Trojaner-Board - Nach Polizeivirus install_0

:hallo:

Fixen mit OTL

Lade (falls noch nicht vorhanden) OTL von Oldtimer herunter und speichere es auf Deinem Desktop (nicht woanders hin).
Deaktiviere etwaige Virenscanner wie Avira, Kaspersky etc.
Starte die OTL.exe.
Vista- und Windows 7-User starten mit Rechtsklick auf das Programm-Icon und wählen "Als Administrator ausführen".
Kopiere folgendes Skript in das Textfeld unterhalb von Benuterdefinierte Scans/Fixes:
Der Fix fängt mit :OTL an. Vergewissere dich, dass du ihn richtig kopiert hast.
Code:
:OTL

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd) 

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt) 

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\ccdcmb.sys -- (nmwcd) 

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp) 

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) 

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\FsUsbExDisk.SYS -- (FsUsbExDisk) 

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ComboFix\catchme.sys -- (catchme) 

DRV - File not found [Kernel | On_Demand | Unknown] -- -- (alu1y1qy) 

DRV - File not found [Kernel | Auto | Stopped] -- -- (adfs) 

IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} 

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC 

IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 

IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2475029 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie 

IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} 

IE - HKCU\..\SearchScopes\{016FE048-4072-4F43-8328-E7E899A24D63}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GGLR_de 

IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC 

IE - HKCU\..\SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A}: "URL" = http://start.facemoods.com/?a=gppc&s={searchTerms}&f=4 

IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/?q={searchTerms}&AF=100478&babsrc=SP_ss&mntrId=224c98ff00000000000000242110f700 

IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MOOI_deAT486 

IE - HKCU\..\SearchScopes\{8B63A8D6-BBED-4341-8867-790E5F524C96}: "URL" = http://mystart.incredimail.com/?search={searchTerms}&loc=search_box_fs 

IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.com/search?cid={81046C60-49DD-4F2E-AEFD-AC9754F15CA7}&mid=ac5702f92d9a4e3fa4c98d04e5bfbb3c-9b363c777709a01bfc13e527fb360e0459cb8242&lang=en&ds=pl011&pr=sa&d=2012-05-31 22:35:34&v=11.1.0.7&sap=dsp&q={searchTerms} 

IE - HKCU\..\SearchScopes\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8}: "URL" = http://www.daemon-search.com/search?q={searchTerms} 

IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2475029 

IE - HKCU\..\SearchScopes\{CD10120B-C165-4f8d-8C74-639629E238FF}: "URL" = http://mystart.magentic.com/?search={searchTerms}&loc=search_box 

IE - HKCU\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = http://mystart.incredimail.com/?search={searchTerms}&loc=search_box_fs 

IE - HKCU\..\SearchScopes\{DB882BC3-A60F-4206-AE31-F71226A8AAA2}: "URL" = http://de.netlog.com/opensearch/view=search&q={searchTerms} 

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = proxy.chello.at:80 

FF - prefs.js..browser.search.defaultenginename: "MyStart Suche" 

FF - prefs.js..browser.search.selectedEngine: "MyStart Suche" 

FF - prefs.js..browser.startup.homepage: "http://mystart.incredimail.com/" 

FF - prefs.js..keyword.URL: "http://mystart.incredimail.com/?loc=ff_address_bar_fs&search=" 

FF - prefs.js..network.proxy.type: 0 

FF - user.js - File not found 

FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: File not found 

File not found (No name found) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} 

File not found (No name found) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} 

File not found (No name found) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\COFFPLGN_2011_7_2_3 

File not found (No name found) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\IPSFFPLGN 

File not found (No name found) -- C:\USERS\ANWENDER\APPDATA\Roaming\MOZILLA\FIREFOX\PROFILES\ZMTH5RBI.DEFAULT\EXTENSIONS\{635ABD67-4FE9-1B23-4F01-E679FA7484C1} 

File not found (No name found) -- C:\USERS\ANWENDER\APPDATA\Roaming\MOZILLA\FIREFOX\PROFILES\ZMTH5RBI.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI 

CHR - homepage: http://isearch.avg.com/?cid={81046C60-49DD-4F2E-AEFD-AC9754F15CA7}&mid=ac5702f92d9a4e3fa4c98d04e5bfbb3c-9b363c777709a01bfc13e527fb360e0459cb8242&lang=en&ds=pl011&pr=sa&d=2012-05-31 22:35:34&v=11.1.0.7&sap=hp 

O2 - BHO: (Nero Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com) 

O3 - HKLM\..\Toolbar: (Nero Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com) 

O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found. 

O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found. 

O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No CLSID value found. 

O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found. 

O3 - HKCU\..\Toolbar\WebBrowser: (Nero Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com) 

O4 - Startup: C:\Users\Anwender\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\JDownloader (2).lnk = C:\Program Files\JDownloader\JDownloader.exe (AppWork UG (haftungsbeschränkt)) 

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1 

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 95 

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 

O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Reg Error: Key error.) 

O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab (Reg Error: Key error.) 

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25) 

O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} http://game.zylom.com/activex/zylomgamesplayer.cab (Reg Error: Key error.) 

O16 - DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25) 

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25) 

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553570000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Reg Error: Key error.) 

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) 

O32 - HKLM CDRom: AutoRun - 1 

O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] 

[2012.08.29 20:28:01 | 004,739,810 | R--- | C] (Swearware) -- C:\Users\Anwender\Desktop\ComboFix.exe 

[2012.08.29 18:13:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Temp 
 

[2012.08.29 14:58:23 | 083,023,306 | ---- | M] () -- C:\ProgramData\ism_0_llatsni.pad 

[2012.08.29 14:55:41 | 000,001,742 | ---- | M] () -- C:\Users\Anwender\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk 
 

@Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:0574215C 

[2012.01.11 19:33:44 | 000,000,000 | ---D | M] -- C:\Users\Anwender\AppData\Roaming\Babylon 
 

[2012.08.29 20:34:06 | 000,000,000 | --SD | C] -- C:\ComboFix 

[2012.08.29 20:34:00 | 000,001,102 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job 

[2012.08.29 19:53:15 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job 

[2012.08.29 19:10:00 | 000,001,132 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-978469128-1613541222-630381530-1000UA.job 

[2012.08.29 14:58:45 | 000,001,356 | ---- | M] () -- C:\Users\Anwender\AppData\Local\d3d9caps.dat 

[2012.08.29 14:57:54 | 000,001,080 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-978469128-1613541222-630381530-1000Core.job 

[2012.08.06 21:11:28 | 000,000,940 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-978469128-1613541222-630381530-1000UA.job 

[2012.08.06 21:11:28 | 000,000,918 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-978469128-1613541222-630381530-1000Core.job 

[2012.08.02 09:35:08 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job 

[2010.03.13 12:08:13 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat 

[2009.09.09 16:10:20 | 000,000,000 | -HSD | M] -- C:\Users\Anwender\AppData\Roaming\.# 

[2010.06.14 13:10:39 | 000,000,000 | ---D | M] -- C:\Users\Anwender\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1 

:Files
 
 

C:\Users\Anwender\AppData\Local\{*}

C:\ProgramData\*.exe

C:\ProgramData\TEMP

C:\Users\Anwender\AppData\Local\Temp\*.exe

C:\Users\Anwender\AppData\LocalLow\Sun\Java\Deployment\cache

%APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk

%SystemRoot%\System32\*.tmp

%SystemRoot%\SysWOW64\*.tmp

ipconfig /flushdns /c

type c:\Combofix.txt /c

:Commands

[purity]

[emptytemp]
Schließe alle Programme.
Klicke auf den Fix Button.
Wenn OTL einen Neustart verlangt, bitte zulassen.
Kopiere den Inhalt des Logfiles hier in Code-Tags in Deinen Thread.
Nachträglich kannst Du das Logfile hier einsehen => C:\_OTL\MovedFiles\<datum_nummer.log>
Hinweis für Mitleser: Obiges OTL-Script ist ausschließlich für diesen User in dieser Situtation erstellt worden.
Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen!