Mein Internet Explorer öffnet sich ständig- suche gut durchführbare Lösung

bser · 04.09.2010, 10:40

Hallo!

Seit kurzem öffnet sich bei mir der Internet Explorer ständig mit Werbeinhalten, obwohl ich Firefox benutze.
Das habe ich gegoogelt und bin auf dieses Forum gestoßen.
Ich bin sogleich den hier beschriebenen Angaben gefolgt, HiJack von ChipOnline runtergeladen und eine Analyse gestartet. Hier das Logfile:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:16:45, on 04.09.2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18943)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Users\BENUTZ~1\AppData\Local\Temp\Vsp.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Windows\Samsung\PanelMgr\SSMMgr.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Windows\ehome\ehmsas.exe
C:\Windows\System32\mobsync.exe
C:\Spiele\GothicG3\gothic3.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Users\Benutzer 1\Downloads\HiJackThis204.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
O4 - HKLM\..\Run: [Skytel] C:\Program Files\Realtek\Audio\HDA\Skytel.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Samsung PanelMgr] C:\Windows\Samsung\PanelMgr\SSMMgr.exe /autorun
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

--
End of file - 5481 bytes

Für eine schnelle, für Laien verständliche Antwort wäre ich sehr dankbar!

Vielen Dank im Voraus,
bser

cosinus · 04.09.2010, 16:19

Hallo und

Eine Bereinigung ist mitunter mit viel Arbeit für Dich verbunden.

Bitte arbeite alle Schritte der Reihe nach ab.
Lies die Anleitungen sorgfältig. Sollte es Probleme geben, bitte stoppen und hier so gut es geht beschreiben.
Nur Scanns durchführen zu denen Du von einem Helfer aufgefordert wirst.
Bitte kein Crossposting ( posten in mehreren Foren).
Installiere oder Deinstalliere während der Bereinigung keine Software ausser Du wurdest dazu aufgefordert.
Lese Dir die Anleitung zuerst vollständig durch. Sollte etwas unklar sein, frage bevor Du beginnst.
Poste die Logfiles direkt in deinen Thread. Nicht anhängen ausser ich fordere Dich dazu auf. Erschwert mir nämlich das auswerten.

Hinweis: Ich kann Dir niemals eine Garantie geben, dass ich auch alles finde. Eine Formatierung ist meist der Schnellere und immer der sicherste Weg.
Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis dir jemand vom Team sagt, dass Du clean bist.

Vista und Win7 User
Alle Tools mit Rechtsklick "als Administrator ausführen" starten.

Bitte routinemäßig einen Vollscan mit Malwarebytes machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Danach OTL:

Systemscan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop

Doppelklick auf die OTL.exe
Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
Unter Extra Registry, wähle bitte Use SafeList
Klicke nun auf Run Scan links oben
Wenn der Scan beendet wurde werden 2 Logfiles erstellt
Poste die Logfiles hier in den Thread.

bser · 05.09.2010, 14:36

Danke für die schnelle Antwort!!!
Hier zunächst die Malware-Analyselogfile:

Malwarebytes' Anti-Malware 1.46
Malwarebytes

Datenbank Version: 4550

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18943

05.09.2010 15:26:53
mbam-log-2010-09-05 (15-26-53).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 131644
Laufzeit: 6 Minute(n), 9 Sekunde(n)

Infizierte Speicherprozesse: 1
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 3
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 10

Infizierte Speicherprozesse:
C:\Users\Benutzer 1\AppData\Local\Temp\Vsp.exe (Trojan.Downloader) -> Unloaded process successfully.

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Handle (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\XBV6RD5SZF (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
C:\Users\Benutzer 1\AppData\Local\Temp\Vsp.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\Benutzer 1\AppData\Local\Temp\Vsf.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\Benutzer 1\AppData\Local\Temp\Vsg.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\Benutzer 1\AppData\Local\Temp\Vsi.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\Benutzer 1\AppData\Local\Temp\Vsj.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\Benutzer 1\AppData\Local\Temp\Vsl.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\Benutzer 1\AppData\Local\Temp\Vsm.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\Benutzer 1\AppData\Local\Temp\Vso.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\Tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\Tasks\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A}.job (Trojan.FakeAlert) -> Quarantined and deleted successfully.

bser · 05.09.2010, 14:47

Nun die OTL-Berichte:OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 05.09.2010 15:40:18 - Run 1
OTL by OldTimer - Version 3.2.11.0     Folder = C:\Users\Benutzer 1\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18943)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 66,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 84,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 445,75 Gb Total Space | 344,11 Gb Free Space | 77,20% Space Free | Partition Type: NTFS
Drive D: | 19,99 Gb Total Space | 9,99 Gb Free Space | 49,97% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: ****
Current User Name: Benutzer 1
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Benutzer 1\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Programme\DivX\DivX Update\DivXUpdate.exe ()
PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Programme\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
PRC - C:\Programme\WinZip\WZQKPICK.EXE (WinZip Computing, S.L.)
PRC - C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH)
PRC - C:\Programme\ASUS\EPU-4 Engine\FourEngine.exe ()
PRC - C:\Programme\Realtek\Audio\HDA\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\Samsung\PanelMgr\SSMMgr.exe ()
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Defender\MSASCui.exe (Microsoft Corporation)
PRC - C:\Programme\Canon\MyPrinter\BJMYPRT.EXE (CANON INC.)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\Benutzer 1\Downloads\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll (Microsoft Corporation)
MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (Stereo Service) -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (NwlnkFwd) -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- C:\Windows\System32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- C:\Windows\System32\DRIVERS\ipinip.sys File not found
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek                                            )
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (AtiPcie) AMD PCI Express (3GIO) -- C:\Windows\system32\DRIVERS\AtiPcie.sys (Advanced Micro Devices Inc.)
DRV - (MegaSR) -- C:\Windows\system32\drivers\megasr.sys (LSI Corporation, Inc.)
DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Corporation)
DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)
DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (ahcix86s) -- C:\Windows\system32\DRIVERS\ahcix86s.sys (AMD Technologies Inc.)
DRV - (AsIO) -- C:\Windows\System32\drivers\AsIO.sys ()
DRV - (netr28u) -- C:\Windows\System32\drivers\netr28u.sys (Ralink Technology Corp.)
DRV - (SSPORT) -- C:\Windows\System32\drivers\SSPORT.SYS (Samsung Electronics)
DRV - (DgiVecp) -- C:\Windows\System32\drivers\DGIVECP.SYS (Samsung Electronics Co., Ltd.)
DRV - (vmm) -- C:\Windows\System32\drivers\VMM.sys (Microsoft Corporation)
DRV - (VPCNetS2) -- C:\Windows\System32\drivers\VMNetSrv.sys (Microsoft Corporation)
DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
DRV - (MTsensor) -- C:\Windows\System32\drivers\ASACPI.sys ()
DRV - (SilverLink) Texas Instruments SilverLink (USB GraphLink) -- C:\Windows\System32\drivers\SilvrLnk.sys (Texas Instruments Incorporated)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = MSN, Messenger und Hotmail sowie Nachrichten, Unterhaltung, Video, Sport, Lifestyle, Finanzen, Auto uvm. bei MSN
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 48 28 92 BB F9 21 CB 01  [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.babylon.com/web/{searchTerms}?babsrc=browsersearch"
FF - prefs.js..browser.search.order.1: "Search the web (Babylon)"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledItems: {F8A55C97-3DB6-4961-A81D-0DE0080E53CB}:0.9.2
FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.7.1
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.1.4
FF - prefs.js..keyword.URL: "hxxp://search.babylon.com/?babsrc=adbartrp&q="
 
FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010.06.03 14:10:07 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.07.25 11:00:18 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.08.21 11:35:08 | 000,000,000 | ---D | M]
 
[2010.05.11 13:48:31 | 000,000,000 | ---D | M] -- C:\Users\Benutzer 1\AppData\Roaming\mozilla\Extensions
[2010.09.04 17:57:39 | 000,000,000 | ---D | M] -- C:\Users\Benutzer 1\AppData\Roaming\mozilla\Firefox\Profiles\5dsia9kb.default\extensions
[2010.07.22 15:01:41 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Benutzer 1\AppData\Roaming\mozilla\Firefox\Profiles\5dsia9kb.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.08.18 21:03:26 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Benutzer 1\AppData\Roaming\mozilla\Firefox\Profiles\5dsia9kb.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010.08.27 16:09:24 | 000,000,000 | ---D | M] (Download Statusbar) -- C:\Users\Benutzer 1\AppData\Roaming\mozilla\Firefox\Profiles\5dsia9kb.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
[2010.05.13 11:06:56 | 000,000,000 | ---D | M] (Download Manager Tweak) -- C:\Users\Benutzer 1\AppData\Roaming\mozilla\Firefox\Profiles\5dsia9kb.default\extensions\{F8A55C97-3DB6-4961-A81D-0DE0080E53CB}
[2010.08.29 16:10:50 | 000,000,000 | ---D | M] -- C:\Users\Benutzer 1\AppData\Roaming\mozilla\Firefox\Profiles\5dsia9kb.default\extensions\vshare@toolbar
[2010.05.17 16:30:11 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions
[2010.05.17 16:30:11 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010.05.17 16:29:55 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll
[2010.04.01 18:54:38 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.09.01 20:10:50 | 000,002,191 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\babylon.xml
[2010.04.01 18:54:38 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.04.01 18:54:38 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.04.01 18:54:38 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.04.01 18:54:38 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [ Malwarebytes Anti-Malware  (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NBKeyScan] C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe (Nero AG)
O4 - HKLM..\Run: [RtHDVCpl] C:\Programme\Realtek\Audio\HDA\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Samsung PanelMgr] C:\Windows\Samsung\PanelMgr\SSMMgr.exe ()
O4 - HKLM..\Run: [Skytel] C:\Programme\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: AllowLegacyWebView = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: AllowUnhashedWebView = 1
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Programme\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 62.53.142.141 193.189.244.205
O18 - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Programme\Common Files\microsoft shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Benutzer 1\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Benutzer 1\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2010.09.05 15:09:36 | 000,000,000 | ---D | C] -- C:\Users\Benutzer 1\AppData\Roaming\Malwarebytes
[2010.09.05 15:09:26 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010.09.05 15:09:24 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010.09.05 15:09:24 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2010.09.05 15:09:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010.09.04 11:16:36 | 000,000,000 | ---D | C] -- C:\HiJack
[2010.09.01 20:10:53 | 000,000,000 | ---D | C] -- C:\Programme\Conduit
[2010.09.01 20:10:50 | 000,000,000 | ---D | C] -- C:\Programme\Babylon
[2010.09.01 19:33:59 | 000,000,000 | ---D | C] -- C:\Programme\WinZip
[2010.09.01 19:03:34 | 000,000,000 | ---D | C] -- C:\Users\Benutzer 1\AppData\Roaming\ScummVM
[2010.09.01 19:03:28 | 000,000,000 | ---D | C] -- C:\Programme\ScummVM
[2010.08.30 21:26:44 | 000,000,000 | ---D | C] -- C:\Users\Benutzer 1\Documents\Nero
[2010.08.30 17:59:09 | 000,098,304 | ---- | C] (Info-ZIP) -- C:\Windows\System32\unzip32.dll
[2010.08.30 17:59:07 | 000,000,000 | ---D | C] -- C:\Programme\flatster
[2010.08.29 15:04:53 | 000,000,000 | ---D | C] -- C:\Users\Benutzer 1\Documents\Aufnahmen
[2010.08.29 15:04:41 | 000,000,000 | ---D | C] -- C:\Users\Benutzer 1\AppData\Roaming\phonostar GmbH
[2010.08.29 15:04:36 | 000,000,000 | ---D | C] -- C:\Programme\phonostar-Player
[2010.08.12 15:09:09 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2010.08.12 15:09:09 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2010.08.12 15:09:09 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2010.08.12 15:09:09 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2010.08.12 15:09:09 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2010.08.12 15:09:09 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2010.08.12 15:09:08 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2010.08.12 15:09:08 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2010.08.12 15:09:08 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2010.08.12 15:09:08 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2010.08.12 15:09:08 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2010.08.12 15:09:08 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2010.08.12 15:09:08 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2010.08.12 15:09:08 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2010.08.12 15:09:08 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2010.08.12 15:09:06 | 000,081,920 | ---- | C] (Radius Inc.) -- C:\Windows\System32\iccvid.dll
[2010.08.12 15:08:58 | 002,037,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2010.08.12 15:08:54 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rtutils.dll
[2010.08.12 15:08:45 | 003,600,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2010.08.12 15:08:44 | 003,548,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
 
========== Files - Modified Within 30 Days ==========
 
[2010.09.05 15:39:25 | 001,835,008 | -HS- | M] () -- C:\Users\Benutzer 1\NTUSER.DAT
[2010.09.05 15:28:02 | 000,054,016 | ---- | M] () -- C:\Windows\System32\drivers\ctnh.sys
[2010.09.05 15:28:02 | 000,001,056 | ---- | M] () -- C:\Windows\System32\wxgp
[2010.09.05 15:09:29 | 000,000,818 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.09.05 14:48:34 | 000,619,880 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2010.09.05 14:48:34 | 000,587,654 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010.09.05 14:48:34 | 000,101,726 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010.09.05 14:48:33 | 001,418,806 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010.09.05 14:48:33 | 000,123,352 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2010.09.05 14:43:40 | 000,053,461 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2010.09.05 14:43:40 | 000,053,461 | ---- | M] () -- C:\ProgramData\nvModes.001
[2010.09.05 14:42:59 | 000,004,112 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010.09.05 14:42:59 | 000,004,112 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010.09.05 14:42:57 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010.09.05 14:42:55 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.09.05 14:42:52 | 3220,295,680 | -HS- | M] () -- C:\hiberfil.sys
[2010.09.05 13:53:13 | 000,524,288 | -HS- | M] () -- C:\Users\Benutzer 1\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2010.09.05 13:53:13 | 000,065,536 | -HS- | M] () -- C:\Users\Benutzer 1\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2010.09.05 13:53:09 | 003,048,180 | -H-- | M] () -- C:\Users\Benutzer 1\AppData\Local\IconCache.db
[2010.09.05 13:49:10 | 000,002,623 | ---- | M] () -- C:\Users\Benutzer 1\Desktop\Microsoft Word.lnk
[2010.09.04 17:48:20 | 000,000,432 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{D749021C-D58D-4B00-B5B7-0EDA8F056F0B}.job
[2010.09.03 16:41:15 | 000,001,399 | ---- | M] () -- C:\Users\Benutzer 1\Desktop\DivX Movies.lnk
[2010.09.02 17:48:34 | 000,001,881 | ---- | M] () -- C:\Users\Benutzer 1\Desktop\Schnelle Systemprüfung.LNK
[2010.09.01 19:34:12 | 000,001,844 | ---- | M] () -- C:\Users\Public\Desktop\WinZip.lnk
[2010.09.01 19:34:12 | 000,001,788 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
[2010.09.01 18:54:15 | 000,004,608 | ---- | M] () -- C:\Users\Benutzer 1\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.08.30 17:59:10 | 000,000,752 | ---- | M] () -- C:\Users\Benutzer 1\Desktop\flatster.lnk
[2010.08.29 15:04:43 | 000,000,797 | ---- | M] () -- C:\Users\Benutzer 1\Desktop\phonostar-Player.lnk
[2010.08.28 09:33:47 | 000,000,917 | ---- | M] () -- C:\Users\Public\Desktop\DivX Plus Player.lnk
[2010.08.26 20:22:05 | 000,053,248 | ---- | M] () -- C:\Users\Benutzer 1\Documents\Dok1.doc
[2010.08.21 11:35:08 | 000,001,887 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010.08.13 15:24:12 | 000,275,760 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
 
========== Files Created - No Company Name ==========
 
[2010.09.05 15:28:02 | 000,054,016 | ---- | C] () -- C:\Windows\System32\drivers\ctnh.sys
[2010.09.05 15:28:02 | 000,001,056 | ---- | C] () -- C:\Windows\System32\wxgp
[2010.09.05 15:09:29 | 000,000,818 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.09.02 17:48:34 | 000,001,881 | ---- | C] () -- C:\Users\Benutzer 1\Desktop\Schnelle Systemprüfung.LNK
[2010.09.01 19:34:12 | 000,001,844 | ---- | C] () -- C:\Users\Public\Desktop\WinZip.lnk
[2010.09.01 19:34:12 | 000,001,788 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
[2010.09.01 18:54:14 | 000,004,608 | ---- | C] () -- C:\Users\Benutzer 1\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.08.30 17:59:10 | 000,000,752 | ---- | C] () -- C:\Users\Benutzer 1\Desktop\flatster.lnk
[2010.08.29 15:04:43 | 000,000,797 | ---- | C] () -- C:\Users\Benutzer 1\Desktop\phonostar-Player.lnk
[2010.08.28 09:33:47 | 000,000,917 | ---- | C] () -- C:\Users\Public\Desktop\DivX Plus Player.lnk
[2010.08.26 20:22:04 | 000,053,248 | ---- | C] () -- C:\Users\Benutzer 1\Documents\Dok1.doc
[2010.07.13 16:25:02 | 000,172,032 | ---- | C] () -- C:\Windows\System32\SecSNMP.dll
[2010.07.13 16:25:02 | 000,022,723 | ---- | C] () -- C:\Windows\System32\cl31cl3.dll
[2010.06.03 14:01:41 | 000,110,080 | ---- | C] () -- C:\Windows\System32\advd.dll
[2010.06.03 14:01:41 | 000,023,040 | ---- | C] () -- C:\Windows\System32\auth.dll
[2010.06.03 14:01:40 | 000,237,568 | ---- | C] () -- C:\Windows\System32\lame_enc.dll
[2010.06.03 12:30:56 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
[2010.05.11 16:00:03 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2010.05.11 12:51:52 | 000,053,461 | ---- | C] () -- C:\ProgramData\nvModes.001
[2010.05.11 12:51:50 | 000,053,461 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2010.05.11 12:05:21 | 000,024,576 | R--- | C] () -- C:\Windows\System32\AsIO.dll
[2010.05.11 12:05:20 | 000,012,400 | R--- | C] () -- C:\Windows\System32\drivers\AsIO.sys
[2010.05.11 12:05:19 | 000,011,832 | ---- | C] () -- C:\Windows\System32\drivers\AsInsHelp64.sys
[2010.05.11 12:05:19 | 000,010,216 | ---- | C] () -- C:\Windows\System32\drivers\AsInsHelp32.sys
[2010.05.11 12:04:37 | 000,073,728 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2010.05.11 12:01:08 | 000,033,455 | ---- | C] () -- C:\Windows\Ascd_log.ini
[2010.05.11 12:00:40 | 000,007,680 | ---- | C] () -- C:\Windows\System32\drivers\ASACPI.sys
[2010.05.11 12:00:31 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2010.05.11 12:00:25 | 000,027,223 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
[2010.05.11 11:54:10 | 000,000,680 | ---- | C] () -- C:\Users\Benutzer 1\AppData\Local\d3d9caps.dat
[2009.04.02 14:30:14 | 000,010,296 | ---- | C] () -- C:\Windows\System32\drivers\ASUSHWIO.SYS
[2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
< End of report >

--- --- ---
DER ZWEITE:OTL Logfile:

Code:

ATTFilter

OTL Extras logfile created on: 05.09.2010 15:40:18 - Run 1
OTL by OldTimer - Version 3.2.11.0     Folder = C:\Users\Benutzer 1\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18943)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 66,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 84,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 445,75 Gb Total Space | 344,11 Gb Free Space | 77,20% Space Free | Partition Type: NTFS
Drive D: | 19,99 Gb Total Space | 9,99 Gb Free Space | 49,97% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name:****
Current User Name: Benutzer 1
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office10\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office10\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{13F0205F-DB69-47DB-B3E7-6A607BC9C466}" = rport=445 | protocol=6 | dir=out | app=system | 
"{1E4BAA13-A678-4749-B431-E823CECE8F6C}" = lport=138 | protocol=17 | dir=in | app=system | 
"{3C24ADF1-12CD-4711-A696-D1B3358CFA07}" = lport=137 | protocol=17 | dir=in | app=system | 
"{431FAE0F-61DA-4976-90FF-37908D0E5770}" = rport=138 | protocol=17 | dir=out | app=system | 
"{5F1E6ECD-33A0-49C0-8ED3-D7E6C76294C2}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{73939232-C1C1-4345-8185-C3C815FBD8B2}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{90646CBC-5E0E-46D9-8B19-BEC4EB38FF3E}" = rport=139 | protocol=6 | dir=out | app=system | 
"{A87F9110-34E7-4C6E-A64D-0CFF6BF46B6C}" = rport=137 | protocol=17 | dir=out | app=system | 
"{D4790B7C-73AD-4970-8AB5-85A1BF4FF1E3}" = lport=445 | protocol=6 | dir=in | app=system | 
"{E2388A47-1F2E-48F1-9EAA-58A0DE90BF29}" = lport=139 | protocol=6 | dir=in | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{13D57A32-B273-4E54-A694-FEA7B01845EF}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{320AC7F3-C4F7-489D-AF0C-783DD047A830}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{824A1350-8E18-4F9D-9D8D-754E082E9620}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{9EE0A20C-B4B0-420C-A029-7CF27397CCAF}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{CAEB1659-D3B3-425B-90E5-0441815CB5E3}" = dir=in | app=c:\program files\finaltorrent\finaltorrent.exe | 
"TCP Query User{083478B0-7241-4B1A-9370-A96400A73907}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"TCP Query User{175B6984-44FB-414E-8C06-69273AACFA72}C:\program files\real\realplayer\realplay.exe" = protocol=6 | dir=in | app=c:\program files\real\realplayer\realplay.exe | 
"TCP Query User{3E10144F-0DEA-4F80-94ED-A31949002C8D}C:\program files\phonostar-player\phonostar.exe" = protocol=6 | dir=in | app=c:\program files\phonostar-player\phonostar.exe | 
"UDP Query User{0B2F552E-0FB4-46BA-9B2F-DEDA87FBCDB6}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"UDP Query User{C1185AF4-10AA-4C46-9AD6-3CB097F7B3F8}C:\program files\phonostar-player\phonostar.exe" = protocol=17 | dir=in | app=c:\program files\phonostar-player\phonostar.exe | 
"UDP Query User{D788A9F5-86BA-473F-8F42-25EB7A1FD4C9}C:\program files\real\realplayer\realplay.exe" = protocol=17 | dir=in | app=c:\program files\real\realplayer\realplay.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0138F525-6C8A-333F-A105-14AE030B9A54}" = Visual C++ 9.0 CRT (x86) WinSXS MSM
"{02B244A2-7F6A-42E8-A36F-8C385D7A1625}" = Gothic III
"{0ADF1B89-17EA-489C-86DF-6E33DA8520A6}_is1" = flatster
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP4500_series" = Canon iP4500 series
"{192A107E-C6B9-41B9-BDBF-38E3AA226054}" = OpenOffice.org 3.2
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{24F999AF-540C-230E-ABD2-AC7BDE01CA8D}" = ATI Catalyst Install Manager
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 20
"{47948554-90C6-4AAC-8CFA-D23CE11C1031}" = Nero 8 Essentials
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8136 8168 8169 Ethernet Driver
"{8A7CAA24-7B23-410B-A7C3-F994B0944160}" = Microsoft Virtual PC 2007
"{8F66047B-1AF3-40D9-80D7-106E2EDC2C2A}" = EPU-4 Engine
"{90280407-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional mit FrontPage
"{90AF0407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office PowerPoint Viewer 2003
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A8B94669-8654-4126-BD28-D0D2412CDED6}" = TI Connect 1.6
"{AC76BA86-7AD7-1031-7B44-A93000000001}" = Adobe Reader 9.3.4 - Deutsch
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240BD}" = WinZip 14.5
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{DEA314C4-0929-4250-BC92-98E4C105F28D}" = NVIDIA PhysX
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F4F4F84E-804F-4E9A-84D7-C34283F0088F}" = RealUpgrade 1.0
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Canon iP4500 series Benutzerregistrierung" = Canon iP4500 series Benutzerregistrierung
"CanonMyPrinter" = Canon My Printer
"CanonSolutionMenu" = Canon Utilities Solution Menu
"Catan - Staedte und Ritter" = Catan - Städte und Ritter
"DB Screensaver 02" = DB Screensaver 02
"Die Gilde Gold-Edition" = Die Gilde Gold-Edition
"DivX Setup.divx.com" = DivX-Setup
"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
"FinalTorrent_is1" = FinalTorrent 2010
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MediaNavigation.CDLabelPrint" = CD-LabelPrint
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6.8)" = Mozilla Firefox (3.6.8)
"Notepad++" = Notepad++
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"phonostar3RadioPlayer_is1" = phonostar-Player Version 3.01.8
"RealPlayer 12.0" = RealPlayer
"S2TNG" = Die Siedler II - Die nächste Generation
"S3" = Die Siedler III Gold Edition
"Samsung CLP-310 Series" = Samsung CLP-310 Series
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 05.09.2010 07:13:11 | Computer Name =****| Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 05.09.2010 07:14:13 | Computer Name =****| Source = WinMgmt | ID = 10
Description = 
 
Error - 05.09.2010 07:42:30 | Computer Name =****| Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 05.09.2010 07:42:33 | Computer Name =****| Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 05.09.2010 07:42:33 | Computer Name =****| Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 05.09.2010 07:43:36 | Computer Name =****| Source = WinMgmt | ID = 10
Description = 
 
Error - 05.09.2010 08:43:18 | Computer Name =****| Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 05.09.2010 08:43:18 | Computer Name =****| Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 05.09.2010 08:43:36 | Computer Name =****| Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 05.09.2010 08:44:20 | Computer Name =****| Source = WinMgmt | ID = 10
Description = 
 
[ System Events ]
Error - 20.06.2010 12:28:05 | Computer Name =****| Source = Microsoft-Windows-Kernel-General | ID = 5
Description = 
 
Error - 21.06.2010 05:42:51 | Computer Name =****| Source = Dhcp | ID = 1001
Description = Diesem Computer konnte keine Netzwerkadresse durch den DHCP-Server
 für die Netzwerkkarte mit der Netzwerkadresse E0CB4E570020 zugeteilt werden. Der
 folgende Fehler ist aufgetreten:   %%1223. Es wird weiterhin im Hintergrund versucht,
 eine Adresse vom Netzwerkadressserver (DHCP) zugeteilt zu bekommen.
 
Error - 11.07.2010 13:55:58 | Computer Name =| Source = DCOM | ID = 10005
Description = 
 
Error - 11.07.2010 13:55:58 | Computer Name =| Source = Service Control Manager | ID = 7009
Description = 
 
Error - 11.07.2010 13:55:58 | Computer Name =| Source = Service Control Manager | ID = 7000
Description = 
 
Error - 12.07.2010 15:44:10 | Computer Name =| Source = Print | ID = 6161
Description = Das Dokument spielplan_bl.pdf im Besitz von Benutzer 1 konnte nicht
 auf dem Drucker Canon iP4500 series gedruckt werden. Versuchen Sie erneut, das 
Dokument zu drucken, oder starten Sie den Druckspooler erneut.   Datentyp: NT EMF 
1.008. Größe der Spooldatei in Bytes: 269569564. Anzahl der gedruckten Bytes: 20595692.
 Gesamtanzahl der Seiten des Dokuments: 13. Anzahl der gedruckten Seiten: 0. Clientcomputer:
 \\. Vom Druckprozessor zurückgegebener Win32-Fehlercode: 1. Unzulässige
 Funktion.  
 
Error - 12.07.2010 15:44:40 | Computer Name =| Source = Print | ID = 6161
Description = Das Dokument spielplan_bl.pdf im Besitz von Benutzer 1 konnte nicht
 auf dem Drucker Canon iP4500 series gedruckt werden. Versuchen Sie erneut, das 
Dokument zu drucken, oder starten Sie den Druckspooler erneut.   Datentyp: NT EMF 
1.008. Größe der Spooldatei in Bytes: 105491984. Anzahl der gedruckten Bytes: 20595692.
 Gesamtanzahl der Seiten des Dokuments: 6. Anzahl der gedruckten Seiten: 0. Clientcomputer:
 \\. Vom Druckprozessor zurückgegebener Win32-Fehlercode: 1. Unzulässige
 Funktion.  
 
Error - 12.07.2010 15:46:54 | Computer Name =| Source = Print | ID = 6161
Description = Das Dokument spielplan_bl.pdf im Besitz von Benutzer 1 konnte nicht
 auf dem Drucker Canon iP4500 series gedruckt werden. Versuchen Sie erneut, das 
Dokument zu drucken, oder starten Sie den Druckspooler erneut.   Datentyp: NT EMF 
1.008. Größe der Spooldatei in Bytes: 269995184. Anzahl der gedruckten Bytes: 20595692.
 Gesamtanzahl der Seiten des Dokuments: 13. Anzahl der gedruckten Seiten: 0. Clientcomputer:
 \\. Vom Druckprozessor zurückgegebener Win32-Fehlercode: 1. Unzulässige
 Funktion.  
 
Error - 13.07.2010 11:12:17 | Computer Name =| Source = Service Control Manager | ID = 7016
Description = 
 
Error - 26.07.2010 09:08:18 | Computer Name =****| Source = Dhcp | ID = 1002
Description = Die IP-Adresslease 192.168.1.33 für die Netzwerkkarte mit der Netzwerkadresse
 E0CB4E570020 wurde durch den DHCP-Server 192.168.1.1 abgelehnt (der DHCP-Server
 hat eine DHCPNACK-Meldung gesendet).
 
 
< End of report >

--- --- ---
Viele Grüße,
bser

cosinus · 05.09.2010, 16:15

Zitat:

Art des Suchlaufs: Quick-Scan

Du solltest einen Vollscan machen...

bser · 05.09.2010, 17:19

Entschuldigung...
Ich habe in die verlinkten Anweisungen geschaut...
Hier nun die neue, vollständige Analyselogfile:

Malwarebytes' Anti-Malware 1.46
Malwarebytes

Datenbank Version: 4550

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18943

05.09.2010 18:15:43
mbam-log-2010-09-05 (18-15-43).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 234213
Laufzeit: 46 Minute(n), 14 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)

Viele Grüße,
bser

cosinus · 05.09.2010, 17:47

Beende alle Programme, starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:

ATTFilter

:OTL
[2010.09.05 15:28:02 | 000,054,016 | ---- | M] () -- C:\Windows\System32\drivers\ctnh.sys
[2010.09.05 15:28:02 | 000,001,056 | ---- | M] () -- C:\Windows\System32\wxgp
:Commands
[purity]
[resethosts]
[emptytemp]

Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

bser · 05.09.2010, 19:37

Hab´ich gemacht.

All processes killed
========== OTL ==========
File C:\Windows\System32\drivers\ctnh.sys not found.
File C:\Windows\System32\wxgp not found.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Benutzer 1
->Temp folder emptied: 212650446 bytes
->Temporary Internet Files folder emptied: 92794073 bytes
->Java cache emptied: 8081 bytes
->FireFox cache emptied: 88661016 bytes
->Flash cache emptied: 21861 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 11750910 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 387,00 mb

OTL by OldTimer - Version 3.2.11.0 log created on 09052010_203021

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

DER INTERNET EXPLORER ÖFFNET SICH NUN NICHT MEHR!!!!!

Vielen, vielen Dank für die Hilfe,
einen schönen Restsonntag,
bser

cosinus · 05.09.2010, 19:51

Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix

Lade dir ComboFix hier herunter auf deinen Desktop. Benenne es beim Runterladen um in cofi.exe.

Dann folgende Anleitung durchlesen und abarbeiten -> CCleaner Systembereinigung

Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.

Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.

Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.

Wichtiger Hinweis:

Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

bser · 06.09.2010, 16:21

OK.
Hier das Combofix-Logfile:

Combofix Logfile:

Code:

ATTFilter

ComboFix 10-09-04.06 - Benutzer 1 06.09.2010  17:04:40.1.4 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.49.1031.18.3070.2154 [GMT 2:00]
ausgeführt von:: c:\users\Benutzer 1\Downloads\cofi.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

(((((((((((((((((((((((   Dateien erstellt von 2010-08-06 bis 2010-09-06  ))))))))))))))))))))))))))))))
.

2010-09-06 15:10 . 2010-09-06 15:10	--------	d-----w-	c:\users\Default\AppData\Local\temp
2010-09-06 14:50 . 2010-09-06 14:50	--------	d-----w-	c:\program files\CCleaner
2010-09-05 18:30 . 2010-09-05 18:30	--------	d-----w-	C:\_OTL
2010-09-05 13:09 . 2010-09-05 13:09	--------	d-----w-	c:\users\Benutzer 1\AppData\Roaming\Malwarebytes
2010-09-05 13:09 . 2010-04-29 10:19	38224	----a-w-	c:\windows\system32\drivers\mbamswissarmy.sys
2010-09-05 13:09 . 2010-09-05 13:09	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2010-09-05 13:09 . 2010-09-05 13:09	--------	d-----w-	c:\programdata\Malwarebytes
2010-09-05 13:09 . 2010-04-29 10:19	20952	----a-w-	c:\windows\system32\drivers\mbam.sys
2010-09-04 09:16 . 2010-09-04 09:16	--------	d-----w-	C:\HiJack
2010-09-03 14:41 . 2010-09-03 14:41	56765	----a-w-	c:\programdata\DivX\DivXPlusShortcuts\Uninstaller.exe
2010-09-03 14:41 . 2010-09-03 14:41	53600	----a-w-	c:\programdata\DivX\Update\Uninstaller.exe
2010-09-01 18:10 . 2010-09-01 18:10	--------	d-----w-	c:\program files\Conduit
2010-09-01 18:10 . 2010-09-01 18:10	--------	d-----w-	c:\program files\Babylon
2010-09-01 17:03 . 2010-09-01 17:03	--------	d-----w-	c:\users\Benutzer 1\AppData\Roaming\ScummVM
2010-09-01 17:03 . 2010-09-01 17:52	--------	d-----w-	c:\program files\ScummVM
2010-08-30 15:59 . 2002-02-18 01:58	98304	----a-w-	c:\windows\system32\unzip32.dll
2010-08-30 15:59 . 2010-08-30 16:09	--------	d-----w-	c:\program files\flatster
2010-08-29 13:06 . 2010-08-29 13:06	495104	----a-w-	c:\users\Benutzer 1\AppData\Roaming\phonostar GmbH\phonostar-Player\lame_enc.dll
2010-08-29 13:04 . 2010-08-23 14:55	1314304	----a-w-	c:\users\Benutzer 1\AppData\Roaming\phonostar GmbH\phonostar-Player\skins\phonostarSkin.dll
2010-08-29 13:04 . 2010-08-29 13:04	--------	d-----w-	c:\users\Benutzer 1\AppData\Roaming\phonostar GmbH
2010-08-29 13:04 . 2010-08-29 13:04	--------	d-----w-	c:\program files\phonostar-Player
2010-08-28 07:35 . 2010-09-03 14:35	185640	----a-w-	c:\programdata\DivX\Setup\finishPlugin.dll
2010-08-28 07:35 . 2010-08-28 07:35	56997	----a-w-	c:\programdata\DivX\WebPlayer\Uninstaller.exe
2010-08-28 07:33 . 2010-08-28 07:33	57691	----a-w-	c:\programdata\DivX\Player\Uninstaller.exe
2010-08-28 07:29 . 2010-08-28 07:29	54153	----a-w-	c:\programdata\DivX\DFXPlugin\Uninstaller.exe
2010-08-28 07:21 . 2010-09-03 14:35	144696	----a-w-	c:\programdata\DivX\RunAsUser\RUNASUSERPROCESS.exe
2010-08-12 13:08 . 2010-06-21 13:37	2037760	----a-w-	c:\windows\system32\win32k.sys
2010-08-12 13:08 . 2010-06-18 17:31	36864	----a-w-	c:\windows\system32\rtutils.dll
2010-08-12 13:08 . 2010-06-08 17:35	3600768	----a-w-	c:\windows\system32\ntkrnlpa.exe
2010-08-12 13:08 . 2010-06-08 17:35	3548040	----a-w-	c:\windows\system32\ntoskrnl.exe
2010-08-12 13:08 . 2010-06-11 16:15	1248768	----a-w-	c:\windows\system32\msxml3.dll
2010-08-12 13:08 . 2010-06-18 15:04	302080	----a-w-	c:\windows\system32\drivers\srv.sys
2010-08-12 13:08 . 2010-06-18 15:04	144896	----a-w-	c:\windows\system32\drivers\srv2.sys
2010-08-12 13:08 . 2010-06-16 16:04	905088	----a-w-	c:\windows\system32\drivers\tcpip.sys

.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-06 14:33 . 2008-01-21 07:15	619880	----a-w-	c:\windows\system32\perfh007.dat
2010-09-06 14:33 . 2008-01-21 07:15	123352	----a-w-	c:\windows\system32\perfc007.dat
2010-09-06 14:31 . 2010-05-11 10:51	53461	----a-w-	c:\programdata\nvModes.dat
2010-09-06 14:27 . 2010-05-11 10:50	--------	d-----w-	c:\programdata\NVIDIA
2010-09-03 14:45 . 2010-05-29 19:37	57344	----a-w-	c:\programdata\DivX\RunAsUser\RUNASUSERPROCESS.dll
2010-09-03 14:41 . 2010-05-29 19:34	--------	d-----w-	c:\programdata\DivX
2010-09-03 14:41 . 2010-05-29 19:34	--------	d-----w-	c:\program files\DivX
2010-09-03 14:35 . 2010-05-29 19:36	1062184	----a-w-	c:\programdata\DivX\Setup\Resource.dll
2010-09-03 14:35 . 2010-05-29 19:36	850200	----a-w-	c:\programdata\DivX\Setup\DivXSetup.exe
2010-09-01 17:37 . 2010-05-13 19:35	--------	d-----w-	c:\programdata\WinZip
2010-09-01 16:35 . 2010-05-11 10:03	--------	d--h--w-	c:\program files\InstallShield Installation Information
2010-08-04 16:29 . 2010-08-04 16:28	--------	d-----w-	c:\users\Benutzer 1\AppData\Roaming\FinalTorrent
2010-08-04 16:28 . 2010-08-04 16:28	--------	d-----w-	c:\program files\FinalTorrent
2010-08-04 16:28 . 2010-08-04 16:28	--------	d-----w-	c:\program files\Free Offers from Freeze.com
2010-07-13 16:18 . 2010-07-13 16:18	--------	d-----w-	c:\programdata\FileCure
2010-07-13 14:24 . 2010-07-13 14:24	--------	d-----w-	c:\program files\Samsung
2010-06-26 06:05 . 2010-08-12 13:09	916480	----a-w-	c:\windows\system32\wininet.dll
2010-06-26 06:02 . 2010-08-12 13:09	71680	----a-w-	c:\windows\system32\iesetup.dll
2010-06-26 06:02 . 2010-08-12 13:09	109056	----a-w-	c:\windows\system32\iesysprep.dll
2010-06-26 04:25 . 2010-08-12 13:09	133632	----a-w-	c:\windows\system32\ieUnatt.exe
2010-06-21 09:43 . 2010-06-21 09:43	165232	---ha-w-	c:\users\Benutzer 1\AppData\Roaming\Microsoft\Virtual PC\VPCKeyboard.dll
2010-06-17 10:57 . 2010-05-13 09:40	1	----a-w-	c:\users\Benutzer 1\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-06-17 04:48 . 2010-06-17 04:48	1079048	----a-w-	c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2010-06-11 16:16 . 2010-08-12 13:09	274944	----a-w-	c:\windows\system32\schannel.dll
.

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-05-22 7514656]
"Skytel"="c:\program files\Realtek\Audio\HDA\Skytel.exe" [2009-05-22 1833504]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2007-05-15 644696]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2007-04-04 1603152]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-03-02 282792]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-02-18 2221352]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-06-03 202256]
"Samsung PanelMgr"="c:\windows\Samsung\PanelMgr\SSMMgr.exe" [2008-05-07 524288]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-09-01 1164584]
" Malwarebytes Anti-Malware  (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-04-29 1090952]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2010-4-5 494920]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):03,65,5d,eb,15,f1,ca,01

S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2010-02-24 135336]
S2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys [2007-08-13 5120]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-04-03 240232]
S3 netr28u;RT2870 USB Wireless LAN Card Driver for Vista;c:\windows\system32\DRIVERS\netr28u.sys [2007-11-21 569344]

.
Inhalt des "geplante Tasks" Ordners

2010-09-05 c:\windows\Tasks\User_Feed_Synchronization-{D749021C-D58D-4B00-B5B7-0EDA8F056F0B}.job
- c:\windows\system32\msfeedssync.exe [2010-08-12 04:24]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = about:blank
IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Benutzer 1\AppData\Roaming\Mozilla\Firefox\Profiles\5dsia9kb.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.babylon.com/web/{searchTerms}?babsrc=browsersearch
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/
FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?babsrc=adbartrp&q=
FF - component: c:\programdata\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\components\nprpffbrowserrecordext.dll
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: c:\programdata\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX Richtlinien ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true); 
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); 
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2010-09-06 17:10
Windows 6.0.6002 Service Pack 2 NTFS

Scanne versteckte Prozesse... 

Scanne versteckte Autostarteinträge... 

Scanne versteckte Dateien... 

Scan erfolgreich abgeschlossen
versteckte Dateien: 0

**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------

[HKEY_USERS\S-1-5-21-527295299-2464647939-1149928656-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
"??"=hex:de,02,9c,19,77,45,cc,e9,a7,30,03,23,75,b1,f5,28,b0,c7,73,1b,8b,bc,4b,
   3c,4c,8b,26,1c,b0,a4,f2,24,ab,00,33,23,dc,d3,9a,5d,09,3c,2e,6b,db,3e,ef,a2,\
"??"=hex:92,c9,a5,fb,e7,4e,c5,c6,42,41,1b,79,4e,f4,c0,98
.
Zeit der Fertigstellung: 2010-09-06  17:12:58
ComboFix-quarantined-files.txt  2010-09-06 15:12

Vor Suchlauf: 10 Verzeichnis(se), 369.602.215.936 Bytes frei
Nach Suchlauf: 13 Verzeichnis(se), 369.593.032.704 Bytes frei

- - End Of File - - 1623E23A7DC10C8B16ACEE6E2BB0D51B

--- --- ---

Viele Grüße,
bser

cosinus · 06.09.2010, 17:50

Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus

Anschließend den bootkit_remover herunterladen. Entpacke das Tool in einen eigenen Ordner auf dem Desktop und führe in diesem Ordner die Datei remove.exe aus.

Wenn Du Windows Vista oder Windows 7 verwendest, musst Du die remover.exe über ein Rechtsklick => als Administrator ausführen

Ein schwarzes Fenster wird sich öffnen und automatisch nach bösartigen Veränderungen im MBR suchen.
Poste dann bitte, ob es Veränderungen gibt und wenn ja in welchem device. Am besten alles posten was die remover.exe ausgibt.

bser · 08.09.2010, 19:37

Hallo!

Ich hatte in den letzten Tagen keine Zeit.
Bin nun wieder voll dabei...

GMER hat ständig zum Absturz des PCs geführt.

Hier nun das OSAM-Logfile:

Report of OSAM: Autorun Manager v5.0.11926.0
Online Solutions. Complex Protection for Information Systems
Saved at 20:03:24 on 08.09.2010
OS: Windows Vista Home Premium Edition Service Pack 2 (Build 6002), 32-bit
Default Browser: Mozilla Corporation Firefox 3.6.8

Scanner Settings
Rootkits detection (hidden registry)
Rootkits detection (hidden files)
Retrieve files information
Check Microsoft signatures

Filters
Trusted entries
Empty entries
Hidden registry entries (rootkit activity)
Exclusively opened files
Not found files
Files without detailed information
Existing files
Non-startable services
Non-startable drivers
Active entries
Disabled entries

Risk Name Publisher Full Path Status
Control Panel Objects
%SystemRoot%\system32
|| "DivXControlPanelApplet.cpl" "DivX, Inc." C:\Windows\system32\DivXControlPanelApplet.cpl File exists
|||||| "TIControlPanel.cpl" "Texas Instruments Incorporated" C:\Windows\system32\TIControlPanel.cpl File exists
HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls
|||||| "Nero BurnRights" "Nero AG" C:\Program Files\Nero\Nero8\Nero Toolkit\NeroBurnRights.cpl File exists
Drivers
HKLM\SYSTEM\CurrentControlSet\Services
|||||| "AsIO" (AsIO) C:\Windows\System32\drivers\AsIO.sys File found, but it contains no detailed information
|||||| "avgntflt" (avgntflt) "Avira GmbH" C:\Windows\System32\DRIVERS\avgntflt.sys File exists
|||||| "avipbb" (avipbb) "Avira GmbH" C:\Windows\System32\DRIVERS\avipbb.sys File exists
"catchme" (catchme) C:\Users\BENUTZ~1\AppData\Local\Temp\catchme.sys File not found
|||||| "DgiVecp" (DgiVecp) "Samsung Electronics Co., Ltd." C:\Windows\system32\Drivers\DgiVecp.sys File exists
"IP in IP Tunnel Driver" (IpInIp) C:\Windows\System32\DRIVERS\ipinip.sys File not found
"IPX Traffic Filter Driver" (NwlnkFlt) C:\Windows\System32\DRIVERS\nwlnkflt.sys File not found
"IPX Traffic Forwarder Driver" (NwlnkFwd) C:\Windows\System32\DRIVERS\nwlnkfwd.sys File not found
|||||| "ssmdrv" (ssmdrv) "Avira GmbH" C:\Windows\System32\DRIVERS\ssmdrv.sys File exists
|||||| "SSPORT" (SSPORT) "Samsung Electronics" C:\Windows\system32\Drivers\SSPORT.sys File exists
|||||| "Virtual Machine Monitor" (vmm) "Microsoft Corporation" C:\Windows\system32\Drivers\vmm.sys File exists
Explorer
HKLM\Software\Classes\Folder\shellex\ColumnHandlers
|||||| {7D4D6379-F301-4311-BEBA-E26EB0561882} "NeroDigitalColumnHandler Class" "Nero AG" C:\Program Files\Common Files\Nero\Lib\NeroDigitalExt.dll File exists
|||||| {F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" "Adobe Systems, Inc." C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll File exists
|||||| {C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll File exists
HKLM\Software\Classes\Protocols\Handler
|||||| {3D9F03FA-7A94-11D3-BE81-0050048385D1} "Data Page Pluggable Protocol mso-offdap Handler" "Microsoft Corporation" C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL File exists
|||||| {CD00020A-8B95-11D1-82DB-00C04FB1625D} "Microsoft PKM KnowledgePluggable Class" "Microsoft Corporation" C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL File exists
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks
{AEB6717E-7E19-11d0-97EE-00C04FD91972} "{AEB6717E-7E19-11d0-97EE-00C04FD91972}" File not found | COM-object registry key not found
HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
{911051fa-c21c-4246-b470-070cd8df6dc4} ".cab or .zip files" File not found | COM-object registry key not found
{1b24a030-9b20-49bc-97ac-1be4426f9e59} "ActiveDirectory Folder" File not found | COM-object registry key not found
{34449847-FD14-4fc8-A75A-7432F5181EFB} "ActiveDirectory Folder" File not found | COM-object registry key not found
{0F8604A5-4ECE-4DE1-BA7D-CF10F8AA4F48} "Contacts folder" File not found | COM-object registry key not found
|||||| {A70C977A-BF00-412C-90B7-034C51DA2439} "DesktopContext Class" "NVIDIA Corporation" C:\Windows\system32\nvcpl.dll File exists
{2C2577C2-63A7-40e3-9B7F-586602617ECB} "Explorer Query Band" File not found | COM-object registry key not found
|||||| {3FCEF010-09A4-11D4-8D3B-D12F9D3D8B02} "FileTimeShlExt Class" "Texas Instruments Incorporated" C:\PROGRA~1\COMMON~1\TISHAR~1\TICONN~1\TIShlExt.dll File exists
{FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} "IE User Assist" File not found | COM-object registry key not found
{00020d75-0000-0000-c000-000000000046} "lnkfile" File not found | COM-object registry key not found
|||||| {42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" "Microsoft Corporation" C:\Program Files\Microsoft Office\Office10\msohev.dll File exists
|||||| {97F68CE3-7146-45FF-BE24-D9A7DD7CB8A2} "NeroCoverEdLiveIcons Class" "Nero AG" C:\Program Files\Nero\Nero8\Nero CoverDesigner\CoverEdExtension.dll File exists
|||||| {B327765E-D724-4347-8B16-78AE18552FC3} "NeroDigitalIconHandler Class" "Nero AG" C:\Program Files\Common Files\Nero\Lib\NeroDigitalExt.dll File exists
|||||| {7F1CF152-04F8-453A-B34C-E609530A9DC8} "NeroDigitalPropSheetHandler Class" "Nero AG" C:\Program Files\Common Files\Nero\Lib\NeroDigitalExt.dll File exists
|||||| {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} "NVIDIA CPL Context Menu Extension" "NVIDIA Corporation" C:\Windows\system32\nvshext.dll File exists
|||||| {FFB699E0-306A-11d3-8BD1-00104B6F7516} "NVIDIA CPL Extension" "NVIDIA Corporation" C:\Windows\system32\nvcpl.dll File exists
|||||| {C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "OpenOffice.org Column Handler" C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll File exists
|||||| {087B3AE3-E237-4467-B8DB-5A38AB959AC9} "OpenOffice.org Infotip Handler" C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll File exists
|||||| {63542C48-9552-494A-84F7-73AA6A7C99C1} "OpenOffice.org Property Sheet Handler" C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll File exists
|||||| {3B092F0C-7696-40E3-A80F-68D74DA84210} "OpenOffice.org Thumbnail Viewer" C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll File exists
|||||| {F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} "RealOne Player Context Menu Class" "RealNetworks, Inc." C:\Program Files\Real\RealPlayer\rpshell.dll File exists
{C8494E42-ACDD-4739-B0FB-217361E4894F} "Sam Account Folder" File not found | COM-object registry key not found
{E29F9716-5C08-4FCD-955A-119FDB5A522D} "Sam Account Folder" File not found | COM-object registry key not found
|||||| {45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" "Avira GmbH" C:\Program Files\Avira\AntiVir Desktop\shlext.dll File exists
|||||| {8932AEFE-9DB6-4f43-AFB2-5682F55E773A} "VPCHostCopyHook" "Microsoft Corporation" C:\Program Files\Microsoft Virtual PC\VPCShExH.DLL File exists
|||||| {BDEADF00-C265-11D0-BCED-00A0C90AB50F} "Webordner" "Microsoft Corporation" C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL File exists
{da67b8ad-e81b-4c70-9b91b417b5e33527} "Windows Search Shell Service" File not found | COM-object registry key not found
|||||| {E0D79304-84BE-11CE-9641-444553540000} "WinZip" "WinZip Computing, S.L." C:\Program Files\WinZip\wzshlstb.dll File exists
|||||| {E0D79305-84BE-11CE-9641-444553540000} "WinZip" "WinZip Computing, S.L." C:\Program Files\WinZip\wzshlstb.dll File exists
|||||| {E0D79306-84BE-11CE-9641-444553540000} "WinZip" "WinZip Computing, S.L." C:\Program Files\WinZip\wzshlstb.dll File exists
|||||| {E0D79307-84BE-11CE-9641-444553540000} "WinZip" "WinZip Computing, S.L." C:\Program Files\WinZip\wzshlstb.dll File exists
Internet Explorer
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser
ITBar7Height "ITBar7Height" File not found | COM-object registry key not found
"ITBar7Layout" File not found | COM-object registry key not found
HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units
|||| {8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_20"
hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab "Sun Microsystems, Inc." C:\Program Files\Java\jre6\bin\jp2iexp.dll File exists
|||| {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} "Java Plug-in 1.6.0_20"
hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab "Sun Microsystems, Inc." C:\Program Files\Java\jre6\bin\jp2iexp.dll File exists
|||| {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_20"
hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab "Sun Microsystems, Inc." C:\Program Files\Java\jre6\bin\npjpi160_20.dll File exists
|||||| {D27CDB6E-AE6D-11CF-96B8-444553540000} "Shockwave Flash Object"
hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab "Adobe Systems, Inc." C:\Windows\system32\Macromed\Flash\Flash10e.ocx File exists
{E2883E8F-472F-4FB0-9522-AC9BF37916A7} "{E2883E8F-472F-4FB0-9522-AC9BF37916A7}"
hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab File not found | COM-object registry key not found
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects
|||||| {18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" "Adobe Systems Incorporated" C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll File exists
|||| {DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" "Sun Microsystems, Inc." C:\Program Files\Java\jre6\bin\jp2ssv.dll File exists
|||| {3049C3E9-B461-4BC5-8870-4C09146192CA} "RealPlayer Download and Record Plugin for Internet Explorer" "RealPlayer" C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll File exists
Logon
%APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup
|||||| "desktop.ini" C:\Users\Benutzer 1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini File exists
%AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup
|||||| "desktop.ini" C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini File exists
|||| "Microsoft Office.lnk" "Microsoft Corporation" C:\Program Files\Microsoft Office\Office10\OSA.EXE Shortcut exists | File exists
|||| "WinZip Quick Pick.lnk" "WinZip Computing, S.L." C:\Program Files\WinZip\WZQKPICK.EXE Shortcut exists | File exists
HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd
"StartupPrograms" rdpclip File not found
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
|||| "Adobe ARM" "Adobe Systems Incorporated" "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" File exists
|||| "Adobe Reader Speed Launcher" "Adobe Systems Incorporated" "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" File exists
|||||| "avgnt" "Avira GmbH" "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min File exists
|||| "CanonMyPrinter" "CANON INC." C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon File exists
|||| "CanonSolutionMenu" "CANON INC." C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon File exists
|||||| " Malwarebytes Anti-Malware (reboot)" "Malwarebytes Corporation" "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript File exists
|||| "NBKeyScan" "Nero AG" "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" File exists
|||| "Samsung PanelMgr" C:\Windows\Samsung\PanelMgr\SSMMgr.exe /autorun File exists
|||| "SunJavaUpdateSched" "Sun Microsystems, Inc." "C:\Program Files\Common Files\Java\Java Update\jusched.exe" File exists
|||| "TkBellExe" "RealNetworks, Inc." "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot File exists
Services
HKLM\SYSTEM\CurrentControlSet\Services
|||||| "Avira AntiVir Guard" (AntiVirService) "Avira GmbH" C:\Program Files\Avira\AntiVir Desktop\avguard.exe File exists
|||||| "Avira AntiVir Planer" (AntiVirSchedulerService) "Avira GmbH" C:\Program Files\Avira\AntiVir Desktop\sched.exe File exists
|||||| "Nero BackItUp Scheduler 3" (Nero BackItUp Scheduler 3) "Nero AG" C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe File exists
|||||| "NMIndexingService" (NMIndexingService) "Nero AG" C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe File exists
|||||| "NVIDIA Display Driver Service" (nvsvc) "NVIDIA Corporation" C:\Windows\system32\nvvsvc.exe File exists
|||||| "NVIDIA Stereoscopic 3D Driver Service" (Stereo Service) "NVIDIA Corporation" C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe File exists
|||||| "PLFlash DeviceIoControl Service" (PLFlash DeviceIoControl Service) "Prolific Technology Inc." C:\Windows\system32\IoctlSvc.exe File exists
Winlogon
HKCU\Control Panel\Desktop
"SCRNSAVE.EXE" "ScreenTime Media" C:\Windows\system32\DBSCRE~1.SCR File exists

If You have questions or want to get some help, You can visit Online Solutions :: Index

Bootkit_remover hat nicht funktioniert, sondern stattdessen
Folgendes gemeldet:

ERROR: Can't open volume device \\.\C:

Viele Grüße,
bser

cosinus · 08.09.2010, 20:14

Du musst unter Windows Vista und 7 solche Tools immer per Rechtsklicl als Admin ausführen!!!

Downloade Dir bitte MBRCheck
(by a_d_13) und speichere die Datei auf dem Desktop.

Doppelklick auf die MBRCheck.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Das Tool braucht nur eine Sekunde.
Danach solltest du eine MBRCheck_<Datum>_<Uhrzeit>.txt auf dem Desktop finden.

Poste mir bitte den Inhalt des .txt Dokumentes

bser · 08.09.2010, 22:34

Ich war bei all den vorhergehenden Programmen immer
im Vorfeld nach meiner Bestätigung gefragt worden und
entsprechend überrascht als es jetzt nicht geklappt hat.

Hier nun das Ergebnis des Bootkits:

Bootkit Remover
(c) 2009 eSage Lab
www.esagelab.com

Program version: 1.2.0.0
OS Version: Microsoft Windows Vista Home Premium Edition Service Pack 2 (build 6
002), 32-bit

System volume is \\.\C:
\\.\C: -> \\.\PhysicalDrive0 at offset 0x00000000`00100000
ATA_Read(): DeviceIoControl() ERROR 1
Boot sector MD5 is: 0ec6b2481fc707d1e901dc2a875f2826

Size Device Name MBR Status
--------------------------------------------
465 GB \\.\PhysicalDrive0 OK (DOS/Win32 Boot code found)

Done;
Press any key to quit...

Hier das .txt Dokument:

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows Vista Home Premium Edition
Windows Information: Service Pack 2 (build 6002), 32-bit
Base Board Manufacturer: ASUSTeK Computer INC.
BIOS Manufacturer: American Megatrends Inc.
System Manufacturer: System manufacturer
System Product Name: System Product Name
Logical Drives Mask: 0x000000fc

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00100000 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x0000006f`70839c00 (FAT32)

Size Device Name MBR Status
--------------------------------------------
465 GB \\.\PhysicalDrive0 RE: Windows 2008 MBR code detected
SHA1: 8DF43F2BDE2D9451948FA14B5279969C777A7979

Done!
Press ENTER to exit...

Viele Grüße,
bser

cosinus · 08.09.2010, 22:57

Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!

08.09.2010, 22:57	#15
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Mein Internet Explorer öffnet sich ständig- suche gut durchführbare Lösung Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs. Denk dran beide Tools zu updaten vor dem Scan!! __________________ Logfiles bitte immer in CODE-Tags posten

Mein Internet Explorer öffnet sich ständig- suche gut durchführbare Lösung

Log-Analyse und Auswertung: Mein Internet Explorer öffnet sich ständig- suche gut durchführbare Lösung