-----w-	c:\users\Default\AppData\Local\temp
2012-10-10 05:36 . 2012-10-10 05:36	29904	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{1D6EBCB9-1679-4DC3-BE57-E3176420E59A}\MpKslf63a307a.sys
2012-10-09 19:30 . 2012-08-30 08:17	6980552	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{1D6EBCB9-1679-4DC3-BE57-E3176420E59A}\mpengine.dll
2012-10-08 06:23 . 2012-08-30 08:17	6980552	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-10-04 08:16 . 2012-10-04 08:16	--------	d-----w-	C:\_OTL
2012-09-28 08:36 . 2012-09-28 08:36	--------	d-----w-	c:\program files\ESET
2012-09-26 06:24 . 2012-08-21 20:12	245760	----a-w-	c:\windows\system32\OxpsConverter.exe
2012-09-23 05:49 . 2012-08-24 06:43	2382848	----a-w-	c:\windows\system32\mshtml.tlb
2012-09-23 05:49 . 2012-08-24 07:34	140936	----a-w-	c:\program files\Internet Explorer\sqmapi.dll
2012-09-23 05:49 . 2012-08-24 06:47	420864	----a-w-	c:\windows\system32\vbscript.dll
2012-09-23 05:49 . 2012-08-24 06:48	194048	----a-w-	c:\program files\Internet Explorer\IEShims.dll
2012-09-23 05:49 . 2012-08-24 06:47	142848	----a-w-	c:\windows\system32\ieUnatt.exe
2012-09-12 07:58 . 2012-02-09 12:17	713784	------w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C61DB505-D973-4658-8FD1-6923D2EF8934}\gapaengine.dll
2012-09-12 07:51 . 2012-10-03 04:37	--------	d-----w-	c:\program files\Microsoft Security Client
2012-09-12 07:02 . 2012-09-12 07:02	--------	d-----w-	C:\ConvertTemp
2012-09-12 07:00 . 2012-09-12 07:02	--------	d-----w-	C:\Output
2012-09-12 06:59 . 2012-09-12 06:59	--------	d-----w-	c:\program files\Free Htm-Html to Image Jpg-Jpeg Converter
2012-09-12 06:58 . 2012-10-04 08:16	--------	d-----w-	c:\program files\blekkotb_031
2012-09-12 06:58 . 2012-09-12 06:58	--------	d-----w-	c:\users\*\AppData\Local\blekkotb_031
2012-09-12 06:36 . 2012-09-12 06:37	8281168	----a-w-	c:\programdata\Microsoft\BingBar\BBSvc\7.1.391.0oemBingBarSetup-Partner.EXE
2012-09-12 06:28 . 2012-08-22 17:16	712048	----a-w-	c:\windows\system32\drivers\ndis.sys
2012-09-12 06:28 . 2012-07-04 19:45	33280	----a-w-	c:\windows\system32\drivers\RNDISMP.sys
2012-09-12 06:28 . 2012-08-22 17:16	1292144	----a-w-	c:\windows\system32\drivers\tcpip.sys
2012-09-12 06:28 . 2012-08-22 17:16	240496	----a-w-	c:\windows\system32\drivers\netio.sys
2012-09-12 06:28 . 2012-08-22 17:16	187760	----a-w-	c:\windows\system32\drivers\FWPKCLNT.SYS
2012-09-12 06:28 . 2012-08-02 16:57	490496	----a-w-	c:\windows\system32\d3d10level9.dll
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-09 06:33 . 2012-06-08 10:53	696760	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2012-10-09 06:33 . 2011-07-04 21:05	73656	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2012-09-07 15:04 . 2011-12-08 19:01	22856	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-08-30 20:03 . 2012-08-30 20:03	193552	----a-w-	c:\windows\system32\drivers\MpFilter.sys
2012-08-30 20:03 . 2012-03-20 18:44	99272	----a-w-	c:\windows\system32\drivers\NisDrvWFP.sys
2012-08-10 17:26 . 2012-08-10 17:26	486512	----a-w-	c:\windows\system32\NBMatS1SDK.dll
2012-08-10 17:26 . 2012-08-10 17:26	29232	----a-w-	c:\windows\system32\drivers\FPSensor.sys
2012-08-10 17:26 . 2012-08-10 17:26	60976	----a-w-	c:\windows\system32\drivers\mwlPSDVDisk.sys
2012-08-10 17:26 . 2012-08-10 17:26	18992	----a-w-	c:\windows\system32\drivers\mwlPSDFilter.sys
2012-08-10 17:26 . 2012-08-10 17:26	16432	----a-w-	c:\windows\system32\drivers\mwlPSDNserv.sys
2012-07-18 17:47 . 2012-08-18 16:40	2345984	----a-w-	c:\windows\system32\win32k.sys
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Akamai NetSession Interface"="c:\users\*\AppData\Local\Akamai\netsession_win.exe" [2012-08-10 4440896]
"Window Hide Tool"="c:\program files\Window Hide Tool\Window Hide Tool.exe" [2008-01-18 307200]
"Spotify Web Helper"="c:\*\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2012-08-18 1193176]
"Steam"="c:\program files\Steam\Steam.exe" [2012-08-23 1353080]
"Facebook Update"="c:\users\*\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-09-09 138096]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-04-13 1808784]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-04-21 281768]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-04-10 142680]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-04-10 176472]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-04-10 175448]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"VitaKeyTSR"="c:\program files\EgisTec BioExcess\EgisTSR.exe" [2010-05-28 376176]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-09-12 947176]
.
c:\users\*\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Facebook Messenger.lnk - c:\users\*\AppData\Local\Facebook\Messenger\2.1.4651.0\FacebookMessenger.exe [2012-9-25 247728]
OpenOffice.org 3.3.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
VPN Client.lnk - c:\windows\Installer\{1CE60928-8325-49A8-8B06-633E48DD2B67}\Icon3E5562ED7.ico [2011-10-12 6144]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\nvinit.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages	REG_MULTI_SZ   	kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
R3 androidusb;ADB Interface Driver;c:\windows\system32\Drivers\androidusb.sys [x]
R3 BBUpdate;BBUpdate;c:\program files\Microsoft\BingBar\7.1.391.0\SeaPort.exe [x]
R3 EagleXNt;EagleXNt;c:\windows\system32\drivers\EagleXNt.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S2 ABBYY.Licensing.PDFTransformer.Classic.3.0;ABBYY PDF Transformer 3.0 - Lizenzierungsdienst;c:\program files\ABBYY PDF Transformer 3.0\NetworkLicenseServer.exe [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [x]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [x]
S2 BBSvc;BingBar Service;c:\program files\Microsoft\BingBar\7.1.391.0\BBSvc.exe [x]
S2 EgisTec Data Security Service;EgisTec Data Security Service;c:\program files\EgisTec BioExcess\EgisDSService.exe [x]
S2 EgisTec Service;EgisTec Service;c:\program files\EgisTec BioExcess\EgisService.exe [x]
S2 FPSensor;EgisTec-Corp Fingerprint Reader Driver (FPSensor.sys);c:\windows\system32\Drivers\FPSensor.sys [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [x]
S3 ACPIVPC;Lenovo Virtual Power Controller Driver;c:\windows\system32\DRIVERS\AcpiVpc.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x]
S3 IntcDAud;Intel(R) Display-Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\DRIVERS\L1C62x86.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - MPKSL803654D6
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai	REG_MULTI_SZ   	Akamai
.
Inhalt des "geplante Tasks" Ordners
.
2012-10-10 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-08 06:33]
.
2012-10-09 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2839828771-2084243830-3291675471-1000Core.job
- c:\users\Vitus Sproten\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-09-09 20:05]
.
2012-10-10 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2839828771-2084243830-3291675471-1000UA.job
- c:\users\Vitus Sproten\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-09-09 20:05]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.de/
uInternet Settings,ProxyOverride = <local>
IE: &Citavi Picker... - file://c:\programdata\Swiss Academic Software\Citavi Picker\Internet Explorer\ShowContextMenu.html
IE: Free YouTube Download - c:\users\*\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
IE: Free YouTube to MP3 Converter - c:\users\*\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Zur Filterliste hinzufügen (WebWasher) - hxxp://-Web.Washer-/ie_add
TCP: DhcpNameServer = 212.87.96.9 217.21.186.202
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKCU-Run-RDReminder - (no file)
HKCU-Run-KPeerNexonEU - c:\nexon\NEXON_EU_Downloader\nxEULauncher.exe
HKLM-Run-PDFPrint - c:\program files\PDF24\pdf24.exe
AddRemove-8461-7759-5462-8226 - c:\program files\Vuze\uninstall.exe
AddRemove-Dll-Files.com Fixer_is1 - c:\program files\Dll-Files.com Fixer\unins000.exe
AddRemove-eSpeak_is1 - c:\program files\eSpeak\unins000.exe
AddRemove-FIFA MANAGER 10_is1 - c:\program files\FIFA MANAGER 10\unins000.exe
AddRemove-Fraps - c:\fraps\uninstall.exe
AddRemove-IrfanView - c:\program files\IrfanView\iv_uninstall.exe
AddRemove-NetDevil_LEGO_Universe_is1 - c:\program files\LEGO Software\LEGO Universe\uninstall.exe
AddRemove-SimCity 3000 - c:\windows\IsUn0407.exe
AddRemove-SMS Free Sender_is1 - c:\program files\SMS Free Sender\unins000.exe
AddRemove-Untis 2011 - c:\program files\Untis\2011\uninstall.exe
AddRemove-{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1 - c:\program files\PDF24\unins000.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Akamai]
"ServiceDll"="c:\program files\common files\akamai/netsession_win_5891ae0.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-2839828771-2084243830-3291675471-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-2839828771-2084243830-3291675471-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_USERS\S-1-5-21-2839828771-2084243830-3291675471-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC]
@DACL=(02 0000)
.
[HKEY_USERS\S-1-5-21-2839828771-2084243830-3291675471-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\G]
@DACL=(02 0000)
.
[HKEY_USERS\S-1-5-21-2839828771-2084243830-3291675471-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\H]
@DACL=(02 0000)
.
[HKEY_USERS\S-1-5-21-2839828771-2084243830-3291675471-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{04533bf9-c276-11e0-b121-f0def119d7dc}]
@DACL=(02 0000)
.
[HKEY_USERS\S-1-5-21-2839828771-2084243830-3291675471-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{236b843c-bc13-11e0-849c-f0def119d7dc}]
@DACL=(02 0000)
.
[HKEY_USERS\S-1-5-21-2839828771-2084243830-3291675471-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2ceb97ca-b1de-11e0-80ac-f0def119d7dc}]
@DACL=(02 0000)
.
[HKEY_USERS\S-1-5-21-2839828771-2084243830-3291675471-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2ceb97d0-b1de-11e0-80ac-f0def119d7dc}]
@DACL=(02 0000)
.
[HKEY_USERS\S-1-5-21-2839828771-2084243830-3291675471-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2ceb980e-b1de-11e0-80ac-f0def119d7dc}]
@DACL=(02 0000)
.
[HKEY_USERS\S-1-5-21-2839828771-2084243830-3291675471-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{446a82f8-0a1f-11e1-823b-00059a3c7800}]
@DACL=(02 0000)
.
[HKEY_USERS\S-1-5-21-2839828771-2084243830-3291675471-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5e16f381-6468-11e1-a9cc-f0def119d7dc}]
@DACL=(02 0000)
.
[HKEY_USERS\S-1-5-21-2839828771-2084243830-3291675471-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{608834fc-d6f7-11e0-aae9-f0def119d7dc}]
@DACL=(02 0000)
.
[HKEY_USERS\S-1-5-21-2839828771-2084243830-3291675471-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{73de3fb7-27fc-11e1-a742-f0def119d7dc}]
@DACL=(02 0000)
.
[HKEY_USERS\S-1-5-21-2839828771-2084243830-3291675471-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{73de3fbc-27fc-11e1-a742-f0def119d7dc}]
@DACL=(02 0000)
.
[HKEY_USERS\S-1-5-21-2839828771-2084243830-3291675471-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8431e353-a350-11e0-8960-806e6f6e6963}]
@DACL=(02 0000)
.
[HKEY_USERS\S-1-5-21-2839828771-2084243830-3291675471-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8431e354-a350-11e0-8960-806e6f6e6963}]
@DACL=(02 0000)
.
[HKEY_USERS\S-1-5-21-2839828771-2084243830-3291675471-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8431e357-a350-11e0-8960-806e6f6e6963}]
@DACL=(02 0000)
.
[HKEY_USERS\S-1-5-21-2839828771-2084243830-3291675471-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{898d3a34-13af-11e1-9534-f0def119d7dc}]
@DACL=(02 0000)
.
[HKEY_USERS\S-1-5-21-2839828771-2084243830-3291675471-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{92c2ce46-defa-11e0-bce8-f0def119d7dc}]
@DACL=(02 0000)
.
[HKEY_USERS\S-1-5-21-2839828771-2084243830-3291675471-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{aaaf675f-e55b-11e1-9069-f0def119d7dc}]
@DACL=(02 0000)
.
[HKEY_USERS\S-1-5-21-2839828771-2084243830-3291675471-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ae0d9465-15be-11e1-aa69-f0def119d7dc}]
@DACL=(02 0000)
.
[HKEY_USERS\S-1-5-21-2839828771-2084243830-3291675471-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{bffdf649-a3cf-11e0-98bf-f0def119d7dc}]
@DACL=(02 0000)
.
[HKEY_USERS\S-1-5-21-2839828771-2084243830-3291675471-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{bffdf656-a3cf-11e0-98bf-f0def119d7dc}]
@DACL=(02 0000)
.
[HKEY_USERS\S-1-5-21-2839828771-2084243830-3291675471-1000\Software\SecuROM\License information*]
@Allowed: (Read) (RestrictedCode)
"datasecu"=hex:9b,8d,2b,74,2e,cc,cf,97,1e,98,1f,de,67,9b,c4,ad,a5,a7,e6,05,63,
   6b,86,d3,81,d7,e6,b4,4a,09,49,79,18,57,2e,90,2f,39,34,41,ae,10,da,ce,1c,b1,\
"rkeysecu"=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
c:\program files\Microsoft Security Client\MsMpEng.exe
c:\windows\system32\WLANExt.exe
c:\windows\system32\conhost.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\windows\system32\taskhost.exe
c:\program files\Cisco Systems\VPN Client\cvpnd.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\windows\system32\conhost.exe
c:\windows\System32\rundll32.exe
c:\windows\system32\conhost.exe
c:\program files\OpenOffice.org 3\program\soffice.exe
c:\program files\OpenOffice.org 3\program\soffice.bin
c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
c:\program files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
c:\program files\Common Files\Steam\SteamService.exe
c:\windows\system32\sppsvc.exe
c:\program files\Microsoft Security Client\MpCmdRun.exe
c:\windows\system32\taskhost.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-10-10  08:01:30 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2012-10-10 06:01
.
Vor Suchlauf: 14 Verzeichnis(se), 336.068.591.616 Bytes frei
Nach Suchlauf: 17 Verzeichnis(se), 335.418.753.024 Bytes frei
.
- - End Of File - - 3F58CBC72DA09FEC73E40576C25B033E

[/CODE]
--- --- ---

Danke im Voraus

cosinus · 10.10.2012, 12:39

Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.

Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM!

Downloade dir bitte

aswMBR.exe und speichere die Datei auf deinem Desktop.

Starte die aswMBR.exe - (aswMBR.exe Anleitung)
Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
Klicke auf Scan.
Warte bitte bis Scan finished successfully im DOS-Fenster steht.
Drücke auf Save Log und speichere diese auf dem Desktop.

Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).

Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes:
Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.

vitus333 · 11.10.2012, 11:54

Hier die nächsten logdateien

:

Code:

ATTFilter

 aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-10-10 19:46:48
-----------------------------
19:46:48.921    OS Version: Windows 6.1.7601 Service Pack 1
19:46:48.921    Number of processors: 2 586 0x2505
19:46:48.921    ComputerName: *-PC  UserName: *
19:46:51.701    Initialize success
19:53:01.819    AVAST engine defs: 12101000
19:53:29.871    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
19:53:29.881    Disk 0 Vendor: WDC_WD5000BEVT-24A0RT0 01.01A02 Size: 476940MB BusType: 11
19:53:30.141    Disk 0 MBR read successfully
19:53:30.151    Disk 0 MBR scan
19:53:30.291    Disk 0 Windows 7 default MBR code
19:53:30.311    Disk 0 Partition 1 80 (A) 0C    FAT32 LBA FRDOS4.1    30004 MB offset 63
19:53:30.341    Disk 0 Partition - 00     0F Extended LBA             30004 MB offset 61448625
19:53:30.421    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS       415822 MB offset 122898432
19:53:30.531    Disk 0 Partition 3 00     12  Compaq diag NTFS         1109 MB offset 974501888
19:53:30.721    Disk 0 Partition 4 00     0C    FAT32 LBA IBM  7.1    30004 MB offset 61448688
19:53:30.971    Disk 0 scanning sectors +976773168
19:53:31.891    Disk 0 scanning C:\Windows\system32\drivers
19:55:26.464    Service scanning
19:56:11.881    Service MpKsl803654d6 c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{1D6EBCB9-1679-4DC3-BE57-E3176420E59A}\MpKsl803654d6.sys **LOCKED** 32
19:57:27.290    Modules scanning
19:59:39.662    Disk 0 trace - called modules:
19:59:39.800    ntkrnlpa.exe CLASSPNP.SYS disk.sys ataport.SYS halmacpi.dll PCIIDEX.SYS msahci.sys 
19:59:39.815    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86025030]
19:59:39.825    3 CLASSPNP.SYS[8a80459e] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x85f09030]
19:59:41.965    AVAST engine scan C:\Windows
20:02:23.441    AVAST engine scan C:\Windows\system32
20:20:20.174    AVAST engine scan C:\Windows\system32\drivers
20:26:07.819    AVAST engine scan C:\Users\*
21:54:22.200    AVAST engine scan C:\ProgramData
21:59:20.746    Scan finished successfully
23:05:01.810    Disk 0 MBR has been saved successfully to "C:\Users\*\Desktop\MBR.dat"
23:05:02.020    The log file has been saved successfully to "C:\Users\*\Desktop\aswMBR.txt"

OSAM Logfile:

Code:

ATTFilter

Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 19:44:31 on 10.10.2012

OS: Windows 7 Home Premium Edition Service Pack 1 (Build 7601), 32-bit
Default Browser: Opera Software Opera Internet Browser 12.02

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Common]
-----( %SystemRoot%\Tasks )-----
"FacebookUpdateTaskUserS-1-5-21-2839828771-2084243830-3291675471-1000Core.job" - "Facebook Inc." - C:\Users\*\AppData\Local\Facebook\Update\FacebookUpdate.exe
"FacebookUpdateTaskUserS-1-5-21-2839828771-2084243830-3291675471-1000UA.job" - "Facebook Inc." - C:\Users\*\AppData\Local\Facebook\Update\FacebookUpdate.exe
"Adobe Flash Player Updater.job" - "Adobe Systems Incorporated" - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"DivXControlPanelApplet.cpl" - "DivX, Inc." - C:\Windows\system32\DivXControlPanelApplet.cpl
"FlashPlayerCPLApp.cpl" - "Adobe Systems Incorporated" - C:\Windows\system32\FlashPlayerCPLApp.cpl
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"Pando" - "Pando Networks" - C:\Program Files\Pando Networks\Media Booster\PMB.cpl

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"avgntflt" (avgntflt) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avgntflt.sys
"avipbb" (avipbb) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avipbb.sys
"catchme" (catchme) - ? - C:\Users\*~1\AppData\Local\Temp\catchme.sys  (File not found)
"Cisco Systems Inc. IPSec Driver" (CVPNDRVA) - "Cisco Systems, Inc." - C:\Windows\system32\Drivers\CVPNDRVA.sys
"EagleXNt" (EagleXNt) - ? - C:\Windows\system32\drivers\EagleXNt.sys  (File not found)
"ffkdrpod" (ffkdrpod) - ? - C:\Users\VITUSS~1\AppData\Local\Temp\ffkdrpod.sys  (Hidden registry entry, rootkit activity | File not found)
"FssFltr" (fssfltr) - "Microsoft Corporation" - C:\Windows\System32\DRIVERS\fssfltr.sys
"MBAMProtector" (MBAMProtector) - "Malwarebytes Corporation" - C:\Windows\system32\drivers\mbam.sys
"mbr" (mbr) - ? - C:\Users\VITUSS~1\AppData\Local\Temp\mbr.sys  (Hidden registry entry, rootkit activity | File not found)
"MpKsl803654d6" (MpKsl803654d6) - "Microsoft Corporation" - c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{1D6EBCB9-1679-4DC3-BE57-E3176420E59A}\MpKsl803654d6.sys
"MpKslf63a307a" (MpKslf63a307a) - "Microsoft Corporation" - c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{1D6EBCB9-1679-4DC3-BE57-E3176420E59A}\MpKslf63a307a.sys
"ssmdrv" (ssmdrv) - "Avira GmbH" - C:\Windows\System32\DRIVERS\ssmdrv.sys

[Explorer]
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" - ? -   (File not found | COM-object registry key not found)
{F9DB5320-233E-11D1-9F84-707F02C10627} "{F9DB5320-233E-11D1-9F84-707F02C10627}" - ? -   (File not found | COM-object registry key not found)
-----( HKLM\Software\Classes\Protocols\Handler )-----
{828030A1-22C1-4009-854F-8E305202313F} "livecall" - ? -   (File not found | COM-object registry key not found)
{828030A1-22C1-4009-854F-8E305202313F} "msnim" - ? -   (File not found | COM-object registry key not found)
{91774881-D725-4E58-B298-07617B9B86A8} "skype-ie-addon-data" - ? -   (File not found | COM-object registry key not found)
{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "skype4com" - ? -   (File not found | COM-object registry key not found)
{03C514A3-1EFB-4856-9F99-10D7BE1653C0} "wlmailhtml" - ? -   (File not found | COM-object registry key not found)
{E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} "wlpg" - ? -   (File not found | COM-object registry key not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{23170F69-40C1-278A-1000-000100020000} "7-Zip Shell Extension" - ? -   (File not found | COM-object registry key not found)
{D8D1CE8C-B1EB-4E95-B63B-1531BA60E992} "DivX Property Handler" - ? -   (File not found | COM-object registry key not found)
{83238FAE-D346-4E12-8734-D42F7554B3E6} "DivX Thumbnail Provider" - ? -   (File not found | COM-object registry key not found)
{09A47860-11B0-4DA5-AFA5-26D86198A780} "EPP" - ? -   (File not found | COM-object registry key not found)
{653DCCC2-13DB-45B2-A389-427885776CFE} "IntelliPoint Activities Control Panel Property Page" - ? -   (File not found | COM-object registry key not found)
{124597D8-850A-41AE-849C-017A4FA99CA2} "IntelliPoint Buttons Control Panel Property Page" - ? -   (File not found | COM-object registry key not found)
{3BEABCC1-BF31-42df-88D9-A2955D6B8528} "IntelliPoint Sensitivity Control Panel Property Page" - ? -   (File not found | COM-object registry key not found)
{1184D0ED-DBCE-4170-8DBB-4D0C3905DA85} "IntelliPoint Touch Control Panel Property Page" - ? -   (File not found | COM-object registry key not found)
{C533AB49-9805-4972-8326-A084696B00F0} "IntelliPoint Touch Mouse Control Panel Property Page" - ? -   (File not found | COM-object registry key not found)
{AF90F543-6A3A-4C1B-8B16-ECEC073E69BE} "IntelliPoint Wheel Control Panel Property Page" - ? -   (File not found | COM-object registry key not found)
{20082881-FC36-4E47-9A7A-644C95FF749F} "IntelliPoint Wireless Control Panel Property Page" - ? -   (File not found | COM-object registry key not found)
{A929C4CE-FD36-4270-B4F5-34ECAC5BD63C} "NvAppShExt extension" - ? -   (File not found | COM-object registry key not found)
{A70C977A-BF00-412C-90B7-034C51DA2439} "NvCpl DesktopContext Class" - ? -   (File not found | COM-object registry key not found)
{3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} "NVIDIA Play On My TV Context Menu Extension" - ? -   (File not found | COM-object registry key not found)
{E97DEC16-A50D-49bb-AE24-CF682282E08D} "OpenGLShExt extension" - ? -   (File not found | COM-object registry key not found)
{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "OpenOffice.org Column Handler" - ? -   (File not found | COM-object registry key not found)
{087B3AE3-E237-4467-B8DB-5A38AB959AC9} "OpenOffice.org Infotip Handler" - ? -   (File not found | COM-object registry key not found)
{AE424E85-F6DF-4910-A6A9-438797986431} "OpenOffice.org Property Handler" - ? -   (File not found | COM-object registry key not found)
{63542C48-9552-494A-84F7-73AA6A7C99C1} "OpenOffice.org Property Sheet Handler" - ? -   (File not found | COM-object registry key not found)
{3B092F0C-7696-40E3-A80F-68D74DA84210} "OpenOffice.org Thumbnail Viewer" - ? -   (File not found | COM-object registry key not found)
{2DC8E5F2-C89C-4730-82C9-19120DEE5B0A} "PDFTransformer3ContextMenu" - ? -   (File not found | COM-object registry key not found)
{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - ? -   (File not found | COM-object registry key not found)
{2BE99FD4-A181-4996-BFA9-58C5FFD11F6C} "Windows Live Photo Gallery Autoplay Drop Target" - ? -   (File not found | COM-object registry key not found)
{00F30F90-3E96-453B-AFCD-D71989ECC2C7} "Windows Live Photo Gallery Autoplay Drop Target Shim" - ? -   (File not found | COM-object registry key not found)
{00F374B7-B390-4884-B372-2FC349F2172B} "Windows Live Photo Gallery Editor Drop Target" - ? -   (File not found | COM-object registry key not found)
{00F3712A-CA79-45B4-9E4D-D7891E7F8B9D} "Windows Live Photo Gallery Editor Drop Target Shim" - ? -   (File not found | COM-object registry key not found)
{00F30F64-AC33-42F5-8FD1-5DC2D3FDE06C} "Windows Live Photo Gallery Viewer Drop Target" - ? -   (File not found | COM-object registry key not found)
{00F346CB-35A4-465B-8B8F-65A29DBAB1F6} "Windows Live Photo Gallery Viewer Drop Target Shim" - ? -   (File not found | COM-object registry key not found)
{B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - "Alexander Roshal" - C:\Program Files\WinRAR\rarext.dll
{0563DB41-F538-4B37-A92D-4659049B7766} "WLMD Message Handler" - ? -   (File not found | COM-object registry key not found)
{00F33137-EE26-412F-8D71-F84E4C2C6625} "{00F33137-EE26-412F-8D71-F84E4C2C6625}" - ? -   (File not found | COM-object registry key not found)
{06A2568A-CED6-4187-BB20-400B8C02BE5A} "{06A2568A-CED6-4187-BB20-400B8C02BE5A}" - ? -   (File not found | COM-object registry key not found)

[Internet Explorer]
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
ITBar7Height "ITBar7Height" - ? -   (File not found | COM-object registry key not found)
<binary data> "ITBar7Layout" - ? -   (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{8AD9C840-044E-11D1-B3E9-00805F499D93} "{8AD9C840-044E-11D1-B3E9-00805F499D93}" - ? -   (File not found | COM-object registry key not found) / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} "{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}" - ? -   (File not found | COM-object registry key not found) / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} "{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}" - ? -   (File not found | COM-object registry key not found) / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}" - ? -   (File not found | COM-object registry key not found) / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
{E2883E8F-472F-4FB0-9522-AC9BF37916A7} "{E2883E8F-472F-4FB0-9522-AC9BF37916A7}" - ? -   (File not found | COM-object registry key not found) / hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
{E6F480FC-BD44-4CBA-B74A-89AF7842937D} "{E6F480FC-BD44-4CBA-B74A-89AF7842937D}" - ? -   (File not found | COM-object registry key not found) / hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.4.26.0.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
{B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} "@C:\Program Files\Windows Live\Companion\companionlang.dll,-600" - ? -   (File not found | COM-object registry key not found)
{5F7B1267-94A9-47F5-98DB-E99415F33AEC} "@C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004" - ? -   (File not found | COM-object registry key not found)
{609D670F-B735-4da7-AC6D-F3BD358E325E} "Citavi Picker" - ? -   (File not found | COM-object registry key not found)
{898EA8C8-E7FF-479B-8935-AEC46303B9E5} "Skype Click to Call" - ? -   (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )-----
{8dcb7100-df86-4384-8842-8fa844297b3f} "Bing" - ? -   (File not found | COM-object registry key not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} "{18DF081C-E8AD-4283-A596-FA578C2EBDC3}" - ? -   (File not found | COM-object registry key not found)
{326E768D-4182-46FD-9C16-1449A49795F4} "{326E768D-4182-46FD-9C16-1449A49795F4}" - ? -   (File not found | COM-object registry key not found)
{56CBB761-DA41-4E31-B270-B13B4B0A61D0} "{56CBB761-DA41-4E31-B270-B13B4B0A61D0}" - ? -   (File not found | COM-object registry key not found)
{609D670F-B735-4da7-AC6D-F3BD358E325E} "{609D670F-B735-4da7-AC6D-F3BD358E325E}" - ? -   (File not found | COM-object registry key not found)
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} "{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}" - ? -   (File not found | COM-object registry key not found)
{9030D464-4C02-4ABF-8ECC-5164760863C6} "{9030D464-4C02-4ABF-8ECC-5164760863C6}" - ? -   (File not found | COM-object registry key not found)
{9FDDE16B-836F-4806-AB1F-1455CBEFF289} "{9FDDE16B-836F-4806-AB1F-1455CBEFF289}" - ? -   (File not found | COM-object registry key not found)
{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} "{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}" - ? -   (File not found | COM-object registry key not found)
{d2ce3e00-f94a-4740-988e-03dc2f38c34f} "{d2ce3e00-f94a-4740-988e-03dc2f38c34f}" - ? -   (File not found | COM-object registry key not found)
{DBC80044-A445-435b-BC74-9C25C1C588A9} "{DBC80044-A445-435b-BC74-9C25C1C588A9}" - ? -   (File not found | COM-object registry key not found)

[LSA Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Lsa )-----
"Security Packages" - "Microsoft Corp." - C:\Windows\system32\livessp.dll

[Logon]
-----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\Users\Vitus Sproten\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
"Facebook Messenger.lnk" - "Facebook" - C:\Users\Vitus Sproten\AppData\Local\Facebook\Messenger\2.1.4651.0\FacebookMessenger.exe  (Shortcut exists | File exists)
"OpenOffice.org 3.3.lnk" - ? - C:\Program Files\OpenOffice.org 3\program\quickstart.exe  (Shortcut exists | File found, but it contains no detailed information | File exists)
-----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
"VPN Client.lnk" - "Cisco Systems, Inc." - C:\Program Files\Cisco Systems\VPN Client\vpngui.exe  (Shortcut exists | File exists)
-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----
"Akamai NetSession Interface" - "Akamai Technologies, Inc." - "C:\Users\Vitus Sproten\AppData\Local\Akamai\netsession_win.exe"
"Facebook Update" - "Facebook Inc." - "C:\Users\Vitus Sproten\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
"Spotify Web Helper" - ? - "C:\Users\Vitus Sproten\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"  (File found, but it contains no detailed information)
"Steam" - "Valve Corporation" - "C:\Program Files\Steam\Steam.exe" -silent
"Window Hide Tool" - "FOMINE SOFTWARE" - C:\Program Files\Window Hide Tool\Window Hide Tool.exe
-----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )-----
"StartupPrograms" - ? - rdpclip  (File not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"Adobe ARM" - "Adobe Systems Incorporated" - "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"avgnt" - "Avira GmbH" - "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
"DivXUpdate" - ? - "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
"IntelliPoint" - "Microsoft Corporation" - "c:\Program Files\Microsoft IntelliPoint\ipoint.exe"
"MSC" - "Microsoft Corporation" - "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
"SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
"VitaKeyTSR" - "Egis Technology Inc. " - "C:\Program Files\EgisTec BioExcess\EgisTSR.exe"

[Print Monitors]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----
"Nitro PDF Port Monitor" - "Nitro PDF Software" - C:\Windows\system32\nitrolocalmon2.dll
"PDF-XChange4-ABBYY" - "Tracker Software Products Ltd." - C:\Windows\system32\pxc40pma.dll

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"@c:\Program Files\Microsoft Security Client\MpAsDesc.dll,-243" (NisSrv) - "Microsoft Corporation" - c:\Program Files\Microsoft Security Client\NisSrv.exe
"ABBYY PDF Transformer 3.0 - Lizenzierungsdienst" (ABBYY.Licensing.PDFTransformer.Classic.3.0) - "ABBYY" - C:\Program Files\ABBYY PDF Transformer 3.0\NetworkLicenseServer.exe
"Adobe Acrobat Update Service" (AdobeARMservice) - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
"Adobe Flash Player Update Service" (AdobeFlashPlayerUpdateSvc) - "Adobe Systems Incorporated" - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
"Akamai NetSession Interface" (Akamai) - "Akamai Technologies, Inc." - c:\program files\common files\akamai\netsession_win_5891ae0.dll
"Avira AntiVir Guard" (AntiVirService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
"Avira AntiVir Planer" (AntiVirSchedulerService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\sched.exe
"BBUpdate" (BBUpdate) - "Microsoft Corporation." - C:\Program Files\Microsoft\BingBar\7.1.391.0\SeaPort.exe
"BingBar Service" (BBSvc) - "Microsoft Corporation." - C:\Program Files\Microsoft\BingBar\7.1.391.0\BBSvc.exe
"Cisco Systems, Inc. VPN Service" (CVPND) - "Cisco Systems, Inc." - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
"EgisTec Data Security Service" (EgisTec Data Security Service) - "Egis Technology Inc. " - C:\Program Files\EgisTec BioExcess\EgisDSService.exe
"EgisTec Service" (EgisTec Service) - "Egis Technology Inc. " - C:\Program Files\EgisTec BioExcess\EgisService.exe
"MBAMScheduler" (MBAMScheduler) - "Malwarebytes Corporation" - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
"MBAMService" (MBAMService) - "Malwarebytes Corporation" - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
"Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
"Microsoft Antimalware Service" (MsMpSvc) - "Microsoft Corporation" - c:\Program Files\Microsoft Security Client\MsMpEng.exe
"nProtect GameGuard Service" (npggsvc) - "INCA Internet Co., Ltd." - C:\Windows\system32\GameMon.des
"NVIDIA Display Driver Service" (nvsvc) - "NVIDIA Corporation" - C:\Windows\system32\nvvsvc.exe
"NVIDIA Stereoscopic 3D Driver Service" (Stereo Service) - "NVIDIA Corporation" - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
"NVIDIA Update Service Daemon" (nvUpdatusService) - "NVIDIA Corporation" - C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
"Steam Client Service" (Steam Client Service) - "Valve Corporation" - C:\Program Files\Common Files\Steam\SteamService.exe
"Windows Live Family Safety Service" (fsssvc) - "Microsoft Corporation" - C:\Program Files\Windows Live\Family Safety\fsssvc.exe
"Windows Live ID Sign-in Assistant" (wlidsvc) - "Microsoft Corp." - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

[Winsock Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )-----
"WindowsLive Local NSP" - "Microsoft Corp." - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL
"WindowsLive NSP" - "Microsoft Corp." - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL

===[ Logfile end ]=========================================[ Logfile end ]===

--- --- ---

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru [/code]

Soll ich die Logfiledatei von GMER im nächsten Post im Anhang hochladen? Die Datei scheint zu groß für das Forum zu sein...

cosinus · 11.10.2012, 15:10

ja dann bitte packen und anhängen

vitus333 · 11.10.2012, 15:17

So,

hier ist das Ding

cosinus · 12.10.2012, 08:36

Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!

vitus333 · 12.10.2012, 10:38

Schon fast am Ende :S? Dafür liegt aber noch einiges im Argen bei meinem PC ;(.
Also Malwarebytes konnte ich nicht mehr öffnen, auch eine neuinstallation/neuer Download des Programms hat nichts gebracht. Immer wieder kam diese Fehlermeldung: Run-time error '419': Permission to use object denied.

Dann hab ich schonmal vorerst einen Scan mit SUPERAntiSpyware durchgeführt. Hier die Logdatei:

Code:

ATTFilter

 SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com

Generated 10/12/2012 at 11:29 AM

Application Version : 5.6.1010

Core Rules Database Version : 9391
Trace Rules Database Version: 7203

Scan type       : Complete Scan
Total Scan Time : 01:08:46

Operating System Information
Windows 7 Home Premium 32-bit, Service Pack 1 (Build 6.01.7601)
UAC On - Limited User

Memory items scanned      : 807
Memory threats detected   : 0
Registry items scanned    : 39527
Registry threats detected : 0
File items scanned        : 36443
File threats detected     : 65

Adware.Tracking Cookie
	C:\Users\*\AppData\Roaming\Microsoft\Windows\Cookies\*@ad.yieldmanager[2].txt [ /ad.yieldmanager ]
	C:\Users\*\AppData\Roaming\Microsoft\Windows\Cookies\*@adx.chip[2].txt [ /adx.chip ]
	C:\Users\*\AppData\Roaming\Microsoft\Windows\Cookies\*@apmebf[1].txt [ /apmebf ]
	C:\Users\*\AppData\Roaming\Microsoft\Windows\Cookies\*@atdmt[1].txt [ /atdmt ]
	C:\Users\*\AppData\Roaming\Microsoft\Windows\Cookies\*@atdmt[3].txt [ /atdmt ]
	C:\Users\*\AppData\Roaming\Microsoft\Windows\Cookies\*@content.yieldmanager[2].txt [ /content.yieldmanager ]
	C:\Users\*\AppData\Roaming\Microsoft\Windows\Cookies\*@content.yieldmanager[3].txt [ /content.yieldmanager ]
	C:\Users\*\AppData\Roaming\Microsoft\Windows\Cookies\*@content.yieldmanager[5].txt [ /content.yieldmanager ]
	C:\Users\*\AppData\Roaming\Microsoft\Windows\Cookies\*@doubleclick[1].txt [ /doubleclick ]
	C:\Users\*\AppData\Roaming\Microsoft\Windows\Cookies\*@doubleclick[2].txt [ /doubleclick ]
	C:\Users\*\AppData\Roaming\Microsoft\Windows\Cookies\*@mediaplex[2].txt [ /mediaplex ]
	C:\Users\*\AppData\Roaming\Microsoft\Windows\Cookies\*@smartadserver[2].txt [ /smartadserver ]
	C:\Users\*\AppData\Roaming\Microsoft\Windows\Cookies\W8WPX606.txt [ /mediaplex.com ]
	C:\Users\*\AppData\Roaming\Microsoft\Windows\Cookies\ZTXIGYED.txt [ /ads.ad4game.com ]
	C:\Users\*\AppData\Roaming\Microsoft\Windows\Cookies\K2KZTQ9U.txt [ /microsoftwllivemkt.112.2o7.net ]
	C:\Users\*\AppData\Roaming\Microsoft\Windows\Cookies\9019O8M1.txt [ /c.atdmt.com ]
	C:\Users\*\AppData\Roaming\Microsoft\Windows\Cookies\RPSLGDBR.txt [ /atdmt.com ]
	C:\Users\*\AppData\Roaming\Microsoft\Windows\Cookies\BTPRBY17.txt [ /zanox.com ]
	C:\Users\*\AppData\Roaming\Microsoft\Windows\Cookies\G3UNFBPN.txt [ /doubleclick.net ]
	C:\Users\*\AppData\Roaming\Microsoft\Windows\Cookies\6LIDKS5R.txt [ /bs.serving-sys.com ]
	C:\Users\*\AppData\Roaming\Microsoft\Windows\Cookies\QTS2SBIM.txt [ /fastclick.net ]
	C:\Users\*\AppData\Roaming\Microsoft\Windows\Cookies\VM82JA3N.txt [ /adx.kat.ph ]
	C:\Users\*\AppData\Roaming\Microsoft\Windows\Cookies\WWS3PE6J.txt [ /apmebf.com ]
	C:\Users\*\AppData\Roaming\Microsoft\Windows\Cookies\Q70BRYV4.txt [ /ad.zanox.com ]
	C:\Users\*\AppData\Roaming\Microsoft\Windows\Cookies\K0MI00GD.txt [ /ad.yieldmanager.com ]
	C:\Users\*\AppData\Roaming\Microsoft\Windows\Cookies\1XT9EG36.txt [ /adfarm1.adition.com ]
	C:\Users\*\AppData\Roaming\Microsoft\Windows\Cookies\DSWOXEL9.txt [ /serving-sys.com ]
	C:\USERS\*\AppData\Roaming\Microsoft\Windows\Cookies\D7CZCXMA.txt [ Cookie:*@clkads.com/adServe/banners ]
	C:\USERS\*\AppData\Roaming\Microsoft\Windows\Cookies\2UZT11YA.txt [ Cookie:*@clkads.com/adServe ]
	C:\USERS\*\AppData\Roaming\Microsoft\Windows\Cookies\Low\*@mediaplex[2].txt [ Cookie:*@mediaplex.com/ ]
	C:\USERS\*\AppData\Roaming\Microsoft\Windows\Cookies\Low\MFHXBFV0.txt [ Cookie:*@tracking.quisma.com/ ]
	C:\USERS\*\AppData\Roaming\Microsoft\Windows\Cookies\Low\2MV0SILX.txt [ Cookie:*@tracking.mlsat02.de/tmobile/ ]
	C:\USERS\*\AppData\Roaming\Microsoft\Windows\Cookies\Low\*@ad1.adfarm1.adition[1].txt [ Cookie:*@ad1.adfarm1.adition.com/ ]
	C:\USERS\*\AppData\Roaming\Microsoft\Windows\Cookies\Low\MQ08DCUL.txt [ Cookie:*@smartadserver.com/ ]
	C:\USERS\*\AppData\Roaming\Microsoft\Windows\Cookies\Low\4DQEK72M.txt [ Cookie:*@atdmt.com/ ]
	C:\USERS\*\AppData\Roaming\Microsoft\Windows\Cookies\Low\*@www.mediabiz[1].txt [ Cookie:*@www.mediabiz.de/ ]
	C:\USERS\*\AppData\Roaming\Microsoft\Windows\Cookies\Low\*@revsci[1].txt [ Cookie:*@revsci.net/ ]
	C:\USERS\*\AppData\Roaming\Microsoft\Windows\Cookies\Low\ZYU1Q79U.txt [ Cookie:*@zanox.com/ ]
	C:\USERS\*\AppData\Roaming\Microsoft\Windows\Cookies\Low\A6L6EI3E.txt [ Cookie:*@doubleclick.net/ ]
	C:\USERS\*\AppData\Roaming\Microsoft\Windows\Cookies\Low\P8U551TI.txt [ Cookie:*@ad4.adfarm1.adition.com/ ]
	C:\USERS\*\AppData\Roaming\Microsoft\Windows\Cookies\Low\T02HI171.txt [ Cookie:*@ad2.adfarm1.adition.com/ ]
	C:\USERS\*\AppData\Roaming\Microsoft\Windows\Cookies\Low\*@fastclick[1].txt [ Cookie:*@fastclick.net/ ]
	C:\USERS\*\AppData\Roaming\Microsoft\Windows\Cookies\Low\*@apmebf[2].txt [ Cookie:*@apmebf.com/ ]
	C:\USERS\*\AppData\Roaming\Microsoft\Windows\Cookies\Low\9VFXD0VV.txt [ Cookie:*@googleads.g.doubleclick.net/ ]
	C:\USERS\*\AppData\Roaming\Microsoft\Windows\Cookies\Low\2UXFEK1P.txt [ Cookie:*@adfarm1.adition.com/ ]
	C:\USERS\*\AppData\Roaming\Microsoft\Windows\Cookies\Low\ZGWGZ1CN.txt [ Cookie:*@serving-sys.com/ ]
	C:\USERS\*\AppData\Roaming\Microsoft\Windows\Cookies\Low\UF1K8L88.txt [ Cookie:*@adtech.de/ ]
	C:\USERS\*\AppData\Roaming\Microsoft\Windows\Cookies\Low\*@content.yieldmanager[1].txt [ Cookie:*@content.yieldmanager.com/ ]
	C:\USERS\*\AppData\Roaming\Microsoft\Windows\Cookies\Low\*@mediabiz[1].txt [ Cookie:*@mediabiz.de/ ]
	C:\USERS\*\Cookies\W8WPX606.txt [ Cookie:*@mediaplex.com/ ]
	C:\USERS\*\Cookies\D7CZCXMA.txt [ Cookie:*@clkads.com/adServe/banners ]
	C:\USERS\*\Cookies\RPSLGDBR.txt [ Cookie:*@atdmt.com/ ]
	C:\USERS\*\Cookies\BTPRBY17.txt [ Cookie:*@zanox.com/ ]
	C:\USERS\*\Cookies\2UZT11YA.txt [ Cookie:*@clkads.com/adServe ]
	C:\USERS\*\Cookies\G3UNFBPN.txt [ Cookie:*@doubleclick.net/ ]
	C:\USERS\*\Cookies\QTS2SBIM.txt [ Cookie:*@fastclick.net/ ]
	C:\USERS\*\Cookies\VM82JA3N.txt [ Cookie:*@adx.kat.ph/ ]
	C:\USERS\*\Cookies\WWS3PE6J.txt [ Cookie:*@apmebf.com/ ]
	C:\USERS\*\Cookies\1XT9EG36.txt [ Cookie:*@adfarm1.adition.com/ ]
	C:\USERS\*\Cookies\DSWOXEL9.txt [ Cookie:*@serving-sys.com/ ]
	eas.apm.emediate.eu [ C:\USERS\*\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\YCFSSCG5 ]
	C:\USERS\*\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\*@ADS.INTERGI[1].TXT [ /ADS.INTERGI ]
	objects.tremormedia.com [ C:\_OTL\MOVEDFILES\10042012_101604\C_WINDOWS\$NTUNINSTALLKB29222$\SYSTEMPROFILE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\258GGNS3 ]

Trojan.Agent/Gen-Multi
	C:\WINDOWS\SYSTEM32\COOLXPLABEL.OCX
	C:\WINDOWS\SYSTEM32\COOLXPCHECK.OCX

cosinus · 12.10.2012, 13:41

Erstell dir bitte mal testweise ein neues Benutzerkonto mit Adminrechten in Windows über die Systemsteuerung. Log dich aus und mit dem neuen Benutzer ein - startet Malwarebytes dort?

vitus333 · 12.10.2012, 14:15

Wie kann ich ein Benutzerkonto erstellen wenn ich keinen Windosordner oder ähnliches öffnen kann? Sorry wenn's ne dämliche Frage ist... aber normalerweise geht das doch über die Systemsteuerung?

cosinus · 12.10.2012, 15:37

Du sollst doch nicht den Windows-Ordner öffnen, sondern die Systemsteuerung oder kommst du da auch nicht rein

vitus333 · 12.10.2012, 18:02

Nee da komm ich auch nicht rein

cosinus · 12.10.2012, 19:20

Und du kannst das ganze auch nicht mehr im abgesicherten Modus machen?

vitus333 · 13.10.2012, 10:46

so hallo cosinus,

ich schreib jetzt von meinem Handy aus, da men Laptop ziemlich im arsch ist. wenn ich versuche das ding zu starten bekomme ich nur einen schwarzen bildschirm. wenn ich das stromkabel rausziehe, dann stürzt er ab und ich bekomme beim neustart den abgesicherten modus vorgeschlagen. jetzt hab ich den abgesicherten modus vor mir, kann aber noch immer nichts von windows öffnen. keine systemsteuerung, keine ordner, kein WMP, auch nicht den ordner zum datenträger. internet hab ich jetzt im abgesicherten modus auch nicht mehr. hast du noch irgendeine Idee?

achja und hast du ne Idee wie ich mal ein paar daten retten könnte? wie gesagt wenn ich ne festplatte anschließen würde, könnte ich deren ordner nicht öffnen. echt grad am verzweifeln...

cosinus · 13.10.2012, 16:35

Zum Thema Datensicherung von infizierten Systemen oder solchen mit defekter Windows-Installation; mach das über ne Live-CD wie Knoppix, Ubuntu (zweiter Link in meiner Signatur) oder über PartedMagic. Grund: Bei einem Live-System sind keine Schädlinge des infizierten Windows-Systems aktiv, damit ist dann auch eine negative Beeinflussung des Backups durch Schädlinge ausgeschlossen.

Du brauchst natürlich auch ein Sicherungsmedium, am besten dürfte eine externe Platte sein. Sofern du nicht allzuviel sichern musst, kann auch ein USB-Stick ausreichen.

Hier eine kurze Anleitung zu PartedMagic, funktioniert prinzipell so aber fast genauso mit allen anderen Live-Systemen auch.

1. Lade Dir das ISO-Image von PartedMagic herunter, müssten ca. 180 MB sein
2. Brenn es per Imagebrennfunktion auf CD, geht zB mit ImgBurn unter Windows
3. Boote von der gebrannten CD, im Bootmenü von Option 1 starten und warten bis der Linux-Desktop oben ist

4. Du müsstest ein Symbol "Mount Devices" finden, das doppelklicken
5. Mounte die Partitionen wo Windows installiert ist, meistens isses /dev/sda1 und natürlich noch etwaige andere Partitionen, wo noch Daten liegen und die gesichert werden müssen - natürlich auch die der externen Platte (du bekommmst nur Lese- und Schreibzugriffe auf die Dateisysteme, wenn diese gemountet sind)
6. Kopiere die Daten der internen Platte auf die externe Platte - kopiere nur persönliche Dateien, Musik, Videos, etc. auf die Backupplatte, KEINE ausführbaren Dateien wie Programme/Spiele/Setups!!
7. Wenn fertig, starte den Rechner neu, schalte die ext. Platte ab und boote von der Windows-DVD zur Neuinstallation (Anleitung beachten)

11.10.2012, 15:10	#34
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	partner37.mydomainadvisor.com ja dann bitte packen und anhängen __________________ Logfiles bitte immer in CODE-Tags posten

12.10.2012, 08:36	#36
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	partner37.mydomainadvisor.com Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs. Denk dran beide Tools zu updaten vor dem Scan!! __________________ --> partner37.mydomainadvisor.com

12.10.2012, 13:41	#38
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	partner37.mydomainadvisor.com Erstell dir bitte mal testweise ein neues Benutzerkonto mit Adminrechten in Windows über die Systemsteuerung. Log dich aus und mit dem neuen Benutzer ein - startet Malwarebytes dort? __________________ Logfiles bitte immer in CODE-Tags posten

12.10.2012, 15:37	#40
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	partner37.mydomainadvisor.com Du sollst doch nicht den Windows-Ordner öffnen, sondern die Systemsteuerung oder kommst du da auch nicht rein __________________ Logfiles bitte immer in CODE-Tags posten

12.10.2012, 19:20	#42
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	partner37.mydomainadvisor.com Und du kannst das ganze auch nicht mehr im abgesicherten Modus machen? __________________ Logfiles bitte immer in CODE-Tags posten

partner37.mydomainadvisor.com

Plagegeister aller Art und deren Bekämpfung: partner37.mydomainadvisor.com