Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Systemfix entfernt - PC wieder sauber? (https://www.trojaner-board.de/105854-systemfix-entfernt-pc-sauber.html)

issus 05.12.2011 22:46
Systemfix entfernt - PC wieder sauber?
 
Hallo,
nachdem ich mir die systemfix-malware eingefangen habe (4.12.), habe ich einige Tipps aus dem Forum hier abgearbeitet. Das alles auf einem Konto mit eingeschränkten Benutzerrechten unter Win XP Professional 32bit

Zuerst habe ich versucht, im abgesicherten Modus mit Netzwerkanbindung zu starten. Das hat aber insofern nicht funktioniert, als dass per Pfeiltasten keine Auswahl möglich war. Ist das möglich, dass die Malware das mittlerweile blockiert?
Daraufhin habe ich notgedrungen nochmal mit reset normal gebootet. Die malware versuchte dann erneut zu starten, doch hatte sich meine Virensoftware derweil upgedatet (AVG Free Edition 2011) und den Prozess gekillt. Daraufhin konnte ich die beiden folgenden Programme herunterladen uns ausführen:

1. Malwarebites Anti-Malware scannen und reinigen (2x)
2. Kapersky TDSSKiller scannen und reinigen (2x)

Danach habe ich erneut gebootet und wieder mit beiden Programmen einen Scan gemacht. Keiner der abschliessenden Scans hat nun noch etwas gefunden.
Nun folgte ein Rücksetzen auf eine vorherige Systemkonfiguration, so dass ich die Einträge im Startmenü und die Icons auf dem Desktop wiederherstellen konnte. Soweit lief dann erstmal fast alles wieder, wie vorher, bis auf das ATI Catalyst Control Center - da gab es aber ohnehin eine neuere Version, die wurde dann neu installiert.

Anschliessend habe ich mich auf das Konto eingeloggt, das adminrechte hat und habe ATI CCC neu installiert und mit CCleaner die registry und die temp-Dateien gesäubert.
Danach OTL, Defogger und GMER heruntergeladen und scannen lassen. Die Logs poste ich im Anschluss. Meine Frage wäre - wenn jemand so nett ist, sich die logs anzusehen - ob der PC jetzt sauber ist, oder noch irgendwo etwas hängengeblieben ist?

Und dann noch etwas sehr merkwürdiges: Wenn ich nun beim Booten F8 drücke, gelange ich in eine Auswahl "Windows XP Professional" - dabei habe ich nur ein OS installiert. Die gewohnte Auswahl der verschiedenen Modi für den Boot von XP ist verschwunden und auch hier funktionieren keyboardeingaben nicht. Man kann von dort also nur mit reset neu starten.

Dazu fehlt mir leider jegliche Idee. Ich würde mich jedenfalls freuen wenn ich das System nicht neu aufsetzen müsste. Könnte der Bootsektor modifiziert worden sein? Wenn ja, wie kann man das fixen?

für Eure Bemühungen und Tipps schonmal vielen Dank!

highjackthis log:
PHP-Code:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:00:56on 05.12.2011
PlatformWindows XP SP3 (WinNT 5.01.2600)
MSIEInternet Explorer v8.00 (8.00.6001.18702)
Boot modeNormal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\PROGRA~1\AVG\AVG10\avgchsvx.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedul2.exe
C:\Programme\AVG\AVG10\avgwdsvc.exe
C:\Programme\DeviceVM\Browser Configuration Utility\BCUService.exe
C:\Programme\Bonjour\mDNSResponder.exe
C:\Programme\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Programme\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\Programme\AVG\AVG10\avgnsx.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Programme\Acronis\TrueImageHome\TimounterMonitor.exe
C:\Programme\Saitek\SD6\Software\ProfilerU.exe
C:\Programme\Saitek\SD6\Software\SaiMfd.exe
C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedhlp.exe
C:\Programme\AVG\AVG10\avgtray.exe
C:\Programme\DivX\DivX Update\DivXUpdate.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\RocketDock\RocketDock.exe
C:\Programme\Spybot Search Destroy\TeaTimer.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIGEE.EXE
C:\Programme\Logitech\SetPoint\SetPoint.exe
C:\Programme\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Programme\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Programme\Gemeinsame Dateien\Logishrd\KHAL2\KHALMNPR.EXE
C:\Programme\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\AVG\AVG10\avgrsx.exe
C:\Programme\AVG\AVG10\avgcsrvx.exe
C:\Programme\Mozilla Firefox4\firefox.exe
C:\Dokumente und Einstellungen\Kunde\Desktop\HijackThis.exe

R0 HKCU\Software\Microsoft\Internet Explorer\Main,Start Page h**p://google.com/
R1 HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL h**p://go.microsoft.com/fwlink/?LinkId=69157
R1 HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL h**p://go.microsoft.com/fwlink/?LinkId=54896
R1 HKLM\Software\Microsoft\Internet Explorer\Main,Search Page h**p://go.microsoft.com/fwlink/?LinkId=54896
R0 HKLM\Software\Microsoft\Internet Explorer\Main,Start Page h**p://go.microsoft.com/fwlink/?LinkId=69157
R1 HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 URLSearchHookSearchHook Class - {BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} - C:\Programme\DeviceVM\Browser Configuration Utility\AddressBarSearch.dll
O2 BHOAdobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 BHOAcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 BHOWormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programme\AVG\AVG10\avgssie.dll
O2 BHOSpybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 BHOAVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Programme\AVG\AVG10\Toolbar\IEToolbar.dll
O2 BHOCStat - {DD92DE22-ED91-4560-B788-DEE2B26612E6} - C:\Programme\DeviceVM\Browser Configuration Utility\IEHelper.dll
O3 ToolbarAVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Programme\AVG\AVG10\Toolbar\IEToolbar.dll
O4 HKLM\..\Run: [NeroFilterCheckC:\Programme\Gemeinsame Dateien\Nero\Lib\NeroCheck.exe
O4 HKLM\..\Run: [TrueImageMonitor.exeC:\Programme\Acronis\TrueImageHome\TrueImageMonitor.exe
O4 HKLM\..\Run: [AcronisTimounterMonitorC:\Programme\Acronis\TrueImageHome\TimounterMonitor.exe
O4 HKLM\..\Run: [ProfilerUC:\Programme\Saitek\SD6\Software\ProfilerU.exe
O4 HKLM\..\Run: [SaiMfdC:\Programme\Saitek\SD6\Software\SaiMfd.exe
O4 HKLM\..\Run: [Kernel and Hardware Abstraction LayerKHALMNPR.EXE
O4 HKLM\..\Run: [Acronis Scheduler2 Service"C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedhlp.exe"
O4 HKLM\..\Run: [AVG_TRAYC:\Programme\AVG\AVG10\avgtray.exe
O4 HKLM\..\Run: [DivXUpdate"C:\Programme\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 HKLM\..\Run: [Adobe ARM"C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe"
O4 HKLM\..\Run: [StartCCC"C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 HKCU\..\Run: [CTFMON.EXEC:\WINDOWS\system32\ctfmon.exe
O4 HKCU\..\Run: [RocketDock"C:\Programme\RocketDock\RocketDock.exe"
O4 HKCU\..\Run: [SpybotSD TeaTimerC:\Programme\Spybot Search Destroy\TeaTimer.exe
O4 HKCU\..\Run: [\\SLAVE\EPSON S22 SeriesC:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIGEE.EXE /FU "C:\DOKUME~1\Kunde\LOKALE~1\Temp\E_S10.tmp" /EF "HKCU"
O4 HKUS\S-1-5-19\..\Run: [CTFMON.EXEC:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST')
O4 HKUS\S-1-5-20\..\Run: [CTFMON.EXEC:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST')
O4 HKUS\S-1-5-18\..\Run: [CTFMON.EXEC:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 HKUS\.DEFAULT\..\Run: [CTFMON.EXEC:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 StartupLogitech Produktregistrierung.lnk.disabled
O4 - Global StartupLogitech SetPoint.lnk C:\Programme\Logitech\SetPoint\SetPoint.exe
O8 Extra context menu itemNach Microsoft &Excel exportieren res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 Extra 'Tools' menuitemUninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 Extra buttonRecherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 Extra 'Tools' menuitemSpybot Search Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 Extra buttonMessenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 Extra 'Tools' menuitemWindows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 Extra buttonKlicke hier um das Projekt xp-AntiSpy zu unterstützen - {0e921e80-267a-42aa-aee4-60b9a1222a44} - C:\Programme\xp-AntiSpy\sponsoring\sponsor.html (HKCU)
O9 Extra 'Tools' menuitemUnterstützung für xp-AntiSpy - {0e921e80-267a-42aa-aee4-60b9a1222a44} - C:\Programme\xp-AntiSpy\sponsoring\sponsor.html (HKCU)
O16 DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - h**p://download.bitdefender.com/resources/scanner/sources/de/scan8/oscan8.cab
O16 DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - h**p://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1254510237375
O17 HKLM\System\CCS\Services\Tcpip\..\{9CB959E8-144F-4860-9715-EA9E319418F3}: NameServer 213.73.91.35,194.95.202.198
O18 Protocolavgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Programme\AVG\AVG10\Toolbar\IEToolbar.dll
O18 Protocollinkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programme\AVG\AVG10\avgpp.dll
O23 ServiceAcronis Scheduler2 Service (AcrSch2Svc) - Acronis C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedul2.exe
O23 ServiceAti HotKey Poller ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 ServiceAVG Security Toolbar Service Unknown owner C:\Programme\AVG\AVG10\Toolbar\ToolbarBroker.exe
O23 ServiceAVGIDSAgent AVG Technologies CZs.r.o. - C:\Programme\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
O23 ServiceAVG WatchDog (avgwd) - AVG Technologies CZs.r.o. - C:\Programme\AVG\AVG10\avgwdsvc.exe
O23 ServiceBrowser Configuration Utility Service (BCUService) - DeviceVMInc. - C:\Programme\DeviceVM\Browser Configuration Utility\BCUService.exe
O23 Service##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Programme\Bonjour\mDNSResponder.exe
O23 ServiceFLEXnet Licensing Service Macrovision Europe Ltd. - C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 ServiceLogitech Bluetooth Service (LBTServ) - LogitechInc. - C:\Programme\Gemeinsame Dateien\Logishrd\Bluetooth\LBTServ.exe
O23 ServiceNero BackItUp Scheduler 3 Nero AG C:\Programme\Nero\Nero8\Nero BackItUp\NBService.exe
O23 ServiceNMIndexingService Nero AG C:\Programme\Gemeinsame Dateien\Nero\Lib\NMIndexingService.exe

--
End of file 9554 bytes 
OTL.txt
PHP-Code:
OTL logfile created on05.12.2011 20:11:23 Run 1
OTL by OldTimer Version 3.2.31.0     Folder C:\Dokumente und Einstellungen\Kunde\Desktop
Windows XP Professional Edition Service Pack 3 (Version 5.1.2600) - Type NTWorkstation
Internet Explorer (Version 8.0.6001.18702)
Locale00000407 CountryDeutschland LanguageDEU Date Formatdd.MM.yyyy
 
2,75 Gb Total Physical Memory 1,81 Gb Available Physical Memory 65,89Memory free
4,55 Gb Paging File 3,75 Gb Available in Paging File 82,57Paging File free
Paging file location(s): C:\pagefile.sys 2000 5000 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 244,14 Gb Total Space 215,19 Gb Free Space 88,14Space Free Partition TypeNTFS
Drive D: | 687,37 Gb Total Space 532,02 Gb Free Space 77,40Space Free Partition TypeNTFS
 
Computer NameMAIN User NameKunde Logged in as Administrator.
Boot ModeNormal Scan ModeAll users
Company Name WhitelistOff Skip Microsoft FilesOff No Company Name WhitelistOn File Age 30 Days
 
[color=#E56717]========== Processes (SafeList) ==========[/color]
 
PRC - [2011.12.05 20:08:51 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Kunde\Desktop\OTL.exe
PRC - [2011.11.13 11:16:22 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox4\firefox.exe
PRC - [2011.09.10 05:28:50 002,338,656 | ---- | M] (AVG Technologies CZs.r.o.) -- C:\Programme\AVG\AVG10\avgtray.exe
PRC - [2011.09.09 02:10:56 001,082,208 | ---- | M] (AVG Technologies CZs.r.o.) -- C:\Programme\AVG\AVG10\avgnsx.exe
PRC - [2011.08.18 00:33:26 000,659,296 | ---- | M] (AVG Technologies CZs.r.o.) -- C:\Programme\AVG\AVG10\avgrsx.exe
PRC - [2011.08.18 00:33:06 007,390,560 | ---- | M] (AVG Technologies CZs.r.o.) -- C:\Programme\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
PRC - [2011.05.23 13:13:04 000,657,248 | ---- | M] (AVG Technologies CZs.r.o.) -- C:\Programme\AVG\AVG10\avgchsvx.exe
PRC - [2011.03.28 02:00:52 000,351,072 | ---- | M] (AVG Technologies CZs.r.o.) -- C:\Programme\AVG\AVG10\avgcsrvx.exe
PRC - [2011.02.10 06:55:18 001,148,256 | ---- | M] () -- C:\Programme\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
PRC - [2011.02.08 04:33:42 000,269,520 | ---- | M] (AVG Technologies CZs.r.o.) -- C:\Programme\AVG\AVG10\avgwdsvc.exe
PRC - [2010.09.16 21:04:06 001,164,584 | ---- | M] () -- C:\Programme\DivX\DivX Update\DivXUpdate.exe
PRC - [2009.09.14 06:00:00 000,200,704 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\E_FATIGEE.EXE
PRC - [2009.07.20 12:30:50 000,813,584 | ---- | M] (LogitechInc.) -- C:\Programme\Logitech\SetPoint\SetPoint.exe
PRC - [2009.07.10 12:42:32 000,055,824 | ---- | M] (LogitechInc.) -- C:\Programme\Gemeinsame Dateien\Logishrd\KHAL2\KHALMNPR.exe
PRC - [2009.06.22 17:17:18 000,212,232 | ---- | M] (DeviceVMInc.) -- C:\Programme\DeviceVM\Browser Configuration Utility\BCUService.exe
PRC - [2009.06.03 07:19:18 000,131,072 | ---- | M] (Saitek) -- C:\Programme\Saitek\SD6\Software\SaiMfd.exe
PRC - [2009.06.03 07:19:00 000,237,568 | ---- | M] (Saitek) -- C:\Programme\Saitek\SD6\Software\ProfilerU.exe
PRC - [2009.03.05 12:37:20 002,260,480 RHS- | M] (Safer-Networking Ltd.) -- C:\Programme\Spybot Search Destroy\TeaTimer.exe
PRC - [2008.09.15 15:02:48 000,962,456 | ---- | M] (Acronis) -- C:\Programme\Acronis\TrueImageHome\TimounterMonitor.exe
PRC - [2008.09.15 14:57:34 000,165,144 | ---- | M] (Acronis) -- C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedhlp.exe
PRC - [2008.09.15 14:57:30 000,554,264 | ---- | M] (Acronis) -- C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedul2.exe
PRC - [2008.09.15 14:51:30 004,353,088 | ---- | M] (Acronis) -- C:\Programme\Acronis\TrueImageHome\TrueImageMonitor.exe
PRC - [2008.04.14 06:52:46 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007.09.02 13:58:52 000,495,616 | ---- | M] () -- C:\Programme\RocketDock\RocketDock.exe
 
 
[color=#E56717]========== Modules (No Company Name) ==========[/color]
 
MOD - [2011.11.13 11:16:22 001,989,592 | ---- | M] () -- C:\Programme\Mozilla Firefox4\mozjs.dll
MOD - [2011.10.25 20:50:50 000,270,336 | ---- | M] () -- C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
MOD - [2011.10.12 16:26:59 011,800,576 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\60df958ca96c9b8945f836759b6abd34\System.Web.ni.dll
MOD - [2011.10.12 16:25:49 000,971,264 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\bce0720436dc6cb76006377f295ea365\System.Configuration.ni.dll
MOD - [2011.10.12 16:25:20 000,025,600 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Accessibility\d86a3346c3d90ff12d0df9d7726f3ece\Accessibility.ni.dll
MOD - [2011.10.12 16:21:01 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\70cacc44f0b4257f6037eda7a59a0aeb\System.Xml.ni.dll
MOD - [2011.10.12 16:20:57 012,430,848 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\71a2ae9ad561a62181cbd9fb11e9de7a\System.Windows.Forms.ni.dll
MOD - [2011.10.12 16:20:47 001,587,200 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\c10bea3c4bb7ef654651141bf9419090\System.Drawing.ni.dll
MOD - [2011.10.12 16:19:29 007,950,848 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\af39f6e644af02873b9bae319f2bfb13\System.ni.dll
MOD - [2011.10.12 16:19:23 011,490,816 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\ca87ba84221991839abbe7d4bc9c6721\mscorlib.ni.dll
MOD - [2011.10.12 06:39:59 000,303,104 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
MOD - [2011.09.05 18:04:58 000,301,056 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.DEU
MOD - [2011.07.18 22:04:08 000,296,448 | ---- | M] () -- C:\Programme\Notepad++\NppShell_04.dll
MOD - [2011.02.10 06:55:18 001,148,256 | ---- | M] () -- C:\Programme\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
MOD - [2010.11.21 15:54:34 000,094,208 | ---- | M] () -- C:\Programme\FileZilla\fzshellext.dll
MOD - [2010.09.16 21:04:50 000,095,528 | ---- | M] () -- C:\Programme\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2010.09.16 21:04:06 001,164,584 | ---- | M] () -- C:\Programme\DivX\DivX Update\DivXUpdate.exe
MOD - [2010.03.16 11:22:12 000,014,848 | ---- | M] () -- C:\Programme\ATI Technologies\ATI.ACE\Core-Static\AxInterop.WBOCXLib.dll
MOD - [2009.10.02 14:07:16 000,311,296 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2009.10.02 14:07:15 000,430,080 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_de_b77a5c561934e089\System.Windows.Forms.resources.dll
MOD - [2009.07.20 12:27:14 000,017,936 | ---- | M] () -- C:\Programme\Logitech\SetPoint\khalwrapper.dll
MOD - [2007.09.02 13:58:52 000,495,616 | ---- | M] () -- C:\Programme\RocketDock\RocketDock.exe
MOD - [2007.09.02 13:57:36 000,069,632 | ---- | M] () -- C:\Programme\RocketDock\RocketDock.dll
MOD - [2007.03.04 10:48:16 000,106,496 | ---- | M] () -- C:\Programme\RocketDock\Docklets\RocketClock\RocketClock.dll
MOD - [2005.10.19 08:26:28 000,125,952 | ---- | M] () -- C:\Programme\WinRAR\RarExt.dll
 
 
[color=#E56717]========== Win32 Services (SafeList) ==========[/color]
 
SRV - [2011.08.18 00:33:06 007,390,560 | ---- | M] (AVG Technologies CZs.r.o.) [Auto Running] -- C:\Programme\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2011.05.30 10:33:54 001,025,352 | ---- | M] () [On_Demand Stopped] -- C:\Programme\AVG\AVG10\Toolbar\ToolbarBroker.exe -- (AVG Security Toolbar Service)
SRV - [2011.02.08 04:33:42 000,269,520 | ---- | M] (AVG Technologies CZs.r.o.) [Auto Running] -- C:\Programme\AVG\AVG10\avgwdsvc.exe -- (avgwd)
SRV - [2011.02.05 15:11:13 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand Stopped] -- C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009.07.20 12:28:10 000,121,360 | ---- | M] (LogitechInc.) [On_Demand Stopped] -- C:\Programme\Gemeinsame Dateien\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2009.06.22 17:17:18 000,212,232 | ---- | M] (DeviceVMInc.) [Auto Running] -- C:\Programme\DeviceVM\Browser Configuration Utility\BCUService.exe -- (BCUService)
SRV - [2008.09.15 14:57:30 000,554,264 | ---- | M] (Acronis) [Auto Running] -- C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)
SRV - [2007.10.23 10:49:06 000,382,248 | ---- | M] (Nero AG) [On_Demand Stopped] -- C:\Programme\Gemeinsame Dateien\Nero\Lib\NMIndexingService.exe -- (NMIndexingService)
SRV - [2006.06.01 20:06:00 000,089,136 | ---- | M] (Microsoft Corporation) [On_Demand Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
 
 
[color=#E56717]========== Driver Services (SafeList) ==========[/color]
 
DRV - [2011.10.26 04:01:40 007,412,736 | ---- | M] (ATI Technologies Inc.) [Kernel On_Demand Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2011.05.27 18:05:44 000,134,480 | ---- | M] (AVG Technologies CZs.r.o. ) [Kernel On_Demand Running] -- C:\WINDOWS\system32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2011.04.04 23:59:56 000,297,168 | ---- | M] (AVG Technologies CZs.r.o.) [Kernel System Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2011.03.16 15:03:20 000,032,592 | ---- | M] (AVG Technologies CZs.r.o.) [File_System Boot Running] -- C:\WINDOWS\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86)
DRV - [2011.03.01 13:25:18 000,034,896 | ---- | M] (AVG Technologies CZs.r.o.) [File_System System Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2011.02.22 07:13:02 000,022,992 | ---- | M] (AVG Technologies CZs.r.o. ) [Kernel Boot Running] -- C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)
DRV - [2011.02.10 06:53:54 000,027,216 | ---- | M] (AVG Technologies CZs.r.o. ) [Kernel On_Demand Running] -- C:\WINDOWS\system32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2011.02.10 06:53:52 000,024,144 | ---- | M] (AVG Technologies CZs.r.o. ) [Kernel On_Demand Running] -- C:\WINDOWS\system32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2011.01.07 05:41:46 000,248,656 | ---- | M] (AVG Technologies CZs.r.o.) [Kernel System Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2009.10.02 16:31:13 000,950,848 | ---- | M] (Acronis) [Kernel Boot Running] -- C:\WINDOWS\system32\DRIVERS\tdrpm124.sys -- (tdrpman124Acronis Try&Decide and Restore Points filter (build 124)
DRV - [2009.10.02 16:31:10 000,539,104 | ---- | M] (Acronis) [Kernel Boot Running] -- C:\WINDOWS\system32\DRIVERS\timntr.sys -- (timounter)
DRV - [2009.10.02 16:31:10 000,044,704 | ---- | M] (Acronis) [File_System Auto Running] -- C:\WINDOWS\system32\drivers\tifsfilt.sys -- (tifsfilter)
DRV - [2009.10.02 16:31:02 000,134,272 | ---- | M] (Acronis) [Kernel Boot Running] -- C:\WINDOWS\system32\DRIVERS\snman378.sys -- (snapman378Acronis Snapshots Manager (Build 378)
DRV - [2009.06.17 17:56:32 000,028,560 | ---- | M] (LogitechInc.) [Kernel On_Demand Running] -- C:\WINDOWS\system32\drivers\LUsbFilt.sys -- (LUsbFilt)
DRV - [2009.06.17 17:56:16 000,037,392 | ---- | M] (LogitechInc.) [Kernel On_Demand Running] -- C:\WINDOWS\system32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2009.06.17 17:56:06 000,035,472 | ---- | M] (LogitechInc.) [Kernel On_Demand Running] -- C:\WINDOWS\system32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2009.06.17 17:55:34 000,010,384 | ---- | M] (LogitechInc.) [Kernel Auto Running] -- C:\WINDOWS\system32\drivers\LBeepKE.sys -- (LBeepKE)
DRV - [2009.06.02 11:02:46 005,085,184 | ---- | M] (Realtek Semiconductor Corp.) [Kernel On_Demand Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddServiceService for Realtek HD Audio (WDM)
DRV - [2009.05.21 02:03:54 003,733,760 | ---- | M] (Realtek Semiconductor Corp.) [Kernel On_Demand Running] -- C:\WINDOWS\system32\drivers\RtKHDMI.sys -- (RTHDMIAzAudService)
DRV - [2009.04.24 03:22:16 000,141,568 R--- | M] (Realtek Semiconductor Corporation                           ) [Kernel On_Demand Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2008.08.05 13:10:12 001,684,736 | ---- | M] (Creative) [Kernel On_Demand Stopped] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt)
DRV - [2007.05.01 12:07:40 000,132,232 | ---- | M] (Saitek) [Kernel On_Demand Stopped] -- C:\WINDOWS\system32\drivers\SaiH0464.sys -- (SaiH0464)
DRV - [2006.07.01 20:00:28 000,043,520 | ---- | M] (Advanced Micro Devices) [Kernel System Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2006.01.04 08:41:48 001,389,056 | ---- | M] (Creative Technology Ltd.) [Kernel On_Demand Stopped] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt)
 
 
[color=#E56717]========== Standard Registry (SafeList) ==========[/color]
 
 
[color=#E56717]========== Internet Explorer ==========[/color]
 
 
 
IE HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Programme\AVG\AVG10\Toolbar\IEToolbar.dll ()
 
IE HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Programme\AVG\AVG10\Toolbar\IEToolbar.dll ()
 
 
 
IE HKU\S-1-5-21-1060284298-1214440339-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page hxxp://google.com/
IE HKU\S-1-5-21-1060284298-1214440339-682003330-1003\..\URLSearchHook: {BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} - C:\Programme\DeviceVM\Browser Configuration Utility\AddressBarSearch.dll (DeviceVMInc.)
IE HKU\S-1-5-21-1060284298-1214440339-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings"ProxyEnable" 0
IE HKU\S-1-5-21-1060284298-1214440339-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings"ProxyOverride" = *.local
 
[color=#E56717]========== FireFox ==========[/color]
 
FF prefs.js..browser.startup.homepage"hxxp://yahoo.de"
FF prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3
FF prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:10.0.0.1178
 
FF HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayerC:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF HKLM\Software\MozillaPlugins\@java.com/JavaPluginC:\Programme\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF HKLM\Software\MozillaPlugins\Adobe ReaderC:\Programme\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@igearedC:\Programme\AVG\AVG10\Toolbar\Firefox\avg@igeared [2011.09.18 09:47:42 000,000,000 | ---M]
FF HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Programme\AVG\AVG10\Firefox4\ [2011.12.05 19:00:33 000,000,000 | ---M]
FF HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.17\extensions\\ComponentsC:\Programme\Mozilla Firefox\components [2011.06.04 15:53:25 000,000,000 | ---M]
FF HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.17\extensions\\PluginsC:\Programme\Mozilla Firefox\plugins [2011.09.18 09:54:12 000,000,000 | ---M]
FF HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\ComponentsC:\Programme\Mozilla Firefox4\components [2011.11.13 11:16:23 000,000,000 | ---M]
FF HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\PluginsC:\Programme\Mozilla Firefox4\plugins
FF HKEY_LOCAL_MACHINE\software\mozilla\SeaMonkey 2.4.1\extensions\\ComponentsC:\Programme\SeaMonkey\components [2011.10.03 07:37:24 000,000,000 | ---M]
FF HKEY_LOCAL_MACHINE\software\mozilla\SeaMonkey 2.4.1\extensions\\PluginsC:\Programme\SeaMonkey\plugins [2011.09.18 09:54:12 000,000,000 | ---M]
 
[2010.03.21 09:25:02 000,000,000 | ---M] (No name found) -- C:\Dokumente und Einstellungen\Kunde\Anwendungsdaten\Mozilla\Extensions
[2010.03.21 09:25:02 000,000,000 | ---M] (No name found) -- C:\Dokumente und Einstellungen\Kunde\Anwendungsdaten\Mozilla\Extensions\{92650c4d-4b8e-4d2a-b7eb-24ecf4f6b63a}
[2011.11.26 17:55:02 000,000,000 | ---M] (No name found) -- C:\Dokumente und Einstellungen\Kunde\Anwendungsdaten\Mozilla\Firefox\Profiles\xwlrh1o1.default\extensions
[2010.05.09 13:47:24 000,000,000 | ---M] (Microsoft .NET Framework Assistant) -- C:\Dokumente und Einstellungen\Kunde\Anwendungsdaten\Mozilla\Firefox\Profiles\xwlrh1o1.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011.08.28 08:46:53 000,000,000 | ---M] (No name found) -- C:\Dokumente und Einstellungen\Kunde\Anwendungsdaten\Mozilla\SeaMonkey\Profiles\wgsrl3rn.default\extensions
[2011.06.09 18:04:43 000,000,000 | ---M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2010.10.13 18:17:02 000,000,000 | ---M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010.12.16 19:11:34 000,000,000 | ---M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011.02.15 19:10:54 000,000,000 | ---M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011.06.09 18:04:44 000,000,000 | ---M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
() (No name found) -- C:\DOKUMENTE UND EINSTELLUNGEN\KUNDE\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\XWLRH1O1.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2011.05.04 03:52:23 000,476,904 | ---- | M] (Sun MicrosystemsInc.) -- C:\Programme\mozilla firefox\plugins\npdeployJava1.dll
[2010.12.09 11:47:06 000,012,800 | ---- | M] (NullsoftInc.) -- C:\Programme\mozilla firefox\plugins\npwachk.dll
[2011.03.05 10:09:40 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.03.05 10:09:40 000,002,344 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml
[2011.03.05 10:09:40 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.03.05 10:09:40 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.03.05 10:09:40 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2011.12.05 19:58:52 000,439,055 R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 Hosts127.0.0.1   localhost
O1 Hosts127.0.0.1     000.test
O1 Hosts127.0.0.1     001.test
O1 Hosts127.0.0.1     002.test
O1 Hosts127.0.0.1     003.test
O1 Hosts127.0.0.1     004.test
O1 Hosts127.0.0.1     005.test
O1 Hosts127.0.0.1    www.007guard.com
O1 Hosts127.0.0.1    007guard.com
O1 Hosts127.0.0.1    008i.com
O1 Hosts127.0.0.1    www.008k.com
O1 Hosts127.0.0.1    008k.com
O1 Hosts127.0.0.1    www.00hq.com
O1 Hosts127.0.0.1    00hq.com
O1 Hosts127.0.0.1    010402.com
O1 Hosts127.0.0.1    www.032439.com
O1 Hosts127.0.0.1    032439.com
O1 Hosts127.0.0.1    www.0scan.com
O1 Hosts127.0.0.1    0scan.com
O1 Hosts127.0.0.1    www.1000gratisproben.com
O1 Hosts127.0.0.1    1000gratisproben.com
O1 Hosts127.0.0.1    www.1001namen.com
O1 Hosts127.0.0.1    1001namen.com
O1 Hosts15102 more lines...
O2 BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programme\AVG\AVG10\avgssie.dll (AVG Technologies CZs.r.o.)
O2 BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot Search Destroy\SDHelper.dll (Safer Networking Limited)
O2 BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Programme\AVG\AVG10\Toolbar\IEToolbar.dll ()
O2 BHO: (BHO Class) - {DD92DE22-ED91-4560-B788-DEE2B26612E6} - C:\Programme\DeviceVM\Browser Configuration Utility\IEHelper.dll (DeviceVMInc.)
O3 HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Programme\AVG\AVG10\Toolbar\IEToolbar.dll ()
O3 HKU\S-1-5-21-1060284298-1214440339-682003330-1003\..\Toolbar\WebBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No CLSID value found.
O3 HKU\S-1-5-21-1060284298-1214440339-682003330-1003\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Programme\AVG\AVG10\Toolbar\IEToolbar.dll ()
O4 HKLM..\Run: [Acronis Scheduler2 ServiceC:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedhlp.exe (Acronis)
O4 HKLM..\Run: [AcronisTimounterMonitorC:\Programme\Acronis\TrueImageHome\TimounterMonitor.exe (Acronis)
O4 HKLM..\Run: [Adobe ARMC:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 HKLM..\Run: [AVG_TRAYC:\Programme\AVG\AVG10\avgtray.exe (AVG Technologies CZs.r.o.)
O4 HKLM..\Run: [DivXUpdateC:\Programme\DivX\DivX Update\DivXUpdate.exe ()
O4 HKLM..\Run: [Kernel and Hardware Abstraction LayerC:\WINDOWS\KHALMNPR.Exe (LogitechInc.)
O4 HKLM..\Run: [NeroFilterCheckC:\Programme\Gemeinsame Dateien\Nero\Lib\NeroCheck.exe (Nero AG)
O4 HKLM..\Run: [ProfilerUC:\Programme\Saitek\SD6\Software\ProfilerU.exe (Saitek)
O4 HKLM..\Run: [SaiMfdC:\Programme\Saitek\SD6\Software\SaiMfd.exe (Saitek)
O4 HKLM..\Run: [StartCCCC:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro DevicesInc.)
O4 HKLM..\Run: [TrueImageMonitor.exeC:\Programme\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
O4 HKU\S-1-5-21-1060284298-1214440339-682003330-1003..\Run: [\\SLAVE\EPSON S22 SeriesC:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIGEE.EXE (SEIKO EPSON CORPORATION)
O4 HKU\S-1-5-21-1060284298-1214440339-682003330-1003..\Run: [RocketDockC:\Programme\RocketDock\RocketDock.exe ()
O4 HKU\S-1-5-21-1060284298-1214440339-682003330-1003..\Run: [SpybotSD TeaTimerC:\Programme\Spybot Search Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 StartupC:\Dokumente und Einstellungen\Kunde\Eigene Dateien\Startmenü\Programme\Autostart\Logitech Produktregistrierung.lnk.disabled ()
O6 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ExplorerHonorAutoRunSetting 1
O7 HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ExplorerNoDriveTypeAutoRun 145
O7 HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ExplorerNoDriveTypeAutoRun 145
O7 HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ExplorerNoDriveTypeAutoRun 145
O7 HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ExplorerNoDriveTypeAutoRun 145
O7 HKU\S-1-5-21-1060284298-1214440339-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ExplorerNoDriveTypeAutoRun 145
O9 Extra 'Tools' menuitem Spybot Search Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot Search Destroy\SDHelper.dll (Safer Networking Limited)
O10 NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple ComputerInc.)
O16 DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499hxxp://download.bitdefender.com/resources/scanner/sources/de/scan8/oscan8.cab (BDSCANONLINE Control)
O16 DPF: {6414512B-B978-451D-A0D8-FCFDF33E833Chxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1254510237375 (WUWebControl Class)
O16 DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 1.7.0)
O16 DPF: {CAFEEFAC-0017-0000-0000-ABCDEFFEDCBAhxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 1.7.0)
O16 DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBAhxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 1.7.0)
O17 HKLM\System\CCS\Services\Tcpip\ParametersDhcpNameServer 192.168.0.1
O17 HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9CB959E8-144F-4860-9715-EA9E319418F3}: DhcpNameServer 192.168.0.1
O17 HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9CB959E8-144F-4860-9715-EA9E319418F3}: NameServer 213.73.91.35,194.95.202.198
O18 Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Programme\AVG\AVG10\Toolbar\IEToolbar.dll ()
O18 Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programme\AVG\AVG10\avgpp.dll (AVG Technologies CZs.r.o.)
O18 Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 HKLM WinlogonShell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 HKLM WinlogonUserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 Winlogon\Notify\AtiExtEventDllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 Winlogon\Notify\LBTWlgnDllName - (c:\programme\gemeinsame dateien\logishrd\bluetooth\LBTWlgn.dll) - c:\Programme\Gemeinsame Dateien\Logishrd\Bluetooth\LBTWLgn.dll (LogitechInc.)
O24 Desktop Components:(Die derzeitige Homepage) - About:Home
O24 Desktop WallPaperC:\Dokumente und Einstellungen\Kunde\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O24 Desktop BackupWallPaperC:\Dokumente und Einstellungen\Kunde\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O32 HKLM CDRomAutoRun 1
O32 AutoRun File - [2009.10.02 19:35:55 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 HKLM BootExecute: (autocheck autochk *)
O34 HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync)
O34 HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart)
O35 HKLM\..comfile [open] -- "%1" %*
O35 HKLM\..exefile [open] -- "%1" %*
O37 HKLM\...com [@ = comfile] -- "%1" %*
O37 HKLM\...exe [@ = exefile] -- "%1" %*
 
[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]
 
[2011.12.05 20:08:51 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Kunde\Desktop\OTL.exe
[2011.12.05 20:00:15 000,401,720 | ---- | C] (Trend Micro Inc.) -- C:\Dokumente und Einstellungen\Kunde\Desktop\HijackThis.exe
[2011.12.05 19:57:01 000,000,000 RH-C] -- C:\Dokumente und Einstellungen\Kunde\Recent
[2011.12.05 19:49:15 000,000,000 | ---C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ATI
[2011.12.05 19:44:44 000,000,000 | ---C] -- C:\Programme\AMD APP
[2011.12.05 19:44:39 000,000,000 | ---C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Catalyst Control Center
[2011.12.05 19:44:00 000,466,944 | ---- | C] (Advanced Micro DevicesInc.) -- C:\WINDOWS\System32\ATIDEMGX.dll
[2011.12.05 19:44:00 000,311,296 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\atiiiexx.dll
[2011.12.05 19:43:52 000,000,000 | ---C] -- C:\Programme\ATI
[2011.12.05 19:43:31 000,000,000 | ---C] -- C:\Programme\ATI Technologies
[2011.12.05 19:34:01 056,468,784 | ---- | C] (Advanced Micro DevicesInc.) -- C:\Dokumente und Einstellungen\Kunde\Desktop\11-11_xp32_dd_ccc_ocl.exe
[2011.12.05 18:13:00 000,000,000 | ---C] -- C:\Dokumente und Einstellungen\Kunde\Anwendungsdaten\Malwarebytes
[2011.12.05 18:12:49 000,000,000 | ---C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
 
[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]
 
[2011.12.05 20:08:51 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Kunde\Desktop\OTL.exe
[2011.12.05 19:58:52 000,439,055 R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011.12.05 19:51:26 000,453,482 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat
[2011.12.05 19:51:26 000,436,344 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011.12.05 19:51:26 000,081,948 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat
[2011.12.05 19:51:26 000,069,048 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011.12.05 19:47:00 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011.12.05 19:35:18 056,468,784 | ---- | M] (Advanced Micro DevicesInc.) -- C:\Dokumente und Einstellungen\Kunde\Desktop\11-11_xp32_dd_ccc_ocl.exe
[2011.12.05 19:20:23 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2011.12.05 19:20:22 000,009,216 | ---- | M] () -- C:\Dokumente und Einstellungen\Kunde\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.12.05 18:09:59 139,720,176 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2011.12.04 21:00:31 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011.12.04 20:53:08 000,000,312 | -H-- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\~lY742TQPqtA1v0
[2011.12.04 20:53:08 000,000,216 | -H-- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\~lY742TQPqtA1v0r
[2011.12.04 20:53:03 000,000,336 | -H-- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\lY742TQPqtA1v0
[2011.11.27 17:15:30 000,151,352 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\iavichjg.avm
[2011.11.27 10:46:16 000,438,964 R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20111205-195852.backup
[2011.11.20 10:59:53 000,438,912 R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20111127-104616.backup
[2011.11.13 11:19:26 000,438,653 R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20111120-105953.backup
[2011.11.13 11:14:58 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2011.11.06 08:25:12 000,438,369 R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20111113-111925.backup
 
[color=#E56717]========== Files Created - No Company Name ==========[/color]
 
[2011.12.05 19:44:00 000,887,724 | ---- | C] () -- C:\WINDOWS\System32\ativva6x.dat
[2011.12.05 19:44:00 000,242,430 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2011.12.05 19:44:00 000,205,760 | ---- | C] () -- C:\WINDOWS\System32\atiapfxx.blb
[2011.12.05 19:44:00 000,036,194 | ---- | C] () -- C:\WINDOWS\atiogl.xml
[2011.12.05 19:44:00 000,000,003 | ---- | C] () -- C:\WINDOWS\System32\ativva5x.dat
[2011.12.04 20:53:08 000,000,312 | -H-- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\~lY742TQPqtA1v0
[2011.12.04 20:53:08 000,000,216 | -H-- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\~lY742TQPqtA1v0r
[2011.12.04 20:53:03 000,000,336 | -H-- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\lY742TQPqtA1v0
[2011.10.25 21:21:48 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\OpenVideo.dll
[2011.10.25 21:21:34 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\OVDecoder.dll
[2011.06.25 09:46:11 000,007,900 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011.06.25 09:36:19 000,000,010 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2011.05.24 22:44:26 000,059,904 | ---- | C] () -- C:\WINDOWS\System32\OVDecode.dll
[2009.11.21 21:42:16 000,000,561 | ---- | C] () -- C:\Dokumente und Einstellungen\Kunde\Anwendungsdaten\AutoGK.ini
[2009.11.14 16:58:23 000,000,065 | ---- | C] () -- C:\WINDOWS\FISHUI.INI
[2009.11.08 17:54:42 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2009.11.08 15:43:07 000,009,216 | ---- | C] () -- C:\Dokumente und Einstellungen\Kunde\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.10.24 09:46:59 005,640,880 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall.exe
[2009.10.23 19:56:40 000,069,632 R--- | C] () -- C:\WINDOWS\System32\xmltok.dll
[2009.10.23 19:56:40 000,036,864 R--- | C] () -- C:\WINDOWS\System32\xmlparse.dll
[2009.10.23 12:51:32 000,000,400 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009.10.23 12:08:29 002,463,976 | ---- | C] () -- C:\WINDOWS\System32\NPSWF32.dll
[2009.10.02 20:28:54 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2009.10.02 20:25:52 001,500,712 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009.10.02 19:53:39 000,073,728 R--- | C] () -- C:\WINDOWS\System32\RtNicProp32.dll
[2009.10.02 19:49:37 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin
[2009.10.02 19:38:06 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2009.10.02 19:33:19 000,021,740 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2009.10.02 14:34:58 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2009.04.16 13:24:14 000,921,600 | ---- | C] () -- C:\WINDOWS\System32\vorbisenc.dll
[2009.04.16 13:24:14 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\OggDS.dll
[2009.04.16 13:24:14 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\vorbis.dll
[2009.04.16 13:24:14 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\Ogg.dll
[2009.01.05 15:44:10 000,053,248 | ---- | C] () -- C:\WINDOWS\bdoscandel.exe
[2009.01.05 15:44:10 000,000,483 | ---- | C] () -- C:\WINDOWS\bdoscandellang.ini
[2008.04.14 07:06:26 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2007.05.01 12:07:40 001,970,176 | ---- | C] () -- C:\WINDOWS\System32\SaiC0464.Dll
[2007.05.01 12:07:40 000,008,704 | ---- | C] () -- C:\WINDOWS\System32\SaiC0464_0C.dll
[2007.05.01 12:07:40 000,008,192 | ---- | C] () -- C:\WINDOWS\System32\SaiC0464_10.dll
[2007.05.01 12:07:40 000,008,192 | ---- | C] () -- C:\WINDOWS\System32\SaiC0464_0A.dll
[2007.05.01 12:07:40 000,008,192 | ---- | C] () -- C:\WINDOWS\System32\SaiC0464_07.dll
[2007.05.01 12:07:40 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\SaiC0464_09.dll
[2007.05.01 12:07:40 000,007,168 | ---- | C] () -- C:\WINDOWS\System32\SaiC0464_0402.dll
[2007.05.01 12:07:40 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\SaiC0464_11.dll
[2006.12.31 06:57:08 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2006.06.01 20:06:00 000,005,702 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2001.08.23 13:00:00 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2001.08.23 13:00:00 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2001.08.23 13:00:00 000,453,482 | ---- | C] () -- C:\WINDOWS\System32\perfh007.dat
[2001.08.23 13:00:00 000,436,344 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2001.08.23 13:00:00 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2001.08.23 13:00:00 000,269,480 | ---- | C] () -- C:\WINDOWS\System32\perfi007.dat
[2001.08.23 13:00:00 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2001.08.23 13:00:00 000,081,948 | ---- | C] () -- C:\WINDOWS\System32\perfc007.dat
[2001.08.23 13:00:00 000,069,048 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2001.08.23 13:00:00 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2001.08.23 13:00:00 000,034,478 | ---- | C] () -- C:\WINDOWS\System32\perfd007.dat
[2001.08.23 13:00:00 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2001.08.23 13:00:00 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2001.08.23 13:00:00 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

End of report 
GMER (Komplettscan incl. C: ausser IAT/EAT)
PHP-Code:
GMER 1.0.15.15641 hxxp://www.gmer.net
Rootkit scan 2011-12-05 22:33:32
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 ST31000528AS rev.CC35
Running2u226fmu.exeDriverC:\DOKUME~1\Kunde\LOKALE~1\Temp\pgtdypog.sys


---- System GMER 1.0.15 ----

SSDT            \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZs.r.o. )  ZwOpenProcess [0xBA3F9738]
SSDT            \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZs.r.o. )  ZwTerminateProcess [0xBA3F97DC]
SSDT            \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZs.r.o. )  ZwTerminateThread [0xBA3F9878]
SSDT            \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZs.r.o. )  ZwWriteVirtualMemory [0xBA3F9914]

---- Kernel code sections GMER 1.0.15 ----

.text           C:\WINDOWS\system32\DRIVERS\ati2mtag.sys                                                                                    section is writeable [0xA96670000x2BCD8C0xE8000020]

---- User code sections GMER 1.0.15 ----

.text           C:\Programme\Mozilla Firefox4\firefox.exe[3468ntdll.dll!LdrLoadDll                                                        7C925C35 5 Bytes  JMP 01262EC0 C:\Programme\Mozilla Firefox4\xul.dll (Mozilla Foundation)

---- Devices GMER 1.0.15 ----

AttachedDevice  \FileSystem\Ntfs \Ntfs                                                                                                      tdrpm124.sys (Acronis Try&Decide Volume Filter Driver/Acronis)
AttachedDevice  \FileSystem\Ntfs \Ntfs                                                                                                      AVGIDSFilter.Sys (IDS Application Activity Monitor Filter Driver./AVG Technologies CZs.r.o. )
AttachedDevice  \Driver\Tcpip \Device\Ip                                                                                                    avgtdix.sys (AVG Network connection watcher/AVG Technologies CZs.r.o.)
AttachedDevice  \Driver\Tcpip \Device\Tcp                                                                                                   avgtdix.sys (AVG Network connection watcher/AVG Technologies CZs.r.o.)
AttachedDevice  \Driver\Ftdisk \Device\HarddiskVolume1                                                                                      tdrpm124.sys (Acronis Try&Decide Volume Filter Driver/Acronis)
AttachedDevice  \Driver\Ftdisk \Device\HarddiskVolume2                                                                                      tdrpm124.sys (Acronis Try&Decide Volume Filter Driver/Acronis)
AttachedDevice  \Driver\Tcpip \Device\Udp                                                                                                   avgtdix.sys (AVG Network connection watcher/AVG Technologies CZs.r.o.)
AttachedDevice  \Driver\Tcpip \Device\RawIp                                                                                                 avgtdix.sys (AVG Network connection watcher/AVG Technologies CZs.r.o.)

---- EOF GMER 1.0.15 ---- 

cosinus 06.12.2011 09:30
Wo steht dass du die Logs in PHP-Tags posten sollst?!

Zitat:
1. Malwarebites Anti-Malware scannen und reinigen (2x)
2. Kapersky TDSSKiller scannen und reinigen (2x)
Logs dazu nachreichen. Und verwende diesmal CODE-Tags!

issus 06.12.2011 19:36
Hallo,
danke für Deine Antwort und Entschuldigung für die falschen Tags.
Ich habe den richtigen Knopf jetzt auch gefunden (#).

Leider war mir nicht klar, dass die logs von der Bereinigung noch relevant würden, so dass ich sie mit den Scanprogrammen wieder gelöscht habe, als sie keine Funde mehr angezeigten. Ich weiß, das war wohl nicht besonders umsichtig, aber leider nicht zu ändern. Bedauerlicher Weise bin ich auch nicht besonders erfahren, was diese Problematiken angeht. Bisher bin ich glücklicher Weise von solchen Heimsuchungen verschont geblieben und mir ist rätselhaft, wo ich diese Malware aufgesammelt haben könnte.
Vielleicht gibt es eine Chance, auch ohne diese logs? Ansonsten würde ich eben in den sauren Apfel beißen und das System neu aufsetzen.
Vielen Dank nochmal für Deine Hilfsbereitschaft.

Ich habe im Forum noch ein wenig umher gelesen und gebe gerne zu, dass ich wirklich beeindruckt bin von Eurer Leistung. Abgesehen von Eurem Knowhow - vieles in den Beiträgen sind für mich böhmische Dörfer - sondern auch vor allem die Hilfsbereitschaft, die ihr hier an den Tag legt, finde ich großartig.
Chapeau!

cosinus 06.12.2011 19:39
Zitat:
Vielleicht gibt es eine Chance, auch ohne diese logs?
Die hast die komplett gelöscht? :balla:
Sie sind nicht mehr im Reiter Logdateien von Malwarebytes zu sehen?

issus 06.12.2011 19:53
Peinlich berührt muss ich zugeben, dass ich die beiden Programme wieder gelöscht habe, samt und sonders - und damit auch die logs.
Dein Smilie sagt deutlich, was davon zu halten ist, tut mir leid.
In dem Moment habe ich halt nicht darüber nachgedacht. Ich hatte nicht daran gedacht, dass es sinnvoll ist, wenn man danach sucht, was nicht mehr vorhanden sein sollte, auch zu wissen, was vorhanden war.
Der "DAU der Woche" geht dann wohl am mich...

cosinus 06.12.2011 20:22
Dann mach bitte erst mal einen neuen Vollscan mit aktuellem Malwarebytes

issus 06.12.2011 21:02
Ich weiss jetzt zwar nicht wieso, aber ich habe Malwarebytes neu installiert und die Logs von gestern sind doch noch da. Da sie im Reiter angezeigt werden, poste ich die erstmal. Ich hoffe das ist in Deinem Sinne.
Code:
Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Datenbank Version: 8316

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

05.12.2011 18:18:11
mbam-log-2011-12-05 (18-18-11).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 218004
Laufzeit: 2 Minute(n), 21 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 1

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
c:\dokumente und einstellungen\Internet\lokale einstellungen\Temp\azmmoooqw1rljn.exe.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
Code:
Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Datenbank Version: 8316

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

05.12.2011 18:44:41
mbam-log-2011-12-05 (18-44-41).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 217916
Laufzeit: 2 Minute(n), 5 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
Von heute:
Code:
Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 8323

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

06.12.2011 21:13:10
mbam-log-2011-12-06 (21-13-10).txt

Scan type: Quick scan
Objects scanned: 136983
Time elapsed: 3 minute(s), 29 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

cosinus 07.12.2011 12:10
Führ bitte auch ESET aus, danach sehen wir weiter:


ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


issus 07.12.2011 17:41
Guten Abend Arne,

Der Log vom ESET:
Code:
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=23f9784fc526b4489db3de8d1f5c3bf4
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2011-12-06 09:10:46
# local_time=2011-12-06 10:10:46 (+0100, Westeuropäische Normalzeit)
# country="Germany"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=1032 16777189 100 96 13067 66368682 0 0
# compatibility_mode=8192 67108863 100 0 4189 4189 0 0
# scanned=153857
# found=6
# cleaned=0
# scan_time=4908
C:\Dokumente und Einstellungen\Internet\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\15\6e1ca1cf-161b0e1f        a variant of Java/TrojanDownloader.OpenConnection.MU trojan (unable to clean)        00000000000000000000000000000000        I
C:\Dokumente und Einstellungen\Internet\Lokale Einstellungen\Temp\CDBurnerXP-updates\cdbxp_setup_4.3.8.2568.exe        Win32/OpenCandy application (unable to clean)        00000000000000000000000000000000        I
D:\Sicher\gamers_irc405.exe        probably a variant of Win32/Adware.Agent.CZTDWWN application (unable to clean)        00000000000000000000000000000000        I
D:\Sicher\GermanFunScript.zip        Win32/NetTool.NukeNabber.29 application (unable to clean)        00000000000000000000000000000000        I
D:\Sicher\UT\ts2_client_rc1.exe        multiple threats (unable to clean)        00000000000000000000000000000000        I
D:\software\winamp5601_full_emusic-7plus_de-de.exe        Win32/OpenCandy application (unable to clean)        00000000000000000000000000000000        I

cosinus 07.12.2011 18:42
Zitat:
Art des Suchlaufs: Quick-Scan
Bitte routinemäßig einen Vollscan mit malwarebytes machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!

issus 07.12.2011 19:17
Hallo Arne,

Malware log. Keine Funde.
Code:
Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 8323

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

07.12.2011 19:14:31
mbam-log-2011-12-07 (19-14-31).txt

Scan type: Full scan (C:\|D:\|)
Objects scanned: 273689
Time elapsed: 27 minute(s), 4 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

cosinus 07.12.2011 20:06
Mach bitte ein neues OTL-Log

CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT

issus 07.12.2011 20:54
Hallo Arne,

wenn "schließe alle Programme" auch die Virenscanner einschließt, muss ich es nochmal wiederholen. Ich bin mal davon ausgegangen, das Du das ausschalten jeglichen Schutzes extra erwähnt hättest.
Code:
OTL logfile created on: 07.12.2011 20:38:08 - Run 3
OTL by OldTimer - Version 3.2.31.0    Folder = C:\Dokumente und Einstellungen\Internet\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,75 Gb Total Physical Memory | 1,84 Gb Available Physical Memory | 67,08% Memory free
4,55 Gb Paging File | 3,82 Gb Available in Paging File | 84,15% Paging File free
Paging file location(s): C:\pagefile.sys 2000 5000 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 244,14 Gb Total Space | 213,61 Gb Free Space | 87,49% Space Free | Partition Type: NTFS
Drive D: | 687,37 Gb Total Space | 527,92 Gb Free Space | 76,80% Space Free | Partition Type: NTFS
 
Computer Name: MAIN | User Name: Kunde | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2011.12.07 20:36:10 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Internet\Desktop\OTL.exe
PRC - [2011.09.10 05:28:50 | 002,338,656 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG10\avgtray.exe
PRC - [2011.09.09 02:10:56 | 001,082,208 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG10\avgnsx.exe
PRC - [2011.08.31 17:00:48 | 000,449,608 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011.08.31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011.08.18 00:33:26 | 000,659,296 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG10\avgrsx.exe
PRC - [2011.08.18 00:33:06 | 007,390,560 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
PRC - [2011.07.29 00:08:12 | 001,259,376 | ---- | M] () -- C:\Programme\DivX\DivX Update\DivXUpdate.exe
PRC - [2011.05.23 13:13:04 | 000,657,248 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG10\avgchsvx.exe
PRC - [2011.03.28 02:00:52 | 000,351,072 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG10\avgcsrvx.exe
PRC - [2011.02.10 06:55:18 | 001,148,256 | ---- | M] () -- C:\Programme\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
PRC - [2011.02.08 04:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG10\avgwdsvc.exe
PRC - [2009.07.20 12:30:50 | 000,813,584 | ---- | M] (Logitech, Inc.) -- C:\Programme\Logitech\SetPoint\SetPoint.exe
PRC - [2009.07.10 12:42:32 | 000,055,824 | ---- | M] (Logitech, Inc.) -- C:\Programme\Gemeinsame Dateien\Logishrd\KHAL2\KHALMNPR.exe
PRC - [2009.06.22 17:17:18 | 000,212,232 | ---- | M] (DeviceVM, Inc.) -- C:\Programme\DeviceVM\Browser Configuration Utility\BCUService.exe
PRC - [2009.06.03 07:19:18 | 000,131,072 | ---- | M] (Saitek) -- C:\Programme\Saitek\SD6\Software\SaiMfd.exe
PRC - [2009.06.03 07:19:00 | 000,237,568 | ---- | M] (Saitek) -- C:\Programme\Saitek\SD6\Software\ProfilerU.exe
PRC - [2009.03.05 12:37:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2008.09.15 15:02:48 | 000,962,456 | ---- | M] (Acronis) -- C:\Programme\Acronis\TrueImageHome\TimounterMonitor.exe
PRC - [2008.09.15 14:57:34 | 000,165,144 | ---- | M] (Acronis) -- C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedhlp.exe
PRC - [2008.09.15 14:57:30 | 000,554,264 | ---- | M] (Acronis) -- C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedul2.exe
PRC - [2008.09.15 14:51:30 | 004,353,088 | ---- | M] (Acronis) -- C:\Programme\Acronis\TrueImageHome\TrueImageMonitor.exe
PRC - [2008.04.14 06:52:46 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007.09.02 13:58:52 | 000,495,616 | ---- | M] () -- C:\Programme\RocketDock\RocketDock.exe
 
 
========== Modules (No Company Name) ==========
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2011.08.31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011.08.18 00:33:06 | 007,390,560 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Programme\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2011.05.30 10:33:54 | 001,025,352 | ---- | M] () [On_Demand | Stopped] -- C:\Programme\AVG\AVG10\Toolbar\ToolbarBroker.exe -- (AVG Security Toolbar Service)
SRV - [2011.02.08 04:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Programme\AVG\AVG10\avgwdsvc.exe -- (avgwd)
SRV - [2011.02.05 15:11:13 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009.07.20 12:28:10 | 000,121,360 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2009.06.22 17:17:18 | 000,212,232 | ---- | M] (DeviceVM, Inc.) [Auto | Running] -- C:\Programme\DeviceVM\Browser Configuration Utility\BCUService.exe -- (BCUService)
SRV - [2008.09.15 14:57:30 | 000,554,264 | ---- | M] (Acronis) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)
SRV - [2007.10.23 10:49:06 | 000,382,248 | ---- | M] (Nero AG) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Nero\Lib\NMIndexingService.exe -- (NMIndexingService)
SRV - [2006.06.01 20:06:00 | 000,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2011.10.26 04:01:40 | 007,412,736 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2011.08.31 17:00:50 | 000,022,216 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011.05.27 18:05:44 | 000,134,480 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2011.04.04 23:59:56 | 000,297,168 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2011.03.16 15:03:20 | 000,032,592 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86)
DRV - [2011.03.01 13:25:18 | 000,034,896 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2011.02.22 07:13:02 | 000,022,992 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)
DRV - [2011.02.10 06:53:54 | 000,027,216 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2011.02.10 06:53:52 | 000,024,144 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2011.01.07 05:41:46 | 000,248,656 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2009.10.02 16:31:13 | 000,950,848 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\tdrpm124.sys -- (tdrpman124) Acronis Try&Decide and Restore Points filter (build 124)
DRV - [2009.10.02 16:31:10 | 000,539,104 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\timntr.sys -- (timounter)
DRV - [2009.10.02 16:31:10 | 000,044,704 | ---- | M] (Acronis) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\tifsfilt.sys -- (tifsfilter)
DRV - [2009.10.02 16:31:02 | 000,134,272 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\snman378.sys -- (snapman378) Acronis Snapshots Manager (Build 378)
DRV - [2009.06.17 17:56:32 | 000,028,560 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LUsbFilt.sys -- (LUsbFilt)
DRV - [2009.06.17 17:56:16 | 000,037,392 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2009.06.17 17:56:06 | 000,035,472 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2009.06.17 17:55:34 | 000,010,384 | ---- | M] (Logitech, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\LBeepKE.sys -- (LBeepKE)
DRV - [2009.06.02 11:02:46 | 005,085,184 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2009.05.21 02:03:54 | 003,733,760 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtKHDMI.sys -- (RTHDMIAzAudService)
DRV - [2009.04.24 03:22:16 | 000,141,568 | R--- | M] (Realtek Semiconductor Corporation                          ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2008.08.05 13:10:12 | 001,684,736 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt)
DRV - [2007.05.01 12:07:40 | 000,132,232 | ---- | M] (Saitek) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SaiH0464.sys -- (SaiH0464)
DRV - [2006.07.01 20:00:28 | 000,043,520 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2006.01.04 08:41:48 | 001,389,056 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://google.com/
IE - HKCU\..\URLSearchHook: {BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} - C:\Programme\DeviceVM\Browser Configuration Utility\AddressBarSearch.dll (DeviceVM, Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "hxxp://yahoo.de"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:10.0.0.1178
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Programme\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Programme\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Programme\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@igeared: C:\Programme\AVG\AVG10\Toolbar\Firefox\avg@igeared [2011.09.18 09:47:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Programme\AVG\AVG10\Firefox4\ [2011.12.05 19:00:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Programme\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011.12.06 18:20:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Components: C:\Programme\Mozilla Firefox\components [2011.06.04 15:53:25 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2011.09.18 09:54:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Programme\Mozilla Firefox4\components [2011.11.13 11:16:23 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Programme\Mozilla Firefox4\plugins [2011.12.06 18:20:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\SeaMonkey 2.4.1\extensions\\Components: C:\Programme\SeaMonkey\components [2011.10.03 07:37:24 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\SeaMonkey 2.4.1\extensions\\Plugins: C:\Programme\SeaMonkey\plugins [2011.09.18 09:54:12 | 000,000,000 | ---D | M]
 
[2010.03.21 09:25:02 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Kunde\Anwendungsdaten\Mozilla\Extensions
[2010.03.21 09:25:02 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Kunde\Anwendungsdaten\Mozilla\Extensions\{92650c4d-4b8e-4d2a-b7eb-24ecf4f6b63a}
[2011.11.26 17:55:02 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Kunde\Anwendungsdaten\Mozilla\Firefox\Profiles\xwlrh1o1.default\extensions
[2010.05.09 13:47:24 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Dokumente und Einstellungen\Kunde\Anwendungsdaten\Mozilla\Firefox\Profiles\xwlrh1o1.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011.11.26 17:55:02 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Dokumente und Einstellungen\Kunde\Anwendungsdaten\Mozilla\Firefox\Profiles\xwlrh1o1.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2011.08.28 08:46:53 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Kunde\Anwendungsdaten\Mozilla\SeaMonkey\Profiles\wgsrl3rn.default\extensions
[2011.06.09 18:04:43 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2010.10.13 18:17:02 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010.12.16 19:11:34 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011.02.15 19:10:54 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011.06.09 18:04:44 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
() (No name found) -- C:\DOKUMENTE UND EINSTELLUNGEN\KUNDE\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\XWLRH1O1.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2011.05.04 03:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\mozilla firefox\plugins\npdeployJava1.dll
[2010.12.09 11:47:06 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Programme\mozilla firefox\plugins\npwachk.dll
[2011.03.05 10:09:40 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.03.05 10:09:40 | 000,002,344 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml
[2011.03.05 10:09:40 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.03.05 10:09:40 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.03.05 10:09:40 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2011.12.05 19:58:52 | 000,439,055 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1  localhost
O1 - Hosts: 127.0.0.1        000.test
O1 - Hosts: 127.0.0.1        001.test
O1 - Hosts: 127.0.0.1        002.test
O1 - Hosts: 127.0.0.1        003.test
O1 - Hosts: 127.0.0.1        004.test
O1 - Hosts: 127.0.0.1        005.test
O1 - Hosts: 127.0.0.1        www.007guard.com
O1 - Hosts: 127.0.0.1        007guard.com
O1 - Hosts: 127.0.0.1        008i.com
O1 - Hosts: 127.0.0.1        www.008k.com
O1 - Hosts: 127.0.0.1        008k.com
O1 - Hosts: 127.0.0.1        www.00hq.com
O1 - Hosts: 127.0.0.1        00hq.com
O1 - Hosts: 127.0.0.1        010402.com
O1 - Hosts: 127.0.0.1        www.032439.com
O1 - Hosts: 127.0.0.1        032439.com
O1 - Hosts: 127.0.0.1        www.0scan.com
O1 - Hosts: 127.0.0.1        0scan.com
O1 - Hosts: 127.0.0.1        www.1000gratisproben.com
O1 - Hosts: 127.0.0.1        1000gratisproben.com
O1 - Hosts: 127.0.0.1        www.1001namen.com
O1 - Hosts: 127.0.0.1        1001namen.com
O1 - Hosts: 15102 more lines...
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Programme\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programme\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Programme\AVG\AVG10\Toolbar\IEToolbar.dll ()
O2 - BHO: (BHO Class) - {DD92DE22-ED91-4560-B788-DEE2B26612E6} - C:\Programme\DeviceVM\Browser Configuration Utility\IEHelper.dll (DeviceVM, Inc.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Programme\AVG\AVG10\Toolbar\IEToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Programme\AVG\AVG10\Toolbar\IEToolbar.dll ()
O4 - HKLM..\Run: [Acronis Scheduler2 Service] C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedhlp.exe (Acronis)
O4 - HKLM..\Run: [AcronisTimounterMonitor] C:\Programme\Acronis\TrueImageHome\TimounterMonitor.exe (Acronis)
O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AVG_TRAY] C:\Programme\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [DivXUpdate] C:\Programme\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Programme\Gemeinsame Dateien\Nero\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [ProfilerU] C:\Programme\Saitek\SD6\Software\ProfilerU.exe (Saitek)
O4 - HKLM..\Run: [SaiMfd] C:\Programme\Saitek\SD6\Software\SaiMfd.exe (Saitek)
O4 - HKLM..\Run: [StartCCC] C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Programme\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
O4 - HKCU..\Run: [\\SLAVE\EPSON S22 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIGEE.EXE (SEIKO EPSON CORPORATION)
O4 - HKCU..\Run: [RocketDock] C:\Programme\RocketDock\RocketDock.exe ()
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - Startup: C:\Dokumente und Einstellungen\Kunde\Eigene Dateien\Startmenü\Programme\Autostart\Logitech . Produktregistrierung.lnk.disabled ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Free YouTube Download - C:\Dokumente und Einstellungen\Kunde\Anwendungsdaten\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Dokumente und Einstellungen\Kunde\Anwendungsdaten\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} hxxp://download.bitdefender.com/resources/scanner/sources/de/scan8/oscan8.cab (BDSCANONLINE Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1254510237375 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 1.7.0)
O16 - DPF: {CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 1.7.0)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 1.7.0)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9CB959E8-144F-4860-9715-EA9E319418F3}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9CB959E8-144F-4860-9715-EA9E319418F3}: NameServer = 213.73.91.35,194.95.202.198
O18 - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Programme\AVG\AVG10\Toolbar\IEToolbar.dll ()
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programme\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\LBTWlgn: DllName - (c:\programme\gemeinsame dateien\logishrd\bluetooth\LBTWlgn.dll) - c:\Programme\Gemeinsame Dateien\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\Kunde\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\Kunde\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.10.02 19:35:55 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
NetSvcs: 6to4 -  File not found
NetSvcs: Ias -  File not found
NetSvcs: Iprip -  File not found
NetSvcs: Irmon -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: WmdmPmSp -  File not found
 
 
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vga.sys - Driver
SafeBootMin: WdfLoadGroup -
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
 
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: WdfLoadGroup -
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Microsoft VM
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vektorgrafik-Rendering (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML-Datenbindung für Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Erweitertes Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {47043782-7B6A-67F1-63A0-3ED70AF0F325} - Outlook Express
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.7
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {8937FCB2-2FC6-4FC3-9FB5-DE2C92DB9C38} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {ACC563BC-4266-43f0-B6ED-9D38C4202C7E} -
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Taskplaner
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Macromedia Shockwave Flash
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {EF289A85-8E57-408d-BE47-73B55609861A} - RootsUpdate
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
ActiveX: Microsoft Base Smart Card Crypto Provider Package -
 
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.XVID - xvidvfw.dll File not found
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.12.06 20:52:09 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011.12.06 20:52:09 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2011.12.06 20:39:09 | 000,000,000 | ---D | C] -- C:\Programme\ESET
[2011.12.06 18:35:57 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ATI
[2011.12.06 18:34:10 | 000,000,000 | ---D | C] -- C:\Programme\AMD APP
[2011.12.06 18:34:03 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Catalyst Control Center
[2011.12.06 18:32:38 | 000,000,000 | ---D | C] -- C:\Programme\ATI Technologies
[2011.12.06 18:32:00 | 000,000,000 | ---D | C] -- C:\ATI
[2011.12.06 18:24:00 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Google
[2011.12.06 18:22:06 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\NetworkService\Lokale Einstellungen\Anwendungsdaten\Google
[2011.12.06 18:19:52 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\Google
[2011.12.06 18:19:41 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Kunde\Lokale Einstellungen\Anwendungsdaten\Google
[2011.12.06 18:19:39 | 000,000,000 | ---D | C] -- C:\Programme\Google
[2011.12.05 20:08:51 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Kunde\Desktop\OTL.exe
[2011.12.05 20:00:15 | 000,401,720 | ---- | C] (Trend Micro Inc.) -- C:\Dokumente und Einstellungen\Kunde\Desktop\HijackThis.exe
[2011.12.05 19:57:01 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\Kunde\Recent
[2011.12.05 19:43:52 | 000,000,000 | ---D | C] -- C:\Programme\ATI
[2011.12.05 18:13:00 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Kunde\Anwendungsdaten\Malwarebytes
[2011.12.05 18:12:49 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
[2011.11.26 17:54:17 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\DVDVideoSoft
[2011.11.26 17:53:04 | 000,000,000 | ---D | C] -- C:\Programme\DVDVideoSoft
 
========== Files - Modified Within 30 Days ==========
 
[2011.12.07 18:29:49 | 000,151,289 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\iavichjg.avm
[2011.12.07 17:33:33 | 139,861,226 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2011.12.07 17:32:00 | 000,453,482 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat
[2011.12.07 17:32:00 | 000,436,344 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011.12.07 17:32:00 | 000,081,948 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat
[2011.12.07 17:32:00 | 000,069,048 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011.12.07 17:27:32 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011.12.06 20:52:14 | 000,000,762 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.12.06 18:21:19 | 000,000,709 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Mozilla Firefox.lnk
[2011.12.05 20:23:11 | 000,302,592 | ---- | M] () -- C:\Dokumente und Einstellungen\Kunde\Desktop\2u226fmu.exe
[2011.12.05 20:20:17 | 000,050,477 | ---- | M] () -- C:\Dokumente und Einstellungen\Kunde\Desktop\Defogger.exe
[2011.12.05 20:08:51 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Kunde\Desktop\OTL.exe
[2011.12.05 19:58:52 | 000,439,055 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011.12.05 19:20:23 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2011.12.05 19:20:22 | 000,009,216 | ---- | M] () -- C:\Dokumente und Einstellungen\Kunde\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.12.04 21:00:31 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011.12.04 20:53:08 | 000,000,312 | -H-- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\~lY742TQPqtA1v0
[2011.12.04 20:53:08 | 000,000,216 | -H-- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\~lY742TQPqtA1v0r
[2011.12.04 20:53:03 | 000,000,336 | -H-- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\lY742TQPqtA1v0
[2011.11.27 10:46:16 | 000,438,964 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20111205-195852.backup
[2011.11.20 10:59:53 | 000,438,912 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20111127-104616.backup
[2011.11.13 11:19:26 | 000,438,653 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20111120-105953.backup
 
========== Files Created - No Company Name ==========
 
[2011.12.06 20:52:14 | 000,000,762 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.12.06 18:33:00 | 000,887,724 | ---- | C] () -- C:\WINDOWS\System32\ativva6x.dat
[2011.12.06 18:33:00 | 000,205,760 | ---- | C] () -- C:\WINDOWS\System32\atiapfxx.blb
[2011.12.06 18:33:00 | 000,036,194 | ---- | C] () -- C:\WINDOWS\atiogl.xml
[2011.12.06 18:32:59 | 000,242,430 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2011.12.06 18:32:59 | 000,000,003 | ---- | C] () -- C:\WINDOWS\System32\ativva5x.dat
[2011.12.06 18:21:18 | 000,000,709 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Mozilla Firefox.lnk
[2011.12.05 20:23:11 | 000,302,592 | ---- | C] () -- C:\Dokumente und Einstellungen\Kunde\Desktop\2u226fmu.exe
[2011.12.05 20:20:17 | 000,050,477 | ---- | C] () -- C:\Dokumente und Einstellungen\Kunde\Desktop\Defogger.exe
[2011.12.04 20:53:08 | 000,000,312 | -H-- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\~lY742TQPqtA1v0
[2011.12.04 20:53:08 | 000,000,216 | -H-- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\~lY742TQPqtA1v0r
[2011.12.04 20:53:03 | 000,000,336 | -H-- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\lY742TQPqtA1v0
[2011.10.25 21:21:48 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\OpenVideo.dll
[2011.10.25 21:21:34 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\OVDecoder.dll
[2011.06.25 09:46:11 | 000,007,900 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011.06.25 09:36:19 | 000,000,010 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2011.05.24 22:44:26 | 000,059,904 | ---- | C] () -- C:\WINDOWS\System32\OVDecode.dll
[2009.11.21 21:42:16 | 000,000,561 | ---- | C] () -- C:\Dokumente und Einstellungen\Kunde\Anwendungsdaten\AutoGK.ini
[2009.11.14 16:58:23 | 000,000,065 | ---- | C] () -- C:\WINDOWS\FISHUI.INI
[2009.11.08 17:54:42 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2009.11.08 15:43:07 | 000,009,216 | ---- | C] () -- C:\Dokumente und Einstellungen\Kunde\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.10.24 09:46:59 | 005,640,880 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall.exe
[2009.10.23 19:56:40 | 000,069,632 | R--- | C] () -- C:\WINDOWS\System32\xmltok.dll
[2009.10.23 19:56:40 | 000,036,864 | R--- | C] () -- C:\WINDOWS\System32\xmlparse.dll
[2009.10.23 12:51:32 | 000,000,400 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009.10.23 12:08:29 | 002,463,976 | ---- | C] () -- C:\WINDOWS\System32\NPSWF32.dll
[2009.10.02 20:28:54 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2009.10.02 20:25:52 | 001,500,712 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009.10.02 19:53:39 | 000,073,728 | R--- | C] () -- C:\WINDOWS\System32\RtNicProp32.dll
[2009.10.02 19:49:37 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin
[2009.10.02 19:38:06 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2009.10.02 19:33:19 | 000,021,740 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2009.10.02 14:34:58 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2009.04.16 13:24:14 | 000,921,600 | ---- | C] () -- C:\WINDOWS\System32\vorbisenc.dll
[2009.04.16 13:24:14 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\OggDS.dll
[2009.04.16 13:24:14 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\vorbis.dll
[2009.04.16 13:24:14 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\Ogg.dll
[2009.01.05 15:44:10 | 000,053,248 | ---- | C] () -- C:\WINDOWS\bdoscandel.exe
[2009.01.05 15:44:10 | 000,000,483 | ---- | C] () -- C:\WINDOWS\bdoscandellang.ini
[2008.04.14 07:06:26 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2007.05.01 12:07:40 | 001,970,176 | ---- | C] () -- C:\WINDOWS\System32\SaiC0464.Dll
[2007.05.01 12:07:40 | 000,008,704 | ---- | C] () -- C:\WINDOWS\System32\SaiC0464_0C.dll
[2007.05.01 12:07:40 | 000,008,192 | ---- | C] () -- C:\WINDOWS\System32\SaiC0464_10.dll
[2007.05.01 12:07:40 | 000,008,192 | ---- | C] () -- C:\WINDOWS\System32\SaiC0464_0A.dll
[2007.05.01 12:07:40 | 000,008,192 | ---- | C] () -- C:\WINDOWS\System32\SaiC0464_07.dll
[2007.05.01 12:07:40 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\SaiC0464_09.dll
[2007.05.01 12:07:40 | 000,007,168 | ---- | C] () -- C:\WINDOWS\System32\SaiC0464_0402.dll
[2007.05.01 12:07:40 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\SaiC0464_11.dll
[2006.12.31 06:57:08 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2006.06.01 20:06:00 | 000,005,702 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2001.08.23 13:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2001.08.23 13:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2001.08.23 13:00:00 | 000,453,482 | ---- | C] () -- C:\WINDOWS\System32\perfh007.dat
[2001.08.23 13:00:00 | 000,436,344 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2001.08.23 13:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2001.08.23 13:00:00 | 000,269,480 | ---- | C] () -- C:\WINDOWS\System32\perfi007.dat
[2001.08.23 13:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2001.08.23 13:00:00 | 000,081,948 | ---- | C] () -- C:\WINDOWS\System32\perfc007.dat
[2001.08.23 13:00:00 | 000,069,048 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2001.08.23 13:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2001.08.23 13:00:00 | 000,034,478 | ---- | C] () -- C:\WINDOWS\System32\perfd007.dat
[2001.08.23 13:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2001.08.23 13:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2001.08.23 13:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
 
========== LOP Check ==========
 
[2009.10.02 16:32:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Acronis
[2011.06.25 09:49:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AVG Security Toolbar
[2010.11.13 10:14:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AVG10
[2010.11.13 10:09:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\avg9
[2011.02.03 07:51:21 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Canneverbe Limited
[2010.11.13 10:13:54 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Common Files
[2011.09.24 13:16:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\EPSON
[2011.05.02 16:27:09 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\MFAData
[2009.10.23 21:31:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Saitek
[2009.10.02 14:34:48 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{55A29068-F2CE-456C-9148-C869879E2357}
[2009.11.01 01:26:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Kunde\Anwendungsdaten\Acronis
[2010.11.13 10:14:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Kunde\Anwendungsdaten\AVG10
[2010.07.22 15:37:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Kunde\Anwendungsdaten\becker
[2009.11.14 16:44:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Kunde\Anwendungsdaten\DataCast
[2011.11.26 17:54:15 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Kunde\Anwendungsdaten\DVDVideoSoft
[2011.02.18 22:37:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Kunde\Anwendungsdaten\DVDVideoSoftIEHelpers
[2011.05.08 08:19:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Kunde\Anwendungsdaten\FileZilla
[2009.10.29 19:19:07 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Kunde\Anwendungsdaten\Leadertech
[2009.10.24 18:10:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Kunde\Anwendungsdaten\My Games
[2011.11.20 11:03:45 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Kunde\Anwendungsdaten\Notepad++
[2009.10.23 18:23:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Kunde\Anwendungsdaten\Opera
[2009.10.31 19:41:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Kunde\Anwendungsdaten\pokerth
[2011.01.31 17:29:09 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Kunde\Anwendungsdaten\TeamViewer
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
Invalid Environment Variable: APPDATA
 
Invalid Environment Variable: APPDATA
 
< %SYSTEMDRIVE%\*.exe >
 
 
< MD5 for: AGP440.SYS  >
[2009.07.14 20:00:45 | 017,817,182 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.07.14 20:00:45 | 017,817,182 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008.04.13 23:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
 
< MD5 for: EVENTLOG.DLL  >
[2008.04.14 06:52:12 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\system32\dllcache\eventlog.dll
[2008.04.14 06:52:12 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\system32\eventlog.dll
 
< MD5 for: NETLOGON.DLL  >
[2008.04.14 06:52:20 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\system32\dllcache\netlogon.dll
[2008.04.14 06:52:20 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\system32\netlogon.dll
 
< MD5 for: SCECLI.DLL  >
[2008.04.14 06:52:24 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\system32\dllcache\scecli.dll
[2008.04.14 06:52:24 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\system32\scecli.dll
 
< MD5 for: USER32.DLL  >
[2008.04.14 06:52:32 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\system32\dllcache\user32.dll
[2008.04.14 06:52:32 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\system32\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2008.04.14 06:53:04 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\system32\dllcache\userinit.exe
[2008.04.14 06:53:04 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\system32\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2008.04.14 06:53:06 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\system32\dllcache\winlogon.exe
[2008.04.14 06:53:06 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\system32\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2001.08.23 13:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\dllcache\ws2ifsl.sys
[2001.08.23 13:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\drivers\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
[2009.10.02 21:25:02 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav
[2009.10.02 21:25:02 | 001,093,632 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav
[2009.10.02 21:25:02 | 000,462,848 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
 
<          >

< End of report >

cosinus 08.12.2011 10:58
Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:
:OTL
[2011.12.04 20:53:08 | 000,000,312 | -H-- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\~lY742TQPqtA1v0
[2011.12.04 20:53:08 | 000,000,216 | -H-- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\~lY742TQPqtA1v0r
[2011.12.04 20:53:03 | 000,000,336 | -H-- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\lY742TQPqtA1v0
:Commands
[emptytemp]
[resethosts]
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

issus 08.12.2011 18:31
Guten Abend Arne,

danke für den fix. Log nach abarbeiten:

Code:
All processes killed
========== OTL ==========
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\~lY742TQPqtA1v0 moved successfully.
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\~lY742TQPqtA1v0r moved successfully.
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\lY742TQPqtA1v0 moved successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: All Users
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: Gast
->Temp folder emptied: 642365 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: Internet
->Temp folder emptied: 948233031 bytes
->Temporary Internet Files folder emptied: 53158356 bytes
->Java cache emptied: 3981598 bytes
->FireFox cache emptied: 43518257 bytes
->Opera cache emptied: 11860643 bytes
->Flash cache emptied: 782 bytes
 
User: Kunde
->Temp folder emptied: 63626649 bytes
->Temporary Internet Files folder emptied: 51029079 bytes
->Java cache emptied: 134542 bytes
->FireFox cache emptied: 63619682 bytes
->Opera cache emptied: 0 bytes
->Flash cache emptied: 759 bytes
 
User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33237 bytes
 
User: Testkonto
->Temp folder emptied: 2475 bytes
->Temporary Internet Files folder emptied: 313638 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 115215 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 1.183,00 mb
 
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.31.0 log created on 12082011_181441
Ich wollte ein neues Nutzerkonto anzulegen und evtl. über das Wochenende die notwendigen Daten migrieren. Komischer Weise funktioniert bei einem neuen Konto (wie auch bei dem Konto mit Adminrechten) das ATI Catalyst Control Center einwandfrei, nur bei dem Konto, das infiziert war ist es nach wie vor zerschossen. Aber das wäre nach dem Löschen desselben ohnehin nicht mehr relevant.
Ist es grundsätzlich zu empfehlen ein neues Konto zu erstellen und ein infiziertes zu löschen?

Danke und einen guten Abend.

cosinus 08.12.2011 21:07
Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

http://saved.im/mtkwmtcxexhp/setting...8_16-25-18.jpg


Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, Verknüpfungen auf dem Desktop oder im Startmenü unter "alle Programme" fehlen, bitte unhide ausführen:
Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop.
Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )
http://www.trojaner-board.de/images/icons/icon4.gif Windows-Vista und Windows-7-User müssen das Tool per Rechtsklick als Administrator ausführen! http://www.trojaner-board.de/images/icons/icon4.gif

issus 08.12.2011 21:15
Guten Abend Arne,

der log nach TDSSKiller
Code:
21:10:46.0921 4676        TDSS rootkit removing tool 2.6.22.0 Dec  7 2011 13:21:06
21:10:47.0218 4676        ============================================================
21:10:47.0218 4676        Current date / time: 2011/12/08 21:10:47.0218
21:10:47.0218 4676        SystemInfo:
21:10:47.0218 4676       
21:10:47.0218 4676        OS Version: 5.1.2600 ServicePack: 3.0
21:10:47.0218 4676        Product type: Workstation
21:10:47.0218 4676        ComputerName: MAIN
21:10:47.0218 4676        UserName: Kunde
21:10:47.0218 4676        Windows directory: C:\WINDOWS
21:10:47.0218 4676        System windows directory: C:\WINDOWS
21:10:47.0218 4676        Processor architecture: Intel x86
21:10:47.0218 4676        Number of processors: 2
21:10:47.0218 4676        Page size: 0x1000
21:10:47.0218 4676        Boot type: Normal boot
21:10:47.0218 4676        ============================================================
21:10:48.0437 4676        Initialize success
21:10:59.0781 4252        ============================================================
21:10:59.0781 4252        Scan started
21:10:59.0781 4252        Mode: Manual; SigCheck; TDLFS;
21:10:59.0781 4252        ============================================================
21:11:00.0500 4252        Abiosdsk - ok
21:11:00.0531 4252        abp480n5 - ok
21:11:00.0578 4252        ACPI            (ac407f1a62c3a300b4f2b5a9f1d55b2c) C:\WINDOWS\system32\DRIVERS\ACPI.sys
21:11:01.0093 4252        ACPI - ok
21:11:01.0109 4252        ACPIEC          (9e1ca3160dafb159ca14f83b1e317f75) C:\WINDOWS\system32\drivers\ACPIEC.sys
21:11:01.0187 4252        ACPIEC - ok
21:11:01.0203 4252        adpu160m - ok
21:11:01.0234 4252        aec            (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
21:11:01.0312 4252        aec - ok
21:11:01.0343 4252        AFD            (f6b7b1ecd7b41736bdb6ff4b092bcb79) C:\WINDOWS\System32\drivers\afd.sys
21:11:01.0359 4252        AFD - ok
21:11:01.0375 4252        Aha154x - ok
21:11:01.0375 4252        aic78u2 - ok
21:11:01.0390 4252        aic78xx - ok
21:11:01.0406 4252        AliIde - ok
21:11:01.0453 4252        Ambfilt        (f6af59d6eee5e1c304f7f73706ad11d8) C:\WINDOWS\system32\drivers\Ambfilt.sys
21:11:01.0546 4252        Ambfilt - ok
21:11:01.0578 4252        AmdK8          (58be3c2f1aa041ea56f7305a6463035c) C:\WINDOWS\system32\DRIVERS\AmdK8.sys
21:11:01.0625 4252        AmdK8 - ok
21:11:01.0625 4252        amsint - ok
21:11:01.0671 4252        Arp1394        (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
21:11:01.0750 4252        Arp1394 - ok
21:11:01.0750 4252        asc - ok
21:11:01.0765 4252        asc3350p - ok
21:11:01.0765 4252        asc3550 - ok
21:11:01.0796 4252        AsyncMac        (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
21:11:01.0875 4252        AsyncMac - ok
21:11:01.0890 4252        atapi          (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
21:11:01.0984 4252        atapi - ok
21:11:01.0984 4252        Atdisk - ok
21:11:02.0296 4252        ati2mtag        (f27a0b0d1373d36d866f29b434b7aa92) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
21:11:02.0515 4252        ati2mtag - ok
21:11:02.0515 4252        Atmarpc        (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
21:11:02.0625 4252        Atmarpc - ok
21:11:02.0656 4252        audstub        (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
21:11:02.0750 4252        audstub - ok
21:11:02.0796 4252        AVGIDSDriver    (2d18221aab3db2d408d6c55c0f23090a) C:\WINDOWS\system32\DRIVERS\AVGIDSDriver.Sys
21:11:02.0937 4252        AVGIDSDriver - ok
21:11:02.0953 4252        AVGIDSEH        (1af676db3f3d4cc709cfab2571cf5fc3) C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys
21:11:02.0968 4252        AVGIDSEH - ok
21:11:02.0968 4252        AVGIDSFilter    (4c51e233c87f9ec7598551de554bc99d) C:\WINDOWS\system32\DRIVERS\AVGIDSFilter.Sys
21:11:02.0984 4252        AVGIDSFilter - ok
21:11:03.0015 4252        AVGIDSShim      (c3fc426e54f55c1cc3219e415b88e10c) C:\WINDOWS\system32\DRIVERS\AVGIDSShim.Sys
21:11:03.0015 4252        AVGIDSShim - ok
21:11:03.0046 4252        Avgldx86        (4e796d3d2c3182b13b3e3b5a2ad4ef0a) C:\WINDOWS\system32\DRIVERS\avgldx86.sys
21:11:03.0062 4252        Avgldx86 - ok
21:11:03.0078 4252        Avgmfx86        (5639de66b37d02bd22df4cf3155fba60) C:\WINDOWS\system32\DRIVERS\avgmfx86.sys
21:11:03.0078 4252        Avgmfx86 - ok
21:11:03.0109 4252        Avgrkx86        (d1baf652eda0ae70896276a1fb32c2d4) C:\WINDOWS\system32\DRIVERS\avgrkx86.sys
21:11:03.0125 4252        Avgrkx86 - ok
21:11:03.0140 4252        Avgtdix        (aaf0ebcad95f2164cffb544e00392498) C:\WINDOWS\system32\DRIVERS\avgtdix.sys
21:11:03.0156 4252        Avgtdix - ok
21:11:03.0171 4252        Beep            (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
21:11:03.0265 4252        Beep - ok
21:11:03.0296 4252        cbidf2k        (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
21:11:03.0375 4252        cbidf2k - ok
21:11:03.0390 4252        cd20xrnt - ok
21:11:03.0390 4252        Cdaudio        (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
21:11:03.0484 4252        Cdaudio - ok
21:11:03.0500 4252        Cdfs            (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
21:11:03.0593 4252        Cdfs - ok
21:11:03.0625 4252        Cdrom          (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
21:11:03.0703 4252        Cdrom - ok
21:11:03.0703 4252        Changer - ok
21:11:03.0718 4252        CmdIde - ok
21:11:03.0734 4252        Cpqarray - ok
21:11:03.0750 4252        dac2w2k - ok
21:11:03.0765 4252        dac960nt - ok
21:11:03.0781 4252        Disk            (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
21:11:03.0875 4252        Disk - ok
21:11:03.0906 4252        dmboot          (0dcfc8395a99fecbb1ef771cec7fe4ea) C:\WINDOWS\system32\drivers\dmboot.sys
21:11:04.0000 4252        dmboot - ok
21:11:04.0015 4252        dmio            (53720ab12b48719d00e327da470a619a) C:\WINDOWS\system32\drivers\dmio.sys
21:11:04.0109 4252        dmio - ok
21:11:04.0125 4252        dmload          (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
21:11:04.0203 4252        dmload - ok
21:11:04.0234 4252        DMusic          (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
21:11:04.0328 4252        DMusic - ok
21:11:04.0328 4252        dpti2o - ok
21:11:04.0343 4252        drmkaud        (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
21:11:04.0421 4252        drmkaud - ok
21:11:04.0468 4252        Fastfat        (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
21:11:04.0562 4252        Fastfat - ok
21:11:04.0578 4252        Fdc            (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
21:11:04.0656 4252        Fdc - ok
21:11:04.0671 4252        Fips            (b0678a548587c5f1967b0d70bacad6c1) C:\WINDOWS\system32\drivers\Fips.sys
21:11:04.0750 4252        Fips - ok
21:11:04.0781 4252        Flpydisk        (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
21:11:04.0859 4252        Flpydisk - ok
21:11:04.0875 4252        FltMgr          (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
21:11:04.0984 4252        FltMgr - ok
21:11:05.0000 4252        Fs_Rec          (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
21:11:05.0093 4252        Fs_Rec - ok
21:11:05.0109 4252        Ftdisk          (8f1955ce42e1484714b542f341647778) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
21:11:05.0203 4252        Ftdisk - ok
21:11:05.0203 4252        gdrv - ok
21:11:05.0234 4252        Gpc            (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
21:11:05.0328 4252        Gpc - ok
21:11:05.0343 4252        HDAudBus        (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
21:11:05.0421 4252        HDAudBus - ok
21:11:05.0453 4252        hidusb          (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
21:11:05.0546 4252        hidusb - ok
21:11:05.0546 4252        hpn - ok
21:11:05.0578 4252        HTTP            (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
21:11:05.0609 4252        HTTP - ok
21:11:05.0625 4252        i2omgmt - ok
21:11:05.0625 4252        i2omp - ok
21:11:05.0640 4252        i8042prt        (e283b97cfbeb86c1d86baed5f7846a92) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
21:11:05.0734 4252        i8042prt - ok
21:11:05.0734 4252        Imapi          (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
21:11:05.0828 4252        Imapi - ok
21:11:05.0843 4252        ini910u - ok
21:11:05.0937 4252        IntcAzAudAddService (0c5a04f0ffaebc25ac815ee14441a8cb) C:\WINDOWS\system32\drivers\RtkHDAud.sys
21:11:06.0125 4252        IntcAzAudAddService - ok
21:11:06.0125 4252        IntelIde - ok
21:11:06.0156 4252        Ip6Fw          (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
21:11:06.0234 4252        Ip6Fw - ok
21:11:06.0250 4252        IpFilterDriver  (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
21:11:06.0343 4252        IpFilterDriver - ok
21:11:06.0343 4252        IpInIp          (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
21:11:06.0421 4252        IpInIp - ok
21:11:06.0437 4252        IpNat          (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
21:11:06.0531 4252        IpNat - ok
21:11:06.0546 4252        IPSec          (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
21:11:06.0625 4252        IPSec - ok
21:11:06.0656 4252        IRENUM          (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
21:11:06.0687 4252        IRENUM - ok
21:11:06.0703 4252        isapnp          (6dfb88f64135c525433e87648bda30de) C:\WINDOWS\system32\DRIVERS\isapnp.sys
21:11:06.0781 4252        isapnp - ok
21:11:06.0796 4252        Kbdclass        (1704d8c4c8807b889e43c649b478a452) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
21:11:06.0890 4252        Kbdclass - ok
21:11:06.0921 4252        kbdhid          (b6d6c117d771c98130497265f26d1882) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
21:11:07.0000 4252        kbdhid - ok
21:11:07.0015 4252        kmixer          (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
21:11:07.0125 4252        kmixer - ok
21:11:07.0140 4252        KSecDD          (c6ebf1d6ad71df30db49b8d3287e1368) C:\WINDOWS\system32\drivers\KSecDD.sys
21:11:07.0171 4252        KSecDD - ok
21:11:07.0203 4252        LBeepKE        (9ffd1cf2a782f2560e78eec4b8b8689e) C:\WINDOWS\system32\Drivers\LBeepKE.sys
21:11:07.0218 4252        LBeepKE - ok
21:11:07.0218 4252        lbrtfdc - ok
21:11:07.0234 4252        LHidFilt        (7f9c7b28cf1c859e1c42619eea946dc8) C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys
21:11:07.0250 4252        LHidFilt - ok
21:11:07.0281 4252        LMouFilt        (ab33792a87285344f43b5ce23421bab0) C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys
21:11:07.0281 4252        LMouFilt - ok
21:11:07.0296 4252        LUsbFilt        (77030525cd86a93f1af34fa9b96d33ce) C:\WINDOWS\system32\Drivers\LUsbFilt.Sys
21:11:07.0312 4252        LUsbFilt - ok
21:11:07.0343 4252        MBAMProtector  (69a6268d7f81e53d568ab4e7e991caf3) C:\WINDOWS\system32\drivers\mbam.sys
21:11:07.0359 4252        MBAMProtector - ok
21:11:07.0390 4252        mnmdd          (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
21:11:07.0468 4252        mnmdd - ok
21:11:07.0484 4252        Modem          (6fb74ebd4ec57a6f1781de3852cc3362) C:\WINDOWS\system32\drivers\Modem.sys
21:11:07.0593 4252        Modem - ok
21:11:07.0625 4252        Monfilt        (9fa7207d1b1adead88ae8eed9cdbbaa5) C:\WINDOWS\system32\drivers\Monfilt.sys
21:11:07.0687 4252        Monfilt - ok
21:11:07.0703 4252        Mouclass        (b24ce8005deab254c0251e15cb71d802) C:\WINDOWS\system32\DRIVERS\mouclass.sys
21:11:07.0796 4252        Mouclass - ok
21:11:07.0796 4252        mouhid          (66a6f73c74e1791464160a7065ce711a) C:\WINDOWS\system32\DRIVERS\mouhid.sys
21:11:07.0890 4252        mouhid - ok
21:11:07.0890 4252        MountMgr        (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
21:11:07.0984 4252        MountMgr - ok
21:11:08.0000 4252        mraid35x - ok
21:11:08.0000 4252        MRxDAV          (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
21:11:08.0109 4252        MRxDAV - ok
21:11:08.0125 4252        MRxSmb          (fb2fccc70f7174c7bf64f48e96d3adf4) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
21:11:08.0156 4252        MRxSmb - ok
21:11:08.0171 4252        Msfs            (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
21:11:08.0265 4252        Msfs - ok
21:11:08.0281 4252        MSKSSRV        (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
21:11:08.0375 4252        MSKSSRV - ok
21:11:08.0375 4252        MSPCLOCK        (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
21:11:08.0468 4252        MSPCLOCK - ok
21:11:08.0468 4252        MSPQM          (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
21:11:08.0546 4252        MSPQM - ok
21:11:08.0562 4252        mssmbios        (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
21:11:08.0640 4252        mssmbios - ok
21:11:08.0671 4252        Mup            (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
21:11:08.0703 4252        Mup - ok
21:11:08.0718 4252        NDIS            (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
21:11:08.0796 4252        NDIS - ok
21:11:08.0812 4252        NdisTapi        (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
21:11:08.0812 4252        NdisTapi - ok
21:11:08.0843 4252        Ndisuio        (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
21:11:08.0921 4252        Ndisuio - ok
21:11:08.0937 4252        NdisWan        (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
21:11:09.0015 4252        NdisWan - ok
21:11:09.0046 4252        NDProxy        (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
21:11:09.0046 4252        NDProxy - ok
21:11:09.0062 4252        NetBIOS        (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
21:11:09.0171 4252        NetBIOS - ok
21:11:09.0171 4252        NetBT          (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
21:11:09.0265 4252        NetBT - ok
21:11:09.0328 4252        NIC1394        (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
21:11:09.0437 4252        NIC1394 - ok
21:11:09.0453 4252        Npfs            (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
21:11:09.0546 4252        Npfs - ok
21:11:09.0578 4252        Ntfs            (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
21:11:09.0687 4252        Ntfs - ok
21:11:09.0734 4252        Null            (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
21:11:09.0828 4252        Null - ok
21:11:09.0828 4252        NwlnkFlt        (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
21:11:09.0921 4252        NwlnkFlt - ok
21:11:09.0937 4252        NwlnkFwd        (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
21:11:10.0031 4252        NwlnkFwd - ok
21:11:10.0046 4252        ohci1394        (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
21:11:10.0140 4252        ohci1394 - ok
21:11:10.0171 4252        Parport        (f84785660305b9b903fb3bca8ba29837) C:\WINDOWS\system32\DRIVERS\parport.sys
21:11:10.0265 4252        Parport - ok
21:11:10.0265 4252        PartMgr        (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
21:11:10.0359 4252        PartMgr - ok
21:11:10.0359 4252        ParVdm          (c2bf987829099a3eaa2ca6a0a90ecb4f) C:\WINDOWS\system32\drivers\ParVdm.sys
21:11:10.0437 4252        ParVdm - ok
21:11:10.0453 4252        PCI            (387e8dedc343aa2d1efbc30580273acd) C:\WINDOWS\system32\DRIVERS\pci.sys
21:11:10.0562 4252        PCI - ok
21:11:10.0562 4252        PCIDump - ok
21:11:10.0578 4252        PCIIde          (59ba86d9a61cbcf4df8e598c331f5b82) C:\WINDOWS\system32\DRIVERS\pciide.sys
21:11:10.0671 4252        PCIIde - ok
21:11:10.0687 4252        Pcmcia          (a2a966b77d61847d61a3051df87c8c97) C:\WINDOWS\system32\drivers\Pcmcia.sys
21:11:10.0796 4252        Pcmcia - ok
21:11:10.0796 4252        PDCOMP - ok
21:11:10.0812 4252        PDFRAME - ok
21:11:10.0812 4252        PDRELI - ok
21:11:10.0828 4252        PDRFRAME - ok
21:11:10.0843 4252        perc2 - ok
21:11:10.0843 4252        perc2hib - ok
21:11:10.0890 4252        PptpMiniport    (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
21:11:10.0984 4252        PptpMiniport - ok
21:11:11.0000 4252        Processor      (2cb55427c58679f49ad600fccba76360) C:\WINDOWS\system32\DRIVERS\processr.sys
21:11:11.0109 4252        Processor - ok
21:11:11.0125 4252        PSched          (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
21:11:11.0218 4252        PSched - ok
21:11:11.0234 4252        Ptilink        (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
21:11:11.0312 4252        Ptilink - ok
21:11:11.0328 4252        PxHelp20        (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
21:11:11.0343 4252        PxHelp20 - ok
21:11:11.0343 4252        ql1080 - ok
21:11:11.0359 4252        Ql10wnt - ok
21:11:11.0359 4252        ql12160 - ok
21:11:11.0375 4252        ql1240 - ok
21:11:11.0375 4252        ql1280 - ok
21:11:11.0390 4252        RasAcd          (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
21:11:11.0484 4252        RasAcd - ok
21:11:11.0484 4252        Rasl2tp        (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
21:11:11.0562 4252        Rasl2tp - ok
21:11:11.0578 4252        RasPppoe        (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
21:11:11.0656 4252        RasPppoe - ok
21:11:11.0656 4252        Raspti          (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
21:11:11.0750 4252        Raspti - ok
21:11:11.0750 4252        Rdbss          (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
21:11:11.0843 4252        Rdbss - ok
21:11:11.0859 4252        RDPCDD          (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
21:11:11.0937 4252        RDPCDD - ok
21:11:11.0953 4252        rdpdr          (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
21:11:12.0046 4252        rdpdr - ok
21:11:12.0078 4252        RDPWD          (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
21:11:12.0093 4252        RDPWD - ok
21:11:12.0109 4252        redbook        (ed761d453856f795a7fe056e42c36365) C:\WINDOWS\system32\DRIVERS\redbook.sys
21:11:12.0187 4252        redbook - ok
21:11:12.0281 4252        RTHDMIAzAudService (1674a34f0084bffdec2dcdb1625a87f0) C:\WINDOWS\system32\drivers\RtKHDMI.sys
21:11:12.0375 4252        RTHDMIAzAudService - ok
21:11:12.0390 4252        RTLE8023xp      (00fd6811350e175585abcf7d4a61dd90) C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
21:11:12.0421 4252        RTLE8023xp - ok
21:11:12.0453 4252        SaiH0464        (de7a2fc379671998865122a08fd9db52) C:\WINDOWS\system32\DRIVERS\SaiH0464.sys
21:11:12.0484 4252        SaiH0464 - ok
21:11:12.0500 4252        SaiMini - ok
21:11:12.0515 4252        SaiNtBus - ok
21:11:12.0546 4252        Secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
21:11:12.0578 4252        Secdrv - ok
21:11:12.0593 4252        serenum        (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
21:11:12.0671 4252        serenum - ok
21:11:12.0687 4252        Serial          (cf24eb4f0412c82bcd1f4f35a025e31d) C:\WINDOWS\system32\DRIVERS\serial.sys
21:11:12.0765 4252        Serial - ok
21:11:12.0796 4252        Sfloppy        (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
21:11:12.0875 4252        Sfloppy - ok
21:11:12.0875 4252        Simbad - ok
21:11:12.0906 4252        snapman378      (793f65aac52e5eccb83e6d9de054c865) C:\WINDOWS\system32\DRIVERS\snman378.sys
21:11:12.0921 4252        snapman378 - ok
21:11:12.0921 4252        Sparrow - ok
21:11:12.0937 4252        splitter        (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
21:11:13.0031 4252        splitter - ok
21:11:13.0046 4252        sr              (50fa898f8c032796d3b1b9951bb5a90f) C:\WINDOWS\system32\DRIVERS\sr.sys
21:11:13.0093 4252        sr - ok
21:11:13.0109 4252        Srv            (9b390283569ea58d43d2586032b892f5) C:\WINDOWS\system32\DRIVERS\srv.sys
21:11:13.0125 4252        Srv - ok
21:11:13.0156 4252        swenum          (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
21:11:13.0234 4252        swenum - ok
21:11:13.0234 4252        swmidi          (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
21:11:13.0328 4252        swmidi - ok
21:11:13.0328 4252        symc810 - ok
21:11:13.0343 4252        symc8xx - ok
21:11:13.0343 4252        sym_hi - ok
21:11:13.0343 4252        sym_u3 - ok
21:11:13.0375 4252        sysaudio        (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
21:11:13.0453 4252        sysaudio - ok
21:11:13.0468 4252        Tcpip          (ad978a1b783b5719720cff204b666c8e) C:\WINDOWS\system32\DRIVERS\tcpip.sys
21:11:13.0500 4252        Tcpip - ok
21:11:13.0531 4252        TDPIPE          (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
21:11:13.0609 4252        TDPIPE - ok
21:11:13.0640 4252        tdrpman124      (1c66bd6c1c2463514635cdd9443eb0e9) C:\WINDOWS\system32\DRIVERS\tdrpm124.sys
21:11:13.0687 4252        tdrpman124 - ok
21:11:13.0703 4252        TDTCP          (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
21:11:13.0781 4252        TDTCP - ok
21:11:13.0796 4252        TermDD          (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
21:11:13.0875 4252        TermDD - ok
21:11:13.0890 4252        tifsfilter      (d28aaf9a30b4b1a43310dcbdb4fd13bf) C:\WINDOWS\system32\DRIVERS\tifsfilt.sys
21:11:13.0890 4252        tifsfilter - ok
21:11:13.0906 4252        timounter      (4362215c82a3abe14ebb409289136a8b) C:\WINDOWS\system32\DRIVERS\timntr.sys
21:11:13.0921 4252        timounter - ok
21:11:13.0921 4252        TosIde - ok
21:11:13.0953 4252        Udfs            (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
21:11:14.0031 4252        Udfs - ok
21:11:14.0046 4252        ultra - ok
21:11:14.0062 4252        Update          (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
21:11:14.0140 4252        Update - ok
21:11:14.0171 4252        usbaudio        (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
21:11:14.0250 4252        usbaudio - ok
21:11:14.0265 4252        usbccgp        (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
21:11:14.0359 4252        usbccgp - ok
21:11:14.0359 4252        usbehci        (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
21:11:14.0437 4252        usbehci - ok
21:11:14.0453 4252        usbhub          (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
21:11:14.0546 4252        usbhub - ok
21:11:14.0546 4252        usbohci        (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
21:11:14.0625 4252        usbohci - ok
21:11:14.0656 4252        USBSTOR        (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
21:11:14.0750 4252        USBSTOR - ok
21:11:14.0750 4252        VgaSave        (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
21:11:14.0859 4252        VgaSave - ok
21:11:14.0859 4252        ViaIde - ok
21:11:14.0875 4252        VolSnap        (a5a712f4e880874a477af790b5186e1d) C:\WINDOWS\system32\drivers\VolSnap.sys
21:11:14.0953 4252        VolSnap - ok
21:11:14.0984 4252        Wanarp          (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
21:11:15.0046 4252        Wanarp - ok
21:11:15.0093 4252        Wdf01000        (fd47474bd21794508af449d9d91af6e6) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
21:11:15.0109 4252        Wdf01000 - ok
21:11:15.0109 4252        WDICA - ok
21:11:15.0125 4252        wdmaud          (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
21:11:15.0203 4252        wdmaud - ok
21:11:15.0250 4252        WmiAcpi        (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
21:11:15.0328 4252        WmiAcpi - ok
21:11:15.0375 4252        WpdUsb          (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
21:11:15.0406 4252        WpdUsb - ok
21:11:15.0421 4252        WudfPf          (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
21:11:15.0453 4252        WudfPf - ok
21:11:15.0453 4252        WudfRd          (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
21:11:15.0468 4252        WudfRd - ok
21:11:15.0484 4252        MBR (0x1B8)    (72b8ce41af0de751c946802b3ed844b4) \Device\Harddisk0\DR0
21:11:15.0640 4252        \Device\Harddisk0\DR0 - ok
21:11:15.0640 4252        Boot (0x1200)  (ddfa81ffb0b5f6df68589331c0170dc1) \Device\Harddisk0\DR0\Partition0
21:11:15.0640 4252        \Device\Harddisk0\DR0\Partition0 - ok
21:11:15.0671 4252        Boot (0x1200)  (cf4e7cbeb8e7a03a07e7300dafd9c0c3) \Device\Harddisk0\DR0\Partition1
21:11:15.0671 4252        \Device\Harddisk0\DR0\Partition1 - ok
21:11:15.0671 4252        ============================================================
21:11:15.0671 4252        Scan finished
21:11:15.0671 4252        ============================================================
21:11:15.0812 4192        Detected object count: 0
21:11:15.0812 4192        Actual detected object count: 0

cosinus 08.12.2011 21:22
Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.

issus 08.12.2011 22:09
Hallo Arne,

Combofix-Scan durchgeführt:
Code:
ComboFix 11-12-08.01 - Kunde 08.12.2011  21:52:22.1.2 - x86
Microsoft Windows XP Professional  5.1.2600.3.1252.49.1031.18.2814.1811 [GMT 1:00]
ausgeführt von:: c:\dokumente und einstellungen\Internet\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2011 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\muzapp.exe
.
.
(((((((((((((((((((((((  Dateien erstellt von 2011-11-08 bis 2011-12-08  ))))))))))))))))))))))))))))))
.
.
2011-12-08 17:14 . 2011-12-08 17:14        --------        d-----w-        C:\_OTL
2011-12-07 21:48 . 2011-12-08 06:58        --------        d-----w-        c:\dokumente und einstellungen\Testkonto
2011-12-06 19:52 . 2011-12-06 19:52        --------        d-----w-        c:\programme\Malwarebytes' Anti-Malware
2011-12-06 19:52 . 2011-08-31 16:00        22216        ----a-w-        c:\windows\system32\drivers\mbam.sys
2011-12-06 19:39 . 2011-12-06 19:39        --------        d-----w-        c:\programme\ESET
2011-12-06 17:35 . 2011-12-06 17:35        --------        d-----w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\ATI
2011-12-06 17:34 . 2011-12-06 17:34        --------        d-----w-        c:\programme\AMD APP
2011-12-06 17:33 . 2011-10-26 02:59        311296        ----a-w-        c:\windows\system32\atiiiexx.dll
2011-12-06 17:33 . 2011-10-26 02:06        466944        ----a-w-        c:\windows\system32\ATIDEMGX.dll
2011-12-06 17:32 . 2011-12-06 17:33        --------        d-----w-        c:\programme\ATI Technologies
2011-12-06 17:32 . 2011-12-06 17:32        --------        d-----w-        C:\ATI
2011-12-06 17:22 . 2011-12-06 17:22        --------        d-----w-        c:\dokumente und einstellungen\NetworkService\Lokale Einstellungen\Anwendungsdaten\Google
2011-12-06 17:19 . 2011-12-06 17:19        --------        d-----w-        c:\dokumente und einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\Google
2011-12-06 17:19 . 2011-12-06 17:21        --------        d-----w-        c:\dokumente und einstellungen\Kunde\Lokale Einstellungen\Anwendungsdaten\Google
2011-12-06 17:19 . 2011-12-06 17:21        --------        d-----w-        c:\programme\Google
2011-12-05 18:43 . 2011-12-05 18:43        --------        d-----w-        c:\programme\ATI
2011-12-05 18:03 . 2011-12-05 18:03        --------        d-----w-        c:\windows\system32\wbem\Repository
2011-12-05 17:20 . 2011-12-05 17:20        --------        d-----w-        c:\dokumente und einstellungen\Internet\Anwendungsdaten\Malwarebytes
2011-12-05 17:13 . 2011-12-05 17:13        --------        d-----w-        c:\dokumente und einstellungen\Kunde\Anwendungsdaten\Malwarebytes
2011-12-05 17:12 . 2011-12-05 17:12        --------        d-----w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\Malwarebytes
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-13 10:14 . 2011-06-04 13:24        414368        ----a-w-        c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-26 03:01 . 2009-06-03 21:00        7412736        ----a-w-        c:\windows\system32\drivers\ati2mtag.sys
2011-10-26 02:30 . 2011-06-25 08:45        57344        ----a-w-        c:\windows\system32\aticalrt.dll
2011-10-26 02:30 . 2011-06-25 08:45        53248        ----a-w-        c:\windows\system32\aticalcl.dll
2011-10-26 02:27 . 2011-06-25 08:45        5890048        ----a-w-        c:\windows\system32\aticaldd.dll
2011-10-26 02:16 . 2011-06-25 08:45        18968576        ----a-w-        c:\windows\system32\atioglxx.dll
2011-10-26 02:04 . 2009-06-03 19:50        304128        ----a-w-        c:\windows\system32\ati2dvag.dll
2011-10-26 02:04 . 2009-06-03 19:18        4004864        ----a-w-        c:\windows\system32\ati3duag.dll
2011-10-26 01:58 . 2011-06-25 08:45        956160        ----a-w-        c:\windows\system32\ativvamv.dll
2011-10-26 01:44 . 2009-06-03 19:03        3286400        ----a-w-        c:\windows\system32\ativvaxx.dll
2011-10-26 01:44 . 2011-06-25 08:45        212992        ----a-w-        c:\windows\system32\atipdlxx.dll
2011-10-26 01:43 . 2011-06-25 08:45        155648        ----a-w-        c:\windows\system32\Oemdspif.dll
2011-10-26 01:43 . 2011-06-25 08:45        26112        ----a-w-        c:\windows\system32\Ati2mdxx.exe
2011-10-26 01:43 . 2011-06-25 08:45        43520        ----a-w-        c:\windows\system32\ati2edxx.dll
2011-10-26 01:43 . 2011-06-25 08:45        188416        ------w-        c:\windows\system32\ati2evxx.dll
2011-10-26 01:42 . 2011-06-25 08:45        643072        ----a-w-        c:\windows\system32\ati2evxx.exe
2011-10-26 01:40 . 2011-06-25 08:45        53248        ----a-w-        c:\windows\system32\ATIDDC.DLL
2011-10-26 01:39 . 2011-06-25 08:45        159744        ----a-w-        c:\windows\system32\atiapfxx.exe
2011-10-26 01:35 . 2011-06-25 08:45        806912        ----a-w-        c:\windows\system32\atikvmag.dll
2011-10-26 01:34 . 2011-06-25 08:45        499712        ----a-w-        c:\windows\system32\atiok3x2.dll
2011-10-26 01:30 . 2011-06-25 08:45        229376        ------w-        c:\windows\system32\atiadlxx.dll
2011-10-26 01:30 . 2011-06-25 08:45        17408        ----a-w-        c:\windows\system32\atitvo32.dll
2011-10-26 01:25 . 2011-06-25 08:45        65024        ----a-w-        c:\windows\system32\atimpc32.dll
2011-10-26 01:25 . 2011-06-25 08:45        65024        ----a-w-        c:\windows\system32\amdpcom32.dll
2011-10-26 01:24 . 2011-06-25 08:45        53248        ----a-w-        c:\windows\system32\drivers\ati2erec.dll
2011-10-26 01:24 . 2009-06-03 18:33        884736        ----a-w-        c:\windows\system32\ati2cqag.dll
2011-10-25 20:21 . 2011-10-25 20:21        56832        ----a-w-        c:\windows\system32\OpenVideo.dll
2011-10-25 20:21 . 2011-10-25 20:21        56832        ----a-w-        c:\windows\system32\OVDecoder.dll
2011-10-25 20:20 . 2011-10-25 20:20        13950464        ----a-w-        c:\windows\system32\amdocl.dll
2011-10-10 14:21 . 2009-10-02 18:33        692736        ----a-w-        c:\windows\system32\inetcomm.dll
2011-09-28 07:06 . 2008-04-14 05:52        604160        ----a-w-        c:\windows\system32\crypt32.dll
2011-09-26 09:41 . 2008-07-29 15:29        614912        ----a-w-        c:\windows\system32\uiautomationcore.dll
2011-09-26 09:41 . 2001-08-23 12:00        23040        ----a-w-        c:\windows\system32\oleaccrc.dll
2011-09-26 09:41 . 2001-08-23 12:00        220160        ----a-w-        c:\windows\system32\oleacc.dll
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2011-05-30 09:33        2495816        ----a-w-        c:\programme\AVG\AVG10\Toolbar\IEToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\programme\AVG\AVG10\Toolbar\IEToolbar.dll" [2011-05-30 2495816]
.
[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\programme\AVG\AVG10\Toolbar\IEToolbar.dll" [2011-05-30 2495816]
.
[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RocketDock"="c:\programme\RocketDock\RocketDock.exe" [2007-09-02 495616]
"SpybotSD TeaTimer"="c:\programme\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"\\SLAVE\EPSON S22 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIGEE.EXE" [2009-09-14 200704]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="c:\programme\Gemeinsame Dateien\Nero\Lib\NeroCheck.exe" [2007-03-01 153136]
"TrueImageMonitor.exe"="c:\programme\Acronis\TrueImageHome\TrueImageMonitor.exe" [2008-09-15 4353088]
"AcronisTimounterMonitor"="c:\programme\Acronis\TrueImageHome\TimounterMonitor.exe" [2008-09-15 962456]
"ProfilerU"="c:\programme\Saitek\SD6\Software\ProfilerU.exe" [2009-06-03 237568]
"SaiMfd"="c:\programme\Saitek\SD6\Software\SaiMfd.exe" [2009-06-03 131072]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 55824]
"Acronis Scheduler2 Service"="c:\programme\Gemeinsame Dateien\Acronis\Schedule2\schedhlp.exe" [2008-09-15 165144]
"AVG_TRAY"="c:\programme\AVG\AVG10\avgtray.exe" [2011-09-10 2338656]
"Adobe ARM"="c:\programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"DivXUpdate"="c:\programme\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"StartCCC"="c:\programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-10-25 98304]
"Malwarebytes' Anti-Malware"="c:\programme\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"OTL"="c:\dokumente und einstellungen\Internet\Desktop\OTL.exe" [2011-12-07 584192]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\dokumente und einstellungen\Administrator\Startmenü\Programme\Autostart\
Logitech SetPoint.lnk - c:\programme\Logitech\SetPoint\SetPoint.exe [2009-10-30 813584]
.
c:\dokumente und einstellungen\Testkonto\Startmenü\Programme\Autostart\
Logitech SetPoint.lnk - c:\programme\Logitech\SetPoint\SetPoint.exe [2009-10-30 813584]
.
c:\dokumente und einstellungen\Kunde\Eigene Dateien\Startmenü\Programme\Autostart\
Logitech . Produktregistrierung.lnk.disabled [2009-11-1 967]
.
c:\dokumente und einstellungen\Internet\Startmenü\Programme\Autostart\
Logitech SetPoint.lnk - c:\programme\Logitech\SetPoint\SetPoint.exe [2009-10-30 813584]
.
c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\
Logitech SetPoint.lnk - c:\programme\Logitech\SetPoint\SetPoint.exe [2009-10-30 813584]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2009-07-20 11:28        72208        ----a-w-        c:\programme\Gemeinsame Dateien\Logishrd\Bluetooth\LBTWLgn.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute        REG_MULTI_SZ          autocheck autochk *\0c:\progra~1\AVG\AVG10\avgchsvx.exe /sync\0c:\progra~1\AVG\AVG10\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"NBKeyScan"="c:\programme\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
"RTHDCPL"=RTHDCPL.EXE
"<NO NAME>"=
"RemoteControl"=c:\programme\CyberLink\PowerDVD\PDVDServ.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programme\\Bonjour\\mDNSResponder.exe"=
"d:\\xampp\\apache\\bin\\httpd.exe"=
"d:\\xampp\\mysql\\bin\\mysqld.exe"=
"c:\\Programme\\Civilization 4\\Civilization4.exe"=
"c:\\Programme\\Civilization 4\\Warlords\\Civ4Warlords.exe"=
"c:\\Programme\\Civilization 4\\Warlords\\Civ4Warlords_PitBoss.exe"=
"c:\\Programme\\Civilization 4\\Beyond the Sword\\Civ4BeyondSword.exe"=
"c:\\Programme\\Civilization 4\\Beyond the Sword\\Civ4BeyondSword_PitBoss.exe"=
"d:\\PokerTH\\pokerth.exe"=
"c:\\Programme\\Opera\\opera.exe"=
"c:\\Programme\\AVG\\AVG10\\avgmfapx.exe"=
"c:\\Programme\\AVG\\AVG10\\avgdiagex.exe"=
"c:\\Programme\\AVG\\AVG10\\avgnsx.exe"=
"c:\\Programme\\AVG\\AVG10\\avgemcx.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"7234:TCP"= 7234:TCP:PokerTH
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [13.09.2010 16:27 22992]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [07.09.2010 03:48 32592]
R0 snapman378;Acronis Snapshots Manager (Build 378);c:\windows\system32\drivers\snman378.sys [02.10.2009 16:31 134272]
R0 tdrpman124;Acronis Try&Decide and Restore Points filter (build 124);c:\windows\system32\drivers\tdrpm124.sys [02.10.2009 16:31 950848]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [07.09.2010 03:48 248656]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [07.09.2010 03:49 297168]
R2 AVGIDSAgent;AVGIDSAgent;c:\programme\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [18.08.2011 00:33 7390560]
R2 avgwd;AVG WatchDog;c:\programme\AVG\AVG10\avgwdsvc.exe [08.02.2011 04:33 269520]
R2 BCUService;Browser Configuration Utility Service;c:\programme\DeviceVM\Browser Configuration Utility\BCUService.exe [02.10.2009 19:45 212232]
R2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [30.10.2009 15:23 10384]
R2 MBAMService;MBAMService;c:\programme\Malwarebytes' Anti-Malware\mbamservice.exe [06.12.2011 20:52 366152]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [19.08.2010 21:42 134480]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [19.08.2010 21:42 24144]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [19.08.2010 21:42 27216]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [06.12.2011 20:52 22216]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [02.10.2009 19:51 1684736]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\programme\AVG\AVG10\Toolbar\ToolbarBroker.exe [02.05.2011 16:30 1025352]
S3 SaiH0464;SaiH0464;c:\windows\system32\drivers\SaiH0464.sys [01.05.2007 12:07 132232]
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - 80359664
*Deregistered* - 80359664
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://google.com/
uInternet Settings,ProxyOverride = *.local
IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{9CB959E8-144F-4860-9715-EA9E319418F3}: NameServer = 213.73.91.35,194.95.202.198
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\programme\AVG\AVG10\Toolbar\IEToolbar.dll
FF - ProfilePath - c:\dokumente und einstellungen\Kunde\Anwendungsdaten\Mozilla\Firefox\Profiles\xwlrh1o1.default\
FF - prefs.js: browser.startup.homepage - hxxp://yahoo.de
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2011-12-08 21:55
Windows 5.1.2600 Service Pack 3 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-1060284298-1214440339-682003330-1004\Software\Microsoft\Windows\CurrentVersion\UnreadMail\e-post@um-fritz.de]
@Denied: (Full) (Administrators)
"MessageCount"=dword:00000004
"TimeStamp"=hex:7e,b6,8e,70,5f,a0,ca,01
"Application"="%SystemDrive%\\PROGRA~1\\MICROS~2\\OFFICE11\\OUTLOOK.EXE /profile Outlook"
"MessageExpiryDays"=dword:00000000
.
[HKEY_USERS\S-1-5-21-1060284298-1214440339-682003330-1004\Software\Microsoft\Windows\CurrentVersion\UnreadMail\uli.fritz@t-online.de]
@Denied: (Full) (Administrators)
"MessageCount"=dword:00000003
"TimeStamp"=hex:ea,8a,e4,3c,7a,4f,cb,01
"Application"="%SystemDrive%\\PROGRA~1\\MICROS~2\\OFFICE11\\OUTLOOK.EXE /profile Outlook"
"MessageExpiryDays"=dword:00000000
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'winlogon.exe'(1032)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\atiadlxx.dll
c:\programme\gemeinsame dateien\logishrd\bluetooth\LBTWlgn.dll
c:\programme\gemeinsame dateien\logishrd\bluetooth\LBTServ.dll
.
Zeit der Fertigstellung: 2011-12-08  21:57:04
ComboFix-quarantined-files.txt  2011-12-08 20:57
.
Vor Suchlauf: 8 Verzeichnis(se), 230.386.352.128 Bytes frei
Nach Suchlauf: 10 Verzeichnis(se), 230.454.505.472 Bytes frei
.
WindowsXP-KB310994-SP2-Pro-BootDisk-DEU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /usepmtimer
.
- - End Of File - - E86357970FB75FB912E7FB58960169CB

cosinus 09.12.2011 09:40
Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.

Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM!

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
  • Starte die aswMBR.exe - (aswMBR.exe Anleitung)
    Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
    Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS-Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).

issus 09.12.2011 20:08
Hallo Arne,

die drei Schritte abgearbeitet:

Gmer:
Code:
GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2011-12-09 19:28:53
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 ST31000528AS rev.CC35
Running: 8d2wyc5l.exe; Driver: C:\DOKUME~1\Kunde\LOKALE~1\Temp\pgtdypog.sys


---- System - GMER 1.0.15 ----

SSDT            \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. )  ZwOpenProcess [0xBA3E9738]
SSDT            \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. )  ZwTerminateProcess [0xBA3E97DC]
SSDT            \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. )  ZwTerminateThread [0xBA3E9878]
SSDT            \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. )  ZwWriteVirtualMemory [0xBA3E9914]

---- Kernel code sections - GMER 1.0.15 ----

.text          C:\WINDOWS\system32\DRIVERS\ati2mtag.sys                                                                                    section is writeable [0xB41C7000, 0x2BCD8C, 0xE8000020]

---- Devices - GMER 1.0.15 ----

AttachedDevice  \FileSystem\Ntfs \Ntfs                                                                                                      tdrpm124.sys (Acronis Try&Decide Volume Filter Driver/Acronis)
AttachedDevice  \FileSystem\Ntfs \Ntfs                                                                                                      AVGIDSFilter.Sys (IDS Application Activity Monitor Filter Driver./AVG Technologies CZ, s.r.o. )
AttachedDevice  \Driver\Tcpip \Device\Ip                                                                                                    avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice  \Driver\Tcpip \Device\Tcp                                                                                                  avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice  \Driver\Ftdisk \Device\HarddiskVolume1                                                                                      tdrpm124.sys (Acronis Try&Decide Volume Filter Driver/Acronis)
AttachedDevice  \Driver\Ftdisk \Device\HarddiskVolume2                                                                                      tdrpm124.sys (Acronis Try&Decide Volume Filter Driver/Acronis)
AttachedDevice  \Driver\Tcpip \Device\Udp                                                                                                  avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice  \Driver\Tcpip \Device\RawIp                                                                                                avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

---- EOF - GMER 1.0.15 ----
Osam
Code:
Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 19:43:27 on 09.12.2011

OS: Windows XP Professional Service Pack 3 (Build 2600)
Default Browser: Mozilla Corporation Firefox 8.0

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Boot Execute]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Session Manager )-----
"BootExecute" - "AVG Technologies CZ, s.r.o." - C:\PROGRA~1\AVG\AVG10\avgchsvx.exe
"BootExecute" - "AVG Technologies CZ, s.r.o." - C:\PROGRA~1\AVG\AVG10\avgrsx.exe

[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"DivXControlPanelApplet.cpl" - "DivX, Inc." - C:\WINDOWS\system32\DivXControlPanelApplet.cpl
"FlashPlayerCPLApp.cpl" - "Adobe Systems Incorporated" - C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
"infocardcpl.cpl" - "Microsoft Corporation" - C:\WINDOWS\system32\infocardcpl.cpl
"javacpl.cpl" - "Oracle Corporation" - C:\WINDOWS\system32\javacpl.cpl
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"Nero BurnRights" - "Nero AG" - C:\Programme\Nero\Nero8\Nero Toolkit\NeroBurnRights.cpl

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"Acronis Snapshots Manager (Build 378)" (snapman378) - "Acronis" - C:\WINDOWS\System32\DRIVERS\snman378.sys
"Acronis True Image Backup Archive Explorer" (timounter) - "Acronis" - C:\WINDOWS\System32\DRIVERS\timntr.sys
"Acronis True Image FS Filter" (tifsfilter) - "Acronis" - C:\WINDOWS\System32\DRIVERS\tifsfilt.sys
"Acronis Try&Decide and Restore Points filter (build 124)" (tdrpman124) - "Acronis" - C:\WINDOWS\System32\DRIVERS\tdrpm124.sys
"AVG Anti-Rootkit Driver" (Avgrkx86) - "AVG Technologies CZ, s.r.o." - C:\WINDOWS\System32\DRIVERS\avgrkx86.sys
"AVG AVI Loader Driver" (Avgldx86) - "AVG Technologies CZ, s.r.o." - C:\WINDOWS\System32\DRIVERS\avgldx86.sys
"AVG Mini-Filter Resident Anti-Virus Shield" (Avgmfx86) - "AVG Technologies CZ, s.r.o." - C:\WINDOWS\System32\DRIVERS\avgmfx86.sys
"AVG TDI Driver" (Avgtdix) - "AVG Technologies CZ, s.r.o." - C:\WINDOWS\System32\DRIVERS\avgtdix.sys
"AVGIDSDriver" (AVGIDSDriver) - "AVG Technologies CZ, s.r.o. " - C:\WINDOWS\System32\DRIVERS\AVGIDSDriver.Sys
"AVGIDSEH" (AVGIDSEH) - "AVG Technologies CZ, s.r.o. " - C:\WINDOWS\System32\DRIVERS\AVGIDSEH.Sys
"AVGIDSFilter" (AVGIDSFilter) - "AVG Technologies CZ, s.r.o. " - C:\WINDOWS\System32\DRIVERS\AVGIDSFilter.Sys
"AVGIDSShim" (AVGIDSShim) - "AVG Technologies CZ, s.r.o. " - C:\WINDOWS\System32\DRIVERS\AVGIDSShim.Sys
"catchme" (catchme) - ? - C:\DOKUME~1\Kunde\LOKALE~1\Temp\catchme.sys  (File not found)
"Changer" (Changer) - ? - C:\WINDOWS\system32\drivers\Changer.sys  (File not found)
"gdrv" (gdrv) - ? - C:\WINDOWS\gdrv.sys  (File not found)
"i2omgmt" (i2omgmt) - ? - C:\WINDOWS\system32\drivers\i2omgmt.sys  (File not found)
"LBeepKE" (LBeepKE) - "Logitech, Inc." - C:\WINDOWS\System32\Drivers\LBeepKE.sys
"lbrtfdc" (lbrtfdc) - ? - C:\WINDOWS\system32\drivers\lbrtfdc.sys  (File not found)
"MBAMProtector" (MBAMProtector) - "Malwarebytes Corporation" - C:\WINDOWS\system32\drivers\mbam.sys
"PCIDump" (PCIDump) - ? - C:\WINDOWS\system32\drivers\PCIDump.sys  (File not found)
"PDCOMP" (PDCOMP) - ? - C:\WINDOWS\system32\drivers\PDCOMP.sys  (File not found)
"PDFRAME" (PDFRAME) - ? - C:\WINDOWS\system32\drivers\PDFRAME.sys  (File not found)
"PDRELI" (PDRELI) - ? - C:\WINDOWS\system32\drivers\PDRELI.sys  (File not found)
"PDRFRAME" (PDRFRAME) - ? - C:\WINDOWS\system32\drivers\PDRFRAME.sys  (File not found)
"pgtdypog" (pgtdypog) - ? - C:\DOKUME~1\Kunde\LOKALE~1\Temp\pgtdypog.sys  (Hidden registry entry, rootkit activity | File not found)
"PxHelp20" (PxHelp20) - "Sonic Solutions" - C:\WINDOWS\System32\Drivers\PxHelp20.sys
"SaiH0464" (SaiH0464) - "Saitek" - C:\WINDOWS\System32\DRIVERS\SaiH0464.sys
"SaiMini" (SaiMini) - ? - C:\WINDOWS\System32\DRIVERS\SaiMini.sys  (File not found)
"SaiNtBus" (SaiNtBus) - ? - C:\WINDOWS\System32\drivers\SaiBus.sys  (File not found)
"WDICA" (WDICA) - ? - C:\WINDOWS\system32\drivers\WDICA.sys  (File not found)

[Explorer]
-----( HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components )-----
{89B4C1CD-B018-4511-B0A1-5476DBF70820} "StubPath" - "Microsoft Corporation" - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.dll
-----( HKLM\Software\Classes\Protocols\Filter )-----
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
{807553E5-5146-11D5-A672-00B0D022E945} "text/xml" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL
-----( HKLM\Software\Classes\Protocols\Handler )-----
{F2DDE6B2-9684-4A55-86D4-E255E237B77C} "avgsecuritytoolbar" - ? - C:\Programme\AVG\AVG10\Toolbar\IEToolbar.dll
{32505114-5902-49B2-880A-1F7738E5A384} "Data Page Plugable Protocal mso-offdap11 Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\WEBCOM~1\11\OWC11.DLL
{3D9F03FA-7A94-11D3-BE81-0050048385D1} "Data Page Pluggable Protocol mso-offdap Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\WEBCOM~1\10\OWC10.DLL
{F274614C-63F8-47D5-A4D1-FBDDE494F8D1} "XPLPPFilter Class" - "AVG Technologies CZ, s.r.o." - C:\Programme\AVG\AVG10\avgpp.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{C539A15A-3AF9-4c92-B771-50CB78F5C751} "Acronis True Image Shell Context Menu Extension" - "Acronis" - C:\Programme\Acronis\TrueImageHome\tishell.dll
{C539A15B-3AF9-4c92-B771-50CB78F5C751} "Acronis True Image Shell Extension" - "Acronis" - C:\Programme\Acronis\TrueImageHome\tishell.dll
{9F97547E-460A-42C5-AE0C-81C61FFAEBC3} "AVG Find Extension" - ? -  (File not found | COM-object registry key not found)
{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} "AVG Shell Extension Class" - "AVG Technologies CZ, s.r.o." - C:\Programme\AVG\AVG10\avgse.dll
{42071714-76d4-11d1-8b24-00a0c9068ff3} "CPL-Erweiterung für Anzeigeverschiebung" - ? -  (File not found | COM-object registry key not found)
{2C49B5D0-ACE7-4D17-9DF0-A254A6C5A0C5} "dBpoweramp Music Converter" - ? -  (File not found | COM-object registry key not found)
{872A9397-E0D6-4e28-B64D-52B8D0A7EA35} "DisplayCplExt Class" - "Advanced Micro Devices, Inc." - C:\Programme\ATI Technologies\ATI.ACE\Core-Static\atiamaxx.dll
{FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} "IE User Assist" - ? -  (File not found | COM-object registry key not found)
{DC70C4A5-2044-4c59-B806-DEFB9AE0DF7C} "KbLogiExt Class" - "Logitech, Inc." - C:\Programme\Logitech\SetPoint\kbcplext.dll
{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} "Kontextmenü für die Verschlüsselung" - ? -  (File not found | COM-object registry key not found)
{B9B9F083-2B04-452A-8691-83694AC1037B} "LogiExt Class" - "Logitech, Inc." - C:\Programme\Logitech\SetPoint\mcplext.dll
{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Programme\Microsoft Office\OFFICE11\msohev.dll
{00020D75-0000-0000-C000-000000000046} "Microsoft Office Outlook" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\OFFICE11\MLSHEXT.DLL
{97F68CE3-7146-45FF-BE24-D9A7DD7CB8A2} "NeroCoverEdLiveIcons Class" - "Nero AG" - C:\Programme\Nero\Nero8\Nero CoverDesigner\CoverEdExtension.dll
{0006F045-0000-0000-C000-000000000046} "Outlook-Dateisymbolerweiterung" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\OFFICE11\OLKFSTUB.DLL
{E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} "Shell Icon Handler for Application References" - "Microsoft Corporation" - C:\WINDOWS\system32\dfshim.dll
{764BF0E1-F219-11ce-972D-00AA00A14F56} "Shellerweiterungen für die Dateikomprimierung" - ? -  (File not found | COM-object registry key not found)
{e82a2d71-5b2f-43a0-97b8-81be15854de8} "ShellLink for Application References" - "Microsoft Corporation" - C:\WINDOWS\system32\dfshim.dll
{5E2121EE-0300-11D4-8D3B-444553540000} "SimpleShlExt Class" - "Advanced Micro Devices, Inc." - C:\Programme\ATI Technologies\ATI.ACE\Core-Static\atiacmxx.dll
{e57ce731-33e8-4c51-8354-bb4de9d215d1} "Universelle Plug & Play-Geräte" - ? -  (File not found | COM-object registry key not found)
{BDEADF00-C265-11D0-BCED-00A0C90AB50F} "Webordner" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
{B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - ? - C:\Programme\WinRAR\rarext.dll  (File found, but it contains no detailed information)

[Internet Explorer]
-----( HKCU\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
"Klicke hier um das Projekt xp-AntiSpy zu unterstützen" - ? - C:\Programme\xp-AntiSpy\sponsoring\sponsor.html
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
<binary data> "AVG Security Toolbar" - ? - C:\Programme\AVG\AVG10\Toolbar\IEToolbar.dll
ITBar7Height "ITBar7Height" - ? -  (File not found | COM-object registry key not found)
<binary data> "ITBar7Layout" - ? -  (File not found | COM-object registry key not found)
<binary data> "{47833539-D0C5-4125-9FA8-0819E2EAAC93}" - ? -  (File not found | COM-object registry key not found)
-----( HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks )-----
{BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} "SearchHook Class" - "DeviceVM, Inc." - C:\Programme\DeviceVM\Browser Configuration Utility\AddressBarSearch.dll
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} "BDSCANONLINE Control" - "BitDefender" - C:\WINDOWS\DOWNLO~1\oscan82.ocx / hxxp://download.bitdefender.com/resources/scanner/sources/de/scan8/oscan8.cab
{CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA} "Java Plug-in 1.7.0" - "Oracle Corporation" - C:\Programme\Java\jre7\bin\npjpi170.dll / hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.7.0" - ? - \bin\npjpi170.dll  (File not found) / hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab
{8AD9C840-044E-11D1-B3E9-00805F499D93} "{8AD9C840-044E-11D1-B3E9-00805F499D93}" - ? -  (File not found | COM-object registry key not found) / hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
{53707962-6F74-2D53-2644-206D7942484F} "ClsidExtension" - "Safer Networking Limited" - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
"Exec" - ? - C:\WINDOWS\bdoscandel.exe  (File found, but it contains no detailed information)
{FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Recherchieren" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )-----
{CCC7A320-B3CA-4199-B1A6-9F516DD69829} "AVG Security Toolbar" - ? - C:\Programme\AVG\AVG10\Toolbar\IEToolbar.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} "Adobe PDF Reader" - "Adobe Systems Incorporated" - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} "AVG Safe Search" - "AVG Technologies CZ, s.r.o." - C:\Programme\AVG\AVG10\avgssie.dll
{A3BC75A2-1F87-4686-AA43-5347D756017C} "AVG Security Toolbar BHO" - ? - C:\Programme\AVG\AVG10\Toolbar\IEToolbar.dll
{DD92DE22-ED91-4560-B788-DEE2B26612E6} "BHO Class" - "DeviceVM, Inc." - C:\Programme\DeviceVM\Browser Configuration Utility\IEHelper.dll
{326E768D-4182-46FD-9C16-1449A49795F4} "DivX Plus Web Player HTML5 <video>" - "DivX, LLC" - C:\Programme\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
{53707962-6F74-2D53-2644-206D7942484F} "Spybot-S&D IE Protection" - "Safer Networking Limited" - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

[Logon]
-----( %AllUsersProfile%\Startmenü\Programme\Autostart )-----
"desktop.ini" - ? - C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\desktop.ini
"Logitech SetPoint.lnk" - "Logitech, Inc." - C:\Programme\Logitech\SetPoint\SetPoint.exe  (Shortcut exists | File exists)
-----( %UserProfile%\Eigene Dateien\Startmenü\Programme\Autostart )-----
"desktop.ini" - ? - C:\Dokumente und Einstellungen\Kunde\Eigene Dateien\Startmenü\Programme\Autostart\desktop.ini
"Logitech . Produktregistrierung.lnk.disabled" - ? - C:\Dokumente und Einstellungen\Kunde\Eigene Dateien\Startmenü\Programme\Autostart\Logitech . Produktregistrierung.lnk.disabled
-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----
"RocketDock" - ? - "C:\Programme\RocketDock\RocketDock.exe"  (File found, but it contains no detailed information)
"SpybotSD TeaTimer" - "Safer-Networking Ltd." - C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
"\\SLAVE\EPSON S22 Series" - "SEIKO EPSON CORPORATION" - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIGEE.EXE /FU "C:\DOKUME~1\Kunde\LOKALE~1\Temp\E_S10.tmp" /EF "HKCU"
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"Acronis Scheduler2 Service" - "Acronis" - "C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedhlp.exe"
"AcronisTimounterMonitor" - "Acronis" - C:\Programme\Acronis\TrueImageHome\TimounterMonitor.exe
"Adobe ARM" - "Adobe Systems Incorporated" - "C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe"
"AVG_TRAY" - "AVG Technologies CZ, s.r.o." - C:\Programme\AVG\AVG10\avgtray.exe
"DivXUpdate" - ? - "C:\Programme\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
"Malwarebytes' Anti-Malware" - "Malwarebytes Corporation" - "C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
"NeroFilterCheck" - "Nero AG" - C:\Programme\Gemeinsame Dateien\Nero\Lib\NeroCheck.exe
"ProfilerU" - "Saitek" - C:\Programme\Saitek\SD6\Software\ProfilerU.exe
"SaiMfd" - "Saitek" - C:\Programme\Saitek\SD6\Software\SaiMfd.exe
"StartCCC" - "Advanced Micro Devices, Inc." - "C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
"TrueImageMonitor.exe" - "Acronis" - C:\Programme\Acronis\TrueImageHome\TrueImageMonitor.exe

[Print Monitors]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----
"Adobe PDF Port" - ? - C:\WINDOWS\system32\AdobePDF.dll  (File not found)
"Microsoft Document Imaging Writer Monitor" - "Microsoft Corporation" - C:\WINDOWS\system32\mdimon.dll

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##" (Bonjour Service) - "Apple Computer, Inc." - C:\Programme\Bonjour\mDNSResponder.exe
".NET Runtime Optimization Service v2.0.50727_X86" (clr_optimization_v2.0.50727_32) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
"Acronis Scheduler2 Service" (AcrSch2Svc) - "Acronis" - C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedul2.exe
"ASP.NET-Zustandsdienst" (aspnet_state) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
"AVG Security Toolbar Service" (AVG Security Toolbar Service) - ? - C:\Programme\AVG\AVG10\Toolbar\ToolbarBroker.exe
"AVG WatchDog" (avgwd) - "AVG Technologies CZ, s.r.o." - C:\Programme\AVG\AVG10\avgwdsvc.exe
"AVGIDSAgent" (AVGIDSAgent) - "AVG Technologies CZ, s.r.o." - C:\Programme\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
"Browser Configuration Utility Service" (BCUService) - "DeviceVM, Inc." - C:\Programme\DeviceVM\Browser Configuration Utility\BCUService.exe
"FLEXnet Licensing Service" (FLEXnet Licensing Service) - "Macrovision Europe Ltd." - C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
"Logitech Bluetooth Service" (LBTServ) - "Logitech, Inc." - C:\Programme\Gemeinsame Dateien\Logishrd\Bluetooth\LBTServ.exe
"MBAMService" (MBAMService) - "Malwarebytes Corporation" - C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe
"Nero BackItUp Scheduler 3" (Nero BackItUp Scheduler 3) - "Nero AG" - C:\Programme\Nero\Nero8\Nero BackItUp\NBService.exe
"NMIndexingService" (NMIndexingService) - "Nero AG" - C:\Programme\Gemeinsame Dateien\Nero\Lib\NMIndexingService.exe
"Office Source Engine" (ose) - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE
"Windows CardSpace" (idsvc) - "Microsoft Corporation" - c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
"Windows Presentation Foundation Font Cache 3.0.0.0" (FontCache3.0.0.0) - "Microsoft Corporation" - c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe

[Winlogon]
-----( HKCU\Control Panel\IOProcs )-----
"MVB" - ? - mvfs32.dll  (File not found)
-----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify )-----
"LBTWlgn" - "Logitech, Inc." - c:\programme\gemeinsame dateien\logishrd\bluetooth\LBTWlgn.dll
"WgaLogon" - "Microsoft Corporation" - C:\WINDOWS\system32\WgaLogon.dll

[Winsock Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )-----
"mdnsNSP" - "Apple Computer, Inc." - C:\Programme\Bonjour\mdnsNSP.dll

===[ Logfile end ]=========================================[ Logfile end ]===

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru
aswMBR:
Code:
aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
Run date: 2011-12-09 19:45:43
-----------------------------
19:45:43.765    OS Version: Windows 5.1.2600 Service Pack 3
19:45:43.765    Number of processors: 2 586 0x4303
19:45:43.765    ComputerName: MAIN  UserName:
19:45:44.437    Initialize success
19:48:00.296    AVAST engine defs: 11120901
19:48:30.484    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
19:48:30.484    Disk 0 Vendor: ST31000528AS CC35 Size: 953869MB BusType: 3
19:48:32.546    Disk 0 MBR read successfully
19:48:32.546    Disk 0 MBR scan
19:48:32.562    Disk 0 Windows XP default MBR code
19:48:32.593    Disk 0 scanning sectors +1953520065
19:48:32.734    Disk 0 scanning C:\WINDOWS\system32\drivers
19:48:53.796    Service scanning
19:48:54.515    Modules scanning
19:49:21.843    Disk 0 trace - called modules:
19:49:21.890    ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
19:49:21.890    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a2c4ab8]
19:49:21.890    3 CLASSPNP.SYS[ba108fd7] -> nt!IofCallDriver -> \Device\0000006b[0x8a321510]
19:49:22.406    5 ACPI.sys[b9f7e620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x8a2cb940]
19:49:23.015    AVAST engine scan C:\WINDOWS
19:49:51.406    AVAST engine scan C:\WINDOWS\system32
19:52:10.046    AVAST engine scan C:\WINDOWS\system32\drivers
19:52:31.078    AVAST engine scan C:\Dokumente und Einstellungen\Kunde
19:54:43.781    AVAST engine scan C:\Dokumente und Einstellungen\All Users
19:56:30.734    Scan finished successfully
19:56:57.375    Disk 0 MBR has been saved successfully to "C:\Dokumente und Einstellungen\Internet\Desktop\MBR.dat"
19:56:57.375    The log file has been saved successfully to "C:\Dokumente und Einstellungen\Internet\Desktop\aswMBR.txt"
So far, so good?

Der Bootmanager geht im übrigen wieder, was Du aber sicher schon geahnt hast. Nur die USB-Tastatur Eingaben erkennt er noch nicht.
Danke für Deine Hilfe!

cosinus 10.12.2011 01:07
Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SASW und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!


Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt:


ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


issus 10.12.2011 13:47
Hallo Arne,

die drei Schritte erledigt.
MBAM Vollscan:
Code:
Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Datenbank Version: 8346

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

10.12.2011 11:04:15
mbam-log-2011-12-10 (11-04-08).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 395444
Laufzeit: 31 Minute(n), 46 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 2

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
c:\system volume information\_restore{e4c233ae-6714-4744-9e50-dbe1a7bc66ef}\RP456\A0115932.exe (Trojan.FakeAlert) -> No action taken.
c:\system volume information\_restore{e4c233ae-6714-4744-9e50-dbe1a7bc66ef}\RP456\A0115933.exe (Rogue.FakeHDD) -> No action taken.
SAS Vollscan
Code:
SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com

Generated 12/10/2011 at 11:50 AM

Application Version : 5.0.1136

Core Rules Database Version : 8038
Trace Rules Database Version: 5850

Scan type      : Complete Scan
Total Scan Time : 00:31:14

Operating System Information
Windows XP Professional 32-bit, Service Pack 3 (Build 5.01.2600)
Administrator

Memory items scanned      : 474
Memory threats detected  : 0
Registry items scanned    : 39230
Registry threats detected : 0
File items scanned        : 69747
File threats detected    : 2

Trojan.Agent/Gen-FakeAlert
        C:\SYSTEM VOLUME INFORMATION\_RESTORE{E4C233AE-6714-4744-9E50-DBE1A7BC66EF}\RP456\A0115932.EXE
        C:\SYSTEM VOLUME INFORMATION\_RESTORE{E4C233AE-6714-4744-9E50-DBE1A7BC66EF}\RP456\A0115933.EXE
ESET Vollscan: (Da ist der Scan vom 6.12. mit gelistet)
Code:
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=23f9784fc526b4489db3de8d1f5c3bf4
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2011-12-06 09:10:46
# local_time=2011-12-06 10:10:46 (+0100, Westeuropäische Normalzeit)
# country="Germany"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=1032 16777189 100 96 13067 66368682 0 0
# compatibility_mode=8192 67108863 100 0 4189 4189 0 0
# scanned=153857
# found=6
# cleaned=0
# scan_time=4908
C:\Dokumente und Einstellungen\Internet\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\15\6e1ca1cf-161b0e1f        a variant of Java/TrojanDownloader.OpenConnection.MU trojan (unable to clean)        00000000000000000000000000000000        I
C:\Dokumente und Einstellungen\Internet\Lokale Einstellungen\Temp\CDBurnerXP-updates\cdbxp_setup_4.3.8.2568.exe        Win32/OpenCandy application (unable to clean)        00000000000000000000000000000000        I
D:\Sicher\gamers_irc405.exe        probably a variant of Win32/Adware.Agent.CZTDWWN application (unable to clean)        00000000000000000000000000000000        I
D:\Sicher\GermanFunScript.zip        Win32/NetTool.NukeNabber.29 application (unable to clean)        00000000000000000000000000000000        I
D:\Sicher\UT\ts2_client_rc1.exe        multiple threats (unable to clean)        00000000000000000000000000000000        I
D:\software\winamp5601_full_emusic-7plus_de-de.exe        Win32/OpenCandy application (unable to clean)        00000000000000000000000000000000        I
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=23f9784fc526b4489db3de8d1f5c3bf4
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2011-12-10 12:26:29
# local_time=2011-12-10 01:26:29 (+0100, Westeuropäische Normalzeit)
# country="Germany"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=1032 16777189 100 96 11889 66682485 0 0
# compatibility_mode=8192 67108863 100 0 317992 317992 0 0
# scanned=165562
# found=6
# cleaned=0
# scan_time=5248
C:\System Volume Information\_restore{E4C233AE-6714-4744-9E50-DBE1A7BC66EF}\RP456\A0115932.exe        a variant of Win32/Kryptik.WQS trojan (unable to clean)        00000000000000000000000000000000        I
C:\System Volume Information\_restore{E4C233AE-6714-4744-9E50-DBE1A7BC66EF}\RP456\A0115933.exe        a variant of Win32/Kryptik.WQS trojan (unable to clean)        00000000000000000000000000000000        I
D:\Sicher\gamers_irc405.exe        probably a variant of Win32/Adware.Agent.CZTDWWN application (unable to clean)        00000000000000000000000000000000        I
D:\Sicher\GermanFunScript.zip        Win32/NetTool.NukeNabber.29 application (unable to clean)        00000000000000000000000000000000        I
D:\Sicher\UT\ts2_client_rc1.exe        multiple threats (unable to clean)        00000000000000000000000000000000        I
D:\software\winamp5601_full_emusic-7plus_de-de.exe        Win32/OpenCandy application (unable to clean)        00000000000000000000000000000000        I

cosinus 12.12.2011 09:45
In System Volume Information sind die Dateien für Wiederherstellungspunkte gespeichert.

Deaktiviere die Systemwiederherstellung, im Verlauf der Infektion wurden auch Malwaredateien in Wiederherstellungspunkten mitgesichert - die sind alle nun unbrauchbar, da ein Zurücksetzen des Systems durch einen Wiederherstellungspunkt wahrscheinlich wieder eine Infektion nach sich ziehen würde.

issus 12.12.2011 11:46
Hallo Arne,

herzlichen Glückwunsch zum Geburtstag! :party:

Systemwiederherstellungspunkte gelöscht.

cosinus 12.12.2011 13:31
Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:
:OTL
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{4f261ea7-2056-11e1-975f-9b6463f8e70b}\Shell - "" = AutoRun
O33 - MountPoints2\{4f261ea7-2056-11e1-975f-9b6463f8e70b}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O33 - MountPoints2\{89bc54a4-205a-11e1-b675-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{89bc54a4-205a-11e1-b675-806e6f6e6963}\Shell\AutoRun\command - "" = D:\Setup.exe autoplay=true
:Commands
[emptytemp]
[resethosts]
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

issus 12.12.2011 13:56
OTL - Log:
Code:
All processes killed
========== OTL ==========
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4f261ea7-2056-11e1-975f-9b6463f8e70b}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4f261ea7-2056-11e1-975f-9b6463f8e70b}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4f261ea7-2056-11e1-975f-9b6463f8e70b}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4f261ea7-2056-11e1-975f-9b6463f8e70b}\ not found.
File E:\LaunchU3.exe -a not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{89bc54a4-205a-11e1-b675-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{89bc54a4-205a-11e1-b675-806e6f6e6963}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{89bc54a4-205a-11e1-b675-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{89bc54a4-205a-11e1-b675-806e6f6e6963}\ not found.
File D:\Setup.exe autoplay=true not found.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: All Users
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Gast
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: INet
->Temp folder emptied: 184380 bytes
->Temporary Internet Files folder emptied: 706612 bytes
->FireFox cache emptied: 38045640 bytes
->Flash cache emptied: 470 bytes
 
User: Internet
->Temp folder emptied: 734775133 bytes
->Temporary Internet Files folder emptied: 110137 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 37478387 bytes
->Opera cache emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Kunde
->Temp folder emptied: 53664745 bytes
->Temporary Internet Files folder emptied: 49549150 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 9573521 bytes
->Opera cache emptied: 0 bytes
->Flash cache emptied: 456 bytes
 
User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33062 bytes
 
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 12088728 bytes
RecycleBin emptied: 58573168 bytes
 
Total Files Cleaned = 949,00 mb
 
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.31.0 log created on 12122011_134127

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

cosinus 12.12.2011 14:12
Bitte nun (im normalen Modus!) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

http://saved.im/mtkwmtcxexhp/setting...8_16-25-18.jpg


Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, Verknüpfungen auf dem Desktop oder im Startmenü unter "alle Programme" fehlen, bitte unhide ausführen:
Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop.
Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )
http://www.trojaner-board.de/images/icons/icon4.gif Windows-Vista und Windows-7-User müssen das Tool per Rechtsklick als Administrator ausführen! http://www.trojaner-board.de/images/icons/icon4.gif

issus 12.12.2011 14:26
TDSSKiller:
Code:
14:18:14.0421 2496        TDSS rootkit removing tool 2.6.22.0 Dec  7 2011 13:21:06
14:18:14.0750 2496        ============================================================
14:18:14.0750 2496        Current date / time: 2011/12/12 14:18:14.0750
14:18:14.0750 2496        SystemInfo:
14:18:14.0750 2496       
14:18:14.0750 2496        OS Version: 5.1.2600 ServicePack: 3.0
14:18:14.0750 2496        Product type: Workstation
14:18:14.0750 2496        ComputerName: MAIN
14:18:14.0750 2496        UserName: Kunde
14:18:14.0750 2496        Windows directory: C:\WINDOWS
14:18:14.0750 2496        System windows directory: C:\WINDOWS
14:18:14.0750 2496        Processor architecture: Intel x86
14:18:14.0750 2496        Number of processors: 2
14:18:14.0750 2496        Page size: 0x1000
14:18:14.0750 2496        Boot type: Normal boot
14:18:14.0750 2496        ============================================================
14:18:15.0796 2496        Initialize success
14:18:33.0875 4980        ============================================================
14:18:33.0875 4980        Scan started
14:18:33.0875 4980        Mode: Manual; SigCheck; TDLFS;
14:18:33.0875 4980        ============================================================
14:18:34.0218 4980        Abiosdsk - ok
14:18:34.0218 4980        abp480n5 - ok
14:18:34.0265 4980        ACPI            (ac407f1a62c3a300b4f2b5a9f1d55b2c) C:\WINDOWS\system32\DRIVERS\ACPI.sys
14:18:34.0796 4980        ACPI - ok
14:18:34.0812 4980        ACPIEC          (9e1ca3160dafb159ca14f83b1e317f75) C:\WINDOWS\system32\drivers\ACPIEC.sys
14:18:34.0890 4980        ACPIEC - ok
14:18:34.0906 4980        adpu160m - ok
14:18:34.0953 4980        aec            (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
14:18:35.0015 4980        aec - ok
14:18:35.0046 4980        AFD            (f6b7b1ecd7b41736bdb6ff4b092bcb79) C:\WINDOWS\System32\drivers\afd.sys
14:18:35.0078 4980        AFD - ok
14:18:35.0093 4980        Aha154x - ok
14:18:35.0093 4980        aic78u2 - ok
14:18:35.0109 4980        aic78xx - ok
14:18:35.0125 4980        AliIde - ok
14:18:35.0171 4980        Ambfilt        (f6af59d6eee5e1c304f7f73706ad11d8) C:\WINDOWS\system32\drivers\Ambfilt.sys
14:18:35.0265 4980        Ambfilt - ok
14:18:35.0281 4980        AmdK8          (58be3c2f1aa041ea56f7305a6463035c) C:\WINDOWS\system32\DRIVERS\AmdK8.sys
14:18:35.0296 4980        AmdK8 - ok
14:18:35.0312 4980        amsint - ok
14:18:35.0359 4980        Arp1394        (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
14:18:35.0421 4980        Arp1394 - ok
14:18:35.0437 4980        asc - ok
14:18:35.0437 4980        asc3350p - ok
14:18:35.0453 4980        asc3550 - ok
14:18:35.0484 4980        AsyncMac        (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
14:18:35.0562 4980        AsyncMac - ok
14:18:35.0578 4980        atapi          (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
14:18:35.0656 4980        atapi - ok
14:18:35.0671 4980        Atdisk - ok
14:18:35.0796 4980        ati2mtag        (f27a0b0d1373d36d866f29b434b7aa92) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
14:18:35.0968 4980        ati2mtag - ok
14:18:35.0984 4980        Atmarpc        (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
14:18:36.0062 4980        Atmarpc - ok
14:18:36.0093 4980        audstub        (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
14:18:36.0171 4980        audstub - ok
14:18:36.0218 4980        AVGIDSDriver    (2d18221aab3db2d408d6c55c0f23090a) C:\WINDOWS\system32\DRIVERS\AVGIDSDriver.Sys
14:18:36.0359 4980        AVGIDSDriver - ok
14:18:36.0375 4980        AVGIDSEH        (1af676db3f3d4cc709cfab2571cf5fc3) C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys
14:18:36.0375 4980        AVGIDSEH - ok
14:18:36.0390 4980        AVGIDSFilter    (4c51e233c87f9ec7598551de554bc99d) C:\WINDOWS\system32\DRIVERS\AVGIDSFilter.Sys
14:18:36.0406 4980        AVGIDSFilter - ok
14:18:36.0437 4980        AVGIDSShim      (c3fc426e54f55c1cc3219e415b88e10c) C:\WINDOWS\system32\DRIVERS\AVGIDSShim.Sys
14:18:36.0437 4980        AVGIDSShim - ok
14:18:36.0453 4980        Avgldx86        (4e796d3d2c3182b13b3e3b5a2ad4ef0a) C:\WINDOWS\system32\DRIVERS\avgldx86.sys
14:18:36.0468 4980        Avgldx86 - ok
14:18:36.0468 4980        Avgmfx86        (5639de66b37d02bd22df4cf3155fba60) C:\WINDOWS\system32\DRIVERS\avgmfx86.sys
14:18:36.0484 4980        Avgmfx86 - ok
14:18:36.0500 4980        Avgrkx86        (d1baf652eda0ae70896276a1fb32c2d4) C:\WINDOWS\system32\DRIVERS\avgrkx86.sys
14:18:36.0515 4980        Avgrkx86 - ok
14:18:36.0546 4980        Avgtdix        (aaf0ebcad95f2164cffb544e00392498) C:\WINDOWS\system32\DRIVERS\avgtdix.sys
14:18:36.0546 4980        Avgtdix - ok
14:18:36.0593 4980        Beep            (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
14:18:36.0656 4980        Beep - ok
14:18:36.0734 4980        catchme - ok
14:18:36.0765 4980        cbidf2k        (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
14:18:36.0859 4980        cbidf2k - ok
14:18:36.0875 4980        cd20xrnt - ok
14:18:36.0875 4980        Cdaudio        (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
14:18:36.0968 4980        Cdaudio - ok
14:18:36.0984 4980        Cdfs            (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
14:18:37.0093 4980        Cdfs - ok
14:18:37.0109 4980        Cdrom          (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
14:18:37.0187 4980        Cdrom - ok
14:18:37.0187 4980        Changer - ok
14:18:37.0218 4980        CmdIde - ok
14:18:37.0234 4980        Cpqarray - ok
14:18:37.0234 4980        dac2w2k - ok
14:18:37.0250 4980        dac960nt - ok
14:18:37.0265 4980        Disk            (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
14:18:37.0343 4980        Disk - ok
14:18:37.0375 4980        dmboot          (0dcfc8395a99fecbb1ef771cec7fe4ea) C:\WINDOWS\system32\drivers\dmboot.sys
14:18:37.0484 4980        dmboot - ok
14:18:37.0484 4980        dmio            (53720ab12b48719d00e327da470a619a) C:\WINDOWS\system32\drivers\dmio.sys
14:18:37.0562 4980        dmio - ok
14:18:37.0578 4980        dmload          (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
14:18:37.0656 4980        dmload - ok
14:18:37.0687 4980        DMusic          (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
14:18:37.0765 4980        DMusic - ok
14:18:37.0781 4980        dpti2o - ok
14:18:37.0781 4980        drmkaud        (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
14:18:37.0875 4980        drmkaud - ok
14:18:37.0906 4980        Fastfat        (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
14:18:37.0984 4980        Fastfat - ok
14:18:38.0000 4980        Fdc            (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
14:18:38.0093 4980        Fdc - ok
14:18:38.0093 4980        Fips            (b0678a548587c5f1967b0d70bacad6c1) C:\WINDOWS\system32\drivers\Fips.sys
14:18:38.0187 4980        Fips - ok
14:18:38.0203 4980        Flpydisk        (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
14:18:38.0296 4980        Flpydisk - ok
14:18:38.0312 4980        FltMgr          (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
14:18:38.0406 4980        FltMgr - ok
14:18:38.0421 4980        Fs_Rec          (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
14:18:38.0500 4980        Fs_Rec - ok
14:18:38.0500 4980        Ftdisk          (8f1955ce42e1484714b542f341647778) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
14:18:38.0578 4980        Ftdisk - ok
14:18:38.0593 4980        gdrv - ok
14:18:38.0593 4980        Gpc            (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
14:18:38.0671 4980        Gpc - ok
14:18:38.0703 4980        HDAudBus        (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
14:18:38.0781 4980        HDAudBus - ok
14:18:38.0812 4980        hidusb          (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
14:18:38.0906 4980        hidusb - ok
14:18:38.0906 4980        hpn - ok
14:18:38.0937 4980        HTTP            (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
14:18:38.0984 4980        HTTP - ok
14:18:38.0984 4980        i2omgmt - ok
14:18:39.0000 4980        i2omp - ok
14:18:39.0015 4980        i8042prt        (e283b97cfbeb86c1d86baed5f7846a92) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
14:18:39.0093 4980        i8042prt - ok
14:18:39.0093 4980        Imapi          (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
14:18:39.0187 4980        Imapi - ok
14:18:39.0203 4980        ini910u - ok
14:18:39.0296 4980        IntcAzAudAddService (0c5a04f0ffaebc25ac815ee14441a8cb) C:\WINDOWS\system32\drivers\RtkHDAud.sys
14:18:39.0421 4980        IntcAzAudAddService - ok
14:18:39.0453 4980        IntelIde - ok
14:18:39.0468 4980        Ip6Fw          (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
14:18:39.0546 4980        Ip6Fw - ok
14:18:39.0578 4980        IpFilterDriver  (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
14:18:39.0656 4980        IpFilterDriver - ok
14:18:39.0671 4980        IpInIp          (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
14:18:39.0750 4980        IpInIp - ok
14:18:39.0765 4980        IpNat          (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
14:18:39.0843 4980        IpNat - ok
14:18:39.0843 4980        IPSec          (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
14:18:39.0937 4980        IPSec - ok
14:18:39.0953 4980        IRENUM          (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
14:18:40.0000 4980        IRENUM - ok
14:18:40.0015 4980        isapnp          (6dfb88f64135c525433e87648bda30de) C:\WINDOWS\system32\DRIVERS\isapnp.sys
14:18:40.0093 4980        isapnp - ok
14:18:40.0109 4980        Kbdclass        (1704d8c4c8807b889e43c649b478a452) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
14:18:40.0218 4980        Kbdclass - ok
14:18:40.0234 4980        kbdhid          (b6d6c117d771c98130497265f26d1882) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
14:18:40.0312 4980        kbdhid - ok
14:18:40.0312 4980        kmixer          (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
14:18:40.0390 4980        kmixer - ok
14:18:40.0406 4980        KSecDD          (c6ebf1d6ad71df30db49b8d3287e1368) C:\WINDOWS\system32\drivers\KSecDD.sys
14:18:40.0437 4980        KSecDD - ok
14:18:40.0468 4980        LBeepKE        (9ffd1cf2a782f2560e78eec4b8b8689e) C:\WINDOWS\system32\Drivers\LBeepKE.sys
14:18:40.0484 4980        LBeepKE - ok
14:18:40.0484 4980        lbrtfdc - ok
14:18:40.0500 4980        LHidFilt        (7f9c7b28cf1c859e1c42619eea946dc8) C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys
14:18:40.0500 4980        LHidFilt - ok
14:18:40.0515 4980        LMouFilt        (ab33792a87285344f43b5ce23421bab0) C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys
14:18:40.0531 4980        LMouFilt - ok
14:18:40.0546 4980        LUsbFilt        (77030525cd86a93f1af34fa9b96d33ce) C:\WINDOWS\system32\Drivers\LUsbFilt.Sys
14:18:40.0546 4980        LUsbFilt - ok
14:18:40.0578 4980        MBAMProtector  (69a6268d7f81e53d568ab4e7e991caf3) C:\WINDOWS\system32\drivers\mbam.sys
14:18:40.0578 4980        MBAMProtector - ok
14:18:40.0609 4980        mnmdd          (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
14:18:40.0687 4980        mnmdd - ok
14:18:40.0703 4980        Modem          (6fb74ebd4ec57a6f1781de3852cc3362) C:\WINDOWS\system32\drivers\Modem.sys
14:18:40.0781 4980        Modem - ok
14:18:40.0812 4980        Monfilt        (9fa7207d1b1adead88ae8eed9cdbbaa5) C:\WINDOWS\system32\drivers\Monfilt.sys
14:18:40.0875 4980        Monfilt - ok
14:18:40.0875 4980        Mouclass        (b24ce8005deab254c0251e15cb71d802) C:\WINDOWS\system32\DRIVERS\mouclass.sys
14:18:40.0953 4980        Mouclass - ok
14:18:40.0968 4980        mouhid          (66a6f73c74e1791464160a7065ce711a) C:\WINDOWS\system32\DRIVERS\mouhid.sys
14:18:41.0046 4980        mouhid - ok
14:18:41.0062 4980        MountMgr        (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
14:18:41.0125 4980        MountMgr - ok
14:18:41.0140 4980        mraid35x - ok
14:18:41.0140 4980        MRxDAV          (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
14:18:41.0234 4980        MRxDAV - ok
14:18:41.0250 4980        MRxSmb          (fb2fccc70f7174c7bf64f48e96d3adf4) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
14:18:41.0281 4980        MRxSmb - ok
14:18:41.0296 4980        Msfs            (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
14:18:41.0375 4980        Msfs - ok
14:18:41.0406 4980        MSKSSRV        (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
14:18:41.0484 4980        MSKSSRV - ok
14:18:41.0484 4980        MSPCLOCK        (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
14:18:41.0578 4980        MSPCLOCK - ok
14:18:41.0578 4980        MSPQM          (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
14:18:41.0656 4980        MSPQM - ok
14:18:41.0671 4980        mssmbios        (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
14:18:41.0765 4980        mssmbios - ok
14:18:41.0765 4980        Mup            (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
14:18:41.0796 4980        Mup - ok
14:18:41.0812 4980        NDIS            (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
14:18:41.0890 4980        NDIS - ok
14:18:41.0906 4980        NdisTapi        (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
14:18:41.0921 4980        NdisTapi - ok
14:18:41.0937 4980        Ndisuio        (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
14:18:42.0015 4980        Ndisuio - ok
14:18:42.0031 4980        NdisWan        (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
14:18:42.0109 4980        NdisWan - ok
14:18:42.0125 4980        NDProxy        (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
14:18:42.0140 4980        NDProxy - ok
14:18:42.0140 4980        NetBIOS        (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
14:18:42.0234 4980        NetBIOS - ok
14:18:42.0234 4980        NetBT          (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
14:18:42.0312 4980        NetBT - ok
14:18:42.0343 4980        NIC1394        (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
14:18:42.0437 4980        NIC1394 - ok
14:18:42.0453 4980        Npfs            (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
14:18:42.0531 4980        Npfs - ok
14:18:42.0562 4980        Ntfs            (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
14:18:42.0640 4980        Ntfs - ok
14:18:42.0671 4980        Null            (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
14:18:42.0750 4980        Null - ok
14:18:42.0765 4980        NwlnkFlt        (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
14:18:42.0843 4980        NwlnkFlt - ok
14:18:42.0843 4980        NwlnkFwd        (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
14:18:42.0921 4980        NwlnkFwd - ok
14:18:42.0937 4980        ohci1394        (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
14:18:43.0015 4980        ohci1394 - ok
14:18:43.0031 4980        Parport        (f84785660305b9b903fb3bca8ba29837) C:\WINDOWS\system32\DRIVERS\parport.sys
14:18:43.0109 4980        Parport - ok
14:18:43.0109 4980        PartMgr        (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
14:18:43.0187 4980        PartMgr - ok
14:18:43.0203 4980        ParVdm          (c2bf987829099a3eaa2ca6a0a90ecb4f) C:\WINDOWS\system32\drivers\ParVdm.sys
14:18:43.0281 4980        ParVdm - ok
14:18:43.0281 4980        PCI            (387e8dedc343aa2d1efbc30580273acd) C:\WINDOWS\system32\DRIVERS\pci.sys
14:18:43.0375 4980        PCI - ok
14:18:43.0390 4980        PCIDump - ok
14:18:43.0390 4980        PCIIde          (59ba86d9a61cbcf4df8e598c331f5b82) C:\WINDOWS\system32\DRIVERS\pciide.sys
14:18:43.0468 4980        PCIIde - ok
14:18:43.0484 4980        Pcmcia          (a2a966b77d61847d61a3051df87c8c97) C:\WINDOWS\system32\drivers\Pcmcia.sys
14:18:43.0562 4980        Pcmcia - ok
14:18:43.0578 4980        PDCOMP - ok
14:18:43.0578 4980        PDFRAME - ok
14:18:43.0593 4980        PDRELI - ok
14:18:43.0593 4980        PDRFRAME - ok
14:18:43.0609 4980        perc2 - ok
14:18:43.0609 4980        perc2hib - ok
14:18:43.0640 4980        PptpMiniport    (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
14:18:43.0718 4980        PptpMiniport - ok
14:18:43.0734 4980        Processor      (2cb55427c58679f49ad600fccba76360) C:\WINDOWS\system32\DRIVERS\processr.sys
14:18:43.0812 4980        Processor - ok
14:18:43.0828 4980        PSched          (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
14:18:43.0906 4980        PSched - ok
14:18:43.0921 4980        Ptilink        (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
14:18:43.0984 4980        Ptilink - ok
14:18:44.0000 4980        PxHelp20        (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
14:18:44.0015 4980        PxHelp20 - ok
14:18:44.0015 4980        ql1080 - ok
14:18:44.0031 4980        Ql10wnt - ok
14:18:44.0031 4980        ql12160 - ok
14:18:44.0046 4980        ql1240 - ok
14:18:44.0046 4980        ql1280 - ok
14:18:44.0062 4980        RasAcd          (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
14:18:44.0140 4980        RasAcd - ok
14:18:44.0156 4980        Rasl2tp        (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
14:18:44.0234 4980        Rasl2tp - ok
14:18:44.0234 4980        RasPppoe        (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
14:18:44.0328 4980        RasPppoe - ok
14:18:44.0328 4980        Raspti          (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
14:18:44.0406 4980        Raspti - ok
14:18:44.0406 4980        Rdbss          (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
14:18:44.0484 4980        Rdbss - ok
14:18:44.0500 4980        RDPCDD          (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
14:18:44.0578 4980        RDPCDD - ok
14:18:44.0609 4980        rdpdr          (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
14:18:44.0671 4980        rdpdr - ok
14:18:44.0703 4980        RDPWD          (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
14:18:44.0718 4980        RDPWD - ok
14:18:44.0750 4980        redbook        (ed761d453856f795a7fe056e42c36365) C:\WINDOWS\system32\DRIVERS\redbook.sys
14:18:44.0828 4980        redbook - ok
14:18:44.0921 4980        RTHDMIAzAudService (1674a34f0084bffdec2dcdb1625a87f0) C:\WINDOWS\system32\drivers\RtKHDMI.sys
14:18:45.0015 4980        RTHDMIAzAudService - ok
14:18:45.0031 4980        RTLE8023xp      (00fd6811350e175585abcf7d4a61dd90) C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
14:18:45.0046 4980        RTLE8023xp - ok
14:18:45.0093 4980        SaiH0464        (de7a2fc379671998865122a08fd9db52) C:\WINDOWS\system32\DRIVERS\SaiH0464.sys
14:18:45.0093 4980        SaiH0464 - ok
14:18:45.0109 4980        SaiMini - ok
14:18:45.0125 4980        SaiNtBus - ok
14:18:45.0187 4980        SASDIFSV        (39763504067962108505bff25f024345) C:\Programme\SUPERAntiSpyware\SASDIFSV.SYS
14:18:45.0203 4980        SASDIFSV - ok
14:18:45.0203 4980        SASKUTIL        (77b9fc20084b48408ad3e87570eb4a85) C:\Programme\SUPERAntiSpyware\SASKUTIL.SYS
14:18:45.0218 4980        SASKUTIL - ok
14:18:45.0250 4980        Secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
14:18:45.0281 4980        Secdrv - ok
14:18:45.0296 4980        serenum        (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
14:18:45.0359 4980        serenum - ok
14:18:45.0375 4980        Serial          (cf24eb4f0412c82bcd1f4f35a025e31d) C:\WINDOWS\system32\DRIVERS\serial.sys
14:18:45.0468 4980        Serial - ok
14:18:45.0500 4980        Sfloppy        (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
14:18:45.0578 4980        Sfloppy - ok
14:18:45.0593 4980        Simbad - ok
14:18:45.0625 4980        snapman378      (793f65aac52e5eccb83e6d9de054c865) C:\WINDOWS\system32\DRIVERS\snman378.sys
14:18:45.0640 4980        snapman378 - ok
14:18:45.0640 4980        Sparrow - ok
14:18:45.0656 4980        splitter        (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
14:18:45.0734 4980        splitter - ok
14:18:45.0750 4980        sr              (50fa898f8c032796d3b1b9951bb5a90f) C:\WINDOWS\system32\DRIVERS\sr.sys
14:18:45.0781 4980        sr - ok
14:18:45.0812 4980        Srv            (9b390283569ea58d43d2586032b892f5) C:\WINDOWS\system32\DRIVERS\srv.sys
14:18:45.0828 4980        Srv - ok
14:18:45.0859 4980        StarOpen        (e57b778208c783d8debab320c16a1b82) C:\WINDOWS\system32\drivers\StarOpen.sys
14:18:45.0875 4980        StarOpen ( UnsignedFile.Multi.Generic ) - warning
14:18:45.0875 4980        StarOpen - detected UnsignedFile.Multi.Generic (1)
14:18:45.0890 4980        swenum          (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
14:18:45.0968 4980        swenum - ok
14:18:45.0984 4980        swmidi          (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
14:18:46.0062 4980        swmidi - ok
14:18:46.0078 4980        symc810 - ok
14:18:46.0078 4980        symc8xx - ok
14:18:46.0093 4980        sym_hi - ok
14:18:46.0093 4980        sym_u3 - ok
14:18:46.0125 4980        sysaudio        (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
14:18:46.0187 4980        sysaudio - ok
14:18:46.0234 4980        Tcpip          (ad978a1b783b5719720cff204b666c8e) C:\WINDOWS\system32\DRIVERS\tcpip.sys
14:18:46.0265 4980        Tcpip - ok
14:18:46.0296 4980        TDPIPE          (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
14:18:46.0375 4980        TDPIPE - ok
14:18:46.0406 4980        tdrpman124      (1c66bd6c1c2463514635cdd9443eb0e9) C:\WINDOWS\system32\DRIVERS\tdrpm124.sys
14:18:46.0437 4980        tdrpman124 - ok
14:18:46.0453 4980        TDTCP          (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
14:18:46.0531 4980        TDTCP - ok
14:18:46.0546 4980        TermDD          (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
14:18:46.0625 4980        TermDD - ok
14:18:46.0640 4980        tifsfilter      (d28aaf9a30b4b1a43310dcbdb4fd13bf) C:\WINDOWS\system32\DRIVERS\tifsfilt.sys
14:18:46.0640 4980        tifsfilter - ok
14:18:46.0656 4980        timounter      (4362215c82a3abe14ebb409289136a8b) C:\WINDOWS\system32\DRIVERS\timntr.sys
14:18:46.0687 4980        timounter - ok
14:18:46.0687 4980        TosIde - ok
14:18:46.0750 4980        Udfs            (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
14:18:46.0828 4980        Udfs - ok
14:18:46.0828 4980        ultra - ok
14:18:46.0843 4980        Update          (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
14:18:46.0921 4980        Update - ok
14:18:46.0968 4980        usbaudio        (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
14:18:47.0062 4980        usbaudio - ok
14:18:47.0062 4980        usbccgp        (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
14:18:47.0140 4980        usbccgp - ok
14:18:47.0140 4980        usbehci        (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
14:18:47.0218 4980        usbehci - ok
14:18:47.0218 4980        usbhub          (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
14:18:47.0296 4980        usbhub - ok
14:18:47.0312 4980        usbohci        (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
14:18:47.0390 4980        usbohci - ok
14:18:47.0421 4980        USBSTOR        (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
14:18:47.0500 4980        USBSTOR - ok
14:18:47.0515 4980        VgaSave        (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
14:18:47.0593 4980        VgaSave - ok
14:18:47.0609 4980        ViaIde - ok
14:18:47.0609 4980        VolSnap        (a5a712f4e880874a477af790b5186e1d) C:\WINDOWS\system32\drivers\VolSnap.sys
14:18:47.0687 4980        VolSnap - ok
14:18:47.0703 4980        Wanarp          (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
14:18:47.0781 4980        Wanarp - ok
14:18:47.0812 4980        Wdf01000        (fd47474bd21794508af449d9d91af6e6) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
14:18:47.0828 4980        Wdf01000 - ok
14:18:47.0843 4980        WDICA - ok
14:18:47.0875 4980        wdmaud          (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
14:18:47.0937 4980        wdmaud - ok
14:18:47.0968 4980        WmiAcpi        (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
14:18:48.0046 4980        WmiAcpi - ok
14:18:48.0093 4980        WpdUsb          (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
14:18:48.0125 4980        WpdUsb - ok
14:18:48.0140 4980        WudfPf          (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
14:18:48.0171 4980        WudfPf - ok
14:18:48.0171 4980        WudfRd          (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
14:18:48.0187 4980        WudfRd - ok
14:18:48.0218 4980        MBR (0x1B8)    (72b8ce41af0de751c946802b3ed844b4) \Device\Harddisk0\DR0
14:18:48.0359 4980        \Device\Harddisk0\DR0 - ok
14:18:48.0375 4980        Boot (0x1200)  (ddfa81ffb0b5f6df68589331c0170dc1) \Device\Harddisk0\DR0\Partition0
14:18:48.0375 4980        \Device\Harddisk0\DR0\Partition0 - ok
14:18:48.0406 4980        Boot (0x1200)  (cf4e7cbeb8e7a03a07e7300dafd9c0c3) \Device\Harddisk0\DR0\Partition1
14:18:48.0406 4980        \Device\Harddisk0\DR0\Partition1 - ok
14:18:48.0406 4980        ============================================================
14:18:48.0406 4980        Scan finished
14:18:48.0406 4980        ============================================================
14:18:48.0531 4864        Detected object count: 1
14:18:48.0531 4864        Actual detected object count: 1
14:19:14.0546 4864        StarOpen ( UnsignedFile.Multi.Generic ) - skipped by user
14:19:14.0546 4864        StarOpen ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:22:33.0921 2620        Deinitialize success

cosinus 12.12.2011 14:29
Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.

issus 12.12.2011 14:58
Combofix:
Code:
ComboFix 11-12-12.01 - Kunde 12.12.2011  14:41:09.2.2 - x86
Microsoft Windows XP Professional  5.1.2600.3.1252.49.1031.18.2814.2072 [GMT 1:00]
ausgeführt von:: c:\dokumente und einstellungen\Internet\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2011 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
.
(((((((((((((((((((((((  Dateien erstellt von 2011-11-12 bis 2011-12-12  ))))))))))))))))))))))))))))))
.
.
2011-12-12 10:23 . 2011-12-12 10:24        --------        d-----w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\AVG Secure Search
2011-12-12 10:23 . 2011-12-12 10:23        --------        d-----w-        c:\programme\Gemeinsame Dateien\AVG Secure Search
2011-12-12 10:23 . 2011-12-12 10:23        --------        d-----w-        c:\programme\AVG Secure Search
2011-12-11 21:40 . 2009-11-12 12:48        5504        ----a-w-        c:\windows\system32\drivers\StarOpen.sys
2011-12-11 11:39 . 2011-12-11 11:40        --------        d-----w-        c:\programme\Gemeinsame Dateien\DVDVideoSoft
2011-12-11 11:39 . 2011-12-11 11:39        --------        d-----w-        c:\programme\DVDVideoSoft
2011-12-11 09:44 . 2011-03-04 19:44        126448        ------w-        c:\windows\system32\pxinsi64.exe
2011-12-11 09:44 . 2011-03-04 19:44        123888        ------w-        c:\windows\system32\pxcpyi64.exe
2011-12-11 09:44 . 2011-03-04 19:44        59888        ------w-        c:\windows\system32\pxwma.dll
2011-12-11 09:00 . 2011-12-12 13:33        --------        d-----w-        c:\dokumente und einstellungen\INet
2011-12-10 10:16 . 2011-12-10 10:16        --------        d-----w-        c:\dokumente und einstellungen\Kunde\Anwendungsdaten\SUPERAntiSpyware.com
2011-12-10 10:14 . 2011-12-10 10:16        --------        d-----w-        c:\programme\SUPERAntiSpyware
2011-12-10 10:14 . 2011-12-10 10:14        --------        d-----w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\SUPERAntiSpyware.com
2011-12-08 17:14 . 2011-12-08 17:14        --------        d-----w-        C:\_OTL
2011-12-06 19:52 . 2011-12-10 09:18        --------        d-----w-        c:\programme\Malwarebytes' Anti-Malware
2011-12-06 19:52 . 2011-08-31 16:00        22216        ----a-w-        c:\windows\system32\drivers\mbam.sys
2011-12-06 19:39 . 2011-12-06 19:39        --------        d-----w-        c:\programme\ESET
2011-12-06 17:35 . 2011-12-06 17:35        --------        d-----w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\ATI
2011-12-06 17:34 . 2011-12-06 17:34        --------        d-----w-        c:\programme\AMD APP
2011-12-06 17:33 . 2011-10-26 02:59        311296        ----a-w-        c:\windows\system32\atiiiexx.dll
2011-12-06 17:33 . 2011-10-26 02:06        466944        ----a-w-        c:\windows\system32\ATIDEMGX.dll
2011-12-06 17:32 . 2011-12-06 17:33        --------        d-----w-        c:\programme\ATI Technologies
2011-12-06 17:32 . 2011-12-06 17:32        --------        d-----w-        C:\ATI
2011-12-06 17:22 . 2011-12-06 17:22        --------        d-----w-        c:\dokumente und einstellungen\NetworkService\Lokale Einstellungen\Anwendungsdaten\Google
2011-12-06 17:19 . 2011-12-06 17:19        --------        d-----w-        c:\dokumente und einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\Google
2011-12-06 17:19 . 2011-12-06 17:21        --------        d-----w-        c:\dokumente und einstellungen\Kunde\Lokale Einstellungen\Anwendungsdaten\Google
2011-12-06 17:19 . 2011-12-06 17:21        --------        d-----w-        c:\programme\Google
2011-12-05 18:43 . 2011-12-05 18:43        --------        d-----w-        c:\programme\ATI
2011-12-05 18:03 . 2011-12-05 18:03        --------        d-----w-        c:\windows\system32\wbem\Repository
2011-12-05 17:20 . 2011-12-05 17:20        --------        d-----w-        c:\dokumente und einstellungen\Internet\Anwendungsdaten\Malwarebytes
2011-12-05 17:13 . 2011-12-05 17:13        --------        d-----w-        c:\dokumente und einstellungen\Kunde\Anwendungsdaten\Malwarebytes
2011-12-05 17:12 . 2011-12-05 17:12        --------        d-----w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\Malwarebytes
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-13 10:14 . 2011-06-04 13:24        414368        ----a-w-        c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-26 03:01 . 2009-06-03 21:00        7412736        ----a-w-        c:\windows\system32\drivers\ati2mtag.sys
2011-10-26 02:30 . 2011-06-25 08:45        57344        ----a-w-        c:\windows\system32\aticalrt.dll
2011-10-26 02:30 . 2011-06-25 08:45        53248        ----a-w-        c:\windows\system32\aticalcl.dll
2011-10-26 02:27 . 2011-06-25 08:45        5890048        ----a-w-        c:\windows\system32\aticaldd.dll
2011-10-26 02:16 . 2011-06-25 08:45        18968576        ----a-w-        c:\windows\system32\atioglxx.dll
2011-10-26 02:04 . 2009-06-03 19:50        304128        ----a-w-        c:\windows\system32\ati2dvag.dll
2011-10-26 02:04 . 2009-06-03 19:18        4004864        ----a-w-        c:\windows\system32\ati3duag.dll
2011-10-26 01:58 . 2011-06-25 08:45        956160        ----a-w-        c:\windows\system32\ativvamv.dll
2011-10-26 01:44 . 2009-06-03 19:03        3286400        ----a-w-        c:\windows\system32\ativvaxx.dll
2011-10-26 01:44 . 2011-06-25 08:45        212992        ----a-w-        c:\windows\system32\atipdlxx.dll
2011-10-26 01:43 . 2011-06-25 08:45        155648        ----a-w-        c:\windows\system32\Oemdspif.dll
2011-10-26 01:43 . 2011-06-25 08:45        26112        ----a-w-        c:\windows\system32\Ati2mdxx.exe
2011-10-26 01:43 . 2011-06-25 08:45        43520        ----a-w-        c:\windows\system32\ati2edxx.dll
2011-10-26 01:43 . 2011-06-25 08:45        188416        ------w-        c:\windows\system32\ati2evxx.dll
2011-10-26 01:42 . 2011-06-25 08:45        643072        ----a-w-        c:\windows\system32\ati2evxx.exe
2011-10-26 01:40 . 2011-06-25 08:45        53248        ----a-w-        c:\windows\system32\ATIDDC.DLL
2011-10-26 01:39 . 2011-06-25 08:45        159744        ----a-w-        c:\windows\system32\atiapfxx.exe
2011-10-26 01:35 . 2011-06-25 08:45        806912        ----a-w-        c:\windows\system32\atikvmag.dll
2011-10-26 01:34 . 2011-06-25 08:45        499712        ----a-w-        c:\windows\system32\atiok3x2.dll
2011-10-26 01:30 . 2011-06-25 08:45        229376        ------w-        c:\windows\system32\atiadlxx.dll
2011-10-26 01:30 . 2011-06-25 08:45        17408        ----a-w-        c:\windows\system32\atitvo32.dll
2011-10-26 01:25 . 2011-06-25 08:45        65024        ----a-w-        c:\windows\system32\atimpc32.dll
2011-10-26 01:25 . 2011-06-25 08:45        65024        ----a-w-        c:\windows\system32\amdpcom32.dll
2011-10-26 01:24 . 2011-06-25 08:45        53248        ----a-w-        c:\windows\system32\drivers\ati2erec.dll
2011-10-26 01:24 . 2009-06-03 18:33        884736        ----a-w-        c:\windows\system32\ati2cqag.dll
2011-10-25 20:21 . 2011-10-25 20:21        56832        ----a-w-        c:\windows\system32\OpenVideo.dll
2011-10-25 20:21 . 2011-10-25 20:21        56832        ----a-w-        c:\windows\system32\OVDecoder.dll
2011-10-25 20:20 . 2011-10-25 20:20        13950464        ----a-w-        c:\windows\system32\amdocl.dll
2011-10-10 14:21 . 2009-10-02 18:33        692736        ----a-w-        c:\windows\system32\inetcomm.dll
2011-09-28 07:06 . 2008-04-14 05:52        604160        ----a-w-        c:\windows\system32\crypt32.dll
2011-09-26 09:41 . 2008-07-29 15:29        614912        ----a-w-        c:\windows\system32\uiautomationcore.dll
2011-09-26 09:41 . 2001-08-23 12:00        23040        ----a-w-        c:\windows\system32\oleaccrc.dll
2011-09-26 09:41 . 2001-08-23 12:00        220160        ----a-w-        c:\windows\system32\oleacc.dll
.
.
(((((((((((((((((((((((((((((  SnapShot@2011-12-08_20.55.31  )))))))))))))))))))))))))))))))))))))))))
.
- 2001-08-23 12:00 . 2011-12-08 17:21        69048              c:\windows\system32\perfc009.dat
+ 2001-08-23 12:00 . 2011-12-12 12:47        69048              c:\windows\system32\perfc009.dat
+ 2001-08-23 12:00 . 2011-12-12 12:47        81948              c:\windows\system32\perfc007.dat
- 2001-08-23 12:00 . 2011-12-08 17:21        81948              c:\windows\system32\perfc007.dat
- 2009-10-02 18:43 . 2009-11-02 23:39        32768              c:\windows\system32\config\systemprofile\Lokale Einstellungen\Verlauf\History.IE5\index.dat
+ 2009-10-02 18:43 . 2011-12-12 10:23        32768              c:\windows\system32\config\systemprofile\Lokale Einstellungen\Verlauf\History.IE5\index.dat
- 2009-10-02 18:43 . 2009-11-02 23:39        32768              c:\windows\system32\config\systemprofile\Lokale Einstellungen\Temporary Internet Files\Content.IE5\index.dat
+ 2009-10-02 18:43 . 2011-12-12 10:23        32768              c:\windows\system32\config\systemprofile\Lokale Einstellungen\Temporary Internet Files\Content.IE5\index.dat
- 2009-10-02 18:43 . 2009-11-02 23:39        16384              c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2011-12-12 10:23 . 2011-12-12 10:23        16384              c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2011-12-11 11:39 . 2011-12-11 11:39        73728              c:\windows\assembly\GAC_MSIL\Google.GData.YouTube\1.9.0.0__af04a32718ae8833\Google.GData.YouTube.dll
+ 2011-12-11 11:39 . 2011-12-11 11:39        90112              c:\windows\assembly\GAC_MSIL\Google.GData.Extensions\1.9.0.0__0b4c5df2ebf20876\Google.GData.Extensions.dll
+ 2009-10-24 08:30 . 2011-03-04 19:44        100848              c:\windows\system32\vxblock.dll
- 2009-10-24 08:30 . 2010-07-12 18:36        100848              c:\windows\system32\vxblock.dll
- 2009-10-24 08:30 . 2010-07-12 18:36        440816              c:\windows\system32\pxwave.dll
+ 2009-10-24 08:30 . 2011-03-04 19:44        440816              c:\windows\system32\pxwave.dll
+ 2009-10-24 08:30 . 2011-03-04 19:44        219632              c:\windows\system32\pxmas.dll
- 2009-10-24 08:30 . 2010-07-12 18:36        219632              c:\windows\system32\pxmas.dll
+ 2009-10-24 08:30 . 2011-03-04 19:44        571888              c:\windows\system32\pxdrv.dll
+ 2009-10-24 08:31 . 2011-03-04 19:44        133616              c:\windows\system32\pxafs.dll
- 2009-10-24 08:31 . 2010-07-12 18:36        133616              c:\windows\system32\pxafs.dll
+ 2009-10-24 08:30 . 2011-03-04 19:44        698864              c:\windows\system32\px.dll
- 2009-10-24 08:30 . 2010-07-12 18:36        698864              c:\windows\system32\px.dll
- 2001-08-23 12:00 . 2011-12-08 17:21        436344              c:\windows\system32\perfh009.dat
+ 2001-08-23 12:00 . 2011-12-12 12:47        436344              c:\windows\system32\perfh009.dat
+ 2001-08-23 12:00 . 2011-12-12 12:47        453482              c:\windows\system32\perfh007.dat
- 2001-08-23 12:00 . 2011-12-08 17:21        453482              c:\windows\system32\perfh007.dat
- 2011-11-26 16:53 . 2011-11-26 16:53        110232              c:\windows\assembly\GAC_MSIL\Microsoft.WindowsAPICodePack\1.1.0.0__31bf3856ad364e35\Microsoft.WindowsAPICodePack.dll
+ 2011-12-11 11:39 . 2011-12-11 11:39        110232              c:\windows\assembly\GAC_MSIL\Microsoft.WindowsAPICodePack\1.1.0.0__31bf3856ad364e35\Microsoft.WindowsAPICodePack.dll
+ 2011-12-11 11:39 . 2011-12-11 11:39        546968              c:\windows\assembly\GAC_MSIL\Microsoft.WindowsAPICodePack.Shell\1.1.0.0__31bf3856ad364e35\Microsoft.WindowsAPICodePack.Shell.dll
- 2011-11-26 16:53 . 2011-11-26 16:53        546968              c:\windows\assembly\GAC_MSIL\Microsoft.WindowsAPICodePack.Shell\1.1.0.0__31bf3856ad364e35\Microsoft.WindowsAPICodePack.Shell.dll
+ 2011-12-11 11:39 . 2011-12-11 11:39        204800              c:\windows\assembly\GAC_MSIL\Google.GData.Client\1.9.0.0__04a59ca9b0273830\Google.GData.Client.dll
+ 2009-10-24 08:30 . 2011-03-04 19:44        2095600              c:\windows\system32\pxsfs.dll
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2011-12-12 10:23        1547104        ----a-w-        c:\programme\AVG Secure Search\9.0.0.18\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\programme\AVG Secure Search\9.0.0.18\AVG Secure Search_toolbar.dll" [2011-12-12 1547104]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RocketDock"="c:\programme\RocketDock\RocketDock.exe" [2007-09-02 495616]
"SpybotSD TeaTimer"="c:\programme\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"\\SLAVE\EPSON S22 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIGEE.EXE" [2009-09-14 200704]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="c:\programme\Gemeinsame Dateien\Nero\Lib\NeroCheck.exe" [2007-03-01 153136]
"TrueImageMonitor.exe"="c:\programme\Acronis\TrueImageHome\TrueImageMonitor.exe" [2008-09-15 4353088]
"AcronisTimounterMonitor"="c:\programme\Acronis\TrueImageHome\TimounterMonitor.exe" [2008-09-15 962456]
"ProfilerU"="c:\programme\Saitek\SD6\Software\ProfilerU.exe" [2009-06-03 237568]
"SaiMfd"="c:\programme\Saitek\SD6\Software\SaiMfd.exe" [2009-06-03 131072]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 55824]
"Acronis Scheduler2 Service"="c:\programme\Gemeinsame Dateien\Acronis\Schedule2\schedhlp.exe" [2008-09-15 165144]
"AVG_TRAY"="c:\programme\AVG\AVG10\avgtray.exe" [2011-09-10 2338656]
"Adobe ARM"="c:\programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"DivXUpdate"="c:\programme\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"StartCCC"="c:\programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-10-25 98304]
"Malwarebytes' Anti-Malware"="c:\programme\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]
"vProt"="c:\programme\AVG Secure Search\vprot.exe" [2011-12-12 827232]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\dokumente und einstellungen\Administrator\Startmenü\Programme\Autostart\
Logitech SetPoint.lnk - c:\programme\Logitech\SetPoint\SetPoint.exe [2009-10-30 813584]
.
c:\dokumente und einstellungen\Kunde\Eigene Dateien\Startmenü\Programme\Autostart\
Logitech . Produktregistrierung.lnk.disabled [2009-11-1 967]
.
c:\dokumente und einstellungen\Internet\Startmenü\Programme\Autostart\
Logitech SetPoint.lnk - c:\programme\Logitech\SetPoint\SetPoint.exe [2009-10-30 813584]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\programme\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54        551296        ----a-w-        c:\programme\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2009-07-20 11:28        72208        ----a-w-        c:\programme\Gemeinsame Dateien\Logishrd\Bluetooth\LBTWLgn.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute        REG_MULTI_SZ          autocheck autochk *\0c:\progra~1\AVG\AVG10\avgchsvx.exe /sync\0c:\progra~1\AVG\AVG10\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"NBKeyScan"="c:\programme\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
"RTHDCPL"=RTHDCPL.EXE
"<NO NAME>"=
"RemoteControl"=c:\programme\CyberLink\PowerDVD\PDVDServ.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programme\\Bonjour\\mDNSResponder.exe"=
"d:\\xampp\\apache\\bin\\httpd.exe"=
"d:\\xampp\\mysql\\bin\\mysqld.exe"=
"c:\\Programme\\Civilization 4\\Civilization4.exe"=
"c:\\Programme\\Civilization 4\\Warlords\\Civ4Warlords.exe"=
"c:\\Programme\\Civilization 4\\Warlords\\Civ4Warlords_PitBoss.exe"=
"c:\\Programme\\Civilization 4\\Beyond the Sword\\Civ4BeyondSword.exe"=
"c:\\Programme\\Civilization 4\\Beyond the Sword\\Civ4BeyondSword_PitBoss.exe"=
"d:\\PokerTH\\pokerth.exe"=
"c:\\Programme\\Opera\\opera.exe"=
"c:\\Programme\\AVG\\AVG10\\avgmfapx.exe"=
"c:\\Programme\\AVG\\AVG10\\avgdiagex.exe"=
"c:\\Programme\\AVG\\AVG10\\avgnsx.exe"=
"c:\\Programme\\AVG\\AVG10\\avgemcx.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"7234:TCP"= 7234:TCP:PokerTH
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [13.09.2010 16:27 22992]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [07.09.2010 03:48 32592]
R0 snapman378;Acronis Snapshots Manager (Build 378);c:\windows\system32\drivers\snman378.sys [02.10.2009 16:31 134272]
R0 tdrpman124;Acronis Try&Decide and Restore Points filter (build 124);c:\windows\system32\drivers\tdrpm124.sys [02.10.2009 16:31 950848]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [07.09.2010 03:48 248656]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [07.09.2010 03:49 297168]
R1 SASDIFSV;SASDIFSV;c:\programme\SUPERAntiSpyware\sasdifsv.sys [22.07.2011 17:27 12880]
R1 SASKUTIL;SASKUTIL;c:\programme\SUPERAntiSpyware\SASKUTIL.SYS [12.07.2011 22:55 67664]
R2 !SASCORE;SAS Core Service;c:\programme\SUPERAntiSpyware\SASCore.exe [12.08.2011 00:38 116608]
R2 AVGIDSAgent;AVGIDSAgent;c:\programme\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [18.08.2011 00:33 7390560]
R2 avgwd;AVG WatchDog;c:\programme\AVG\AVG10\avgwdsvc.exe [08.02.2011 04:33 269520]
R2 BCUService;Browser Configuration Utility Service;c:\programme\DeviceVM\Browser Configuration Utility\BCUService.exe [02.10.2009 19:45 212232]
R2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [30.10.2009 15:23 10384]
R2 MBAMService;MBAMService;c:\programme\Malwarebytes' Anti-Malware\mbamservice.exe [06.12.2011 20:52 366152]
R2 vToolbarUpdater;vToolbarUpdater;c:\programme\Gemeinsame Dateien\AVG Secure Search\vToolbarUpdater\9.0.1\ToolbarUpdater.exe [12.12.2011 11:23 855904]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [19.08.2010 21:42 134480]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [19.08.2010 21:42 24144]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [19.08.2010 21:42 27216]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [06.12.2011 20:52 22216]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [02.10.2009 19:51 1684736]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\programme\AVG\AVG10\Toolbar\ToolbarBroker.exe [02.05.2011 16:30 167264]
S3 SaiH0464;SaiH0464;c:\windows\system32\drivers\SaiH0464.sys [01.05.2007 12:07 132232]
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - 63766892
*Deregistered* - 63766892
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://google.com/
uInternet Settings,ProxyOverride = *.local
IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{9CB959E8-144F-4860-9715-EA9E319418F3}: NameServer = 213.73.91.35,194.95.202.198
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\programme\Gemeinsame Dateien\AVG Secure Search\ViProtocolInstaller\9.0.1\ViProtocol.dll
FF - ProfilePath - c:\dokumente und einstellungen\Kunde\Anwendungsdaten\Mozilla\Firefox\Profiles\xwlrh1o1.default\
FF - prefs.js: browser.startup.homepage - hxxp://yahoo.de
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2011-12-12 14:46
Windows 5.1.2600 Service Pack 3 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-1060284298-1214440339-682003330-1004\Software\Microsoft\Windows\CurrentVersion\UnreadMail\e-post@um-fritz.de]
@Denied: (Full) (Administrators)
"MessageCount"=dword:00000004
"TimeStamp"=hex:7e,b6,8e,70,5f,a0,ca,01
"Application"="%SystemDrive%\\PROGRA~1\\MICROS~2\\OFFICE11\\OUTLOOK.EXE /profile Outlook"
"MessageExpiryDays"=dword:00000000
.
[HKEY_USERS\S-1-5-21-1060284298-1214440339-682003330-1004\Software\Microsoft\Windows\CurrentVersion\UnreadMail\uli.fritz@t-online.de]
@Denied: (Full) (Administrators)
"MessageCount"=dword:00000003
"TimeStamp"=hex:ea,8a,e4,3c,7a,4f,cb,01
"Application"="%SystemDrive%\\PROGRA~1\\MICROS~2\\OFFICE11\\OUTLOOK.EXE /profile Outlook"
"MessageExpiryDays"=dword:00000000
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'winlogon.exe'(1032)
c:\programme\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\atiadlxx.dll
c:\programme\gemeinsame dateien\logishrd\bluetooth\LBTWlgn.dll
c:\programme\gemeinsame dateien\logishrd\bluetooth\LBTServ.dll
.
- - - - - - - > 'explorer.exe'(3936)
c:\programme\Logitech\SetPoint\lgscroll.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Zeit der Fertigstellung: 2011-12-12  14:48:16
ComboFix-quarantined-files.txt  2011-12-12 13:48
ComboFix2.txt  2011-12-08 20:57
.
Vor Suchlauf: 9 Verzeichnis(se), 235.580.096.512 Bytes frei
Nach Suchlauf: 10 Verzeichnis(se), 235.567.439.872 Bytes frei
.
- - End Of File - - 1D856F7F13E9A3782066E75EA2F975FF

cosinus 12.12.2011 15:26
Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.

Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM!

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
  • Starte die aswMBR.exe - (aswMBR.exe Anleitung)
    Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
    Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS-Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).

issus 12.12.2011 18:13
GMER:
Code:
GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2011-12-12 17:37:50
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 ST31000528AS rev.CC35
Running: 8d2wyc5l.exe; Driver: C:\DOKUME~1\Kunde\LOKALE~1\Temp\pgtdypog.sys


---- System - GMER 1.0.15 ----

SSDT            \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. )  ZwOpenProcess [0xAE0C6738]
SSDT            \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. )  ZwTerminateProcess [0xAE0C67DC]
SSDT            \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. )  ZwTerminateThread [0xAE0C6878]
SSDT            \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. )  ZwWriteVirtualMemory [0xAE0C6914]

Code            \??\C:\DOKUME~1\Kunde\LOKALE~1\Temp\catchme.sys                                                                            pIofCallDriver

---- Kernel code sections - GMER 1.0.15 ----

.text          C:\WINDOWS\system32\DRIVERS\ati2mtag.sys                                                                                    section is writeable [0xB3A79000, 0x2BCD8C, 0xE8000020]
?              C:\WINDOWS\system32\Drivers\PROCEXP113.SYS                                                                                  Das System kann die angegebene Datei nicht finden. !
?              C:\DOKUME~1\Kunde\LOKALE~1\Temp\catchme.sys                                                                                Das System kann die angegebene Datei nicht finden. !

---- Devices - GMER 1.0.15 ----

AttachedDevice  \FileSystem\Ntfs \Ntfs                                                                                                      tdrpm124.sys (Acronis Try&Decide Volume Filter Driver/Acronis)
AttachedDevice  \FileSystem\Ntfs \Ntfs                                                                                                      AVGIDSFilter.Sys (IDS Application Activity Monitor Filter Driver./AVG Technologies CZ, s.r.o. )
AttachedDevice  \Driver\Tcpip \Device\Ip                                                                                                    avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice  \Driver\Tcpip \Device\Tcp                                                                                                  avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice  \Driver\Ftdisk \Device\HarddiskVolume1                                                                                      tdrpm124.sys (Acronis Try&Decide Volume Filter Driver/Acronis)
AttachedDevice  \Driver\Ftdisk \Device\HarddiskVolume2                                                                                      tdrpm124.sys (Acronis Try&Decide Volume Filter Driver/Acronis)
AttachedDevice  \Driver\Tcpip \Device\Udp                                                                                                  avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice  \Driver\Tcpip \Device\RawIp                                                                                                avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

---- EOF - GMER 1.0.15 ----
OSAM
Code:
Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 17:40:41 on 12.12.2011

OS: Windows XP Professional Service Pack 3 (Build 2600)
Default Browser: Microsoft Corporation Internet Explorer 8.00.6001.18702

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Boot Execute]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Session Manager )-----
"BootExecute" - "AVG Technologies CZ, s.r.o." - C:\PROGRA~1\AVG\AVG10\avgchsvx.exe
"BootExecute" - "AVG Technologies CZ, s.r.o." - C:\PROGRA~1\AVG\AVG10\avgrsx.exe

[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"DivXControlPanelApplet.cpl" - "DivX, Inc." - C:\WINDOWS\system32\DivXControlPanelApplet.cpl
"FlashPlayerCPLApp.cpl" - "Adobe Systems Incorporated" - C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
"infocardcpl.cpl" - "Microsoft Corporation" - C:\WINDOWS\system32\infocardcpl.cpl
"javacpl.cpl" - "Oracle Corporation" - C:\WINDOWS\system32\javacpl.cpl
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"Nero BurnRights" - "Nero AG" - C:\Programme\Nero\Nero8\Nero Toolkit\NeroBurnRights.cpl

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"Acronis Snapshots Manager (Build 378)" (snapman378) - "Acronis" - C:\WINDOWS\System32\DRIVERS\snman378.sys
"Acronis True Image Backup Archive Explorer" (timounter) - "Acronis" - C:\WINDOWS\System32\DRIVERS\timntr.sys
"Acronis True Image FS Filter" (tifsfilter) - "Acronis" - C:\WINDOWS\System32\DRIVERS\tifsfilt.sys
"Acronis Try&Decide and Restore Points filter (build 124)" (tdrpman124) - "Acronis" - C:\WINDOWS\System32\DRIVERS\tdrpm124.sys
"AVG Anti-Rootkit Driver" (Avgrkx86) - "AVG Technologies CZ, s.r.o." - C:\WINDOWS\System32\DRIVERS\avgrkx86.sys
"AVG AVI Loader Driver" (Avgldx86) - "AVG Technologies CZ, s.r.o." - C:\WINDOWS\System32\DRIVERS\avgldx86.sys
"AVG Mini-Filter Resident Anti-Virus Shield" (Avgmfx86) - "AVG Technologies CZ, s.r.o." - C:\WINDOWS\System32\DRIVERS\avgmfx86.sys
"AVG TDI Driver" (Avgtdix) - "AVG Technologies CZ, s.r.o." - C:\WINDOWS\System32\DRIVERS\avgtdix.sys
"AVGIDSDriver" (AVGIDSDriver) - "AVG Technologies CZ, s.r.o. " - C:\WINDOWS\System32\DRIVERS\AVGIDSDriver.Sys
"AVGIDSEH" (AVGIDSEH) - "AVG Technologies CZ, s.r.o. " - C:\WINDOWS\System32\DRIVERS\AVGIDSEH.Sys
"AVGIDSFilter" (AVGIDSFilter) - "AVG Technologies CZ, s.r.o. " - C:\WINDOWS\System32\DRIVERS\AVGIDSFilter.Sys
"AVGIDSShim" (AVGIDSShim) - "AVG Technologies CZ, s.r.o. " - C:\WINDOWS\System32\DRIVERS\AVGIDSShim.Sys
"catchme" (catchme) - ? - C:\DOKUME~1\Kunde\LOKALE~1\Temp\catchme.sys  (File not found)
"Changer" (Changer) - ? - C:\WINDOWS\system32\drivers\Changer.sys  (File not found)
"gdrv" (gdrv) - ? - C:\WINDOWS\gdrv.sys  (File not found)
"i2omgmt" (i2omgmt) - ? - C:\WINDOWS\system32\drivers\i2omgmt.sys  (File not found)
"LBeepKE" (LBeepKE) - "Logitech, Inc." - C:\WINDOWS\System32\Drivers\LBeepKE.sys
"lbrtfdc" (lbrtfdc) - ? - C:\WINDOWS\system32\drivers\lbrtfdc.sys  (File not found)
"MBAMProtector" (MBAMProtector) - "Malwarebytes Corporation" - C:\WINDOWS\system32\drivers\mbam.sys
"mbr" (mbr) - ? - C:\ComboFix\mbr.sys  (Hidden registry entry, rootkit activity | File not found)
"PCIDump" (PCIDump) - ? - C:\WINDOWS\system32\drivers\PCIDump.sys  (File not found)
"PDCOMP" (PDCOMP) - ? - C:\WINDOWS\system32\drivers\PDCOMP.sys  (File not found)
"PDFRAME" (PDFRAME) - ? - C:\WINDOWS\system32\drivers\PDFRAME.sys  (File not found)
"PDRELI" (PDRELI) - ? - C:\WINDOWS\system32\drivers\PDRELI.sys  (File not found)
"PDRFRAME" (PDRFRAME) - ? - C:\WINDOWS\system32\drivers\PDRFRAME.sys  (File not found)
"pgtdypog" (pgtdypog) - ? - C:\DOKUME~1\Kunde\LOKALE~1\Temp\pgtdypog.sys  (Hidden registry entry, rootkit activity | File not found)
"PxHelp20" (PxHelp20) - "Sonic Solutions" - C:\WINDOWS\System32\Drivers\PxHelp20.sys
"SaiH0464" (SaiH0464) - "Saitek" - C:\WINDOWS\System32\DRIVERS\SaiH0464.sys
"SaiMini" (SaiMini) - ? - C:\WINDOWS\System32\DRIVERS\SaiMini.sys  (File not found)
"SaiNtBus" (SaiNtBus) - ? - C:\WINDOWS\System32\drivers\SaiBus.sys  (File not found)
"SASDIFSV" (SASDIFSV) - "SUPERAdBlocker.com and SUPERAntiSpyware.com" - C:\Programme\SUPERAntiSpyware\SASDIFSV.SYS
"SASKUTIL" (SASKUTIL) - "SUPERAdBlocker.com and SUPERAntiSpyware.com" - C:\Programme\SUPERAntiSpyware\SASKUTIL.SYS
"StarOpen" (StarOpen) - ? - C:\WINDOWS\system32\drivers\StarOpen.sys  (File found, but it contains no detailed information)
"WDICA" (WDICA) - ? - C:\WINDOWS\system32\drivers\WDICA.sys  (File not found)

[Explorer]
-----( HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components )-----
{89B4C1CD-B018-4511-B0A1-5476DBF70820} "StubPath" - "Microsoft Corporation" - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.dll
-----( HKLM\Software\Classes\Protocols\Filter )-----
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
{807553E5-5146-11D5-A672-00B0D022E945} "text/xml" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL
-----( HKLM\Software\Classes\Protocols\Handler )-----
{32505114-5902-49B2-880A-1F7738E5A384} "Data Page Plugable Protocal mso-offdap11 Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\WEBCOM~1\11\OWC11.DLL
{3D9F03FA-7A94-11D3-BE81-0050048385D1} "Data Page Pluggable Protocol mso-offdap Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\WEBCOM~1\10\OWC10.DLL
{B658800C-F66E-4EF3-AB85-6C0C227862A9} "ViProtocolOLE Class" - ? - C:\Programme\Gemeinsame Dateien\AVG Secure Search\ViProtocolInstaller\9.0.1\ViProtocol.dll
{F274614C-63F8-47D5-A4D1-FBDDE494F8D1} "XPLPPFilter Class" - "AVG Technologies CZ, s.r.o." - C:\Programme\AVG\AVG10\avgpp.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )-----
{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} "SABShellExecuteHook Class" - "SuperAdBlocker.com" - C:\Programme\SUPERAntiSpyware\SASSEH.DLL
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{C539A15A-3AF9-4c92-B771-50CB78F5C751} "Acronis True Image Shell Context Menu Extension" - "Acronis" - C:\Programme\Acronis\TrueImageHome\tishell.dll
{C539A15B-3AF9-4c92-B771-50CB78F5C751} "Acronis True Image Shell Extension" - "Acronis" - C:\Programme\Acronis\TrueImageHome\tishell.dll
{9F97547E-460A-42C5-AE0C-81C61FFAEBC3} "AVG Find Extension" - ? -  (File not found | COM-object registry key not found)
{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} "AVG Shell Extension Class" - "AVG Technologies CZ, s.r.o." - C:\Programme\AVG\AVG10\avgse.dll
{42071714-76d4-11d1-8b24-00a0c9068ff3} "CPL-Erweiterung für Anzeigeverschiebung" - ? -  (File not found | COM-object registry key not found)
{2C49B5D0-ACE7-4D17-9DF0-A254A6C5A0C5} "dBpoweramp Music Converter" - ? -  (File not found | COM-object registry key not found)
{872A9397-E0D6-4e28-B64D-52B8D0A7EA35} "DisplayCplExt Class" - "Advanced Micro Devices, Inc." - C:\Programme\ATI Technologies\ATI.ACE\Core-Static\atiamaxx.dll
{FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} "IE User Assist" - ? -  (File not found | COM-object registry key not found)
{DC70C4A5-2044-4c59-B806-DEFB9AE0DF7C} "KbLogiExt Class" - "Logitech, Inc." - C:\Programme\Logitech\SetPoint\kbcplext.dll
{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} "Kontextmenü für die Verschlüsselung" - ? -  (File not found | COM-object registry key not found)
{B9B9F083-2B04-452A-8691-83694AC1037B} "LogiExt Class" - "Logitech, Inc." - C:\Programme\Logitech\SetPoint\mcplext.dll
{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Programme\Microsoft Office\OFFICE11\msohev.dll
{00020D75-0000-0000-C000-000000000046} "Microsoft Office Outlook" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\OFFICE11\MLSHEXT.DLL
{97F68CE3-7146-45FF-BE24-D9A7DD7CB8A2} "NeroCoverEdLiveIcons Class" - "Nero AG" - C:\Programme\Nero\Nero8\Nero CoverDesigner\CoverEdExtension.dll
{0006F045-0000-0000-C000-000000000046} "Outlook-Dateisymbolerweiterung" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\OFFICE11\OLKFSTUB.DLL
{E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} "Shell Icon Handler for Application References" - "Microsoft Corporation" - C:\WINDOWS\system32\dfshim.dll
{764BF0E1-F219-11ce-972D-00AA00A14F56} "Shellerweiterungen für die Dateikomprimierung" - ? -  (File not found | COM-object registry key not found)
{e82a2d71-5b2f-43a0-97b8-81be15854de8} "ShellLink for Application References" - "Microsoft Corporation" - C:\WINDOWS\system32\dfshim.dll
{5E2121EE-0300-11D4-8D3B-444553540000} "SimpleShlExt Class" - "Advanced Micro Devices, Inc." - C:\Programme\ATI Technologies\ATI.ACE\Core-Static\atiacmxx.dll
{e57ce731-33e8-4c51-8354-bb4de9d215d1} "Universelle Plug & Play-Geräte" - ? -  (File not found | COM-object registry key not found)
{BDEADF00-C265-11D0-BCED-00A0C90AB50F} "Webordner" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
{B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - ? - C:\Programme\WinRAR\rarext.dll  (File found, but it contains no detailed information)

[Internet Explorer]
-----( HKCU\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
"Klicke hier um das Projekt xp-AntiSpy zu unterstützen" - ? - C:\Programme\xp-AntiSpy\sponsoring\sponsor.html
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
ITBar7Height "ITBar7Height" - ? -  (File not found | COM-object registry key not found)
<binary data> "ITBar7Layout" - ? -  (File not found | COM-object registry key not found)
<binary data> "{47833539-D0C5-4125-9FA8-0819E2EAAC93}" - ? -  (File not found | COM-object registry key not found)
-----( HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks )-----
{BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} "SearchHook Class" - "DeviceVM, Inc." - C:\Programme\DeviceVM\Browser Configuration Utility\AddressBarSearch.dll
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} "BDSCANONLINE Control" - "BitDefender" - C:\WINDOWS\DOWNLO~1\oscan82.ocx / hxxp://download.bitdefender.com/resources/scanner/sources/de/scan8/oscan8.cab
{CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA} "Java Plug-in 1.7.0" - "Oracle Corporation" - C:\Programme\Java\jre7\bin\npjpi170.dll / hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.7.0" - ? - \bin\npjpi170.dll  (File not found) / hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab
{8AD9C840-044E-11D1-B3E9-00805F499D93} "{8AD9C840-044E-11D1-B3E9-00805F499D93}" - ? -  (File not found | COM-object registry key not found) / hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
{53707962-6F74-2D53-2644-206D7942484F} "ClsidExtension" - "Safer Networking Limited" - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
"Exec" - ? - C:\WINDOWS\bdoscandel.exe  (File found, but it contains no detailed information)
{FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Recherchieren" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )-----
<binary data> "AVG Security Toolbar" - ? - C:\Programme\AVG Secure Search\9.0.0.18\AVG Secure Search_toolbar.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} "Adobe PDF Reader" - "Adobe Systems Incorporated" - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} "AVG Safe Search" - "AVG Technologies CZ, s.r.o." - C:\Programme\AVG\AVG10\avgssie.dll
{95B7759C-8C7F-4BF1-B163-73684A933233} "AVG Security Toolbar" - ? - C:\Programme\AVG Secure Search\9.0.0.18\AVG Secure Search_toolbar.dll
{DD92DE22-ED91-4560-B788-DEE2B26612E6} "BHO Class" - "DeviceVM, Inc." - C:\Programme\DeviceVM\Browser Configuration Utility\IEHelper.dll
{326E768D-4182-46FD-9C16-1449A49795F4} "DivX Plus Web Player HTML5 <video>" - "DivX, LLC" - C:\Programme\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
{53707962-6F74-2D53-2644-206D7942484F} "Spybot-S&D IE Protection" - "Safer Networking Limited" - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

[Logon]
-----( %AllUsersProfile%\Startmenü\Programme\Autostart )-----
"desktop.ini" - ? - C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\desktop.ini
-----( %UserProfile%\Eigene Dateien\Startmenü\Programme\Autostart )-----
"desktop.ini" - ? - C:\Dokumente und Einstellungen\Kunde\Eigene Dateien\Startmenü\Programme\Autostart\desktop.ini
"Logitech . Produktregistrierung.lnk.disabled" - ? - C:\Dokumente und Einstellungen\Kunde\Eigene Dateien\Startmenü\Programme\Autostart\Logitech . Produktregistrierung.lnk.disabled
-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----
"RocketDock" - ? - "C:\Programme\RocketDock\RocketDock.exe"  (File found, but it contains no detailed information)
"SpybotSD TeaTimer" - "Safer-Networking Ltd." - C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
"\\SLAVE\EPSON S22 Series" - "SEIKO EPSON CORPORATION" - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIGEE.EXE /FU "C:\DOKUME~1\Kunde\LOKALE~1\Temp\E_S10.tmp" /EF "HKCU"
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"Acronis Scheduler2 Service" - "Acronis" - "C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedhlp.exe"
"AcronisTimounterMonitor" - "Acronis" - C:\Programme\Acronis\TrueImageHome\TimounterMonitor.exe
"Adobe ARM" - "Adobe Systems Incorporated" - "C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe"
"AVG_TRAY" - "AVG Technologies CZ, s.r.o." - C:\Programme\AVG\AVG10\avgtray.exe
"DivXUpdate" - ? - "C:\Programme\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
"Malwarebytes' Anti-Malware" - "Malwarebytes Corporation" - "C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
"NeroFilterCheck" - "Nero AG" - C:\Programme\Gemeinsame Dateien\Nero\Lib\NeroCheck.exe
"ProfilerU" - "Saitek" - C:\Programme\Saitek\SD6\Software\ProfilerU.exe
"SaiMfd" - "Saitek" - C:\Programme\Saitek\SD6\Software\SaiMfd.exe
"StartCCC" - "Advanced Micro Devices, Inc." - "C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
"TrueImageMonitor.exe" - "Acronis" - C:\Programme\Acronis\TrueImageHome\TrueImageMonitor.exe
"vProt" - ? - "C:\Programme\AVG Secure Search\vprot.exe"

[Print Monitors]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----
"Adobe PDF Port" - ? - C:\WINDOWS\system32\AdobePDF.dll  (File not found)
"Microsoft Document Imaging Writer Monitor" - "Microsoft Corporation" - C:\WINDOWS\system32\mdimon.dll

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##" (Bonjour Service) - "Apple Computer, Inc." - C:\Programme\Bonjour\mDNSResponder.exe
".NET Runtime Optimization Service v2.0.50727_X86" (clr_optimization_v2.0.50727_32) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
"Acronis Scheduler2 Service" (AcrSch2Svc) - "Acronis" - C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedul2.exe
"ASP.NET-Zustandsdienst" (aspnet_state) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
"AVG Security Toolbar Service" (AVG Security Toolbar Service) - ? - C:\Programme\AVG\AVG10\Toolbar\ToolbarBroker.exe
"AVG WatchDog" (avgwd) - "AVG Technologies CZ, s.r.o." - C:\Programme\AVG\AVG10\avgwdsvc.exe
"AVGIDSAgent" (AVGIDSAgent) - "AVG Technologies CZ, s.r.o." - C:\Programme\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
"Browser Configuration Utility Service" (BCUService) - "DeviceVM, Inc." - C:\Programme\DeviceVM\Browser Configuration Utility\BCUService.exe
"FLEXnet Licensing Service" (FLEXnet Licensing Service) - "Macrovision Europe Ltd." - C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
"Logitech Bluetooth Service" (LBTServ) - "Logitech, Inc." - C:\Programme\Gemeinsame Dateien\Logishrd\Bluetooth\LBTServ.exe
"MBAMService" (MBAMService) - "Malwarebytes Corporation" - C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe
"Nero BackItUp Scheduler 3" (Nero BackItUp Scheduler 3) - "Nero AG" - C:\Programme\Nero\Nero8\Nero BackItUp\NBService.exe
"NMIndexingService" (NMIndexingService) - "Nero AG" - C:\Programme\Gemeinsame Dateien\Nero\Lib\NMIndexingService.exe
"NMSAccess" (NMSAccess) - ? - D:\DVD-Burner\NMSAccessU.exe  (File found, but it contains no detailed information)
"Office Source Engine" (ose) - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE
"SAS Core Service" (!SASCORE) - "SUPERAntiSpyware.com" - C:\Programme\SUPERAntiSpyware\SASCORE.EXE
"vToolbarUpdater" (vToolbarUpdater) - ? - C:\Programme\Gemeinsame Dateien\AVG Secure Search\vToolbarUpdater\9.0.1\ToolbarUpdater.exe
"Windows CardSpace" (idsvc) - "Microsoft Corporation" - c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
"Windows Presentation Foundation Font Cache 3.0.0.0" (FontCache3.0.0.0) - "Microsoft Corporation" - c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe

[Winlogon]
-----( HKCU\Control Panel\IOProcs )-----
"MVB" - ? - mvfs32.dll  (File not found)
-----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify )-----
"!SASWinLogon" - "SUPERAntiSpyware.com" - C:\Programme\SUPERAntiSpyware\SASWINLO.DLL
"LBTWlgn" - "Logitech, Inc." - c:\programme\gemeinsame dateien\logishrd\bluetooth\LBTWlgn.dll
"WgaLogon" - "Microsoft Corporation" - C:\WINDOWS\system32\WgaLogon.dll

[Winsock Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )-----
"mdnsNSP" - "Apple Computer, Inc." - C:\Programme\Bonjour\mdnsNSP.dll

===[ Logfile end ]=========================================[ Logfile end ]===

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru
aswMBR:
Code:
Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 17:40:41 on 12.12.2011

OS: Windows XP Professional Service Pack 3 (Build 2600)
Default Browser: Microsoft Corporation Internet Explorer 8.00.6001.18702

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Boot Execute]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Session Manager )-----
"BootExecute" - "AVG Technologies CZ, s.r.o." - C:\PROGRA~1\AVG\AVG10\avgchsvx.exe
"BootExecute" - "AVG Technologies CZ, s.r.o." - C:\PROGRA~1\AVG\AVG10\avgrsx.exe

[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"DivXControlPanelApplet.cpl" - "DivX, Inc." - C:\WINDOWS\system32\DivXControlPanelApplet.cpl
"FlashPlayerCPLApp.cpl" - "Adobe Systems Incorporated" - C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
"infocardcpl.cpl" - "Microsoft Corporation" - C:\WINDOWS\system32\infocardcpl.cpl
"javacpl.cpl" - "Oracle Corporation" - C:\WINDOWS\system32\javacpl.cpl
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"Nero BurnRights" - "Nero AG" - C:\Programme\Nero\Nero8\Nero Toolkit\NeroBurnRights.cpl

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"Acronis Snapshots Manager (Build 378)" (snapman378) - "Acronis" - C:\WINDOWS\System32\DRIVERS\snman378.sys
"Acronis True Image Backup Archive Explorer" (timounter) - "Acronis" - C:\WINDOWS\System32\DRIVERS\timntr.sys
"Acronis True Image FS Filter" (tifsfilter) - "Acronis" - C:\WINDOWS\System32\DRIVERS\tifsfilt.sys
"Acronis Try&Decide and Restore Points filter (build 124)" (tdrpman124) - "Acronis" - C:\WINDOWS\System32\DRIVERS\tdrpm124.sys
"AVG Anti-Rootkit Driver" (Avgrkx86) - "AVG Technologies CZ, s.r.o." - C:\WINDOWS\System32\DRIVERS\avgrkx86.sys
"AVG AVI Loader Driver" (Avgldx86) - "AVG Technologies CZ, s.r.o." - C:\WINDOWS\System32\DRIVERS\avgldx86.sys
"AVG Mini-Filter Resident Anti-Virus Shield" (Avgmfx86) - "AVG Technologies CZ, s.r.o." - C:\WINDOWS\System32\DRIVERS\avgmfx86.sys
"AVG TDI Driver" (Avgtdix) - "AVG Technologies CZ, s.r.o." - C:\WINDOWS\System32\DRIVERS\avgtdix.sys
"AVGIDSDriver" (AVGIDSDriver) - "AVG Technologies CZ, s.r.o. " - C:\WINDOWS\System32\DRIVERS\AVGIDSDriver.Sys
"AVGIDSEH" (AVGIDSEH) - "AVG Technologies CZ, s.r.o. " - C:\WINDOWS\System32\DRIVERS\AVGIDSEH.Sys
"AVGIDSFilter" (AVGIDSFilter) - "AVG Technologies CZ, s.r.o. " - C:\WINDOWS\System32\DRIVERS\AVGIDSFilter.Sys
"AVGIDSShim" (AVGIDSShim) - "AVG Technologies CZ, s.r.o. " - C:\WINDOWS\System32\DRIVERS\AVGIDSShim.Sys
"catchme" (catchme) - ? - C:\DOKUME~1\Kunde\LOKALE~1\Temp\catchme.sys  (File not found)
"Changer" (Changer) - ? - C:\WINDOWS\system32\drivers\Changer.sys  (File not found)
"gdrv" (gdrv) - ? - C:\WINDOWS\gdrv.sys  (File not found)
"i2omgmt" (i2omgmt) - ? - C:\WINDOWS\system32\drivers\i2omgmt.sys  (File not found)
"LBeepKE" (LBeepKE) - "Logitech, Inc." - C:\WINDOWS\System32\Drivers\LBeepKE.sys
"lbrtfdc" (lbrtfdc) - ? - C:\WINDOWS\system32\drivers\lbrtfdc.sys  (File not found)
"MBAMProtector" (MBAMProtector) - "Malwarebytes Corporation" - C:\WINDOWS\system32\drivers\mbam.sys
"mbr" (mbr) - ? - C:\ComboFix\mbr.sys  (Hidden registry entry, rootkit activity | File not found)
"PCIDump" (PCIDump) - ? - C:\WINDOWS\system32\drivers\PCIDump.sys  (File not found)
"PDCOMP" (PDCOMP) - ? - C:\WINDOWS\system32\drivers\PDCOMP.sys  (File not found)
"PDFRAME" (PDFRAME) - ? - C:\WINDOWS\system32\drivers\PDFRAME.sys  (File not found)
"PDRELI" (PDRELI) - ? - C:\WINDOWS\system32\drivers\PDRELI.sys  (File not found)
"PDRFRAME" (PDRFRAME) - ? - C:\WINDOWS\system32\drivers\PDRFRAME.sys  (File not found)
"pgtdypog" (pgtdypog) - ? - C:\DOKUME~1\Kunde\LOKALE~1\Temp\pgtdypog.sys  (Hidden registry entry, rootkit activity | File not found)
"PxHelp20" (PxHelp20) - "Sonic Solutions" - C:\WINDOWS\System32\Drivers\PxHelp20.sys
"SaiH0464" (SaiH0464) - "Saitek" - C:\WINDOWS\System32\DRIVERS\SaiH0464.sys
"SaiMini" (SaiMini) - ? - C:\WINDOWS\System32\DRIVERS\SaiMini.sys  (File not found)
"SaiNtBus" (SaiNtBus) - ? - C:\WINDOWS\System32\drivers\SaiBus.sys  (File not found)
"SASDIFSV" (SASDIFSV) - "SUPERAdBlocker.com and SUPERAntiSpyware.com" - C:\Programme\SUPERAntiSpyware\SASDIFSV.SYS
"SASKUTIL" (SASKUTIL) - "SUPERAdBlocker.com and SUPERAntiSpyware.com" - C:\Programme\SUPERAntiSpyware\SASKUTIL.SYS
"StarOpen" (StarOpen) - ? - C:\WINDOWS\system32\drivers\StarOpen.sys  (File found, but it contains no detailed information)
"WDICA" (WDICA) - ? - C:\WINDOWS\system32\drivers\WDICA.sys  (File not found)

[Explorer]
-----( HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components )-----
{89B4C1CD-B018-4511-B0A1-5476DBF70820} "StubPath" - "Microsoft Corporation" - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.dll
-----( HKLM\Software\Classes\Protocols\Filter )-----
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
{807553E5-5146-11D5-A672-00B0D022E945} "text/xml" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL
-----( HKLM\Software\Classes\Protocols\Handler )-----
{32505114-5902-49B2-880A-1F7738E5A384} "Data Page Plugable Protocal mso-offdap11 Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\WEBCOM~1\11\OWC11.DLL
{3D9F03FA-7A94-11D3-BE81-0050048385D1} "Data Page Pluggable Protocol mso-offdap Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\WEBCOM~1\10\OWC10.DLL
{B658800C-F66E-4EF3-AB85-6C0C227862A9} "ViProtocolOLE Class" - ? - C:\Programme\Gemeinsame Dateien\AVG Secure Search\ViProtocolInstaller\9.0.1\ViProtocol.dll
{F274614C-63F8-47D5-A4D1-FBDDE494F8D1} "XPLPPFilter Class" - "AVG Technologies CZ, s.r.o." - C:\Programme\AVG\AVG10\avgpp.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )-----
{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} "SABShellExecuteHook Class" - "SuperAdBlocker.com" - C:\Programme\SUPERAntiSpyware\SASSEH.DLL
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{C539A15A-3AF9-4c92-B771-50CB78F5C751} "Acronis True Image Shell Context Menu Extension" - "Acronis" - C:\Programme\Acronis\TrueImageHome\tishell.dll
{C539A15B-3AF9-4c92-B771-50CB78F5C751} "Acronis True Image Shell Extension" - "Acronis" - C:\Programme\Acronis\TrueImageHome\tishell.dll
{9F97547E-460A-42C5-AE0C-81C61FFAEBC3} "AVG Find Extension" - ? -  (File not found | COM-object registry key not found)
{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} "AVG Shell Extension Class" - "AVG Technologies CZ, s.r.o." - C:\Programme\AVG\AVG10\avgse.dll
{42071714-76d4-11d1-8b24-00a0c9068ff3} "CPL-Erweiterung für Anzeigeverschiebung" - ? -  (File not found | COM-object registry key not found)
{2C49B5D0-ACE7-4D17-9DF0-A254A6C5A0C5} "dBpoweramp Music Converter" - ? -  (File not found | COM-object registry key not found)
{872A9397-E0D6-4e28-B64D-52B8D0A7EA35} "DisplayCplExt Class" - "Advanced Micro Devices, Inc." - C:\Programme\ATI Technologies\ATI.ACE\Core-Static\atiamaxx.dll
{FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} "IE User Assist" - ? -  (File not found | COM-object registry key not found)
{DC70C4A5-2044-4c59-B806-DEFB9AE0DF7C} "KbLogiExt Class" - "Logitech, Inc." - C:\Programme\Logitech\SetPoint\kbcplext.dll
{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} "Kontextmenü für die Verschlüsselung" - ? -  (File not found | COM-object registry key not found)
{B9B9F083-2B04-452A-8691-83694AC1037B} "LogiExt Class" - "Logitech, Inc." - C:\Programme\Logitech\SetPoint\mcplext.dll
{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Programme\Microsoft Office\OFFICE11\msohev.dll
{00020D75-0000-0000-C000-000000000046} "Microsoft Office Outlook" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\OFFICE11\MLSHEXT.DLL
{97F68CE3-7146-45FF-BE24-D9A7DD7CB8A2} "NeroCoverEdLiveIcons Class" - "Nero AG" - C:\Programme\Nero\Nero8\Nero CoverDesigner\CoverEdExtension.dll
{0006F045-0000-0000-C000-000000000046} "Outlook-Dateisymbolerweiterung" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\OFFICE11\OLKFSTUB.DLL
{E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} "Shell Icon Handler for Application References" - "Microsoft Corporation" - C:\WINDOWS\system32\dfshim.dll
{764BF0E1-F219-11ce-972D-00AA00A14F56} "Shellerweiterungen für die Dateikomprimierung" - ? -  (File not found | COM-object registry key not found)
{e82a2d71-5b2f-43a0-97b8-81be15854de8} "ShellLink for Application References" - "Microsoft Corporation" - C:\WINDOWS\system32\dfshim.dll
{5E2121EE-0300-11D4-8D3B-444553540000} "SimpleShlExt Class" - "Advanced Micro Devices, Inc." - C:\Programme\ATI Technologies\ATI.ACE\Core-Static\atiacmxx.dll
{e57ce731-33e8-4c51-8354-bb4de9d215d1} "Universelle Plug & Play-Geräte" - ? -  (File not found | COM-object registry key not found)
{BDEADF00-C265-11D0-BCED-00A0C90AB50F} "Webordner" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
{B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - ? - C:\Programme\WinRAR\rarext.dll  (File found, but it contains no detailed information)

[Internet Explorer]
-----( HKCU\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
"Klicke hier um das Projekt xp-AntiSpy zu unterstützen" - ? - C:\Programme\xp-AntiSpy\sponsoring\sponsor.html
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
ITBar7Height "ITBar7Height" - ? -  (File not found | COM-object registry key not found)
<binary data> "ITBar7Layout" - ? -  (File not found | COM-object registry key not found)
<binary data> "{47833539-D0C5-4125-9FA8-0819E2EAAC93}" - ? -  (File not found | COM-object registry key not found)
-----( HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks )-----
{BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} "SearchHook Class" - "DeviceVM, Inc." - C:\Programme\DeviceVM\Browser Configuration Utility\AddressBarSearch.dll
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} "BDSCANONLINE Control" - "BitDefender" - C:\WINDOWS\DOWNLO~1\oscan82.ocx / hxxp://download.bitdefender.com/resources/scanner/sources/de/scan8/oscan8.cab
{CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA} "Java Plug-in 1.7.0" - "Oracle Corporation" - C:\Programme\Java\jre7\bin\npjpi170.dll / hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.7.0" - ? - \bin\npjpi170.dll  (File not found) / hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab
{8AD9C840-044E-11D1-B3E9-00805F499D93} "{8AD9C840-044E-11D1-B3E9-00805F499D93}" - ? -  (File not found | COM-object registry key not found) / hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
{53707962-6F74-2D53-2644-206D7942484F} "ClsidExtension" - "Safer Networking Limited" - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
"Exec" - ? - C:\WINDOWS\bdoscandel.exe  (File found, but it contains no detailed information)
{FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Recherchieren" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )-----
<binary data> "AVG Security Toolbar" - ? - C:\Programme\AVG Secure Search\9.0.0.18\AVG Secure Search_toolbar.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} "Adobe PDF Reader" - "Adobe Systems Incorporated" - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} "AVG Safe Search" - "AVG Technologies CZ, s.r.o." - C:\Programme\AVG\AVG10\avgssie.dll
{95B7759C-8C7F-4BF1-B163-73684A933233} "AVG Security Toolbar" - ? - C:\Programme\AVG Secure Search\9.0.0.18\AVG Secure Search_toolbar.dll
{DD92DE22-ED91-4560-B788-DEE2B26612E6} "BHO Class" - "DeviceVM, Inc." - C:\Programme\DeviceVM\Browser Configuration Utility\IEHelper.dll
{326E768D-4182-46FD-9C16-1449A49795F4} "DivX Plus Web Player HTML5 <video>" - "DivX, LLC" - C:\Programme\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
{53707962-6F74-2D53-2644-206D7942484F} "Spybot-S&D IE Protection" - "Safer Networking Limited" - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

[Logon]
-----( %AllUsersProfile%\Startmenü\Programme\Autostart )-----
"desktop.ini" - ? - C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\desktop.ini
-----( %UserProfile%\Eigene Dateien\Startmenü\Programme\Autostart )-----
"desktop.ini" - ? - C:\Dokumente und Einstellungen\Kunde\Eigene Dateien\Startmenü\Programme\Autostart\desktop.ini
"Logitech . Produktregistrierung.lnk.disabled" - ? - C:\Dokumente und Einstellungen\Kunde\Eigene Dateien\Startmenü\Programme\Autostart\Logitech . Produktregistrierung.lnk.disabled
-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----
"RocketDock" - ? - "C:\Programme\RocketDock\RocketDock.exe"  (File found, but it contains no detailed information)
"SpybotSD TeaTimer" - "Safer-Networking Ltd." - C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
"\\SLAVE\EPSON S22 Series" - "SEIKO EPSON CORPORATION" - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIGEE.EXE /FU "C:\DOKUME~1\Kunde\LOKALE~1\Temp\E_S10.tmp" /EF "HKCU"
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"Acronis Scheduler2 Service" - "Acronis" - "C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedhlp.exe"
"AcronisTimounterMonitor" - "Acronis" - C:\Programme\Acronis\TrueImageHome\TimounterMonitor.exe
"Adobe ARM" - "Adobe Systems Incorporated" - "C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe"
"AVG_TRAY" - "AVG Technologies CZ, s.r.o." - C:\Programme\AVG\AVG10\avgtray.exe
"DivXUpdate" - ? - "C:\Programme\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
"Malwarebytes' Anti-Malware" - "Malwarebytes Corporation" - "C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
"NeroFilterCheck" - "Nero AG" - C:\Programme\Gemeinsame Dateien\Nero\Lib\NeroCheck.exe
"ProfilerU" - "Saitek" - C:\Programme\Saitek\SD6\Software\ProfilerU.exe
"SaiMfd" - "Saitek" - C:\Programme\Saitek\SD6\Software\SaiMfd.exe
"StartCCC" - "Advanced Micro Devices, Inc." - "C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
"TrueImageMonitor.exe" - "Acronis" - C:\Programme\Acronis\TrueImageHome\TrueImageMonitor.exe
"vProt" - ? - "C:\Programme\AVG Secure Search\vprot.exe"

[Print Monitors]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----
"Adobe PDF Port" - ? - C:\WINDOWS\system32\AdobePDF.dll  (File not found)
"Microsoft Document Imaging Writer Monitor" - "Microsoft Corporation" - C:\WINDOWS\system32\mdimon.dll

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##" (Bonjour Service) - "Apple Computer, Inc." - C:\Programme\Bonjour\mDNSResponder.exe
".NET Runtime Optimization Service v2.0.50727_X86" (clr_optimization_v2.0.50727_32) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
"Acronis Scheduler2 Service" (AcrSch2Svc) - "Acronis" - C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedul2.exe
"ASP.NET-Zustandsdienst" (aspnet_state) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
"AVG Security Toolbar Service" (AVG Security Toolbar Service) - ? - C:\Programme\AVG\AVG10\Toolbar\ToolbarBroker.exe
"AVG WatchDog" (avgwd) - "AVG Technologies CZ, s.r.o." - C:\Programme\AVG\AVG10\avgwdsvc.exe
"AVGIDSAgent" (AVGIDSAgent) - "AVG Technologies CZ, s.r.o." - C:\Programme\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
"Browser Configuration Utility Service" (BCUService) - "DeviceVM, Inc." - C:\Programme\DeviceVM\Browser Configuration Utility\BCUService.exe
"FLEXnet Licensing Service" (FLEXnet Licensing Service) - "Macrovision Europe Ltd." - C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
"Logitech Bluetooth Service" (LBTServ) - "Logitech, Inc." - C:\Programme\Gemeinsame Dateien\Logishrd\Bluetooth\LBTServ.exe
"MBAMService" (MBAMService) - "Malwarebytes Corporation" - C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe
"Nero BackItUp Scheduler 3" (Nero BackItUp Scheduler 3) - "Nero AG" - C:\Programme\Nero\Nero8\Nero BackItUp\NBService.exe
"NMIndexingService" (NMIndexingService) - "Nero AG" - C:\Programme\Gemeinsame Dateien\Nero\Lib\NMIndexingService.exe
"NMSAccess" (NMSAccess) - ? - D:\DVD-Burner\NMSAccessU.exe  (File found, but it contains no detailed information)
"Office Source Engine" (ose) - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE
"SAS Core Service" (!SASCORE) - "SUPERAntiSpyware.com" - C:\Programme\SUPERAntiSpyware\SASCORE.EXE
"vToolbarUpdater" (vToolbarUpdater) - ? - C:\Programme\Gemeinsame Dateien\AVG Secure Search\vToolbarUpdater\9.0.1\ToolbarUpdater.exe
"Windows CardSpace" (idsvc) - "Microsoft Corporation" - c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
"Windows Presentation Foundation Font Cache 3.0.0.0" (FontCache3.0.0.0) - "Microsoft Corporation" - c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe

[Winlogon]
-----( HKCU\Control Panel\IOProcs )-----
"MVB" - ? - mvfs32.dll  (File not found)
-----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify )-----
"!SASWinLogon" - "SUPERAntiSpyware.com" - C:\Programme\SUPERAntiSpyware\SASWINLO.DLL
"LBTWlgn" - "Logitech, Inc." - c:\programme\gemeinsame dateien\logishrd\bluetooth\LBTWlgn.dll
"WgaLogon" - "Microsoft Corporation" - C:\WINDOWS\system32\WgaLogon.dll

[Winsock Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )-----
"mdnsNSP" - "Apple Computer, Inc." - C:\Programme\Bonjour\mdnsNSP.dll

===[ Logfile end ]=========================================[ Logfile end ]===

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru

cosinus 12.12.2011 21:51
2x OSAM brauch ich nicht, aswMBR wäre besser ;)

issus 12.12.2011 22:21
:stirn:
'schuldigung, die Hektik...
Code:
aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
Run date: 2011-12-12 17:41:14
-----------------------------
17:41:14.625    OS Version: Windows 5.1.2600 Service Pack 3
17:41:14.625    Number of processors: 2 586 0x4303
17:41:14.625    ComputerName: MAIN  UserName:
17:41:15.765    Initialize success
17:43:22.750    AVAST engine defs: 11121200
17:45:03.312    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
17:45:03.312    Disk 0 Vendor: ST31000528AS CC35 Size: 953869MB BusType: 3
17:45:05.359    Disk 0 MBR read successfully
17:45:05.359    Disk 0 MBR scan
17:45:05.375    Disk 0 Windows XP default MBR code
17:45:05.406    Disk 0 scanning sectors +1953520065
17:45:05.625    Disk 0 scanning C:\WINDOWS\system32\drivers
17:45:39.187    Service scanning
17:45:39.921    Modules scanning
17:46:36.796    Disk 0 trace - called modules:
17:46:36.828    ntkrnlpa.exe catchme.sys CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
17:46:36.828    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a2f9ab8]
17:46:36.843    3 CLASSPNP.SYS[ba108fd7] -> nt!IofCallDriver -> \Device\0000006d[0x8a320238]
17:46:36.843    5 ACPI.sys[b9f7e620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x8a302d98]
17:46:37.359    AVAST engine scan C:\WINDOWS
17:47:45.890    AVAST engine scan C:\WINDOWS\system32
17:54:13.234    AVAST engine scan C:\WINDOWS\system32\drivers
17:55:41.156    AVAST engine scan C:\Dokumente und Einstellungen\Kunde
17:58:01.687    AVAST engine scan C:\Dokumente und Einstellungen\All Users
17:58:59.859    Scan finished successfully
18:01:01.671    Disk 0 MBR has been saved successfully to "D:\MBR.dat"
18:01:01.671    The log file has been saved successfully to "D:\aswMBR.txt"

cosinus 13.12.2011 10:58
Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SASW und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!


Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt:


ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


issus 13.12.2011 19:59
mbam:
Code:
Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Datenbank Version: 8365

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

13.12.2011 19:26:38
mbam-log-2011-12-13 (19-26-38).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 391630
Laufzeit: 1 Stunde(n), 0 Minute(n), 37 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
SAS:
Code:
SUPERAntiSpyware Scann-Protokoll
hxxp://www.superantispyware.com

Generiert 12/13/2011 bei 07:50 PM

Version der Applikation : 5.0.1136

Version der Kern-Datenbank : 8044
Version der Spur-Datenbank : 5856

Scan Art      : kompletter Scann
Totale Scann-Zeit : 01:16:06

Operating System Information
Windows XP Professional 32-bit, Service Pack 3 (Build 5.01.2600)
Administrator

Gescannte Speicherelemente  : 522
Erfasste Speicher-Bedrohungen  : 0
Gescannte Register-Elemente  : 39332
Erfasste Register-Bedrohungen  : 0
Gescannte Datei-Elemente    : 391630
Erfasste Datei-Elemente  : 0
Den ESET-Scan schaffe ich heute nicht mehr. Werde ich morgen nachreichen.

issus 14.12.2011 17:44
ESET:
Code:
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=23f9784fc526b4489db3de8d1f5c3bf4
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2011-12-14 08:21:46
# local_time=2011-12-14 09:21:46 (+0100, Westeuropäische Normalzeit)
# country="Germany"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=1032 16777189 100 96 258044 67014586 0 0
# compatibility_mode=8192 67108863 100 0 650093 650093 0 0
# scanned=155164
# found=5
# cleaned=0
# scan_time=4063
C:\System Volume Information\_restore{E4C233AE-6714-4744-9E50-DBE1A7BC66EF}\RP464\A0124477.exe        Win32/OpenCandy application (unable to clean)        00000000000000000000000000000000        I
D:\Sicher\gamers_irc405.exe        probably a variant of Win32/Adware.Agent.CZTDWWN application (unable to clean)        00000000000000000000000000000000        I
D:\Sicher\GermanFunScript.zip        Win32/NetTool.NukeNabber.29 application (unable to clean)        00000000000000000000000000000000        I
D:\Sicher\UT\ts2_client_rc1.exe        multiple threats (unable to clean)        00000000000000000000000000000000        I
D:\software\winamp5622_full_emusic-7plus_de-de.exe        Win32/OpenCandy application (unable to clean)        00000000000000000000000000000000        I

cosinus 14.12.2011 22:01
Nur die Fehlalarme bekannt von ESET.
Rechner soweit wieder im Lot?

issus 14.12.2011 22:46
Ja, vielen Dank - sieht gut aus. Der Bootmanager tut wieder, keine weiteren Auffälligkeiten und das Benutzerkonto, wo der Controller für den Grafiktreiber zerschossen wurde, den kill ich halt komplett. Das hätte schlimmer kommen können.
Scheint soweit alles wieder im Lot zu sein. :Boogie:

cosinus 15.12.2011 11:22
Dann wären wir durch! :abklatsch:

Die Programme, die hier zum Einsatz kamen, können alle wieder runter. CF kann über Start, Ausführen mit combofix /uninstall entfernt werden. Melde dich falls es da Fehlermeldungen zu gibt.
Malwarebytes zu behalten ist kein Fehler. Kannst ja 1x im Monat damit scannen, aber immer vorher ans Update denken.

Bitte abschließend die Updates prüfen, unten mein Leitfaden dazu. Um in Zukunft die Aktualität der installierten Programme besser im Überblick zu halten, kannst du zB Secunia PSI verwenden.
Für noch mehr Sicherheit solltest Du nach der beseitigten Infektion auch möglichst alle Passwörter ändern.


Microsoftupdate
Windows XP: Besuch mit dem IE die MS-Updateseite und lass Dir alle wichtigen Updates installieren.
Windows Vista/7: Anleitung Windows-Update


PDF-Reader aktualisieren
Ein veralteter AdobeReader stellt ein großes Sicherheitsrisiko dar. Du solltest daher besser alte Versionen vom AdobeReader über Systemsteuerung => Software bzw. Programme und Funktionen deinstallieren, indem Du dort auf "Adobe Reader x.0" klickst und das Programm entfernst. (falls du AdobeReader installiert hast)

Ich empfehle einen alternativen PDF-Reader wie PDF Xchange Viewer, SumatraPDF oder Foxit PDF Reader, die sind sehr viel schlanker und flotter als der AdobeReader.


Flashplayer
Bitte überprüf bei der Gelegenheit auch die Aktualität des Flashplayers => Adobe - Andere Version des Adobe Flash Player installieren
(Alternativ bei Chip => http://filepony.de/?q=Flash+Player)

Natürlich auch darauf achten, dass andere installierte Browser wie zB Firefox, Opera oder Chrome aktuell sind.


Java-Update
Veraltete Java-Installationen sind ein Sicherheitsrisiko, daher solltest Du die alten Versionen löschen (falls vorhanden, am besten mit JavaRa) und auf die neuste aktualisieren. Beende dazu alle Programme (v.a. die Browser), klick danach auf Start, Systemsteuerung, Software und deinstalliere darüber alle aufgelisteten Java-Versionen. Lad Dir danach von hier das aktuelle Java SE Runtime Environment (JRE) herunter und installiere es.

issus 15.12.2011 18:14
Ich danke Dir ganz herzlich für Deine umfangreiche Hilfe.
Ganz grosses :dankeschoen:
Eine kleine Spende wird sich bei Euch einfinden. Deine Ratschläge werde ich beherzigen. No Script für den Browser habe ich zb. auch installiert.

Frohe Advents- und Weihnachtszeit und einen guten Rutsch nach 2012.


Alle Zeitangaben in WEZ +1. Es ist jetzt 09:41 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131