Trojaner Vista Desktop leer Festplatte defekt?

keepon · 10.05.2011, 21:58

Hallo!

Habe mir irgendwie einen Trojaner zugezogen

, obwohl ich meinem Virenprogramm keinerlei Installation erlaubt habe. Ständig öffnen sich setup Dateien mit mehrstelligen Ziffern im Namen. Klicke ich auf abbrechen kommt die nächste setup Datei. Außerdem versucht sich Java ständig ins Internet zu wählen. Habe ein ähnliches Problem bereits hier im Forum mitverfolgt und deshalb eine Analyse über Malwarebytes durchgeführt:

51 infizierte Dateien und folgende Log datei:

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Datenbank Version: 6548

Windows 6.0.6002 Service Pack 2
Internet Explorer 7.0.6002.18005

10.05.2011 22:33:35
mbam-log-2011-05-10 (22-33-35).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Durchsuchte Objekte: 295243
Laufzeit: 1 Stunde(n), 20 Minute(n), 8 Sekunde(n)

Infizierte Speicherprozesse: 2
Infizierte Speichermodule: 2
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 3
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 44

Infizierte Speicherprozesse:
c:\programdata\trwkcwhfgpmgtx.exe (Rogue.Installer.Gen) -> 2836 -> Unloaded process successfully.
c:\Users\Tini\l.exe (Rootkit.TDSS) -> 1856 -> Unloaded process successfully.

Infizierte Speichermodule:
c:\Users\Tini\AppData\Local\ohtsaw.dll (Trojan.Hiloti) -> Delete on reboot.
c:\Users\Tini\AppData\Local\atifacosaqomi.dll (Trojan.Agent.U) -> Delete on reboot.

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Acuge (Trojan.Hiloti) -> Value: Acuge -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\trwKcwHFGPMgtX (Rogue.Installer.Gen) -> Value: trwKcwHFGPMgtX -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Jyonozi (Trojan.Agent.U) -> Value: Jyonozi -> Delete on reboot.

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
c:\Users\Tini\AppData\Local\ohtsaw.dll (Trojan.Hiloti) -> Delete on reboot.
c:\programdata\trwkcwhfgpmgtx.exe (Rogue.Installer.Gen) -> Quarantined and deleted successfully.
c:\Users\Tini\l.exe (Rootkit.TDSS) -> Quarantined and deleted successfully.
c:\Users\Tini\m.exe (Trojan.FraudPack.Gen) -> Quarantined and deleted successfully.
c:\Users\Tini\AppData\Local\Temp\0.027067628380521125.exe (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
c:\Users\Tini\AppData\Local\Temp\0.6096786126294245.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Tini\AppData\Local\Temp\2473.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully.
c:\Users\Tini\AppData\Local\Temp\24A0.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully.
c:\Users\Tini\AppData\Local\Temp\tmp6586.tmp (Rogue.Installer.Gen) -> Quarantined and deleted successfully.
c:\Users\Tini\AppData\Local\Temp\adobe_flash_player.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Tini\AppData\Local\Temp\FDA0.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully.
c:\Users\Tini\AppData\Local\Temp\setup1061641952.exe (Rootkit.TDSS) -> Quarantined and deleted successfully.
c:\Users\Tini\AppData\Local\Temp\setup1408728840.exe (Rootkit.TDSS) -> Quarantined and deleted successfully.
c:\Users\Tini\AppData\Local\Temp\setup1749326048.exe (Rootkit.TDSS) -> Quarantined and deleted successfully.
c:\Users\Tini\AppData\Local\Temp\setup1752513760.exe (Rootkit.TDSS) -> Quarantined and deleted successfully.
c:\Users\Tini\AppData\Local\Temp\setup1827524832.exe (Rootkit.TDSS) -> Quarantined and deleted successfully.
c:\Users\Tini\AppData\Local\Temp\setup1828728456.exe (Rootkit.TDSS) -> Quarantined and deleted successfully.
c:\Users\Tini\AppData\Local\Temp\setup1991873248.exe (Rootkit.TDSS) -> Quarantined and deleted successfully.
c:\Users\Tini\AppData\Local\Temp\setup3032938720.exe (Rootkit.TDSS) -> Quarantined and deleted successfully.
c:\Users\Tini\AppData\Local\Temp\setup3279916256.exe (Rootkit.TDSS) -> Quarantined and deleted successfully.
c:\Users\Tini\AppData\Local\Temp\setup3528403200.exe (Rootkit.TDSS) -> Quarantined and deleted successfully.
c:\Users\Tini\AppData\Local\Temp\setup3535678688.exe (Rootkit.TDSS) -> Quarantined and deleted successfully.
c:\Users\Tini\AppData\Local\Temp\setup3609256072.exe (Rootkit.TDSS) -> Quarantined and deleted successfully.
c:\Users\Tini\AppData\Local\Temp\setup3814930144.exe (Rootkit.TDSS) -> Quarantined and deleted successfully.
c:\Users\Tini\AppData\Local\Temp\setup3822213344.exe (Rootkit.TDSS) -> Quarantined and deleted successfully.
c:\Users\Tini\AppData\Local\Temp\setup4035532000.exe (Rootkit.TDSS) -> Quarantined and deleted successfully.
c:\Users\Tini\AppData\Local\Temp\setup4061674376.exe (Rootkit.TDSS) -> Quarantined and deleted successfully.
c:\Users\Tini\AppData\Local\Temp\setup4155243400.exe (Rootkit.TDSS) -> Quarantined and deleted successfully.
c:\Users\Tini\AppData\Local\Temp\setup831226592.exe (Rootkit.TDSS) -> Quarantined and deleted successfully.
c:\Users\Tini\AppData\Local\Temp\setup862498016.exe (Rootkit.TDSS) -> Quarantined and deleted successfully.
c:\Users\Tini\AppData\Local\Temp\setup2205707144.exe (Rootkit.TDSS) -> Quarantined and deleted successfully.
c:\Users\Tini\AppData\Local\Temp\setup2415815816.exe (Rootkit.TDSS) -> Quarantined and deleted successfully.
c:\Users\Tini\AppData\Local\Temp\setup2447262856.exe (Rootkit.TDSS) -> Quarantined and deleted successfully.
c:\Users\Tini\AppData\Local\Temp\setup2533755104.exe (Rootkit.TDSS) -> Quarantined and deleted successfully.
c:\Users\Tini\AppData\Local\Temp\setup2631627400.exe (Rootkit.TDSS) -> Quarantined and deleted successfully.
c:\Users\Tini\AppData\Local\Temp\setup2669623520.exe (Rootkit.TDSS) -> Quarantined and deleted successfully.
c:\Users\Tini\AppData\Local\Temp\setup2895472864.exe (Rootkit.TDSS) -> Quarantined and deleted successfully.
c:\Users\Tini\AppData\Local\Temp\setup2908522376.exe (Rootkit.TDSS) -> Quarantined and deleted successfully.
c:\Users\Tini\AppData\LocalLow\Sun\Java\deployment\cache\6.0\47\4d261d6f-70984861 (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
c:\Users\Tini\AppData\Roaming\Adobe\plugs\mmc1500230.txt (Trojan.Hiloti) -> Quarantined and deleted successfully.
c:\Windows\Temp\set4816.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully.
c:\Users\Tini\AppData\Roaming\Adobe\plugs\mmc155.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Tini\AppData\Roaming\Adobe\plugs\mmc17.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Tini\AppData\Local\atifacosaqomi.dll (Trojan.Agent.U) -> Delete on reboot.

Gerade läuft OTL. Hier entstanden folgende Log Dateien:OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 10.05.2011 22:44:32 - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Tini\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 53,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 78,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 288,32 Gb Total Space | 211,68 Gb Free Space | 73,42% Space Free | Partition Type: NTFS
 
Computer Name: MERLIN | User Name: Tini | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Tini\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Users\Tini\leaih.exe ()
PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Packard Bell\Packard Bell PowerSave Solution\ePowerTray.exe (Acer Incorporated)
PRC - C:\Programme\Packard Bell\Packard Bell PowerSave Solution\ePowerSvc.exe (Acer Incorporated)
PRC - C:\Programme\Packard Bell\Packard Bell PowerSave Solution\ePowerEvent.exe (Acer Incorporated)
PRC - C:\Programme\VideoWebCamera\VideoWebCamera.exe (Suyin)
PRC - C:\Programme\Packard Bell\SetupMyPC\SmpSys.exe (Acer Incorporated)
PRC - C:\Programme\NewTech Infosystems\Packard Bell MyBackup\BackupManagerTray.exe (NewTech Infosystems, Inc.)
PRC - C:\Programme\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe (NewTech Infosystems, Inc.)
PRC - C:\Programme\Launch Manager\LManager.exe (Dritek System Inc.)
PRC - C:\Programme\CONEXANT\cAudioFilterAgent\cAudioFilterAgent.exe (Conexant Systems, Inc.)
PRC - C:\Programme\CyberLink\PowerDVD8\PDVD8Serv.exe (CyberLink Corp.)
PRC - C:\Programme\Common Files\Nero\Lib\NMIndexStoreSvr.exe (Nero AG)
PRC - C:\Programme\Windows Defender\MSASCui.exe (Microsoft Corporation)
PRC - C:\Programme\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe ()
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\Tini\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll (Microsoft Corporation)
MOD - C:\Programme\Packard Bell\Packard Bell PowerSave Solution\SysHook.dll (Acer Incorporated)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (ePowerSvc) -- C:\Programme\Packard Bell\Packard Bell PowerSave Solution\ePowerSvc.exe (Acer Incorporated)
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (NTI IScheduleSvc) -- C:\Programme\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe (NewTech Infosystems, Inc.)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (AdobeActiveFileMonitor6.0) -- C:\Programme\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe ()
 
 
========== Driver Services (SafeList) ==========
 
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (CnxtHdAudService) -- C:\Windows\System32\drivers\CHDRT32.sys (Conexant Systems Inc.)
DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (NVHDA) -- C:\Windows\System32\drivers\nvhda32v.sys (NVIDIA Corporation)
DRV - (NETw5v32) Intel(R) -- C:\Windows\System32\drivers\NETw5v32.sys (Intel Corporation)
DRV - (k57nd60x) Broadcom NetLink (TM) -- C:\Windows\System32\drivers\k57nd60x.sys (Broadcom Corporation)
DRV - (HPFXBULK) -- C:\Windows\System32\drivers\hpfxbulk.sys (Hewlett Packard)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&s=2&o=vp32&d=0609&m=easynote_tj66
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&s=2&o=vp32&d=0609&m=easynote_tj66
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&s=2&o=vp32&d=0609&m=easynote_tj66
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "www.google.de"
FF - prefs.js..extensions.enabledItems: firefox@red-cog.com:2.8
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {97E0B7BE-B4D2-408E-80A9-891FC08F94B8}:1.9.1
 
FF - HKLM\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2010.03.12 17:46:03 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.19\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.05.03 11:56:03 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.19\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.05.03 11:56:03 | 000,000,000 | ---D | M]
 
[2009.07.27 17:57:36 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Tini\AppData\Roaming\mozilla\Extensions
[2011.05.10 19:25:03 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Tini\AppData\Roaming\mozilla\Firefox\Profiles\hmkz3aqp.default\extensions
[2011.05.10 20:37:48 | 000,000,000 | -H-D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Tini\AppData\Roaming\mozilla\Firefox\Profiles\hmkz3aqp.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011.05.10 20:37:48 | 000,000,000 | -H-D | M] (Embedded Objects) -- C:\Users\Tini\AppData\Roaming\mozilla\Firefox\Profiles\hmkz3aqp.default\extensions\firefox@red-cog.com
[2011.02.12 10:01:31 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2011.01.16 22:58:06 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011.02.12 10:01:31 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011.01.16 22:58:06 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011.02.12 10:01:31 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011.05.10 19:22:33 | 000,000,000 | -H-D | M] (XULRunner) -- C:\USERS\TINI\APPDATA\LOCAL\{97E0B7BE-B4D2-408E-80A9-891FC08F94B8}
[2010.11.12 19:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll
[2010.09.20 19:52:06 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.09.20 19:52:07 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.09.20 19:52:07 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.09.20 19:52:07 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.09.20 19:52:07 | 000,000,801 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.6.6209.1142\swg.dll (Google Inc.)
O4 - HKLM..\Run: [Acer ePower Management] C:\Programme\Packard Bell\Packard Bell PowerSave Solution\ePowerTrayLauncher.exe (Acer Incorporated)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files\NewTech Infosystems\Packard Bell MyBackup\BackupManagerTray.exe (NewTech Infosystems, Inc.)
O4 - HKLM..\Run: [cAudioFilterAgent] C:\Programme\CONEXANT\cAudioFilterAgent\cAudioFilterAgent.exe (Conexant Systems, Inc.)
O4 - HKLM..\Run: [LManager] C:\Programme\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [PDVD8LanguageShortcut] c:\Program Files\CyberLink\PowerDVD8\Language\Language.exe ()
O4 - HKLM..\Run: [PLFSetI] File not found
O4 - HKLM..\Run: [RemoteControl8] c:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [VideoWebCamera] C:\Program Files\VideoWebCamera\VideoWebCamera.exe (Suyin)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Acuge] File not found
O4 - HKCU..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe (Nero AG)
O4 - HKCU..\Run: [Jyonozi] File not found
O4 - HKCU..\Run: [leaih] C:\Users\Tini\leaih.exe ()
O4 - HKCU..\Run: [SmpcSys] C:\Programme\Packard Bell\SetupMyPC\SmpSys.exe (Acer Incorporated)
O4 - HKCU..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll (Google Inc.)
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Programme\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) - C:\Programme\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img22.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img22.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{456b1016-e509-11de-9326-001f16a6d62c}\Shell - "" = AutoRun
O33 - MountPoints2\{456b1016-e509-11de-9326-001f16a6d62c}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O33 - MountPoints2\{a12d982d-7cda-11de-bbce-001f16a6d62c}\Shell\AutoRun\command - "" = F:\Menu.exe
O33 - MountPoints2\{aecc2a31-b7c7-11de-b895-001f16a6d62c}\Shell\AutoRun\command - "" = E:\Menu.exe
O33 - MountPoints2\{e3f213cc-baaf-11df-afef-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{e3f213cc-baaf-11df-afef-806e6f6e6963}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.05.10 22:42:51 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\Tini\Desktop\OTL.exe
[2011.05.10 22:35:53 | 000,000,000 | R--D | C] -- C:\Users\Tini\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD 8
[2011.05.10 21:50:29 | 000,000,000 | ---D | C] -- C:\ProgramData\WindowsSearch
[2011.05.10 21:03:11 | 000,000,000 | -H-D | C] -- C:\Users\Tini\AppData\Roaming\Malwarebytes
[2011.05.10 21:03:05 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011.05.10 21:03:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.05.10 21:03:03 | 000,000,000 | -H-D | C] -- C:\ProgramData\Malwarebytes
[2011.05.10 21:02:53 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011.05.10 21:02:53 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2011.05.10 19:22:32 | 000,000,000 | -H-D | C] -- C:\Users\Tini\AppData\Local\{97E0B7BE-B4D2-408E-80A9-891FC08F94B8}
[2011.04.28 16:11:19 | 004,240,384 | ---- | C] (Microsoft) -- C:\Windows\System32\GameUXLegacyGDFs.dll
[2011.04.28 16:11:19 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Apphlpdm.dll
[2011.04.28 16:11:14 | 000,876,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsPrint.dll
[2011.04.14 18:26:26 | 000,292,864 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2011.04.14 18:26:26 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2011.04.14 18:26:22 | 001,162,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42u.dll
[2011.04.14 18:26:21 | 001,136,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42.dll
[2011.04.14 18:26:16 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dnscacheugc.exe
[2011.04.14 18:26:05 | 000,671,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2011.04.14 18:26:04 | 000,471,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2011.04.14 18:26:04 | 000,389,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2011.04.14 18:26:04 | 000,380,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2011.04.14 18:26:04 | 000,193,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2011.04.14 18:26:04 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieencode.dll
[2011.04.14 18:25:57 | 002,041,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2011.04.14 18:25:55 | 000,430,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
[2011.04.14 18:25:54 | 000,512,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
 
========== Files - Modified Within 30 Days ==========
 
[2011.05.10 22:43:10 | 000,628,742 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.05.10 22:43:10 | 000,595,996 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.05.10 22:43:10 | 000,126,454 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.05.10 22:43:10 | 000,104,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.05.10 22:42:57 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Tini\Desktop\OTL.exe
[2011.05.10 22:40:06 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011.05.10 22:35:35 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011.05.10 22:35:23 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011.05.10 22:35:23 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011.05.10 22:35:16 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.05.10 22:35:09 | 3213,750,272 | -HS- | M] () -- C:\hiberfil.sys
[2011.05.10 21:12:23 | 000,237,568 | RHS- | M] () -- C:\Users\Tini\leaih.exe
[2011.05.10 20:49:25 | 000,448,045 | -H-- | M] () -- C:\Users\Tini\biiac.exe
[2011.05.10 19:22:34 | 000,000,120 | -H-- | M] () -- C:\Users\Tini\AppData\Local\Nruhuqu.dat
[2011.05.10 19:22:34 | 000,000,000 | -H-- | M] () -- C:\Users\Tini\AppData\Local\Ygari.bin
[2011.05.10 19:20:43 | 000,237,568 | -H-- | M] () -- C:\Users\Tini\lfjuun.exe
[2011.05.10 19:20:34 | 000,000,000 | -H-- | M] () -- C:\Users\Tini\2gweorjqjutp92vjy9gake
[2011.05.10 18:56:23 | 000,048,544 | -H-- | M] () -- C:\ProgramData\nvModes.001
[2011.05.09 17:52:47 | 000,048,544 | -H-- | M] () -- C:\ProgramData\nvModes.dat
[2011.05.04 18:40:06 | 000,034,816 | -H-- | M] () -- C:\Users\Tini\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.04.15 17:09:40 | 000,423,656 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
 
========== Files Created - No Company Name ==========
 
[2011.05.10 21:12:23 | 000,237,568 | RHS- | C] () -- C:\Users\Tini\leaih.exe
[2011.05.10 20:49:25 | 000,448,045 | -H-- | C] () -- C:\Users\Tini\biiac.exe
[2011.05.10 19:22:34 | 000,000,120 | -H-- | C] () -- C:\Users\Tini\AppData\Local\Nruhuqu.dat
[2011.05.10 19:22:34 | 000,000,000 | -H-- | C] () -- C:\Users\Tini\AppData\Local\Ygari.bin
[2011.05.10 19:20:42 | 000,237,568 | -H-- | C] () -- C:\Users\Tini\lfjuun.exe
[2011.05.10 19:20:34 | 000,000,000 | -H-- | C] () -- C:\Users\Tini\2gweorjqjutp92vjy9gake
[2010.09.07 15:57:10 | 000,168,197 | ---- | C] () -- C:\Windows\hppins09.dat.temp
[2010.09.07 15:13:26 | 000,000,621 | ---- | C] () -- C:\Windows\System32\hppapr09.dat
[2010.03.12 17:35:29 | 000,202,406 | ---- | C] () -- C:\Windows\hpwins24.dat
[2009.09.17 10:02:50 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009.09.17 10:02:49 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009.09.03 12:09:06 | 000,034,816 | -H-- | C] () -- C:\Users\Tini\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.08.04 19:46:17 | 000,000,319 | ---- | C] () -- C:\Windows\ULEAD32.INI
[2009.07.30 12:00:06 | 000,000,032 | ---- | C] () -- C:\Windows\Menu.INI
[2009.07.27 20:14:35 | 000,000,000 | -H-- | C] () -- C:\Users\Tini\AppData\Roaming\wklnhst.dat
[2009.07.27 19:51:03 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
[2009.06.11 21:26:46 | 000,004,184 | ---- | C] () -- C:\Windows\System32\drivers\CDConfig.bin
[2009.06.11 13:05:25 | 000,000,033 | ---- | C] () -- C:\Windows\LaunApp.ini
[2009.06.11 12:41:56 | 000,048,544 | -H-- | C] () -- C:\ProgramData\nvModes.001
[2009.06.11 12:40:40 | 000,048,544 | -H-- | C] () -- C:\ProgramData\nvModes.dat
[2009.03.26 03:15:57 | 000,628,742 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2009.03.26 03:15:57 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2009.03.26 03:15:57 | 000,126,454 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2009.03.26 03:15:57 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2009.03.25 19:50:36 | 000,000,209 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2009.03.25 18:38:23 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2009.03.04 21:35:58 | 000,872,448 | ---- | C] () -- C:\Windows\iconv.dll
[2009.03.04 21:35:58 | 000,743,424 | ---- | C] () -- C:\Windows\libxml2.dll
[2009.03.04 21:35:53 | 000,000,060 | ---- | C] () -- C:\Windows\Prelaunch.ini
[2009.03.04 21:35:53 | 000,000,028 | ---- | C] () -- C:\Windows\WisLangCode.ini
[2008.12.17 06:09:43 | 000,001,879 | ---- | C] () -- C:\Windows\hpwmdl24.dat
[2006.11.02 14:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 14:47:37 | 000,423,656 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 12:33:01 | 000,595,996 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006.11.02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006.11.02 12:33:01 | 000,104,070 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006.11.02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006.11.02 12:25:26 | 000,557,568 | ---- | C] () -- C:\Windows\System32\hpotscl1.dll
[2006.11.02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006.11.02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006.11.02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.11.02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[1997.11.17 17:13:16 | 000,010,240 | ---- | C] () -- C:\Windows\System32\vidx16.dll
 
< End of report >

--- --- ---
OTL Logfile:

Code:

ATTFilter

OTL Extras logfile created on: 10.05.2011 22:44:32 - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Tini\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 53,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 78,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 288,32 Gb Total Space | 211,68 Gb Free Space | 73,42% Space Free | Partition Type: NTFS
 
Computer Name: MERLIN | User Name: Tini | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{12B206AF-DE5F-44E1-ADF8-595FE4C838B5}" = rport=138 | protocol=17 | dir=out | app=system | 
"{1AA47F86-36FC-4CF9-8349-D8E9639E9ED0}" = rport=139 | protocol=6 | dir=out | app=system | 
"{26F417C7-69DE-48B4-B6E9-5B8E4196844E}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{27ECD289-7154-40FD-9B11-F15557C7F822}" = rport=137 | protocol=17 | dir=out | app=system | 
"{28C8260B-C1C2-47C1-9CD1-501F71CEA8EA}" = rport=445 | protocol=6 | dir=out | app=system | 
"{302CFC63-A1B0-4D02-BEB5-A610732A323E}" = lport=137 | protocol=17 | dir=in | app=system | 
"{33F08B46-8C04-4082-82FE-2BB44CF9D23D}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{43CCC414-C02C-4006-82B8-9A8C07B0F01D}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{5735B7F4-2C9E-420B-A5AE-D00424155D57}" = lport=138 | protocol=17 | dir=in | app=system | 
"{BD1D0793-730D-4460-877F-CB9A9D92F409}" = rport=427 | protocol=17 | dir=in | svc=hpslpsvc | app=c:\windows\system32\svchost.exe | 
"{C9312FA9-3667-417B-A37E-CB59FFD510E3}" = lport=445 | protocol=6 | dir=in | app=system | 
"{CA101025-E171-4538-BE8F-F7997C980D5E}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{EE13F605-7D8C-4451-B467-5CFEC054A76E}" = lport=139 | protocol=6 | dir=in | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{122212C3-994B-416A-B1E8-B90BCE223B2C}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe | 
"{173F031C-8BE4-44DB-9DFB-96EA388914FC}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | 
"{4A73B785-2D91-4F8C-89BC-873FD262BE07}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"{4B146BE4-D733-4C15-8CC9-C4234CFA95FE}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | 
"{59DA3BF4-F723-40B2-B8B6-486462AE5514}" = dir=in | app=d:\setup\hpznui01.exe | 
"{941AD498-9D9C-4C62-AB18-F0551D2AF324}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposid01.exe | 
"{9565BF23-ADC8-4E8D-8F13-C45931823591}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | 
"{9656A844-F6B1-495E-9B68-3D21B79998BA}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe | 
"{A9DD5344-768F-44B4-8CAC-6595BF07F940}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{AA1F37B5-0C8C-4859-8DF5-A930833DFCDA}" = dir=in | app=c:\program files\cyberlink\powerdvd8\powerdvd8.exe | 
"{B50E2B0D-3F69-430D-9A05-0E008CE14C32}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{B6D31019-032D-4742-9FC0-C13FCA706BF7}" = dir=in | app=c:\program files\pando networks\media booster\pmb.exe | 
"{C58154D9-085A-471F-B6EA-5969753022EB}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqtra08.exe | 
"{C8E809A4-CEC7-40E6-8BC7-BD32720EB2DD}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{DCCB2173-ADB3-46F8-8C4E-EDF9FF917511}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | 
"{DE1EED78-626B-4AE3-869A-F064E9019A64}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{F2F7FFE5-6DBC-4808-AC3C-16BB5BC98708}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqste08.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{03A7C57A-B2C8-409b-92E5-524A0DFD0DD3}" = Status
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{087A66B8-1F0F-4a8d-A649-0CFE276AA7C0}" = WebReg
"{0C34B801-6AEC-4667-B053-03A67E2D0415}" = Apple Application Support
"{0D471171-70BF-459B-AF06-9C34329295E7}" = 6000E609_Help
"{13F00518-807A-4B3A-83B0-A7CD90F3A398}" = MarketResearch
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 23
"{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3DB0448D-AD82-4923-B305-D001E521A964}" = Packard Bell PowerSave Solution
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{47ECCB1F-2811-49C0-B6A7-26778639ABA0}" = 32 Bit HP CIO Components Installer
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4AB8B41B-3AF1-46BE-99B0-0ACD3B300C0A}" = Junk Mail filter update
"{4D304678-738E-42a0-931A-2B022F49DEB8}" = TrayApp
"{4F57C27B-EDF4-4009-BEBA-EA7AA5C7A02D}" = ProductContext
"{551845DB-2D33-474E-B591-0831F0F2FAF6}" = BPDSoftware_Ini
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5A166C0B-9557-4364-A057-F946D674E6AC}" = Windows Live Mail
"{5C1BF3AC-B19D-4C26-B0A0-90833A521031}" = Nero 8 Essentials
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{62F7DA7E-CCCB-439C-A760-00C3926E761F}" = Microsoft Works
"{691FCAD9-4A3F-43B9-8EC6-F7EE608D3772}" = 6000E609_eDocs
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6B96DADA-1A27-4A04-8CB2-CC45168D05FA}" = Windows Live Fotogalerie
"{6EED4269-588D-45b8-A80C-26A9CA62EE4E}" = HPSSupply
"{7059BDA7-E1DB-442C-B7A1-6144596720A4}" = HP Update
"{709817E4-5439-4206-8738-796B34B623BD}" = MetaBoli
"{716F4A62-0548-42b3-BAEA-44BC4F8E187C}" = HP Officejet 6000 E609 Series
"{722CD933-F4A3-4b3b-95D2-2A325BA693DA}" = 6000E609a
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Backup Manager Basic
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7B15D70E-9449-4CFB-B9BC-798465B2BD5C}" = Norton Internet Security
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Packard Bell Recovery Management
"{800E784D-53E3-4948-B491-9E7FA5EACBDC}" = SmartWebPrinting
"{81821BF8-DA20-4F8C-AA87-F70A274828D4}" = Windows Live Writer
"{835686C5-8650-49EB-8CA0-4528B4035495}" = Windows Live Call
"{837B6259-6FF5-4E66-87C1-A5A15ED36FF4}" = Windows Live Messenger
"{83E2CFA9-E0EB-4E08-9F85-43E577FF3D60}" = Windows Live Anmelde-Assistent
"{87A9A9A9-FAB7-4224-9328-0FA2058C0FD5}" = Network
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8C1E2925-14F8-45AA-B999-1E2A74BF5607}" = Windows Live Sync
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90280407-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional mit FrontPage
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9603DE6D-4567-4b78-B941-849322373DE2}" = SolutionCenter
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9AF0B106-56F1-461B-A270-95BC1682E282}" = Broadcom Gigabit NetLink Controller
"{9D1B99B7-DAD8-440d-B4FB-1915332FBCC2}" = HPProductAssistant
"{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}" = QuickTime
"{A77255C4-AFCB-44A3-BF0F-2091A71FFD9E}" = Video Web Camera
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AC13BA3A-336B-45a4-B3FE-2D3058A7B533}" = Toolbox
"{AC76BA86-7AD7-1031-7B44-A90000000001}" = Adobe Reader 9 - Deutsch
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Plus Web Player
"{CBE7EB3D-FBD9-4c74-8156-082D055C0354}" = BPDSoftware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{DF5F687F-8018-4542-9F98-7084E9022917}" = Windows Live Essentials
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F54AC413-D2C6-4A24-B324-370C223C6250}" = Adobe Photoshop Elements 6.0
"{F648FD09-7CEA-4257-BC68-A8389189FD51}" = GPBaseService2
"{F69E83CF-B440-43F8-89E6-6EA80712109B}" = Windows Live Communications Platform
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F769B78E-FF0E-4db5-95E2-9F4C8D6352FE}" = DeviceDiscovery
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop Elements 6" = Adobe Photoshop Elements 6.0
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Bullzip PDF Printer_is1" = Bullzip PDF Printer 7.1.0.1212
"CNXT_AUDIO_HDA" = Conexant HD Audio
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"Google Desktop" = Google Desktop
"GPL Ghostscript Lite_is1" = GPL Ghostscript Lite 8.70
"HP Imaging Device Functions" = HP Imaging Device Functions 12.0
"HP Smart Web Printing" = HP Smart Web Printing
"HP Solution Center & Imaging Support Tools" = HP Solution Center 12.0
"HPExtendedCapabilities" = HP Customer Participation Program 9.0
"Identity Card" = Identity Card
"Infocenter" = Infocenter
"InstallShield_{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
"InstallShield_{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Packard Bell MyBackup
"LManager" = Launch Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox (3.5.19)" = Mozilla Firefox (3.5.19)
"NVIDIA Drivers" = NVIDIA Drivers
"ORTMANN Cross Stitch Creator" = ORTMANN Cross Stitch Creator 3.0.7 
"Packard Bell Customer Registration" = Packard Bell Customer Registration
"PackardBell Screensaver" = PackardBell ScreenSaver
"Röntgen-Trainer_is1" = Röntgen-Trainer Chirurgische Ambulanz Version 1.0
"SetupMyPC" = SetupMyPC
"Shop for HP Supplies" = Shop for HP Supplies
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Ulead Photo Express 3.0 SE" = Ulead Photo Express 3.0 SE
"Updator" = Updator
"WinLiveSuite_Wave3" = Windows Live Essentials
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 10.12.2010 17:10:22 | Computer Name = Merlin | Source = Windows Search Service | ID = 3013
Description = 
 
Error - 10.12.2010 17:10:22 | Computer Name = Merlin | Source = Windows Search Service | ID = 3013
Description = 
 
Error - 10.12.2010 17:10:22 | Computer Name = Merlin | Source = Windows Search Service | ID = 3013
Description = 
 
Error - 12.12.2010 10:22:42 | Computer Name = Merlin | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 12.12.2010 10:22:42 | Computer Name = Merlin | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 12.12.2010 10:22:46 | Computer Name = Merlin | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\Installer\{62F7DA7E-CCCB-439C-A760-00C3926E761F}\wksdb.exe".
Die
abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
 
Error - 12.12.2010 10:22:46 | Computer Name = Merlin | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\Installer\{62F7DA7E-CCCB-439C-A760-00C3926E761F}\WksCal.exe".
Die
abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
 
Error - 12.12.2010 10:22:47 | Computer Name = Merlin | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\Installer\{62F7DA7E-CCCB-439C-A760-00C3926E761F}\wksss.exe".
Die
abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
 
Error - 12.12.2010 10:22:47 | Computer Name = Merlin | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\Installer\{62F7DA7E-CCCB-439C-A760-00C3926E761F}\WksWP.exe".
Die
abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
 
Error - 12.12.2010 10:22:48 | Computer Name = Merlin | Source = WinMgmt | ID = 10
Description = 
 
[ System Events ]
Error - 10.05.2011 14:47:40 | Computer Name = Merlin | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 10.05.2011 14:53:07 | Computer Name = Merlin | Source = Service Control Manager | ID = 7022
Description = 
 
Error - 10.05.2011 15:11:07 | Computer Name = Merlin | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 10.05.2011 15:11:07 | Computer Name = Merlin | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 10.05.2011 15:17:09 | Computer Name = Merlin | Source = Service Control Manager | ID = 7022
Description = 
 
Error - 10.05.2011 16:35:59 | Computer Name = Merlin | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 10.05.2011 16:35:59 | Computer Name = Merlin | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 10.05.2011 16:38:13 | Computer Name = Merlin | Source = Service Control Manager | ID = 7009
Description = 
 
Error - 10.05.2011 16:38:47 | Computer Name = Merlin | Source = Service Control Manager | ID = 7009
Description = 
 
Error - 10.05.2011 16:38:47 | Computer Name = Merlin | Source = Service Control Manager | ID = 7000
Description = 
 
 
< End of report >

--- --- ---

Problem ist auch, dass ich unter Windows-Start nur ein leeres Feld sehe und alle programme verschwunden sind. Ebenso die Desktop Items und angeblich alle meine persönlichen Dateien. Komme ich an diese wieder ran?

Kann mir jemand helfen?

Besten Dank!

Swisstreasure · 10.05.2011, 21:59

Eine Bereinigung ist mitunter mit viel Arbeit für Dich verbunden.

Bitte arbeite alle Schritte der Reihe nach ab.
Lese die Anleitungen sorgfältig. Sollte es Probleme geben, bitte stoppen und hier so gut es geht beschreiben.
Nur Scanns durchführen zu denen Du von einem Helfer aufgefordert wirst.
Bitte kein Crossposting ( posten in mehreren Foren).
Installiere oder Deinstalliere während der Bereinigung keine Software ausser Du wurdest dazu aufgefordert.
Lese Dir die Anleitung zuerst vollständig durch. Sollte etwas unklar sein, frage bevor Du beginnst.
Poste die Logfiles direkt in deinen Thread. Nicht anhängen ausser ich fordere Dich dazu auf. Erschwert mir nämlich das auswerten.

Hinweis: Ich kann Dir niemals eine Garantie geben, dass ich auch alles finde. Eine Formatierung ist meist der Schnellere und immer der sicherste Weg.
Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis dir jemand vom Team sagt, dass Du clean bist.

Vista und Win7 User
Alle Tools mit Rechtsklick "als Administrator ausführen" starten.

Schritt 1

Dowloade Dir bitte TDSS Killer.zip und speichere es am Desktop.
Extrahiere den Inhalt der Datei auf deinem Desktop.
Gehe sicher das die TDSSKiller.exe am Desktop ist. Nicht in einem Ordner.
- Schließe alle laufenden Programme.
- Trenne dich von Internet.
- Deaktiviere deine AntiViren Software.
Starte TDSSkiller.exe mit Doppelklick.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Drücke auf Start scan.
Sollte die Meldung "Hidden service detected" schreiben keinesfalls irgendetwas hinein..Drücke nur ENTER !!!
Wenn das Tool fertig ist, poppt ein Fenster mit den Funden auf.
Dieses bitte einfach schließen.
Nun auf Report klicken.
Bitte poste mir den Inhalt hier in deinen Thread.
(auch zu finden unter C:\TDSSKiller<time_date>.txt)

Schritt 2

Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Lade ComboFix von einem der unten aufgeführten Links herunter. Du musst diese umbenennen, bevor Du es auf den Desktop speicherst. Speichere ComboFix auf deinen Desktop.

**NB: Es ist wichtig, das ComboFix.exe auf dem Desktop gespeichert wird**

Deaktivere Deine Anti-Virus- und Anti-Spyware-Programme. Normalerweise kannst Du dies über einen Rechtsklick auf das Systemtray-Icon tun. Die Programme könnten sonst eventuell unsere Programme bei deren Arbeit stören.
Doppel-klicke auf ComboFix.exe und folge den Aufforderungen.
- Wenn ComboFix fertig ist, wird es ein Log für dich erstellen.
- Bitte poste mir den Inhalt von C:\ComboFix.txt hier in de Thread.

Schritt 3

Rootkit-Suche mit Gmer

Was sind Rootkits?

Wichtig: Bei jedem Rootkit-Scans soll/en:

Deaktiviere zunächst nach dieser Anleitung evtl. vorhandene CD-Emulatoren wie Alcohol, Daemon-Tools oder ähnliche.
Alle anderen Programme gegen Viren, Spyware, usw. deaktiviert sein,
keine Verbindung zu einem Netzwerk/Internet bestehen (WLAN nicht vergessen),
nichts am Rechner getan werden,
nach jedem Scan der Rechner neu gestartet werden.
Nicht vergessen, nach dem Rootkit-Scan die Security-Programme wieder einzuschalten!

Lade Dir Gmer von dieser Seite herunter
(auf den Button Download EXE drücken) und das Programm auf dem Desktop speichern.

Alle anderen Programme sollen geschlossen sein.
Starte gmer.exe (hat einen willkürlichen Programm-Namen).
Vista-User mit Rechtsklick und als Administrator starten.
Gmer startet automatisch einen ersten Scan.

Sollte sich ein Fenster mit folgender Warnung öffnen:

Code:

ATTFilter

WARNING !!!
GMER has found system modification, which might have been caused by ROOTKIT activity.
Do you want to fully scan your system?

Unbedingt auf "No" klicken,
in dem Fall über den Save-Button das bisherige Resultat auf dem Desktop als gmer_first.log speichern.

.
Falls das nicht der Fall war, wähle nun den Reiter "Rootkit/Malware",
Hake an: System, Sections, Devices, Modules, Processes, Threads, Libraries, Services, Registry und Files.
Wichtig: "Show all" darf nicht angehakt sein!
Starte den Scan durch Drücken des Buttons "Scan".
Mache nichts am Computer während der Scan läuft (unten links wird angezeigt, was gerade gescannt wird).
Wenn der Scan fertig ist, bleibt die Zeile leer.
Kllicke auf "Save" und speichere das Logfile als gmer.log auf dem Desktop.
Mit "Ok" wird GMER beendet.

Antiviren-Programm und sonstige Scanner wieder einschalten, bevor Du ins Netz gehst!

Nun das Logfile in Code-Tags posten.

keepon · 10.05.2011, 22:12

Vielen Dank für die schnelle Antwort.

Habe nun kaspersky laufen lassen... Ergebnis: Feld leer.

System scan completed.
Processed: 244 objects
Infection: not found.

kaspersky log report:

2011/05/10 23:10:00.0240 6100 TDSS rootkit removing tool 2.5.0.0 May 1 2011 14:20:16
2011/05/10 23:10:00.0271 6100 ================================================================================
2011/05/10 23:10:00.0271 6100 SystemInfo:
2011/05/10 23:10:00.0271 6100
2011/05/10 23:10:00.0271 6100 OS Version: 6.0.6002 ServicePack: 2.0
2011/05/10 23:10:00.0271 6100 Product type: Workstation
2011/05/10 23:10:00.0271 6100 ComputerName: MERLIN
2011/05/10 23:10:00.0271 6100 UserName: Tini
2011/05/10 23:10:00.0271 6100 Windows directory: C:\Windows
2011/05/10 23:10:00.0271 6100 System windows directory: C:\Windows
2011/05/10 23:10:00.0271 6100 Processor architecture: Intel x86
2011/05/10 23:10:00.0271 6100 Number of processors: 2
2011/05/10 23:10:00.0271 6100 Page size: 0x1000
2011/05/10 23:10:00.0271 6100 Boot type: Normal boot
2011/05/10 23:10:00.0271 6100 ================================================================================
2011/05/10 23:10:00.0568 6100 Initialize success
2011/05/10 23:10:24.0795 6136 ================================================================================
2011/05/10 23:10:24.0795 6136 Scan started
2011/05/10 23:10:24.0795 6136 Mode: Manual;
2011/05/10 23:10:24.0795 6136 ================================================================================
2011/05/10 23:10:25.0902 6136 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
2011/05/10 23:10:26.0089 6136 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
2011/05/10 23:10:26.0230 6136 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
2011/05/10 23:10:26.0292 6136 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
2011/05/10 23:10:26.0448 6136 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
2011/05/10 23:10:26.0604 6136 AFD (a201207363aa900abf1a388468688570) C:\Windows\system32\drivers\afd.sys
2011/05/10 23:10:26.0745 6136 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
2011/05/10 23:10:26.0776 6136 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
2011/05/10 23:10:26.0807 6136 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
2011/05/10 23:10:26.0932 6136 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
2011/05/10 23:10:26.0979 6136 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
2011/05/10 23:10:27.0072 6136 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
2011/05/10 23:10:27.0197 6136 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
2011/05/10 23:10:27.0400 6136 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
2011/05/10 23:10:27.0493 6136 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
2011/05/10 23:10:27.0618 6136 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/05/10 23:10:27.0712 6136 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
2011/05/10 23:10:27.0899 6136 avgio (0b497c79824f8e1bf22fa6aacd3de3a0) C:\Program Files\Avira\AntiVir Desktop\avgio.sys
2011/05/10 23:10:28.0086 6136 avgntflt (47b879406246ffdced59e18d331a0e7d) C:\Windows\system32\DRIVERS\avgntflt.sys
2011/05/10 23:10:28.0149 6136 avipbb (5fedef54757b34fb611b9ec8fb399364) C:\Windows\system32\DRIVERS\avipbb.sys
2011/05/10 23:10:28.0367 6136 b57nd60x (502f1c30bd50b32d00ce4dcaecc3d3c7) C:\Windows\system32\DRIVERS\b57nd60x.sys
2011/05/10 23:10:28.0523 6136 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
2011/05/10 23:10:28.0663 6136 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
2011/05/10 23:10:28.0726 6136 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
2011/05/10 23:10:28.0866 6136 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
2011/05/10 23:10:28.0913 6136 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
2011/05/10 23:10:28.0960 6136 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
2011/05/10 23:10:29.0131 6136 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
2011/05/10 23:10:29.0241 6136 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
2011/05/10 23:10:29.0381 6136 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
2011/05/10 23:10:29.0506 6136 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
2011/05/10 23:10:29.0662 6136 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
2011/05/10 23:10:29.0896 6136 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
2011/05/10 23:10:30.0067 6136 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
2011/05/10 23:10:30.0192 6136 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
2011/05/10 23:10:30.0364 6136 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/05/10 23:10:30.0411 6136 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
2011/05/10 23:10:30.0567 6136 CnxtHdAudService (01b80273c019f0f25f27fa2e80a85578) C:\Windows\system32\drivers\CHDRT32.sys
2011/05/10 23:10:30.0801 6136 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
2011/05/10 23:10:30.0832 6136 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
2011/05/10 23:10:30.0879 6136 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
2011/05/10 23:10:31.0253 6136 DfsC (218d8ae46c88e82014f5d73d0236d9b2) C:\Windows\system32\Drivers\dfsc.sys
2011/05/10 23:10:31.0456 6136 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
2011/05/10 23:10:31.0549 6136 DKbFltr (73baf270d24fe726b9cd7f80bb17a23d) C:\Windows\system32\DRIVERS\DKbFltr.sys
2011/05/10 23:10:31.0690 6136 Dot4 (4f59c172c094e1a1d46463a8dc061cbd) C:\Windows\system32\DRIVERS\Dot4.sys
2011/05/10 23:10:31.0799 6136 Dot4Print (80bf3ba09f6f2523c8f6b7cc6dbf7bd5) C:\Windows\system32\DRIVERS\Dot4Prt.sys
2011/05/10 23:10:31.0861 6136 dot4usb (c55004ca6b419b6695970dfe849b122f) C:\Windows\system32\DRIVERS\dot4usb.sys
2011/05/10 23:10:32.0002 6136 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
2011/05/10 23:10:32.0220 6136 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
2011/05/10 23:10:32.0361 6136 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
2011/05/10 23:10:32.0548 6136 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
2011/05/10 23:10:32.0782 6136 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
2011/05/10 23:10:32.0938 6136 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
2011/05/10 23:10:33.0125 6136 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
2011/05/10 23:10:33.0406 6136 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
2011/05/10 23:10:33.0749 6136 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
2011/05/10 23:10:33.0843 6136 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
2011/05/10 23:10:33.0983 6136 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
2011/05/10 23:10:34.0155 6136 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/05/10 23:10:34.0326 6136 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
2011/05/10 23:10:34.0498 6136 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
2011/05/10 23:10:34.0654 6136 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
2011/05/10 23:10:35.0028 6136 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
2011/05/10 23:10:35.0169 6136 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/05/10 23:10:35.0340 6136 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
2011/05/10 23:10:35.0449 6136 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
2011/05/10 23:10:35.0574 6136 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
2011/05/10 23:10:35.0637 6136 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
2011/05/10 23:10:35.0793 6136 HPFXBULK (299683d4c8aaa3f6f5d5d226a1782a6e) C:\Windows\system32\drivers\hpfxbulk.sys
2011/05/10 23:10:36.0027 6136 HSFHWAZL (46d67209550973257601a533e2ac5785) C:\Windows\system32\DRIVERS\VSTAZL3.SYS
2011/05/10 23:10:36.0214 6136 HSF_DPV (ec36f1d542ed4252390d446bf6d4dfd0) C:\Windows\system32\DRIVERS\VSTDPV3.SYS
2011/05/10 23:10:36.0541 6136 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
2011/05/10 23:10:36.0838 6136 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
2011/05/10 23:10:37.0041 6136 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/05/10 23:10:37.0165 6136 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
2011/05/10 23:10:37.0353 6136 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
2011/05/10 23:10:37.0727 6136 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
2011/05/10 23:10:38.0039 6136 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
2011/05/10 23:10:38.0382 6136 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/05/10 23:10:38.0772 6136 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
2011/05/10 23:10:39.0022 6136 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
2011/05/10 23:10:39.0287 6136 irda (e50a95179211b12946f7e035d60af560) C:\Windows\system32\DRIVERS\irda.sys
2011/05/10 23:10:39.0490 6136 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
2011/05/10 23:10:39.0724 6136 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
2011/05/10 23:10:39.0895 6136 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/05/10 23:10:40.0051 6136 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
2011/05/10 23:10:40.0129 6136 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
2011/05/10 23:10:40.0301 6136 k57nd60x (eac21e8014c7e6ee341afffb7e2bbd54) C:\Windows\system32\DRIVERS\k57nd60x.sys
2011/05/10 23:10:40.0410 6136 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/05/10 23:10:40.0613 6136 kbdhid (18247836959ba67e3511b62846b9c2e0) C:\Windows\system32\drivers\kbdhid.sys
2011/05/10 23:10:40.0722 6136 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
2011/05/10 23:10:40.0987 6136 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
2011/05/10 23:10:41.0143 6136 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
2011/05/10 23:10:41.0346 6136 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
2011/05/10 23:10:41.0455 6136 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
2011/05/10 23:10:41.0580 6136 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
2011/05/10 23:10:41.0705 6136 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
2011/05/10 23:10:41.0845 6136 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
2011/05/10 23:10:42.0017 6136 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
2011/05/10 23:10:42.0064 6136 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
2011/05/10 23:10:42.0173 6136 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
2011/05/10 23:10:42.0313 6136 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
2011/05/10 23:10:42.0376 6136 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
2011/05/10 23:10:42.0501 6136 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
2011/05/10 23:10:42.0579 6136 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
2011/05/10 23:10:42.0719 6136 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
2011/05/10 23:10:42.0828 6136 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
2011/05/10 23:10:42.0922 6136 mrxsmb (5fe5cf325f5b02ebc60832d3440cb414) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/05/10 23:10:43.0047 6136 mrxsmb10 (30b9c769446af379a2afb72b0392604d) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/05/10 23:10:43.0093 6136 mrxsmb20 (fea239b3ec4877e2b7e23204af589ddf) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/05/10 23:10:43.0187 6136 msahci (5457dcfa7c0da43522f4d9d4049c1472) C:\Windows\system32\drivers\msahci.sys
2011/05/10 23:10:43.0234 6136 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
2011/05/10 23:10:43.0327 6136 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
2011/05/10 23:10:43.0437 6136 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
2011/05/10 23:10:43.0515 6136 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
2011/05/10 23:10:43.0639 6136 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/05/10 23:10:43.0764 6136 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
2011/05/10 23:10:43.0889 6136 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
2011/05/10 23:10:44.0279 6136 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/05/10 23:10:44.0404 6136 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
2011/05/10 23:10:44.0513 6136 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
2011/05/10 23:10:44.0669 6136 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
2011/05/10 23:10:44.0841 6136 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
2011/05/10 23:10:44.0887 6136 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/05/10 23:10:45.0028 6136 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/05/10 23:10:45.0153 6136 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/05/10 23:10:45.0231 6136 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
2011/05/10 23:10:45.0309 6136 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
2011/05/10 23:10:45.0418 6136 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
2011/05/10 23:10:45.0683 6136 NETw5v32 (ae642d069681a826d5f16e4f6ad158f3) C:\Windows\system32\DRIVERS\NETw5v32.sys
2011/05/10 23:10:45.0870 6136 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
2011/05/10 23:10:45.0933 6136 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
2011/05/10 23:10:46.0011 6136 NSCIRDA (6d8d2e5652fc2442c810c5d8be784148) C:\Windows\system32\DRIVERS\nscirda.sys
2011/05/10 23:10:46.0151 6136 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
2011/05/10 23:10:46.0229 6136 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
2011/05/10 23:10:46.0354 6136 NTIDrvr (2757d2ba59aee155209e24942ab127c9) C:\Windows\system32\Drivers\NTIDrvr.sys
2011/05/10 23:10:46.0401 6136 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
2011/05/10 23:10:46.0416 6136 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
2011/05/10 23:10:46.0541 6136 NVHDA (5942c96a3ac3029490961949f9009344) C:\Windows\system32\drivers\nvhda32v.sys
2011/05/10 23:10:47.0118 6136 nvlddmkm (7faa756fefdd371745c88f8ae3141f0f) C:\Windows\system32\DRIVERS\nvlddmkm.sys
2011/05/10 23:10:47.0321 6136 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
2011/05/10 23:10:47.0383 6136 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
2011/05/10 23:10:47.0539 6136 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
2011/05/10 23:10:47.0664 6136 ohci1394 (790e27c3db53410b40ff9ef2fd10a1d9) C:\Windows\system32\DRIVERS\ohci1394.sys
2011/05/10 23:10:47.0789 6136 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
2011/05/10 23:10:47.0883 6136 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
2011/05/10 23:10:48.0023 6136 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
2011/05/10 23:10:48.0117 6136 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
2011/05/10 23:10:48.0163 6136 pciide (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\drivers\pciide.sys
2011/05/10 23:10:48.0288 6136 pcmcia (b7c5a8769541900f6dfa6fe0c5e4d513) C:\Windows\system32\DRIVERS\pcmcia.sys
2011/05/10 23:10:48.0460 6136 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
2011/05/10 23:10:48.0647 6136 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
2011/05/10 23:10:48.0694 6136 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
2011/05/10 23:10:48.0850 6136 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
2011/05/10 23:10:48.0943 6136 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\Windows\system32\Drivers\PxHelp20.sys
2011/05/10 23:10:49.0162 6136 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
2011/05/10 23:10:49.0661 6136 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
2011/05/10 23:10:49.0817 6136 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
2011/05/10 23:10:49.0942 6136 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
2011/05/10 23:10:50.0067 6136 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/05/10 23:10:50.0145 6136 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/05/10 23:10:50.0285 6136 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
2011/05/10 23:10:50.0363 6136 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
2011/05/10 23:10:50.0425 6136 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/05/10 23:10:50.0613 6136 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
2011/05/10 23:10:50.0706 6136 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
2011/05/10 23:10:50.0800 6136 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
2011/05/10 23:10:50.0956 6136 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
2011/05/10 23:10:51.0018 6136 RTSTOR (d97d8259293b7a82cb891f37f997df3f) C:\Windows\system32\drivers\RTSTOR.SYS
2011/05/10 23:10:51.0221 6136 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
2011/05/10 23:10:51.0315 6136 sdbus (126ea89bcc413ee45e3004fb0764888f) C:\Windows\system32\DRIVERS\sdbus.sys
2011/05/10 23:10:51.0346 6136 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2011/05/10 23:10:51.0486 6136 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
2011/05/10 23:10:51.0533 6136 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
2011/05/10 23:10:51.0611 6136 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
2011/05/10 23:10:51.0814 6136 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
2011/05/10 23:10:51.0861 6136 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
2011/05/10 23:10:51.0907 6136 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
2011/05/10 23:10:51.0954 6136 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
2011/05/10 23:10:52.0079 6136 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
2011/05/10 23:10:52.0141 6136 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
2011/05/10 23:10:52.0204 6136 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
2011/05/10 23:10:52.0329 6136 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
2011/05/10 23:10:52.0422 6136 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
2011/05/10 23:10:52.0609 6136 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
2011/05/10 23:10:52.0734 6136 srv2 (a5940ca32ed206f90be9fabdf6e92de4) C:\Windows\system32\DRIVERS\srv2.sys
2011/05/10 23:10:53.0015 6136 srvnet (37aa1d560d5fa486c4b11c2f276ada61) C:\Windows\system32\DRIVERS\srvnet.sys
2011/05/10 23:10:53.0187 6136 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys
2011/05/10 23:10:53.0358 6136 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
2011/05/10 23:10:53.0405 6136 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
2011/05/10 23:10:53.0467 6136 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
2011/05/10 23:10:53.0623 6136 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
2011/05/10 23:10:53.0733 6136 SynTP (5c3e900f41426a372de60675afc8aa07) C:\Windows\system32\DRIVERS\SynTP.sys
2011/05/10 23:10:54.0013 6136 Tcpip (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\drivers\tcpip.sys
2011/05/10 23:10:54.0341 6136 Tcpip6 (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\DRIVERS\tcpip.sys
2011/05/10 23:10:54.0715 6136 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
2011/05/10 23:10:55.0137 6136 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
2011/05/10 23:10:55.0339 6136 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
2011/05/10 23:10:55.0511 6136 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
2011/05/10 23:10:55.0714 6136 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
2011/05/10 23:10:55.0932 6136 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/05/10 23:10:56.0057 6136 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
2011/05/10 23:10:56.0166 6136 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
2011/05/10 23:10:56.0291 6136 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
2011/05/10 23:10:56.0385 6136 UBHelper (f763e070843ee2803de1395002b42938) C:\Windows\system32\drivers\UBHelper.sys
2011/05/10 23:10:56.0603 6136 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
2011/05/10 23:10:56.0728 6136 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
2011/05/10 23:10:56.0868 6136 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
2011/05/10 23:10:57.0009 6136 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
2011/05/10 23:10:57.0118 6136 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
2011/05/10 23:10:57.0196 6136 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
2011/05/10 23:10:57.0274 6136 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/05/10 23:10:57.0445 6136 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
2011/05/10 23:10:57.0617 6136 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
2011/05/10 23:10:57.0742 6136 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
2011/05/10 23:10:57.0835 6136 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
2011/05/10 23:10:57.0945 6136 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
2011/05/10 23:10:58.0085 6136 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
2011/05/10 23:10:58.0257 6136 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/05/10 23:10:58.0459 6136 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/05/10 23:10:58.0537 6136 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
2011/05/10 23:10:58.0693 6136 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/05/10 23:10:58.0849 6136 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
2011/05/10 23:10:59.0005 6136 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
2011/05/10 23:10:59.0146 6136 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
2011/05/10 23:10:59.0255 6136 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
2011/05/10 23:10:59.0395 6136 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
2011/05/10 23:10:59.0536 6136 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
2011/05/10 23:10:59.0661 6136 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
2011/05/10 23:10:59.0895 6136 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
2011/05/10 23:11:00.0035 6136 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
2011/05/10 23:11:00.0113 6136 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/05/10 23:11:00.0129 6136 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/05/10 23:11:00.0394 6136 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
2011/05/10 23:11:00.0503 6136 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
2011/05/10 23:11:00.0784 6136 winachsf (5c7bdcf5864db00323fe2d90fa26a8a2) C:\Windows\system32\DRIVERS\VSTCNXT3.SYS
2011/05/10 23:11:01.0002 6136 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
2011/05/10 23:11:01.0065 6136 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
2011/05/10 23:11:01.0314 6136 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/05/10 23:11:01.0767 6136 ================================================================================
2011/05/10 23:11:01.0767 6136 Scan finished
2011/05/10 23:11:01.0767 6136 ================================================================================

Combofix Logfile:

Code:

ATTFilter

ComboFix 11-05-09.03 - Tini 10.05.2011  23:19:59.1.2 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.49.1031.18.3066.1816 [GMT 2:00]
ausgeführt von:: c:\users\Tini\Desktop\Combo-Fix.exe
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Tini\AppData\Local\{97E0B7BE-B4D2-408E-80A9-891FC08F94B8}
c:\users\Tini\AppData\Local\{97E0B7BE-B4D2-408E-80A9-891FC08F94B8}\chrome.manifest
c:\users\Tini\AppData\Local\{97E0B7BE-B4D2-408E-80A9-891FC08F94B8}\chrome\content\_cfg.js
c:\users\Tini\AppData\Local\{97E0B7BE-B4D2-408E-80A9-891FC08F94B8}\chrome\content\overlay.xul
c:\users\Tini\AppData\Local\{97E0B7BE-B4D2-408E-80A9-891FC08F94B8}\install.rdf
c:\users\Tini\AppData\Roaming\Adobe\plugs
c:\users\Tini\AppData\Roaming\Adobe\plugs\mmc1538669.txt
c:\users\Tini\AppData\Roaming\Adobe\shed
c:\users\Tini\AppData\Roaming\Adobe\shed\thr1.chm
c:\users\Tini\biiac.exe
c:\users\Tini\leaih.exe
c:\users\Tini\lfjuun.exe
c:\windows\Temp\log.txt
.
.
(((((((((((((((((((((((   Dateien erstellt von 2011-04-10 bis 2011-05-10  ))))))))))))))))))))))))))))))
.
.
2011-05-10 21:26 . 2011-05-10 21:30    --------    d-----w-    c:\users\Tini\AppData\Local\temp
2011-05-10 21:26 . 2011-05-10 21:26    --------    d-----w-    c:\users\Default\AppData\Local\temp
2011-05-10 21:07 . 2011-05-10 21:07    --------    d-----w-    C:\Desktop
2011-05-10 20:46 . 2011-04-11 07:04    7071056    ----a-w-    c:\programdata\Microsoft\Windows Defender\Definition Updates\{A8271337-5D72-42B9-A3C4-08B9EC42AA45}\mpengine.dll
2011-05-10 19:50 . 2011-05-10 19:50    --------    d-----w-    c:\programdata\WindowsSearch
2011-05-10 19:03 . 2011-05-10 19:03    --------    d--h--w-    c:\users\Tini\AppData\Roaming\Malwarebytes
2011-05-10 19:03 . 2010-12-20 16:09    38224    ----a-w-    c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-10 19:03 . 2011-05-10 19:03    --------    d--h--w-    c:\programdata\Malwarebytes
2011-05-10 19:02 . 2011-05-10 20:33    --------    d-----w-    c:\program files\Malwarebytes' Anti-Malware
2011-05-10 19:02 . 2010-12-20 16:08    20952    ----a-w-    c:\windows\system32\drivers\mbam.sys
2011-05-10 17:22 . 2011-05-10 17:22    0    ---ha-w-    c:\users\Tini\AppData\Local\Ygari.bin
2011-04-28 14:11 . 2011-03-03 15:40    28672    ----a-w-    c:\windows\system32\Apphlpdm.dll
2011-04-28 14:11 . 2011-03-03 13:35    4240384    ----a-w-    c:\windows\system32\GameUXLegacyGDFs.dll
2011-04-28 14:11 . 2011-03-12 21:55    876032    ----a-w-    c:\windows\system32\XpsPrint.dll
2011-04-14 16:25 . 2011-03-03 13:25    2041856    ----a-w-    c:\windows\system32\win32k.sys
2011-04-14 16:25 . 2011-02-16 16:21    430080    ----a-w-    c:\windows\system32\vbscript.dll
2011-04-14 16:25 . 2011-03-03 15:42    739328    ----a-w-    c:\windows\system32\inetcomm.dll
2011-04-14 16:25 . 2011-03-03 10:50    2409784    ----a-w-    c:\program files\Windows Mail\OESpamFilter.dat
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-19 19:02 . 2009-10-26 16:00    137656    ----a-w-    c:\windows\system32\drivers\avipbb.sys
2011-03-03 15:40 . 2011-04-28 14:11    173056    ----a-w-    c:\windows\apppatch\AcXtrnal.dll
2011-03-03 15:40 . 2011-04-28 14:11    542720    ----a-w-    c:\windows\apppatch\AcLayers.dll
2011-03-03 15:40 . 2011-04-28 14:11    458752    ----a-w-    c:\windows\apppatch\AcSpecfc.dll
2011-03-03 15:40 . 2011-04-28 14:11    2159616    ----a-w-    c:\windows\apppatch\AcGenral.dll
2011-02-22 14:13 . 2011-03-23 16:40    288768    ----a-w-    c:\windows\system32\XpsGdiConverter.dll
2011-02-22 13:33 . 2011-03-23 16:40    1068544    ----a-w-    c:\windows\system32\DWrite.dll
2011-02-22 13:33 . 2011-03-23 16:40    797696    ----a-w-    c:\windows\system32\FntCache.dll
2010-07-17 17:20 . 2009-07-27 16:12    119808    ----a-w-    c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WindowsWelcomeCenter"="oobefldr.dll" [2009-04-11 2153472]
"SmpcSys"="c:\program files\Packard Bell\SetupMyPC\SmpSys.exe" [2009-03-18 1160736]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-07-27 68856]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2008-04-28 1828136]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"cAudioFilterAgent"="c:\program files\Conexant\cAudioFilterAgent\cAudioFilterAgent.exe" [2008-11-06 474168]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-02-10 13605408]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-02-10 92704]
"VideoWebCamera"="c:\program files\VideoWebCamera\VideoWebCamera.exe" [2009-04-02 1552497]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-02-06 1430824]
"LManager"="c:\program files\Launch Manager\LManager.exe" [2009-02-19 866824]
"BackupManagerTray"="c:\program files\NewTech Infosystems\Packard Bell MyBackup\BackupManagerTray.exe" [2009-03-09 250624]
"RemoteControl8"="c:\program files\CyberLink\PowerDVD8\PDVD8Serv.exe" [2008-10-17 91432]
"PDVD8LanguageShortcut"="c:\program files\CyberLink\PowerDVD8\Language\Language.exe" [2007-12-14 50472]
"Acer ePower Management"="c:\program files\Packard Bell\Packard Bell PowerSave Solution\ePowerTrayLauncher.exe" [2009-04-07 440864]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-07-17 30192]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-11-09 281768]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-05 417792]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-12-20 963976]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2008-10-16 214360]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-03-12 135664]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2008-01-21 179712]
R3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2010-07-17 30192]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-03-12 135664]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2011-04-28 136360]
S2 ePowerSvc;Acer ePower Service;c:\program files\Packard Bell\Packard Bell PowerSave Solution\ePowerSvc.exe [2009-04-07 703008]
S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe [2009-03-09 44800]
S3 k57nd60x;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60x.sys [2008-09-04 223232]
S3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\NETw5v32.sys [2008-12-29 3715072]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2009-01-22 52768]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - KLMD25
*Deregistered* - klmd25
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation    REG_MULTI_SZ       FontCache
HPZ12    REG_MULTI_SZ       Pml Driver HPZ12 Net Driver HPZ12
HPService    REG_MULTI_SZ       HPSLPSVC
hpdevmgmt    REG_MULTI_SZ       hpqcxs08 hpqddsvc
.
Inhalt des "geplante Tasks" Ordners
.
2011-05-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-12 09:15]
.
2011-05-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-12 09:15]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&s=2&o=vp32&d=0609&m=easynote_tj66
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~3\Office10\EXCEL.EXE/3000
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Tini\AppData\Roaming\Mozilla\Firefox\Profiles\hmkz3aqp.default\
FF - prefs.js: browser.startup.homepage - www.google.de
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Embedded Objects: firefox@red-cog.com - %profile%\extensions\firefox@red-cog.com
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKCU-Run-leaih - c:\users\Tini\leaih.exe
HKCU-Run-Acuge - c:\users\Tini\AppData\Local\ohtsaw.dll
HKCU-Run-Jyonozi - c:\users\Tini\AppData\Local\atifacosaqomi.dll
HKLM-Run-PLFSetI - c:\program files\PLFSetI.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2011-05-10 23:29
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse... 
.
Scanne versteckte Autostarteinträge... 
.
Scanne versteckte Dateien... 
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
Zeit der Fertigstellung: 2011-05-10  23:33:33
ComboFix-quarantined-files.txt  2011-05-10 21:33
.
Vor Suchlauf: 6 Verzeichnis(se), 225.748.729.856 Bytes frei
Nach Suchlauf: 12 Verzeichnis(se), 225.532.985.344 Bytes frei
.
- - End Of File - - E7BD25AA1F1ED926D7BED89399913DE6

--- --- ---

GMER Logfile:

Code:

ATTFilter

GMER 1.0.15.15627 - hxxp://www.gmer.net
Rootkit scan 2011-05-11 00:38:46
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 Hitachi_HTS545032B9A300 rev.PB3OC60F
Running: 84f97i5x.exe; Driver: C:\Users\Tini\AppData\Local\Temp\pxldypod.sys
 
 
---- Kernel code sections - GMER 1.0.15 ----
 
?               System32\drivers\lqpjrf.sys                                                                                                                     Das System kann den angegebenen Pfad nicht finden. !
.text           C:\Windows\system32\DRIVERS\nvlddmkm.sys                                                                                                        section is writeable [0x8F00F340, 0x3EE307, 0xE8000020]
?               C:\Windows\system32\Drivers\PROCEXP113.SYS                                                                                                      Das System kann die angegebene Datei nicht finden. !
?               C:\Users\Tini\AppData\Local\Temp\catchme.sys                                                                                                    Das System kann die angegebene Datei nicht finden. !
 
---- User code sections - GMER 1.0.15 ----
 
.text           C:\Windows\system32\taskeng.exe[2712] kernel32.dll!TerminateProcess                                                                             775818EF 1 Byte  [C3]
.text           C:\Windows\system32\taskeng.exe[2712] kernel32.dll!TerminateThread                                                                              775C41F7 1 Byte  [C3]
 
---- User IAT/EAT - GMER 1.0.15 ----
 
IAT             C:\Program Files\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe[1564] @ C:\Windows\system32\SHELL32.dll [USER32.dll!ExitWindowsEx]  [00ED1210] C:\Program Files\NewTech Infosystems\Packard Bell MyBackup\Pehook.dll (Backup Manager Module/NewTech Infosystems, Inc.)
IAT             C:\Windows\explorer.exe[5924] @ C:\Windows\explorer.exe [gdiplus.dll!GdiplusShutdown]                                                           [745C7817] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\explorer.exe[5924] @ C:\Windows\explorer.exe [gdiplus.dll!GdipCloneImage]                                                            [7461A86D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\explorer.exe[5924] @ C:\Windows\explorer.exe [gdiplus.dll!GdipDrawImageRectI]                                                        [745CBB22] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\explorer.exe[5924] @ C:\Windows\explorer.exe [gdiplus.dll!GdipSetInterpolationMode]                                                  [745BF695] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\explorer.exe[5924] @ C:\Windows\explorer.exe [gdiplus.dll!GdiplusStartup]                                                            [745C75E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\explorer.exe[5924] @ C:\Windows\explorer.exe [gdiplus.dll!GdipCreateFromHDC]                                                         [745BE7CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\explorer.exe[5924] @ C:\Windows\explorer.exe [gdiplus.dll!GdipCreateBitmapFromStreamICM]                                             [745F8395] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\explorer.exe[5924] @ C:\Windows\explorer.exe [gdiplus.dll!GdipCreateBitmapFromStream]                                                [745CDA60] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\explorer.exe[5924] @ C:\Windows\explorer.exe [gdiplus.dll!GdipGetImageHeight]                                                        [745BFFFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\explorer.exe[5924] @ C:\Windows\explorer.exe [gdiplus.dll!GdipGetImageWidth]                                                         [745BFF61] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\explorer.exe[5924] @ C:\Windows\explorer.exe [gdiplus.dll!GdipDisposeImage]                                                          [745B71CF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\explorer.exe[5924] @ C:\Windows\explorer.exe [gdiplus.dll!GdipLoadImageFromFileICM]                                                  [7464CAE2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\explorer.exe[5924] @ C:\Windows\explorer.exe [gdiplus.dll!GdipLoadImageFromFile]                                                     [745EC8D8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\explorer.exe[5924] @ C:\Windows\explorer.exe [gdiplus.dll!GdipDeleteGraphics]                                                        [745BD968] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\explorer.exe[5924] @ C:\Windows\explorer.exe [gdiplus.dll!GdipFree]                                                                  [745B6853] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\explorer.exe[5924] @ C:\Windows\explorer.exe [gdiplus.dll!GdipAlloc]                                                                 [745B687E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\explorer.exe[5924] @ C:\Windows\explorer.exe [gdiplus.dll!GdipSetCompositingMode]                                                    [745C2AD1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
 
---- Devices - GMER 1.0.15 ----
 
AttachedDevice  \Driver\kbdclass \Device\KeyboardClass0                                                                                                         Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice  \Driver\kbdclass \Device\KeyboardClass1                                                                                                         Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice  \FileSystem\fastfat \Fat                                                                                                                        fltmgr.sys (Microsoft Dateisystem-Filter-Manager/Microsoft Corporation)
 
---- EOF - GMER 1.0.15 ----

--- --- ---

Habe nun die drei Schritte durchgeführt.
Jetzt sind einige Dateien wieder da... nur kann ich noch nicht alles vollständig auf dem Desktop sehen bzw... fehlt mein Startmenü noch. Das heißt beim Aufrufen von Windows Start über die Taskleiste unten links sind im Feld "Programme" noch alle Felder leer...

Lohnt es sich eigentlich, die Sicherungs CDs von der Erstinstallation (bei Neukauf angefertigt) einzulegen? Bessert sich dann die Leere im Startmenü?

Vielen Dank schon mal!

Swisstreasure · 11.05.2011, 18:31

Wenn Du willst kannst Du das Backup wieder einspielen falls nicht dann folgendes:

Schritt 1

Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop.
Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. (Könnte eine Weile dauern )
Vista und 7 User müssen das Tool per Rechtsklick als Administrator ausführen!

Schritt 2

Unter den Eigenschaften der betroffenen Benutzerordner das Häkchen bei "versteckt" entfernen
und diese Änderung für sämtl. Unterordner und Dateien mit übernehmen

Schritt 3

Da wir in der Registry Änderungen vornehmen müssen, wirst Du die Registry vorher wie folgt sichern:
Lade das Tool ERUNT von Lars Hederer herunter und installiere es. Starte die erunt.exe und erstelle damit eine Backup der Registry in den vorgegebenen Ordner. Unter Sicherungsoptionen bitte alle drei Möglichkeiten anhaken. Das Programm nicht in den Systemstart aufnehmen.

Schritt 4

Über "regedit" (eingeben im Suchfeld beiM Startmenü)
nach "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" navigieren.
Dort beim Eintrag "NoDesktop" den Wert von 1 auf 0 ändern.
Regedit verlassen.

Trojaner Vista Desktop leer Festplatte defekt?

Log-Analyse und Auswertung: Trojaner Vista Desktop leer Festplatte defekt?