Trojaner-Board - Firefox lädt nicht alle Seiten

Trojaner-Board (https://www.trojaner-board.de/)

- Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)

- - Firefox lädt nicht alle Seiten (https://www.trojaner-board.de/91458-firefox-laedt-alle-seiten.html)

Firefox lädt nicht alle Seiten

Hallo erstmal,
also ich hab das Problem, das Firefox seit nem Monat nicht mehr alle Seiten anzeigt und im IE werden diese wohl angezeigt. Firefox lädt zwar aber es tut sich nix es lädt auch nach ner Stunde noch. Ich weiß nicht ob es damit zusammenhängt, aber ich hatte mal vom Virenprogramm ständig ne Fehlermeldung das eine Datei nich funktioniert. Ich hab erst ignorieren dann löschen gedrückt aber es kamen 100 fenster das die Datei nicht geht da hab ich die Datei gesucht und gelöscht. Jetzt öffnet sich bei jedem
Start von Windows ein Fenster wo steht:
RUNDLL

Fehler beim Laden von C:\WINDOWS\nvmal40.dll
das angegebene Modul wurde nicht gefunden (klar ich habs ja gelöscht :-))
Nun ja dann drück ich ok und gut ist...
meine frage is ob die Probleme von Firefox evt damit zusammenhängen? Was muss ich tun bzw muss ich noch was zeigen damit ihr mir helfen könnt? Wäre echt nett
btw ich habe das Betriebssystem Windows XP
MfG: Inuyasha2008

:hallo:

Eine Bereinigung ist mitunter mit viel Arbeit für Dich verbunden.

Bitte arbeite alle Schritte der Reihe nach ab.
Lese die Anleitungen sorgfältig. Sollte es Probleme geben, bitte stoppen und hier so gut es geht beschreiben.
Nur Scanns durchführen zu denen Du von einem Helfer aufgefordert wirst.
Bitte kein Crossposting ( posten in mehreren Foren).
Installiere oder Deinstalliere während der Bereinigung keine Software ausser Du wurdest dazu aufgefordert.
Lese Dir die Anleitung zuerst vollständig durch. Sollte etwas unklar sein, frage bevor Du beginnst.
Poste die Logfiles direkt in deinen Thread. Nicht anhängen ausser ich fordere Dich dazu auf. Erschwert mir nämlich das auswerten.

Hinweis: Ich kann Dir niemals eine Garantie geben, dass ich auch alles finde. Eine Formatierung ist meist der Schnellere und immer der sicherste Weg.
Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis dir jemand vom Team sagt, dass Du clean bist.

Vista und Win7 User
Alle Tools mit Rechtsklick "als Administrator ausführen" starten.

Schritt 1

CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop

Starte bitte die OTL.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Kopiere nun den Inhalt in die http://larusso.trojaner-board.de/Images/otlfix.jpg Textbox.

Code:

netsvcs

drivers32 /all

%SYSTEMDRIVE%\*.*

%systemroot%\system32\*.wt

%systemroot%\system32\*.ruy

%systemroot%\Fonts\*.com

%systemroot%\Fonts\*.dll

%systemroot%\Fonts\*.ini

%systemroot%\Fonts\*.ini2

%systemroot%\system32\spool\prtprocs\w32x86\*.*

%systemroot%\REPAIR\*.bak1

%systemroot%\REPAIR\*.ini

%systemroot%\system32\*.jpg

%systemroot%\*.scr

%systemroot%\*._sy

%APPDATA%\Adobe\Update\*.*

%ALLUSERSPROFILE%\Favorites\*.*

%APPDATA%\Microsoft\*.*

%PROGRAMFILES%\*.*

%APPDATA%\Update\*.*

%systemroot%\*. /mp /s

CREATERESTOREPOINT

%systemroot%\system32\*.dll /lockedfiles

%systemroot%\Tasks\*.job /lockedfiles

%systemroot%\System32\config\*.sav

%systemroot%\system32\user32.dll /md5

%systemroot%\system32\ws2_32.dll /md5

%systemroot%\system32\ws2help.dll /md5

/md5start

explorer.exe

winlogon.exe

wininit.exe

/md5stop

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs

Schliesse bitte nun alle Programme. (Wichtig)
Klicke nun bitte auf den Quick Scan Button.
Klick auf http://larusso.trojaner-board.de/Images/otlfix2.jpg.
Kopiere nun den Inhalt aus OTL.txt und Extra.txt hier in Deinen Thread

Schritt 2

Rootkit-Suche mit Gmer

Was sind Rootkits?

Wichtig: Bei jedem Rootkit-Scans soll/en:

Deaktiviere zunächst nach dieser Anleitung evtl. vorhandene CD-Emulatoren wie Alcohol, Daemon-Tools oder ähnliche.
Alle anderen Programme gegen Viren, Spyware, usw. deaktiviert sein,
keine Verbindung zu einem Netzwerk/Internet bestehen (WLAN nicht vergessen),
nichts am Rechner getan werden,
nach jedem Scan der Rechner neu gestartet werden.
Nicht vergessen, nach dem Rootkit-Scan die Security-Programme wieder einzuschalten!

Lade Dir Gmer von dieser Seite herunter
(auf den Button Download EXE drücken) und das Programm auf dem Desktop speichern.

Alle anderen Programme sollen geschlossen sein.
Starte gmer.exe (hat einen willkürlichen Programm-Namen).
Vista-User mit Rechtsklick und als Administrator starten.
Gmer startet automatisch einen ersten Scan.
Sollte sich ein Fenster mit folgender Warnung öffnen:

Code:

WARNING !!! GMER has found system modification, which might have been caused by ROOTKIT activity. Do you want to fully scan your system?
Unbedingt auf "No" klicken,
in dem Fall über den Save-Button das bisherige Resultat auf dem Desktop als gmer_first.log speichern.

.
Falls das nicht der Fall war, wähle nun den Reiter "Rootkit/Malware",
Hake an: System, Sections, Devices, Modules, Processes, Threads, Libraries, Services, Registry und Files.
Wichtig: "Show all" darf nicht angehakt sein!
Starte den Scan durch Drücken des Buttons "Scan".
Mache nichts am Computer während der Scan läuft (unten links wird angezeigt, was gerade gescannt wird).
Wenn der Scan fertig ist, bleibt die Zeile leer.
Kllicke auf "Save" und speichere das Logfile als gmer.log auf dem Desktop.
Mit "Ok" wird Gmer beendet.

Antiviren-Programm und sonstige Scanner wieder einschalten, bevor Du ins Netz gehst!

Nun das Logfile in Code-Tags posten.

Hier sind die Ergebnisse von Schritt 2:

Code:

GMER 1.0.15.15281 - hxxp://www.gmer.net

Rootkit scan 2010-10-06 01:22:42

Windows 5.1.2600 Service Pack 3

Running: ts94pg15.exe; Driver: C:\DOKUME~1\Markus\LOKALE~1\Temp\kfdoqfod.sys
 
 

---- System - GMER 1.0.15 ----
 

SSDT   A5F7A2BE                                                                                         ZwCreateKey

SSDT   A5F7A2B4                                                                                         ZwCreateThread

SSDT   A5F7A2C3                                                                                         ZwDeleteKey

SSDT   A5F7A2CD                                                                                         ZwDeleteValueKey

SSDT   A5F7A2D2                                                                                         ZwLoadKey

SSDT   A5F7A2A0                                                                                         ZwOpenProcess

SSDT   A5F7A2A5                                                                                         ZwOpenThread

SSDT   A5F7A2DC                                                                                         ZwReplaceKey

SSDT   A5F7A2D7                                                                                         ZwRestoreKey

SSDT   A5F7A2C8                                                                                         ZwSetValueKey

SSDT   A5F7A2AF                                                                                         ZwTerminateProcess
 

---- Kernel code sections - GMER 1.0.15 ----
 

.rsrc  C:\WINDOWS\system32\drivers\ftdisk.sys                                                           entry point in ".rsrc" section [0xB9F64314]

.text  C:\WINDOWS\system32\DRIVERS\nv4_mini.sys                                                         section is writeable [0xB847B360, 0x32E00D, 0xE8000020]
 

---- User code sections - GMER 1.0.15 ----
 

.text  C:\WINDOWS\Explorer.EXE[1244] ntdll.dll!NtProtectVirtualMemory                                   7C91D6EE 5 Bytes  JMP 00DB000A 

.text  C:\WINDOWS\Explorer.EXE[1244] ntdll.dll!NtWriteVirtualMemory                                     7C91DFAE 5 Bytes  JMP 00DC000A 

.text  C:\WINDOWS\Explorer.EXE[1244] ntdll.dll!KiUserExceptionDispatcher                                7C91E47C 5 Bytes  JMP 00D5000C 

.text  C:\WINDOWS\System32\svchost.exe[1584] ntdll.dll!NtProtectVirtualMemory                           7C91D6EE 5 Bytes  JMP 00D9000A 

.text  C:\WINDOWS\System32\svchost.exe[1584] ntdll.dll!NtWriteVirtualMemory                             7C91DFAE 5 Bytes  JMP 00DA000A 

.text  C:\WINDOWS\System32\svchost.exe[1584] ntdll.dll!KiUserExceptionDispatcher                        7C91E47C 5 Bytes  JMP 00D8000C 

.text  C:\WINDOWS\System32\svchost.exe[1584] ole32.dll!CoCreateInstance                                 774D057E 5 Bytes  JMP 00EE000A 

.text  C:\WINDOWS\system32\wuauclt.exe[2776] ntdll.dll!NtProtectVirtualMemory                           7C91D6EE 5 Bytes  JMP 012C000A 

.text  C:\WINDOWS\system32\wuauclt.exe[2776] ntdll.dll!NtWriteVirtualMemory                             7C91DFAE 5 Bytes  JMP 012D000A 

.text  C:\WINDOWS\system32\wuauclt.exe[2776] ntdll.dll!KiUserExceptionDispatcher                        7C91E47C 5 Bytes  JMP 012B000C 

.text  C:\Programme\Windows Live\Messenger\msnmsgr.exe[3788] kernel32.dll!LoadResource                  7C80A055 7 Bytes  JMP 28001E20 C:\Programme\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)

.text  C:\Programme\Windows Live\Messenger\msnmsgr.exe[3788] kernel32.dll!FindResourceExW               7C80AD28 7 Bytes  JMP 28001C60 C:\Programme\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)

.text  C:\Programme\Windows Live\Messenger\msnmsgr.exe[3788] kernel32.dll!FindResourceW                 7C80BC6E 7 Bytes  JMP 28001BE0 C:\Programme\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)

.text  C:\Programme\Windows Live\Messenger\msnmsgr.exe[3788] kernel32.dll!SizeofResource                7C80BD09 7 Bytes  JMP 28001EE0 C:\Programme\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)

.text  C:\Programme\Windows Live\Messenger\msnmsgr.exe[3788] kernel32.dll!FindResourceA                 7C80BF29 7 Bytes  JMP 28001CF0 C:\Programme\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)

.text  C:\Programme\Windows Live\Messenger\msnmsgr.exe[3788] kernel32.dll!LockResource                  7C80CD37 5 Bytes  JMP 28001F50 C:\Programme\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)

.text  C:\Programme\Windows Live\Messenger\msnmsgr.exe[3788] kernel32.dll!CreateEventA                  7C8308B5 5 Bytes  JMP 28001840 C:\Programme\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)

.text  C:\Programme\Windows Live\Messenger\msnmsgr.exe[3788] kernel32.dll!FindResourceExA               7C835FA8 7 Bytes  JMP 28001D80 C:\Programme\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)

.text  C:\Programme\Windows Live\Messenger\msnmsgr.exe[3788] ADVAPI32.dll!CryptDeriveKey                77DB9FFD 7 Bytes  JMP 28001000 C:\Programme\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)

.text  C:\Programme\Windows Live\Messenger\msnmsgr.exe[3788] ADVAPI32.dll!CryptDecrypt                  77DBA129 7 Bytes  JMP 28001060 C:\Programme\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)

.text  C:\Programme\Windows Live\Messenger\msnmsgr.exe[3788] USER32.dll!GetWindowLongW                  7E3688A6 7 Bytes  JMP 28006B00 C:\Programme\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)

.text  C:\Programme\Windows Live\Messenger\msnmsgr.exe[3788] USER32.dll!PeekMessageW                    7E36929B 5 Bytes  JMP 280046C0 C:\Programme\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)

.text  C:\Programme\Windows Live\Messenger\msnmsgr.exe[3788] USER32.dll!SetWindowPlacement              7E36DE46 5 Bytes  JMP 28005EA0 C:\Programme\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)

.text  C:\Programme\Windows Live\Messenger\msnmsgr.exe[3788] USER32.dll!CreateDialogParamW              7E36EA3B 5 Bytes  JMP 28006120 C:\Programme\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)

.text  C:\Programme\Windows Live\Messenger\msnmsgr.exe[3788] USER32.dll!LoadImageW                      7E377B97 5 Bytes  JMP 28006770 C:\Programme\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)

.text  C:\Programme\Windows Live\Messenger\msnmsgr.exe[3788] USER32.dll!CreateWindowExW                 7E37D0A3 5 Bytes  JMP 28003CF0 C:\Programme\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)

.text  C:\Programme\Windows Live\Messenger\msnmsgr.exe[3788] USER32.dll!SetWindowRgn                    7E37E528 7 Bytes  JMP 28005FE0 C:\Programme\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)

.text  C:\Programme\Windows Live\Messenger\msnmsgr.exe[3788] USER32.dll!LoadIconW                       7E37E8BC 5 Bytes  JMP 28006960 C:\Programme\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)

.text  C:\Programme\Windows Live\Messenger\msnmsgr.exe[3788] USER32.dll!MessageBoxIndirectW             7E3B64D5 5 Bytes  JMP 28006310 C:\Programme\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)

.text  C:\Programme\Windows Live\Messenger\msnmsgr.exe[3788] USER32.dll!TrackPopupMenuEx                7E3BCF62 5 Bytes  JMP 28004FA0 C:\Programme\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)

.text  C:\Programme\Windows Live\Messenger\msnmsgr.exe[3788] WS2_32.dll!closesocket                     71A13E2B 5 Bytes  JMP 2800BB90 C:\Programme\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)

.text  C:\Programme\Windows Live\Messenger\msnmsgr.exe[3788] WS2_32.dll!send                            71A14C27 5 Bytes  JMP 2800B770 C:\Programme\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)

.text  C:\Programme\Windows Live\Messenger\msnmsgr.exe[3788] WS2_32.dll!WSARecv                         71A14CB5 5 Bytes  JMP 2800B550 C:\Programme\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)

.text  C:\Programme\Windows Live\Messenger\msnmsgr.exe[3788] WS2_32.dll!recv                            71A1676F 5 Bytes  JMP 2800B3B0 C:\Programme\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)

.text  C:\Programme\Windows Live\Messenger\msnmsgr.exe[3788] WS2_32.dll!WSASend                         71A168FA 5 Bytes  JMP 2800B950 C:\Programme\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)

.text  C:\Programme\Windows Live\Messenger\msnmsgr.exe[3788] SHELL32.dll!Shell_NotifyIconW              7E6DA5BF 5 Bytes  JMP 28003440 C:\Programme\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)

.text  C:\Programme\Windows Live\Messenger\msnmsgr.exe[3788] ole32.dll!CoInitializeEx                   774CEF7B 5 Bytes  JMP 28002260 C:\Programme\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)

.text  C:\Programme\Windows Live\Messenger\msnmsgr.exe[3788] ole32.dll!CoCreateInstance                 774D057E 5 Bytes  JMP 28002600 C:\Programme\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)

.text  C:\Programme\Windows Live\Messenger\msnmsgr.exe[3788] ole32.dll!CoRegisterClassObject            774E7E90 5 Bytes  JMP 28002360 C:\Programme\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)

.text  C:\Programme\Windows Live\Messenger\msnmsgr.exe[3788] WININET.dll!InternetCloseHandle            408C4261 5 Bytes  JMP 2800A560 C:\Programme\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)

.text  C:\Programme\Windows Live\Messenger\msnmsgr.exe[3788] WININET.dll!HttpOpenRequestA               408CAA7B 5 Bytes  JMP 2800A220 C:\Programme\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)

.text  C:\Programme\Windows Live\Messenger\msnmsgr.exe[3788] WININET.dll!InternetReadFile               408D13D4 5 Bytes  JMP 2800A3B0 C:\Programme\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)

.text  C:\Programme\Windows Live\Messenger\msnmsgr.exe[3788] WININET.dll!HttpSendRequestA               408D3558 5 Bytes  JMP 2800A490 C:\Programme\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)

.text  C:\WINDOWS\system32\wuauclt.exe[4212] ntdll.dll!NtProtectVirtualMemory                           7C91D6EE 5 Bytes  JMP 00D2000A 

.text  C:\WINDOWS\system32\wuauclt.exe[4212] ntdll.dll!NtWriteVirtualMemory                             7C91DFAE 5 Bytes  JMP 00D3000A 

.text  C:\WINDOWS\system32\wuauclt.exe[4212] ntdll.dll!KiUserExceptionDispatcher                        7C91E47C 5 Bytes  JMP 00D1000C 
 

---- Registry - GMER 1.0.15 ----
 

Reg    HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\000b0d0a2709                      

Reg    HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\000b0d0a2709@0023f183c470         0xF0 0x90 0xAC 0x25 ...

Reg    HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\000b0d0a2709 (not active ControlSet)  

Reg    HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\000b0d0a2709@0023f183c470             0xF0 0x90 0xAC 0x25 ...
 

---- Disk sectors - GMER 1.0.15 ----
 

Disk   \Device\Harddisk0\DR0                                                                            sector 01: copy of MBR

Disk   \Device\Harddisk0\DR0                                                                            sector 02: copy of MBR

Disk   \Device\Harddisk0\DR0                                                                            sector 03: copy of MBR

Disk   \Device\Harddisk0\DR0                                                                            sector 04: copy of MBR

Disk   \Device\Harddisk0\DR0                                                                            sector 05: copy of MBR

Disk   \Device\Harddisk0\DR0                                                                            sector 06: copy of MBR

Disk   \Device\Harddisk0\DR0                                                                            sector 07: copy of MBR

Disk   \Device\Harddisk0\DR0                                                                            sector 08: copy of MBR

Disk   \Device\Harddisk0\DR0                                                                            sector 09: copy of MBR

Disk   \Device\Harddisk0\DR0                                                                            sector 10: copy of MBR

Disk   \Device\Harddisk0\DR0                                                                            sector 11: copy of MBR

Disk   \Device\Harddisk0\DR0                                                                            sector 12: copy of MBR

Disk   \Device\Harddisk0\DR0                                                                            sector 13: copy of MBR

Disk   \Device\Harddisk0\DR0                                                                            sector 14: copy of MBR

Disk   \Device\Harddisk0\DR0                                                                            sector 15: copy of MBR

Disk   \Device\Harddisk0\DR0                                                                            sector 16: copy of MBR

Disk   \Device\Harddisk0\DR0                                                                            sector 17: copy of MBR

Disk   \Device\Harddisk0\DR0                                                                            sector 18: copy of MBR

Disk   \Device\Harddisk0\DR0                                                                            sector 19: copy of MBR

Disk   \Device\Harddisk0\DR0                                                                            sector 20: copy of MBR

Disk   \Device\Harddisk0\DR0                                                                            sector 21: copy of MBR

Disk   \Device\Harddisk0\DR0                                                                            sector 22: copy of MBR

Disk   \Device\Harddisk0\DR0                                                                            sector 23: copy of MBR

Disk   \Device\Harddisk0\DR0                                                                            sector 24: copy of MBR

Disk   \Device\Harddisk0\DR0                                                                            sector 25: copy of MBR

Disk   \Device\Harddisk0\DR0                                                                            sector 26: copy of MBR

Disk   \Device\Harddisk0\DR0                                                                            sector 27: copy of MBR

Disk   \Device\Harddisk0\DR0                                                                            sector 28: copy of MBR

Disk   \Device\Harddisk0\DR0                                                                            sector 29: copy of MBR

Disk   \Device\Harddisk0\DR0                                                                            sector 30: copy of MBR

Disk   \Device\Harddisk0\DR0                                                                            sector 31: copy of MBR

Disk   \Device\Harddisk0\DR0                                                                            sector 32: rootkit-like behavior; copy of MBR

Disk   \Device\Harddisk0\DR0                                                                            sector 33: rootkit-like behavior; copy of MBR

Disk   \Device\Harddisk0\DR0                                                                            sector 34: copy of MBR

Disk   \Device\Harddisk0\DR0                                                                            sector 35: copy of MBR

Disk   \Device\Harddisk0\DR0                                                                            sector 36: copy of MBR

Disk   \Device\Harddisk0\DR0                                                                            sector 37: copy of MBR

Disk   \Device\Harddisk0\DR0                                                                            sector 38: copy of MBR

Disk   \Device\Harddisk0\DR0                                                                            sector 39: copy of MBR

Disk   \Device\Harddisk0\DR0                                                                            sector 40: copy of MBR

Disk   \Device\Harddisk0\DR0                                                                            sector 41: copy of MBR

Disk   \Device\Harddisk0\DR0                                                                            sector 42: copy of MBR

Disk   \Device\Harddisk0\DR0                                                                            sector 43: copy of MBR

Disk   \Device\Harddisk0\DR0                                                                            sector 44: copy of MBR

Disk   \Device\Harddisk0\DR0                                                                            sector 45: copy of MBR

Disk   \Device\Harddisk0\DR0                                                                            sector 46: copy of MBR

Disk   \Device\Harddisk0\DR0                                                                            sector 47: copy of MBR

Disk   \Device\Harddisk0\DR0                                                                            sector 48: copy of MBR

Disk   \Device\Harddisk0\DR0                                                                            sector 49: copy of MBR

Disk   \Device\Harddisk0\DR0                                                                            sector 50: copy of MBR

Disk   \Device\Harddisk0\DR0                                                                            sector 51: copy of MBR

Disk   \Device\Harddisk0\DR0                                                                            sector 52: copy of MBR

Disk   \Device\Harddisk0\DR0                                                                            sector 53: copy of MBR

Disk   \Device\Harddisk0\DR0                                                                            sector 54: copy of MBR

Disk   \Device\Harddisk0\DR0                                                                            sector 55: copy of MBR

Disk   \Device\Harddisk0\DR0                                                                            sector 56: copy of MBR

Disk   \Device\Harddisk0\DR0                                                                            sector 57: copy of MBR

Disk   \Device\Harddisk0\DR0                                                                            sector 58: copy of MBR

Disk   \Device\Harddisk0\DR0                                                                            sector 59: copy of MBR

Disk   \Device\Harddisk0\DR0                                                                            sector 60: copy of MBR

Disk   \Device\Harddisk0\DR0                                                                            sector 61: copy of MBR

Disk   \Device\Harddisk0\DR0                                                                            sector 62: copy of MBR

Disk   \Device\Harddisk0\DR0                                                                            sector 63: rootkit-like behavior; copy of MBR
 

---- Files - GMER 1.0.15 ----
 

File   C:\WINDOWS\system32\drivers\ftdisk.sys                                                           suspicious modification
 

---- EOF - GMER 1.0.15 ----

Und wo ist Schritt 1?

ka scheint nicht zu gehen... hatte mal beide hier rein gesetzt aber man sah nur die hälfte... Die txt Dateien scheinen zu lang zu sein. Was kann ich da machen?

Aufteilen auf zwei Threads oder einfach Anhängen :)

Extras Teil 1:

Code:

OTL Extras logfile created on: 05.10.2010 22:40:36 - Run 1

OTL by OldTimer - Version 3.2.14.1     Folder = D:\Dokumente und Einstellungen\Markus\Dateien von Markus\Downloads

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 7.0.5730.13)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 60,00% Memory free

4,00 Gb Paging File | 3,00 Gb Available in Paging File | 81,00% Paging File free

Paging file location(s): c:\pagefile.sys 2046 4092 [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme

Drive C: | 48,83 Gb Total Space | 10,24 Gb Free Space | 20,98% Space Free | Partition Type: NTFS

Drive D: | 79,35 Gb Total Space | 51,69 Gb Free Space | 65,13% Space Free | Partition Type: NTFS

Drive E: | 79,35 Gb Total Space | 79,01 Gb Free Space | 99,56% Space Free | Partition Type: NTFS

Drive F: | 90,55 Gb Total Space | 70,09 Gb Free Space | 77,40% Space Free | Partition Type: NTFS

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

 

Computer Name: VERBARSC-D46353

Current User Name: Markus

Logged in as Administrator.

 

Current Boot Mode: Normal

Scan Mode: Current user

Company Name Whitelist: On

Skip Microsoft Files: On

File Age = 90 Days

Output = Standard

Quick Scan

 
 ========== Extra Registry (SafeList) ==========

 

 
 ========== File Associations ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)

 

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)

 
 ========== Shell Spawning ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

htmlfile [edit] -- "C:\Programme\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)

htmlfile [print] -- "C:\Programme\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)

http [open] -- "C:\Programme\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)

https [open] -- "C:\Programme\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [Winamp.Bookmark] -- "C:\Programme\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)

Directory [Winamp.Enqueue] -- "C:\Programme\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)

Directory [Winamp.Play] -- "C:\Programme\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)

Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

 
 ========== Security Center Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"FirstRunDisabled" = 1

"AntiVirusOverride" = 0

"FirewallOverride" = 0

"AntiVirusDisableNotify" = 0

"FirewallDisableNotify" = 0

"UpdatesDisableNotify" = 0

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

 
 ========== System Restore Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]

"DisableSR" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]

"Start" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]

"Start" = 2

 
 ========== Firewall Settings ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 1

"DoNotAllowExceptions" = 0

"DisableNotifications" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007

"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

"139:TCP" = 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004

"445:TCP" = 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005

"137:UDP" = 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001

"138:UDP" = 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002

"6112:TCP" = 6112:TCP:*:Enabled:Wc3

"6113:TCP" = 6113:TCP:*:Enabled:Wc3

"6114:TCP" = 6114:TCP:*:Enabled:Wc3

"6115:TCP" = 6115:TCP:*:Enabled:Wc3

"6116:TCP" = 6116:TCP:*:Enabled:Wc3

"6117:TCP" = 6117:TCP:*:Enabled:Wc3

"6118:TCP" = 6118:TCP:*:Enabled:Wc3

"6119:TCP" = 6119:TCP:*:Enabled:Wc3

"3703:TCP" = 3703:TCP:*:Enabled:Adobe Version Cue CS3 Server

"3704:TCP" = 3704:TCP:*:Enabled:Adobe Version Cue CS3 Server

"50900:TCP" = 50900:TCP:*:Enabled:Adobe Version Cue CS3 Server

"50901:TCP" = 50901:TCP:*:Enabled:Adobe Version Cue CS3 Server

"1035:TCP" = 1035:TCP:*:Enabled:Akamai NetSession Interface

"5000:UDP" = 5000:UDP:*:Enabled:Akamai NetSession Interface

 
 ========== Authorized Applications List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

"C:\Programme\MSN Messenger\livecall.exe" = C:\Programme\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) -- File not found

"C:\Programme\Windows Live\Sync\WindowsLiveSync.exe" = C:\Programme\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"C:\Programme\TeamViewer\Version4\TeamViewer.exe" = C:\Programme\TeamViewer\Version4\TeamViewer.exe:*:Enabled:TeamViewer Remote Control Application -- File not found

"C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)

"C:\Dokumente und Einstellungen\Markus\Desktop\eigene sachen\ghostbot\ghostplusplus_11.5\ghost\ghost.exe" = C:\Dokumente und Einstellungen\Markus\Desktop\eigene sachen\ghostbot\ghostplusplus_11.5\ghost\ghost.exe:*:Enabled:ghost -- ()

"C:\Dokumente und Einstellungen\Markus\Desktop\eigene sachen\list checker\pickup.listchecker.exe" = C:\Dokumente und Einstellungen\Markus\Desktop\eigene sachen\list checker\pickup.listchecker.exe:*:Enabled:pickup.listchecker -- ()

"C:\Programme\ICQ6.5\ICQ.exe" = C:\Programme\ICQ6.5\ICQ.exe:*:Enabled:ICQ6 -- (ICQ, LLC.)

"C:\xampp\apache\bin\apache.exe" = C:\xampp\apache\bin\apache.exe:*:Enabled:Apache HTTP Server -- (Apache Software Foundation)

"C:\Programme\Gemeinsame Dateien\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe" = C:\Programme\Gemeinsame Dateien\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe:*:Enabled:Adobe Version Cue CS3 Server -- (Adobe Systems Incorporated)

"F:\Warcraft III\Warcraft III\Warcraft III.exe" = F:\Warcraft III\Warcraft III\Warcraft III.exe:*:Enabled:Warcraft III -- (Blizzard Entertainment)

"C:\Programme\BlueSoleil\BlueSoleil.exe" = C:\Programme\BlueSoleil\BlueSoleil.exe:*:Enabled:BlueSoleil -- (IVT Corporation)

"C:\Programme\IVT Corporation\BlueSoleil\BlueSoleil.exe" = C:\Programme\IVT Corporation\BlueSoleil\BlueSoleil.exe:*:Enabled:BlueSoleil -- (IVT Corporation)

"C:\Programme\Mozilla Thunderbird\thunderbird.exe" = C:\Programme\Mozilla Thunderbird\thunderbird.exe:*:Enabled:Mozilla Thunderbird -- (Mozilla Messaging)

"C:\Programme\UltraFXP\UltraFxp.exe" = C:\Programme\UltraFXP\UltraFxp.exe:*:Enabled:UltraFxp -- ()

"F:\steam.exe" = F:\steam.exe:*:Enabled:steam -- (Valve Corporation)

"C:\WINDOWS\pchealth\helpctr\binaries\helpctr.exe" = C:\WINDOWS\pchealth\helpctr\binaries\helpctr.exe:*:Enabled:Remoteunterstützung - Windows Messenger und Voice -- (Microsoft Corporation)

"C:\WINDOWS\system32\rtcshare.exe" = C:\WINDOWS\system32\rtcshare.exe:*:Enabled:RTC-Gemeinsame Nutzung von Anwendungen -- (Microsoft Corporation)

"C:\Programme\NetMeeting\conf.exe" = C:\Programme\NetMeeting\conf.exe:*:Enabled:Windows® NetMeeting® -- (Microsoft Corporation)

"F:\WOW\World of Warcraft\WoW-3.2.0-deDE-downloader.exe" = F:\WOW\World of Warcraft\WoW-3.2.0-deDE-downloader.exe:*:Enabled:Blizzard Downloader -- File not found

"F:\WOW\World of Warcraft\WoW-3.1.3.9947-to-3.2.0.10192-deDE-downloader.exe" = F:\WOW\World of Warcraft\WoW-3.1.3.9947-to-3.2.0.10192-deDE-downloader.exe:*:Enabled:Blizzard Downloader -- File not found

"C:\Dokumente und Einstellungen\Markus\Lokale Einstellungen\Temp\Rar$EX00.297\ZEQ2\ZEQ2.exe" = C:\Dokumente und Einstellungen\Markus\Lokale Einstellungen\Temp\Rar$EX00.297\ZEQ2\ZEQ2.exe:*:Enabled:ZEQ2 -- File not found

"C:\Dokumente und Einstellungen\Markus\Desktop\ZEQ2\ZEQ2.exe" = C:\Dokumente und Einstellungen\Markus\Desktop\ZEQ2\ZEQ2.exe:*:Enabled:ZEQ2 -- File not found

"C:\Programme\Windows Live\Sync\WindowsLiveSync.exe" = C:\Programme\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)

"C:\Programme\SpacialAudio\SAMBC\SAMBC.exe" = C:\Programme\SpacialAudio\SAMBC\SAMBC.exe:*:Enabled:SAMBC -- ()

"D:\Programme\Dragon Age\bin_ship\daorigins.exe" = D:\Programme\Dragon Age\bin_ship\daorigins.exe:*:Enabled:Dragon Age Origins -Spiel -- File not found

"D:\Programme\Dragon Age\DAOriginsLauncher.exe" = D:\Programme\Dragon Age\DAOriginsLauncher.exe:*:Enabled:Dragon Age Origins -Launcher -- File not found

"D:\Programme\Dragon Age\bin_ship\daupdatersvc.service.exe" = D:\Programme\Dragon Age\bin_ship\daupdatersvc.service.exe:*:Enabled:Dragon Age Origins -Inhaltsupdater -- File not found

"C:\Programme\TeamViewer\Version5\TeamViewer.exe" = C:\Programme\TeamViewer\Version5\TeamViewer.exe:*:Enabled:Teamviewer Remote Control Application -- (TeamViewer GmbH)

"C:\Programme\BearShare\BearShare.exe" = C:\Programme\BearShare\BearShare.exe:*:Disabled:BearShare -- File not found

"C:\Programme\BearShare Applications\BearShare\BearShare.exe" = C:\Programme\BearShare Applications\BearShare\BearShare.exe:*:Enabled:BearShare -- File not found

"C:\Programme\BearShare Music\BearShare Music.exe" = C:\Programme\BearShare Music\BearShare Music.exe:*:Disabled:BearShare Music -- File not found

"D:\Dokumente und Einstellungen\Markus\Dateien von Markus\Downloads\IM88532.JPG-www.facebook.com.exe" = C:\WINDOWS\infocard.exe:*:Enabled:Firewall Administrating -- File not found

"C:\Programme\iTunes\iTunes.exe" = C:\Programme\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)

"F:\Gunz\Xfire\xfire.exe" = F:\Gunz\Xfire\xfire.exe:*:Enabled:xfire -- File not found

"F:\Gunz\ijjiOptimizer.exe" = F:\Gunz\ijjiOptimizer.exe:*:Enabled:ijjiOptimizer.exe -- ()

"F:\Gunz\gunz\Gunz.exe" = F:\Gunz\gunz\Gunz.exe:*:Enabled:Gunz -- (MAIET entertainment)

"C:\Programme\Skype\Plugin Manager\skypePM.exe" = C:\Programme\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager -- File not found

 

 
 ========== HKEY_LOCAL_MACHINE Uninstall List ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148

"{0046FA01-C5B9-4985-BACB-398DC480FC05}" = Adobe Photoshop CS3

"{0224CACC-994D-45F8-B973-D65056EA9C2F}" = Adobe XMP DVA Panels CS3

"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam

"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu

"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting

"{121634B0-2F4B-11D3-ADA3-00C04F52DD52}" = Windows Installer Clean Up

"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter

"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime

"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin

"{193EAFD0-1BAF-4FB4-B18F-79D5D6A4B285}" = Adobe After Effects CS3 Presets

"{1BC4026B-1957-4514-9058-2B542557F143}" = Opera 9.63

"{1C4551A6-4743-4093-91E4-1477CD655043}" = NVIDIA PhysX

"{1D58229F-C505-45CA-8223-F35F3A34B963}" = Adobe Version Cue CS3 Server

"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool

"{216E21F4-0489-4311-92D6-20D1FB950FCE}" = Sci-Fi Voice Pack

"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT

"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java(TM) 6 Update 16

"{29C042AB-059B-414C-840E-94775E3F24A8}" = Personality Voices

"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3

"{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie

"{2EFFFC71-1E66-454E-A6E6-CEEC800B96D2}" = Adobe Flash Video Encoder

"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP

"{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}" = JMB36X Raid Configurer

"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform

"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support

"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker

"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger

"{4458C442-7376-4CF9-AF58-E8CEA6722363}" = Adobe Setup

"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack

"{50F102CA-4BE2-41A9-9810-5BB05EB91B9A}" = Adobe Premiere Pro CS3 Functional Content

"{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings

"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent

"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3

"{54B2EAD9-A110-43F7-B010-2859A1BD2AFE}" = Adobe Encore CS3

"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3

"{58DCEEE5-532E-44F4-B1D7-A146EF9E9FDA}" = Adobe Premiere Pro CS3

"{59A614F6-27DE-4F65-A173-554A26DA2DEE}" = Female Voice Pack

"{5B616A3F-43D9-4F0B-9F49-D39342A98592}" = Creatures of Darkness

"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053

"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call

"{60DE4033-9503-48D1-A483-7846BD217CA9}" = ICQ6.5

"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update

"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All

"{6B52140A-F189-4945-BFFC-DB3F00B8C589}" = Adobe Flash CS3

"{6B708481-748A-4EB4-97C1-CD386244FF77}" = Adobe MotionPicture Color Files

"{6BBAA81D-6A7E-43AD-8889-2F002DCAAFDD}" = AHV content for Acrobat and Flash

"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3

"{70B7A167-0B88-445D-A3EA-97C73AA88CAC}" = Windows Live Toolbar

"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable

"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync

"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

"{7ACFB90E-8FD0-4397-AD3A-5195412623A3}" = Adobe Help Viewer CS3

"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec

"{7C10F5C7-F00F-4BD3-A110-C7D240D2DD25}" = Adobe Dreamweaver CS3

"{7DFC1012-D346-46CE-B03E-FF79125AE029}" = Adobe Fireworks CS3

"{8061C2C9-C2A3-4550-A3FC-585B646840CB}" = Fantasy Voice Pack

"{845A8DB9-8802-4FD3-9FE3-938A6C46A2EC}" = Adobe Video Profiles

"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar

"{8718DC03-D066-4957-94E5-50C3C5042E8E}" = Adobe Creative Suite 3 Master Collection

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8A7E941F-2BB4-47D0-B732-8AE5F3513B68}" = ASAPI

"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3

"{8D774B5B-A1D9-45B3-AFB4-3F85604961BC}" = ODF Add-in für Microsoft Word

"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support

"{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003

"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system

"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3

"{901DC58A-5C1B-4315-BA40-5AD3D3A463B9}" = ijji REACTOR

"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting

"{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings

"{994223F3-A99B-4DDD-9E1D-0190A17C6860}" = Windows Live Family Safety

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3

"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI

"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps

"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific

"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2

"{A6B23EFA-6590-482C-A11F-5ACE1B91F5B9}" = Adobe Soundbooth CS3

"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder

"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter

"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support

"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings

"{AC76BA86-1033-0000-7760-000000000003}" = Adobe Acrobat 8 Professional

"{AC76BA86-7AD7-1031-7B44-A90000000001}" = Adobe Reader 9 - Deutsch

"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder

"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter

"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0

"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0

"{B671CBFD-4109-4D35-9252-3062D3CCB7B2}" = Adobe SING CS3

"{B73CFB12-C814-4638-AFFD-7E3AAFAF0B4E}" = Adobe BridgeTalk Plugin CS3

"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3

"{B9F499B8-D1F0-42FC-84BE-CC552123CCCB}" = BlueSoleil

"{BC4F8E84-5E29-49EC-B4E7-E6F9CB50986C}" = Adobe Flash Player 9 ActiveX

"{BE5F3842-8309-4754-92D5-83E02E6077A3}" = Adobe Extension Manager CS3

"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = Die*Sims™*3

"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2

"{C2C284D2-6BD7-3B34-B0C5-B2CAED168DF7}" = Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - DEU

"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2

"{C314CE45-3392-3B73-B4E1-139CD41CA933}" = Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - DEU

"{C43048A9-742C-4DAD-90D2-E3B53C9DB825}" = Logitech QuickCam-Software

"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail

"{C541EEFC-49B0-4976-80DB-4D5B78B50114}" = MorphVOX Pro

"{C5BD220A-EFE8-48A5-B70E-9503D535FACE}" = Adobe WAS CS3

"{CB3F8375-B600-4B9F-83C9-238ED1E583FD}" = Adobe InDesign CS3

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client

"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files

"{D5A31AB1-345D-47C7-A87B-036A669F6DF1}" = Adobe XMP Panels CS3

"{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings

"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings

"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer

"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update

"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime

"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3

"{EA7B3CC4-366D-4CF6-8350-FD7A7034116E}" = Adobe InDesign CS3 Icon Handler

"{EB0202F7-016A-410C-ADE4-40F848CCC661}" = Adobe After Effects CS3

"{F08E8D2E-F132-4742-9C87-D5FF223A016A}" = Adobe Illustrator CS3

"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]

"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard

"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver

"{F439D7AF-03F3-4F8E-AEC4-571BFE977C61}" = iTunes

"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials

"{F916C6DF-2601-4385-9500-C45FF398D4CB}" = Install(GE)

"{FC9E08AA-CD59-4C59-BEF9-87E05B9E37D7}" = Adobe Contribute CS3

"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin

"Adobe Photoshop 7.0" = Adobe Photoshop 7.0

"Adobe_4dcfd9b7e901b57f81f667144603236" = Add or Remove Adobe Creative Suite 3 Master Collection

"Akamai" = Akamai NetSession Interface

"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus

"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters

"DivX Setup.divx.com" = DivX-Setup

"Eazel-DE Toolbar" = Eazel-DE Toolbar

"FBDBServer_1_5_is1" = Firebird 1.5.2.4731

"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.2

"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.2

"Gothic II" = Gothic II

"Gunz" = ijji - Gunz

"ICQToolbar" = ICQ Toolbar

"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs

"ie7" = Windows Internet Explorer 7

"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware

"Messenger Plus! Live" = Messenger Plus! Live

"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU

"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

"Mozilla Firefox (3.6.10)" = Mozilla Firefox (3.6.10)

"Mozilla Thunderbird (3.1.4)" = Mozilla Thunderbird (3.1.4)

"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP

"MsgPlus! Plugin" = Messenger Plus! 3

"MSNINST" = MSN

"MySQL Servers and Clients 3.23.52" = MySQL Servers and Clients 3.23.52

"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs

"Notepad++" = Notepad++

"NVIDIA Drivers" = NVIDIA Drivers

"PartyPoker" = PartyPoker

"PokerStars" = PokerStars

"QcDrv" = Logitech® Camera-Treiber

"SAM3" = SAM Broadcaster (remove only)

"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2

"TeamSpeak 3 Client" = TeamSpeak 3 Client

"TeamViewer 5" = TeamViewer 5

"UltraFXP" = UltraFXP (remove only)

"Uninstall_is1" = Uninstall 1.0.0.1

"VideoGet" = Nuclear Coffee VideoGet 1.0

"VideoGet_is1" = Nuclear Coffee - VideoGet

"Winamp" = Winamp

"Winamp Toolbar" = Winamp Toolbar

"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner

"Windows Media Format Runtime" = Windows Media Format 11 runtime

"Windows XP Service Pack" = Windows XP Service Pack 3

"WinLiveSuite_Wave3" = Windows Live Essentials

"WinPcapInst" = WinPcap 3.1

"WinRAR archiver" = WinRAR

"WMFDist11" = Windows Media Format 11 runtime

"xampp" = XAMPP 1.7.0

"Xfire" = Xfire (remove only)

"XP Codec Pack" = XP Codec Pack

"XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0

Teil 2:

Code:

========== HKEY_CURRENT_USER Uninstall List ==========

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"CodeBlocks" = CodeBlocks

"Dropbox" = Dropbox

"Skat-Online V8" = Skat-Online V8

"Warcraft III" = Warcraft III: All Products

"Winamp Detect" = Winamp Anwendungserkennung

hab nicht mehr rein bekommen... has du kein msn oder icq? per PN gehts auch nich

Poste die Logs als Anhang wie hier beschrieben.

ok also wenn icha uf Anhänge verwalten klick öffnet firefox ein neues google Fenster...

ok das müsste es sein

Schritt 1

Programme deinstallieren

Da einige Programme und Anti-Spy-Programme uns u. U. bei der Bereinigung behindern (z. B. durch ständig laufende Hintergrundwächter), unnötig oder schädlich sind oder einfach nicht mehr gebraucht werden, bitte ich darum, die folgenden Programme über Systemsteuerung => Software komplett zu deinstallieren.

Code:

Ask Toolbar

Eazel-DE Toolbar

Berichte mir, falls sich ein Programm nicht deinstallieren lässt. Nach Beendigung der Bereinigung können wir schauen, welche davon Du wieder installieren kannst/sollest.

Schritt 2

Fixen mit OTL

Starte die OTL.exe.
Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
Kopiere folgendes Skript:

Code:

:OTL
 
 
 

IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)

FF - prefs.js..browser.search.defaultengine: "Ask.com"

FF - prefs.js..browser.search.defaultenginename: "Ask.com"

FF - prefs.js..browser.search.order.1: "Ask.com"

[2010.09.20 18:14:18 | 000,002,385 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\uhtdnvg9.default\searchplugins\askcom.xml

[2009.12.03 11:54:24 | 000,002,476 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\uhtdnvg9.default\searchplugins\BearShareWebSearch.xml

O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.

O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)

O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - Reg Error: Value error. File not found

O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)

O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)

O3 - HKCU\..\Toolbar\WebBrowser: (Eazel-DE Toolbar) - {69B6939F-C70D-45C5-9BBD-E2E2CC3DD8E5} - C:\Programme\Eazel-DE\tbEaz0.dll (Conduit Ltd.)

O2 - BHO: (Eazel-DE Toolbar) - {69b6939f-c70d-45c5-9bbd-e2e2cc3dd8e5} - C:\Programme\Eazel-DE\tbEaz0.dll (Conduit Ltd.)

O3 - HKLM\..\Toolbar: (Eazel-DE Toolbar) - {69b6939f-c70d-45c5-9bbd-e2e2cc3dd8e5} - C:\Programme\Eazel-DE\tbEaz0.dll (Conduit Ltd.)

O4 - HKLM..\Run: []  File not found

O4 - HKCU..\Run: [Hhacacoyusiku] C:\WINDOWS\nvmal40.DLL File not found

O4 - HKCU..\Run: [RegistryBooster] D:\RegistryBooster\launcher.exe File not found

[2010.10.05 22:01:02 | 000,000,228 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 93.188.162.233,93.188.161.233

[2010.07.21 20:26:12 | 000,000,000 | ---- | C] () -- C:\WINDOWS\izehijepu.dll

[2010.07.21 18:24:12 | 000,000,000 | ---- | C] () -- C:\WINDOWS\evuyakid.dll

[2010.07.21 14:54:28 | 000,000,000 | ---- | C] () -- C:\WINDOWS\epadoyadomipu.dll

[2010.07.20 20:23:28 | 000,000,000 | ---- | C] () -- C:\WINDOWS\avihohilofejin.dll

[2010.07.20 18:21:29 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ejocubuw.dll

[2010.07.19 18:06:55 | 000,000,000 | ---- | C] () -- C:\WINDOWS\awemememe.dll

[2010.07.19 16:53:28 | 000,000,000 | ---- | C] () -- C:\WINDOWS\axizazowemulule.dll

[2010.07.19 02:08:15 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ayexivum.dll

[2010.07.19 00:06:16 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ataqiwogijaniler.dll

[2010.07.18 22:04:16 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ezizodul.dll

[2010.07.18 20:18:55 | 000,000,000 | ---- | C] () -- C:\WINDOWS\uvezajifo.dll

[2010.07.18 18:16:55 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ikorokow.dll

[2010.07.18 16:14:55 | 000,000,000 | ---- | C] () -- C:\WINDOWS\isiyacik.dll

[2010.07.17 14:58:32 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ujocubuwo.dll

[2010.07.17 13:59:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ibiboludos.dll

[2010.07.17 04:41:46 | 000,000,000 | ---- | C] () -- C:\WINDOWS\urebawut.dll

[2010.07.17 02:39:45 | 000,000,000 | ---- | C] () -- C:\WINDOWS\erabogiseyite.dll

[2010.07.17 00:37:46 | 000,000,000 | ---- | C] () -- C:\WINDOWS\oleturet.dll

[2010.07.16 22:35:45 | 000,000,000 | ---- | C] () -- C:\WINDOWS\agiqiwogijaniler.dll

[2010.07.16 20:33:45 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ipisilarefozuzi.dll

[2010.07.16 18:31:46 | 000,000,000 | ---- | C] () -- C:\WINDOWS\izufazem.dll

[2010.07.16 00:59:59 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ezogurix.dll

[2010.07.15 22:57:59 | 000,000,000 | ---- | C] () -- C:\WINDOWS\owawifukineme.dll

[2010.07.15 18:21:25 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ahekihibazu.dll

[2010.07.15 10:59:32 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ulocijezoweq.dll

[2010.07.15 01:53:56 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iliqaquz.dll

[2010.07.14 23:55:16 | 000,000,000 | ---- | C] () -- C:\WINDOWS\axonubililahacaf.dll

[2010.07.14 21:49:54 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ixipuqazef.dll

[2010.07.14 18:11:09 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ewawiwif.dll

[2010.07.13 23:39:29 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iculadol.dll

[2010.07.13 19:24:45 | 000,000,000 | ---- | C] () -- C:\WINDOWS\abenesan.dll

[2010.07.13 18:39:12 | 000,000,000 | ---- | C] () -- C:\WINDOWS\etecejox.dll

[2010.07.13 01:24:38 | 000,000,000 | ---- | C] () -- C:\WINDOWS\uxujomurarana.dll

[2010.07.12 23:18:35 | 000,000,000 | ---- | C] () -- C:\WINDOWS\alacanuv.dll

[2010.07.11 23:14:01 | 000,000,000 | ---- | C] () -- C:\WINDOWS\abanapoxubacepe.dll

[2010.07.10 17:21:21 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ijuzuqufu.dll

[2010.07.10 15:18:41 | 000,000,000 | ---- | C] () -- C:\WINDOWS\alocijezoweqohar.dll

[2010.07.10 11:54:56 | 000,000,000 | ---- | C] () -- C:\WINDOWS\afupujax.dll

[2010.07.10 02:44:55 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ukaqajetecoqa.dll

[2010.07.09 23:04:32 | 000,000,000 | ---- | C] () -- C:\WINDOWS\enelotefacosa.dll

:Commands

[resethosts]

[purity]

[emptytemp]

und füge es hier ein: http://image.hijackthis.eu/upload/hjt1-021.jpg
Schließe alle Programme.
Klicke auf den Fix Button.
Klick auf http://billy-oneal.com/Canned%20Spee.../OTL/btnOK.png.
OTL verlangt einen Neustart. Bitte zulassen.
Nach dem Neustart findest Du ein Textdokument.
Kopiere den Inhalt hier in Code-Tags in Deinen Thread.

Schritt 3

Downloade Malwarebytes Anti-Malware (ca. 2 MB) von diesen Downloadspiegel:

Malwarebytes

Installiere das Programm in den vorgegebenen Pfad.
Denke daran, bei Vista das Programm als Admin zu starten, ansonsten per Doppelklick starten.
Lasse es online updaten (Reiter Updates), wenn das nicht automatisch passiert (ca. 1 MB).
Aktiviere "Komplett Scan durchführen" => Scan.
Wähle alle verfügbaren Laufwerke aus und starte den Scan.
Wenn der Scan beendet ist, klicke auf "Zeige Resultate".
Versichere Dich, dass alle Funde markiert sind und drücke "Löschen".
Poste das Logfile, welches sich in Notepad öffnet, hier in den Thread.
Nachträglich kannst du den Bericht unter "Scan-Berichte" finden.
Berichte, wie der Rechner nun läuft.

Hier findest Du eine ausführliche und bebilderte Anleitung.

Schritt 4

Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Lade ComboFix von einem der unten aufgeführten Links herunter. Du musst diese umbenennen, bevor Du es auf den Desktop speicherst. Speichere ComboFix auf deinen Desktop.

**NB: Es ist wichtig, das ComboFix.exe auf dem Desktop gespeichert wird**

http://i266.photobucket.com/albums/i...ownload_FF.gif

http://i94.photobucket.com/albums/l8...x-Download.png

Deaktivere Deine Anti-Virus- und Anti-Spyware-Programme. Normalerweise kannst Du dies über einen Rechtsklick auf das Systemtray-Icon tun. Die Programme könnten sonst eventuell unsere Programme bei deren Arbeit stören.
Doppel-klicke auf ComboFix.exe und folge den Aufforderungen.
- Wenn ComboFix fertig ist, wird es ein Log für dich erstellen.
- Bitte poste mir den Inhalt von C:\ComboFix.txt hier in de Thread.

das ist von Schritt 2:

Code:

All processes killed

========== OTL ==========

Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{00000000-6E41-4FD3-8538-502F5495E5FC} not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}\ not found.

File C:\Programme\Ask.com\GenericAskToolbar.dll not found.

Prefs.js: "Ask.com" removed from browser.search.defaultengine

Prefs.js: "Ask.com" removed from browser.search.defaultenginename

Prefs.js: "Ask.com" removed from browser.search.order.1

File C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\uhtdnvg9.default\searchplugins\askcom.xml not found.

File C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\uhtdnvg9.default\searchplugins\BearShareWebSearch.xml not found.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}\ not found.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{D4027C7F-154A-4066-A1AD-4243D8127440} not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.

File C:\Programme\Ask.com\GenericAskToolbar.dll not found.

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.

File C:\Programme\Ask.com\GenericAskToolbar.dll not found.

Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.

File C:\Programme\Ask.com\GenericAskToolbar.dll not found.

Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{69B6939F-C70D-45C5-9BBD-E2E2CC3DD8E5} not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{69B6939F-C70D-45C5-9BBD-E2E2CC3DD8E5}\ not found.

File DE\tbEaz0.dll not found.

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{69b6939f-c70d-45c5-9bbd-e2e2cc3dd8e5}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{69b6939f-c70d-45c5-9bbd-e2e2cc3dd8e5}\ not found.

File C:\Programme\Eazel-DE\tbEaz0.dll not found.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{69b6939f-c70d-45c5-9bbd-e2e2cc3dd8e5} not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{69b6939f-c70d-45c5-9bbd-e2e2cc3dd8e5}\ not found.

File DE\tbEaz0.dll not found.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.

Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Hhacacoyusiku deleted successfully.

Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\RegistryBooster deleted successfully.

File C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job not found.

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\\NameServer| /E : value set successfully!

C:\WINDOWS\izehijepu.dll moved successfully.

C:\WINDOWS\evuyakid.dll moved successfully.

C:\WINDOWS\epadoyadomipu.dll moved successfully.

C:\WINDOWS\avihohilofejin.dll moved successfully.

C:\WINDOWS\ejocubuw.dll moved successfully.

C:\WINDOWS\awemememe.dll moved successfully.

C:\WINDOWS\axizazowemulule.dll moved successfully.

C:\WINDOWS\ayexivum.dll moved successfully.

C:\WINDOWS\ataqiwogijaniler.dll moved successfully.

C:\WINDOWS\ezizodul.dll moved successfully.

C:\WINDOWS\uvezajifo.dll moved successfully.

C:\WINDOWS\ikorokow.dll moved successfully.

C:\WINDOWS\isiyacik.dll moved successfully.

C:\WINDOWS\ujocubuwo.dll moved successfully.

C:\WINDOWS\ibiboludos.dll moved successfully.

C:\WINDOWS\urebawut.dll moved successfully.

C:\WINDOWS\erabogiseyite.dll moved successfully.

C:\WINDOWS\oleturet.dll moved successfully.

C:\WINDOWS\agiqiwogijaniler.dll moved successfully.

C:\WINDOWS\ipisilarefozuzi.dll moved successfully.

C:\WINDOWS\izufazem.dll moved successfully.

C:\WINDOWS\ezogurix.dll moved successfully.

C:\WINDOWS\owawifukineme.dll moved successfully.

C:\WINDOWS\ahekihibazu.dll moved successfully.

C:\WINDOWS\ulocijezoweq.dll moved successfully.

C:\WINDOWS\iliqaquz.dll moved successfully.

C:\WINDOWS\axonubililahacaf.dll moved successfully.

C:\WINDOWS\ixipuqazef.dll moved successfully.

C:\WINDOWS\ewawiwif.dll moved successfully.

C:\WINDOWS\iculadol.dll moved successfully.

C:\WINDOWS\abenesan.dll moved successfully.

C:\WINDOWS\etecejox.dll moved successfully.

C:\WINDOWS\uxujomurarana.dll moved successfully.

C:\WINDOWS\alacanuv.dll moved successfully.

C:\WINDOWS\abanapoxubacepe.dll moved successfully.

C:\WINDOWS\ijuzuqufu.dll moved successfully.

C:\WINDOWS\alocijezoweqohar.dll moved successfully.

C:\WINDOWS\afupujax.dll moved successfully.

C:\WINDOWS\ukaqajetecoqa.dll moved successfully.

C:\WINDOWS\enelotefacosa.dll moved successfully.

========== COMMANDS ==========

C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.

HOSTS file reset successfully

 

[EMPTYTEMP]

 

User: Administrator

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

 

User: All Users

 

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

 

User: LocalService

->Temp folder emptied: 66016 bytes

->Temporary Internet Files folder emptied: 299942 bytes

 

User: Markus

->Temp folder emptied: 3660038894 bytes

->Temporary Internet Files folder emptied: 256971070 bytes

->Java cache emptied: 89857091 bytes

->FireFox cache emptied: 117864339 bytes

->Opera cache emptied: 73300504 bytes

->Flash cache emptied: 3856070 bytes

 

User: NetworkService

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 2448263 bytes

 

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 4621899 bytes

%systemroot%\System32 .tmp files removed: 4528519 bytes

%systemroot%\System32\dllcache .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 59649691 bytes

RecycleBin emptied: 1673046 bytes

 

Total Files Cleaned = 4.077,00 mb

 

 

OTL by OldTimer - Version 3.2.14.1 log created on 10072010_212524
 

Files\Folders moved on Reboot...

File\Folder C:\WINDOWS\temp\Perflib_Perfdata_474.dat not found!
 

Registry entries deleted on Reboot...

Schritt 3:

Code:

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org
 

Datenbank Version: 4770
 

Windows 5.1.2600 Service Pack 3

Internet Explorer 7.0.5730.13
 

07.10.2010 23:10:03

mbam-log-2010-10-07 (23-10-03).txt
 

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|F:\|)

Durchsuchte Objekte: 356104

Laufzeit: 1 Stunde(n), 7 Minute(n), 29 Sekunde(n)
 

Infizierte Speicherprozesse: 0

Infizierte Speichermodule: 0

Infizierte Registrierungsschlüssel: 0

Infizierte Registrierungswerte: 1

Infizierte Dateiobjekte der Registrierung: 1

Infizierte Verzeichnisse: 0

Infizierte Dateien: 0
 

Infizierte Speicherprozesse:

(Keine bösartigen Objekte gefunden)
 

Infizierte Speichermodule:

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungsschlüssel:

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungswerte:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Terminal Server\Install\Software\Microsoft\Windows\CurrentVersion\Run\firewall administrating (Backdoor.IRCBot) -> Quarantined and deleted successfully.
 

Infizierte Dateiobjekte der Registrierung:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{a22b8089-adc3-4348-93e1-be54b27989d0}\NameServer (Trojan.DNSChanger) -> Data: 93.188.162.233,93.188.161.233 -> Quarantined and deleted successfully.
 

Infizierte Verzeichnisse:

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateien:

(Keine bösartigen Objekte gefunden)