Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   mehrere Viren! (https://www.trojaner-board.de/83794-mehrere-viren.html)

Plukas 16.03.2010 17:08
mehrere Viren!
 
Also ich hab ein paar Probleme hoffe ihr könnt mir helfen.
Ich habe verschiedene Viren, hab einige Scans gemacht und irgendwie werden immer wieder andere Viren erkannt und manche Programme erkennen auch gar keine. Also hab 1. mal ziemlich viele Tracking Cookies aber die sind ja nicht so schlimm oder? Dann kommt dauernd die Meldung das ein Virus gefunden wurde und Protection System geht auf. Habs schon versucht zu entfernen aber habs nicht hinbekommen. Mein größtes Problem ist, dass irgendein Virus nach einer bestimmten Zeit meine Browser blockiert und egal welchen ich benutz es kommen nur noch Fehlermeldungen. Ja hab gelesen ich soll das Hijack Log posten, hab mir das Programm grad runtergeladen aber beim Scan kommt folgene Meldung: For some reason your system denied write Access to the Host file... ja geht noch bisschen so weiter.
Und em Ende hab ich dann ein leeres Editor-Fenster.
Wäre echt nett wenn ihr mir helfen könntet bin langsam am verzweifeln. Und hab leider auch keine Recovery Disk deswegen wärs gut das Problem so gut wie möglich ohne Neuinstallation zu lösen.
mfg Lukas

cosinus 16.03.2010 21:11
Hallo und :hallo:

Zitat:
Ich habe verschiedene Viren, hab einige Scans gemacht und irgendwie werden immer wieder andere Viren erkannt
Ohne die Logs zu posten hilft diese Aussage so keinem weiter! Poste zumindest die Namen der angeblichen Schädlinge und den kompletten Pfad.

Danach diese Liste beachten und abarbeiten. Beim Scan mit MalwareBytes auch alle externen Speicher (ext. Platten, USB-Sticks, ... mit anklemmen!! )

Wichtig für Benutzer mit Windows Vista und Windows 7: Bitte alle Tools per Rechtsklick => Als Admin ausführen!

Die Logfiles kannst Du zB alle in eine Datei zippen und auf File-Upload.net hochladen und hier verlinken, denn 1. sind manche Logfiles fürs Board nämlich zu groß und 2. kann ich mit einem Klick mir gleich alle auf einmal runterladen.

Plukas 17.03.2010 15:12
Ok also mit Malwarebytes:

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 1
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 2
Infizierte Dateien: 21

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_CURRENT_USER\SOFTWARE\Protection System (Rogue.ProtectionSystem) -> No action taken.

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
C:\Users\1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Protection System (Rogue.ProtectionSystem) -> No action taken.
C:\Users\1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Protection System (Rogue.ProtectionSystem) -> No action taken.

Infizierte Dateien:
C:\Users\1\AppData\Local\Temp\VRT45A7.tmp (Backdoor.Bot) -> No action taken.
C:\Users\1\AppData\Local\VirtualStore\Windows\System32\t1p0_690075360482.b1k (Backdoor.Bot) -> No action taken.
C:\Users\1\AppData\Local\Temp\VRT2482.tmp (Trojan.Agent) -> No action taken.
C:\Users\1\AppData\Local\Temp\VRT3816.tmp (Spyware.OnlineGames) -> No action taken.
C:\Users\1\AppData\Local\Temp\VRT394F.tmp (Rogue.Installer) -> No action taken.
C:\Users\1\AppData\Local\Temp\VRT3C31.tmp (Spyware.OnlineGames) -> No action taken.
C:\Users\1\AppData\Local\Temp\VRT3C71.tmp (Rogue.Installer) -> No action taken.
C:\Users\1\AppData\Local\Temp\VRT7798.tmp (Spyware.OnlineGames) -> No action taken.
C:\Users\1\AppData\Local\Temp\VRTABD4.tmp (Spyware.OnlineGames) -> No action taken.
C:\Users\1\AppData\Local\Temp\VRTD30B.tmp (Spyware.OnlineGames) -> No action taken.
C:\Users\1\AppData\Local\Temp\VRTD8FB.tmp (Spyware.OnlineGames) -> No action taken.
C:\Users\1\AppData\Local\Temp\VRTDDF1.tmp (Rogue.Installer) -> No action taken.
C:\Users\1\AppData\Local\VirtualStore\Windows\System32\info.tmp (Trojan.Dropper) -> No action taken.
C:\Users\1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Protection System\Deinstallieren.lnk (Rogue.ProtectionSystem) -> No action taken.
C:\Users\1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Protection System\Live Support.lnk (Rogue.ProtectionSystem) -> No action taken.
C:\Users\1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Protection System\Live-Support.lnk (Rogue.ProtectionSystem) -> No action taken.
C:\Users\1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Protection System\Protection System.lnk (Rogue.ProtectionSystem) -> No action taken.
C:\Users\1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Protection System\Uninstall.lnk (Rogue.ProtectionSystem) -> No action taken.
C:\Users\1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Protection System\Deinstallieren.lnk (Rogue.ProtectionSystem) -> No action taken.
C:\Users\1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Protection System\Live-Support.lnk (Rogue.ProtectionSystem) -> No action taken.
C:\Users\1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Protection System\Protection System.lnk (Rogue.ProtectionSystem) -> No action taken.


Reicht das? Hätte auch noch RSIT-log aber das ist halt ewig lang braucht ihr das?

cosinus 17.03.2010 15:25
Bitte mein Posting richtig lesen. Ich brauch alle Logs!
Das Malwarebytes Logfile ist nicht ganz vollständig, der Kopfbereich ist etwas zerstückelt. Bitte nachreichen!

Plukas 17.03.2010 16:36
Malwarebytes' Anti-Malware 1.44
Datenbank Version: 3876
Windows 6.0.6000
Internet Explorer 7.0.6000.16982

17.03.2010 15:03:13
mbam-log-2010-03-17 (15-03-11).txt

Scan-Methode: Vollständiger Scan (C:\|D:\|)
Durchsuchte Objekte: 262262
Laufzeit: 1 hour(s), 11 minute(s), 14 second(s)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 1
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 2
Infizierte Dateien: 21

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_CURRENT_USER\SOFTWARE\Protection System (Rogue.ProtectionSystem) -> No action taken.

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
C:\Users\Bilz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Protection System (Rogue.ProtectionSystem) -> No action taken.
C:\Users\Matthias\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Protection System (Rogue.ProtectionSystem) -> No action taken.

Infizierte Dateien:
C:\Users\Bilz\AppData\Local\Temp\VRT45A7.tmp (Backdoor.Bot) -> No action taken.
C:\Users\Bilz\AppData\Local\VirtualStore\Windows\System32\t1p0_690075360482.b1k (Backdoor.Bot) -> No action taken.
C:\Users\Matthias\AppData\Local\Temp\VRT2482.tmp (Trojan.Agent) -> No action taken.
C:\Users\Matthias\AppData\Local\Temp\VRT3816.tmp (Spyware.OnlineGames) -> No action taken.
C:\Users\Matthias\AppData\Local\Temp\VRT394F.tmp (Rogue.Installer) -> No action taken.
C:\Users\Matthias\AppData\Local\Temp\VRT3C31.tmp (Spyware.OnlineGames) -> No action taken.
C:\Users\Matthias\AppData\Local\Temp\VRT3C71.tmp (Rogue.Installer) -> No action taken.
C:\Users\Matthias\AppData\Local\Temp\VRT7798.tmp (Spyware.OnlineGames) -> No action taken.
C:\Users\Matthias\AppData\Local\Temp\VRTABD4.tmp (Spyware.OnlineGames) -> No action taken.
C:\Users\Matthias\AppData\Local\Temp\VRTD30B.tmp (Spyware.OnlineGames) -> No action taken.
C:\Users\Matthias\AppData\Local\Temp\VRTD8FB.tmp (Spyware.OnlineGames) -> No action taken.
C:\Users\Matthias\AppData\Local\Temp\VRTDDF1.tmp (Rogue.Installer) -> No action taken.
C:\Users\Matthias\AppData\Local\VirtualStore\Windows\System32\info.tmp (Trojan.Dropper) -> No action taken.
C:\Users\Bilz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Protection System\Deinstallieren.lnk (Rogue.ProtectionSystem) -> No action taken.
C:\Users\Bilz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Protection System\Live Support.lnk (Rogue.ProtectionSystem) -> No action taken.
C:\Users\Bilz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Protection System\Live-Support.lnk (Rogue.ProtectionSystem) -> No action taken.
C:\Users\Bilz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Protection System\Protection System.lnk (Rogue.ProtectionSystem) -> No action taken.
C:\Users\Bilz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Protection System\Uninstall.lnk (Rogue.ProtectionSystem) -> No action taken.
C:\Users\Matthias\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Protection System\Deinstallieren.lnk (Rogue.ProtectionSystem) -> No action taken.
C:\Users\Matthias\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Protection System\Live-Support.lnk (Rogue.ProtectionSystem) -> No action taken.
C:\Users\Matthias\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Protection System\Protection System.lnk (Rogue.ProtectionSystem) -> No action taken.




und RSIT:

Logfile of random's system information tool 1.06 (written by random/random)
Run by Bilz at 2010-03-17 16:33:17
Microsoft® Windows Vista™ Home Premium
System drive C: has 29 GB (13%) free of 222 GB
Total RAM: 2046 MB (46% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:33:24, on 17.03.2010
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16982)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Programme\G DATA AntiVirenKit 2007 Trial\AVKTray\AVKTray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\ICQ7.0\ICQ.exe
C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\Program Files\ICQ-Tools.de\ICQ-Tools.de - Launcher\ICQ-Tools.de Launcher.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\DVDVideoSoft\Free YouTube to MP3 Converter\FreeYouTubeToMP3Converter.exe
C:\Users\Bilz\Downloads\RSIT.exe
C:\Program Files\trend micro\Bilz.exe
C:\Windows\system32\SearchFilterHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.orbitdownloader.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O1 - Hosts: ::1 localhost
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Browser Defender BHO - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: kikin Plugin - {E601996F-E400-41CA-804B-CD6373A7EEE2} - C:\Program Files\kikin\ie_kikin.dll
O2 - BHO: DVDVideoSoft Toolbar - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Program Files\DVDVideoSoft\tbDVDV.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O3 - Toolbar: DVDVideoSoft Toolbar - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Program Files\DVDVideoSoft\tbDVDV.dll
O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll
O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O3 - Toolbar: PC Tools Browser Guard - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [AVKTray] "C:\Programme\G DATA AntiVirenKit 2007 Trial\AVKTray\AVKTray.exe"
O4 - HKLM\..\Run: [QuickFinder Scheduler] "c:\Program Files\WordPerfect Office X3\Programs\QFSCHD130.EXE"
O4 - HKLM\..\Run: [recinfo464] c:\RecInfo\RecInfo.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Ocs_SM] C:\Users\Bilz\AppData\Roaming\OCS\SM\SearchAnonymizer.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [fsc-reg] C:\ProgramData\fsc-reg\fscreg.exe 20100217
O4 - HKCU\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" /systray /nologon
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [ICQ] "C:\Program Files\ICQ7.0\ICQ.exe" silent loginmode=4
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-21-1742380514-2152415404-2404969845-1001\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun (User 'Matthias')
O4 - S-1-5-21-1742380514-2152415404-2404969845-1001 Startup: OpenOffice.org 3.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe (User 'Matthias')
O4 - Startup: ICQ-Tools.de Launcher.lnk = ?
O4 - Startup: OpenOffice.org 3.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O4 - Global Startup: McAfee Security Scan Plus.lnk = ?
O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: Save Flash - res://C:\Program Files\UnH Solutions\Flash Saving Plugin\FlashSButton.dll/210
O8 - Extra context menu item: Öffnen mit WordPerfect - c:\Program Files\WordPerfect Office X3\Programs\WPLauncher.hta
O9 - Extra button: (no name) - {0F7195C2-6713-4d93-A1BC-DA5FA33F0A65} - C:\Program Files\kikin\ie_kikin.dll
O9 - Extra 'Tools' menuitem: My kikin - {0F7195C2-6713-4d93-A1BC-DA5FA33F0A65} - C:\Program Files\kikin\ie_kikin.dll
O9 - Extra button: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files\ICQ7.0\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files\ICQ7.0\ICQ.exe
O9 - Extra button: Flash - {43CF38F3-5AEC-45a3-AD31-04EB06E9C6CA} - C:\Program Files\UnH Solutions\Flash Saving Plugin\FlashSButton.dll (HKCU)
O13 - Gopher Prefix:
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://icq.oberon-media.com/Gameshell/GameHost/1.0/OberonGameHost.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVKProxy - G DATA Software AG - C:\Program Files\Common Files\G DATA\AVKProxy\AVKProxy.exe
O23 - Service: AVK Service (AVKService) - G DATA Software AG - C:\Programme\G DATA AntiVirenKit 2007 Trial\AVK\AVKService.exe
O23 - Service: AVK Wächter (AVKWCtl) - G DATA Software AG - C:\Programme\G DATA AntiVirenKit 2007 Trial\AVK\AVKWCtl.exe
O23 - Service: Bonjour-Dienst (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Browser Defender Update Service - Threat Expert Ltd. - C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: ICQ Service - Unknown owner - C:\Program Files\ICQ6Toolbar\ICQ Service.exe
O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Sony Ericsson OMSI download service (OMSI download service) - Unknown owner - C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe
O23 - Service: ProtexisLicensing - Unknown owner - c:\Windows\system32\PSIService.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: SearchAnonymizer - Unknown owner - C:\Users\Bilz\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: Fujitsu Siemens Computers Diagnostic Testhandler (TestHandler) - Fujitsu Siemens Computers - C:\firststeps\OnlineDiagnostic\TestManager\TestHandler.exe
O23 - Service: UPnPService - Magix AG - C:\Program Files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe

--
End of file - 10701 bytes

======Scheduled tasks folder======

C:\Windows\tasks\Norton Security Scan for Bilz.job
C:\Windows\tasks\User_Feed_Synchronization-{66C88B4D-1DE4-4FCE-B218-9D907BFD128D}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{000123B4-9B42-4900-B3F7-F4B073EFC214}]
Octh Class - C:\Program Files\Orbitdownloader\orbitcth.dll [2010-01-12 240912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-12-21 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2A0F3D1B-0909-4FF4-B272-609CCE6054E7}]
PC Tools Browser Guard BHO - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll [2009-11-10 395216]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
Ask Toolbar - C:\Program Files\Ask.com\GenericAskToolbar.dll [2010-02-04 1197448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-01-24 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E601996F-E400-41CA-804B-CD6373A7EEE2}]
kikin Plugin - C:\Program Files\kikin\ie_kikin.dll [2009-06-09 429280]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}]
DVDVideoSoft Toolbar - C:\Program Files\DVDVideoSoft\tbDVDV.dll [2009-11-09 2331672]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{855F3B16-6D32-4fe6-8A56-BBB695989046} - ICQToolBar - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll [2010-01-03 1019128]
{e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - DVDVideoSoft Toolbar - C:\Program Files\DVDVideoSoft\tbDVDV.dll [2009-11-09 2331672]
{C55BBCD6-41AD-48AD-9953-3609C48EACC7} - Grab Pro - C:\Program Files\Orbitdownloader\GrabPro.dll [2010-01-12 662720]
{D4027C7F-154A-4066-A1AD-4243D8127440} - Ask Toolbar - C:\Program Files\Ask.com\GenericAskToolbar.dll [2010-02-04 1197448]
{472734EA-242A-422B-ADF8-83D1E48CC825} - PC Tools Browser Guard - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll [2009-11-10 395216]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2007-11-02 1006264]
"RtHDVCpl"=C:\Windows\RtHDVCpl.exe [2007-07-06 4669440]
"AVKTray"=C:\Programme\G DATA AntiVirenKit 2007 Trial\AVKTray\AVKTray.exe [2007-04-02 1042256]
"QuickFinder Scheduler"=c:\Program Files\WordPerfect Office X3\Programs\QFSCHD130.EXE [2007-01-02 83568]
"recinfo464"=c:\RecInfo\RecInfo.exe [2007-10-23 2785280]
"NeroFilterCheck"=C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe [2007-03-01 153136]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2009-09-05 417792]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2009-09-21 305440]
"Ocs_SM"=C:\Users\Bilz\AppData\Roaming\OCS\SM\SearchAnonymizer.exe [2009-12-16 126976]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-12-22 35760]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2009-12-11 948672]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2010-01-24 149280]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2009-10-22 1232896]
"fsc-reg"=C:\ProgramData\fsc-reg\fscreg.exe [2007-11-08 533264]
"Sony Ericsson PC Suite"=C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe [2009-09-24 434176]
"ehTray.exe"=C:\Windows\ehome\ehTray.exe [2006-11-02 125440]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2006-11-02 201728]
"ICQ"=C:\Program Files\ICQ7.0\ICQ.exe [2010-02-11 133368]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
McAfee Security Scan Plus.lnk - C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe

C:\Users\Bilz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
ICQ-Tools.de Launcher.lnk - C:\Users\Bilz\AppData\Roaming\Microsoft\Installer\{959214DF-C502-402A-A5A0-D8CE3EB74CDC}\_AA6D09703DA76FD7ACB5DC.exe
OpenOffice.org 3.1.lnk - C:\Program Files\OpenOffice.org 3\program\quickstart.exe

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files\Orbitdownloader\orbitdm.exe"="C:\Program Files\Orbitdownloader\orbitdm.exe:*:Enabled:Orbit"
"C:\Program Files\Orbitdownloader\orbitnet.exe"="C:\Program Files\Orbitdownloader\orbitnet.exe:*:Enabled:Orbit"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{02e824a5-adda-11de-a88f-806e6f6e6963}]
shell\AutoRun\command - E:\autoplay.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8b536370-cc45-11de-a5f4-000e2ed73d3f}]
shell\AutoRun\command - L:\MAGIXVIEWER.EXE


======List of files/folders created in the last 3 months======

2010-03-17 16:29:59 ----D---- C:\DVDVideoSoft
2010-03-17 15:05:24 ----D---- C:\Program Files\trend micro
2010-03-17 15:05:23 ----D---- C:\rsit
2010-03-17 13:31:57 ----D---- C:\Users\Bilz\AppData\Roaming\Malwarebytes
2010-03-17 13:30:04 ----D---- C:\ProgramData\Malwarebytes
2010-03-17 13:28:54 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-03-16 16:54:02 ----D---- C:\Program Files\TrendMicro
2010-03-16 16:39:23 ----D---- C:\Program Files\CleanUp!
2010-03-16 16:04:05 ----A---- C:\Windows\SGDetectionTool.dll
2010-03-16 16:04:05 ----A---- C:\Windows\BDTSupport.dll
2010-03-16 16:04:04 ----A---- C:\Windows\PCTBDRes.dll
2010-03-16 16:04:04 ----A---- C:\Windows\PCTBDCore.dll
2010-03-16 15:06:36 ----D---- C:\Users\Bilz\AppData\Roaming\PC Tools
2010-03-16 15:06:36 ----D---- C:\ProgramData\PC Tools
2010-03-16 15:06:36 ----D---- C:\Program Files\Spyware Doctor
2010-03-16 15:06:36 ----D---- C:\Program Files\Common Files\PC Tools
2010-03-16 15:06:30 ----AD---- C:\ProgramData\TEMP
2010-03-11 15:38:13 ----A---- C:\Windows\system32\nshhttp.dll
2010-03-11 15:38:05 ----A---- C:\Windows\system32\httpapi.dll
2010-03-06 19:17:11 ----A---- C:\Users\Bilz\AppData\Roaming\bkctl.dll
2010-03-02 17:26:19 ----D---- C:\Program Files\Mixxx
2010-02-27 16:15:37 ----D---- C:\ProgramData\McAfee Security Scan
2010-02-27 16:15:37 ----D---- C:\ProgramData\McAfee
2010-02-27 16:15:35 ----D---- C:\Program Files\McAfee Security Scan
2010-02-24 16:27:58 ----D---- C:\Program Files\Common Files\Blizzard Entertainment
2010-02-24 15:43:51 ----A---- C:\Windows\system32\secproc_isv.dll
2010-02-24 15:43:51 ----A---- C:\Windows\system32\secproc.dll
2010-02-24 15:43:50 ----A---- C:\Windows\system32\RMActivate_ssp_isv.exe
2010-02-24 15:43:50 ----A---- C:\Windows\system32\RMActivate_ssp.exe
2010-02-24 15:43:50 ----A---- C:\Windows\system32\RMActivate_isv.exe
2010-02-24 15:43:50 ----A---- C:\Windows\system32\RMActivate.exe
2010-02-24 15:43:49 ----A---- C:\Windows\system32\secproc_ssp_isv.dll
2010-02-24 15:43:49 ----A---- C:\Windows\system32\secproc_ssp.dll
2010-02-24 15:43:49 ----A---- C:\Windows\system32\msdrm.dll
2010-02-24 14:45:20 ----A---- C:\Windows\system32\tzres.dll
2010-02-23 20:03:26 ----D---- C:\Program Files\Warcraft III
2010-02-19 18:55:07 ----D---- C:\Program Files\Common Files\Symantec Shared
2010-02-16 16:42:29 ----D---- C:\ProgramData\Symantec
2010-02-16 16:42:29 ----D---- C:\ProgramData\Norton
2010-02-16 16:42:29 ----D---- C:\Program Files\Norton Security Scan
2010-02-16 16:42:28 ----D---- C:\ProgramData\NortonInstaller
2010-02-16 16:42:28 ----D---- C:\Program Files\NortonInstaller
2010-02-15 13:41:01 ----D---- C:\Program Files\C64CLX
2010-02-11 22:15:01 ----D---- C:\Users\Bilz\AppData\Roaming\OpenOffice.org
2010-02-10 20:45:43 ----A---- C:\Windows\system32\ntoskrnl.exe
2010-02-10 20:45:43 ----A---- C:\Windows\system32\ntkrnlpa.exe
2010-02-10 20:44:57 ----A---- C:\Windows\system32\tcpipcfg.dll
2010-02-10 20:44:57 ----A---- C:\Windows\system32\netiougc.exe
2010-02-10 20:44:57 ----A---- C:\Windows\system32\IKEEXT.DLL
2010-02-10 20:44:57 ----A---- C:\Windows\system32\FWPUCLNT.DLL
2010-02-10 20:44:57 ----A---- C:\Windows\system32\BFE.DLL
2010-02-10 20:44:51 ----A---- C:\Windows\system32\tsbyuv.dll
2010-02-10 20:44:51 ----A---- C:\Windows\system32\quartz.dll
2010-02-10 20:44:51 ----A---- C:\Windows\system32\msyuv.dll
2010-02-10 20:44:51 ----A---- C:\Windows\system32\msvidc32.dll
2010-02-10 20:44:51 ----A---- C:\Windows\system32\msvfw32.dll
2010-02-10 20:44:51 ----A---- C:\Windows\system32\msrle32.dll
2010-02-10 20:44:51 ----A---- C:\Windows\system32\mciavi32.dll
2010-02-10 20:44:51 ----A---- C:\Windows\system32\iyuv_32.dll
2010-02-10 20:44:51 ----A---- C:\Windows\system32\avifil32.dll
2010-02-10 20:44:51 ----A---- C:\Windows\system32\avicap32.dll
2010-02-05 20:22:16 ----D---- C:\Program Files\Orbitdownloader
2010-02-05 19:50:01 ----D---- C:\Program Files\UnH Solutions
2010-02-05 16:41:16 ----D---- C:\Program Files\VDOWNLOADER
2010-02-05 16:37:05 ----D---- C:\Program Files\Conduit
2010-01-29 16:05:22 ----D---- C:\Program Files\JRE
2010-01-29 16:04:57 ----D---- C:\Program Files\OpenOffice.org 3
2010-01-24 21:11:34 ----A---- C:\Windows\system32\javaws.exe
2010-01-24 21:11:34 ----A---- C:\Windows\system32\javaw.exe
2010-01-24 21:11:34 ----A---- C:\Windows\system32\java.exe
2010-01-24 21:11:34 ----A---- C:\Windows\system32\deploytk.dll
2010-01-24 21:10:53 ----D---- C:\Program Files\Java
2010-01-24 18:17:45 ----D---- C:\Program Files\Common Files\Adobe
2010-01-24 18:17:45 ----D---- C:\Program Files\Adobe
2010-01-23 16:34:19 ----D---- C:\ProgramData\TmForever
2010-01-23 16:31:09 ----D---- C:\Program Files\TmNationsForever
2010-01-23 14:58:20 ----D---- C:\Program Files\American Conquest - Fight Back
2010-01-23 14:40:19 ----A---- C:\Windows\SIERRA.INI
2010-01-23 14:40:18 ----D---- C:\Sierra
2010-01-22 14:24:29 ----A---- C:\Windows\system32\mshtml.dll
2010-01-22 14:24:28 ----A---- C:\Windows\system32\wininet.dll
2010-01-22 14:24:28 ----A---- C:\Windows\system32\ieframe.dll
2010-01-22 14:24:27 ----A---- C:\Windows\system32\urlmon.dll
2010-01-22 14:24:27 ----A---- C:\Windows\system32\mstime.dll
2010-01-22 14:24:26 ----A---- C:\Windows\system32\iertutil.dll
2010-01-22 14:24:26 ----A---- C:\Windows\system32\iedkcs32.dll
2010-01-22 14:24:26 ----A---- C:\Windows\system32\ieapfltr.dll
2010-01-22 14:24:26 ----A---- C:\Windows\system32\ie4uinit.exe
2010-01-22 14:24:25 ----A---- C:\Windows\system32\pngfilt.dll
2010-01-22 14:24:25 ----A---- C:\Windows\system32\occache.dll
2010-01-22 14:24:25 ----A---- C:\Windows\system32\mshtmled.dll
2010-01-22 14:24:25 ----A---- C:\Windows\system32\msfeeds.dll
2010-01-22 14:24:25 ----A---- C:\Windows\system32\jsproxy.dll
2010-01-22 14:24:25 ----A---- C:\Windows\system32\ieUnatt.exe
2010-01-22 14:24:25 ----A---- C:\Windows\system32\ieui.dll
2010-01-22 14:24:25 ----A---- C:\Windows\system32\iesetup.dll
2010-01-22 14:24:25 ----A---- C:\Windows\system32\iernonce.dll
2010-01-22 14:24:25 ----A---- C:\Windows\system32\ieencode.dll
2010-01-22 14:24:25 ----A---- C:\Windows\system32\ieaksie.dll
2010-01-22 14:24:25 ----A---- C:\Windows\system32\icardie.dll
2010-01-22 14:24:25 ----A---- C:\Windows\system32\dxtrans.dll
2010-01-22 14:24:25 ----A---- C:\Windows\system32\dxtmsft.dll
2010-01-22 14:24:25 ----A---- C:\Windows\system32\advpack.dll
2010-01-22 14:24:25 ----A---- C:\Windows\system32\admparse.dll
2010-01-22 14:24:24 ----A---- C:\Windows\system32\mshtmler.dll
2010-01-22 14:24:24 ----A---- C:\Windows\system32\ieakui.dll
2010-01-20 17:25:55 ----D---- C:\Program Files\ANNO 1503
2010-01-19 15:51:14 ----D---- C:\Program Files\ICQ7.0
2010-01-15 21:21:38 ----A---- C:\Windows\system32\t2embed.dll
2010-01-15 21:21:38 ----A---- C:\Windows\system32\lpk.dll
2010-01-15 21:21:38 ----A---- C:\Windows\system32\fontsub.dll
2010-01-15 21:21:38 ----A---- C:\Windows\system32\dciman32.dll
2010-01-15 21:21:38 ----A---- C:\Windows\system32\atmlib.dll
2010-01-15 21:21:38 ----A---- C:\Windows\system32\atmfd.dll
2010-01-13 17:56:49 ----D---- C:\Users\Bilz\AppData\Roaming\dvdcss
2010-01-01 19:03:23 ----D---- C:\Program Files\ANNO1602
2010-01-01 19:02:50 ----D---- C:\Program Files\Common Files\InstallShield
2010-01-01 19:02:00 ----D---- C:\Program Files\WMSause Gratisversion

======List of files/folders modified in the last 3 months======

2010-03-17 16:33:17 ----D---- C:\Windows\Temp
2010-03-17 15:25:53 ----D---- C:\ProgramData\NVIDIA
2010-03-17 15:18:03 ----D---- C:\Users\Bilz\AppData\Roaming\ICQ
2010-03-17 15:05:24 ----RD---- C:\Program Files
2010-03-17 13:31:51 ----D---- C:\Windows\system32\drivers
2010-03-17 13:30:04 ----HD---- C:\ProgramData
2010-03-16 16:54:04 ----SHD---- C:\Windows\Installer
2010-03-16 16:53:23 ----SHD---- C:\System Volume Information
2010-03-16 16:04:08 ----D---- C:\Windows\Prefetch
2010-03-16 16:04:06 ----D---- C:\Windows
2010-03-16 15:07:11 ----D---- C:\Windows\winsxs
2010-03-16 15:06:36 ----D---- C:\Program Files\Common Files
2010-03-16 14:54:02 ----D---- C:\Windows\System32
2010-03-16 14:54:02 ----A---- C:\Windows\system32\PerfStringBackup.INI
2010-03-16 14:54:01 ----D---- C:\Windows\inf
2010-03-12 17:02:20 ----D---- C:\Program Files\Mozilla Firefox
2010-03-11 17:08:54 ----D---- C:\Windows\system32\catroot
2010-03-11 17:08:50 ----D---- C:\Windows\system32\catroot2
2010-03-11 17:06:23 ----D---- C:\Program Files\Movie Maker
2010-03-11 17:06:22 ----D---- C:\Program Files\Windows Mail
2010-03-10 19:40:11 ----D---- C:\Users\Bilz\AppData\Roaming\vlc
2010-03-02 17:09:23 ----SD---- C:\Users\Bilz\AppData\Roaming\Microsoft
2010-03-02 16:50:17 ----D---- C:\Windows\system32\Macromed
2010-02-27 16:30:57 ----D---- C:\Windows\Minidump
2010-02-27 16:15:53 ----SD---- C:\Windows\Downloaded Program Files
2010-02-27 14:44:23 ----D---- C:\ProgramData\Adobe
2010-02-25 19:52:51 ----D---- C:\Windows\rescache
2010-02-25 18:29:19 ----RSD---- C:\Windows\Fonts
2010-02-25 18:29:19 ----D---- C:\Windows\system32\de-DE
2010-02-24 09:16:06 ----N---- C:\Windows\system32\MpSigStub.exe
2010-02-16 17:05:12 ----D---- C:\Windows\system32\Tasks
2010-02-16 17:05:12 ----D---- C:\Program Files\Ask.com
2010-02-16 16:42:34 ----D---- C:\Windows\Tasks
2010-02-11 14:09:11 ----D---- C:\Windows\system32\migration
2010-02-06 11:29:34 ----D---- C:\Users\Bilz\AppData\Roaming\Orbit
2010-02-06 10:06:35 ----D---- C:\downloads
2010-02-05 16:37:05 ----D---- C:\Program Files\DVDVideoSoft
2010-02-05 16:37:00 ----D---- C:\Program Files\Common Files\DVDVideoSoft
2010-02-03 15:50:51 ----D---- C:\Users\Bilz\AppData\Roaming\BitTorrent
2010-01-29 16:07:40 ----RSD---- C:\Windows\assembly
2010-01-23 14:40:19 ----HD---- C:\Program Files\InstallShield Installation Information
2010-01-23 11:16:19 ----D---- C:\Program Files\Internet Explorer
2010-01-23 11:16:18 ----D---- C:\Windows\AppPatch
2010-01-19 17:22:45 ----D---- C:\Program Files\ICQ6Toolbar
2010-01-19 15:57:58 ----D---- C:\ProgramData\ICQ
2010-01-03 21:19:43 ----D---- C:\Program Files\ICQ6.5
2009-12-24 21:39:16 ----D---- C:\Windows\system32\WDI

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 GDTdiInterceptor;GDTdiInterceptor; \??\C:\Windows\system32\drivers\GDTdiIcpt.sys [2007-11-19 39120]
R3 FETNDIS;VIA Rhine-Familie--Fast-Ethernet-Adaptertreiberdienst; C:\Windows\system32\DRIVERS\fetnd5.sys [2006-11-02 45568]
R3 GDMnIcpt;GDMnIcpt; \??\C:\Windows\system32\drivers\MiniIcpt.sys [2007-11-19 47312]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys [2009-05-18 26600]
R3 HookCentre;HookCentre; \??\C:\Windows\system32\drivers\HookCentre.sys [2007-11-19 32464]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2007-07-18 1841312]
R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2009-09-27 9509832]
R3 RTL8023xp;NDIS-x86-Treiber für Realtek 10/100-Netzwerkkartenfamilie; C:\Windows\system32\DRIVERS\Rtnicxp.sys [2006-11-02 47104]
R3 seehcri;Sony Ericsson seehcri Device Driver; C:\Windows\system32\DRIVERS\seehcri.sys [2008-01-09 27632]
R3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2007-11-03 82688]
S3 drmkaud;Microsoft Kernel-DRM-Audioentschlüsselung; C:\Windows\system32\drivers\drmkaud.sys [2006-11-02 5632]
S3 FET5X86V;VIA Rhine-Family Fast-Ethernet Adapter Driver Service; C:\Windows\system32\DRIVERS\fetnd5bv.sys [2007-04-17 42496]
S3 HdAudAddService;Microsoft 1.1 UAA-Funktionstreiber für High Definition Audio-Dienst; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2006-11-02 8192]
S3 MSPCLOCK;Microsoft Proxy für Streaming Clock; C:\Windows\system32\drivers\MSPCLOCK.sys [2006-11-02 5888]
S3 MSPQM;Microsoft Proxy für Streaming Quality Manager; C:\Windows\system32\drivers\MSPQM.sys [2006-11-02 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink-Konvertierung; C:\Windows\system32\drivers\MSTEE.sys [2006-11-02 6016]
S3 USBAAPL;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl.sys [2009-08-28 40448]
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2006-11-02 39936]
S4 iaStor;Intel RAID Controller; C:\Windows\system32\drivers\iastor.sys [2007-07-12 305176]
S4 JRAID;JRAID; C:\Windows\system32\drivers\jraid.sys [2007-06-13 48256]
S4 nvrd32;NVIDIA nForce RAID Driver; C:\Windows\system32\drivers\nvrd32.sys [2007-07-02 131616]
S4 nvstor32;nvstor32; C:\Windows\system32\drivers\nvstor32.sys [2007-07-02 110112]
S4 viamraid;viamraid; C:\Windows\system32\drivers\viamraid.sys [2006-11-08 102912]
S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\drivers\wmiacpi.sys [2007-11-03 11264]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-08-28 144672]
R2 AVKProxy;AVKProxy; C:\Program Files\Common Files\G DATA\AVKProxy\AVKProxy.exe [2007-05-03 649040]
R2 AVKService;AVK Service; C:\Programme\G DATA AntiVirenKit 2007 Trial\AVK\AVKService.exe [2007-04-02 407376]
R2 AVKWCtl;AVK Wächter; C:\Programme\G DATA AntiVirenKit 2007 Trial\AVK\AVKWCtl.exe [2007-04-02 1103696]
R2 Bonjour Service;Bonjour-Dienst; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
R2 Browser Defender Update Service;Browser Defender Update Service; C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe [2009-11-10 112592]
R2 ICQ Service;ICQ Service; C:\Program Files\ICQ6Toolbar\ICQ Service.exe [2010-01-03 246520]
R2 Nero BackItUp Scheduler 3;Nero BackItUp Scheduler 3; C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe [2007-08-08 836904]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2009-09-27 215656]
R2 OMSI download service;Sony Ericsson OMSI download service; C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe [2009-04-30 90112]
R2 ProtexisLicensing;ProtexisLicensing; c:\Windows\system32\PSIService.exe [2006-11-02 174656]
R2 sdAuxService;PC Tools Auxiliary Service; C:\Program Files\Spyware Doctor\pctsAuxs.exe [2009-12-09 365280]
R2 SearchAnonymizer;SearchAnonymizer; C:\Users\Bilz\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe [2009-12-16 40960]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service; C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2009-09-27 240232]
R2 TestHandler;Fujitsu Siemens Computers Diagnostic Testhandler; C:\firststeps\OnlineDiagnostic\TestManager\TestHandler.exe [2006-12-08 204800]
R3 iPod Service;iPod-Dienst; C:\Program Files\iPod\bin\iPodService.exe [2009-09-21 545568]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance; C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe [2005-11-17 1548380]
S3 McComponentHostService;McAfee Security Scan Component Host Service; C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
S3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe [2007-08-16 382248]
S3 sdCoreService;PC Tools Security Service; C:\Program Files\Spyware Doctor\pctsSvc.exe [2010-01-18 1141712]
S3 UPnPService;UPnPService; C:\Program Files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe [2006-12-14 565248]

-----------------EOF-----------------

Plukas 19.03.2010 16:17
Reicht das was ich gepostet hab?

cosinus 19.03.2010 16:48
Ja das ist ok :)

Mach bitte nun ein Log mit CF, dann sollten wir eigentlich so gut wie druch sein:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Lade dir ComboFix hier herunter auf deinen Desktop. Benenne es beim Runterladen um in cofi.exe.
http://saved.im/mtm0nzyzmzd5/cofi.jpg
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Plukas 20.03.2010 13:36
ComboFix 10-03-19.08 - Bilz 20.03.2010 13:17:01.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.49.1031.18.2046.1178 [GMT 1:00]
ausgeführt von:: c:\users\Bilz\Desktop\cofi.exe
AV: G DATA AntiVirenKit 2007 *On-access scanning disabled* (Outdated) {71310606-6F3B-49F2-9A81-8315AA75FBB3}
SP: Spyware Doctor *enabled* (Updated) {1C3EDD79-273E-46ac-99F8-EFA9E7CBC301}
SP: Windows-Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\$recycle.bin\S-1-5-21-2152478756-3922319563-605102323-500
c:\$recycle.bin\S-1-5-21-2398079171-2830106145-3063679650-500
c:\programdata\hpe2F3B.dll
c:\users\Matthias\AppData\Roaming\Desktopicon
c:\users\Matthias\AppData\Roaming\Desktopicon\eBay.ico
c:\users\Matthias\AppData\Roaming\Desktopicon\uninst.exe
c:\windows\system32\Connect.dll

.
((((((((((((((((((((((( Dateien erstellt von 2010-02-20 bis 2010-03-20 ))))))))))))))))))))))))))))))
.

2010-03-20 12:26 . 2010-03-20 12:27 -------- d-----w- c:\users\Bilz\AppData\Local\temp
2010-03-20 12:26 . 2010-03-20 12:26 -------- d-----w- c:\users\Matthias\AppData\Local\temp
2010-03-20 12:26 . 2010-03-20 12:26 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-03-17 19:42 . 2010-03-17 19:42 -------- d-----w- C:\games
2010-03-17 18:40 . 2010-03-17 18:40 -------- d-----w- C:\GAMIGO
2010-03-17 16:27 . 2010-03-17 16:27 -------- d-----w- c:\users\Bilz\icytower1.2
2010-03-17 14:05 . 2010-03-17 15:33 -------- d-----w- c:\program files\trend micro
2010-03-17 14:05 . 2010-03-17 14:05 -------- d-----w- C:\rsit
2010-03-17 12:31 . 2010-03-17 12:31 -------- d-----w- c:\users\Bilz\AppData\Roaming\Malwarebytes
2010-03-17 12:31 . 2010-01-07 15:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-17 12:30 . 2010-03-17 12:30 -------- d-----w- c:\programdata\Malwarebytes
2010-03-17 12:28 . 2010-03-17 12:31 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-03-17 12:28 . 2010-01-07 15:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-16 15:54 . 2010-03-16 15:54 409088 ----a-r- c:\users\Bilz\AppData\Roaming\Microsoft\Installer\{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}\HiJackThis.exe
2010-03-16 15:54 . 2010-03-16 15:54 -------- d-----w- c:\program files\TrendMicro
2010-03-16 15:39 . 2010-03-16 15:39 -------- d-----w- c:\program files\CleanUp!
2010-03-16 15:04 . 2010-01-21 23:21 149456 ----a-w- c:\windows\SGDetectionTool.dll
2010-03-16 14:06 . 2010-03-16 14:06 -------- d-----w- c:\users\Bilz\AppData\Roaming\PC Tools
2010-03-16 14:06 . 2010-03-16 14:06 -------- d-----w- c:\programdata\PC Tools
2010-03-11 14:38 . 2010-02-20 23:54 24064 ----a-w- c:\windows\system32\nshhttp.dll
2010-03-11 14:38 . 2010-02-20 23:31 31232 ----a-w- c:\windows\system32\httpapi.dll
2010-03-11 14:38 . 2010-02-20 21:16 398848 ----a-w- c:\windows\system32\drivers\http.sys
2010-03-10 17:01 . 2010-02-16 08:31 84912 ----a-w- c:\programdata\Symantec\Definitions\SymcData\virusdefs-2.5-e\20100310.002\naveng.sys
2010-03-10 17:01 . 2010-02-16 08:31 177520 ----a-w- c:\programdata\Symantec\Definitions\SymcData\virusdefs-2.5-e\20100310.002\naveng32.dll
2010-03-10 17:01 . 2010-02-16 08:31 1647984 ----a-w- c:\programdata\Symantec\Definitions\SymcData\virusdefs-2.5-e\20100310.002\navex32a.dll
2010-03-10 17:01 . 2010-02-16 08:31 1324720 ----a-w- c:\programdata\Symantec\Definitions\SymcData\virusdefs-2.5-e\20100310.002\navex15.sys
2010-03-10 17:01 . 2010-02-16 08:31 371248 ----a-w- c:\programdata\Symantec\Definitions\SymcData\virusdefs-2.5-e\20100310.002\eeCtrl.sys
2010-03-10 17:01 . 2010-02-16 08:31 2747440 ----a-w- c:\programdata\Symantec\Definitions\SymcData\virusdefs-2.5-e\20100310.002\cceraser.dll
2010-03-10 17:01 . 2010-02-16 08:31 259440 ----a-w- c:\programdata\Symantec\Definitions\SymcData\virusdefs-2.5-e\20100310.002\ecmsvr32.dll
2010-03-10 17:01 . 2010-02-16 08:31 102448 ----a-w- c:\programdata\Symantec\Definitions\SymcData\virusdefs-2.5-e\20100310.002\ERASER.sys
2010-03-06 18:17 . 2010-03-06 18:17 41496 ----a-w- c:\users\Bilz\AppData\Roaming\bkctl.dll
2010-03-06 13:40 . 2010-03-06 13:40 -------- d-----w- c:\users\Matthias\AppData\Local\Microsoft Games
2010-03-02 16:26 . 2010-03-02 16:26 -------- d-----w- c:\program files\Mixxx
2010-02-27 15:15 . 2010-02-27 15:15 -------- d-----w- c:\programdata\McAfee Security Scan
2010-02-27 15:15 . 2010-02-27 15:15 -------- d-----w- c:\programdata\McAfee
2010-02-27 15:15 . 2010-03-06 15:17 -------- d-----w- c:\program files\McAfee Security Scan
2010-02-24 15:27 . 2010-02-24 15:27 -------- d-----w- c:\program files\Common Files\Blizzard Entertainment
2010-02-24 14:43 . 2010-01-25 12:58 473088 ----a-w- c:\windows\system32\secproc_isv.dll
2010-02-24 14:43 . 2010-01-25 12:58 472576 ----a-w- c:\windows\system32\secproc.dll
2010-02-24 14:43 . 2010-01-25 08:36 435712 ----a-w- c:\windows\system32\RMActivate_ssp.exe
2010-02-24 14:43 . 2010-01-25 08:36 515584 ----a-w- c:\windows\system32\RMActivate.exe
2010-02-24 14:43 . 2010-01-25 08:36 431104 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
2010-02-24 14:43 . 2010-01-25 08:35 523776 ----a-w- c:\windows\system32\RMActivate_isv.exe
2010-02-24 14:43 . 2010-01-25 12:58 154624 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
2010-02-24 14:43 . 2010-01-25 12:58 154112 ----a-w- c:\windows\system32\secproc_ssp.dll
2010-02-24 14:43 . 2010-01-25 12:56 312320 ----a-w- c:\windows\system32\msdrm.dll
2010-02-24 13:45 . 2010-01-23 08:05 2048 ----a-w- c:\windows\system32\tzres.dll
2010-02-23 19:03 . 2010-03-14 20:21 -------- d-----w- c:\program files\Warcraft III
2010-02-19 17:55 . 2010-03-10 17:02 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-02-19 17:51 . 2010-02-16 08:31 371248 ----a-w- c:\programdata\Symantec\Definitions\SymcData\virusdefs-2.5-e\BinHub\eeCtrl.sys
2010-02-19 17:51 . 2010-02-16 08:31 102448 ----a-w- c:\programdata\Symantec\Definitions\SymcData\virusdefs-2.5-e\BinHub\ERASER.sys
2010-02-19 17:51 . 2010-02-16 08:31 84912 ----a-w- c:\programdata\Symantec\Definitions\SymcData\virusdefs-2.5-e\BinHub\naveng.sys
2010-02-19 17:51 . 2010-02-16 08:31 2747440 ----a-w- c:\programdata\Symantec\Definitions\SymcData\virusdefs-2.5-e\BinHub\cceraser.dll
2010-02-19 17:51 . 2010-02-16 08:31 259440 ----a-w- c:\programdata\Symantec\Definitions\SymcData\virusdefs-2.5-e\BinHub\ecmsvr32.dll
2010-02-19 17:51 . 2010-02-16 08:31 177520 ----a-w- c:\programdata\Symantec\Definitions\SymcData\virusdefs-2.5-e\BinHub\naveng32.dll
2010-02-19 17:51 . 2010-02-16 08:31 1647984 ----a-w- c:\programdata\Symantec\Definitions\SymcData\virusdefs-2.5-e\BinHub\navex32a.dll
2010-02-19 17:51 . 2010-02-16 08:31 1324720 ----a-w- c:\programdata\Symantec\Definitions\SymcData\virusdefs-2.5-e\BinHub\navex15.sys
2010-02-18 15:14 . 2010-02-18 15:14 1233160 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll

.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-20 12:26 . 2010-03-16 14:06 -------- d-----w- c:\program files\Spyware Doctor
2010-03-20 12:11 . 2009-10-19 19:01 -------- d-----w- c:\users\Bilz\AppData\Roaming\ICQ
2010-03-20 12:00 . 2009-10-12 13:11 70576 ----a-w- c:\programdata\nvModes.dat
2010-03-20 12:00 . 2009-10-12 13:10 -------- d-----w- c:\programdata\NVIDIA
2010-03-20 11:29 . 2009-10-21 16:40 -------- d-----w- c:\users\Matthias\AppData\Roaming\ICQ
2010-03-17 18:40 . 2007-11-19 16:20 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-03-16 15:04 . 2010-03-16 14:06 -------- d-----w- c:\program files\Common Files\PC Tools
2010-03-16 13:54 . 2006-11-02 15:33 641106 ----a-w- c:\windows\system32\perfh007.dat
2010-03-16 13:54 . 2006-11-02 15:33 116500 ----a-w- c:\windows\system32\perfc007.dat
2010-03-13 14:32 . 2010-01-29 15:11 1 ----a-w- c:\users\Matthias\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-03-11 16:06 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-03-10 18:40 . 2009-10-27 13:53 -------- d-----w- c:\users\Bilz\AppData\Roaming\vlc
2010-03-10 14:13 . 2010-01-19 14:51 -------- d-----w- c:\program files\ICQ7.0
2010-03-05 16:59 . 2010-01-23 15:34 -------- d-----w- c:\programdata\TmForever
2010-03-04 17:02 . 2010-01-23 13:58 -------- d-----w- c:\program files\American Conquest - Fight Back
2010-03-04 13:34 . 2010-01-13 16:56 -------- d-----w- c:\users\Bilz\AppData\Roaming\dvdcss
2010-02-27 19:23 . 2009-10-20 16:12 77272 ----a-w- c:\users\Matthias\AppData\Local\GDIPFONTCACHEV1.DAT
2010-02-25 18:53 . 2009-10-08 19:04 77272 ----a-w- c:\users\Bilz\AppData\Local\GDIPFONTCACHEV1.DAT
2010-02-24 09:16 . 2009-10-22 16:24 181632 ------w- c:\windows\system32\MpSigStub.exe
2010-02-21 20:42 . 2010-02-11 21:15 1 ----a-w- c:\users\Bilz\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-02-19 17:51 . 2010-02-16 15:42 -------- d-----w- c:\programdata\Symantec
2010-02-16 16:05 . 2009-10-29 18:21 -------- d-----w- c:\program files\Ask.com
2010-02-16 15:42 . 2010-02-16 15:42 -------- d-----w- c:\programdata\Norton
2010-02-16 15:42 . 2010-02-16 15:42 -------- d-----w- c:\program files\Norton Security Scan
2010-02-16 15:42 . 2010-02-16 15:42 -------- d-----w- c:\programdata\NortonInstaller
2010-02-16 15:42 . 2010-02-16 15:42 -------- d-----w- c:\program files\NortonInstaller
2010-02-15 12:41 . 2010-02-15 12:41 -------- d-----w- c:\program files\C64CLX
2010-02-13 16:52 . 2010-02-13 16:52 2131336 ----a-w- c:\users\Bilz\AppData\Roaming\Mozilla\Firefox\Profiles\p5vwxrvy.default\extensions\toolbar@ask.com\chrome\temp\askToolbar.exe
2010-02-11 21:15 . 2010-02-11 21:15 -------- d-----w- c:\users\Bilz\AppData\Roaming\OpenOffice.org
2010-02-06 10:29 . 2009-10-21 12:37 -------- d-----w- c:\users\Bilz\AppData\Roaming\Orbit
2010-02-05 19:22 . 2010-02-05 19:22 -------- d-----w- c:\program files\Orbitdownloader
2010-02-05 18:50 . 2010-02-05 18:50 -------- d-----w- c:\program files\UnH Solutions
2010-02-05 15:41 . 2010-02-05 15:41 -------- d-----w- c:\program files\VDOWNLOADER
2010-02-05 15:37 . 2010-02-05 15:37 -------- d-----w- c:\program files\Conduit
2010-02-05 15:37 . 2009-11-15 18:29 -------- d-----w- c:\program files\DVDVideoSoft
2010-02-05 15:37 . 2010-02-05 15:37 52224 ----a-w- c:\users\Matthias\AppData\Roaming\Mozilla\Firefox\Profiles\eur775ll.default\extensions\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}\components\FFExternalAlert.dll
2010-02-05 15:37 . 2010-02-05 15:37 114688 ----a-w- c:\users\Matthias\AppData\Roaming\Mozilla\Firefox\Profiles\eur775ll.default\extensions\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}\components\npmozax.dll
2010-02-05 15:37 . 2009-11-15 18:29 -------- d-----w- c:\program files\Common Files\DVDVideoSoft
2010-02-05 08:25 . 2010-03-16 14:06 70408 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2010-02-05 08:18 . 2010-03-16 14:06 100136 ----a-w- c:\windows\system32\drivers\pctwfpfilter.sys
2010-02-05 08:17 . 2010-03-16 14:06 233136 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2010-02-03 14:50 . 2009-10-29 18:21 -------- d-----w- c:\users\Bilz\AppData\Roaming\BitTorrent
2010-01-29 15:09 . 2010-01-29 15:09 -------- d-----w- c:\users\Matthias\AppData\Roaming\OpenOffice.org
2010-01-29 15:05 . 2010-01-29 15:05 -------- d-----w- c:\program files\JRE
2010-01-29 15:05 . 2010-01-29 15:04 -------- d-----w- c:\program files\OpenOffice.org 3
2010-01-24 20:10 . 2010-01-24 20:11 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-01-24 20:10 . 2010-01-24 20:10 -------- d-----w- c:\program files\Java
2010-01-24 17:18 . 2010-01-24 17:17 -------- d-----w- c:\program files\Common Files\Adobe
2010-01-23 15:33 . 2010-01-23 15:31 -------- d-----w- c:\program files\TmNationsForever
2010-01-21 23:21 . 2010-03-16 15:04 165840 ----a-w- c:\windows\PCTBDRes.dll
2010-01-21 23:21 . 2010-03-16 15:04 1652688 ----a-w- c:\windows\PCTBDCore.dll
2010-01-21 23:21 . 2010-03-16 15:04 767952 ----a-w- c:\windows\BDTSupport.dll
2010-01-20 21:27 . 2009-10-26 20:30 952 --sha-w- c:\windows\system32\KGyGaAvL.sys
2010-01-20 16:49 . 2010-01-20 16:25 -------- d-----w- c:\program files\ANNO 1503
2010-01-19 16:22 . 2009-10-19 19:03 -------- d-----w- c:\program files\ICQ6Toolbar
2010-01-19 14:57 . 2009-10-19 19:03 -------- d-----w- c:\programdata\ICQ
2009-12-28 12:36 . 2010-02-10 19:44 11776 ----a-w- c:\windows\system32\tsbyuv.dll
2009-12-28 12:35 . 2010-02-10 19:44 1327616 ----a-w- c:\windows\system32\quartz.dll
2009-12-28 12:34 . 2010-02-10 19:44 22528 ----a-w- c:\windows\system32\msyuv.dll
2009-12-28 12:34 . 2010-02-10 19:44 31232 ----a-w- c:\windows\system32\msvidc32.dll
2009-12-28 12:34 . 2010-02-10 19:44 123904 ----a-w- c:\windows\system32\msvfw32.dll
2009-12-28 12:34 . 2010-02-10 19:44 13312 ----a-w- c:\windows\system32\msrle32.dll
2009-12-28 12:33 . 2010-02-10 19:44 82944 ----a-w- c:\windows\system32\mciavi32.dll
2009-12-28 12:32 . 2010-02-10 19:44 50176 ----a-w- c:\windows\system32\iyuv_32.dll
2009-12-28 12:30 . 2010-02-10 19:44 88576 ----a-w- c:\windows\system32\avifil32.dll
2009-12-28 12:30 . 2010-02-10 19:44 65024 ----a-w- c:\windows\system32\avicap32.dll
2009-09-25 16:41 . 2009-09-25 16:41 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-09-25 16:41 . 2009-09-25 16:41 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
2007-11-02 23:53 . 2007-11-02 23:15 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.

(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-02-04 1197448]

[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2010-02-04 15:50 1197448 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E601996F-E400-41CA-804B-CD6373A7EEE2}]
2009-06-09 15:40 429280 ----a-w- c:\program files\kikin\ie_kikin.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}]
2009-11-09 17:38 2331672 ----a-w- c:\program files\DVDVideoSoft\tbDVDV.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}"= "c:\program files\DVDVideoSoft\tbDVDV.dll" [2009-11-09 2331672]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-02-04 1197448]

[HKEY_CLASSES_ROOT\clsid\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-02-04 1197448]
"{E9911EC6-1BCC-40B0-9993-E0EEA7F6953F}"= "c:\program files\DVDVideoSoft\tbDVDV.dll" [2009-11-09 2331672]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CLASSES_ROOT\clsid\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-10-22 1232896]
"fsc-reg"="c:\programdata\fsc-reg\fscreg.exe" [2007-11-08 533264]
"Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" [2009-09-24 434176]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2006-11-02 125440]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 201728]
"ICQ"="c:\program files\ICQ7.0\ICQ.exe" [2010-02-11 133368]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2007-11-02 1006264]
"RtHDVCpl"="RtHDVCpl.exe" [2007-07-06 4669440]
"AVKTray"="c:\programme\G DATA AntiVirenKit 2007 Trial\AVKTray\AVKTray.exe" [2007-04-02 1042256]
"QuickFinder Scheduler"="c:\program files\WordPerfect Office X3\Programs\QFSCHD130.EXE" [2007-01-02 83568]
"recinfo464"="c:\recinfo\RecInfo.exe" [2007-10-23 2785280]
"NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 153136]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-04 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-09-21 305440]
"Ocs_SM"="c:\users\Bilz\AppData\Roaming\OCS\SM\SearchAnonymizer.exe" [2009-12-16 126976]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2010-01-24 149280]
"ISTray"="c:\program files\Spyware Doctor\pctsTray.exe" [2010-01-18 1286608]

c:\users\Matthias\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.1.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-8-18 384000]

c:\users\Bilz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
ICQ-Tools.de Launcher.lnk - c:\users\Bilz\AppData\Roaming\Microsoft\Installer\{959214DF-C502-402A-A5A0-D8CE3EB74CDC}\_AA6D09703DA76FD7ACB5DC.exe [2009-12-16 10134]
OpenOffice.org 3.1.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-8-18 384000]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

R2 AVKService;AVK Service;c:\programme\G DATA AntiVirenKit 2007 Trial\AVK\AVKService.exe [2007-04-02 407376]
R2 OMSI download service;Sony Ericsson OMSI download service;c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe [2009-04-30 90112]
R2 SearchAnonymizer;SearchAnonymizer;c:\users\Bilz\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe [2009-12-16 40960]
R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\MAGIX\Common\Database\bin\fbserver.exe [2005-11-17 1548380]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
R3 UPnPService;UPnPService;c:\program files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe [2006-12-14 565248]
S0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2009-09-23 207280]
S0 ViBus;ViBus;c:\windows\system32\DRIVERS\ViBus.sys [2007-03-26 16896]
S0 ViPrt;VIA SATA IDE Device Driver;c:\windows\system32\DRIVERS\ViPrt.sys [2007-03-26 52224]
S2 AVKProxy;AVKProxy;c:\program files\Common Files\G DATA\AVKProxy\AVKProxy.exe [2007-05-03 649040]
S2 AVKWCtl;AVK Wächter;c:\programme\G DATA AntiVirenKit 2007 Trial\AVK\AVKWCtl.exe [2007-04-02 1103696]
S2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\Spyware Doctor\BDT\BDTUpdateService.exe [2010-01-21 112592]
S2 GDTdiInterceptor;GDTdiInterceptor;c:\windows\system32\drivers\GDTdiIcpt.sys [2007-11-19 39120]
S2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [2010-01-03 246520]
S2 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [2009-12-09 365280]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2009-09-27 240232]
S3 GDMnIcpt;GDMnIcpt;c:\windows\system32\drivers\MiniIcpt.sys [2007-11-19 47312]
S3 HookCentre;HookCentre;c:\windows\system32\drivers\HookCentre.sys [2007-11-19 32464]
S3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\DRIVERS\seehcri.sys [2008-01-09 27632]


--- Andere Dienste/Treiber im Speicher ---

*Deregistered* - PCTSDInjDriver32
.
Inhalt des "geplante Tasks" Ordners

2010-03-19 c:\windows\Tasks\Norton Security Scan for Bilz.job
- c:\program files\Norton Security Scan\Engine\2.3.0.44\Nss.exe [2010-02-16 15:45]

2010-03-19 c:\windows\Tasks\User_Feed_Synchronization-{66C88B4D-1DE4-4FCE-B218-9D907BFD128D}.job
- c:\windows\system32\msfeedssync.exe [2006-11-02 09:45]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://search.orbitdownloader.com
uInternet Settings,ProxyOverride = *.local
IE: &Download by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/204
IE: Do&wnload selected by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/202
IE: Save Flash - c:\program files\UnH Solutions\Flash Saving Plugin\FlashSButton.dll/210
IE: Öffnen mit WordPerfect - c:\program files\WordPerfect Office X3\Programs\WPLauncher.hta
IE: {{88EB38EF-4D2C-436D-ABD3-56B232674062} - c:\program files\ICQ7.0\ICQ.exe
IE: {{0F7195C2-6713-4d93-A1BC-DA5FA33F0A65} - {E601996F-E400-41CA-804B-CD6373A7EEE2} - c:\program files\kikin\ie_kikin.dll
LSP: c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll
FF - ProfilePath - c:\users\Bilz\AppData\Roaming\Mozilla\Firefox\Profiles\p5vwxrvy.default\
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - hxxp://search.orbitdownloader.com
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=2.0.0.0&q=
FF - component: c:\program files\Orbitdownloader\addons\OneClickYouTubeDownloader\components\GrabXpcom.dll
FF - component: c:\users\Bilz\AppData\Roaming\Mozilla\Firefox\Profiles\p5vwxrvy.default\extensions\{AA994882-F391-4d2e-806F-8908DA4814ED}\components\kikin.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX Richtlinien ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -

AddRemove-eBay Icon - c:\users\Matthias\AppData\Roaming\Desktopicon\uninst.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-20 13:26
Windows 6.0.6000 NTFS

detected NTDLL code modification:
ZwClose

Scanne versteckte Prozesse...

Scanne versteckte Autostarteinträge...

Scanne versteckte Dateien...

Scan erfolgreich abgeschlossen
versteckte Dateien: 0

**************************************************************************
.
Zeit der Fertigstellung: 2010-03-20 13:29:55
ComboFix-quarantined-files.txt 2010-03-20 12:29

Vor Suchlauf: 25 Verzeichnis(se), 24.258.572.288 Bytes frei
Nach Suchlauf: 28 Verzeichnis(se), 24.850.739.200 Bytes frei

- - End Of File - - 622805B21F228223D93B23FEC8B51F5D

cosinus 20.03.2010 19:07
Zitat:
detected NTDLL code modification:
ZwClose
Das sieht ein bisschen merkwürdig aus. Bitte ein Log mit gmer machen und posten.

Plukas 20.03.2010 23:23
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-03-20 23:21:59
Windows 6.0.6000
Running: cr8oxjy3.exe; Driver: C:\Users\Bilz\AppData\Local\Temp\kwrdqpow.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\system32\drivers\PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateProcess [0x8066CCDC]
SSDT \SystemRoot\system32\drivers\PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateProcessEx [0x8066CECE]
SSDT \SystemRoot\system32\drivers\PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwTerminateProcess [0x8066C982]
SSDT \SystemRoot\system32\drivers\PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateUserProcess [0x8066D0D6]

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe[788] USER32.dll!PaintMonitor + 94 75DAB20C 7 Bytes JMP 10031D10 C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\NewUI.dll (New UI/Avanquest Software)
.text C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe[788] USER32.dll!InflateRect + 2D1 75DB7C05 7 Bytes JMP 10031C80 C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\NewUI.dll (New UI/Avanquest Software)
.text C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe[788] USER32.dll!CreateDialogParamW + 263 75DDA6DB 7 Bytes JMP 10031CF0 C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\NewUI.dll (New UI/Avanquest Software)

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\tdx \Device\Tcp GDTdiIcpt.sys

Device \Driver\PCTSDInjDriver32 \Device\PCTSDInjDriver32 PCTSDInj32.sys

AttachedDevice \Driver\tdx \Device\Udp GDTdiIcpt.sys
AttachedDevice \Driver\tdx \Device\RawIp GDTdiIcpt.sys

---- EOF - GMER 1.0.15 ----

cosinus 21.03.2010 16:30
Scheint doch okay zu sein. Mach bitte noch einen Kontrollscan, öffne Malwarebytes, aktualisiere das Programm, starte einen Vollscan und lass alle etwaigen Funde entfernen. Anschließend wieder das Logfile posten.

Plukas 21.03.2010 20:48
Malwarebytes' Anti-Malware 1.44
Datenbank Version: 3892
Windows 6.0.6000
Internet Explorer 7.0.6000.16982

21.03.2010 20:35:58
mbam-log-2010-03-21 (20-35-58).txt

Scan-Methode: Vollständiger Scan (C:\|)
Durchsuchte Objekte: 286028
Laufzeit: 1 hour(s), 59 minute(s), 18 second(s)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 2
Infizierte Dateien: 10

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
C:\Users\Bilz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Protection System (Rogue.ProtectionSystem) -> Quarantined and deleted successfully.
C:\Users\Matthias\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Protection System (Rogue.ProtectionSystem) -> Quarantined and deleted successfully.

Infizierte Dateien:
C:\Users\Bilz\AppData\Local\VirtualStore\Windows\System32\t1p0_690075360482.b1k (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Users\Matthias\AppData\Local\VirtualStore\Windows\System32\info.tmp (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Users\Bilz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Protection System\Deinstallieren.lnk (Rogue.ProtectionSystem) -> Quarantined and deleted successfully.
C:\Users\Bilz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Protection System\Live Support.lnk (Rogue.ProtectionSystem) -> Quarantined and deleted successfully.
C:\Users\Bilz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Protection System\Live-Support.lnk (Rogue.ProtectionSystem) -> Quarantined and deleted successfully.
C:\Users\Bilz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Protection System\Protection System.lnk (Rogue.ProtectionSystem) -> Quarantined and deleted successfully.
C:\Users\Bilz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Protection System\Uninstall.lnk (Rogue.ProtectionSystem) -> Quarantined and deleted successfully.
C:\Users\Matthias\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Protection System\Deinstallieren.lnk (Rogue.ProtectionSystem) -> Quarantined and deleted successfully.
C:\Users\Matthias\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Protection System\Live-Support.lnk (Rogue.ProtectionSystem) -> Quarantined and deleted successfully.
C:\Users\Matthias\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Protection System\Protection System.lnk (Rogue.ProtectionSystem) -> Quarantined and deleted successfully.

cosinus 21.03.2010 20:51
Wie gehts Deinem System jetzt? Noch Meldungen, Probleme, Auffälligkeiten?

Plukas 21.03.2010 21:20
Ja PC neugestartet dann war erstmal nichts... Immer noch ein bisschen langsam wie in letzter Zeit.
Ja und jetzt auf einmal kamen ganz viele Fehlermeldungen dass alle möglichen Programme nicht mehr gehen.(aber das passiert in letzter Zeit auch öfter) Ja dann kam eine Meldung dass ich einen Virus habe und eine Systemprüfung machen soll das kommt öfters ist von diesem blöden Protection System. Außerdem hat sich dauernd selbstständig der Internet Explorer geöffnet und sofort war (keine Rückmeldung). Hab ihn geschlossen und 10 sek später wieder das selbe.

cosinus 22.03.2010 08:14
Zitat:
Ja und jetzt auf einmal kamen ganz viele Fehlermeldungen dass alle möglichen Programme nicht mehr gehen.(aber das passiert in letzter Zeit auch öfter) Ja dann kam eine Meldung dass ich einen Virus habe
Sry, aber diese Aussage macht so Null Sinn wenn Du nicht den genauen Wortlaut postest. So müsste man hier mal wieder rumraten!

=> Poste exakt die Fehlermeldungen
=> Poste den Namen und Fundort des gefundenen Schädlings

Plukas 22.03.2010 16:34
Also es geht dauernd ein Internet Explorer Fenster auf und es ist sofort keine Rückmeldung. Wenn ich es schließe öffnet es sich nach kurzer Zeit wieder.
Außerdem werden im Internet Explorer Seiten wie
h**p://parksapple.com/search/index.php?said=a02&q=grandfatherclocks
h**p://bcveserv.biz/in.cgi?12&key=ender's+game+summary
geöffnet und die öffnen sich auch immer von selbt. Das alles war vorher nicht.

Außerdem kommen oft Windows-Fehlermeldung:
kikin broker process funktioniert nicht mehr oder
Rec.Info funktioniert nicht mehr. Ja und die kommen auch dauernd wieder. Und wenn ich sie nicht schließ sind sie am Ende 10 mal offen.

Hoffe ihr könnt damit irgendwas anfangen. Hab ja das was Malwarebytes gefunden hat gelöscht.

cosinus 22.03.2010 19:03
Dann poste mal bitte frische RSIT Logfiles.

Plukas 23.03.2010 14:22
Logfile of random's system information tool 1.06 (written by random/random)
Run by Bilz at 2010-03-23 14:17:24
Microsoft® Windows Vista™ Home Premium
System drive C: has 22 GB (10%) free of 222 GB
Total RAM: 2046 MB (60% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:17:34, on 23.03.2010
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16982)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Programme\G DATA AntiVirenKit 2007 Trial\AVKTray\AVKTray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\ICQ7.0\ICQ.exe
C:\Users\Bilz\AppData\Local\temp\ugvdstn.exe
C:\Users\Bilz\AppData\Local\temp\nvsvc32.exe
C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\Program Files\ICQ-Tools.de\ICQ-Tools.de - Launcher\ICQ-Tools.de Launcher.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Windows\ehome\ehmsas.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Internet Explorer\IEUser.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Bilz\Downloads\RSIT(2).exe
C:\Program Files\trend micro\Bilz.exe
C:\Windows\system32\wuauclt.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.orbitdownloader.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O1 - Hosts: ::1 localhost
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Browser Defender BHO - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: kikin Plugin - {E601996F-E400-41CA-804B-CD6373A7EEE2} - C:\Program Files\kikin\ie_kikin.dll
O2 - BHO: DVDVideoSoft Toolbar - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Program Files\DVDVideoSoft\tbDVDV.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O3 - Toolbar: DVDVideoSoft Toolbar - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Program Files\DVDVideoSoft\tbDVDV.dll
O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll
O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O3 - Toolbar: PC Tools Browser Guard - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [AVKTray] "C:\Programme\G DATA AntiVirenKit 2007 Trial\AVKTray\AVKTray.exe"
O4 - HKLM\..\Run: [QuickFinder Scheduler] "c:\Program Files\WordPerfect Office X3\Programs\QFSCHD130.EXE"
O4 - HKLM\..\Run: [recinfo464] c:\RecInfo\RecInfo.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Ocs_SM] C:\Users\Bilz\AppData\Roaming\OCS\SM\SearchAnonymizer.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [fsc-reg] C:\ProgramData\fsc-reg\fscreg.exe 20100319
O4 - HKCU\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" /systray /nologon
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [ICQ] "C:\Program Files\ICQ7.0\ICQ.exe" silent loginmode=4
O4 - HKCU\..\Run: [userinit] C:\Users\Bilz\AppData\Roaming\sdra64.exe
O4 - HKCU\..\Run: [hsa8ffushf83hoigjhs98jgijg9sd8e] C:\Users\Bilz\AppData\Local\temp\ugvdstn.exe
O4 - HKCU\..\Run: [hsf87efjhdsf87f3jfsdi7fhsujfd] C:\Users\Bilz\AppData\Local\temp\nvsvc32.exe
O4 - Startup: ICQ-Tools.de Launcher.lnk = ?
O4 - Startup: OpenOffice.org 3.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O4 - Global Startup: McAfee Security Scan Plus.lnk = ?
O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: Save Flash - res://C:\Program Files\UnH Solutions\Flash Saving Plugin\FlashSButton.dll/210
O8 - Extra context menu item: Öffnen mit WordPerfect - c:\Program Files\WordPerfect Office X3\Programs\WPLauncher.hta
O9 - Extra button: (no name) - {0F7195C2-6713-4d93-A1BC-DA5FA33F0A65} - C:\Program Files\kikin\ie_kikin.dll
O9 - Extra 'Tools' menuitem: My kikin - {0F7195C2-6713-4d93-A1BC-DA5FA33F0A65} - C:\Program Files\kikin\ie_kikin.dll
O9 - Extra button: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files\ICQ7.0\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files\ICQ7.0\ICQ.exe
O9 - Extra button: Flash - {43CF38F3-5AEC-45a3-AD31-04EB06E9C6CA} - C:\Program Files\UnH Solutions\Flash Saving Plugin\FlashSButton.dll (HKCU)
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - hxxp://icq.oberon-media.com/Gameshell/GameHost/1.0/OberonGameHost.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVKProxy - G DATA Software AG - C:\Program Files\Common Files\G DATA\AVKProxy\AVKProxy.exe
O23 - Service: AVK Service (AVKService) - G DATA Software AG - C:\Programme\G DATA AntiVirenKit 2007 Trial\AVK\AVKService.exe
O23 - Service: AVK Wächter (AVKWCtl) - G DATA Software AG - C:\Programme\G DATA AntiVirenKit 2007 Trial\AVK\AVKWCtl.exe
O23 - Service: Bonjour-Dienst (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Browser Defender Update Service - Threat Expert Ltd. - C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: ICQ Service - Unknown owner - C:\Program Files\ICQ6Toolbar\ICQ Service.exe
O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Sony Ericsson OMSI download service (OMSI download service) - Unknown owner - C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe
O23 - Service: ProtexisLicensing - Unknown owner - c:\Windows\system32\PSIService.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: SearchAnonymizer - Unknown owner - C:\Users\Bilz\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: Fujitsu Siemens Computers Diagnostic Testhandler (TestHandler) - Fujitsu Siemens Computers - C:\firststeps\OnlineDiagnostic\TestManager\TestHandler.exe
O23 - Service: UPnPService - Magix AG - C:\Program Files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe

--
End of file - 10083 bytes

======Scheduled tasks folder======

C:\Windows\tasks\Norton Security Scan for Bilz.job
C:\Windows\tasks\User_Feed_Synchronization-{66C88B4D-1DE4-4FCE-B218-9D907BFD128D}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{000123B4-9B42-4900-B3F7-F4B073EFC214}]
Octh Class - C:\Program Files\Orbitdownloader\orbitcth.dll [2010-01-12 240912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-12-21 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2A0F3D1B-0909-4FF4-B272-609CCE6054E7}]
PC Tools Browser Guard BHO - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll [2010-01-22 567248]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
Ask Toolbar - C:\Program Files\Ask.com\GenericAskToolbar.dll [2010-02-04 1197448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-01-24 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E601996F-E400-41CA-804B-CD6373A7EEE2}]
kikin Plugin - C:\Program Files\kikin\ie_kikin.dll [2009-06-09 429280]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}]
DVDVideoSoft Toolbar - C:\Program Files\DVDVideoSoft\tbDVDV.dll [2009-11-09 2331672]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{855F3B16-6D32-4fe6-8A56-BBB695989046} - ICQToolBar - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll [2010-01-03 1019128]
{e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - DVDVideoSoft Toolbar - C:\Program Files\DVDVideoSoft\tbDVDV.dll [2009-11-09 2331672]
{C55BBCD6-41AD-48AD-9953-3609C48EACC7} - Grab Pro - C:\Program Files\Orbitdownloader\GrabPro.dll [2010-01-12 662720]
{D4027C7F-154A-4066-A1AD-4243D8127440} - Ask Toolbar - C:\Program Files\Ask.com\GenericAskToolbar.dll [2010-02-04 1197448]
{472734EA-242A-422B-ADF8-83D1E48CC825} - PC Tools Browser Guard - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll [2010-01-22 567248]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2007-11-02 1006264]
"RtHDVCpl"=C:\Windows\RtHDVCpl.exe [2007-07-06 4669440]
"AVKTray"=C:\Programme\G DATA AntiVirenKit 2007 Trial\AVKTray\AVKTray.exe [2007-04-02 1042256]
"QuickFinder Scheduler"=c:\Program Files\WordPerfect Office X3\Programs\QFSCHD130.EXE [2007-01-02 83568]
"recinfo464"=c:\RecInfo\RecInfo.exe [2007-10-23 2785280]
"NeroFilterCheck"=C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe [2007-03-01 153136]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2009-09-05 417792]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2009-09-21 305440]
"Ocs_SM"=C:\Users\Bilz\AppData\Roaming\OCS\SM\SearchAnonymizer.exe [2009-12-16 126976]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-12-22 35760]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2009-12-11 948672]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2010-01-24 149280]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2009-10-22 1232896]
"fsc-reg"=C:\ProgramData\fsc-reg\fscreg.exe [2007-11-08 533264]
"Sony Ericsson PC Suite"=C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe [2009-09-24 434176]
"ehTray.exe"=C:\Windows\ehome\ehTray.exe [2006-11-02 125440]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2006-11-02 201728]
"ICQ"=C:\Program Files\ICQ7.0\ICQ.exe [2010-02-11 133368]
"userinit"=C:\Users\Bilz\AppData\Roaming\sdra64.exe [2006-11-02 146432]
"hsa8ffushf83hoigjhs98jgijg9sd8e"=C:\Users\Bilz\AppData\Local\temp\ugvdstn.exe [2010-03-21 20001]
"hsf87efjhdsf87f3jfsdi7fhsujfd"=C:\Users\Bilz\AppData\Local\temp\nvsvc32.exe [2010-03-21 50004]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
McAfee Security Scan Plus.lnk - C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe

C:\Users\Bilz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
ICQ-Tools.de Launcher.lnk - C:\Users\Bilz\AppData\Roaming\Microsoft\Installer\{959214DF-C502-402A-A5A0-D8CE3EB74CDC}\_AA6D09703DA76FD7ACB5DC.exe
OpenOffice.org 3.1.lnk - C:\Program Files\OpenOffice.org 3\program\quickstart.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"= []

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files\Orbitdownloader\orbitdm.exe"="C:\Program Files\Orbitdownloader\orbitdm.exe:*:Enabled:Orbit"
"C:\Program Files\Orbitdownloader\orbitnet.exe"="C:\Program Files\Orbitdownloader\orbitnet.exe:*:Enabled:Orbit"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{02e824a5-adda-11de-a88f-806e6f6e6963}]
shell\AutoRun\command - E:\autoplay.exe


======List of files/folders created in the last 1 months======

2010-03-21 21:11:54 ----SHD---- C:\Users\Bilz\AppData\Roaming\lowsec
2010-03-20 13:30:03 ----SHD---- C:\$RECYCLE.BIN
2010-03-20 13:29:56 ----A---- C:\ComboFix.txt
2010-03-20 13:26:31 ----D---- C:\Windows\temp
2010-03-20 13:15:03 ----A---- C:\Windows\zip.exe
2010-03-20 13:15:03 ----A---- C:\Windows\SWXCACLS.exe
2010-03-20 13:15:03 ----A---- C:\Windows\SWSC.exe
2010-03-20 13:15:03 ----A---- C:\Windows\SWREG.exe
2010-03-20 13:15:03 ----A---- C:\Windows\sed.exe
2010-03-20 13:15:03 ----A---- C:\Windows\PEV.exe
2010-03-20 13:15:03 ----A---- C:\Windows\NIRCMD.exe
2010-03-20 13:15:03 ----A---- C:\Windows\MBR.exe
2010-03-20 13:15:03 ----A---- C:\Windows\grep.exe
2010-03-20 13:14:47 ----D---- C:\Windows\ERDNT
2010-03-20 13:14:46 ----D---- C:\cofi
2010-03-20 13:12:48 ----D---- C:\Qoobox
2010-03-17 20:42:46 ----D---- C:\games
2010-03-17 19:40:22 ----D---- C:\GAMIGO
2010-03-17 15:05:24 ----D---- C:\Program Files\trend micro
2010-03-17 15:05:23 ----D---- C:\rsit
2010-03-17 13:31:57 ----D---- C:\Users\Bilz\AppData\Roaming\Malwarebytes
2010-03-17 13:30:04 ----D---- C:\ProgramData\Malwarebytes
2010-03-17 13:28:54 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-03-16 16:54:02 ----D---- C:\Program Files\TrendMicro
2010-03-16 16:39:23 ----D---- C:\Program Files\CleanUp!
2010-03-16 16:04:05 ----A---- C:\Windows\SGDetectionTool.dll
2010-03-16 16:04:05 ----A---- C:\Windows\BDTSupport.dll.old
2010-03-16 16:04:05 ----A---- C:\Windows\BDTSupport.dll
2010-03-16 16:04:04 ----A---- C:\Windows\PCTBDRes.dll
2010-03-16 16:04:04 ----A---- C:\Windows\PCTBDCore.dll.old
2010-03-16 16:04:04 ----A---- C:\Windows\PCTBDCore.dll
2010-03-16 15:06:36 ----D---- C:\Users\Bilz\AppData\Roaming\PC Tools
2010-03-16 15:06:36 ----D---- C:\ProgramData\PC Tools
2010-03-16 15:06:36 ----D---- C:\Program Files\Spyware Doctor
2010-03-16 15:06:36 ----D---- C:\Program Files\Common Files\PC Tools
2010-03-16 15:06:30 ----AD---- C:\ProgramData\TEMP
2010-03-11 15:38:13 ----A---- C:\Windows\system32\nshhttp.dll
2010-03-11 15:38:05 ----A---- C:\Windows\system32\httpapi.dll
2010-03-06 19:17:11 ----A---- C:\Users\Bilz\AppData\Roaming\bkctl.dll
2010-03-02 17:26:19 ----D---- C:\Program Files\Mixxx
2010-02-27 16:15:37 ----D---- C:\ProgramData\McAfee Security Scan
2010-02-27 16:15:37 ----D---- C:\ProgramData\McAfee
2010-02-27 16:15:35 ----D---- C:\Program Files\McAfee Security Scan
2010-02-24 16:27:58 ----D---- C:\Program Files\Common Files\Blizzard Entertainment
2010-02-24 15:43:51 ----A---- C:\Windows\system32\secproc_isv.dll
2010-02-24 15:43:51 ----A---- C:\Windows\system32\secproc.dll
2010-02-24 15:43:50 ----A---- C:\Windows\system32\RMActivate_ssp_isv.exe
2010-02-24 15:43:50 ----A---- C:\Windows\system32\RMActivate_ssp.exe
2010-02-24 15:43:50 ----A---- C:\Windows\system32\RMActivate_isv.exe
2010-02-24 15:43:50 ----A---- C:\Windows\system32\RMActivate.exe
2010-02-24 15:43:49 ----A---- C:\Windows\system32\secproc_ssp_isv.dll
2010-02-24 15:43:49 ----A---- C:\Windows\system32\secproc_ssp.dll
2010-02-24 15:43:49 ----A---- C:\Windows\system32\msdrm.dll
2010-02-24 14:45:20 ----A---- C:\Windows\system32\tzres.dll

======List of files/folders modified in the last 1 months======

2010-03-23 14:17:20 ----D---- C:\Windows\Prefetch
2010-03-23 14:14:16 ----D---- C:\ProgramData\NVIDIA
2010-03-22 22:03:33 ----D---- C:\Users\Bilz\AppData\Roaming\ICQ
2010-03-21 21:16:40 ----D---- C:\Program Files\Warcraft III
2010-03-21 21:12:46 ----D---- C:\Windows\system32\drivers
2010-03-21 20:50:21 ----D---- C:\Windows\Help
2010-03-21 15:06:00 ----SHD---- C:\System Volume Information
2010-03-20 22:49:01 ----D---- C:\Windows\system32\NDF
2010-03-20 22:46:07 ----D---- C:\Windows\Minidump
2010-03-20 22:46:07 ----D---- C:\Windows
2010-03-20 16:51:55 ----D---- C:\Program Files\TmNationsForever
2010-03-20 13:27:01 ----A---- C:\Windows\system.ini
2010-03-20 13:25:32 ----D---- C:\Windows\System32
2010-03-20 13:25:30 ----D---- C:\ProgramData
2010-03-20 13:21:46 ----D---- C:\Windows\AppPatch
2010-03-20 13:21:45 ----D---- C:\Program Files\Common Files
2010-03-17 19:40:22 ----HD---- C:\Program Files\InstallShield Installation Information
2010-03-17 19:27:51 ----D---- C:\Windows\system32\catroot2
2010-03-17 15:05:24 ----RD---- C:\Program Files
2010-03-16 16:54:04 ----SHD---- C:\Windows\Installer
2010-03-16 15:07:11 ----D---- C:\Windows\winsxs
2010-03-16 14:54:02 ----A---- C:\Windows\system32\PerfStringBackup.INI
2010-03-16 14:54:01 ----D---- C:\Windows\inf
2010-03-12 17:02:20 ----D---- C:\Program Files\Mozilla Firefox
2010-03-11 17:08:54 ----D---- C:\Windows\system32\catroot
2010-03-11 17:06:23 ----D---- C:\Program Files\Movie Maker
2010-03-11 17:06:22 ----D---- C:\Program Files\Windows Mail
2010-03-10 19:40:11 ----D---- C:\Users\Bilz\AppData\Roaming\vlc
2010-03-10 18:02:13 ----D---- C:\Program Files\Common Files\Symantec Shared
2010-03-10 15:13:15 ----D---- C:\Program Files\ICQ7.0
2010-03-05 17:59:07 ----D---- C:\ProgramData\TmForever
2010-03-04 18:02:48 ----D---- C:\Program Files\American Conquest - Fight Back
2010-03-04 14:34:47 ----D---- C:\Users\Bilz\AppData\Roaming\dvdcss
2010-03-02 17:09:23 ----SD---- C:\Users\Bilz\AppData\Roaming\Microsoft
2010-03-02 16:50:17 ----D---- C:\Windows\system32\Macromed
2010-02-27 16:15:53 ----SD---- C:\Windows\Downloaded Program Files
2010-02-27 14:44:23 ----D---- C:\ProgramData\Adobe
2010-02-25 19:52:51 ----D---- C:\Windows\rescache
2010-02-25 18:29:19 ----RSD---- C:\Windows\Fonts
2010-02-25 18:29:19 ----D---- C:\Windows\system32\de-DE
2010-02-24 10:16:06 ----N---- C:\Windows\system32\MpSigStub.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 GDTdiInterceptor;GDTdiInterceptor; \??\C:\Windows\system32\drivers\GDTdiIcpt.sys [2007-11-19 39120]
R3 FETNDIS;VIA Rhine-Familie--Fast-Ethernet-Adaptertreiberdienst; C:\Windows\system32\DRIVERS\fetnd5.sys [2006-11-02 45568]
R3 GDMnIcpt;GDMnIcpt; \??\C:\Windows\system32\drivers\MiniIcpt.sys [2007-11-19 47312]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys [2009-05-18 26600]
R3 HookCentre;HookCentre; \??\C:\Windows\system32\drivers\HookCentre.sys [2007-11-19 32464]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2007-07-18 1841312]
R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2009-09-27 9509832]
R3 RTL8023xp;NDIS-x86-Treiber für Realtek 10/100-Netzwerkkartenfamilie; C:\Windows\system32\DRIVERS\Rtnicxp.sys [2006-11-02 47104]
R3 seehcri;Sony Ericsson seehcri Device Driver; C:\Windows\system32\DRIVERS\seehcri.sys [2008-01-09 27632]
R3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2007-11-03 82688]
S3 catchme;catchme; \??\C:\Users\Bilz\AppData\Local\Temp\catchme.sys []
S3 drmkaud;Microsoft Kernel-DRM-Audioentschlüsselung; C:\Windows\system32\drivers\drmkaud.sys [2006-11-02 5632]
S3 FET5X86V;VIA Rhine-Family Fast-Ethernet Adapter Driver Service; C:\Windows\system32\DRIVERS\fetnd5bv.sys [2007-04-17 42496]
S3 HdAudAddService;Microsoft 1.1 UAA-Funktionstreiber für High Definition Audio-Dienst; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2006-11-02 8192]
S3 MSPCLOCK;Microsoft Proxy für Streaming Clock; C:\Windows\system32\drivers\MSPCLOCK.sys [2006-11-02 5888]
S3 MSPQM;Microsoft Proxy für Streaming Quality Manager; C:\Windows\system32\drivers\MSPQM.sys [2006-11-02 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink-Konvertierung; C:\Windows\system32\drivers\MSTEE.sys [2006-11-02 6016]
S3 USBAAPL;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl.sys [2009-08-28 40448]
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2006-11-02 39936]
S4 iaStor;Intel RAID Controller; C:\Windows\system32\drivers\iastor.sys [2007-07-12 305176]
S4 JRAID;JRAID; C:\Windows\system32\drivers\jraid.sys [2007-06-13 48256]
S4 nvrd32;NVIDIA nForce RAID Driver; C:\Windows\system32\drivers\nvrd32.sys [2007-07-02 131616]
S4 nvstor32;nvstor32; C:\Windows\system32\drivers\nvstor32.sys [2007-07-02 110112]
S4 viamraid;viamraid; C:\Windows\system32\drivers\viamraid.sys [2006-11-08 102912]
S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\drivers\wmiacpi.sys [2007-11-03 11264]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-08-28 144672]
R2 AVKProxy;AVKProxy; C:\Program Files\Common Files\G DATA\AVKProxy\AVKProxy.exe [2007-05-03 649040]
R2 AVKService;AVK Service; C:\Programme\G DATA AntiVirenKit 2007 Trial\AVK\AVKService.exe [2007-04-02 407376]
R2 AVKWCtl;AVK Wächter; C:\Programme\G DATA AntiVirenKit 2007 Trial\AVK\AVKWCtl.exe [2007-04-02 1103696]
R2 Bonjour Service;Bonjour-Dienst; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
R2 Browser Defender Update Service;Browser Defender Update Service; C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe [2010-01-22 112592]
R2 ICQ Service;ICQ Service; C:\Program Files\ICQ6Toolbar\ICQ Service.exe [2010-01-03 246520]
R2 Nero BackItUp Scheduler 3;Nero BackItUp Scheduler 3; C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe [2007-08-08 836904]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2009-09-27 215656]
R2 OMSI download service;Sony Ericsson OMSI download service; C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe [2009-04-30 90112]
R2 ProtexisLicensing;ProtexisLicensing; c:\Windows\system32\PSIService.exe [2006-11-02 174656]
R2 SearchAnonymizer;SearchAnonymizer; C:\Users\Bilz\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe [2009-12-16 40960]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service; C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2009-09-27 240232]
R2 TestHandler;Fujitsu Siemens Computers Diagnostic Testhandler; C:\firststeps\OnlineDiagnostic\TestManager\TestHandler.exe [2006-12-08 204800]
R3 iPod Service;iPod-Dienst; C:\Program Files\iPod\bin\iPodService.exe [2009-09-21 545568]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance; C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe [2005-11-17 1548380]
S3 McComponentHostService;McAfee Security Scan Component Host Service; C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
S3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe [2007-08-16 382248]
S3 sdAuxService;PC Tools Auxiliary Service; C:\Program Files\Spyware Doctor\pctsAuxs.exe [2009-12-09 365280]
S3 sdCoreService;PC Tools Security Service; C:\Program Files\Spyware Doctor\pctsSvc.exe [2010-01-18 1141712]
S3 UPnPService;UPnPService; C:\Program Files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe [2006-12-14 565248]

-----------------EOF-----------------

cosinus 24.03.2010 10:27
Bitte mal den Avenger anwenden:

1.) Lade Dir von hier Avenger:
Swandog46's Public Anti-Malware Tools (Download, linksseitig)

2.) Entpack das zip-Archiv, führe die Datei "avenger.exe" aus (unter Vista per Rechtsklick => als Administrator ausführen). Die Haken unten wie abgebildet setzen:

http://mitglied.lycos.de/efunction/tb123/avenger.png

3.) Kopiere Dir exakt die Zeilen aus dem folgenden Code-Feld:
Code:
files to delete:
C:\Users\Bilz\AppData\Local\temp\ugvdstn.exe
C:\Users\Bilz\AppData\Local\temp\nvsvc32.exe
C:\Users\Bilz\AppData\Roaming\sdra64.exe
4.) Geh in "The Avenger" nun oben auf "Load Script", dort auf "Paste from Clipboard".

5.) Der Code-Text hier aus meinem Beitrag müsste nun unter "Input Script here" in "The Avenger" zu sehen sein.

6.) Falls dem so ist, klick unten rechts auf "Execute". Bestätige die nächste Abfrage mit "Ja", die Frage zu "Reboot now" (Neustart des Systems) ebenso.

7.) Nach dem Neustart erhältst Du ein LogFile von Avenger eingeblendet. Kopiere dessen Inhalt und poste ihn hier.

8.) Die Datei c:\avenger\backup.zip bei file-upload.net hochladen und hier verlinken

Plukas 24.03.2010 14:11
Logfile of The Avenger Version 2.0, (c) by Swandog46
hxxp://swandog46.geekstogo.com

Platform: Windows Vista

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!

File "C:\Users\Bilz\AppData\Local\temp\ugvdstn.exe" deleted successfully.
File "C:\Users\Bilz\AppData\Local\temp\nvsvc32.exe" deleted successfully.
File "C:\Users\Bilz\AppData\Roaming\sdra64.exe" deleted successfully.

Completed script processing.

*******************

Finished! Terminate.


hxxp://www.file-upload.net/download-2374595/backup.zip.html

cosinus 24.03.2010 14:36
Sieht ok aus. Mach bitte Kontrollscans mit Malwarebytes und SASW und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!

Plukas 24.03.2010 18:15
SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com

Generated 03/24/2010 at 05:37 PM

Application Version : 4.34.1000

Core Rules Database Version : 4723
Trace Rules Database Version: 2535

Scan type : Complete Scan
Total Scan Time : 01:44:08

Memory items scanned : 711
Memory threats detected : 0
Registry items scanned : 6739
Registry threats detected : 2
File items scanned : 157338
File threats detected : 16

Adware.Tracking Cookie
C:\Users\Bilz\AppData\Roaming\Microsoft\Windows\Cookies\bilz@atwola[2].txt
C:\Users\Bilz\AppData\Roaming\Microsoft\Windows\Cookies\bilz@serving-sys[2].txt
C:\Users\Bilz\AppData\Roaming\Microsoft\Windows\Cookies\bilz@content.yieldmanager[3].txt
C:\Users\Bilz\AppData\Roaming\Microsoft\Windows\Cookies\bilz@ad.yieldmanager[2].txt
C:\Users\Bilz\AppData\Roaming\Microsoft\Windows\Cookies\bilz@ar.atwola[2].txt
C:\Users\Bilz\AppData\Roaming\Microsoft\Windows\Cookies\bilz@bs.serving-sys[1].txt
C:\Users\Bilz\AppData\Roaming\Microsoft\Windows\Cookies\bilz@content.yieldmanager[2].txt
C:\Users\Bilz\AppData\Roaming\Microsoft\Windows\Cookies\bilz@doubleclick[2].txt

Unclassified.Unknown Origin
HKU\S-1-5-21-1742380514-2152415404-2404969845-1000\Software\Microsoft\Windows\CurrentVersion\Run#userinit [ C:\Users\Bilz\AppData\Roaming\sdra64.exe ]

Rogue.ProtectionSystem
HKU\S-1-5-21-1742380514-2152415404-2404969845-1000\Software\Protection System
C:\USERS\PUBLIC\PROTECTION SYSTEM\PSYSTEM.EXE

Trojan.Agent/Gen-Backdoor[FakeAlert]
C:\USERS\BILZ\APPDATA\LOCAL\TEMP\DEBUG.EXE
C:\USERS\BILZ\APPDATA\LOCAL\TEMP\TASKMGR.EXE
C:\USERS\BILZ\APPDATA\LOCAL\TEMP\WIN.EXE

Trojan.Agent/Gen-FakeAV
C:\USERS\BILZ\APPDATA\LOCAL\TEMP\VRTE5F2.TMP

Trojan.Agent/Gen-Virut
C:\USERS\BILZ\APPDATA\LOCAL\WINDOWS SERVER\MLMLJJ.DLL

Trojan.Agent/Gen-RogueDropper[ProtectionSystem]
C:\USERS\PUBLIC\PROTECTION SYSTEM\SC.EXE

Trojan.Agent/Gen
C:\WINDOWS\SYSTEM32\DRIVERS\BPZNJKCS.SYS

Malwarebytes hab ich ja eig. erst vor 3 Tagen gemacht. Muss ich noch einen machen, da hat sich ja eigentlich nichts geändert oder?

cosinus 25.03.2010 13:00
Bitte die Funde entfernen. Und ja, Malwarebytes auch machen, oder meinst ich schreib das wenn Du das nicht machen sollst?

Plukas 30.03.2010 11:23
Also es wird immer schlimmer. Der Computer wird immer langsamer und es kommen alle 5 Sekunden verschieden Fehlermeldungen dass irgenwelche Programme nicht mehr laufen. Der Internet-Explorer öffnet sich dauernd von allein mit irgendwelchen Gewinnspielseiten und vorhin als ich den PC gestartet hab waren irgendwelche Shortcuts zu Pornoseiten auf meinem Desktop.
Hab gestern den SuperAntiSpyware-Scan gemacht und alles gefundene gelöscht. Zur Sicherheit hab ich heut noch einen gemacht und es wurden 100 Bedrohungen gefunden, die ich wieder gelöscht habe. Gleich danach noch einen und wieder 50 Neue. Das kann doch nicht sein oder? Gibt es irgendeine Chance das noch alles zu retten?
Das Problem ist, dass ich Windows Vista habe und zu blöd war die Recovery gleich zu machen. Und jetzt hab ich auf der Recovery auch nen Virus.
Gibts vielleicht noch eine Möglichkeit Windows neuzuinstallieren?

cosinus 30.03.2010 11:25
Warum postest Du die Logs nicht? Wie soll ich mich denn dazu äußern wenn ich nicht weiß was überhaupt gefunden wurde? :confused:

Zitat:
Gibts vielleicht noch eine Möglichkeit Windows neuzuinstallieren?
Recovery-Medien beim Hersteller ordern oder ne Vista Home DVD von einem Bekannten leihen und bei der Installation Deinen Schlüssel verwenden!

Plukas 30.03.2010 11:35
Ja ich frag nur ob es überhaupt einen Sinn hat wenn dauernd so viele neue Viren dazu kommen.

Ja also ich wollte vorhin einen Scan machen und da ist der PC abgestürzt, deswegen hab ich ihn jetzt nicht ganz durchlaufen lassen. Ich versuch aber später nochmal einen kompletten.

Hier der 1.:

SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com

Generated 03/30/2010 at 12:04 PM

Application Version : 4.34.1000

Core Rules Database Version : 4748
Trace Rules Database Version: 2555

Scan type : Complete Scan
Total Scan Time : 00:04:59

Memory items scanned : 686
Memory threats detected : 10
Registry items scanned : 6826
Registry threats detected : 78
File items scanned : 381
File threats detected : 27

Trojan.Dropper/Sys-NV
C:\WINDOWS\SYSTEM32\APP_DLL.DLL
C:\WINDOWS\SYSTEM32\APP_DLL.DLL

Adware.Vundo/Variant-MSE
C:\WINDOWS\TEMP\MSBYYLFY.DLL
C:\WINDOWS\TEMP\MSBYYLFY.DLL
[owjngz] C:\WINDOWS\TEMP\MSBYYLFY.DLL
[owjngz] C:\WINDOWS\TEMP\MSBYYLFY.DLL

Trojan.Smitfraud Variant-Gen/Bensorty
C:\WINDOWS\SYSTEM32\QIOVVKD.DLL
C:\WINDOWS\SYSTEM32\QIOVVKD.DLL
HKLM\Software\Classes\CLSID\{A9BA40A1-74F1-52BD-F434-00B15A2C8953}
HKCR\CLSID\{A9BA40A1-74F1-52BD-F434-00B15A2C8953}
HKCR\CLSID\{A9BA40A1-74F1-52BD-F434-00B15A2C8953}
HKCR\CLSID\{A9BA40A1-74F1-52BD-F434-00B15A2C8953}#ThreadingModel
HKCR\CLSID\{A9BA40A1-74F1-52BD-F434-00B15A2C8953}\InProcServer32
HKCR\CLSID\{A9BA40A1-74F1-52BD-F434-00B15A2C8953}\InProcServer32#ThreadingModel
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A9BA40A1-74F1-52BD-F434-00B15A2C8953}
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler#{A9BA40A1-74F1-52BD-F434-00B15A2C8953}
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A9BA40A1-74F1-52BD-F434-00B15A2C8953}
HKU\S-1-5-21-1742380514-2152415404-2404969845-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A9BA40A1-74F1-52BD-F434-00B15A2C8953}
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A9BA40A1-74F1-52BD-F434-00B15A2C8953}

Trojan.Dropper/SVCHost-Fake
C:\WINDOWS\TEMP\SVCHOST.EXE
C:\WINDOWS\TEMP\SVCHOST.EXE

Trojan.Agent/Gen-FakeAV
C:\WINDOWS\TEMP\VRTB1FB.TMP
C:\WINDOWS\TEMP\VRTB1FB.TMP
HKLM\System\ControlSet001\Services\Appinfo
C:\WINDOWS\TEMP\VRT790F.TMP
HKLM\System\ControlSet001\Enum\Root\LEGACY_Appinfo
HKLM\System\ControlSet001\Services\Browser Defender Update Service
C:\WINDOWS\TEMP\VRT75BA.TMP
HKLM\System\ControlSet001\Enum\Root\LEGACY_Browser Defender Update Service
HKLM\System\ControlSet001\Services\darkness
C:\WINDOWS\TEMP\VRT3A46.TMP
HKLM\System\ControlSet001\Enum\Root\LEGACY_darkness
HKLM\System\ControlSet001\Services\NMIndexingService
C:\WINDOWS\TEMP\VRTFC72.TMP
HKLM\System\ControlSet001\Enum\Root\LEGACY_NMIndexingService
HKLM\System\ControlSet001\Services\SCPolicySvc
C:\WINDOWS\TEMP\VRT219D.TMP
HKLM\System\ControlSet001\Enum\Root\LEGACY_SCPolicySvc
HKLM\System\ControlSet001\Services\sdAuxService
C:\PROGRAM FILES\SPYWARE DOCTOR\PCTSAUXS.EXE
HKLM\System\ControlSet001\Enum\Root\LEGACY_sdAuxService
HKLM\System\ControlSet001\Services\sdCoreService
C:\PROGRAM FILES\SPYWARE DOCTOR\PCTSSVC.EXE
HKLM\System\ControlSet001\Enum\Root\LEGACY_sdCoreService
HKLM\System\ControlSet003\Services\Appinfo
HKLM\System\ControlSet003\Enum\Root\LEGACY_Appinfo
HKLM\System\ControlSet003\Services\Browser Defender Update Service
HKLM\System\ControlSet003\Enum\Root\LEGACY_Browser Defender Update Service
HKLM\System\ControlSet003\Services\darkness
HKLM\System\ControlSet003\Enum\Root\LEGACY_darkness
HKLM\System\ControlSet003\Services\NMIndexingService
HKLM\System\ControlSet003\Enum\Root\LEGACY_NMIndexingService
HKLM\System\ControlSet003\Services\SCPolicySvc
HKLM\System\ControlSet003\Enum\Root\LEGACY_SCPolicySvc
HKLM\System\CurrentControlSet\Services\AeLookupSvc
HKLM\System\CurrentControlSet\Enum\Root\LEGACY_AeLookupSvc
HKLM\System\CurrentControlSet\Services\Appinfo
HKLM\System\CurrentControlSet\Enum\Root\LEGACY_Appinfo
HKLM\System\CurrentControlSet\Services\Browser Defender Update Service
HKLM\System\CurrentControlSet\Enum\Root\LEGACY_Browser Defender Update Service
HKLM\System\CurrentControlSet\Services\darkness
HKLM\System\CurrentControlSet\Enum\Root\LEGACY_darkness
HKLM\System\CurrentControlSet\Services\NMIndexingService
HKLM\System\CurrentControlSet\Enum\Root\LEGACY_NMIndexingService
HKLM\System\CurrentControlSet\Services\SCPolicySvc
HKLM\System\CurrentControlSet\Enum\Root\LEGACY_SCPolicySvc
HKLM\system\controlset001\services\AeLookupSvc

Trojan.Agent/Gen-Reader_S
C:\WINDOWS\SYSTEM32\READER_S.EXE
C:\WINDOWS\SYSTEM32\READER_S.EXE
[reader_s] C:\WINDOWS\SYSTEM32\READER_S.EXE
[reader_s] C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\READER_S.EXE
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\READER_S.EXE
[reader_s] C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\READER_S.EXE
HKLM\Software\Microsoft\Windows\CurrentVersion\Run#reader_s [ C:\Windows\System32\reader_s.exe ]

Adware.Vundo Variant
C:\WINDOWS\SYSTEM32\BTWSVC.DLL
C:\WINDOWS\SYSTEM32\BTWSVC.DLL
C:\WINDOWS\SYSTEM32\MSXSLTSSO.DLL
C:\WINDOWS\SYSTEM32\MSXSLTSSO.DLL
HKLM\Software\Classes\CLSID\{3293F7F8-2041-4A6D-A0F2-933C3B025148}
HKCR\CLSID\{3293F7F8-2041-4A6D-A0F2-933C3B025148}
HKCR\CLSID\{3293F7F8-2041-4A6D-A0F2-933C3B025148}\InProcServer32
HKLM\Software\Classes\CLSID\{81C684AE-3F46-4418-B44D-027F510CD6CC}
HKCR\CLSID\{81C684AE-3F46-4418-B44D-027F510CD6CC}
HKCR\CLSID\{81C684AE-3F46-4418-B44D-027F510CD6CC}\InProcServer32
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad#GootkitSSO

Trojan.Agent/Gen-Virut[WinLogo]
C:\WINDOWS\SYSTEM32\GROUPPOLICY\USER\SCRIPTS\LOGON\WINLOGO.EXE
C:\WINDOWS\SYSTEM32\GROUPPOLICY\USER\SCRIPTS\LOGON\WINLOGO.EXE

Trojan.Agent/Gen-FakeRas
C:\PROGRAM FILES\INTERNET EXPLORER\RASADHLP.DLL
C:\PROGRAM FILES\INTERNET EXPLORER\RASADHLP.DLL

Trojan.Agent/Gen
[hsa8ffushf83hoigjhs98jgijg9sd8e] C:\WINDOWS\TEMP\ES5TVT339O.EXE
C:\WINDOWS\TEMP\ES5TVT339O.EXE
[hsa8ffushf83hoigjhs98jgijg9sd8e] C:\WINDOWS\TEMP\ES5TVT339O.EXE
HKLM\Software\AGProtect
C:\Windows\system32\lowsec\local.ds
C:\Windows\system32\lowsec\user.ds
C:\Windows\system32\lowsec

Trojan.Agent/Gen-SSHNas[FakeAlert]
[Canaveral] C:\WINDOWS\SYSTEM32\SSHNAS21.DLL
C:\WINDOWS\SYSTEM32\SSHNAS21.DLL
[Canaveral] C:\WINDOWS\SYSTEM32\SSHNAS21.DLL

Trojan.Dropper/Win-NV
[hsf87efjhdsf87f3jfsdi7fhsujfd] C:\WINDOWS\TEMP\SPOOLSV.EXE
C:\WINDOWS\TEMP\SPOOLSV.EXE
[hsf87efjhdsf87f3jfsdi7fhsujfd] C:\WINDOWS\TEMP\SPOOLSV.EXE

Adware.Tracking Cookie
C:\Users\Bilz\AppData\Roaming\Microsoft\Windows\Cookies\bilz@msnaccountservices.112.2o7[1].txt
C:\Users\Bilz\AppData\Roaming\Microsoft\Windows\Cookies\bilz@atdmt[1].txt

Unclassified.Unknown Origin
HKU\S-1-5-21-1742380514-2152415404-2404969845-1000\Software\Microsoft\Windows\CurrentVersion\Run#userinit [ C:\Users\Bilz\AppData\Roaming\msypub32.exe ]

Rogue.ProtectionSystem
HKU\S-1-5-21-1742380514-2152415404-2404969845-1000\Software\Protection System
C:\Program Files\Protection System

Trojan.Agent/Gen-RefPron
HKLM\SYSTEM\CurrentControlSet\Services\BtwSvc
HKLM\SYSTEM\CurrentControlSet\Services\BtwSvc#Type
HKLM\SYSTEM\CurrentControlSet\Services\BtwSvc#Start
HKLM\SYSTEM\CurrentControlSet\Services\BtwSvc#ErrorControl
HKLM\SYSTEM\CurrentControlSet\Services\BtwSvc#ImagePath
HKLM\SYSTEM\CurrentControlSet\Services\BtwSvc#ObjectName
HKLM\SYSTEM\CurrentControlSet\Services\BtwSvc#DisplayName
HKLM\SYSTEM\CurrentControlSet\Services\BtwSvc\Parameters


Und der hier war 10 min danach:

hxxp://www.superantispyware.com

Generated 03/30/2010 at 12:13 PM

Application Version : 4.34.1000

Core Rules Database Version : 4748
Trace Rules Database Version: 2555

Scan type : Complete Scan
Total Scan Time : 00:04:47

Memory items scanned : 650
Memory threats detected : 10
Registry items scanned : 6789
Registry threats detected : 26
File items scanned : 177
File threats detected : 11

Adware.Vundo/Variant-MSE
C:\WINDOWS\TEMP\MSBYYLFY.DLL
C:\WINDOWS\TEMP\MSBYYLFY.DLL
[owjngz] C:\WINDOWS\TEMP\MSBYYLFY.DLL
[owjngz] C:\WINDOWS\TEMP\MSBYYLFY.DLL

Trojan.Smitfraud Variant-Gen/Bensorty
C:\WINDOWS\SYSTEM32\OA8BOD.DLL
C:\WINDOWS\SYSTEM32\OA8BOD.DLL
HKLM\Software\Classes\CLSID\{A9BA40A1-74F1-52BD-F434-00B15A2C8953}
HKCR\CLSID\{A9BA40A1-74F1-52BD-F434-00B15A2C8953}
HKCR\CLSID\{A9BA40A1-74F1-52BD-F434-00B15A2C8953}
HKCR\CLSID\{A9BA40A1-74F1-52BD-F434-00B15A2C8953}#ThreadingModel
HKCR\CLSID\{A9BA40A1-74F1-52BD-F434-00B15A2C8953}\InProcServer32
HKCR\CLSID\{A9BA40A1-74F1-52BD-F434-00B15A2C8953}\InProcServer32#ThreadingModel
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A9BA40A1-74F1-52BD-F434-00B15A2C8953}
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler#{A9BA40A1-74F1-52BD-F434-00B15A2C8953}
HKU\S-1-5-21-1742380514-2152415404-2404969845-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A9BA40A1-74F1-52BD-F434-00B15A2C8953}

Adware.Vundo Variant
C:\WINDOWS\SYSTEM32\BTWSVC.DLL
C:\WINDOWS\SYSTEM32\BTWSVC.DLL

Trojan.Agent/Gen-Reader_S
C:\WINDOWS\SYSTEM32\READER_S.EXE
C:\WINDOWS\SYSTEM32\READER_S.EXE
[reader_s] C:\WINDOWS\SYSTEM32\READER_S.EXE
[reader_s] C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\READER_S.EXE
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\READER_S.EXE
[reader_s] C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\READER_S.EXE
HKLM\Software\Microsoft\Windows\CurrentVersion\Run#reader_s [ C:\Windows\System32\reader_s.exe ]

Trojan.Agent/Gen-Virut[WinLogo]
C:\WINDOWS\SYSTEM32\GROUPPOLICY\USER\SCRIPTS\LOGON\WINLOGO.EXE
C:\WINDOWS\SYSTEM32\GROUPPOLICY\USER\SCRIPTS\LOGON\WINLOGO.EXE

Trojan.Agent/Gen
C:\WINDOWS\TEMP\ZYRXKLBCKK.EXE
C:\WINDOWS\TEMP\ZYRXKLBCKK.EXE
[hsa8ffushf83hoigjhs98jgijg9sd8e] C:\WINDOWS\TEMP\ZYRXKLBCKK.EXE
[hsa8ffushf83hoigjhs98jgijg9sd8e] C:\WINDOWS\TEMP\ZYRXKLBCKK.EXE

Trojan.Dropper/Gen-NV
C:\WINDOWS\TEMP\AVP32.EXE
C:\WINDOWS\TEMP\AVP32.EXE

Trojan.Agent/Gen-Backdoor[FakeAlert]
C:\WINDOWS\TEMP\LOGIN.EXE
C:\WINDOWS\TEMP\LOGIN.EXE
C:\WINDOWS\TEMP\WINAMP.EXE
C:\WINDOWS\TEMP\WINAMP.EXE
C:\WINDOWS\TEMP\TASKMGR.EXE
C:\WINDOWS\TEMP\TASKMGR.EXE
[hsf87efjhdsf87f3jfsdi7fhsujfd] C:\WINDOWS\TEMP\TASKMGR.EXE
[hsf87efjhdsf87f3jfsdi7fhsujfd] C:\WINDOWS\TEMP\TASKMGR.EXE

Trojan.Agent/Gen-RefPron
HKLM\SYSTEM\CurrentControlSet\Services\BtwSvc
HKLM\SYSTEM\CurrentControlSet\Services\BtwSvc#Type
HKLM\SYSTEM\CurrentControlSet\Services\BtwSvc#Start
HKLM\SYSTEM\CurrentControlSet\Services\BtwSvc#ErrorControl
HKLM\SYSTEM\CurrentControlSet\Services\BtwSvc#ImagePath
HKLM\SYSTEM\CurrentControlSet\Services\BtwSvc#ObjectName
HKLM\SYSTEM\CurrentControlSet\Services\BtwSvc\Parameters


Hab bei beiden jeweils die Funde löschen lassen.
Hoffe das hilft irgendwas:confused:

cosinus 30.03.2010 11:51
Wahrscheinlich nicht. Du hast da wohl noch ein Rootkit drin, den ich bisher nicht gesehen habe. Das würde erklären, warum die Einträge immer wieder erscheinen, trotz Löschung mit SASW - mach mal bitte ein Log mit OSAM und poste es.

Plukas 30.03.2010 12:39
Kenne leider keinen mit einer Vista-CD, aber das mit den vielen Viren ist erst in letzter Zeit so. Ich könnte es ja mit meiner Recovery versuchen und dann versuchen den einen Virus wegzubekommen.

Also hier das Logfile:

Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 13:37:28 on 30.03.2010

OS: Windows Vista (Build 6000), 32-bit
Default Browser: Mozilla Corporation Firefox 3.6.2

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[AppInit DLLs]
-----( HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows )-----
"AppInit_DLLs" - ? - app_dll.dll (File not found)

[Common]
-----( %SystemRoot%\Tasks )-----
"At1.job" - "Microsoft Corporation" - c:\program files\internet explorer\wmpscfgs.exe
"At10.job" - "Microsoft Corporation" - c:\program files\internet explorer\wmpscfgs.exe
"At11.job" - "Microsoft Corporation" - c:\program files\internet explorer\wmpscfgs.exe
"At12.job" - "Microsoft Corporation" - c:\program files\internet explorer\wmpscfgs.exe
"At13.job" - "Microsoft Corporation" - c:\program files\internet explorer\wmpscfgs.exe
"At14.job" - "Microsoft Corporation" - c:\program files\internet explorer\wmpscfgs.exe
"At15.job" - "Microsoft Corporation" - c:\program files\internet explorer\wmpscfgs.exe
"At16.job" - "Microsoft Corporation" - c:\program files\internet explorer\wmpscfgs.exe
"At17.job" - "Microsoft Corporation" - c:\program files\internet explorer\wmpscfgs.exe
"At18.job" - "Microsoft Corporation" - c:\program files\internet explorer\wmpscfgs.exe
"At19.job" - "Microsoft Corporation" - c:\program files\internet explorer\wmpscfgs.exe
"At2.job" - "Microsoft Corporation" - c:\program files\internet explorer\wmpscfgs.exe
"At20.job" - "Microsoft Corporation" - c:\program files\internet explorer\wmpscfgs.exe
"At21.job" - "Microsoft Corporation" - c:\program files\internet explorer\wmpscfgs.exe
"At22.job" - "Microsoft Corporation" - c:\program files\internet explorer\wmpscfgs.exe
"At23.job" - "Microsoft Corporation" - c:\program files\internet explorer\wmpscfgs.exe
"At24.job" - "Microsoft Corporation" - c:\program files\internet explorer\wmpscfgs.exe
"At3.job" - "Microsoft Corporation" - c:\program files\internet explorer\wmpscfgs.exe
"At4.job" - "Microsoft Corporation" - c:\program files\internet explorer\wmpscfgs.exe
"At49.job" - ? - c:\program files\adobe\acrotray .exe (File found, but it contains no detailed information)
"At5.job" - "Microsoft Corporation" - c:\program files\internet explorer\wmpscfgs.exe
"At50.job" - ? - c:\program files\adobe\acrotray .exe (File found, but it contains no detailed information)
"At51.job" - ? - c:\program files\adobe\acrotray .exe (File found, but it contains no detailed information)
"At52.job" - ? - c:\program files\adobe\acrotray .exe (File found, but it contains no detailed information)
"At53.job" - ? - c:\program files\adobe\acrotray .exe (File found, but it contains no detailed information)
"At54.job" - ? - c:\program files\adobe\acrotray .exe (File found, but it contains no detailed information)
"At55.job" - ? - c:\program files\adobe\acrotray .exe (File found, but it contains no detailed information)
"At56.job" - ? - c:\program files\adobe\acrotray .exe (File found, but it contains no detailed information)
"At57.job" - ? - c:\program files\adobe\acrotray .exe (File found, but it contains no detailed information)
"At58.job" - ? - c:\program files\adobe\acrotray .exe (File found, but it contains no detailed information)
"At59.job" - ? - c:\program files\adobe\acrotray .exe (File found, but it contains no detailed information)
"At6.job" - "Microsoft Corporation" - c:\program files\internet explorer\wmpscfgs.exe
"At60.job" - ? - c:\program files\adobe\acrotray .exe (File found, but it contains no detailed information)
"At61.job" - ? - c:\program files\adobe\acrotray .exe (File found, but it contains no detailed information)
"At62.job" - ? - c:\program files\adobe\acrotray .exe (File found, but it contains no detailed information)
"At63.job" - ? - c:\program files\adobe\acrotray .exe (File found, but it contains no detailed information)
"At64.job" - ? - c:\program files\adobe\acrotray .exe (File found, but it contains no detailed information)
"At65.job" - ? - c:\program files\adobe\acrotray .exe (File found, but it contains no detailed information)
"At66.job" - ? - c:\program files\adobe\acrotray .exe (File found, but it contains no detailed information)
"At67.job" - ? - c:\program files\adobe\acrotray .exe (File found, but it contains no detailed information)
"At68.job" - ? - c:\program files\adobe\acrotray .exe (File found, but it contains no detailed information)
"At69.job" - ? - c:\program files\adobe\acrotray .exe (File found, but it contains no detailed information)
"At7.job" - "Microsoft Corporation" - c:\program files\internet explorer\wmpscfgs.exe
"At70.job" - ? - c:\program files\adobe\acrotray .exe (File found, but it contains no detailed information)
"At71.job" - ? - c:\program files\adobe\acrotray .exe (File found, but it contains no detailed information)
"At72.job" - ? - c:\program files\adobe\acrotray .exe (File found, but it contains no detailed information)
"At8.job" - "Microsoft Corporation" - c:\program files\internet explorer\wmpscfgs.exe
"At9.job" - "Microsoft Corporation" - c:\program files\internet explorer\wmpscfgs.exe
"Norton Security Scan for Bilz.job" - "Symantec Corporation" - C:\Program Files\Norton Security Scan\Engine\2.3.0.44\Nss.exe
"User_Feed_Synchronization-{66C88B4D-1DE4-4FCE-B218-9D907BFD128D}.job" - "Microsoft Corporation" - C:\Windows\system32\msfeedssync.exe
"{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job" - ? - C:\Windows\TEMP\Nkj.exe (File found, but it contains no detailed information)
"{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job" - "Microsoft Corporation" - C:\Windows\TEMP\Nkk.exe
-----( HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\AppCertDlls )-----
"AppSecDll" - ? - C:\Windows\system32\config\systemprofile\AppData\Local\Windows Server\gwwbli.dll (File found, but it contains no detailed information)

[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"bdeadmin.cpl" - "Borland Software Corporation" - C:\Windows\system32\bdeadmin.cpl
"nvcpl.cpl" - "NVIDIA Corporation" - C:\Windows\system32\nvcpl.cpl
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"Nero BurnRights" - "Nero AG" - C:\Program Files\Nero\Nero8\Nero Toolkit\NeroBurnRights.cpl
"QuickTime" - "Apple Inc." - C:\Program Files\QuickTime\QTSystem\QuickTime.cpl

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"bpznjkcs" (bpznjkcs) - ? - C:\Windows\system32\drivers\bpznjkcs.sys (Hidden registry entry, rootkit activity | File not found)
"catchme" (catchme) - ? - C:\Users\Bilz\AppData\Local\Temp\catchme.sys (File not found)
"enodpl" (enodpl) - ? - C:\Windows\System32\drivers\enodpl.sys (File found, but it contains no detailed information)
"GDMnIcpt" (GDMnIcpt) - "G DATA Software AG" - C:\Windows\system32\drivers\MiniIcpt.sys
"GDTdiInterceptor" (GDTdiInterceptor) - ? - C:\Windows\system32\drivers\GDTdiIcpt.sys
"HookCentre" (HookCentre) - "G DATA Software AG" - C:\Windows\system32\drivers\HookCentre.sys
"IP in IP Tunnel Driver" (IpInIp) - ? - C:\Windows\System32\DRIVERS\ipinip.sys (File not found)
"IPX Traffic Filter Driver" (NwlnkFlt) - ? - C:\Windows\System32\DRIVERS\nwlnkflt.sys (File not found)
"IPX Traffic Forwarder Driver" (NwlnkFwd) - ? - C:\Windows\System32\DRIVERS\nwlnkfwd.sys (File not found)
"PCTools KDS" (PCTCore) - "PC Tools" - C:\Windows\System32\drivers\PCTCore.sys
"SASDIFSV" (SASDIFSV) - "SUPERAdBlocker.com and SUPERAntiSpyware.com" - C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
"SASENUM" (SASENUM) - " SUPERAdBlocker.com and SUPERAntiSpyware.com" - C:\Program Files\SUPERAntiSpyware\SASENUM.SYS
"SASKUTIL" (SASKUTIL) - "SUPERAdBlocker.com and SUPERAntiSpyware.com" - C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
"tandpl" (tandpl) - ? - C:\Windows\System32\drivers\tandpl.sys (File found, but it contains no detailed information)

[Explorer]
-----( HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components )-----
>{26923b43-4d38-484f-9b9e-de460746276c} "Internet Explorer" - "Microsoft Corporation" - C:\Windows\system32\ie4uinit.exe -UserIconConfig
{89820200-ECBD-11cf-8B85-00AA005B4383} "Internet Explorer" - "Microsoft Corporation" - C:\Windows\system32\ie4uinit.exe -BaseSettings
{44BBA840-CC51-11CF-AAFA-00AA00B6015C} "Microsoft Windows Mail 7" - "Microsoft Corporation" - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
>{22d6f312-b0f6-11d0-94ab-0080c74c7e95} "Microsoft Windows Media Player" - "Microsoft Corporation" - C:\Windows\system32\unregmp2.exe /ShowWMP
{6BF52A52-394A-11d3-B153-00C04F79FAA6} "Microsoft Windows Media Player" - "Microsoft Corporation" - %SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler )-----
{A9BA40A1-74F1-52BD-F434-00B15A2C8953} "C:\Windows\system32\ltn9e.dll" - ? - C:\Windows\system32\ltn9e.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )-----
{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} "SABShellExecuteHook Class" - "SuperAdBlocker.com" - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL
{AEB6717E-7E19-11d0-97EE-00C04FD91972} "{AEB6717E-7E19-11d0-97EE-00C04FD91972}" - ? - (File not found | COM-object registry key not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{911051fa-c21c-4246-b470-070cd8df6dc4} ".cab or .zip files" - ? - (File not found | COM-object registry key not found)
{1b24a030-9b20-49bc-97ac-1be4426f9e59} "ActiveDirectory Folder" - ? - (File not found | COM-object registry key not found)
{34449847-FD14-4fc8-A75A-7432F5181EFB} "ActiveDirectory Folder" - ? - (File not found | COM-object registry key not found)
{7A979262-40CE-46ff-AEEE-7884AC3B6136} "Add New Hardware" - "Microsoft Corporation" - C:\Windows\System32\hdwwiz.exe
{d3e34b21-9d75-101a-8c3d-00aa001a1652} "Bitmap Image" - "Microsoft Corporation" - C:\Windows\system32\mspaint.exe
{b2c761c6-29bc-4f19-9251-e6195265baf1} "Color Control Panel Applet" - "Microsoft Corporation" - C:\Windows\system32\colorcpl.exe
{0F8604A5-4ECE-4DE1-BA7D-CF10F8AA4F48} "Contacts folder" - ? - (File not found | COM-object registry key not found)
{5399E694-6CE5-4D6C-8FCE-1D8870FDCBA0} "Control Panel command object for Start menu" - "Microsoft Corporation" - C:\Windows\system32\control.exe
{E44E5D18-0652-4508-A4E2-8A090067BCB0} "Default Programs command object for Start menu" - "Microsoft Corporation" - C:\Windows\system32\control.exe
{A70C977A-BF00-412C-90B7-034C51DA2439} "DesktopContext Class" - "NVIDIA Corporation" - C:\Windows\system32\nvcpl.dll
{2C2577C2-63A7-40e3-9B7F-586602617ECB} "Explorer Query Band" - ? - (File not found | COM-object registry key not found)
{a304259d-52b8-4526-8b1a-a1d6cecc8243} "iSCSI Initiator" - "Microsoft Corporation" - C:\Windows\System32\iscsicpl.exe
{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} "iTunes" - "Apple Inc." - C:\Program Files\iTunes\iTunesMiniPlayer.dll
{00020d75-0000-0000-c000-000000000046} "lnkfile" - ? - (File not found | COM-object registry key not found)
{5ea4f148-308c-46d7-98a9-49041b1dd468} "Mobility Center Control Panel" - "Microsoft Corporation" - C:\Windows\system32\mblctr.exe
{97F68CE3-7146-45FF-BE24-D9A7DD7CB8A2} "NeroCoverEdLiveIcons Class" - "Nero AG" - C:\Program Files\Nero\Nero8\Nero CoverDesigner\CoverEdExtension.dll
{3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} "NVIDIA CPL Context Menu Extension" - "NVIDIA Corporation" - C:\Windows\system32\nvshext.dll
{FFB699E0-306A-11d3-8BD1-00104B6F7516} "NVIDIA CPL Extension" - "NVIDIA Corporation" - C:\Windows\system32\nvcpl.dll
{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "OpenOffice.org Column Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{087B3AE3-E237-4467-B8DB-5A38AB959AC9} "OpenOffice.org Infotip Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{63542C48-9552-494A-84F7-73AA6A7C99C1} "OpenOffice.org Property Sheet Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{3B092F0C-7696-40E3-A80F-68D74DA84210} "OpenOffice.org Thumbnail Viewer" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{fcfeecae-ee1b-4849-ae50-685dcf7717ec} "Problem Reports and Solutions" - "Microsoft Corporation" - C:\Windows\System32\wercon.exe
{C8494E42-ACDD-4739-B0FB-217361E4894F} "Sam Account Folder" - ? - (File not found | COM-object registry key not found)
{E29F9716-5C08-4FCD-955A-119FDB5A522D} "Sam Account Folder" - ? - (File not found | COM-object registry key not found)
{00f2886f-cd64-4fc9-8ec5-30ef6cdbe8c3} "Scanner and Camera Control Panel" - "Microsoft Corporation" - C:\Program Files\Windows Photo Gallery\ImagingDevices.exe
{7A9D77BD-5403-11d2-8785-2E0420524153} "User Accounts" - "Microsoft Corporation" - C:\Windows\system32\netplwiz.exe
{67718415-c450-4f3c-bf8a-b487642dc39b} "Windows Features" - "Microsoft Corporation" - C:\Windows\System32\optionalfeatures.exe
{4026492f-2f69-46b8-b9bf-5654fc07e423} "Windows Firewall" - "Microsoft Corporation" - C:\Windows\system32\FirewallControlPanel.exe
{031EE060-67BC-460d-8847-E4A7C5E45A27} "Windows Media Player Rich Preview Handler" - "Microsoft Corporation" - C:\Program Files\Windows Media Player\wmprph.exe
{da67b8ad-e81b-4c70-9b91b417b5e33527} "Windows Search Shell Service" - ? - (File not found | COM-object registry key not found)
{37efd44d-ef8d-41b1-940d-96973a50e9e0} "Windows Sidebar Properties" - "Microsoft Corporation" - C:\Program Files\Windows Sidebar\sidebar.exe
{B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - "Alexander Roshal" - C:\Program Files\WinRAR\rarext.dll

[Internet Explorer]
-----( HKCU\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
{F81D52BF-F2F1-4F49-BF5F-05664E803039} "Flash" - "UnH Solutions" - C:\Program Files\UnH Solutions\Flash Saving Plugin\FlashSButton.dll
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
<binary data> "Ask Toolbar" - "Ask.com" - C:\Program Files\Ask.com\GenericAskToolbar.dll
<binary data> "DVDVideoSoft Toolbar" - "Conduit Ltd." - C:\Program Files\DVDVideoSoft\tbDVDV.dll
<binary data> "Grab Pro" - ? - C:\Program Files\Orbitdownloader\GrabPro.dll
<binary data> "ITBar7Layout" - ? - (File not found | COM-object registry key not found)
<binary data> "PC Tools Browser Guard" - "Threat Expert Ltd." - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll
-----( HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks )-----
{855F3B16-6D32-4fe6-8A56-BBB695989046} "ICQToolBar" - "ICQ" - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
{00000000-6E41-4FD3-8538-502F5495E5FC} "UrlSearchHook Class" - "Ask.com" - C:\Program Files\Ask.com\GenericAskToolbar.dll
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_17" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} "Java Plug-in 1.6.0_17" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_17" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_17.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
{D0C0F75C-683A-4390-A791-1ACFD5599AB8} "Oberon Flash Game Host" - "Oberon Media, Inc." - C:\Windows\Downloaded Program Files\OberonGameHost.dll / hxxp://icq.oberon-media.com/Gameshell/GameHost/1.0/OberonGameHost.cab
{D27CDB6E-AE6D-11CF-96B8-444553540000} "Shockwave Flash Object" - "Adobe Systems, Inc." - C:\Windows\system32\Macromed\Flash\Flash10e.ocx / hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
{E601996F-E400-41CA-804B-CD6373A7EEE2} "ClsidExtension" - "kikin" - C:\Program Files\kikin\ie_kikin.dll
"ICQ7" - "ICQ, Inc." - C:\Program Files\ICQ7.0\ICQ.exe
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )-----
<binary data> "Ask Toolbar" - "Ask.com" - C:\Program Files\Ask.com\GenericAskToolbar.dll
{e9911ec6-1bcc-40b0-9993-e0eea7f6953f} "DVDVideoSoft Toolbar" - "Conduit Ltd." - C:\Program Files\DVDVideoSoft\tbDVDV.dll
<binary data> "Grab Pro" - ? - C:\Program Files\Orbitdownloader\GrabPro.dll
{855F3B16-6D32-4fe6-8A56-BBB695989046} "ICQToolBar" - "ICQ" - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
{472734EA-242A-422B-ADF8-83D1E48CC825} "PC Tools Browser Guard" - "Threat Expert Ltd." - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{A9BA40A1-74F1-52BD-F434-00B15A2C8953} "C:\Windows\system32\ltn9e.dll" - ? - C:\Windows\system32\ltn9e.dll

[Logon]
-----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\Users\Bilz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
"ICQ-Tools.de Launcher.lnk" - "ICQ-Tools.de" - C:\Program Files\ICQ-Tools.de\ICQ-Tools.de - Launcher\ICQ-Tools.de Launcher.exe (Shortcut exists | File exists)
"OpenOffice.org 3.1.lnk" - ? - C:\Program Files\OpenOffice.org 3\program\quickstart.exe (Shortcut exists | File found, but it contains no detailed information | File exists)
-----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
"McAfee Security Scan Plus.lnk" - "McAfee, Inc." - C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe (Shortcut exists | File exists)
-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----
"ehTray.exe" - "Microsoft Corporation" - C:\Windows\ehome\ehTray.exe
"fsc-reg" - "Fujitsu Siemens Computers" - C:\ProgramData\fsc-reg\fscreg.exe 20100319
"hsa8ffushf83hoigjhs98jgijg9sd8e" - ? - C:\Users\Bilz\AppData\Local\temp\ugvdstn.exe (File not found)
"hsf87efjhdsf87f3jfsdi7fhsujfd" - ? - C:\Users\Bilz\AppData\Local\temp\nvsvc32.exe (File not found)
"ICQ" - "ICQ, Inc." - "C:\Program Files\ICQ7.0\ICQ.exe" silent loginmode=4
"reader_s" - ? - C:\Users\Bilz\reader_s.exe (File not found)
"Sidebar" - "Microsoft Corporation" - C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
"Sony Ericsson PC Suite" - "Sony Ericsson Mobile Communications AB" - "C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" /systray /nologon
"SUPERAntiSpyware" - "SUPERAntiSpyware.com" - C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
"WMPNSCFG" - "Microsoft Corporation" - C:\Program Files\Windows Media Player\WMPNSCFG.exe
-----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon )-----
"Shell" - "Microsoft Corporation" - C:\Windows\Explorer.exe
"Userinit" - "Microsoft Corporation" - C:\Windows\system32\userinit.exe
"Userinit" - ? - C:\Windows\system32\msisws32.exe (File found, but it contains no detailed information)
"Userinit" - ? - C:\Windows\system32\mskrix32.exe (File is exclusively opened, access blocked | File found, but it contains no detailed information)
"Userinit" - ? - C:\Windows\system32\sdra64.exe
-----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )-----
"StartupPrograms" - ? - rdpclip (File not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"Adobe ARM" - "Microsoft Corporation" - "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"Adobe Reader Speed Launcher" - "Microsoft Corporation" - "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"AVKTray" - "Microsoft Corporation" - "C:\Programme\G DATA AntiVirenKit 2007 Trial\AVKTray\AVKTray.exe"
"iTunesHelper" - "Microsoft Corporation" - "C:\Program Files\iTunes\iTunesHelper.exe"
"NeroFilterCheck" - "Microsoft Corporation" - C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
"Ocs_SM" - "Microsoft Corporation" - C:\Users\Bilz\AppData\Roaming\OCS\SM\SearchAnonymizer.exe
"QuickFinder Scheduler" - "Microsoft Corporation" - "c:\Program Files\WordPerfect Office X3\Programs\QFSCHD130.EXE"
"QuickTime Task" - "Microsoft Corporation" - "C:\Program Files\QuickTime\QTTask.exe" -atboottime
"reader_s" - "Portable Library" - C:\Windows\System32\reader_s.exe
"recinfo464" - "Microsoft Corporation" - c:\RecInfo\RecInfo.exe
"RtHDVCpl" - "Microsoft Corporation" - RtHDVCpl.exe
"SunJavaUpdateSched" - "Microsoft Corporation" - "C:\Program Files\Java\jre6\bin\jusched.exe"

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"@%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101" (WMPNetworkSvc) - "Microsoft Corporation" - C:\Program Files\Windows Media Player\wmpnetwk.exe
"@%SystemRoot%\ehome\ehrecvr.exe,-101" (ehRecvr) - ? - C:\Windows\ehome\ehRecvr.exe
"@%SystemRoot%\ehome\ehsched.exe,-101" (ehSched) - ? - C:\Windows\ehome\ehsched.exe
"@%SystemRoot%\servicing\TrustedInstaller.exe,-100" (TrustedInstaller) - "Microsoft Corporation" - C:\Windows\servicing\TrustedInstaller.exe
"@%SystemRoot%\system32\Alg.exe,-112" (ALG) - ? - C:\Windows\System32\alg.exe (File not found)
"@%systemroot%\system32\Locator.exe,-2" (RpcLocator) - ? - C:\Windows\system32\locator.exe
"@%SystemRoot%\system32\snmptrap.exe,-3" (SNMPTRAP) - "Microsoft Corporation" - C:\Windows\System32\snmptrap.exe
"@%SystemRoot%\system32\ui0detect.exe,-101" (UI0Detect) - "Microsoft Corporation" - C:\Windows\system32\UI0Detect.exe
"@%SystemRoot%\system32\vds.exe,-100" (vds) - "Microsoft Corporation" - C:\Windows\System32\vds.exe
"@%systemroot%\system32\vssvc.exe,-102" (VSS) - "Microsoft Corporation" - C:\Windows\system32\vssvc.exe
"@%Systemroot%\system32\wbem\wmiapsrv.exe,-110" (wmiApSrv) - "Microsoft Corporation" - C:\Windows\system32\wbem\WmiApSrv.exe
"@comres.dll,-2797" (MSDTC) - ? - C:\Windows\System32\msdtc.exe
"Apple Mobile Device" (Apple Mobile Device) - "Apple Inc." - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
"AVKProxy" (AVKProxy) - "G DATA Software AG" - C:\Program Files\Common Files\G DATA\AVKProxy\AVKProxy.exe
"AVKService" (AVKService) - ? - C:\Programme\G DATA AntiVirenKit 2007 Trial\AVK\AVKService.exe (File not found)
"AVKWCtl" (AVKWCtl) - "G DATA Software AG" - C:\Programme\G DATA AntiVirenKit 2007 Trial\AVK\AVKWCtl.exe
"Bonjour Service" (Bonjour Service) - "Apple Inc." - C:\Program Files\Bonjour\mDNSResponder.exe
"COMSysApp" (COMSysApp) - ? - C:\Windows\TEMP\VRTB1FB.tmp (File not found)
"DFSR" (DFSR) - ? - C:\Windows\system32\DFSR.exe (File not found)
"FirebirdServerMAGIXInstance" (FirebirdServerMAGIXInstance) - ? - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe (File not found)
"Fujitsu Siemens Computers Diagnostic Testhandler" (TestHandler) - "Fujitsu Siemens Computers" - C:\firststeps\OnlineDiagnostic\TestManager\TestHandler.exe
"ICQ Service" (ICQ Service) - ? - C:\Program Files\ICQ6Toolbar\ICQ Service.exe (File not found)
"iPod Service" (iPod Service) - "Apple Inc." - C:\Program Files\iPod\bin\iPodService.exe
"McComponentHostService" (McComponentHostService) - "McAfee, Inc." - C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe
"msiserver" (msiserver) - "Microsoft Corporation" - C:\Windows\system32\msiexec.exe
"Nero BackItUp Scheduler 3" (Nero BackItUp Scheduler 3) - ? - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe (File not found)
"NVIDIA Stereoscopic 3D Driver Service" (Stereo Service) - "NVIDIA Corporation" - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
"nvsvc" (nvsvc) - ? - C:\Windows\system32\nvvsvc.exe (File not found)
"OMSI download service" (OMSI download service) - ? - C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe (File not found)
"peresvc" (peresvc) - "Neto systems" - C:\Windows\system32\PereSvc.exe
"ProtexisLicensing" (ProtexisLicensing) - ? - c:\Windows\system32\PSIService.exe (File not found)
"SearchAnonymizer" (SearchAnonymizer) - ? - C:\Users\Bilz\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe
"UPnPService" (UPnPService) - "Magix AG" - C:\Program Files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe

[Winlogon]
-----( HKCU\Control Panel\Desktop )-----
"SCRNSAVE.EXE" - "Fujitsu Siemens Computers" - c:\windows\system32\Fujits~1.scr
-----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify )-----
"!SASWinLogon" - "SUPERAntiSpyware.com" - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[Winsock Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )-----
"mdnsNSP" - "Apple Inc." - C:\Program Files\Bonjour\mdnsNSP.dll
-----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries )-----
"PCTOOLS CONTENT FILTER PROVIDER" - "PC Tools Research Pty Ltd." - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll

===[ Logfile end ]=========================================[ Logfile end ]===

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru

cosinus 30.03.2010 12:51
Autsch!! :balla:
Da musst Du ne ganze Menge mit OSAM fixen:

Zitat:
[AppInit DLLs]
-----( HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows )-----
"AppInit_DLLs" - ? - app_dll.dll (File not found)

[Common]
-----( %SystemRoot%\Tasks )-----
"At1.job" - "Microsoft Corporation" - c:\program files\internet explorer\wmpscfgs.exe
"At10.job" - "Microsoft Corporation" - c:\program files\internet explorer\wmpscfgs.exe
"At11.job" - "Microsoft Corporation" - c:\program files\internet explorer\wmpscfgs.exe
"At12.job" - "Microsoft Corporation" - c:\program files\internet explorer\wmpscfgs.exe
"At13.job" - "Microsoft Corporation" - c:\program files\internet explorer\wmpscfgs.exe
"At14.job" - "Microsoft Corporation" - c:\program files\internet explorer\wmpscfgs.exe
"At15.job" - "Microsoft Corporation" - c:\program files\internet explorer\wmpscfgs.exe
"At16.job" - "Microsoft Corporation" - c:\program files\internet explorer\wmpscfgs.exe
"At17.job" - "Microsoft Corporation" - c:\program files\internet explorer\wmpscfgs.exe
"At18.job" - "Microsoft Corporation" - c:\program files\internet explorer\wmpscfgs.exe
"At19.job" - "Microsoft Corporation" - c:\program files\internet explorer\wmpscfgs.exe
"At2.job" - "Microsoft Corporation" - c:\program files\internet explorer\wmpscfgs.exe
"At20.job" - "Microsoft Corporation" - c:\program files\internet explorer\wmpscfgs.exe
"At21.job" - "Microsoft Corporation" - c:\program files\internet explorer\wmpscfgs.exe
"At22.job" - "Microsoft Corporation" - c:\program files\internet explorer\wmpscfgs.exe
"At23.job" - "Microsoft Corporation" - c:\program files\internet explorer\wmpscfgs.exe
"At24.job" - "Microsoft Corporation" - c:\program files\internet explorer\wmpscfgs.exe
"At3.job" - "Microsoft Corporation" - c:\program files\internet explorer\wmpscfgs.exe
"At4.job" - "Microsoft Corporation" - c:\program files\internet explorer\wmpscfgs.exe
"At49.job" - ? - c:\program files\adobe\acrotray .exe (File found, but it contains no detailed information)
"At5.job" - "Microsoft Corporation" - c:\program files\internet explorer\wmpscfgs.exe
"At50.job" - ? - c:\program files\adobe\acrotray .exe (File found, but it contains no detailed information)
"At51.job" - ? - c:\program files\adobe\acrotray .exe (File found, but it contains no detailed information)
"At52.job" - ? - c:\program files\adobe\acrotray .exe (File found, but it contains no detailed information)
"At53.job" - ? - c:\program files\adobe\acrotray .exe (File found, but it contains no detailed information)
"At54.job" - ? - c:\program files\adobe\acrotray .exe (File found, but it contains no detailed information)
"At55.job" - ? - c:\program files\adobe\acrotray .exe (File found, but it contains no detailed information)
"At56.job" - ? - c:\program files\adobe\acrotray .exe (File found, but it contains no detailed information)
"At57.job" - ? - c:\program files\adobe\acrotray .exe (File found, but it contains no detailed information)
"At58.job" - ? - c:\program files\adobe\acrotray .exe (File found, but it contains no detailed information)
"At59.job" - ? - c:\program files\adobe\acrotray .exe (File found, but it contains no detailed information)
"At6.job" - "Microsoft Corporation" - c:\program files\internet explorer\wmpscfgs.exe
"At60.job" - ? - c:\program files\adobe\acrotray .exe (File found, but it contains no detailed information)
"At61.job" - ? - c:\program files\adobe\acrotray .exe (File found, but it contains no detailed information)
"At62.job" - ? - c:\program files\adobe\acrotray .exe (File found, but it contains no detailed information)
"At63.job" - ? - c:\program files\adobe\acrotray .exe (File found, but it contains no detailed information)
"At64.job" - ? - c:\program files\adobe\acrotray .exe (File found, but it contains no detailed information)
"At65.job" - ? - c:\program files\adobe\acrotray .exe (File found, but it contains no detailed information)
"At66.job" - ? - c:\program files\adobe\acrotray .exe (File found, but it contains no detailed information)
"At67.job" - ? - c:\program files\adobe\acrotray .exe (File found, but it contains no detailed information)
"At68.job" - ? - c:\program files\adobe\acrotray .exe (File found, but it contains no detailed information)
"At69.job" - ? - c:\program files\adobe\acrotray .exe (File found, but it contains no detailed information)
"At7.job" - "Microsoft Corporation" - c:\program files\internet explorer\wmpscfgs.exe
"At70.job" - ? - c:\program files\adobe\acrotray .exe (File found, but it contains no detailed information)
"At71.job" - ? - c:\program files\adobe\acrotray .exe (File found, but it contains no detailed information)
"At72.job" - ? - c:\program files\adobe\acrotray .exe (File found, but it contains no detailed information)
"At8.job" - "Microsoft Corporation" - c:\program files\internet explorer\wmpscfgs.exe
"At9.job" - "Microsoft Corporation" - c:\program files\internet explorer\wmpscfgs.exe
"{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job" - ? - C:\Windows\TEMP\Nkj.exe (File found, but it contains no detailed information)
"{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job" - "Microsoft Corporation" - C:\Windows\TEMP\Nkk.exe

-----( HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\AppCertDlls )-----
"AppSecDll" - ? - C:\Windows\system32\config\systemprofile\AppData\Local\Windows Server\gwwbli.dll (File found, but it contains no detailed information)

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"bpznjkcs" (bpznjkcs) - ? - C:\Windows\system32\drivers\bpznjkcs.sys (Hidden registry entry, rootkit activity | File not found)

[Logon]
-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----
"hsa8ffushf83hoigjhs98jgijg9sd8e" - ? - C:\Users\Bilz\AppData\Local\temp\ugvdstn.exe (File not found)
"hsf87efjhdsf87f3jfsdi7fhsujfd" - ? - C:\Users\Bilz\AppData\Local\temp\nvsvc32.exe (File not found)

-----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon )-----
"Userinit" - "Microsoft Corporation" - C:\Windows\system32\userinit.exe
"Userinit" - ? - C:\Windows\system32\msisws32.exe (File found, but it contains no detailed information)
"Userinit" - ? - C:\Windows\system32\mskrix32.exe (File is exclusively opened, access blocked | File found, but it contains no detailed information)
"Userinit" - ? - C:\Windows\system32\sdra64.exe

-----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )-----
"StartupPrograms" - ? - rdpclip (File not found)

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"COMSysApp" (COMSysApp) - ? - C:\Windows\TEMP\VRTB1FB.tmp (File not found)
"peresvc" (peresvc) - "Neto systems" - C:\Windows\system32\PereSvc.exe
Bitte mit OSAM deaktivieren (siehe Anleitung zu OSAM). Poste danach ein neues Log von OSAM.

Plukas 30.03.2010 14:01
Also ich hab erstmal alle deaktiviert und dann den PC neugestartet. Komischerweise wurde mit kein Logfile angezeigt. Naja dann hab ich die Sachen entfernt, neugestartet und noch ein Scan gemacht:

Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 14:59:55 on 30.03.2010

OS: Windows Vista (Build 6000), 32-bit
Default Browser: Mozilla Corporation Firefox 3.6.2

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[AppInit DLLs]
-----( HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows )-----
"AppInit_DLLs" - ? - app_dll.dll (File not found)

[Common]
-----( %SystemRoot%\Tasks )-----
"At62.job" - ? - c:\program files\adobe\acrotray .exe (File found, but it contains no detailed information)
"At69.job" - ? - c:\program files\adobe\acrotray .exe (File found, but it contains no detailed information)
"{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job" - ? - C:\Windows\TEMP\Nkj.exe (File found, but it contains no detailed information)

[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"bdeadmin.cpl" - "Borland Software Corporation" - C:\Windows\system32\bdeadmin.cpl
"nvcpl.cpl" - "NVIDIA Corporation" - C:\Windows\system32\nvcpl.cpl
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"Nero BurnRights" - "Nero AG" - C:\Program Files\Nero\Nero8\Nero Toolkit\NeroBurnRights.cpl
"QuickTime" - "Apple Inc." - C:\Program Files\QuickTime\QTSystem\QuickTime.cpl

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"catchme" (catchme) - ? - C:\Users\Bilz\AppData\Local\Temp\catchme.sys (File not found)
"enodpl" (enodpl) - ? - C:\Windows\System32\drivers\enodpl.sys (File found, but it contains no detailed information)
"GDMnIcpt" (GDMnIcpt) - "G DATA Software AG" - C:\Windows\system32\drivers\MiniIcpt.sys
"GDTdiInterceptor" (GDTdiInterceptor) - ? - C:\Windows\system32\drivers\GDTdiIcpt.sys
"HookCentre" (HookCentre) - "G DATA Software AG" - C:\Windows\system32\drivers\HookCentre.sys
"IP in IP Tunnel Driver" (IpInIp) - ? - C:\Windows\System32\DRIVERS\ipinip.sys (File not found)
"IPX Traffic Filter Driver" (NwlnkFlt) - ? - C:\Windows\System32\DRIVERS\nwlnkflt.sys (File not found)
"IPX Traffic Forwarder Driver" (NwlnkFwd) - ? - C:\Windows\System32\DRIVERS\nwlnkfwd.sys (File not found)
"ksermxi" (ksermxi) - ? - C:\Windows\system32\drivers\ksermxi.sys (Hidden registry entry, rootkit activity | File not found)
"PCTools KDS" (PCTCore) - "PC Tools" - C:\Windows\System32\drivers\PCTCore.sys
"SASDIFSV" (SASDIFSV) - "SUPERAdBlocker.com and SUPERAntiSpyware.com" - C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
"SASENUM" (SASENUM) - " SUPERAdBlocker.com and SUPERAntiSpyware.com" - C:\Program Files\SUPERAntiSpyware\SASENUM.SYS
"SASKUTIL" (SASKUTIL) - "SUPERAdBlocker.com and SUPERAntiSpyware.com" - C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
"tandpl" (tandpl) - ? - C:\Windows\System32\drivers\tandpl.sys (File found, but it contains no detailed information)

[Explorer]
-----( HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components )-----
>{26923b43-4d38-484f-9b9e-de460746276c} "Internet Explorer" - "Microsoft Corporation" - C:\Windows\system32\ie4uinit.exe -UserIconConfig
{89820200-ECBD-11cf-8B85-00AA005B4383} "Internet Explorer" - "Microsoft Corporation" - C:\Windows\system32\ie4uinit.exe -BaseSettings
{44BBA840-CC51-11CF-AAFA-00AA00B6015C} "Microsoft Windows Mail 7" - "Microsoft Corporation" - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
>{22d6f312-b0f6-11d0-94ab-0080c74c7e95} "Microsoft Windows Media Player" - "Microsoft Corporation" - C:\Windows\system32\unregmp2.exe /ShowWMP
{6BF52A52-394A-11d3-B153-00C04F79FAA6} "Microsoft Windows Media Player" - "Microsoft Corporation" - %SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler )-----
{A9BA40A1-74F1-52BD-F434-00B15A2C8953} "C:\Windows\system32\fihitkj11.dll" - ? - C:\Windows\system32\fihitkj11.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )-----
{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} "SABShellExecuteHook Class" - "SuperAdBlocker.com" - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL
{AEB6717E-7E19-11d0-97EE-00C04FD91972} "{AEB6717E-7E19-11d0-97EE-00C04FD91972}" - ? - (File not found | COM-object registry key not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{911051fa-c21c-4246-b470-070cd8df6dc4} ".cab or .zip files" - ? - (File not found | COM-object registry key not found)
{1b24a030-9b20-49bc-97ac-1be4426f9e59} "ActiveDirectory Folder" - ? - (File not found | COM-object registry key not found)
{34449847-FD14-4fc8-A75A-7432F5181EFB} "ActiveDirectory Folder" - ? - (File not found | COM-object registry key not found)
{7A979262-40CE-46ff-AEEE-7884AC3B6136} "Add New Hardware" - "Microsoft Corporation" - C:\Windows\System32\hdwwiz.exe
{d3e34b21-9d75-101a-8c3d-00aa001a1652} "Bitmap Image" - "Microsoft Corporation" - C:\Windows\system32\mspaint.exe
{b2c761c6-29bc-4f19-9251-e6195265baf1} "Color Control Panel Applet" - "Microsoft Corporation" - C:\Windows\system32\colorcpl.exe
{0F8604A5-4ECE-4DE1-BA7D-CF10F8AA4F48} "Contacts folder" - ? - (File not found | COM-object registry key not found)
{5399E694-6CE5-4D6C-8FCE-1D8870FDCBA0} "Control Panel command object for Start menu" - "Microsoft Corporation" - C:\Windows\system32\control.exe
{E44E5D18-0652-4508-A4E2-8A090067BCB0} "Default Programs command object for Start menu" - "Microsoft Corporation" - C:\Windows\system32\control.exe
{A70C977A-BF00-412C-90B7-034C51DA2439} "DesktopContext Class" - "NVIDIA Corporation" - C:\Windows\system32\nvcpl.dll
{2C2577C2-63A7-40e3-9B7F-586602617ECB} "Explorer Query Band" - ? - (File not found | COM-object registry key not found)
{a304259d-52b8-4526-8b1a-a1d6cecc8243} "iSCSI Initiator" - "Microsoft Corporation" - C:\Windows\System32\iscsicpl.exe
{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} "iTunes" - "Apple Inc." - C:\Program Files\iTunes\iTunesMiniPlayer.dll
{00020d75-0000-0000-c000-000000000046} "lnkfile" - ? - (File not found | COM-object registry key not found)
{5ea4f148-308c-46d7-98a9-49041b1dd468} "Mobility Center Control Panel" - "Microsoft Corporation" - C:\Windows\system32\mblctr.exe
{97F68CE3-7146-45FF-BE24-D9A7DD7CB8A2} "NeroCoverEdLiveIcons Class" - "Nero AG" - C:\Program Files\Nero\Nero8\Nero CoverDesigner\CoverEdExtension.dll
{3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} "NVIDIA CPL Context Menu Extension" - "NVIDIA Corporation" - C:\Windows\system32\nvshext.dll
{FFB699E0-306A-11d3-8BD1-00104B6F7516} "NVIDIA CPL Extension" - "NVIDIA Corporation" - C:\Windows\system32\nvcpl.dll
{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "OpenOffice.org Column Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{087B3AE3-E237-4467-B8DB-5A38AB959AC9} "OpenOffice.org Infotip Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{63542C48-9552-494A-84F7-73AA6A7C99C1} "OpenOffice.org Property Sheet Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{3B092F0C-7696-40E3-A80F-68D74DA84210} "OpenOffice.org Thumbnail Viewer" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{fcfeecae-ee1b-4849-ae50-685dcf7717ec} "Problem Reports and Solutions" - "Microsoft Corporation" - C:\Windows\System32\wercon.exe
{C8494E42-ACDD-4739-B0FB-217361E4894F} "Sam Account Folder" - ? - (File not found | COM-object registry key not found)
{E29F9716-5C08-4FCD-955A-119FDB5A522D} "Sam Account Folder" - ? - (File not found | COM-object registry key not found)
{00f2886f-cd64-4fc9-8ec5-30ef6cdbe8c3} "Scanner and Camera Control Panel" - "Microsoft Corporation" - C:\Program Files\Windows Photo Gallery\ImagingDevices.exe
{7A9D77BD-5403-11d2-8785-2E0420524153} "User Accounts" - "Microsoft Corporation" - C:\Windows\system32\netplwiz.exe
{67718415-c450-4f3c-bf8a-b487642dc39b} "Windows Features" - "Microsoft Corporation" - C:\Windows\System32\optionalfeatures.exe
{4026492f-2f69-46b8-b9bf-5654fc07e423} "Windows Firewall" - "Microsoft Corporation" - C:\Windows\system32\FirewallControlPanel.exe
{031EE060-67BC-460d-8847-E4A7C5E45A27} "Windows Media Player Rich Preview Handler" - "Microsoft Corporation" - C:\Program Files\Windows Media Player\wmprph.exe
{da67b8ad-e81b-4c70-9b91b417b5e33527} "Windows Search Shell Service" - ? - (File not found | COM-object registry key not found)
{37efd44d-ef8d-41b1-940d-96973a50e9e0} "Windows Sidebar Properties" - "Microsoft Corporation" - C:\Program Files\Windows Sidebar\sidebar.exe
{B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - "Alexander Roshal" - C:\Program Files\WinRAR\rarext.dll

[Internet Explorer]
-----( HKCU\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
{F81D52BF-F2F1-4F49-BF5F-05664E803039} "Flash" - "UnH Solutions" - C:\Program Files\UnH Solutions\Flash Saving Plugin\FlashSButton.dll
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
<binary data> "Ask Toolbar" - "Ask.com" - C:\Program Files\Ask.com\GenericAskToolbar.dll
<binary data> "DVDVideoSoft Toolbar" - "Conduit Ltd." - C:\Program Files\DVDVideoSoft\tbDVDV.dll
<binary data> "Grab Pro" - ? - C:\Program Files\Orbitdownloader\GrabPro.dll
<binary data> "ITBar7Layout" - ? - (File not found | COM-object registry key not found)
<binary data> "PC Tools Browser Guard" - "Threat Expert Ltd." - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll
-----( HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks )-----
{855F3B16-6D32-4fe6-8A56-BBB695989046} "ICQToolBar" - "ICQ" - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
{00000000-6E41-4FD3-8538-502F5495E5FC} "UrlSearchHook Class" - "Ask.com" - C:\Program Files\Ask.com\GenericAskToolbar.dll
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_17" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} "Java Plug-in 1.6.0_17" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_17" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_17.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
{D0C0F75C-683A-4390-A791-1ACFD5599AB8} "Oberon Flash Game Host" - "Oberon Media, Inc." - C:\Windows\Downloaded Program Files\OberonGameHost.dll / hxxp://icq.oberon-media.com/Gameshell/GameHost/1.0/OberonGameHost.cab
{D27CDB6E-AE6D-11CF-96B8-444553540000} "Shockwave Flash Object" - "Adobe Systems, Inc." - C:\Windows\system32\Macromed\Flash\Flash10e.ocx / hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
{E601996F-E400-41CA-804B-CD6373A7EEE2} "ClsidExtension" - "kikin" - C:\Program Files\kikin\ie_kikin.dll
"ICQ7" - "ICQ, Inc." - C:\Program Files\ICQ7.0\ICQ.exe
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )-----
<binary data> "Ask Toolbar" - "Ask.com" - C:\Program Files\Ask.com\GenericAskToolbar.dll
{e9911ec6-1bcc-40b0-9993-e0eea7f6953f} "DVDVideoSoft Toolbar" - "Conduit Ltd." - C:\Program Files\DVDVideoSoft\tbDVDV.dll
<binary data> "Grab Pro" - ? - C:\Program Files\Orbitdownloader\GrabPro.dll
{855F3B16-6D32-4fe6-8A56-BBB695989046} "ICQToolBar" - "ICQ" - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
{472734EA-242A-422B-ADF8-83D1E48CC825} "PC Tools Browser Guard" - "Threat Expert Ltd." - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{A9BA40A1-74F1-52BD-F434-00B15A2C8953} "C:\Windows\system32\fihitkj11.dll" - ? - C:\Windows\system32\fihitkj11.dll

[Logon]
-----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\Users\Bilz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
"ICQ-Tools.de Launcher.lnk" - "ICQ-Tools.de" - C:\Program Files\ICQ-Tools.de\ICQ-Tools.de - Launcher\ICQ-Tools.de Launcher.exe (Shortcut exists | File exists)
"OpenOffice.org 3.1.lnk" - ? - C:\Program Files\OpenOffice.org 3\program\quickstart.exe (Shortcut exists | File found, but it contains no detailed information | File exists)
-----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
"McAfee Security Scan Plus.lnk" - "McAfee, Inc." - C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe (Shortcut exists | File exists)
-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----
"ehTray.exe" - "Microsoft Corporation" - C:\Windows\ehome\ehTray.exe
"fsc-reg" - "Fujitsu Siemens Computers" - C:\ProgramData\fsc-reg\fscreg.exe 20100319
"ICQ" - "ICQ, Inc." - "C:\Program Files\ICQ7.0\ICQ.exe" silent loginmode=4
"reader_s" - ? - C:\Users\Bilz\reader_s.exe (File not found)
"Sidebar" - "Microsoft Corporation" - C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
"Sony Ericsson PC Suite" - "Sony Ericsson Mobile Communications AB" - "C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" /systray /nologon
"SUPERAntiSpyware" - "SUPERAntiSpyware.com" - C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
"WMPNSCFG" - "Microsoft Corporation" - C:\Program Files\Windows Media Player\WMPNSCFG.exe
-----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon )-----
"Shell" - "Microsoft Corporation" - C:\Windows\Explorer.exe
"Userinit" - "Microsoft Corporation" - C:\Windows\system32\userinit.exe
"Userinit" - ? - C:\Windows\system32\mspbue32.exe (File is exclusively opened, access blocked | File found, but it contains no detailed information)
"Userinit" - ? - C:\Windows\system32\mszqha32.exe (File found, but it contains no detailed information)
-----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )-----
(Disabled) "StartupPrograms" - ? - rdpclip (File not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"Adobe ARM" - "Microsoft Corporation" - "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"Adobe Reader Speed Launcher" - "Microsoft Corporation" - "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"AVKTray" - "Microsoft Corporation" - "C:\Programme\G DATA AntiVirenKit 2007 Trial\AVKTray\AVKTray.exe"
"iTunesHelper" - "Microsoft Corporation" - "C:\Program Files\iTunes\iTunesHelper.exe"
"NeroFilterCheck" - "Microsoft Corporation" - C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
"Ocs_SM" - "Microsoft Corporation" - C:\Users\Bilz\AppData\Roaming\OCS\SM\SearchAnonymizer.exe
"QuickFinder Scheduler" - "Microsoft Corporation" - "c:\Program Files\WordPerfect Office X3\Programs\QFSCHD130.EXE"
"QuickTime Task" - "Microsoft Corporation" - "C:\Program Files\QuickTime\QTTask.exe" -atboottime
"reader_s" - "Portable Library" - C:\Windows\System32\reader_s.exe
"recinfo464" - "Microsoft Corporation" - c:\RecInfo\RecInfo.exe
"RtHDVCpl" - "Microsoft Corporation" - RtHDVCpl.exe
"SunJavaUpdateSched" - "Microsoft Corporation" - "C:\Program Files\Java\jre6\bin\jusched.exe"

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"@%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101" (WMPNetworkSvc) - "Microsoft Corporation" - C:\Program Files\Windows Media Player\wmpnetwk.exe
"@%SystemRoot%\ehome\ehrecvr.exe,-101" (ehRecvr) - ? - C:\Windows\ehome\ehRecvr.exe
"@%SystemRoot%\ehome\ehsched.exe,-101" (ehSched) - ? - C:\Windows\ehome\ehsched.exe
"@%SystemRoot%\servicing\TrustedInstaller.exe,-100" (TrustedInstaller) - "Microsoft Corporation" - C:\Windows\servicing\TrustedInstaller.exe
"@%SystemRoot%\system32\Alg.exe,-112" (ALG) - ? - C:\Windows\System32\alg.exe (File not found)
"@%systemroot%\system32\Locator.exe,-2" (RpcLocator) - ? - C:\Windows\system32\locator.exe
"@%SystemRoot%\system32\snmptrap.exe,-3" (SNMPTRAP) - "Microsoft Corporation" - C:\Windows\System32\snmptrap.exe
"@%SystemRoot%\system32\ui0detect.exe,-101" (UI0Detect) - "Microsoft Corporation" - C:\Windows\system32\UI0Detect.exe
"@%SystemRoot%\system32\vds.exe,-100" (vds) - "Microsoft Corporation" - C:\Windows\System32\vds.exe
"@%systemroot%\system32\vssvc.exe,-102" (VSS) - "Microsoft Corporation" - C:\Windows\system32\vssvc.exe
"@%Systemroot%\system32\wbem\wmiapsrv.exe,-110" (wmiApSrv) - "Microsoft Corporation" - C:\Windows\system32\wbem\WmiApSrv.exe
"@comres.dll,-2797" (MSDTC) - ? - C:\Windows\System32\msdtc.exe
"Apple Mobile Device" (Apple Mobile Device) - "Apple Inc." - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
"AVKProxy" (AVKProxy) - "G DATA Software AG" - C:\Program Files\Common Files\G DATA\AVKProxy\AVKProxy.exe
"AVKService" (AVKService) - ? - C:\Programme\G DATA AntiVirenKit 2007 Trial\AVK\AVKService.exe (File not found)
"AVKWCtl" (AVKWCtl) - "G DATA Software AG" - C:\Programme\G DATA AntiVirenKit 2007 Trial\AVK\AVKWCtl.exe
"Bonjour Service" (Bonjour Service) - "Apple Inc." - C:\Program Files\Bonjour\mDNSResponder.exe
"DFSR" (DFSR) - ? - C:\Windows\system32\DFSR.exe (File not found)
"FirebirdServerMAGIXInstance" (FirebirdServerMAGIXInstance) - ? - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe (File not found)
"Fujitsu Siemens Computers Diagnostic Testhandler" (TestHandler) - "Fujitsu Siemens Computers" - C:\firststeps\OnlineDiagnostic\TestManager\TestHandler.exe
"ICQ Service" (ICQ Service) - ? - C:\Program Files\ICQ6Toolbar\ICQ Service.exe (File not found)
"iPod Service" (iPod Service) - "Apple Inc." - C:\Program Files\iPod\bin\iPodService.exe
"McComponentHostService" (McComponentHostService) - "McAfee, Inc." - C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe
"msiserver" (msiserver) - "Microsoft Corporation" - C:\Windows\system32\msiexec.exe
"Nero BackItUp Scheduler 3" (Nero BackItUp Scheduler 3) - ? - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe (File not found)
"NVIDIA Stereoscopic 3D Driver Service" (Stereo Service) - "NVIDIA Corporation" - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
"nvsvc" (nvsvc) - ? - C:\Windows\system32\nvvsvc.exe (File not found)
"OMSI download service" (OMSI download service) - ? - C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe (File not found)
"ProtexisLicensing" (ProtexisLicensing) - ? - c:\Windows\system32\PSIService.exe (File not found)
"SearchAnonymizer" (SearchAnonymizer) - ? - C:\Users\Bilz\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe
"UPnPService" (UPnPService) - "Magix AG" - C:\Program Files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe

[Winlogon]
-----( HKCU\Control Panel\Desktop )-----
"SCRNSAVE.EXE" - "Fujitsu Siemens Computers" - c:\windows\system32\Fujits~1.scr
-----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify )-----
"!SASWinLogon" - "SUPERAntiSpyware.com" - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[Winsock Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )-----
"mdnsNSP" - "Apple Inc." - C:\Program Files\Bonjour\mdnsNSP.dll
-----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries )-----
"PCTOOLS CONTENT FILTER PROVIDER" - "PC Tools Research Pty Ltd." - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll

===[ Logfile end ]=========================================[ Logfile end ]===

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru

BIOTEC 30.03.2010 14:09
(Reinhäng)...

Also auf deinem System ist ein Virut drauf???? Steht zumindest mal im SAM Log...also das ist ne ganz blöde Angelegenheit! Ausserdem haste da Dropper drauf, die bestimmt auch wieder schön "Nachhause Telefonieren"

Ich als NON PRO und NO SUPPORTER würde da schon fast sagen...Neuinstallieren!

Die Kiste is ja schön verseucht. Kaum haste paar runter, kommen schon die nächsten!

Und jetzt weiter mit dem Support von Cosinus!

cosinus 30.03.2010 14:25
Okay. Mich würden jetzt mal Kontrollscans mit Malwarebytes und SASW interessieren, mach das mal und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!

BTW: Ich würde BIOTEC schon mit der Neuinstallation von WIndows zustimmen, aber bis Du die Vista-DVD hast, wäre ein berenigtes System erstmal besser als garkeins ;)

Plukas 31.03.2010 11:28
Wollt grad beide aktualisieren und bei beiden kam eine Fehlermeldung dass der Zugang zum Internet blockiert ist. Außerdem ist der PC jetzt extrem langsam. Ich versuchs jetzt mal mit meiner Recovery DVD.
Ich mach dann auch gleich mal einen Scan. Zuerst mit HiJack oder?
Habt ihr vielleicht noch einen Tip für ein gutes Freeware Antivirenprogramm? Ich hab im Moment AntiVir und Norton Demo(war schon drauf) ja und die haben eigentlich nie was erkannt, obwohl dauernd Updates geladen wurden. Achja und übrigens ^^ danke für die Hilfe ;)

cosinus 31.03.2010 12:02
Mach mal die Scans ohne Aktualisierung.

Plukas 31.03.2010 12:14
Ist leider auch unmöglich... entweder werden die Scans abgebrochen oder der PC bleibt hängen, ...

cosinus 31.03.2010 12:18
Geh nochmal mit OSAM ran und deaktivier diese Einträge:

Zitat:
[AppInit DLLs]
-----( HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows )-----
"AppInit_DLLs" - ? - app_dll.dll (File not found)

[Common]
-----( %SystemRoot%\Tasks )-----
"At62.job" - ? - c:\program files\adobe\acrotray .exe (File found, but it contains no detailed information)
"At69.job" - ? - c:\program files\adobe\acrotray .exe (File found, but it contains no detailed information)
"{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job" - ? - C:\Windows\TEMP\Nkj.exe (File found, but it contains no detailed information)

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"ksermxi" (ksermxi) - ? - C:\Windows\system32\drivers\ksermxi.sys (Hidden registry entry, rootkit activity | File not found)

[Logon]
-----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon )-----
"Userinit" - ? - C:\Windows\system32\mspbue32.exe (File is exclusively opened, access blocked | File found, but it contains no detailed information)
"Userinit" - ? - C:\Windows\system32\mszqha32.exe (File found, but it contains no detailed information)

Plukas 31.03.2010 12:26
Ich muss ja eh Windows neuinstallieren, und im Moment läuft wirklich fast gar nix, es läd 10 min wenn ich nur auf den Arbeitsplatz klicke. Ich denke die Recovery wird das beste sein oder? Wollte die nämlich eigentlich jetzt machen. Da wäre es ja eigentlich sinnlos noch groß vorher was zu machen oder?

cosinus 31.03.2010 12:32
Jo kannste auch machen. Hätte mich aber schon interessiert, welche Rootkits das waren bzw. ob die noch unbekannt sind.

Plukas 31.03.2010 16:08
Also ich eröffne jetzt mal keinen neuen Thread ok?
Hab jetzt erstmal einen Scan mit HiJack gemacht:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:06:09, on 31.03.2010
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16546)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Programme\G DATA AntiVirenKit 2007 Trial\AVKTray\AVKTray.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\ICQ7.1\ICQ.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
R3 - URLSearchHook: (no name) - - (no file)
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AVKTray] "C:\Programme\G DATA AntiVirenKit 2007 Trial\AVKTray\AVKTray.exe"
O4 - HKLM\..\Run: [QuickFinder Scheduler] "c:\Program Files\WordPerfect Office X3\Programs\QFSCHD130.EXE"
O4 - HKLM\..\Run: [recinfo464] c:\RecInfo\RecInfo.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [fsc-reg] C:\ProgramData\fsc-reg\fscreg.exe 20100331
O4 - HKCU\..\Run: [ICQ] "C:\Program Files\ICQ7.1\ICQ.exe" silent loginmode=4
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST')
O9 - Extra button: ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Program Files\ICQ7.1\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Program Files\ICQ7.1\ICQ.exe
O13 - Gopher Prefix:
O23 - Service: AVKProxy - G DATA Software AG - C:\Program Files\Common Files\G DATA\AVKProxy\AVKProxy.exe
O23 - Service: AVK Service (AVKService) - G DATA Software AG - C:\Programme\G DATA AntiVirenKit 2007 Trial\AVK\AVKService.exe
O23 - Service: AVK Wächter (AVKWCtl) - G DATA Software AG - C:\Programme\G DATA AntiVirenKit 2007 Trial\AVK\AVKWCtl.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: ProtexisLicensing - Unknown owner - c:\Windows\system32\PSIService.exe
O23 - Service: Fujitsu Siemens Computers Diagnostic Testhandler (TestHandler) - Fujitsu Siemens Computers - C:\firststeps\OnlineDiagnostic\TestManager\TestHandler.exe
O23 - Service: UPnPService - Magix AG - C:\Program Files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe

--
End of file - 4864 bytes

cosinus 31.03.2010 19:19
Wieso denn jetzt HJT? Das zeigt fast nichts an! :balla:
Oder biste schon mit der Windows-DVD rübergegangen? :confused:

Plukas 31.03.2010 20:10
Ja also das ist jetzt schon nach der Neuinstallation.

cosinus 01.04.2010 09:26
Sieht natürlich ok aus. Eine Neuinstallation (mit Formatierung) kann ein Schädling nicht überleben.

Du musst Dich unbedingt um die Updates kümmern, da fehlt das SP2 und der IE8!!

Microsoftupdate

Windows XP: Besuch mit dem IE die MS-Updateseite und lass Dir alle wichtigen Updates installieren.

Windows Vista/7: Anleitung Windows-Update



PDF-Reader aktualisieren
Dein Adobe Reader ist nicht aktuell, was ein großes Sicherheitsrisiko darstellt. Du solltest daher besser die alte Version über Systemsteuerung => Software deinstallieren, indem Du dort auf "Adobe Reader x.0" klickst und das Programm entfernst.

Ich empfehle einen alternativen PDF-Reader wie SumatraPDF oder Foxit PDF Reader, beide sind sehr viel schlanker und flotter als der AdobeReader.

Bitte überprüf bei der Gelegenheit auch die Aktualität des Flashplayers, hier der direkte Downloadlink => http://filepony.de/?q=Flash+Player


Java-Update
Veraltete Java-Installationen sind ein Sicherheitsrisiko, daher solltest Du die alten Versionen löschen (falls vorhanden) und auf die neuste aktualisieren. Beende dazu alle Programme (v.a. die Browser), klick danach auf Start, Systemsteuerung, Software und deinstalliere darüber alle aufgelisteten Java-Versionen. Lad Dir danach von hier das aktuelle Java SE Runtime Environment (JRE) herunter und installiere es.

Plukas 01.04.2010 17:29
Also es ist so... Bei Windows Vista muss man ja die Recovery selbst brennen und ich hab das leider nicht sofort gemacht als ich den PC gekauft hab, sondern erst später. Ja hab gestern die Recovery gemacht und jetzt hab ich das Problem, dass ich immer noch irgendwas in den Windows Dateien drin hab.
Antivir meldet mir ein paar Trojaner und einen Virut.
Hab grad einen Komplettscan mit Malwarebytes gemacht und der hat gar nix gefunden!?
Also ich bekomm keine Fehlermeldung oder so aber nach einer bestimmten Zeit gehen meine Browser nichtmehr. Und das hat nix mit dem Internet zu tun die Verbindung geht noch. Ich bekomm dann Error 404 oder so angezeigt.
Mit was sollte ich jetzt noch scannen?

cosinus 01.04.2010 19:11
Zitat:
dass ich immer noch irgendwas in den Windows Dateien drin hab.
Mit welchen Recovery-Medien? Hast Du die selbst gebrannt auf dem verseuchten System?

Zitat:
und einen Virut.
Wo wurde der gefunden? Ich dachte das wird hier von anfang an klar gemacht, dass man bei Virenmeldungen immer den kompletten Pfad anzugeben hat!!
Hast Du irgendwas ausgeführt, was auch verseuchten System verarbeitet wurde?

Plukas 01.04.2010 20:29
Ja die Recovery-DVD hab ich selbst gebrannt, aber leider nicht gleich am Anfang. Ich wusste natürlich net dass schon ein Virus auf dem PC ist als ich die gebrannt hab. Aber immerhin läuft der PC jetzt wieder und es kommen keine tausen Fehlermeldungen.

Also Avira hat verschiedene Sache gefunden:
z.B.
In der Datei 'C:\Windows\Temp\_avast4_\unp102241053.tmp'
wurde ein Virus oder unerwünschtes Programm 'TR/Crypt.ASPM.Gen' [trojan] gefunden.

'L:\lukas\PhotoshopCS4Portable\App\Photoshop\Required\Droplet Template.exe'
wurde ein Virus oder unerwünschtes Programm 'W32/Virut.Gen' [virus] gefunden.

Ja und davon gibts ca. 50 Funde, aber ich denk mal dass das meiste Fehlmeldungen sind, da Malware ja nichts anzeigt und ich z.B. Photoshop früher schon drauf hatte und da auch nicht war.

cosinus 01.04.2010 20:48
Zitat:
L:\lukas\PhotoshopCS4Portable\App\Photoshop\Required\Droplet Template.exe
Wo hast Du das Photoshop her?

Plukas 01.04.2010 20:51
Also das ist jetzt aufm Stick und der ist von einem Freund.

cosinus 01.04.2010 20:55
Ja, dann ist das das ne tolle Raubkopie! Kein Wunder, dass der Virut sich bei Dir breitgemacht hat!! Lösch den Scheiß sofort und lass in Zukunft die Finger von Warez, Cracks und Keygens!

Plukas 01.04.2010 21:00
Ich habs ja netmal aufm PC
aber trotzdem hab ich ja noch irgendwelche Trojaner in den Windows-Dateien.

edit: ok also das war wirklich Fehlalarm ich hab mal paar andere Meldungen angeschaut und Avira findet bei allen Programmen einen Virut auch bei Open Office und so.

cosinus 01.04.2010 21:01
Zitat:
C:\Windows\Temp\_avast4_\unp102241053.tmp'
Das ist ne Signaturdatei von Avast! Den hat MBAM fälschlicherweise als Virus erkannt. Ist gefahrlos weil Fehlalarm.

Zitat:
L:\lukas\PhotoshopCS4Portable
Den Ordner möchtest Du bitte unverzüglich komplett löschen!

Plukas 01.04.2010 21:08
Ja ok habs gelöscht. Aber ich hab trotzdem noch ein Problem. Malwarebytes erkennt zwar nichts, aber nach einer bestimmten Zeit ist immer noch das Problem mit den Browsern.

Vielleicht hilft das weiter?

In der Datei 'C:\Windows\Temp\AvkHttp00001540.tmp'
wurde ein Virus oder unerwünschtes Programm 'HTML/Infected.WebPage.Gen' [virus] gefunden.

cosinus 01.04.2010 21:11
Hast Du noch GDATA installiert?? Bitte deinstallieren, sonst kommen die Meldugnen ständig!!
GDATA und AntiVir vertragen sich nicht gleichzeitig!

Plukas 01.04.2010 21:13
Ok, ja das war schon drauf, hab ich gar net gesehen.


Alle Zeitangaben in WEZ +1. Es ist jetzt 01:22 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19