Trojaner-Board
Seite 4 von 5 « Erste 23 4 5
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   aus sicherheitsgründen wurde ihr windows blockiert (https://www.trojaner-board.de/110186-sicherheitsgruenden-wurde-windows-blockiert.html)

paradoximus 24.02.2012 12:38
Code:
aswMBR version 0.9.9.1649 Copyright(c) 2011 AVAST Software
Run date: 2012-02-24 12:17:01
-----------------------------
12:17:01.718    OS Version: Windows 5.1.2600 Service Pack 3
12:17:01.734    Number of processors: 1 586 0x401
12:17:01.734    ComputerName: MARKRAUM  UserName: markus
12:17:01.953    Initialize success
12:27:09.359    AVAST engine defs: 12022301
12:30:06.156    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-e
12:30:06.156    Disk 0 Vendor: WDC_WD800AAJS-00TDA0 01.00A01 Size: 76319MB BusType: 3
12:30:06.172    Disk 0 MBR read successfully
12:30:06.187    Disk 0 MBR scan
12:30:06.234    Disk 0 Windows XP default MBR code
12:30:06.234    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS        20002 MB offset 63
12:30:06.250    Disk 0 Partition 2 00    07    HPFS/NTFS NTFS        56313 MB offset 40965750
12:30:06.265    Disk 0 scanning sectors +156296385
12:30:06.343    Disk 0 scanning C:\WINDOWS\system32\drivers
12:30:22.078    Service scanning
12:30:43.875    Modules scanning
12:30:50.578    Disk 0 trace - called modules:
12:30:50.593    ntkrnlpa.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll pciide.sys PCIIDEX.SYS
12:30:50.593    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x87168ab8]
12:30:50.828    3 CLASSPNP.SYS[f7570fd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-e[0x8716cb00]
12:30:51.156    AVAST engine scan C:\WINDOWS
12:30:59.218    AVAST engine scan C:\WINDOWS\system32
12:34:40.843    AVAST engine scan C:\WINDOWS\system32\drivers
12:35:00.531    AVAST engine scan C:\Dokumente und Einstellungen\markus
12:36:26.250    AVAST engine scan C:\Dokumente und Einstellungen\All Users
12:37:31.875    Scan finished successfully
12:37:44.578    Disk 0 MBR has been saved successfully to "C:\Dokumente und Einstellungen\markus\Desktop\MBR.dat"
12:37:44.578    The log file has been saved successfully to "C:\Dokumente und Einstellungen\markus\Desktop\aswMBR.txt"

cosinus 24.02.2012 12:43
Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C:) nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

http://saved.im/mtkwmtcxexhp/setting...8_16-25-18.jpg


Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, Verknüpfungen auf dem Desktop oder im Startmenü unter "alle Programme" fehlen, bitte unhide ausführen:
Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop.
Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )
http://www.trojaner-board.de/images/icons/icon4.gif Windows-Vista und Windows-7-User müssen das Tool per Rechtsklick als Administrator ausführen! http://www.trojaner-board.de/images/icons/icon4.gif

paradoximus 24.02.2012 13:20
Code:
13:12:15.0765 3932        TDSS rootkit removing tool 2.7.14.0 Feb 22 2012 16:54:49
13:12:16.0281 3932        ============================================================
13:12:16.0281 3932        Current date / time: 2012/02/24 13:12:16.0281
13:12:16.0281 3932        SystemInfo:
13:12:16.0281 3932       
13:12:16.0281 3932        OS Version: 5.1.2600 ServicePack: 3.0
13:12:16.0281 3932        Product type: Workstation
13:12:16.0281 3932        ComputerName: MARKRAUM
13:12:16.0297 3932        UserName: markus
13:12:16.0297 3932        Windows directory: C:\WINDOWS
13:12:16.0297 3932        System windows directory: C:\WINDOWS
13:12:16.0297 3932        Processor architecture: Intel x86
13:12:16.0297 3932        Number of processors: 1
13:12:16.0297 3932        Page size: 0x1000
13:12:16.0297 3932        Boot type: Normal boot
13:12:16.0297 3932        ============================================================
13:12:17.0828 3932        Drive \Device\Harddisk0\DR0 - Size: 0x12A1F16000 (74.53 Gb), SectorSize: 0x200, Cylinders: 0x2601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
13:12:17.0828 3932        \Device\Harddisk0\DR0:
13:12:17.0828 3932        MBR used
13:12:17.0828 3932        \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x2711637
13:12:17.0828 3932        \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x2711676, BlocksNum 0x6DFCE4B
13:12:17.0906 3932        Initialize success
13:12:17.0906 3932        ============================================================
13:15:50.0031 4024        ============================================================
13:15:50.0031 4024        Scan started
13:15:50.0031 4024        Mode: Manual; SigCheck; TDLFS;
13:15:50.0031 4024        ============================================================
13:15:50.0625 4024        Abiosdsk - ok
13:15:50.0656 4024        abp480n5 - ok
13:15:50.0718 4024        ACPI            (ac407f1a62c3a300b4f2b5a9f1d55b2c) C:\WINDOWS\system32\DRIVERS\ACPI.sys
13:15:51.0437 4024        ACPI - ok
13:15:51.0500 4024        ACPIEC          (9e1ca3160dafb159ca14f83b1e317f75) C:\WINDOWS\system32\drivers\ACPIEC.sys
13:15:51.0687 4024        ACPIEC - ok
13:15:51.0718 4024        actser          (55c1a273a08e076a3bb7d080ffe06b06) C:\WINDOWS\system32\drivers\actser.sys
13:15:51.0750 4024        actser ( UnsignedFile.Multi.Generic ) - warning
13:15:51.0750 4024        actser - detected UnsignedFile.Multi.Generic (1)
13:15:51.0781 4024        adpu160m - ok
13:15:51.0828 4024        aec            (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
13:15:52.0015 4024        aec - ok
13:15:52.0062 4024        AFD            (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
13:15:52.0109 4024        AFD - ok
13:15:52.0140 4024        Aha154x - ok
13:15:52.0156 4024        aic78u2 - ok
13:15:52.0187 4024        aic78xx - ok
13:15:52.0218 4024        ALCXSENS - ok
13:15:52.0234 4024        ALCXWDM - ok
13:15:52.0297 4024        AliIde - ok
13:15:52.0312 4024        amsint - ok
13:15:52.0375 4024        Arp1394        (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
13:15:52.0578 4024        Arp1394 - ok
13:15:52.0593 4024        asc - ok
13:15:52.0625 4024        asc3350p - ok
13:15:52.0656 4024        asc3550 - ok
13:15:52.0718 4024        AsyncMac        (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
13:15:52.0922 4024        AsyncMac - ok
13:15:52.0953 4024        atapi          (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
13:15:53.0156 4024        atapi - ok
13:15:53.0187 4024        Atdisk - ok
13:15:53.0218 4024        Atmarpc        (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
13:15:53.0390 4024        Atmarpc - ok
13:15:53.0453 4024        audstub        (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
13:15:53.0625 4024        audstub - ok
13:15:53.0656 4024        avgntflt        (7713e4eb0276702faa08e52a6e23f2a6) C:\WINDOWS\system32\DRIVERS\avgntflt.sys
13:15:54.0078 4024        avgntflt - ok
13:15:54.0125 4024        avipbb          (13b02b9b969dde270cd7c351203dad3c) C:\WINDOWS\system32\DRIVERS\avipbb.sys
13:15:54.0156 4024        avipbb - ok
13:15:54.0172 4024        avkmgr          (271cfd1a989209b1964e24d969552bf7) C:\WINDOWS\system32\DRIVERS\avkmgr.sys
13:15:54.0203 4024        avkmgr - ok
13:15:54.0250 4024        Beep            (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
13:15:54.0437 4024        Beep - ok
13:15:54.0484 4024        BVRPMPR5        (2120b6607cbbe426ce821643838ea1d3) C:\WINDOWS\system32\drivers\BVRPMPR5.SYS
13:15:54.0515 4024        BVRPMPR5 ( UnsignedFile.Multi.Generic ) - warning
13:15:54.0515 4024        BVRPMPR5 - detected UnsignedFile.Multi.Generic (1)
13:15:54.0593 4024        catchme - ok
13:15:54.0625 4024        cbidf2k        (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
13:15:54.0843 4024        cbidf2k - ok
13:15:54.0875 4024        CCDECODE        (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
13:15:55.0078 4024        CCDECODE - ok
13:15:55.0109 4024        cd20xrnt - ok
13:15:55.0140 4024        Cdaudio        (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
13:15:55.0359 4024        Cdaudio - ok
13:15:55.0390 4024        Cdfs            (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
13:15:55.0609 4024        Cdfs - ok
13:15:55.0656 4024        Cdrom          (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
13:15:55.0890 4024        Cdrom - ok
13:15:55.0906 4024        Changer - ok
13:15:55.0968 4024        CmdIde - ok
13:15:56.0015 4024        Cpqarray - ok
13:15:56.0062 4024        cpuz135        (c2eb4539a4f6ab6edd01bdc191619975) C:\WINDOWS\system32\drivers\cpuz135_x32.sys
13:15:56.0078 4024        cpuz135 - ok
13:15:56.0093 4024        dac2w2k - ok
13:15:56.0125 4024        dac960nt - ok
13:15:56.0187 4024        DELTA          (b34dafa517f838b82a4256b08346917f) C:\WINDOWS\system32\DRIVERS\delta.sys
13:15:56.0218 4024        DELTA ( UnsignedFile.Multi.Generic ) - warning
13:15:56.0218 4024        DELTA - detected UnsignedFile.Multi.Generic (1)
13:15:56.0250 4024        Disk            (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
13:15:56.0437 4024        Disk - ok
13:15:56.0515 4024        dmboot          (0dcfc8395a99fecbb1ef771cec7fe4ea) C:\WINDOWS\system32\drivers\dmboot.sys
13:15:56.0765 4024        dmboot - ok
13:15:56.0812 4024        dmio            (53720ab12b48719d00e327da470a619a) C:\WINDOWS\system32\drivers\dmio.sys
13:15:57.0031 4024        dmio - ok
13:15:57.0078 4024        dmload          (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
13:15:57.0265 4024        dmload - ok
13:15:57.0312 4024        DMusic          (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
13:15:57.0515 4024        DMusic - ok
13:15:57.0562 4024        dpti2o - ok
13:15:57.0578 4024        drmkaud        (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
13:15:57.0781 4024        drmkaud - ok
13:15:57.0843 4024        enodpl          (b4556f3d468c8dcb0b259d9d866cd4c4) C:\WINDOWS\system32\drivers\enodpl.sys
13:15:57.0859 4024        enodpl ( UnsignedFile.Multi.Generic ) - warning
13:15:57.0859 4024        enodpl - detected UnsignedFile.Multi.Generic (1)
13:15:57.0922 4024        Fastfat        (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
13:15:58.0125 4024        Fastfat - ok
13:15:58.0172 4024        Fdc            (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
13:15:58.0359 4024        Fdc - ok
13:15:58.0390 4024        Fips            (b0678a548587c5f1967b0d70bacad6c1) C:\WINDOWS\system32\drivers\Fips.sys
13:15:58.0656 4024        Fips - ok
13:15:58.0718 4024        Flpydisk        (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
13:15:58.0984 4024        Flpydisk - ok
13:15:59.0062 4024        FltMgr          (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
13:15:59.0328 4024        FltMgr - ok
13:15:59.0375 4024        Fs_Rec          (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
13:15:59.0656 4024        Fs_Rec - ok
13:15:59.0718 4024        Ftdisk          (8f1955ce42e1484714b542f341647778) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
13:16:00.0015 4024        Ftdisk - ok
13:16:00.0062 4024        Gpc            (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
13:16:00.0343 4024        Gpc - ok
13:16:00.0406 4024        hidusb          (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
13:16:00.0656 4024        hidusb - ok
13:16:00.0672 4024        hpn - ok
13:16:00.0734 4024        HPZid412        (d03d10f7ded688fecf50f8fbf1ea9b8a) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
13:16:00.0812 4024        HPZid412 - ok
13:16:00.0859 4024        HPZipr12        (89f41658929393487b6b7d13c8528ce3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
13:16:00.0906 4024        HPZipr12 - ok
13:16:00.0953 4024        HPZius12        (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
13:16:01.0015 4024        HPZius12 - ok
13:16:01.0062 4024        HTTP            (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
13:16:01.0109 4024        HTTP - ok
13:16:01.0140 4024        i2omgmt - ok
13:16:01.0156 4024        i2omp - ok
13:16:01.0203 4024        i8042prt        (e283b97cfbeb86c1d86baed5f7846a92) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
13:16:01.0390 4024        i8042prt - ok
13:16:01.0437 4024        Imapi          (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
13:16:01.0640 4024        Imapi - ok
13:16:01.0672 4024        ini910u - ok
13:16:01.0703 4024        IntelIde - ok
13:16:01.0718 4024        intelppm        (4c7d2750158ed6e7ad642d97bffae351) C:\WINDOWS\system32\DRIVERS\intelppm.sys
13:16:01.0953 4024        intelppm - ok
13:16:01.0968 4024        Ip6Fw          (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
13:16:02.0187 4024        Ip6Fw - ok
13:16:02.0234 4024        IpFilterDriver  (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
13:16:02.0437 4024        IpFilterDriver - ok
13:16:02.0468 4024        IpInIp          (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
13:16:02.0656 4024        IpInIp - ok
13:16:02.0703 4024        IpNat          (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
13:16:03.0156 4024        IpNat - ok
13:16:03.0203 4024        IPSec          (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
13:16:03.0406 4024        IPSec - ok
13:16:03.0437 4024        IRENUM          (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
13:16:03.0547 4024        IRENUM - ok
13:16:03.0593 4024        isapnp          (6dfb88f64135c525433e87648bda30de) C:\WINDOWS\system32\DRIVERS\isapnp.sys
13:16:03.0843 4024        isapnp - ok
13:16:03.0906 4024        ithsgt          (b7a5fadf67136fda7e8f25303565b674) C:\WINDOWS\system32\DRIVERS\ithsgt.sys
13:16:03.0922 4024        ithsgt ( UnsignedFile.Multi.Generic ) - warning
13:16:03.0922 4024        ithsgt - detected UnsignedFile.Multi.Generic (1)
13:16:03.0953 4024        Kbdclass        (1704d8c4c8807b889e43c649b478a452) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
13:16:04.0172 4024        Kbdclass - ok
13:16:04.0250 4024        kbdhid          (b6d6c117d771c98130497265f26d1882) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
13:16:04.0468 4024        kbdhid - ok
13:16:04.0500 4024        kmixer          (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
13:16:04.0703 4024        kmixer - ok
13:16:04.0734 4024        KSecDD          (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
13:16:04.0812 4024        KSecDD - ok
13:16:04.0843 4024        Lavasoft Kernexplorer - ok
13:16:04.0875 4024        Lbd            (b7c19ec8b0dd7efa58ad41ffeb8b8cda) C:\WINDOWS\system32\DRIVERS\Lbd.sys
13:16:04.0906 4024        Lbd - ok
13:16:04.0922 4024        lbrtfdc - ok
13:16:04.0968 4024        lilsgt          (16767ea492b5d140e1de3679a65eae74) C:\WINDOWS\system32\DRIVERS\lilsgt.sys
13:16:04.0984 4024        lilsgt ( UnsignedFile.Multi.Generic ) - warning
13:16:04.0984 4024        lilsgt - detected UnsignedFile.Multi.Generic (1)
13:16:05.0047 4024        mnmdd          (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
13:16:05.0250 4024        mnmdd - ok
13:16:05.0281 4024        Modem          (6fb74ebd4ec57a6f1781de3852cc3362) C:\WINDOWS\system32\drivers\Modem.sys
13:16:05.0484 4024        Modem - ok
13:16:05.0515 4024        Mouclass        (b24ce8005deab254c0251e15cb71d802) C:\WINDOWS\system32\DRIVERS\mouclass.sys
13:16:05.0734 4024        Mouclass - ok
13:16:05.0781 4024        mouhid          (66a6f73c74e1791464160a7065ce711a) C:\WINDOWS\system32\DRIVERS\mouhid.sys
13:16:05.0984 4024        mouhid - ok
13:16:06.0015 4024        MountMgr        (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
13:16:06.0218 4024        MountMgr - ok
13:16:06.0234 4024        mraid35x - ok
13:16:06.0265 4024        MRxDAV          (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
13:16:06.0453 4024        MRxDAV - ok
13:16:06.0484 4024        MRxSmb          (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
13:16:06.0547 4024        MRxSmb - ok
13:16:06.0593 4024        Msfs            (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
13:16:06.0797 4024        Msfs - ok
13:16:06.0843 4024        MSKSSRV        (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
13:16:07.0031 4024        MSKSSRV - ok
13:16:07.0062 4024        MSPCLOCK        (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
13:16:07.0250 4024        MSPCLOCK - ok
13:16:07.0281 4024        MSPQM          (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
13:16:07.0453 4024        MSPQM - ok
13:16:07.0500 4024        mssmbios        (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
13:16:07.0703 4024        mssmbios - ok
13:16:07.0734 4024        MSTEE          (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
13:16:07.0968 4024        MSTEE - ok
13:16:08.0000 4024        Mup            (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
13:16:08.0047 4024        Mup - ok
13:16:08.0093 4024        NABTSFEC        (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
13:16:08.0312 4024        NABTSFEC - ok
13:16:08.0343 4024        NDIS            (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
13:16:08.0625 4024        NDIS - ok
13:16:08.0797 4024        NdisIP          (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
13:16:09.0265 4024        NdisIP - ok
13:16:09.0453 4024        NdisTapi        (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
13:16:09.0547 4024        NdisTapi - ok
13:16:09.0593 4024        Ndisuio        (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
13:16:09.0797 4024        Ndisuio - ok
13:16:09.0828 4024        NdisWan        (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
13:16:10.0015 4024        NdisWan - ok
13:16:10.0047 4024        NDProxy        (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
13:16:10.0093 4024        NDProxy - ok
13:16:10.0140 4024        NetBIOS        (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
13:16:10.0328 4024        NetBIOS - ok
13:16:10.0359 4024        NetBT          (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
13:16:10.0578 4024        NetBT - ok
13:16:10.0625 4024        NIC1394        (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
13:16:10.0828 4024        NIC1394 - ok
13:16:10.0875 4024        Npfs            (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
13:16:11.0062 4024        Npfs - ok
13:16:11.0109 4024        Ntfs            (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
13:16:11.0343 4024        Ntfs - ok
13:16:11.0375 4024        Null            (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
13:16:11.0578 4024        Null - ok
13:16:12.0047 4024        nv              (4b54dcd6adee535df80f07c59ddd8f14) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
13:16:12.0672 4024        nv - ok
13:16:12.0718 4024        NwlnkFlt        (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
13:16:12.0922 4024        NwlnkFlt - ok
13:16:12.0937 4024        NwlnkFwd        (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
13:16:13.0140 4024        NwlnkFwd - ok
13:16:13.0172 4024        ohci1394        (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
13:16:13.0390 4024        ohci1394 - ok
13:16:13.0437 4024        Parport        (f84785660305b9b903fb3bca8ba29837) C:\WINDOWS\system32\DRIVERS\parport.sys
13:16:13.0640 4024        Parport - ok
13:16:13.0656 4024        PartMgr        (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
13:16:13.0875 4024        PartMgr - ok
13:16:13.0922 4024        ParVdm          (c2bf987829099a3eaa2ca6a0a90ecb4f) C:\WINDOWS\system32\drivers\ParVdm.sys
13:16:14.0109 4024        ParVdm - ok
13:16:14.0125 4024        PCI            (387e8dedc343aa2d1efbc30580273acd) C:\WINDOWS\system32\DRIVERS\pci.sys
13:16:14.0312 4024        PCI - ok
13:16:14.0343 4024        PCIDump - ok
13:16:14.0375 4024        PCIIde          (59ba86d9a61cbcf4df8e598c331f5b82) C:\WINDOWS\system32\DRIVERS\pciide.sys
13:16:14.0562 4024        PCIIde - ok
13:16:14.0609 4024        Pcmcia          (a2a966b77d61847d61a3051df87c8c97) C:\WINDOWS\system32\drivers\Pcmcia.sys
13:16:14.0812 4024        Pcmcia - ok
13:16:14.0843 4024        PDCOMP - ok
13:16:14.0859 4024        PDFRAME - ok
13:16:14.0875 4024        PDRELI - ok
13:16:14.0890 4024        PDRFRAME - ok
13:16:14.0906 4024        perc2 - ok
13:16:14.0937 4024        perc2hib - ok
13:16:15.0000 4024        PptpMiniport    (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
13:16:15.0187 4024        PptpMiniport - ok
13:16:15.0218 4024        PSched          (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
13:16:15.0422 4024        PSched - ok
13:16:15.0453 4024        Ptilink        (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
13:16:15.0640 4024        Ptilink - ok
13:16:15.0656 4024        ql1080 - ok
13:16:15.0687 4024        Ql10wnt - ok
13:16:15.0703 4024        ql12160 - ok
13:16:15.0718 4024        ql1240 - ok
13:16:15.0734 4024        ql1280 - ok
13:16:15.0765 4024        RasAcd          (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
13:16:15.0922 4024        RasAcd - ok
13:16:15.0953 4024        Rasl2tp        (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
13:16:16.0156 4024        Rasl2tp - ok
13:16:16.0187 4024        RasPppoe        (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
13:16:16.0359 4024        RasPppoe - ok
13:16:16.0390 4024        Raspti          (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
13:16:16.0593 4024        Raspti - ok
13:16:16.0640 4024        Rdbss          (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
13:16:16.0843 4024        Rdbss - ok
13:16:16.0890 4024        RDPCDD          (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
13:16:17.0093 4024        RDPCDD - ok
13:16:17.0140 4024        RDPWD          (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
13:16:17.0187 4024        RDPWD - ok
13:16:17.0218 4024        redbook        (ed761d453856f795a7fe056e42c36365) C:\WINDOWS\system32\DRIVERS\redbook.sys
13:16:17.0406 4024        redbook - ok
13:16:17.0453 4024        ROOTMODEM      (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys
13:16:17.0625 4024        ROOTMODEM - ok
13:16:17.0687 4024        rtl8139        (d507c1400284176573224903819ffda3) C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
13:16:17.0906 4024        rtl8139 - ok
13:16:17.0968 4024        Secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
13:16:18.0047 4024        Secdrv - ok
13:16:18.0093 4024        serenum        (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
13:16:18.0250 4024        serenum - ok
13:16:18.0281 4024        Serial          (cf24eb4f0412c82bcd1f4f35a025e31d) C:\WINDOWS\system32\DRIVERS\serial.sys
13:16:18.0593 4024        Serial - ok
13:16:18.0781 4024        Sfloppy        (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
13:16:19.0172 4024        Sfloppy - ok
13:16:19.0297 4024        Simbad - ok
13:16:19.0468 4024        siusbmod        (b1b3daa853d37a0368ed399995938755) C:\WINDOWS\system32\DRIVERS\siusbmod.sys
13:16:19.0547 4024        siusbmod - ok
13:16:19.0578 4024        SLIP            (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
13:16:19.0781 4024        SLIP - ok
13:16:19.0797 4024        Sparrow - ok
13:16:19.0828 4024        splitter        (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
13:16:20.0015 4024        splitter - ok
13:16:20.0047 4024        sr              (50fa898f8c032796d3b1b9951bb5a90f) C:\WINDOWS\system32\DRIVERS\sr.sys
13:16:20.0125 4024        sr - ok
13:16:20.0156 4024        Srv            (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
13:16:20.0234 4024        Srv - ok
13:16:20.0281 4024        ssmdrv          (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
13:16:20.0297 4024        ssmdrv - ok
13:16:20.0343 4024        streamip        (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
13:16:20.0515 4024        streamip - ok
13:16:20.0562 4024        swenum          (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
13:16:20.0750 4024        swenum - ok
13:16:20.0797 4024        swmidi          (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
13:16:20.0984 4024        swmidi - ok
13:16:21.0015 4024        symc810 - ok
13:16:21.0031 4024        symc8xx - ok
13:16:21.0047 4024        sym_hi - ok
13:16:21.0078 4024        sym_u3 - ok
13:16:21.0109 4024        sysaudio        (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
13:16:21.0281 4024        sysaudio - ok
13:16:21.0328 4024        tandpl          (126d7b3b4c7b724491c604060e1f4e14) C:\WINDOWS\system32\drivers\tandpl.sys
13:16:21.0343 4024        tandpl ( UnsignedFile.Multi.Generic ) - warning
13:16:21.0343 4024        tandpl - detected UnsignedFile.Multi.Generic (1)
13:16:21.0390 4024        Tcpip          (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
13:16:21.0453 4024        Tcpip - ok
13:16:21.0484 4024        TDPIPE          (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
13:16:21.0687 4024        TDPIPE - ok
13:16:21.0718 4024        TDTCP          (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
13:16:21.0922 4024        TDTCP - ok
13:16:21.0953 4024        TermDD          (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
13:16:22.0156 4024        TermDD - ok
13:16:22.0187 4024        TosIde - ok
13:16:22.0234 4024        uagp35          (d85938f272d1bcf3db3a31fc0a048928) C:\WINDOWS\system32\DRIVERS\uagp35.sys
13:16:22.0422 4024        uagp35 - ok
13:16:22.0453 4024        ubrxkh          (5261e74e61bde384a0233d3823cedc39) C:\WINDOWS\system32\drivers\ubrxkh.sys
13:16:22.0484 4024        ubrxkh ( UnsignedFile.Multi.Generic ) - warning
13:16:22.0484 4024        ubrxkh - detected UnsignedFile.Multi.Generic (1)
13:16:22.0515 4024        Udfs            (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
13:16:22.0703 4024        Udfs - ok
13:16:22.0734 4024        ultra - ok
13:16:22.0797 4024        UnlockerDriver5 (bb879dcfd22926efbeb3298129898cbb) C:\Programme\Unlocker\UnlockerDriver5.sys
13:16:22.0828 4024        UnlockerDriver5 ( UnsignedFile.Multi.Generic ) - warning
13:16:22.0828 4024        UnlockerDriver5 - detected UnsignedFile.Multi.Generic (1)
13:16:22.0859 4024        Update          (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
13:16:23.0078 4024        Update - ok
13:16:23.0140 4024        usbaudio        (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
13:16:23.0328 4024        usbaudio - ok
13:16:23.0359 4024        usbccgp        (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
13:16:23.0547 4024        usbccgp - ok
13:16:23.0593 4024        usbehci        (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
13:16:23.0765 4024        usbehci - ok
13:16:23.0797 4024        usbhub          (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
13:16:23.0984 4024        usbhub - ok
13:16:24.0015 4024        usbohci        (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
13:16:24.0203 4024        usbohci - ok
13:16:24.0234 4024        usbprint        (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
13:16:24.0422 4024        usbprint - ok
13:16:24.0453 4024        usbscan        (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
13:16:24.0640 4024        usbscan - ok
13:16:24.0672 4024        USBSTOR        (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
13:16:24.0875 4024        USBSTOR - ok
13:16:24.0906 4024        VgaSave        (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
13:16:25.0093 4024        VgaSave - ok
13:16:25.0125 4024        ViaIde - ok
13:16:25.0156 4024        VolSnap        (a5a712f4e880874a477af790b5186e1d) C:\WINDOWS\system32\drivers\VolSnap.sys
13:16:25.0328 4024        VolSnap - ok
13:16:25.0359 4024        vsbus          (1c8a783e90c34d205596f1ab4a97e261) C:\WINDOWS\system32\DRIVERS\vsb.sys
13:16:25.0375 4024        vsbus ( UnsignedFile.Multi.Generic ) - warning
13:16:25.0375 4024        vsbus - detected UnsignedFile.Multi.Generic (1)
13:16:25.0422 4024        vserial        (3377daa1cb8cac46a538c236f5f3d58f) C:\WINDOWS\system32\DRIVERS\vserial.sys
13:16:25.0437 4024        vserial ( UnsignedFile.Multi.Generic ) - warning
13:16:25.0437 4024        vserial - detected UnsignedFile.Multi.Generic (1)
13:16:25.0484 4024        Wanarp          (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
13:16:25.0656 4024        Wanarp - ok
13:16:25.0687 4024        WDICA - ok
13:16:25.0718 4024        wdmaud          (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
13:16:25.0922 4024        wdmaud - ok
13:16:26.0015 4024        WpdUsb          (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
13:16:26.0047 4024        WpdUsb - ok
13:16:26.0093 4024        WS2IFSL        (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
13:16:26.0265 4024        WS2IFSL - ok
13:16:26.0312 4024        WSTCODEC        (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
13:16:26.0500 4024        WSTCODEC - ok
13:16:26.0531 4024        WudfPf          (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
13:16:26.0578 4024        WudfPf - ok
13:16:26.0609 4024        WudfRd          (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
13:16:26.0640 4024        WudfRd - ok
13:16:26.0672 4024        MBR (0x1B8)    (72b8ce41af0de751c946802b3ed844b4) \Device\Harddisk0\DR0
13:16:26.0906 4024        \Device\Harddisk0\DR0 - ok
13:16:26.0922 4024        Boot (0x1200)  (6da20bb7ebfbe779d6c673483b6a6ab8) \Device\Harddisk0\DR0\Partition0
13:16:26.0922 4024        \Device\Harddisk0\DR0\Partition0 - ok
13:16:26.0937 4024        Boot (0x1200)  (6f00008a2445d4cf943145487e1775c3) \Device\Harddisk0\DR0\Partition1
13:16:26.0937 4024        \Device\Harddisk0\DR0\Partition1 - ok
13:16:26.0953 4024        ============================================================
13:16:26.0953 4024        Scan finished
13:16:26.0953 4024        ============================================================
13:16:27.0062 1284        Detected object count: 11
13:16:27.0062 1284        Actual detected object count: 11
13:16:56.0406 1284        actser ( UnsignedFile.Multi.Generic ) - skipped by user
13:16:56.0406 1284        actser ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:16:56.0406 1284        BVRPMPR5 ( UnsignedFile.Multi.Generic ) - skipped by user
13:16:56.0406 1284        BVRPMPR5 ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:16:56.0406 1284        DELTA ( UnsignedFile.Multi.Generic ) - skipped by user
13:16:56.0406 1284        DELTA ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:16:56.0406 1284        enodpl ( UnsignedFile.Multi.Generic ) - skipped by user
13:16:56.0406 1284        enodpl ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:16:56.0422 1284        ithsgt ( UnsignedFile.Multi.Generic ) - skipped by user
13:16:56.0422 1284        ithsgt ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:16:56.0422 1284        lilsgt ( UnsignedFile.Multi.Generic ) - skipped by user
13:16:56.0422 1284        lilsgt ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:16:56.0422 1284        tandpl ( UnsignedFile.Multi.Generic ) - skipped by user
13:16:56.0422 1284        tandpl ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:16:56.0422 1284        ubrxkh ( UnsignedFile.Multi.Generic ) - skipped by user
13:16:56.0422 1284        ubrxkh ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:16:56.0422 1284        UnlockerDriver5 ( UnsignedFile.Multi.Generic ) - skipped by user
13:16:56.0422 1284        UnlockerDriver5 ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:16:56.0422 1284        vsbus ( UnsignedFile.Multi.Generic ) - skipped by user
13:16:56.0422 1284        vsbus ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:16:56.0437 1284        vserial ( UnsignedFile.Multi.Generic ) - skipped by user
13:16:56.0437 1284        vserial ( UnsignedFile.Multi.Generic ) - User select action: Skip

cosinus 24.02.2012 13:50
Siehst nun geht der auch. Jetzt geht CF bestimmt auch wieder :)

Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.

paradoximus 24.02.2012 14:34
[code]
Combofix Logfile:
Code:
ComboFix 12-02-24.01 - markus 24.02.2012  14:20:46.1.1 - x86
Microsoft Windows XP Home Edition  5.1.2600.3.1252.49.1031.18.1022.585 [GMT 1:00]
ausgeführt von:: c:\dokumente und einstellungen\markus\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\dokumente und einstellungen\markus\Anwendungsdaten\Local
c:\dokumente und einstellungen\markus\Anwendungsdaten\Local\Temp\DDM\Settings\0.ddi
c:\dokumente und einstellungen\markus\Anwendungsdaten\Local\Temp\DDM\Settings\1.ddi
c:\dokumente und einstellungen\markus\Anwendungsdaten\Local\Temp\DDM\Settings\2.ddi
c:\dokumente und einstellungen\markus\Anwendungsdaten\Local\Temp\DDM\Settings\AM.avi.ddr
c:\dokumente und einstellungen\markus\Anwendungsdaten\Local\Temp\DDM\Settings\FF-IiD.avi.ddr
c:\dokumente und einstellungen\markus\Anwendungsdaten\Local\Temp\DDM\Settings\Post_Install_RB_HiQ_de.divx.ddr
c:\dokumente und einstellungen\markus\Anwendungsdaten\Local\Temp\DDM\Settings\settings.ddi
c:\dokumente und einstellungen\markus\Anwendungsdaten\Local\Temp\DDM\Settings\Temporary Downloaded Files\AM.avi.ddp
c:\dokumente und einstellungen\markus\Anwendungsdaten\Local\Temp\DDM\Settings\Temporary Downloaded Files\FF-IiD.avi.ddp
c:\dokumente und einstellungen\markus\Anwendungsdaten\Local\Temp\DDM\Settings\Temporary Downloaded Files\Post_Install_RB_HiQ_de.divx.ddp
c:\dokumente und einstellungen\markus\WINDOWS
c:\windows\IsUn0407.exe
c:\windows\unin0407.exe
.
.
(((((((((((((((((((((((  Dateien erstellt von 2012-01-24 bis 2012-02-24  ))))))))))))))))))))))))))))))
.
.
2012-02-23 10:40 . 2012-02-23 10:40        --------        d-----w-        c:\dokumente und einstellungen\markus\Anwendungsdaten\ImgBurn
2012-02-23 10:34 . 2012-02-23 10:34        --------        d-----w-        c:\programme\ImgBurn
2012-02-23 09:16 . 2012-02-23 09:16        --------        d-----w-        c:\dokumente und einstellungen\markus\Anwendungsdaten\Online Solutions
2012-02-23 09:15 . 2012-02-23 09:16        311296        ----a-w-        c:\windows\system32\drivers\ubrxkh.sys
2012-02-19 18:16 . 2012-02-19 18:16        --------        d-----w-        C:\_OTL
2012-02-19 16:02 . 2012-02-19 16:02        --------        d-----w-        c:\dokumente und einstellungen\markus\Anwendungsdaten\Malwarebytes
2012-02-19 16:02 . 2012-02-19 16:02        --------        d-----w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\Malwarebytes
2012-02-19 15:36 . 2011-06-21 10:24        32768        ----a-w-        c:\windows\system32\drivers\sp_rsdrv2.sys
2012-02-18 19:29 . 2012-02-18 19:29        --------        d-----w-        c:\dokumente und einstellungen\markus\Anwendungsdaten\Avira
2012-02-18 19:23 . 2012-01-31 07:56        137416        ----a-w-        c:\windows\system32\drivers\avipbb.sys
2012-02-18 19:23 . 2011-09-16 15:08        36000        ----a-w-        c:\windows\system32\drivers\avkmgr.sys
2012-02-18 19:23 . 2012-02-18 19:23        --------        d-----w-        c:\programme\Avira
2012-02-18 19:23 . 2012-02-18 19:23        --------        d-----w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\Avira
2012-02-18 17:47 . 2012-02-18 17:47        --------        d-----w-        C:\$AVG
2012-02-18 17:41 . 2012-02-19 15:43        --------        d-----w-        c:\programme\Spybot - Search & Destroy
2012-02-18 17:41 . 2012-02-19 15:33        --------        d-----w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy
2012-02-18 13:48 . 2012-02-18 14:10        --------        d-----w-        c:\dokumente und einstellungen\Administrator
2012-02-13 09:07 . 2012-02-18 09:35        134104        ----a-w-        c:\programme\Mozilla Firefox\components\browsercomps.dll
2012-02-13 09:07 . 2012-02-18 09:35        97240        ----a-w-        c:\programme\Mozilla Firefox\libEGL.dll
2012-02-13 09:07 . 2012-02-13 09:07        2106216        ----a-w-        c:\programme\Mozilla Firefox\D3DCompiler_43.dll
2012-02-13 09:07 . 2012-02-13 09:07        1998168        ----a-w-        c:\programme\Mozilla Firefox\d3dx9_43.dll
2012-02-13 09:07 . 2012-02-18 09:35        801752        ----a-w-        c:\programme\Mozilla Firefox\mozsqlite3.dll
2012-02-13 09:07 . 2012-02-18 09:35        45016        ----a-w-        c:\programme\Mozilla Firefox\mozutils.dll
2012-02-13 09:07 . 2012-02-18 09:35        437208        ----a-w-        c:\programme\Mozilla Firefox\libGLESv2.dll
2012-02-13 09:07 . 2012-02-18 09:35        1911768        ----a-w-        c:\programme\Mozilla Firefox\mozjs.dll
2012-02-13 09:07 . 2012-02-18 09:35        15832        ----a-w-        c:\programme\Mozilla Firefox\mozalloc.dll
2012-02-13 09:07 . 2012-02-13 09:07        548864        ----a-w-        c:\programme\Mozilla Firefox\msvcp80.dll
2012-02-13 09:07 . 2012-02-13 09:07        479232        ----a-w-        c:\programme\Mozilla Firefox\msvcm80.dll
2012-02-13 09:07 . 2012-02-13 09:07        626688        ----a-w-        c:\programme\Mozilla Firefox\msvcr80.dll
2012-02-07 15:45 . 2012-02-07 15:45        --------        d-----w-        c:\dokumente und einstellungen\markus\Anwendungsdaten\NVIDIA
2012-02-07 00:51 . 2011-10-08 04:50        298304        ----a-w-        c:\windows\system32\nvsvc32.exe
2012-02-07 00:50 . 2011-10-08 04:50        877376        ----a-w-        c:\windows\system32\nvgenco32.dll
2012-02-07 00:50 . 2011-10-08 04:50        919872        ----a-w-        c:\windows\system32\nvdispco32.dll
2012-01-30 15:58 . 2012-01-30 16:07        --------        d-----w-        c:\programme\Interplay
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-31 07:56 . 2009-04-12 09:29        74640        ----a-w-        c:\windows\system32\drivers\avgntflt.sys
2012-01-12 17:20 . 2004-08-04 12:00        1860096        ----a-w-        c:\windows\system32\win32k.sys
2011-12-19 08:53 . 2004-08-04 12:00        81920        ----a-w-        c:\windows\system32\ieencode.dll
2011-12-19 08:53 . 2004-08-04 12:00        672768        ----a-w-        c:\windows\system32\wininet.dll
2011-12-19 08:53 . 2004-08-04 12:00        61952        ----a-w-        c:\windows\system32\tdc.ocx
2011-12-19 08:52 . 2004-08-04 12:00        371200        ----a-w-        c:\windows\system32\html.iec
2012-02-18 09:35 . 2012-02-13 09:07        134104        ----a-w-        c:\programme\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\programme\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
"ToADiMon.exe"="c:\programme\T-Online\T-Online_Software_5\Basis-Software\Basis1\ToADiMon.exe" [2006-10-24 233539]
"M-Audio Taskbar Icon"="c:\windows\System32\M-AudioTaskBarIcon.exe" [2007-01-25 154112]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-10-08 16744256]
"NvMediaCenter"="NvMCTray.dll" [2011-10-08 203072]
"nwiz"="c:\programme\NVIDIA Corporation\nview\nwiz.exe" [2011-10-08 1632360]
"avgnt"="c:\programme\Avira\AntiVir Desktop\avgnt.exe" [2012-01-31 258512]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"AvgUninstallURL"="start hxxp://www.avg.com/ww.special-uninstallation-feedback-app?lic=OQBBAFYARgBSAEUARQAtAFYAMgBHADMASwAtADgANwBXAFUAVQAtADIAVABWAEgAQQAtAFgANgBEAEYAOAAtAEwANgBQAEEATgA&inst=NwA3AC0ANAAxADkAOAAxADMAMwA4ADUALQBUADQALQBCAEEAUgA5AEcAKwAxAC0ARgBMACsAOQAtAEYAOQBNADYAKwAxAC0AWABPADMANgArADEALQBGADkATQA3AEMAKwA1AC0AQwBJAEEAOQAwACsAMgAtAFgATwA5ACsAMQAtAEYAOQBNADMAKwAxAC0ARABEAFQAKwAwAA&prod=90&ver=9.0.894" [?]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2006-01-12 15:40        155648        ----a-w-        c:\windows\system32\NeroCheck.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programme\\Mozilla Firefox\\firefox.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\Programme\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Programme\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Programme\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Programme\\HP\\Digital Imaging\\bin\\hpfcCopy.exe"=
"c:\\Programme\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Programme\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Programme\\NVIDIA Corporation\\NVIDIA Updatus\\daemonu.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1723:TCP"= 1723:TCP:@xpsp2res.dll,-22015
"1701:UDP"= 1701:UDP:@xpsp2res.dll,-22016
"500:UDP"= 500:UDP:@xpsp2res.dll,-22017
.
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [23.01.2011 20:04 64288]
R0 ubrxkh;ubrxkh;c:\windows\system32\drivers\ubrxkh.sys [23.02.2012 10:15 311296]
R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [18.02.2012 20:23 36000]
R2 AntiVirSchedulerService;Avira Planer;c:\programme\Avira\AntiVir Desktop\sched.exe [18.02.2012 20:23 86224]
R2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x32.sys [13.06.2011 12:32 21992]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\programme\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [04.07.2011 16:22 2253120]
S2 gupdate;Google Update Service (gupdate);c:\programme\Google\Update\GoogleUpdate.exe /svc --> c:\programme\Google\Update\GoogleUpdate.exe  [?]
S3 gupdatem;Google Update-Dienst (gupdatem);c:\programme\Google\Update\GoogleUpdate.exe /medsvc --> c:\programme\Google\Update\GoogleUpdate.exe  [?]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;\??\c:\programme\Lavasoft\Ad-Aware\KernExplorer.sys --> c:\programme\Lavasoft\Ad-Aware\KernExplorer.sys [?]
S3 siusbmod;siusbmod;c:\windows\system32\drivers\siusbmod.sys [21.07.2011 21:58 27008]
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - 40233273
*Deregistered* - 40233273
*Deregistered* - aswMBR
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12        REG_MULTI_SZ          Pml Driver HPZ12 Net Driver HPZ12
.
Inhalt des "geplante Tasks" Ordners
.
.
------- Zusätzlicher Suchlauf -------
.
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Free YouTube to MP3 Converter - c:\dokumente und einstellungen\markus\Anwendungsdaten\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
TCP: Interfaces\{350B46D6-17E9-4DD0-A7AA-0044CA6970D2}: NameServer = 217.0.43.113 217.0.43.97
FF - ProfilePath - c:\dokumente und einstellungen\markus\Anwendungsdaten\Mozilla\Firefox\Profiles\l5altjvj.default\
FF - prefs.js: network.proxy.type - 4
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
AddRemove-Warmonger - c:\programme\Netdevil\Warmonger\uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2012-02-24 14:27
Windows 5.1.2600 Service Pack 3 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-484763869-838170752-682003330-1004\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:49,02,0a,43,37,1e,f2,dc,47,bb,ef,a8,89,ab,d5,13,14,a4,40,e0,77,ca,75,
  0e,e8,ec,f4,27,c4,7d,7f,dc,63,a1,ef,f8,de,57,49,28,4b,1f,ce,8a,9e,3b,5e,9f,\
"??"=hex:41,e0,42,8c,cf,55,c7,95,2b,14,4d,f8,66,7b,0c,1b
.
[HKEY_USERS\S-1-5-21-484763869-838170752-682003330-1004\Software\SecuROM\License information*]
"datasecu"=hex:70,06,14,b3,af,2d,ef,47,a2,26,a2,67,1a,3b,82,a3,75,7c,cf,05,66,
  d3,25,1d,49,5f,73,bd,ee,1a,35,b0,20,c5,da,54,01,47,3a,de,8f,12,32,47,27,c5,\
"rkeysecu"=hex:a0,82,60,67,de,85,55,c8,38,3f,1a,e6,d7,bc,d5,62
.
Zeit der Fertigstellung: 2012-02-24  14:30:13
ComboFix-quarantined-files.txt  2012-02-24 13:30
.
Vor Suchlauf: 7.171.493.888 Bytes frei
Nach Suchlauf: 7.442.538.496 Bytes frei
.
- - End Of File - - DBA59BE1C0050775BB8B574B0389AD70
--- --- ---

cosinus 24.02.2012 15:55
Combofix - Scripten

1. Starte das Notepad (Start / Ausführen / notepad[Enter])

2. Jetzt füge mit copy/paste den ganzen Inhalt der untenstehenden Codebox in das Notepad Fenster ein.

Code:
File::
c:\windows\system32\drivers\ubrxkh.sys

Driver::
ubrxkh
3. Speichere im Notepad als CFScript.txt auf dem Desktop.

4. Deaktivere den Guard Deines Antivirenprogramms und eine eventuell vorhandene Software Firewall.
(Auch Guards von Ad-, Spyware Programmen und den Tea Timer (wenn vorhanden) !)

5. Dann ziehe die CFScript.txt auf die cofi.exe, so wie es im unteren Bild zu sehen ist. Damit wird Combofix neu gestartet.

http://users.pandora.be/bluepatchy/m...s/CFScript.gif

6. Nach dem Neustart (es wird gefragt ob Du neustarten willst), poste bitte die folgenden Log Dateien:
Combofix.txt

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

paradoximus 24.02.2012 16:39
[code]
Combofix Logfile:
Code:
ComboFix 12-02-24.01 - markus 24.02.2012  16:23:51.2.1 - x86
Microsoft Windows XP Home Edition  5.1.2600.3.1252.49.1031.18.1022.581 [GMT 1:00]
ausgeführt von:: c:\dokumente und einstellungen\markus\Desktop\ComboFix.exe
Benutzte Befehlsschalter :: c:\dokumente und einstellungen\markus\Desktop\CFScript.txt
AV: Avira Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
FILE ::
"c:\windows\system32\drivers\ubrxkh.sys"
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\BReWErS.dll
c:\windows\system32\drivers\ubrxkh.sys
.
.
(((((((((((((((((((((((((((((((((((((((  Treiber/Dienste  )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_UBRXKH
-------\Service_ubrxkh
.
.
(((((((((((((((((((((((  Dateien erstellt von 2012-01-24 bis 2012-02-24  ))))))))))))))))))))))))))))))
.
.
2012-02-23 10:40 . 2012-02-23 10:40        --------        d-----w-        c:\dokumente und einstellungen\markus\Anwendungsdaten\ImgBurn
2012-02-23 10:34 . 2012-02-23 10:34        --------        d-----w-        c:\programme\ImgBurn
2012-02-23 09:16 . 2012-02-23 09:16        --------        d-----w-        c:\dokumente und einstellungen\markus\Anwendungsdaten\Online Solutions
2012-02-19 18:16 . 2012-02-19 18:16        --------        d-----w-        C:\_OTL
2012-02-19 16:02 . 2012-02-19 16:02        --------        d-----w-        c:\dokumente und einstellungen\markus\Anwendungsdaten\Malwarebytes
2012-02-19 16:02 . 2012-02-19 16:02        --------        d-----w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\Malwarebytes
2012-02-19 15:36 . 2011-06-21 10:24        32768        ----a-w-        c:\windows\system32\drivers\sp_rsdrv2.sys
2012-02-18 19:29 . 2012-02-18 19:29        --------        d-----w-        c:\dokumente und einstellungen\markus\Anwendungsdaten\Avira
2012-02-18 19:23 . 2012-01-31 07:56        137416        ----a-w-        c:\windows\system32\drivers\avipbb.sys
2012-02-18 19:23 . 2011-09-16 15:08        36000        ----a-w-        c:\windows\system32\drivers\avkmgr.sys
2012-02-18 19:23 . 2012-02-18 19:23        --------        d-----w-        c:\programme\Avira
2012-02-18 19:23 . 2012-02-18 19:23        --------        d-----w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\Avira
2012-02-18 17:47 . 2012-02-18 17:47        --------        d-----w-        C:\$AVG
2012-02-18 17:41 . 2012-02-19 15:43        --------        d-----w-        c:\programme\Spybot - Search & Destroy
2012-02-18 17:41 . 2012-02-19 15:33        --------        d-----w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy
2012-02-18 13:48 . 2012-02-18 14:10        --------        d-----w-        c:\dokumente und einstellungen\Administrator
2012-02-13 09:07 . 2012-02-18 09:35        134104        ----a-w-        c:\programme\Mozilla Firefox\components\browsercomps.dll
2012-02-13 09:07 . 2012-02-18 09:35        97240        ----a-w-        c:\programme\Mozilla Firefox\libEGL.dll
2012-02-13 09:07 . 2012-02-13 09:07        2106216        ----a-w-        c:\programme\Mozilla Firefox\D3DCompiler_43.dll
2012-02-13 09:07 . 2012-02-13 09:07        1998168        ----a-w-        c:\programme\Mozilla Firefox\d3dx9_43.dll
2012-02-13 09:07 . 2012-02-18 09:35        801752        ----a-w-        c:\programme\Mozilla Firefox\mozsqlite3.dll
2012-02-13 09:07 . 2012-02-18 09:35        45016        ----a-w-        c:\programme\Mozilla Firefox\mozutils.dll
2012-02-13 09:07 . 2012-02-18 09:35        437208        ----a-w-        c:\programme\Mozilla Firefox\libGLESv2.dll
2012-02-13 09:07 . 2012-02-18 09:35        1911768        ----a-w-        c:\programme\Mozilla Firefox\mozjs.dll
2012-02-13 09:07 . 2012-02-18 09:35        15832        ----a-w-        c:\programme\Mozilla Firefox\mozalloc.dll
2012-02-13 09:07 . 2012-02-13 09:07        548864        ----a-w-        c:\programme\Mozilla Firefox\msvcp80.dll
2012-02-13 09:07 . 2012-02-13 09:07        479232        ----a-w-        c:\programme\Mozilla Firefox\msvcm80.dll
2012-02-13 09:07 . 2012-02-13 09:07        626688        ----a-w-        c:\programme\Mozilla Firefox\msvcr80.dll
2012-02-07 15:45 . 2012-02-07 15:45        --------        d-----w-        c:\dokumente und einstellungen\markus\Anwendungsdaten\NVIDIA
2012-02-07 00:51 . 2011-10-08 04:50        298304        ----a-w-        c:\windows\system32\nvsvc32.exe
2012-02-07 00:50 . 2011-10-08 04:50        877376        ----a-w-        c:\windows\system32\nvgenco32.dll
2012-02-07 00:50 . 2011-10-08 04:50        919872        ----a-w-        c:\windows\system32\nvdispco32.dll
2012-01-30 15:58 . 2012-01-30 16:07        --------        d-----w-        c:\programme\Interplay
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-31 07:56 . 2009-04-12 09:29        74640        ----a-w-        c:\windows\system32\drivers\avgntflt.sys
2012-01-12 17:20 . 2004-08-04 12:00        1860096        ----a-w-        c:\windows\system32\win32k.sys
2011-12-19 08:53 . 2004-08-04 12:00        81920        ----a-w-        c:\windows\system32\ieencode.dll
2011-12-19 08:53 . 2004-08-04 12:00        672768        ----a-w-        c:\windows\system32\wininet.dll
2011-12-19 08:53 . 2004-08-04 12:00        61952        ----a-w-        c:\windows\system32\tdc.ocx
2011-12-19 08:52 . 2004-08-04 12:00        371200        ----a-w-        c:\windows\system32\html.iec
2012-02-18 09:35 . 2012-02-13 09:07        134104        ----a-w-        c:\programme\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((  SnapShot@2012-02-24_13.27.36  )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-02-24 15:31 . 2012-02-24 15:31        16384              c:\windows\Temp\Perflib_Perfdata_3b8.dat
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\programme\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
"ToADiMon.exe"="c:\programme\T-Online\T-Online_Software_5\Basis-Software\Basis1\ToADiMon.exe" [2006-10-24 233539]
"M-Audio Taskbar Icon"="c:\windows\System32\M-AudioTaskBarIcon.exe" [2007-01-25 154112]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-10-08 16744256]
"NvMediaCenter"="NvMCTray.dll" [2011-10-08 203072]
"nwiz"="c:\programme\NVIDIA Corporation\nview\nwiz.exe" [2011-10-08 1632360]
"avgnt"="c:\programme\Avira\AntiVir Desktop\avgnt.exe" [2012-01-31 258512]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"AvgUninstallURL"="start hxxp://www.avg.com/ww.special-uninstallation-feedback-app?lic=OQBBAFYARgBSAEUARQAtAFYAMgBHADMASwAtADgANwBXAFUAVQAtADIAVABWAEgAQQAtAFgANgBEAEYAOAAtAEwANgBQAEEATgA&inst=NwA3AC0ANAAxADkAOAAxADMAMwA4ADUALQBUADQALQBCAEEAUgA5AEcAKwAxAC0ARgBMACsAOQAtAEYAOQBNADYAKwAxAC0AWABPADMANgArADEALQBGADkATQA3AEMAKwA1AC0AQwBJAEEAOQAwACsAMgAtAFgATwA5ACsAMQAtAEYAOQBNADMAKwAxAC0ARABEAFQAKwAwAA&prod=90&ver=9.0.894" [?]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2006-01-12 15:40        155648        ----a-w-        c:\windows\system32\NeroCheck.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programme\\Mozilla Firefox\\firefox.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\Programme\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Programme\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Programme\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Programme\\HP\\Digital Imaging\\bin\\hpfcCopy.exe"=
"c:\\Programme\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Programme\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Programme\\NVIDIA Corporation\\NVIDIA Updatus\\daemonu.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1723:TCP"= 1723:TCP:@xpsp2res.dll,-22015
"1701:UDP"= 1701:UDP:@xpsp2res.dll,-22016
"500:UDP"= 500:UDP:@xpsp2res.dll,-22017
.
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [23.01.2011 20:04 64288]
R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [18.02.2012 20:23 36000]
R2 AntiVirSchedulerService;Avira Planer;c:\programme\Avira\AntiVir Desktop\sched.exe [18.02.2012 20:23 86224]
R2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x32.sys [13.06.2011 12:32 21992]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\programme\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [04.07.2011 16:22 2253120]
S2 gupdate;Google Update Service (gupdate);c:\programme\Google\Update\GoogleUpdate.exe /svc --> c:\programme\Google\Update\GoogleUpdate.exe  [?]
S3 gupdatem;Google Update-Dienst (gupdatem);c:\programme\Google\Update\GoogleUpdate.exe /medsvc --> c:\programme\Google\Update\GoogleUpdate.exe  [?]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;\??\c:\programme\Lavasoft\Ad-Aware\KernExplorer.sys --> c:\programme\Lavasoft\Ad-Aware\KernExplorer.sys [?]
S3 siusbmod;siusbmod;c:\windows\system32\drivers\siusbmod.sys [21.07.2011 21:58 27008]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12        REG_MULTI_SZ          Pml Driver HPZ12 Net Driver HPZ12
.
.
------- Zusätzlicher Suchlauf -------
.
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Free YouTube to MP3 Converter - c:\dokumente und einstellungen\markus\Anwendungsdaten\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
FF - ProfilePath - c:\dokumente und einstellungen\markus\Anwendungsdaten\Mozilla\Firefox\Profiles\l5altjvj.default\
FF - prefs.js: network.proxy.type - 4
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2012-02-24 16:32
Windows 5.1.2600 Service Pack 3 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-484763869-838170752-682003330-1004\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:49,02,0a,43,37,1e,f2,dc,47,bb,ef,a8,89,ab,d5,13,14,a4,40,e0,77,ca,75,
  0e,e8,ec,f4,27,c4,7d,7f,dc,63,a1,ef,f8,de,57,49,28,4b,1f,ce,8a,9e,3b,5e,9f,\
"??"=hex:41,e0,42,8c,cf,55,c7,95,2b,14,4d,f8,66,7b,0c,1b
.
[HKEY_USERS\S-1-5-21-484763869-838170752-682003330-1004\Software\SecuROM\License information*]
"datasecu"=hex:70,06,14,b3,af,2d,ef,47,a2,26,a2,67,1a,3b,82,a3,75,7c,cf,05,66,
  d3,25,1d,49,5f,73,bd,ee,1a,35,b0,20,c5,da,54,01,47,3a,de,8f,12,32,47,27,c5,\
"rkeysecu"=hex:a0,82,60,67,de,85,55,c8,38,3f,1a,e6,d7,bc,d5,62
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'explorer.exe'(3836)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\system32\msdtc.exe
c:\programme\Avira\AntiVir Desktop\avguard.exe
c:\programme\Gemeinsame Dateien\InstallShield\Driver\1150\Intel 32\IDriverT.exe
c:\programme\Java\jre6\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\locator.exe
c:\windows\system32\RunDLL32.exe
c:\programme\Avira\AntiVir Desktop\avshadow.exe
c:\windows\system32\wscntfy.exe
c:\programme\T-Online\T-Online_Software_5\Basis-Software\Basis2\kernel.exe
c:\programme\T-Online\T-Online_Software_5\Basis-Software\Basis2\sc_watch.exe
c:\progra~1\T-Online\T-ONLI~1\BASIS-~1\Basis2\PROFIL~1.EXE
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-02-24  16:36:30 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2012-02-24 15:36
ComboFix2.txt  2012-02-24 13:30
.
Vor Suchlauf: 7.452.790.784 Bytes frei
Nach Suchlauf: 7.348.039.680 Bytes frei
.
- - End Of File - - 687CEE49A427D294CAB78E35ACB2F57A
--- --- ---

cosinus 24.02.2012 18:43
Ok, weiter mit frischen Logs:

Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.

Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM!

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
  • Starte die aswMBR.exe - (aswMBR.exe Anleitung)
    Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
    Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS-Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).

paradoximus 24.02.2012 20:23
[code]
GMER Logfile:
Code:
GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-02-24 19:47:18
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-e WDC_WD800AAJS-00TDA0 rev.01.00A01
Running: wc8od3m3.exe; Driver: C:\DOKUME~1\markus\LOKALE~1\Temp\kwrcypow.sys


---- System - GMER 1.0.15 ----

SSDT  F7BDC2AC                                    ZwClose
SSDT  F7BDC266                                    ZwCreateKey
SSDT  F7BDC2B6                                    ZwCreateSection
SSDT  F7BDC25C                                    ZwCreateThread
SSDT  F7BDC26B                                    ZwDeleteKey
SSDT  F7BDC275                                    ZwDeleteValueKey
SSDT  F7BDC2A7                                    ZwDuplicateObject
SSDT  F7BDC27A                                    ZwLoadKey
SSDT  F7BDC248                                    ZwOpenProcess
SSDT  F7BDC24D                                    ZwOpenThread
SSDT  F7BDC2CF                                    ZwQueryValueKey
SSDT  F7BDC284                                    ZwReplaceKey
SSDT  F7BDC2C0                                    ZwRequestWaitReplyPort
SSDT  F7BDC27F                                    ZwRestoreKey
SSDT  F7BDC2BB                                    ZwSetContextThread
SSDT  F7BDC2C5                                    ZwSetSecurityObject
SSDT  F7BDC270                                    ZwSetValueKey
SSDT  F7BDC2CA                                    ZwSystemDebugControl
SSDT  F7BDC257                                    ZwTerminateProcess

---- Kernel code sections - GMER 1.0.15 ----

?      Combo-Fix.sys                              Das System kann die angegebene Datei nicht finden. !
.text  C:\WINDOWS\system32\DRIVERS\nv4_mini.sys    section is writeable [0xF607B380, 0x8D6CD5, 0xE8000020]
.text  C:\WINDOWS\system32\DRIVERS\ithsgt.sys      section is writeable [0xB79A1300, 0x21770, 0xE8000020]
?      C:\ComboFix\catchme.sys                    Das System kann den angegebenen Pfad nicht finden. !
?      C:\WINDOWS\system32\Drivers\PROCEXP113.SYS  Das System kann die angegebene Datei nicht finden. !

---- EOF - GMER 1.0.15 ----
--- --- ---




Code:
OSAM Logfile:

       
Code:

       
Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 19:52:52 on 24.02.2012

OS: Windows XP Home Edition Service Pack 3 (Build 2600)
Default Browser: Microsoft Corporation Internet Explorer 6.00.2900.5512

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"DeltaCPL.cpl" - "M-Audio" - C:\WINDOWS\system32\DeltaCPL.cpl
"FlashPlayerCPLApp.cpl" - "Adobe Systems Incorporated" - C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
"infocardcpl.cpl" - "Microsoft Corporation" - C:\WINDOWS\system32\infocardcpl.cpl
"javacpl.cpl" - "Sun Microsystems, Inc." - C:\WINDOWS\system32\javacpl.cpl
"nvcpl.cpl" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvcpl.cpl
"PhysX.cpl" - "NVIDIA Corporation" - C:\WINDOWS\system32\PhysX.cpl
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"QuickTime" - "Apple Inc." - C:\Programme\QuickTime\QTSystem\QuickTime.cpl
"ToSysCnf" - "Deutsche Telekom AG, Marmiko IT-Solutions GmbH" - C:\Programme\T-Online\T-Online_Software_5\Basis-Software\Basis1\ToSysCnf.cpl

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"actser" (actser) - "BenQ Mobile GmbH & Co. OHG" - C:\WINDOWS\System32\drivers\actser.sys
"avgntflt" (avgntflt) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\avgntflt.sys
"avipbb" (avipbb) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\avipbb.sys
"avkmgr" (avkmgr) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\avkmgr.sys
"BVRPMPR5 NDIS Protocol Driver" (BVRPMPR5) - "BVRP Software" - C:\WINDOWS\system32\drivers\BVRPMPR5.SYS
"catchme" (catchme) - ? - C:\ComboFix\catchme.sys  (File not found)
"Changer" (Changer) - ? - C:\WINDOWS\system32\drivers\Changer.sys  (File not found)
"cpuz135" (cpuz135) - "CPUID" - C:\WINDOWS\system32\drivers\cpuz135_x32.sys
"ELTIMA Virtual Serial Ports Driver" (vserial) - "ELTIMA Software" - C:\WINDOWS\System32\DRIVERS\vserial.sys
"enodpl" (enodpl) - ? - C:\WINDOWS\System32\drivers\enodpl.sys  (File found, but it contains no detailed information)
"i2omgmt" (i2omgmt) - ? - C:\WINDOWS\system32\drivers\i2omgmt.sys  (File not found)
"ithsgt" (ithsgt) - ? - C:\WINDOWS\System32\DRIVERS\ithsgt.sys  (File found, but it contains no detailed information)
"kwrcypow" (kwrcypow) - ? - C:\DOKUME~1\markus\LOKALE~1\Temp\kwrcypow.sys  (Hidden registry entry, rootkit activity | File not found)
"Lavasoft helper driver" (Lavasoft Kernexplorer) - ? - C:\Programme\Lavasoft\Ad-Aware\KernExplorer.sys  (File not found)
"Lbd" (Lbd) - "Lavasoft AB" - C:\WINDOWS\System32\DRIVERS\Lbd.sys
"lbrtfdc" (lbrtfdc) - ? - C:\WINDOWS\system32\drivers\lbrtfdc.sys  (File not found)
"lilsgt" (lilsgt) - ? - C:\WINDOWS\System32\DRIVERS\lilsgt.sys  (File found, but it contains no detailed information)
"mbr" (mbr) - ? - C:\DOKUME~1\markus\LOKALE~1\Temp\mbr.sys  (Hidden registry entry, rootkit activity | File not found)
"PCIDump" (PCIDump) - ? - C:\WINDOWS\system32\drivers\PCIDump.sys  (File not found)
"PDCOMP" (PDCOMP) - ? - C:\WINDOWS\system32\drivers\PDCOMP.sys  (File not found)
"PDFRAME" (PDFRAME) - ? - C:\WINDOWS\system32\drivers\PDFRAME.sys  (File not found)
"PDRELI" (PDRELI) - ? - C:\WINDOWS\system32\drivers\PDRELI.sys  (File not found)
"PDRFRAME" (PDRFRAME) - ? - C:\WINDOWS\system32\drivers\PDRFRAME.sys  (File not found)
"Service for Delta Driver (WDM)" (DELTA) - "Midiman/M-Audio" - C:\WINDOWS\System32\DRIVERS\delta.sys
"Service for Realtek AC97 Audio (WDM)" (ALCXWDM) - ? - C:\WINDOWS\System32\drivers\ALCXWDM.SYS  (File not found)
"Service for WDM 3D Audio Driver" (ALCXSENS) - ? - C:\WINDOWS\System32\drivers\ALCXSENS.SYS  (File not found)
"ssmdrv" (ssmdrv) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\ssmdrv.sys
"tandpl" (tandpl) - ? - C:\WINDOWS\System32\drivers\tandpl.sys  (File found, but it contains no detailed information)
"Virtual Serial Bus Enumerator" (vsbus) - "ELTIMA Software" - C:\WINDOWS\System32\DRIVERS\vsb.sys
"WDICA" (WDICA) - ? - C:\WINDOWS\system32\drivers\WDICA.sys  (File not found)

[Explorer]
-----( HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components )-----
{89B4C1CD-B018-4511-B0A1-5476DBF70820} "StubPath" - "Microsoft Corporation" - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{0561EC90-CE54-4f0c-9C55-E226110A740C} "Haali Column Provider" - ? - C:\Programme\FreeTime\FormatFactory\FFModules\Filters\Haali\mmfinfo.dll  (File found, but it contains no detailed information)
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Programme\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll
{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" - ? - C:\Programme\OpenOffice.org 2.3\program\shlxthdl.dll
-----( HKLM\Software\Classes\Protocols\Filter )-----
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{EE75AC21-B24F-11d3-BA80-00C0CA16AA37} "BenQ-Siemens Device" - "BenQ Mobile GmbH & Co. OHG" - C:\Programme\Mobile Phone Manager\bin\PhoneExplorer.dll
{EE75AC22-B24F-11d3-BA80-00C0CA16AA37} "BenQ-Siemens Device ContextMenuHandler" - "BenQ Mobile GmbH & Co. OHG" - C:\Programme\Mobile Phone Manager\bin\PhoneExplorer.dll
{EE75AC23-B24F-11d3-BA80-00C0CA16AA37} "BenQ-Siemens Device PropertySheetHandler" - "BenQ Mobile GmbH & Co. OHG" - C:\Programme\Mobile Phone Manager\bin\PhoneExplorer.dll
{ABC70703-32AF-11d4-90C4-D483A70F4825} "CMenuExtender" - ? -   (File not found | COM-object registry key not found)
{42071714-76d4-11d1-8b24-00a0c9068ff3} "CPL-Erweiterung für Anzeigeverschiebung" - ? -   (File not found | COM-object registry key not found)
{1CDB2949-8F65-4355-8456-263E7C208A5D} "Desktop Explorer" - "NVIDIA Corporation" - C:\Programme\NVIDIA Corporation\nview\nvshell.dll
{1E9B04FB-F9E5-4718-997B-B8DA88302A47} "Desktop Explorer Menu" - "NVIDIA Corporation" - C:\Programme\NVIDIA Corporation\nview\nvshell.dll
{A70C977A-BF00-412C-90B7-034C51DA2439} "DesktopContext Class" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvcpl.dll
{88895560-9AA2-1069-930E-00AA0030EBC8} "Erweiterung für HyperTerminal-Icons" - ? -   (File not found | COM-object registry key not found)
{0561EC90-CE54-4f0c-9C55-E226110A740C} "Haali Column Provider" - ? - C:\Programme\FreeTime\FormatFactory\FFModules\Filters\Haali\mmfinfo.dll  (File found, but it contains no detailed information)
{5574006C-28F5-4a65-A28C-74DE6BFBE0BB} "Haali Matroska Shell Property Page" - ? - C:\Programme\FreeTime\FormatFactory\FFModules\Filters\Haali\mmfinfo.dll  (File found, but it contains no detailed information)
{327669A0-59A7-4be9-B99E-1C9F3A57611A} "Haali Matroska Thumbnail Extractor" - ? - C:\Programme\FreeTime\FormatFactory\FFModules\Filters\Haali\mmfinfo.dll  (File found, but it contains no detailed information)
{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} "Kontextmenü für die Verschlüsselung" - ? -   (File not found | COM-object registry key not found)
{FFB699E0-306A-11d3-8BD1-00104B6F7516} "NVIDIA CPL Extension" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvcpl.dll
{1E9B04FB-F9E5-4718-997B-B8DA88302A48} "nView Desktop Context Menu" - "NVIDIA Corporation" - C:\Programme\NVIDIA Corporation\nview\nvshell.dll
{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "OpenOffice.org Column Handler" - ? - C:\Programme\OpenOffice.org 2.3\program\shlxthdl.dll
{087B3AE3-E237-4467-B8DB-5A38AB959AC9} "OpenOffice.org Infotip Handler" - ? - C:\Programme\OpenOffice.org 2.3\program\shlxthdl.dll
{63542C48-9552-494A-84F7-73AA6A7C99C1} "OpenOffice.org Property Sheet Handler" - ? - C:\Programme\OpenOffice.org 2.3\program\shlxthdl.dll
{3B092F0C-7696-40E3-A80F-68D74DA84210} "OpenOffice.org Thumbnail Viewer" - ? - C:\Programme\OpenOffice.org 2.3\program\shlxthdl.dll
{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} "RealOne Player Context Menu Class" - "RealNetworks, Inc." - C:\Program Files\Real\RealPlayer\rpshell.dll
{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira Operations GmbH & Co. KG" - C:\Programme\Avira\AntiVir Desktop\shlext.dll
{E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} "Shell Icon Handler for Application References" - "Microsoft Corporation" - C:\WINDOWS\system32\dfshim.dll
{764BF0E1-F219-11ce-972D-00AA00A14F56} "Shellerweiterungen für die Dateikomprimierung" - ? -   (File not found | COM-object registry key not found)
{e82a2d71-5b2f-43a0-97b8-81be15854de8} "ShellLink for Application References" - "Microsoft Corporation" - C:\WINDOWS\system32\dfshim.dll
{B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - ? - C:\Programme\WinRAR\rarext.dll  (File found, but it contains no detailed information)

[Internet Explorer]
-----( HKCU\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars )-----
{555D4D79-4BD2-4094-A395-CFC534424A05} "{555D4D79-4BD2-4094-A395-CFC534424A05}" - ? -   (File not found | COM-object registry key not found)
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
<binary data> "ITBarLayout" - ? -   (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_17" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_17.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} "Java Plug-in 1.6.0_17" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_17.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_17" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_17.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
{74DBCB52-F298-4110-951D-AD2FF67BC8AB} "NVIDIA Smart Scan" - "NVIDIA" - C:\WINDOWS\DOWNLO~1\NVIDIA~1.OCX / hxxp://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
{D27CDB6E-AE6D-11CF-96B8-444553540000} "Shockwave Flash Object" - "Adobe Systems, Inc." - C:\WINDOWS\system32\Macromed\Flash\Flash10b.ocx / hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} "Adobe PDF Reader Link Helper" - "Adobe Systems Incorporated" - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jp2ssv.dll
{E7E6F031-17CE-4C07-BC86-EABFE594F69C} "JQSIEStartDetectorImpl Class" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
{3049C3E9-B461-4BC5-8870-4C09146192CA} "RealPlayer Download and Record Plugin for Internet Explorer" - "RealPlayer" - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} "{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}" - ? -   (File not found | COM-object registry key not found)

[Logon]
-----( %AllUsersProfile%\Startmenü\Programme\Autostart )-----
"desktop.ini" - ? - C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\desktop.ini
-----( %UserProfile%\Startmenü\Programme\Autostart )-----
"desktop.ini" - ? - C:\Dokumente und Einstellungen\markus\Startmenü\Programme\Autostart\desktop.ini
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"avgnt" - "Avira Operations GmbH & Co. KG" - "C:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min
"M-Audio Taskbar Icon" - "Avid Technology, Inc." - C:\WINDOWS\System32\M-AudioTaskBarIcon.exe
"NvCplDaemon" - "NVIDIA Corporation" - RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
"NvMediaCenter" - "NVIDIA Corporation" - RunDLL32.exe NvMCTray.dll,NvTaskbarInit -login
"nwiz" - "NVIDIA Corporation" - C:\Programme\NVIDIA Corporation\nview\nwiz.exe /installquiet
"SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Programme\Java\jre6\bin\jusched.exe"
"ToADiMon.exe" - "Deutsche Telekom AG, Marmiko IT-Solutions GmbH" - C:\Programme\T-Online\T-Online_Software_5\Basis-Software\Basis1\ToADiMon.exe -TOnlineAutodialStart

[Print Monitors]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----
"Redirected Port" - ? - C:\WINDOWS\system32\redmonnt.dll  (File found, but it contains no detailed information)

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
".NET Runtime Optimization Service v2.0.50727_X86" (clr_optimization_v2.0.50727_32) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
"Anwendungsverwaltung" (AppMgmt) - ? - C:\WINDOWS\System32\appmgmts.dll  (File not found)
"ASP.NET-Zustandsdienst" (aspnet_state) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
"Avira Echtzeit Scanner" (AntiVirService) - "Avira Operations GmbH & Co. KG" - C:\Programme\Avira\AntiVir Desktop\avguard.exe
"Avira Planer" (AntiVirSchedulerService) - "Avira Operations GmbH & Co. KG" - C:\Programme\Avira\AntiVir Desktop\sched.exe
"Google Update Service (gupdate)" (gupdate) - ? - C:\Programme\Google\Update\GoogleUpdate.exe /svc  (File not found)
"Google Update-Dienst (gupdatem)" (gupdatem) - ? - C:\Programme\Google\Update\GoogleUpdate.exe /medsvc  (File not found)
"InstallDriver Table Manager" (IDriverT) - "Macrovision Corporation" - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1150\Intel 32\IDriverT.exe
"Java Quick Starter" (JavaQuickStarterService) - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jqs.exe
"LightScribeService Direct Disc Labeling Service" (LightScribeService) - ? - "C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe"  (File not found)
"Net Driver HPZ12" (Net Driver HPZ12) - "Hewlett-Packard" - C:\WINDOWS\system32\HPZinw12.dll
"NVIDIA Driver Helper Service" (NVSvc) - "NVIDIA Corporation" - C:\WINDOWS\system32\nvsvc32.exe
"NVIDIA Update Service Daemon" (nvUpdatusService) - "NVIDIA Corporation" - C:\Programme\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
"Pml Driver HPZ12" (Pml Driver HPZ12) - "Hewlett-Packard" - C:\WINDOWS\system32\HPZipm12.dll
"Windows CardSpace" (idsvc) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
"Windows Presentation Foundation Font Cache 3.0.0.0" (FontCache3.0.0.0) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe

[Winlogon]
-----( HKCU\Control Panel\IOProcs )-----
"MVB" - ? - mvfs32.dll  (File not found)
-----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions )-----
{c6dc5466-785a-11d2-84d0-00c04fb169f7} "Softwareinstallation" - ? - appmgmts.dll  (File not found)

===[ Logfile end ]=========================================[ Logfile end ]===

--- --- ---

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru
Code:
aswMBR version 0.9.9.1649 Copyright(c) 2011 AVAST Software
Run date: 2012-02-24 19:53:53
-----------------------------
19:53:53.542    OS Version: Windows 5.1.2600 Service Pack 3
19:53:53.542    Number of processors: 1 586 0x401
19:53:53.542    ComputerName: MARKRAUM  UserName: markus
19:53:53.917    Initialize success
20:03:44.214    AVAST engine defs: 12022401
20:04:12.683    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-e
20:04:12.683    Disk 0 Vendor: WDC_WD800AAJS-00TDA0 01.00A01 Size: 76319MB BusType: 3
20:04:12.699    Disk 0 MBR read successfully
20:04:12.699    Disk 0 MBR scan
20:04:12.761    Disk 0 Windows XP default MBR code
20:04:12.761    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS        20002 MB offset 63
20:04:12.808    Disk 0 Partition 2 00    07    HPFS/NTFS NTFS        56313 MB offset 40965750
20:04:12.839    Disk 0 scanning sectors +156296385
20:04:12.949    Disk 0 scanning C:\WINDOWS\system32\drivers
20:04:37.683    Service scanning
20:04:52.339    Modules scanning
20:05:11.855    Disk 0 trace - called modules:
20:05:11.871    ntkrnlpa.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll pciide.sys PCIIDEX.SYS
20:05:11.886    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x87150ab8]
20:05:12.214    3 CLASSPNP.SYS[f759bfd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-e[0x87167b00]
20:05:12.371    AVAST engine scan C:\WINDOWS
20:05:28.074    AVAST engine scan C:\WINDOWS\system32
20:15:45.777    AVAST engine scan C:\WINDOWS\system32\drivers
20:16:46.621    AVAST engine scan C:\Dokumente und Einstellungen\markus
20:18:31.574    Disk 0 MBR has been saved successfully to "C:\Dokumente und Einstellungen\markus\Desktop\MBR.dat"
20:18:31.589    The log file has been saved successfully to "C:\Dokumente und Einstellungen\markus\Desktop\aswMBR.txt"

cosinus 24.02.2012 20:33
Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SASW und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!

paradoximus 24.02.2012 22:24
Code:
Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Datenbank Version: v2012.02.24.02

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 6.0.2900.5512
markus :: MARKRAUM [Administrator]

24.02.2012 20:56:26
mbam-log-2012-02-24 (21-31-46).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 255441
Laufzeit: 29 Minute(n), 34 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 2
C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\ubrxkh.sys.vir (Trojan.Agent.RKH) -> Keine Aktion durchgeführt.
C:\System Volume Information\_restore{3F6770DD-4EDA-4DA8-B68A-1947D0ACC91B}\RP927\A0259166.sys (Trojan.Agent.RKH) -> Keine Aktion durchgeführt.

(Ende)
Code:
SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com

Generated 02/24/2012 at 10:16 PM

Application Version : 5.0.1144

Core Rules Database Version : 8275
Trace Rules Database Version: 6087

Scan type      : Complete Scan
Total Scan Time : 00:39:52

Operating System Information
Windows XP Home Edition 32-bit, Service Pack 3 (Build 5.01.2600)
Administrator

Memory items scanned      : 543
Memory threats detected  : 0
Registry items scanned    : 36151
Registry threats detected : 0
File items scanned        : 38215
File threats detected    : 6

Adware.Tracking Cookie
        C:\Dokumente und Einstellungen\markus\Cookies\CA2VWP8T.txt [ /ad4.adfarm1.adition.com ]
        C:\Dokumente und Einstellungen\markus\Cookies\CA0WWHCB.txt [ /ad2.adfarm1.adition.com ]
        C:\Dokumente und Einstellungen\markus\Cookies\CAKLQ3O1.txt [ /xiti.com ]
        C:\Dokumente und Einstellungen\markus\Cookies\CAWX8L0J.txt [ /im.banner.t-online.de ]
        C:\Dokumente und Einstellungen\markus\Cookies\CAUTKZE7.txt [ /adfarm1.adition.com ]

Trojan.Agent/Gen-RogueAV
        C:\SYSTEM VOLUME INFORMATION\_RESTORE{3F6770DD-4EDA-4DA8-B68A-1947D0ACC91B}\RP921\A0240389.EXE

cosinus 25.02.2012 00:06
Überreste und Cookies. Weg damit!! ;)

Rechner wieder im Lot oder sind noch Probleme offen?

paradoximus 25.02.2012 12:31
Hi Arne
womit am besten Löschen?
Und welche Maßnahmen (Programme) um Zukünftig auf der "Sicheren" Seite zu sein?
Kann ich die ganzen Exe Dateien(von den Scannern usw) löschen?

cosinus 26.02.2012 15:03
Zitat:
womit am besten Löschen?
Vllt mit dem Programm was sie auch gefunden hat? Das liegt doch nahe! :confused:
Was ist denn nun mit dem Rechner, alles ok oder sind noch Probleme offen?

paradoximus 26.02.2012 19:49
Ich habe es ja schon gelöscht.
Alles läuft soweit.


Vielen Dank Arne


Alle Zeitangaben in WEZ +1. Es ist jetzt 13:33 Uhr.
Seite 4 von 5 « Erste 23 4 5
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131