Trojaner-Board - Gema Trojaner Win XP - Desktop leer, Taskleiste weg

Trojaner-Board (https://www.trojaner-board.de/)

- Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)

- - Gema Trojaner Win XP - Desktop leer, Taskleiste weg (https://www.trojaner-board.de/107940-gema-trojaner-win-xp-desktop-leer-taskleiste-weg.html)

Beim ausführen kommt die Meldung
_______________
CFScript Namensfehler

Hast Du versucht, CFScript auszuführen?
Der Name, CFScript scheint nicht korrekt buchstabiert zu sein.

OK
___________________________

Zitat:

ausgeführt von:: C:\ComboFix.exe

Kann es vllt hier dran liegen! Wo soll die combofix.exe liegen und warum liegt sie bei dir nicht dort?

Zitat:

Der Name, CFScript scheint nicht korrekt buchstabiert zu sein.

Das Script heißt CFScript.txt

Hätte wohl vorher fragen sollen.
Da du geschrieben hast das Script auf dem Desktop speichern, und es müssen alle Programme geschlossen sein, habe ich die ComboFix.exe von C: auf den Desktop verschoben.
Hatte vorher auf C: gespeichert da der Desktop ja weg war.

Starte neu und probier es einfach nochmal. ggf auch mal combofix.exe neu runterladen auf den DESKTOP

War wieder zu schnell, habe das Script auf C: kopiert und nicht die exe auf den Desktop. Hat aber trotzdem geklappt.

System neu gestartet...

Beim starten kommt die Meldung

_________________

AsusProb.exe - Komponente nicht gefunden

Die Anwendung konnte nicht gestartet werden, weil VCL35.bpl nicht gefunden wurde. Neuinstallation der Anwendung könnte das Problem beheben.

OK
_________________

Code:

ComboFix 12-01-16.02 - Weisi 16.01.2012  21:55:11.3.1 - x86

Microsoft Windows XP Professional  5.1.2600.3.1252.49.1031.18.2815.2355 [GMT 1:00]

ausgeführt von:: C:\ComboFix.exe

Benutzte Befehlsschalter :: c:\dokumente und einstellungen\Weisi\Desktop\CFScript.txt

AV: AntiVir Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}

.

FILE ::

"c:\windows\system32\drivers\uxy9b.sys"

"c:\windows\system32\drivers\xcpip.sys"

"c:\windows\system32\drivers\xpsec.sys"

.

.

((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

C:\Thumbs.db

.

.

(((((((((((((((((((((((((((((((((((((((   Treiber/Dienste   )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

-------\Legacy_UXY9B.SYS

-------\Service_uxy9b.sys

-------\Service_xcpip

-------\Service_xpsec

.

.

(((((((((((((((((((((((   Dateien erstellt von 2011-12-16 bis 2012-01-16  ))))))))))))))))))))))))))))))

.

.

2012-01-14 16:46 . 2012-01-14 16:46        684297        ----a-w-        C:\unhide.exe

2012-01-14 16:42 . 2012-01-14 16:42        1972528        ----a-w-        C:\tdsskiller.exe

2012-01-14 15:24 . 2012-01-14 15:24        --------        d-----w-        C:\_OTL

2012-01-13 20:28 . 2012-01-13 20:28        584192        ----a-w-        C:\OTL.exe

2012-01-12 21:01 . 2012-01-12 21:01        --------        d-----w-        c:\programme\ESET

2012-01-10 22:41 . 2008-04-14 03:22        1036800        ----a-w-        c:\windows\explorer.exe

2012-01-10 00:20 . 2012-01-10 06:43        --------        d---a-w-        C:\Kaspersky Rescue Disk 10.0

2012-01-03 18:47 . 2012-01-03 18:47        --------        d-----w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\CanonIJMyPrinter

2012-01-03 18:47 . 2012-01-03 18:49        --------        d-----w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\CanonIJPLM

2012-01-03 18:30 . 2012-01-03 18:30        --------        d-----w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\CanonBJ

2012-01-03 18:30 . 2009-03-24 04:00        70656        ----a-w-        c:\windows\system32\Spool\prtprocs\w32x86\CNMPPA1.DLL

2012-01-03 18:30 . 2009-03-24 04:00        27648        ----a-w-        c:\windows\system32\Spool\prtprocs\w32x86\CNMPDA1.DLL

2012-01-03 18:30 . 2009-03-24 04:00        272384        ----a-w-        c:\windows\system32\CNMLMA1.DLL

2012-01-03 18:30 . 2012-01-03 18:30        --------        d-----w-        c:\windows\system32\CanonIJ Uninstaller Information

2012-01-03 18:30 . 2009-03-18 09:09        178176        ----a-w-        c:\windows\system32\CNMIUA1.DLL

2012-01-03 18:29 . 2012-01-03 18:29        --------        d-----w-        c:\programme\CanonBJ

2012-01-03 18:25 . 2008-04-13 23:17        25856        -c--a-w-        c:\windows\system32\dllcache\usbprint.sys

2012-01-03 18:25 . 2008-04-13 23:17        25856        ----a-w-        c:\windows\system32\drivers\usbprint.sys

.

.

.

((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-01-08 16:12 . 2007-11-11 13:34        138520        ----a-w-        c:\windows\system32\drivers\PnkBstrK.sys

2012-01-08 16:12 . 2009-07-16 17:43        234536        ----a-w-        c:\windows\system32\PnkBstrB.xtr

2012-01-08 16:12 . 2007-11-11 13:34        234536        ----a-w-        c:\windows\system32\PnkBstrB.exe

2012-01-06 14:45 . 2001-08-23 11:00        12400        ----a-w-        c:\windows\system32\drivers\secdrv.sys

2012-01-05 18:30 . 2005-06-22 21:45        60416        ----a-w-        c:\windows\ALCFDRTM.VER

2011-12-10 14:24 . 2009-02-07 14:01        20464        ----a-w-        c:\windows\system32\drivers\mbam.sys

2011-11-23 14:40 . 2001-08-23 11:00        1859712        ----a-w-        c:\windows\system32\win32k.sys

2011-11-22 21:36 . 2011-08-14 20:24        414368        ----a-w-        c:\windows\system32\FlashPlayerCPLApp.cpl

2011-11-20 12:40 . 2005-10-21 12:31        43520        ----a-w-        c:\windows\system32\CmdLineExt03.dll

2011-11-04 19:13 . 2001-08-23 11:00        916992        ----a-w-        c:\windows\system32\wininet.dll

2011-11-04 19:13 . 2001-08-23 11:00        43520        ----a-w-        c:\windows\system32\licmgr10.dll

2011-11-04 19:13 . 2001-08-23 11:00        1469440        ------w-        c:\windows\system32\inetcpl.cpl

2011-11-04 11:23 . 2005-06-22 16:15        385024        ----a-w-        c:\windows\system32\html.iec

2011-11-01 16:07 . 2001-08-23 11:00        1288704        ----a-w-        c:\windows\system32\ole32.dll

2011-10-28 05:31 . 2001-08-23 11:00        33280        ----a-w-        c:\windows\system32\csrsrv.dll

2011-10-26 10:49 . 2001-08-23 11:00        2195072        ----a-w-        c:\windows\system32\ntoskrnl.exe

2011-10-26 10:49 . 2001-08-18 04:28        2071680        ----a-w-        c:\windows\system32\ntkrnlpa.exe

2010-10-12 15:33 . 2010-10-12 15:33        124344        ----a-w-        c:\programme\mozilla firefox\plugins\CCMSDK.dll

2010-10-12 17:15 . 2010-10-12 17:15        13240        ----a-w-        c:\programme\mozilla firefox\plugins\cgpcfg.dll

2010-10-12 15:37 . 2010-10-12 15:37        70592        ----a-w-        c:\programme\mozilla firefox\plugins\CgpCore.dll

2010-10-12 15:35 . 2010-10-12 15:35        91576        ----a-w-        c:\programme\mozilla firefox\plugins\confmgr.dll

2010-10-12 15:34 . 2010-10-12 15:34        22464        ----a-w-        c:\programme\mozilla firefox\plugins\ctxlogging.dll

2010-10-12 15:32 . 2010-10-12 15:32        255416        ----a-w-        c:\programme\mozilla firefox\plugins\ctxmui.dll

2010-10-12 15:35 . 2010-10-12 15:35        31672        ----a-w-        c:\programme\mozilla firefox\plugins\icafile.dll

2010-10-12 15:34 . 2010-10-12 15:34        40384        ----a-w-        c:\programme\mozilla firefox\plugins\icalogon.dll

2010-07-14 11:42 . 2010-07-14 11:42        898480        ----a-w-        c:\programme\mozilla firefox\plugins\sslsdk_b.dll

2010-10-12 15:37 . 2010-10-12 15:37        24000        ----a-w-        c:\programme\mozilla firefox\plugins\TcpPServ.dll

.

.

(((((((((((((((((((((((((((((   SnapShot@2012-01-16_20.18.11   )))))))))))))))))))))))))))))))))))))))))

.

+ 2012-01-16 21:04 . 2012-01-16 21:04        16384              c:\windows\temp\Perflib_Perfdata_57c.dat

.

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))

.

.

*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NBJ"="c:\programme\Ahead\Nero BackItUp\NBJ.exe" [2003-11-04 1720320]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SoundMan"="SOUNDMAN.EXE" [2004-11-15 77824]

"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]

"ElbyCheckAnyDVD"="c:\programme\SlySoft\AnyDVD\ElbyCheck.exe" [2003-09-20 45056]

"ASUS Probe"="c:\programme\ASUS\Probe\AsusProb.exe" [2002-12-06 617984]

"CORSAIR_PLUtil"="c:\programme\Corsair\Corsair Flash Voyager Utility\PLBkMon.exe" [2004-11-11 90112]

"OpwareSE2"="c:\programme\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" [2003-05-08 49152]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-22 7700480]

"nwiz"="nwiz.exe" [2006-10-22 1622016]

"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-10-22 86016]

"LexwareInfoService"="c:\programme\Gemeinsame Dateien\Lexware\Update Manager\LxUpdateManager.exe" [2010-09-15 339312]

"QuickTime Task"="c:\programme\QuickTime\qttask.exe" [2009-11-10 417792]

"ConnectionCenter"="c:\programme\Citrix\ICA Client\concentr.exe" [2010-10-12 304568]

"StartCCC"="c:\programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-02-10 61440]

"Adobe ARM"="c:\programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]

"CanonMyPrinter"="c:\programme\Canon\MyPrinter\BJMyPrt.exe" [2009-07-27 1983816]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]

.

c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\

Microsoft Office.lnk - c:\programme\Microsoft Office\Office\OSA9.EXE [2000-1-21 65588]

RAMASST.lnk - c:\windows\system32\RAMASST.exe [2006-1-5 155648]

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avgnt]

2010-12-30 14:37        281768        ----a-w-        c:\programme\Avira\AntiVir Desktop\avgnt.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AWatch]

2003-06-10 13:52        507904        ----a-w-        c:\programme\FRITZ!DSL\AWatch.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

2010-02-15 17:07        141608        ----a-w-        c:\programme\iTunes\iTunesHelper.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]

2008-12-03 11:47        1205760        ----a-w-        c:\programme\Nokia\Nokia PC Suite 7\PCSuite.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\rfxsrvtray]

2010-01-13 11:24        686344        ----a-w-        c:\programme\Tobit Radio.fx\Client\rfx-tray.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Start WingMan Profiler]

2004-04-23 12:28        77824        ----a-w-        c:\programme\Logitech\Profiler\LWEMon.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"AntiVirService"=2 (0x2)

"AntiVirSchedulerService"=2 (0x2)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"e:\\Spiele\\Battlefield 2\\BF2.exe"=

"c:\\Programme\\GameSpy Arcade\\Aphex.exe"=

"e:\\Spiele\\Battlefield 1942\\BF1942.exe"=

"e:\\Spiele\\Return to Castle Wolfenstein\\WolfMP.exe"=

"e:\\Spiele\\Wolfenstein - Enemy Territory\\ET.exe"=

"e:\\Spiele\\Sudden Strike II\\game\\code\\Release\\game_exe.exe"=

"c:\\Programme\\THQ\\Company of Heroes\\BugReport\\BugReport.exe"=

"e:\\Spiele\\Call of Duty 2\\CoD2MP_s.exe"=

"c:\\Programme\\THQ\\Company of Heroes\\RelicCOH.exe"=

"c:\\Programme\\UltraVNC\\vncviewer.exe"=

"c:\\Programme\\Real\\RealPlayer\\realplay.exe"=

"c:\\Programme\\fotobuch.de AG\\Designer 2.0\\Designer.exe"=

"c:\\WINDOWS\\system32\\usmt\\migwiz.exe"=

"c:\\WINDOWS\\system32\\dpvsetup.exe"=

"c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\WINDOWS\\system32\\sessmgr.exe"=

"c:\\Programme\\ICQ6.5\\ICQ.exe"=

"c:\\WINDOWS\\system32\\PnkBstrA.exe"=

"c:\\WINDOWS\\system32\\PnkBstrB.exe"=

"c:\\Programme\\Tobit Radio.fx\\Server\\rfx-server.exe"=

"c:\\Programme\\Tobit Radio.fx\\Client\\rfx-client.exe"=

"c:\\Programme\\Bonjour\\mDNSResponder.exe"=

"c:\\Programme\\iTunes\\iTunes.exe"=

"e:\\Spiele\\Steam\\Steam.exe"=

"c:\\Programme\\THQ\\Relic Entertainment\\Company of Heroes Online\\Game\\RelicCoHOWW.exe"=

"c:\\Dokumente und Einstellungen\\Weisi\\Lokale Einstellungen\\Apps\\2.0\\BM2ZNJ6X.QHP\\PHOMJ3MO.R9H\\coho..tion_4fdd38d166a17713_0001.0001_2ea3ae6aea32b9ef\\CoHOLauncher.exe"=

"c:\\WINDOWS\\system32\\dplaysvr.exe"=

"e:\\Spiele\\Battlefield Vietnam\\bfvietnam.exe"=

"e:\\Spiele\\Landwirtschafts Simulator 2011\\FarmingSimulator2011.exe"=

"e:\\Spiele\\Landwirtschafts Simulator 2011\\game.exe"=

"c:\\Programme\\Skype\\Phone\\Skype.exe"=

"e:\\Spiele\\Battlefield 2\\forgottenhope2.exe"=

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009

"17496:TCP"= 17496:TCP:BitComet 17496 TCP

"17496:UDP"= 17496:UDP:BitComet 17496 UDP

.

R0 PLFF;USB Flash Disk Driver;c:\windows\system32\drivers\plff.sys [30.08.2005 18:41 7424]

R1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\drivers\ctxusbm.sys [14.07.2010 12:51 65584]

R2 aadev;AVM ADSL Adapter Device;c:\windows\system32\drivers\Aadev.sys [22.06.2005 18:34 27648]

R2 AntiVirSchedulerService;Avira AntiVir Planer;c:\programme\Avira\AntiVir Desktop\sched.exe [27.11.2009 22:05 136360]

R2 vnccom;vnccom;c:\windows\system32\drivers\vnccom.SYS [26.03.2007 20:03 6016]

R3 AVMDSLPPPOE;AVM DSL PPPoE CAPI Treiber;c:\windows\system32\drivers\avmdsloe.sys [27.06.2003 01:00 39552]

R3 AVMNDSL;AVM DSL NDIS WAN CAPI Treiber;c:\windows\system32\drivers\avmndsl.sys [27.06.2003 01:00 38992]

R3 Bonifay;Bonifay;c:\windows\system32\drivers\Bonifay.sys [23.10.2007 16:32 12928]

R3 FDSSBASE;AVM FRITZ!Card DSL SL (WinXP/2000);c:\windows\system32\drivers\fdssbase.sys [27.06.2003 01:00 665600]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18.03.2010 13:16 130384]

S3 Gonzales;Gonzales;c:\windows\system32\drivers\Gonzales.sys [23.10.2007 16:32 7040]

S3 NETFWDSL;AVM FRITZ!web DSL PPP;c:\windows\system32\drivers\NETFWDSL.SYS [22.06.2005 18:34 336384]

S3 Radio.fx;Radio.fx Server;c:\programme\Tobit Radio.fx\Server\rfx-server.exe [13.12.2009 09:34 2452232]

S3 SCR3xx USB Smart Card Reader;SCR3xx USB Smart Card Reader;c:\windows\system32\drivers\SCR3XX2K.sys [25.10.2009 09:14 57600]

S3 SCR3XX2K;SCR3xx USB SmartCardReader;c:\windows\system32\drivers\SCR3XX2K.sys [25.10.2009 09:14 57600]

S3 SE4501D;Gigaset USB Adapter 54 Driver;c:\windows\system32\drivers\SE4501D.sys [26.03.2006 17:10 346656]

S3 STC2DFU;STCII DFU Adapter;c:\windows\system32\DRIVERS\Stc2Dfu.SYS --> c:\windows\system32\DRIVERS\Stc2Dfu.SYS [?]

S3 STCFUx32;STC DFU Driver;c:\windows\system32\drivers\STCFUx32.sys [13.11.2008 14:10 7680]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18.03.2010 13:16 753504]

S3 zlportio;zlportio;\??\c:\programme\UltraStar Deluxe\zlportio.sys --> c:\programme\UltraStar Deluxe\zlportio.sys [?]

.

Inhalt des "geplante Tasks" Ordners

.

2011-12-16 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\programme\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

.

2012-01-16 c:\windows\Tasks\User_Feed_Synchronization-{5B2A5CDB-E6AE-431D-9038-90B3EEABA11D}.job

- c:\windows\system32\msfeedssync.exe [2007-08-13 02:31]

.

.

------- Zusätzlicher Suchlauf -------

.

uStart Page = hxxp://www.google.de/

uSearchMigratedDefaultURL = hxxp://search.msn.de/spresults.aspx?q={searchTerms}

uInternet Settings,ProxyOverride = *.local

IE: &Alles mit BitComet herunterladen - c:\programme\BitComet\BitComet.exe/AddAllLink.htm

IE: Alle &Videos mit BitComet herunterladen - c:\programme\BitComet\BitComet.exe/AddVideo.htm

IE: Alles mit FlashGet laden - c:\programme\FlashGet\jc_all.htm

IE: Easy-WebPrint Drucken - c:\programme\Canon\Easy-WebPrint\Resource.dll/RC_Print.html

IE: Easy-WebPrint Schnelldruck - c:\programme\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html

IE: Easy-WebPrint Vorschau - c:\programme\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html

IE: Easy-WebPrint Zu Druckliste hinzufügen - c:\programme\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html

IE: Mit BitComet herunter&laden - c:\programme\BitComet\BitComet.exe/AddLink.htm

IE: Mit FlashGet laden - c:\programme\FlashGet\jc_link.htm

IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

Trusted Zone: ltow.de\ag

TCP: DhcpNameServer = 192.168.2.1

TCP: Interfaces\{20D67A27-0516-4A6D-B1B4-A2FA3F12F385}: NameServer = 192.168.122.252,192.168.122.253

DPF: {B1953AD6-C50E-11D3-B020-00A0C9251384} - hxxp://www.o2c.de/download/o2cplayer.cab

FF - ProfilePath - c:\dokumente und einstellungen\Weisi\Anwendungsdaten\Mozilla\Firefox\Profiles\3hez5sd9.default\

FF - prefs.js: network.proxy.type - 0

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\programme\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - c:\programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension

FF - Ext: Java Quick Starter: jqs@sun.com - c:\programme\Java\jre6\lib\deploy\jqs\ff

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}

FF - user.js: network.cookie.cookieBehavior - 0

FF - user.js: privacy.clearOnShutdown.cookies - false

FF - user.js: security.warn_viewing_mixed - false

FF - user.js: security.warn_viewing_mixed.show_once - false

FF - user.js: security.warn_submit_insecure - false

FF - user.js: security.warn_submit_insecure.show_once - false

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net

Rootkit scan 2012-01-16 22:05

Windows 5.1.2600 Service Pack 3 NTFS

.

Scanne versteckte Prozesse... 

.

Scanne versteckte Autostarteinträge... 

.

Scanne versteckte Dateien... 

.

Scan erfolgreich abgeschlossen

versteckte Dateien: 0

.

**************************************************************************

.

--------------------- Gesperrte Registrierungsschluessel ---------------------

.

[HKEY_USERS\S-1-5-21-515967899-1229272821-839522115-1003\Software\Microsoft\SystemCertificates\AddressBook*]

@Allowed: (Read) (RestrictedCode)

@Allowed: (Read) (RestrictedCode)

.

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\•€|ÿÿÿÿ"•€|ù•Ñw*]

"7040210900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"

.

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\€–€|ÿÿÿÿÀ•€|ù•6~*]

"7040210900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"

.

--------------------- Durch laufende Prozesse gestartete DLLs ---------------------

.

- - - - - - - > 'winlogon.exe'(728)

c:\windows\system32\Ati2evxx.dll

.

- - - - - - - > 'explorer.exe'(2736)

c:\programme\ScanSoft\OmniPageSE2.0\ophookSE2.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\programme\Nokia\Nokia PC Suite 7\PhoneBrowser.dll

c:\programme\Nokia\Nokia PC Suite 7\NGSCM.DLL

c:\programme\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_ger.nlr

c:\programme\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Weitere laufende Prozesse ------------------------

.

c:\windows\system32\Ati2evxx.exe

c:\windows\system32\Ati2evxx.exe

c:\windows\System32\SCardSvr.exe

c:\programme\Avira\AntiVir Desktop\avguard.exe

c:\windows\system32\DVDRAMSV.exe

c:\programme\Canon\IJPLM\IJPLMSVC.EXE

c:\programme\Avira\AntiVir Desktop\avshadow.exe

c:\programme\Java\jre6\bin\jqs.exe

c:\windows\system32\IoctlSvc.exe

c:\windows\system32\PnkBstrA.exe

c:\programme\Canon\CAL\CALMAIN.exe

c:\windows\System32\wbem\wmiapsrv.exe

c:\windows\SOUNDMAN.EXE

c:\windows\system32\rundll32.exe

c:\programme\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

c:\programme\Citrix\ICA Client\wfcrun32.exe

c:\programme\ATI Technologies\ATI.ACE\Core-Static\ccc.exe

.

**************************************************************************

.

Zeit der Fertigstellung: 2012-01-16  22:10:18 - PC wurde neu gestartet

ComboFix-quarantined-files.txt  2012-01-16 21:10

ComboFix2.txt  2012-01-16 20:19

ComboFix3.txt  2009-01-26 20:40

.

Vor Suchlauf: 18 Verzeichnis(se), 20.714.639.360 Bytes frei

Nach Suchlauf: 19 Verzeichnis(se), 20.660.105.216 Bytes frei

.

- - End Of File - - 123EA74B81B58D16992398F84D31FF57

Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.

Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM!

Downloade dir bitte

aswMBR.exe und speichere die Datei auf deinem Desktop.

Starte die aswMBR.exe - (aswMBR.exe Anleitung)
Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
Klicke auf Scan.
Warte bitte bis Scan finished successfully im DOS-Fenster steht.
Drücke auf Save Log und speichere diese auf dem Desktop.

Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).

GMER

Code:

GMER 1.0.15.15641 - hxxp://www.gmer.net

Rootkit scan 2012-01-17 06:35:56

Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP4T0L0-9 SAMSUNG_SP2004C rev.VM100-33

Running: o6u1gzl5.exe; Driver: C:\DOKUME~1\Weisi\LOKALE~1\Temp\fgtdypog.sys
 
 

---- System - GMER 1.0.15 ----
 

SSDT            BA74208E                                                                                         ZwCreateKey

SSDT            BA742084                                                                                         ZwCreateThread

SSDT            BA742093                                                                                         ZwDeleteKey

SSDT            BA74209D                                                                                         ZwDeleteValueKey

SSDT            BA7420A2                                                                                         ZwLoadKey

SSDT            BA742070                                                                                         ZwOpenProcess

SSDT            BA742075                                                                                         ZwOpenThread

SSDT            BA7420AC                                                                                         ZwReplaceKey

SSDT            BA7420A7                                                                                         ZwRestoreKey

SSDT            BA742098                                                                                         ZwSetValueKey
 

---- Kernel code sections - GMER 1.0.15 ----
 

?               Combo-Fix.sys                                                                                    Das System kann die angegebene Datei nicht finden. !

.text           C:\WINDOWS\system32\DRIVERS\ati2mtag.sys                                                         section is writeable [0xB95D0000, 0x1C5D38, 0xE8000020]

?               C:\ComboFix\catchme.sys                                                                          Das System kann den angegebenen Pfad nicht finden. !

?               C:\WINDOWS\system32\Drivers\PROCEXP113.SYS                                                       Das System kann die angegebene Datei nicht finden. !
 

---- Devices - GMER 1.0.15 ----
 

Device          \Driver\prodrv06 \Device\ProDrv06                                                                E1BBDC30

Device          \Driver\atapi \Device\Ide\IdePort0                                                               prosync1.sys (StarForce Protection Synchronization Driver/Protection Technology)

Device          \Driver\atapi \Device\Ide\IdePort1                                                               prosync1.sys (StarForce Protection Synchronization Driver/Protection Technology)

Device          \Driver\atapi \Device\Ide\IdePort2                                                               prosync1.sys (StarForce Protection Synchronization Driver/Protection Technology)

Device          \Driver\atapi \Device\Ide\IdePort3                                                               prosync1.sys (StarForce Protection Synchronization Driver/Protection Technology)

Device          \Driver\atapi \Device\Ide\IdePort4                                                               prosync1.sys (StarForce Protection Synchronization Driver/Protection Technology)

Device          \Driver\atapi \Device\Ide\IdePort5                                                               prosync1.sys (StarForce Protection Synchronization Driver/Protection Technology)

Device          \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-16                                                     prosync1.sys (StarForce Protection Synchronization Driver/Protection Technology)

Device          \Driver\atapi \Device\Ide\IdeDeviceP4T0L0-9                                                      prosync1.sys (StarForce Protection Synchronization Driver/Protection Technology)

Device          \Driver\prohlp02 \Device\ProHlp02                                                                E17293F0
 

AttachedDevice  \FileSystem\Fastfat \Fat                                                                         fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
 

---- Registry - GMER 1.0.15 ----
 

Reg             HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0011f605286e                      

Reg             HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0011f605286e@00126213232f         0xCD 0xCE 0x15 0xE5 ...

Reg             HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0011f605286e@0013fd7f3568         0x70 0x0F 0x3B 0x27 ...

Reg             HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\0011f605286e (not active ControlSet)  

Reg             HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\0011f605286e@00126213232f             0xCD 0xCE 0x15 0xE5 ...

Reg             HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\0011f605286e@0013fd7f3568             0x70 0x0F 0x3B 0x27 ...
 

---- Disk sectors - GMER 1.0.15 ----
 

Disk            \Device\Harddisk0\DR0                                                                            malicious Win32:MBRoot code @ sector 390716868
 

---- EOF - GMER 1.0.15 ----

OSAM

Code:

Report of OSAM: Autorun Manager v5.0.11926.0

hxxp://www.online-solutions.ru/en/

Saved at 06:46:31 on 17.01.2012
 

OS: Windows XP Professional Service Pack 3 (Build 2600)

Default Browser: Microsoft Corporation Internet Explorer 8.00.6001.18702
 

Scanner Settings

[x] Rootkits detection (hidden registry)

[x] Rootkits detection (hidden files)

[x] Retrieve files information

[x] Check Microsoft signatures
 

Filters

[ ] Trusted entries

[ ] Empty entries

[x] Hidden registry entries (rootkit activity)

[x] Exclusively opened files

[x] Not found files

[x] Files without detailed information

[x] Existing files

[ ] Non-startable services

[ ] Non-startable drivers

[x] Active entries

[x] Disabled entries
 
 

[Common]

-----( %SystemRoot%\Tasks )-----

"AppleSoftwareUpdate.job" - "Apple Inc." - C:\Programme\Apple Software Update\SoftwareUpdate.exe
 

[Control Panel Objects]

-----( %SystemRoot%\system32 )-----

"FlashPlayerCPLApp.cpl" - "Adobe Systems Incorporated" - C:\WINDOWS\system32\FlashPlayerCPLApp.cpl

"ImageDrive.cpl" - "Ahead Software AG" - C:\WINDOWS\system32\ImageDrive.cpl

"infocardcpl.cpl" - "Microsoft Corporation" - C:\WINDOWS\system32\infocardcpl.cpl

"javacpl.cpl" - "Sun Microsystems, Inc." - C:\WINDOWS\system32\javacpl.cpl

"nvcpl.cpl" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvcpl.cpl

"nvtuicpl.cpl" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvtuicpl.cpl

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----

"Avira AntiVir Personal - Free Antivirus " - "Avira GmbH" - C:\PROGRA~1\Avira\ANTIVI~1\avconfig.cpl

"Avira AntiVir PersonalEdition Classic" - ? - C:\PROGRA~1\ANTIVI~1\avconfig.cpl  (File not found)

"NokiaConnectionManager" - "Nokia" - C:\PROGRA~1\Nokia\NOKIAP~1\CONNEC~1.CPL

"QuickTime" - "Apple Inc." - C:\Programme\QuickTime\QTSystem\QuickTime.cpl
 

[Drivers]

-----( HKLM\SYSTEM\CurrentControlSet\Services )-----

"%SAINTHID_NAME%" (SaiNtHid) - "Saitek" - C:\WINDOWS\System32\DRIVERS\SaiNtHid.sys

"%USB\vid_054c&pid_0155.DeviceDesc%" (ovt519) - "OmniVision Technologies, Inc." - C:\WINDOWS\System32\Drivers\ov519vid.sys

"AnyDVD" (AnyDVD) - "SlySoft, Inc." - C:\WINDOWS\System32\Drivers\AnyDVD.sys

"ASInsHelp" (ASInsHelp) - ? - C:\WINDOWS\system32\drivers\AsInsHelp32.sys  (File found, but it contains no detailed information)

"AsIO" (AsIO) - ? - C:\WINDOWS\system32\drivers\AsIO.sys  (File found, but it contains no detailed information)

"aslm75" (aslm75) - ? - C:\WINDOWS\system32\drivers\aslm75.sys  (File found, but it contains no detailed information)

"ati2mtag" (ati2mtag) - "ATI Technologies Inc." - C:\WINDOWS\System32\DRIVERS\ati2mtag.sys

"ATK0110 ACPI UTILITY" (MTsensor) - ? - C:\WINDOWS\System32\DRIVERS\ASACPI.sys

"avgio" (avgio) - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\avgio.sys

"avgntflt" (avgntflt) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\avgntflt.sys

"avipbb" (avipbb) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\avipbb.sys

"AVM ADSL Adapter Device" (aadev) - "AVM Berlin" - C:\WINDOWS\System32\DRIVERS\aadev.sys

"AVM FRITZ!web DSL PPP" (NETFWDSL) - "AVM Berlin" - C:\WINDOWS\System32\DRIVERS\NETFWDSL.SYS

"bdfdll" (bdfdll) - ? - C:\Programme\Softwin\BitDefender9\bdfdll.sys  (File not found)

"Bluetooth Audio Service" (BlueletAudio) - "IVT Corporation" - C:\WINDOWS\System32\DRIVERS\blueletaudio.sys

"Bluetooth HID Enumerator" (BTHidEnum) - ? - C:\WINDOWS\System32\DRIVERS\vbtenum.sys  (File found, but it contains no detailed information)

"Bluetooth HID Manager Service" (BTHidMgr) - "IVT Corporation" - C:\WINDOWS\System32\Drivers\BTHidMgr.sys

"Bluetooth PAN Network Adapter" (BT) - "IVT Corporation" - C:\WINDOWS\System32\DRIVERS\btnetdrv.sys

"Bluetooth USB For Bluetooth Service" (Btcsrusb) - "IVT Corporation" - C:\WINDOWS\System32\Drivers\btcusb.sys

"Bluetooth VComm Manager Service" (VcommMgr) - "IVT Corporation" - C:\WINDOWS\System32\Drivers\VcommMgr.sys

"Bonifay" (Bonifay) - "Freecom" - C:\WINDOWS\System32\DRIVERS\Bonifay.sys

"catchme" (catchme) - ? - C:\ComboFix\catchme.sys  (File not found)

"Changer" (Changer) - ? - C:\WINDOWS\system32\drivers\Changer.sys  (File not found)

"dbustrcm" (dbustrcm) - ? - C:\DOKUME~1\Weisi\LOKALE~1\Temp\dbustrcm.sys  (File not found)

"ElbyCDIO Driver" (ElbyCDIO) - "Elaborate Bytes AG" - C:\WINDOWS\System32\Drivers\ElbyCDIO.sys

"Gigaset USB Adapter 54 Driver" (SE4501D) - "Siemens AG" - C:\WINDOWS\System32\DRIVERS\SE4501D.sys

"Gonzales" (Gonzales) - "Freecom" - C:\WINDOWS\System32\DRIVERS\Gonzales.sys

"i2omgmt" (i2omgmt) - ? - C:\WINDOWS\system32\drivers\i2omgmt.sys  (File not found)

"lbrtfdc" (lbrtfdc) - ? - C:\WINDOWS\system32\drivers\lbrtfdc.sys  (File not found)

"meiudf" (meiudf) - "Matsushita Electric Industrial Co.,Ltd." - C:\WINDOWS\System32\Drivers\meiudf.sys

"nvatabus" (nvatabus) - "NVIDIA Corporation" - C:\WINDOWS\System32\DRIVERS\nvatabus.sys

"Padus ASPI Shell" (pfc) - "Padus, Inc." - C:\WINDOWS\System32\drivers\pfc.sys

"PCIDump" (PCIDump) - ? - C:\WINDOWS\system32\drivers\PCIDump.sys  (File not found)

"PDCOMP" (PDCOMP) - ? - C:\WINDOWS\system32\drivers\PDCOMP.sys  (File not found)

"PDFRAME" (PDFRAME) - ? - C:\WINDOWS\system32\drivers\PDFRAME.sys  (File not found)

"PDRELI" (PDRELI) - ? - C:\WINDOWS\system32\drivers\PDRELI.sys  (File not found)

"PDRFRAME" (PDRFRAME) - ? - C:\WINDOWS\system32\drivers\PDRFRAME.sys  (File not found)

"Secdrv" (Secdrv) - "Macrovision Europe Ltd" - C:\WINDOWS\System32\DRIVERS\secdrv.sys

"ssmdrv" (ssmdrv) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\ssmdrv.sys

"StarForce Protection Environment Driver (version 1.x)" (sfdrv01) - "Protection Technology" - C:\WINDOWS\System32\drivers\sfdrv01.sys

"StarForce Protection Environment Driver v6" (prodrv06) - "Protection Technology" - C:\WINDOWS\System32\drivers\prodrv06.sys

"StarForce Protection Helper Driver" (sfhlp01) - "Protection Technology" - C:\WINDOWS\System32\drivers\sfhlp01.sys

"StarForce Protection Helper Driver (version 2.x)" (sfhlp02) - "Protection Technology" - C:\WINDOWS\System32\drivers\sfhlp02.sys

"StarForce Protection Helper Driver v2" (prohlp02) - "Protection Technology" - C:\WINDOWS\System32\drivers\prohlp02.sys

"StarForce Protection Synchronization Driver v1" (prosync1) - "Protection Technology" - C:\WINDOWS\System32\drivers\prosync1.sys

"STCII DFU Adapter" (STC2DFU) - ? - C:\WINDOWS\System32\DRIVERS\Stc2Dfu.SYS  (File not found)

"USB Flash Disk Driver" (PLFF) - "Prolific Technology Inc." - C:\WINDOWS\System32\Drivers\PLFF.sys

"Virtual Serial port driver" (VComm) - "IVT Corporation" - C:\WINDOWS\System32\DRIVERS\VComm.sys

"vnccom" (vnccom) - "RDV Soft" - C:\WINDOWS\System32\Drivers\vnccom.SYS

"vncdrv" (vncdrv) - "RDV Soft" - C:\WINDOWS\System32\DRIVERS\vncdrv.sys

"WDICA" (WDICA) - ? - C:\WINDOWS\system32\drivers\WDICA.sys  (File not found)

"zlportio" (zlportio) - ? - C:\Programme\UltraStar Deluxe\zlportio.sys  (File not found)
 

[Explorer]

-----( HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----

{BDEADF00-C265-11d0-BCED-00A0C90AB50F} "Webordner" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL

-----( HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components )-----

{89B4C1CD-B018-4511-B0A1-5476DBF70820} "StubPath" - "Microsoft Corporation" - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install

-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----

{0561EC90-CE54-4f0c-9C55-E226110A740C} "Haali Column Provider" - ? - C:\Programme\Avi2Dvd\Programs\Filters\Haali media splitter\mmfinfo.dll  (File found, but it contains no detailed information)

{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.dll

-----( HKLM\Software\Classes\Protocols\Filter )-----

{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll

{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll

{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll

{CFB6322E-CC85-4d1b-82C7-893888A236BC} "IcaMimeFilterPP Class" - "Citrix Systems, Inc." - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll

{CFB6322E-CC85-4d1b-82C7-893888A236BC} "IcaMimeFilterPP Class" - "Citrix Systems, Inc." - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll

{CFB6322E-CC85-4d1b-82C7-893888A236BC} "IcaMimeFilterPP Class" - "Citrix Systems, Inc." - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll

{CFB6322E-CC85-4d1b-82C7-893888A236BC} "IcaMimeFilterPP Class" - "Citrix Systems, Inc." - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll

{CFB6322E-CC85-4d1b-82C7-893888A236BC} "IcaMimeFilterPP Class" - "Citrix Systems, Inc." - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll

{CFB6322E-CC85-4d1b-82C7-893888A236BC} "IcaMimeFilterPP Class" - "Citrix Systems, Inc." - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll

{CFB6322E-CC85-4d1b-82C7-893888A236BC} "IcaMimeFilterPP Class" - "Citrix Systems, Inc." - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll

{CFB6322E-CC85-4d1b-82C7-893888A236BC} "IcaMimeFilterPP Class" - "Citrix Systems, Inc." - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll

{CFB6322E-CC85-4d1b-82C7-893888A236BC} "IcaMimeFilterPP Class" - "Citrix Systems, Inc." - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll

{CFB6322E-CC85-4d1b-82C7-893888A236BC} "IcaMimeFilterPP Class" - "Citrix Systems, Inc." - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll

{CFB6322E-CC85-4d1b-82C7-893888A236BC} "IcaMimeFilterPP Class" - "Citrix Systems, Inc." - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll

{CFB6322E-CC85-4d1b-82C7-893888A236BC} "IcaMimeFilterPP Class" - "Citrix Systems, Inc." - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll

{CFB6322E-CC85-4d1b-82C7-893888A236BC} "IcaMimeFilterPP Class" - "Citrix Systems, Inc." - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll

{CFB6322E-CC85-4d1b-82C7-893888A236BC} "IcaMimeFilterPP Class" - "Citrix Systems, Inc." - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll

{CFB6322E-CC85-4d1b-82C7-893888A236BC} "IcaMimeFilterPP Class" - "Citrix Systems, Inc." - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll

{CFB6322E-CC85-4d1b-82C7-893888A236BC} "IcaMimeFilterPP Class" - "Citrix Systems, Inc." - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll

{807553E5-5146-11D5-A672-00B0D022E945} "text/xml" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL

-----( HKLM\Software\Classes\Protocols\Handler )-----

{32505114-5902-49B2-880A-1F7738E5A384} "Data Page Plugable Protocal mso-offdap11 Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\WEBCOM~1\11\OWC11.DLL

{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----

{23170F69-40C1-278A-1000-000100020000} "7-Zip Shell Extension" - "Igor Pavlov" - C:\Programme\7-Zip\7-zip.dll

{D653647D-D607-4DF6-A5B8-48D2BA195F7B} "BitDefender Antivirus v8" - ? -   (File not found | COM-object registry key not found)

{42071714-76d4-11d1-8b24-00a0c9068ff3} "CPL-Erweiterung für Anzeigeverschiebung" - ? -   (File not found | COM-object registry key not found)

{1CDB2949-8F65-4355-8456-263E7C208A5D} "Desktop Explorer" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvshell.dll

{1E9B04FB-F9E5-4718-997B-B8DA88302A47} "Desktop Explorer Menu" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvshell.dll

{1D2680C9-0E2A-469d-B787-065558BC7D43} "Fusion Cache" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll

{0561EC90-CE54-4f0c-9C55-E226110A740C} "Haali Column Provider" - ? - C:\Programme\Avi2Dvd\Programs\Filters\Haali media splitter\mmfinfo.dll  (File found, but it contains no detailed information)

{E4D8441D-F89C-4b5c-90AC-A857E1768F1F} "Haali Matroska Thumbnail Exctractor" - ? -   (File not found | COM-object registry key not found)

{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} "iTunes" - "Apple Inc." - C:\Programme\iTunes\iTunesMiniPlayer.dll

{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} "Kontextmenü für die Verschlüsselung" - ? -   (File not found | COM-object registry key not found)

{32683183-48a0-441b-a342-7c2a440a9478} "Media Band" - ? -   (File not found | COM-object registry key not found)

{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Programme\Microsoft Office\OFFICE11\msohev.dll

{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\OFFICE12\msoshext.dll

{00020D75-0000-0000-C000-000000000046} "Microsoft Office Outlook" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\OFFICE11\MLSHEXT.DLL

{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\OFFICE12\msoshext.dll

{416651E4-9C3C-11D9-8BDE-F66BAD1E3F3A} "Nokia Phone Browser" - "Nokia" - C:\Programme\Nokia\Nokia PC Suite 7\PhoneBrowser.dll

{1E9B04FB-F9E5-4718-997B-B8DA88302A48} "nView Desktop Context Menu" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvshell.dll

{0006F045-0000-0000-C000-000000000046} "Outlook-Dateisymbolerweiterung" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\OFFICE11\OLKFSTUB.DLL

{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} "RealOne Player Context Menu Class" - "RealNetworks, Inc." - C:\Programme\Real\RealPlayer\rpshell.dll

{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\shlext.dll

{E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} "Shell Icon Handler for Application References" - "Microsoft Corporation" - c:\WINDOWS\system32\dfshim.dll

{764BF0E1-F219-11ce-972D-00AA00A14F56} "Shellerweiterungen für die Dateikomprimierung" - ? -   (File not found | COM-object registry key not found)

{e82a2d71-5b2f-43a0-97b8-81be15854de8} "ShellLink for Application References" - "Microsoft Corporation" - c:\WINDOWS\system32\dfshim.dll

{5E2121EE-0300-11D4-8D3B-444553540000} "SimpleShlExt Class" - "Advanced Micro Devices, Inc." - C:\Programme\ATI Technologies\ATI.ACE\Core-Static\atiacmxx.dll

{BDEADF00-C265-11D0-BCED-00A0C90AB50F} "Webordner" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL

{B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - ? - C:\Programme\WinRAR\rarext.dll  (File found, but it contains no detailed information)
 

[Internet Explorer]

-----( HKCU\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars )-----

{03C1C47F-0538-4645-8372-D3109B9FC636} "Easy-WebPrint" - ? - C:\Programme\Canon\Easy-WebPrint\Toolband.dll

{32683183-48a0-441b-a342-7c2a440a9478} "{32683183-48a0-441b-a342-7c2a440a9478}" - ? -   (File not found | COM-object registry key not found)

-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----

ITBar7Height "ITBar7Height" - ? -   (File not found | COM-object registry key not found)

<binary data> "ITBar7Layout" - ? -   (File not found | COM-object registry key not found)

<binary data> "ITBarLayout" - ? -   (File not found | COM-object registry key not found)

-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----

{784797A8-342D-4072-9486-03C8D0F2F0A1} "Battlefield Heroes Updater" - "EA Digital Illusions CE AB" - C:\WINDOWS\Downloaded Program Files\BFHUpdater.dll / https://www.battlefieldheroes.com/static/updater/BFHUpdater_4.0.21.0.cab

{4871A87A-BFDD-4106-8153-FFDE2BAC2967} "DLM Control" - "Akamai Technologies, Inc." - C:\WINDOWS\DOWNLO~1\DOWNLO~1.OCX / hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.7.cab

{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_26" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_26.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} "Java Plug-in 1.6.0_26" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_26.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_26" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_26.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

{B1953AD6-C50E-11D3-B020-00A0C9251384} "O2C-Player (ELECO Software GmbH)" - "Eleco plc" - C:\WINDOWS\system32\O2CPLA~1.OCX / hxxp://www.o2c.de/download/o2cplayer.cab

{7530BFB8-7293-4D34-9923-61A11451AFC5} "OnlineScanner Control" - "ESET" - C:\PROGRA~1\ESET\ESETON~1\ONLINE~1.OCX / hxxp://download.eset.com/special/eos/OnlineScanner.cab

{02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} "QuickTime Object" - "Apple Inc." - C:\Programme\QuickTime\QTPlugin.ocx / hxxp://www.apple.com/qtactivex/qtplugin.cab

{166B1BCA-3F9C-11CF-8075-444553540000} "Shockwave ActiveX Control" - "Adobe Systems, Inc." - C:\WINDOWS\system32\macromed\Director\SwDir.dll / hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab

{CAFEEFAC-0014-0002-0007-ABCDEFFEDCBA} "{CAFEEFAC-0014-0002-0007-ABCDEFFEDCBA}" - ? -   (File not found | COM-object registry key not found) / hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab

{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} "{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA}" - ? -   (File not found | COM-object registry key not found) / hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_04-windows-i586.cab

-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----

"BitComet" - ? - res://C:\Programme\BitComet\tools\BitCometBHO_1.2.8.7.dll/206  (File not found)

{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBC} "ClsidExtension" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_26.dll

"FlashGet" - ? - C:\PROGRA~1\FlashGet\flashget.exe  (File not found)

"ICQ6" - "ICQ, LLC." - C:\Programme\ICQ6.5\ICQ.exe

{FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Recherchieren" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

{77BF5300-1474-4EC7-9980-D32B190E9B07} "Skype" - "Skype Technologies S.A." - C:\Programme\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )-----

{327C2873-E90D-4c37-AA9D-10AC9BABA46C} "Easy-WebPrint" - ? - C:\Programme\Canon\Easy-WebPrint\Toolband.dll

{E0E899AB-F487-11D5-8D29-0050BA6940E3} "FlashGet Bar" - ? -   (File not found | COM-object registry key not found)

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----

{18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

{39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} "BitComet Helper" - "BitComet" - C:\Programme\BitComet\tools\BitCometBHO_1.2.8.7.dll

{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jp2ssv.dll

{E7E6F031-17CE-4C07-BC86-EABFE594F69C} "JQSIEStartDetectorImpl Class" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

{22BF413B-C6D2-4d91-82A9-A0F997BA588C} "Skype add-on (mastermind)" - "Skype Technologies S.A." - C:\Programme\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} "SSVHelper Class" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\ssv.dll
 

[Logon]

-----( %AllUsersProfile%\Startmenü\Programme\Autostart )-----

"desktop.ini" - ? - C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\desktop.ini

"Microsoft Office.lnk" - "Microsoft Corporation" - C:\Programme\Microsoft Office\Office\OSA9.EXE  (Shortcut exists | File exists)

"RAMASST.lnk" - "Matsushita Electric Industrial Co., Ltd." - C:\WINDOWS\system32\RAMASST.exe  (Shortcut exists | File exists)

-----( %UserProfile%\Startmenü\Programme\Autostart )-----

"desktop.ini" - ? - C:\Dokumente und Einstellungen\Weisi\Startmenü\Programme\Autostart\desktop.ini

-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----

"NBJ" - "Ahead Software AG" - "C:\Programme\Ahead\Nero BackItUp\NBJ.exe"

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----

"Adobe ARM" - "Adobe Systems Incorporated" - "C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe"

"ASUS Probe" - ? - C:\Programme\ASUS\Probe\AsusProb.exe  (File found, but it contains no detailed information)

"CanonMyPrinter" - "CANON INC." - C:\Programme\Canon\MyPrinter\BJMyPrt.exe /logon

"ConnectionCenter" - "Citrix Systems, Inc." - "C:\Programme\Citrix\ICA Client\concentr.exe" /startup

"CORSAIR_PLUtil" - "Prolific Technology Inc." - C:\Programme\Corsair\Corsair Flash Voyager Utility\PLBkMon.exe

"ElbyCheckAnyDVD" - "Elaborate Bytes AG" - "C:\Programme\SlySoft\AnyDVD\ElbyCheck.exe" /L AnyDVD

"LexwareInfoService" - "Haufe-Lexware GmbH & Co. KG" - C:\Programme\Gemeinsame Dateien\Lexware\Update Manager\LxUpdateManager.exe /autostart

"NeroFilterCheck" - "Ahead Software Gmbh" - C:\WINDOWS\system32\NeroCheck.exe

"nwiz" - "NVIDIA Corporation" - nwiz.exe /install

"OpwareSE2" - "ScanSoft, Inc." - "C:\Programme\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"

"QuickTime Task" - "Apple Inc." - "C:\Programme\QuickTime\qttask.exe" -atboottime

"StartCCC" - "Advanced Micro Devices, Inc." - "C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
 

[Print Monitors]

-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----

"Microsoft Document Imaging Writer Monitor" - "Microsoft Corporation" - C:\WINDOWS\system32\mdimon.dll
 

[Services]

-----( HKLM\SYSTEM\CurrentControlSet\Services )-----

".NET Runtime Optimization Service v2.0.50727_X86" (clr_optimization_v2.0.50727_32) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

"ASP.NET State Service" (aspnet_state) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe

"Ati HotKey Poller" (Ati HotKey Poller) - "ATI Technologies Inc." - C:\WINDOWS\system32\Ati2evxx.exe

"ATI Smart" (ATI Smart) - ? - C:\WINDOWS\system32\ati2sgag.exe

"Avira AntiVir Guard" (AntiVirService) - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\avguard.exe

"Avira AntiVir Planer" (AntiVirSchedulerService) - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\sched.exe

"AVM FRITZ!web Routing Service" (de_serv) - "AVM Berlin" - C:\Programme\Gemeinsame Dateien\AVM\de_serv.exe

"Canon Camera Access Library 8" (CCALib8) - "Canon Inc." - C:\Programme\Canon\CAL\CALMAIN.exe

"Canon Inkjet Printer/Scanner/Fax Extended Survey Program" (IJPLMSVC) - ? - C:\Programme\Canon\IJPLM\IJPLMSVC.EXE

"DVD-RAM_Service" (DVD-RAM_Service) - "Matsushita Electric Industrial Co., Ltd." - C:\WINDOWS\system32\DVDRAMSV.exe

"InstallDriver Table Manager" (IDriverT) - "Macrovision Corporation" - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe

"Java Quick Starter" (JavaQuickStarterService) - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jqs.exe

"Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

"Office Source Engine" (ose) - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE

"PLFlash DeviceIoControl Service" (PLFlash DeviceIoControl Service) - "Prolific Technology Inc." - C:\WINDOWS\system32\IoctlSvc.exe

"PnkBstrA" (PnkBstrA) - ? - C:\WINDOWS\system32\PnkBstrA.exe  (File found, but it contains no detailed information)

"Radio.fx Server" (Radio.fx) - ? - C:\Programme\Tobit Radio.fx\Server\rfx-server.exe

"ServiceLayer" (ServiceLayer) - "Nokia." - C:\Programme\PC Connectivity Solution\ServiceLayer.exe

"Windows CardSpace" (idsvc) - "Microsoft Corporation" - c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe

"Windows Presentation Foundation Font Cache 3.0.0.0" (FontCache3.0.0.0) - "Microsoft Corporation" - c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe

"Windows Presentation Foundation Font Cache 4.0.0.0" (WPFFontCache_v0400) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
 

[Winlogon]

-----( HKCU\Control Panel\IOProcs )-----

"MVB" - ? - mvfs32.dll  (File not found)

-----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify )-----

"AtiExtEvent" - "ATI Technologies Inc." - C:\WINDOWS\system32\Ati2evxx.dll
 

[Winsock Providers]

-----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )-----

"mdnsNSP" - "Apple Inc." - C:\Programme\Bonjour\mdnsNSP.dll
 

===[ Logfile end ]=========================================[ Logfile end ]===
 

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru

aswMBR

Code:

aswMBR version 0.9.9.1297 Copyright(c) 2011 AVAST Software

Run date: 2012-01-17 06:47:29

-----------------------------

06:47:29.062    OS Version: Windows 5.1.2600 Service Pack 3

06:47:29.062    Number of processors: 1 586 0x2F00

06:47:29.062    ComputerName: SHOOT  UserName: Weisi

06:47:29.484    Initialize success

06:52:22.171    AVAST engine defs: 12011601

07:01:15.875    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP4T0L0-9

07:01:15.875    Disk 0 Vendor: SAMSUNG_SP2004C VM100-33 Size: 190782MB BusType: 3

07:01:15.875    Disk 0 MBR read successfully

07:01:15.890    Disk 0 MBR scan

07:01:15.906    Disk 0 Windows XP default MBR code

07:01:15.921    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS       102398 MB offset 63

07:01:15.921    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS        49999 MB offset 209712510

07:01:15.953    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS        38381 MB offset 312110820

07:01:15.953    Disk 0 scanning sectors +390716865

07:01:15.968    Disk 0 malicious Win32:MBRoot code @ sector 390716868 !

07:01:16.000    Disk 0 scanning C:\WINDOWS\system32\drivers

07:01:26.453    Service scanning

07:01:27.343    Modules scanning

07:01:31.921    Disk 0 trace - called modules:

07:01:31.921    ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll prosync1.sys atapi.sys pciide.sys PCIIDEX.SYS 

07:01:31.921    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8ab4cab8]

07:01:31.921    3 CLASSPNP.SYS[ba0e8fd7] -> nt!IofCallDriver -> \Device\00000081[0x8ac0af18]

07:01:31.921    5 ACPI.sys[b9f7e620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP4T0L0-9[0x8aae0d98]

07:01:31.921    \Driver\atapi[0x8aadc788] -> IRP_MJ_INTERNAL_DEVICE_CONTROL -> prosync1.sys[0xba5b06c1]

07:01:32.312    AVAST engine scan C:\WINDOWS

07:01:46.484    AVAST engine scan C:\WINDOWS\system32

07:04:01.750    AVAST engine scan C:\WINDOWS\system32\drivers

07:04:17.906    AVAST engine scan C:\Dokumente und Einstellungen\Weisi

07:18:41.500    AVAST engine scan C:\Dokumente und Einstellungen\All Users

07:26:48.937    Scan finished successfully

16:29:57.343    Disk 0 MBR has been saved successfully to "H:\MBR.dat"

16:29:57.468    The log file has been saved successfully to "H:\aswMBR.txt"

Zitat:

Disk 0 malicious Win32:MBRoot code @ sector 390716868 !

Das an sich ist nicht weiter schlimm, müssen wir aber weiter analysieren. Mach aber erstmal das hier mit OSAM weg:

Zitat:

"Changer" (Changer) - ? - C:\WINDOWS\system32\drivers\Changer.sys (File not found)
"dbustrcm" (dbustrcm) - ? - C:\DOKUME~1\Weisi\LOKALE~1\Temp\dbustrcm.sys (File not found)

mit OSAM deaktivieren und löschen ("delete from storage" - siehe Anleitung zu OSAM)
danach wieder ein neues Log mit osam machen und hier posten

Hat alles geklappt.

Code:

Report of OSAM: Autorun Manager v5.0.11926.0

hxxp://www.online-solutions.ru/en/

Saved at 20:51:47 on 17.01.2012
 

OS: Windows XP Professional Service Pack 3 (Build 2600)

Default Browser: Microsoft Corporation Internet Explorer 8.00.6001.18702
 

Scanner Settings

[x] Rootkits detection (hidden registry)

[x] Rootkits detection (hidden files)

[x] Retrieve files information

[x] Check Microsoft signatures
 

Filters

[ ] Trusted entries

[ ] Empty entries

[x] Hidden registry entries (rootkit activity)

[x] Exclusively opened files

[x] Not found files

[x] Files without detailed information

[x] Existing files

[ ] Non-startable services

[ ] Non-startable drivers

[x] Active entries

[x] Disabled entries
 
 

[Common]

-----( %SystemRoot%\Tasks )-----

"AppleSoftwareUpdate.job" - "Apple Inc." - C:\Programme\Apple Software Update\SoftwareUpdate.exe
 

[Control Panel Objects]

-----( %SystemRoot%\system32 )-----

"FlashPlayerCPLApp.cpl" - "Adobe Systems Incorporated" - C:\WINDOWS\system32\FlashPlayerCPLApp.cpl

"ImageDrive.cpl" - "Ahead Software AG" - C:\WINDOWS\system32\ImageDrive.cpl

"infocardcpl.cpl" - "Microsoft Corporation" - C:\WINDOWS\system32\infocardcpl.cpl

"javacpl.cpl" - "Sun Microsystems, Inc." - C:\WINDOWS\system32\javacpl.cpl

"nvcpl.cpl" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvcpl.cpl

"nvtuicpl.cpl" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvtuicpl.cpl

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----

"Avira AntiVir Personal - Free Antivirus " - "Avira GmbH" - C:\PROGRA~1\Avira\ANTIVI~1\avconfig.cpl

"Avira AntiVir PersonalEdition Classic" - ? - C:\PROGRA~1\ANTIVI~1\avconfig.cpl  (File not found)

"NokiaConnectionManager" - "Nokia" - C:\PROGRA~1\Nokia\NOKIAP~1\CONNEC~1.CPL

"QuickTime" - "Apple Inc." - C:\Programme\QuickTime\QTSystem\QuickTime.cpl
 

[Drivers]

-----( HKLM\SYSTEM\CurrentControlSet\Services )-----

"%SAINTHID_NAME%" (SaiNtHid) - "Saitek" - C:\WINDOWS\System32\DRIVERS\SaiNtHid.sys

"%USB\vid_054c&pid_0155.DeviceDesc%" (ovt519) - "OmniVision Technologies, Inc." - C:\WINDOWS\System32\Drivers\ov519vid.sys

"AnyDVD" (AnyDVD) - "SlySoft, Inc." - C:\WINDOWS\System32\Drivers\AnyDVD.sys

"ASInsHelp" (ASInsHelp) - ? - C:\WINDOWS\system32\drivers\AsInsHelp32.sys  (File found, but it contains no detailed information)

"AsIO" (AsIO) - ? - C:\WINDOWS\system32\drivers\AsIO.sys  (File found, but it contains no detailed information)

"aslm75" (aslm75) - ? - C:\WINDOWS\system32\drivers\aslm75.sys  (File found, but it contains no detailed information)

"ati2mtag" (ati2mtag) - "ATI Technologies Inc." - C:\WINDOWS\System32\DRIVERS\ati2mtag.sys

"ATK0110 ACPI UTILITY" (MTsensor) - ? - C:\WINDOWS\System32\DRIVERS\ASACPI.sys

"avgio" (avgio) - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\avgio.sys

"avgntflt" (avgntflt) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\avgntflt.sys

"avipbb" (avipbb) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\avipbb.sys

"AVM ADSL Adapter Device" (aadev) - "AVM Berlin" - C:\WINDOWS\System32\DRIVERS\aadev.sys

"AVM FRITZ!web DSL PPP" (NETFWDSL) - "AVM Berlin" - C:\WINDOWS\System32\DRIVERS\NETFWDSL.SYS

"bdfdll" (bdfdll) - ? - C:\Programme\Softwin\BitDefender9\bdfdll.sys  (File not found)

"Bluetooth Audio Service" (BlueletAudio) - "IVT Corporation" - C:\WINDOWS\System32\DRIVERS\blueletaudio.sys

"Bluetooth HID Enumerator" (BTHidEnum) - ? - C:\WINDOWS\System32\DRIVERS\vbtenum.sys  (File found, but it contains no detailed information)

"Bluetooth HID Manager Service" (BTHidMgr) - "IVT Corporation" - C:\WINDOWS\System32\Drivers\BTHidMgr.sys

"Bluetooth PAN Network Adapter" (BT) - "IVT Corporation" - C:\WINDOWS\System32\DRIVERS\btnetdrv.sys

"Bluetooth USB For Bluetooth Service" (Btcsrusb) - "IVT Corporation" - C:\WINDOWS\System32\Drivers\btcusb.sys

"Bluetooth VComm Manager Service" (VcommMgr) - "IVT Corporation" - C:\WINDOWS\System32\Drivers\VcommMgr.sys

"Bonifay" (Bonifay) - "Freecom" - C:\WINDOWS\System32\DRIVERS\Bonifay.sys

"catchme" (catchme) - ? - C:\ComboFix\catchme.sys  (File not found)

"ElbyCDIO Driver" (ElbyCDIO) - "Elaborate Bytes AG" - C:\WINDOWS\System32\Drivers\ElbyCDIO.sys

"Gigaset USB Adapter 54 Driver" (SE4501D) - "Siemens AG" - C:\WINDOWS\System32\DRIVERS\SE4501D.sys

"Gonzales" (Gonzales) - "Freecom" - C:\WINDOWS\System32\DRIVERS\Gonzales.sys

"i2omgmt" (i2omgmt) - ? - C:\WINDOWS\system32\drivers\i2omgmt.sys  (File not found)

"lbrtfdc" (lbrtfdc) - ? - C:\WINDOWS\system32\drivers\lbrtfdc.sys  (File not found)

"meiudf" (meiudf) - "Matsushita Electric Industrial Co.,Ltd." - C:\WINDOWS\System32\Drivers\meiudf.sys

"nvatabus" (nvatabus) - "NVIDIA Corporation" - C:\WINDOWS\System32\DRIVERS\nvatabus.sys

"Padus ASPI Shell" (pfc) - "Padus, Inc." - C:\WINDOWS\System32\drivers\pfc.sys

"PCIDump" (PCIDump) - ? - C:\WINDOWS\system32\drivers\PCIDump.sys  (File not found)

"PDCOMP" (PDCOMP) - ? - C:\WINDOWS\system32\drivers\PDCOMP.sys  (File not found)

"PDFRAME" (PDFRAME) - ? - C:\WINDOWS\system32\drivers\PDFRAME.sys  (File not found)

"PDRELI" (PDRELI) - ? - C:\WINDOWS\system32\drivers\PDRELI.sys  (File not found)

"PDRFRAME" (PDRFRAME) - ? - C:\WINDOWS\system32\drivers\PDRFRAME.sys  (File not found)

"Secdrv" (Secdrv) - "Macrovision Europe Ltd" - C:\WINDOWS\System32\DRIVERS\secdrv.sys

"ssmdrv" (ssmdrv) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\ssmdrv.sys

"StarForce Protection Environment Driver (version 1.x)" (sfdrv01) - "Protection Technology" - C:\WINDOWS\System32\drivers\sfdrv01.sys

"StarForce Protection Environment Driver v6" (prodrv06) - "Protection Technology" - C:\WINDOWS\System32\drivers\prodrv06.sys

"StarForce Protection Helper Driver" (sfhlp01) - "Protection Technology" - C:\WINDOWS\System32\drivers\sfhlp01.sys

"StarForce Protection Helper Driver (version 2.x)" (sfhlp02) - "Protection Technology" - C:\WINDOWS\System32\drivers\sfhlp02.sys

"StarForce Protection Helper Driver v2" (prohlp02) - "Protection Technology" - C:\WINDOWS\System32\drivers\prohlp02.sys

"StarForce Protection Synchronization Driver v1" (prosync1) - "Protection Technology" - C:\WINDOWS\System32\drivers\prosync1.sys

"STCII DFU Adapter" (STC2DFU) - ? - C:\WINDOWS\System32\DRIVERS\Stc2Dfu.SYS  (File not found)

"USB Flash Disk Driver" (PLFF) - "Prolific Technology Inc." - C:\WINDOWS\System32\Drivers\PLFF.sys

"Virtual Serial port driver" (VComm) - "IVT Corporation" - C:\WINDOWS\System32\DRIVERS\VComm.sys

"vnccom" (vnccom) - "RDV Soft" - C:\WINDOWS\System32\Drivers\vnccom.SYS

"vncdrv" (vncdrv) - "RDV Soft" - C:\WINDOWS\System32\DRIVERS\vncdrv.sys

"WDICA" (WDICA) - ? - C:\WINDOWS\system32\drivers\WDICA.sys  (File not found)

"zlportio" (zlportio) - ? - C:\Programme\UltraStar Deluxe\zlportio.sys  (File not found)
 

[Explorer]

-----( HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----

{BDEADF00-C265-11d0-BCED-00A0C90AB50F} "Webordner" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL

-----( HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components )-----

{89B4C1CD-B018-4511-B0A1-5476DBF70820} "StubPath" - "Microsoft Corporation" - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install

-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----

{0561EC90-CE54-4f0c-9C55-E226110A740C} "Haali Column Provider" - ? - C:\Programme\Avi2Dvd\Programs\Filters\Haali media splitter\mmfinfo.dll  (File found, but it contains no detailed information)

{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.dll

-----( HKLM\Software\Classes\Protocols\Filter )-----

{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll

{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll

{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll

{CFB6322E-CC85-4d1b-82C7-893888A236BC} "IcaMimeFilterPP Class" - "Citrix Systems, Inc." - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll

{CFB6322E-CC85-4d1b-82C7-893888A236BC} "IcaMimeFilterPP Class" - "Citrix Systems, Inc." - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll

{CFB6322E-CC85-4d1b-82C7-893888A236BC} "IcaMimeFilterPP Class" - "Citrix Systems, Inc." - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll

{CFB6322E-CC85-4d1b-82C7-893888A236BC} "IcaMimeFilterPP Class" - "Citrix Systems, Inc." - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll

{CFB6322E-CC85-4d1b-82C7-893888A236BC} "IcaMimeFilterPP Class" - "Citrix Systems, Inc." - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll

{CFB6322E-CC85-4d1b-82C7-893888A236BC} "IcaMimeFilterPP Class" - "Citrix Systems, Inc." - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll

{CFB6322E-CC85-4d1b-82C7-893888A236BC} "IcaMimeFilterPP Class" - "Citrix Systems, Inc." - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll

{CFB6322E-CC85-4d1b-82C7-893888A236BC} "IcaMimeFilterPP Class" - "Citrix Systems, Inc." - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll

{CFB6322E-CC85-4d1b-82C7-893888A236BC} "IcaMimeFilterPP Class" - "Citrix Systems, Inc." - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll

{CFB6322E-CC85-4d1b-82C7-893888A236BC} "IcaMimeFilterPP Class" - "Citrix Systems, Inc." - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll

{CFB6322E-CC85-4d1b-82C7-893888A236BC} "IcaMimeFilterPP Class" - "Citrix Systems, Inc." - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll

{CFB6322E-CC85-4d1b-82C7-893888A236BC} "IcaMimeFilterPP Class" - "Citrix Systems, Inc." - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll

{CFB6322E-CC85-4d1b-82C7-893888A236BC} "IcaMimeFilterPP Class" - "Citrix Systems, Inc." - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll

{CFB6322E-CC85-4d1b-82C7-893888A236BC} "IcaMimeFilterPP Class" - "Citrix Systems, Inc." - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll

{CFB6322E-CC85-4d1b-82C7-893888A236BC} "IcaMimeFilterPP Class" - "Citrix Systems, Inc." - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll

{CFB6322E-CC85-4d1b-82C7-893888A236BC} "IcaMimeFilterPP Class" - "Citrix Systems, Inc." - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll

{807553E5-5146-11D5-A672-00B0D022E945} "text/xml" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL

-----( HKLM\Software\Classes\Protocols\Handler )-----

{32505114-5902-49B2-880A-1F7738E5A384} "Data Page Plugable Protocal mso-offdap11 Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\WEBCOM~1\11\OWC11.DLL

{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----

{23170F69-40C1-278A-1000-000100020000} "7-Zip Shell Extension" - "Igor Pavlov" - C:\Programme\7-Zip\7-zip.dll

{D653647D-D607-4DF6-A5B8-48D2BA195F7B} "BitDefender Antivirus v8" - ? -   (File not found | COM-object registry key not found)

{42071714-76d4-11d1-8b24-00a0c9068ff3} "CPL-Erweiterung für Anzeigeverschiebung" - ? -   (File not found | COM-object registry key not found)

{1CDB2949-8F65-4355-8456-263E7C208A5D} "Desktop Explorer" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvshell.dll

{1E9B04FB-F9E5-4718-997B-B8DA88302A47} "Desktop Explorer Menu" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvshell.dll

{1D2680C9-0E2A-469d-B787-065558BC7D43} "Fusion Cache" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll

{0561EC90-CE54-4f0c-9C55-E226110A740C} "Haali Column Provider" - ? - C:\Programme\Avi2Dvd\Programs\Filters\Haali media splitter\mmfinfo.dll  (File found, but it contains no detailed information)

{E4D8441D-F89C-4b5c-90AC-A857E1768F1F} "Haali Matroska Thumbnail Exctractor" - ? -   (File not found | COM-object registry key not found)

{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} "iTunes" - "Apple Inc." - C:\Programme\iTunes\iTunesMiniPlayer.dll

{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} "Kontextmenü für die Verschlüsselung" - ? -   (File not found | COM-object registry key not found)

{32683183-48a0-441b-a342-7c2a440a9478} "Media Band" - ? -   (File not found | COM-object registry key not found)

{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Programme\Microsoft Office\OFFICE11\msohev.dll

{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\OFFICE12\msoshext.dll

{00020D75-0000-0000-C000-000000000046} "Microsoft Office Outlook" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\OFFICE11\MLSHEXT.DLL

{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\OFFICE12\msoshext.dll

{416651E4-9C3C-11D9-8BDE-F66BAD1E3F3A} "Nokia Phone Browser" - "Nokia" - C:\Programme\Nokia\Nokia PC Suite 7\PhoneBrowser.dll

{1E9B04FB-F9E5-4718-997B-B8DA88302A48} "nView Desktop Context Menu" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvshell.dll

{0006F045-0000-0000-C000-000000000046} "Outlook-Dateisymbolerweiterung" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\OFFICE11\OLKFSTUB.DLL

{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} "RealOne Player Context Menu Class" - "RealNetworks, Inc." - C:\Programme\Real\RealPlayer\rpshell.dll

{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\shlext.dll

{E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} "Shell Icon Handler for Application References" - "Microsoft Corporation" - c:\WINDOWS\system32\dfshim.dll

{764BF0E1-F219-11ce-972D-00AA00A14F56} "Shellerweiterungen für die Dateikomprimierung" - ? -   (File not found | COM-object registry key not found)

{e82a2d71-5b2f-43a0-97b8-81be15854de8} "ShellLink for Application References" - "Microsoft Corporation" - c:\WINDOWS\system32\dfshim.dll

{5E2121EE-0300-11D4-8D3B-444553540000} "SimpleShlExt Class" - "Advanced Micro Devices, Inc." - C:\Programme\ATI Technologies\ATI.ACE\Core-Static\atiacmxx.dll

{BDEADF00-C265-11D0-BCED-00A0C90AB50F} "Webordner" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL

{B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - ? - C:\Programme\WinRAR\rarext.dll  (File found, but it contains no detailed information)
 

[Internet Explorer]

-----( HKCU\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars )-----

{03C1C47F-0538-4645-8372-D3109B9FC636} "Easy-WebPrint" - ? - C:\Programme\Canon\Easy-WebPrint\Toolband.dll

{32683183-48a0-441b-a342-7c2a440a9478} "{32683183-48a0-441b-a342-7c2a440a9478}" - ? -   (File not found | COM-object registry key not found)

-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----

ITBar7Height "ITBar7Height" - ? -   (File not found | COM-object registry key not found)

<binary data> "ITBar7Layout" - ? -   (File not found | COM-object registry key not found)

<binary data> "ITBarLayout" - ? -   (File not found | COM-object registry key not found)

-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----

{784797A8-342D-4072-9486-03C8D0F2F0A1} "Battlefield Heroes Updater" - "EA Digital Illusions CE AB" - C:\WINDOWS\Downloaded Program Files\BFHUpdater.dll / https://www.battlefieldheroes.com/static/updater/BFHUpdater_4.0.21.0.cab

{4871A87A-BFDD-4106-8153-FFDE2BAC2967} "DLM Control" - "Akamai Technologies, Inc." - C:\WINDOWS\DOWNLO~1\DOWNLO~1.OCX / hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.7.cab

{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_26" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_26.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} "Java Plug-in 1.6.0_26" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_26.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_26" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_26.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

{B1953AD6-C50E-11D3-B020-00A0C9251384} "O2C-Player (ELECO Software GmbH)" - "Eleco plc" - C:\WINDOWS\system32\O2CPLA~1.OCX / hxxp://www.o2c.de/download/o2cplayer.cab

{7530BFB8-7293-4D34-9923-61A11451AFC5} "OnlineScanner Control" - "ESET" - C:\PROGRA~1\ESET\ESETON~1\ONLINE~1.OCX / hxxp://download.eset.com/special/eos/OnlineScanner.cab

{02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} "QuickTime Object" - "Apple Inc." - C:\Programme\QuickTime\QTPlugin.ocx / hxxp://www.apple.com/qtactivex/qtplugin.cab

{166B1BCA-3F9C-11CF-8075-444553540000} "Shockwave ActiveX Control" - "Adobe Systems, Inc." - C:\WINDOWS\system32\macromed\Director\SwDir.dll / hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab

{CAFEEFAC-0014-0002-0007-ABCDEFFEDCBA} "{CAFEEFAC-0014-0002-0007-ABCDEFFEDCBA}" - ? -   (File not found | COM-object registry key not found) / hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab

{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} "{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA}" - ? -   (File not found | COM-object registry key not found) / hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_04-windows-i586.cab

-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----

"BitComet" - ? - res://C:\Programme\BitComet\tools\BitCometBHO_1.2.8.7.dll/206  (File not found)

{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBC} "ClsidExtension" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_26.dll

"FlashGet" - ? - C:\PROGRA~1\FlashGet\flashget.exe  (File not found)

"ICQ6" - "ICQ, LLC." - C:\Programme\ICQ6.5\ICQ.exe

{FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Recherchieren" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

{77BF5300-1474-4EC7-9980-D32B190E9B07} "Skype" - "Skype Technologies S.A." - C:\Programme\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )-----

{327C2873-E90D-4c37-AA9D-10AC9BABA46C} "Easy-WebPrint" - ? - C:\Programme\Canon\Easy-WebPrint\Toolband.dll

{E0E899AB-F487-11D5-8D29-0050BA6940E3} "FlashGet Bar" - ? -   (File not found | COM-object registry key not found)

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----

{18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

{39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} "BitComet Helper" - "BitComet" - C:\Programme\BitComet\tools\BitCometBHO_1.2.8.7.dll

{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jp2ssv.dll

{E7E6F031-17CE-4C07-BC86-EABFE594F69C} "JQSIEStartDetectorImpl Class" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

{22BF413B-C6D2-4d91-82A9-A0F997BA588C} "Skype add-on (mastermind)" - "Skype Technologies S.A." - C:\Programme\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} "SSVHelper Class" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\ssv.dll
 

[Logon]

-----( %AllUsersProfile%\Startmenü\Programme\Autostart )-----

"desktop.ini" - ? - C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\desktop.ini

"Microsoft Office.lnk" - "Microsoft Corporation" - C:\Programme\Microsoft Office\Office\OSA9.EXE  (Shortcut exists | File exists)

"RAMASST.lnk" - "Matsushita Electric Industrial Co., Ltd." - C:\WINDOWS\system32\RAMASST.exe  (Shortcut exists | File exists)

-----( %UserProfile%\Startmenü\Programme\Autostart )-----

"desktop.ini" - ? - C:\Dokumente und Einstellungen\Weisi\Startmenü\Programme\Autostart\desktop.ini

-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----

"NBJ" - "Ahead Software AG" - "C:\Programme\Ahead\Nero BackItUp\NBJ.exe"

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----

"Adobe ARM" - "Adobe Systems Incorporated" - "C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe"

"ASUS Probe" - ? - C:\Programme\ASUS\Probe\AsusProb.exe  (File found, but it contains no detailed information)

"CanonMyPrinter" - "CANON INC." - C:\Programme\Canon\MyPrinter\BJMyPrt.exe /logon

"ConnectionCenter" - "Citrix Systems, Inc." - "C:\Programme\Citrix\ICA Client\concentr.exe" /startup

"CORSAIR_PLUtil" - "Prolific Technology Inc." - C:\Programme\Corsair\Corsair Flash Voyager Utility\PLBkMon.exe

"ElbyCheckAnyDVD" - "Elaborate Bytes AG" - "C:\Programme\SlySoft\AnyDVD\ElbyCheck.exe" /L AnyDVD

"LexwareInfoService" - "Haufe-Lexware GmbH & Co. KG" - C:\Programme\Gemeinsame Dateien\Lexware\Update Manager\LxUpdateManager.exe /autostart

"NeroFilterCheck" - "Ahead Software Gmbh" - C:\WINDOWS\system32\NeroCheck.exe

"nwiz" - "NVIDIA Corporation" - nwiz.exe /install

"OpwareSE2" - "ScanSoft, Inc." - "C:\Programme\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"

"QuickTime Task" - "Apple Inc." - "C:\Programme\QuickTime\qttask.exe" -atboottime

"StartCCC" - "Advanced Micro Devices, Inc." - "C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
 

[Print Monitors]

-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----

"Microsoft Document Imaging Writer Monitor" - "Microsoft Corporation" - C:\WINDOWS\system32\mdimon.dll
 

[Services]

-----( HKLM\SYSTEM\CurrentControlSet\Services )-----

".NET Runtime Optimization Service v2.0.50727_X86" (clr_optimization_v2.0.50727_32) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

"ASP.NET State Service" (aspnet_state) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe

"Ati HotKey Poller" (Ati HotKey Poller) - "ATI Technologies Inc." - C:\WINDOWS\system32\Ati2evxx.exe

"ATI Smart" (ATI Smart) - ? - C:\WINDOWS\system32\ati2sgag.exe

"Avira AntiVir Guard" (AntiVirService) - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\avguard.exe

"Avira AntiVir Planer" (AntiVirSchedulerService) - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\sched.exe

"AVM FRITZ!web Routing Service" (de_serv) - "AVM Berlin" - C:\Programme\Gemeinsame Dateien\AVM\de_serv.exe

"Canon Camera Access Library 8" (CCALib8) - "Canon Inc." - C:\Programme\Canon\CAL\CALMAIN.exe

"Canon Inkjet Printer/Scanner/Fax Extended Survey Program" (IJPLMSVC) - ? - C:\Programme\Canon\IJPLM\IJPLMSVC.EXE

"DVD-RAM_Service" (DVD-RAM_Service) - "Matsushita Electric Industrial Co., Ltd." - C:\WINDOWS\system32\DVDRAMSV.exe

"InstallDriver Table Manager" (IDriverT) - "Macrovision Corporation" - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe

"Java Quick Starter" (JavaQuickStarterService) - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jqs.exe

"Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

"Office Source Engine" (ose) - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE

"PLFlash DeviceIoControl Service" (PLFlash DeviceIoControl Service) - "Prolific Technology Inc." - C:\WINDOWS\system32\IoctlSvc.exe

"PnkBstrA" (PnkBstrA) - ? - C:\WINDOWS\system32\PnkBstrA.exe  (File found, but it contains no detailed information)

"Radio.fx Server" (Radio.fx) - ? - C:\Programme\Tobit Radio.fx\Server\rfx-server.exe

"ServiceLayer" (ServiceLayer) - "Nokia." - C:\Programme\PC Connectivity Solution\ServiceLayer.exe

"Windows CardSpace" (idsvc) - "Microsoft Corporation" - c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe

"Windows Presentation Foundation Font Cache 3.0.0.0" (FontCache3.0.0.0) - "Microsoft Corporation" - c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe

"Windows Presentation Foundation Font Cache 4.0.0.0" (WPFFontCache_v0400) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
 

[Winlogon]

-----( HKCU\Control Panel\IOProcs )-----

"MVB" - ? - mvfs32.dll  (File not found)

-----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify )-----

"AtiExtEvent" - "ATI Technologies Inc." - C:\WINDOWS\system32\Ati2evxx.dll
 

[Winsock Providers]

-----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )-----

"mdnsNSP" - "Apple Inc." - C:\Programme\Bonjour\mdnsNSP.dll
 

===[ Logfile end ]=========================================[ Logfile end ]===
 

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru

Live-System PartedMagic / GParted

1. Lade Dir das ISO-Image von PartedMagic herunter, müssten ca. 180 MB sein
2. Brenn es per Imagebrennfunktion auf CD, geht zB mit ImgBurn unter Windows
3. Boote von der gebrannten CD, im Bootmenü von Option 1 starten und warten bis der Linux-Desktop oben ist

http://partedmagic.com/lib/exe/fetch...ia=desktop.png

4. Du müsstest ein Symbol PartitionEditor auf dem Desktop finden, das doppelklicken
5. Wenn das Tool die Partitionen aufgelistet hat, bitte einen Screenshot mit Hilfe der Taste DRUCK auf der Tastatur erstellen, diesen Screenshot hier posten (idR hast du einen Internetzugang mit PartedMagic, wenn nicht einfach den Screenshot auf einem Stick abspeichern und unter Windows hier posten)

Im Anhang der Screenshot

Ist ok. Falls dich das hier stört:

Zitat:

sector 390716868 !

Können wir das auch noch wegmachen ist aber nicht unbedingt erforderlich.

Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SASW und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!

Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt:

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Hier schon mal das Log von Malwarebytes.
Er hat schon wieder was gefunden. Kann ich das löschen?

Code:

Malwarebytes Anti-Malware 1.60.0.1800

www.malwarebytes.org
 

Datenbank Version: v2012.01.18.04
 

Windows XP Service Pack 3 x86 NTFS

Internet Explorer 8.0.6001.18702

Weisi :: SHOOT [Administrator]
 

18.01.2012 19:27:15

mbam-log-2012-01-18 (20-33-56).txt
 

Art des Suchlaufs: Vollständiger Suchlauf

Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM

Deaktivierte Suchlaufeinstellungen: P2P

Durchsuchte Objekte: 395905

Laufzeit: 1 Stunde(n), 1 Minute(n), 51 Sekunde(n)
 

Infizierte Speicherprozesse: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Speichermodule: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungsschlüssel: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungswerte: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateiobjekte der Registrierung: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Verzeichnisse: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateien: 5

C:\System Volume Information\_restore{96BF581B-404B-47D5-AE35-03C725F190AB}\RP894\A0243898.exe.vir (Trojan.Zbot.CBCGen) -> Keine Aktion durchgeführt.

C:\System Volume Information\_restore{96BF581B-404B-47D5-AE35-03C725F190AB}\RP894\A0243907.exe.vir (Trojan.Zbot.CBCGen) -> Keine Aktion durchgeführt.

C:\System Volume Information\_restore{96BF581B-404B-47D5-AE35-03C725F190AB}\RP894\A0243944.exe.vir (Trojan.Ransom.BP) -> Keine Aktion durchgeführt.

C:\System Volume Information\_restore{96BF581B-404B-47D5-AE35-03C725F190AB}\RP896\A0244293.exe.vir (Trojan.Ransom.BP) -> Keine Aktion durchgeführt.

C:\System Volume Information\_restore{96BF581B-404B-47D5-AE35-03C725F190AB}\RP903\A0254966.sys (Trojan.Agent.RKH) -> Keine Aktion durchgeführt.
 

(Ende)

In System Volume Information sind die Dateien für Wiederherstellungspunkte gespeichert.

Deaktiviere die Systemwiederherstellung, im Verlauf der Infektion wurden auch Malwaredateien in Wiederherstellungspunkten mitgesichert - die sind alle nun unbrauchbar, da ein Zurücksetzen des Systems durch einen Wiederherstellungspunkt wahrscheinlich wieder eine Infektion nach sich ziehen würde.

1. Was konntest du auf dem Screenshot von PartitionEditor erkennen?
2. Systemwiederherstellung. D. h. mit dem deaktivieren werden die Dateien gelöscht und danach kann sie wieder aktivieren?
3. Hier das Log von SASW. Die Funde hab ich noch nicht gelöscht.

Code:

SUPERAntiSpyware Scan Log

hxxp://www.superantispyware.com
 

Generated 01/19/2012 at 00:57 AM
 

Application Version : 5.0.1142
 

Core Rules Database Version : 8141

Trace Rules Database Version: 5953
 

Scan type       : Complete Scan

Total Scan Time : 01:43:19
 

Operating System Information

Windows XP Professional 32-bit, Service Pack 3 (Build 5.01.2600)

Administrator
 

Memory items scanned      : 610

Memory threats detected   : 0

Registry items scanned    : 39057

Registry threats detected : 6

File items scanned        : 151611

File threats detected     : 139
 

Adware.IEPlugin

        HKCR\Remove
 

Rogue.Component/Trace

        HKLM\Software\Microsoft\38A940D2

        HKLM\Software\Microsoft\38A940D2#38a940d2

        HKLM\Software\Microsoft\38A940D2#Version

        HKLM\Software\Microsoft\38A940D2#38a9ed52

        HKLM\Software\Microsoft\38A940D2#38a984b7
 

Adware.Tracking Cookie

        C:\Dokumente und Einstellungen\Weisi\Cookies\8JLMJEJ3.txt [ /adtech.de ]

        C:\Dokumente und Einstellungen\Weisi\Cookies\S41VKXQS.txt [ /ad.adnet.de ]

        C:\Dokumente und Einstellungen\Weisi\Cookies\O6D2MXEK.txt [ /webmasterplan.com ]

        C:\Dokumente und Einstellungen\Weisi\Cookies\3E5SA0XQ.txt [ /ad2.adfarm1.adition.com ]

        C:\Dokumente und Einstellungen\Weisi\Cookies\HDJPBL1K.txt [ /ad.ad-srv.net ]

        C:\Dokumente und Einstellungen\Weisi\Cookies\DYL30F95.txt [ /track.effiliation.com ]

        C:\Dokumente und Einstellungen\Weisi\Cookies\Y5YAV25K.txt [ /apmebf.com ]

        C:\Dokumente und Einstellungen\Weisi\Cookies\MWZA2SW7.txt [ /doubleclick.net ]

        C:\Dokumente und Einstellungen\Weisi\Cookies\EHS9XEBM.txt [ /adviva.net ]

        C:\Dokumente und Einstellungen\Weisi\Cookies\E8231PAT.txt [ /zanox.com ]

        C:\Dokumente und Einstellungen\Weisi\Cookies\28HLAOGL.txt [ /ad.dyntracker.de ]

        C:\Dokumente und Einstellungen\Weisi\Cookies\0GH7A79A.txt [ /zanox-affiliate.de ]

        C:\Dokumente und Einstellungen\Weisi\Cookies\YZX05MUW.txt [ /www.zanox-affiliate.de ]

        C:\Dokumente und Einstellungen\Weisi\Cookies\8EA0XWAD.txt [ /fastclick.net ]

        C:\Dokumente und Einstellungen\Weisi\Cookies\8SLR17IJ.txt [ /lfstmedia.com ]

        C:\DOKUMENTE UND EINSTELLUNGEN\***\Cookies\***@de.sitestat[1].txt [ Cookie:***@de.sitestat.com/is24/is24/ ]

        C:\DOKUMENTE UND EINSTELLUNGEN\***\Cookies\***@apmebf[1].txt [ Cookie:***@apmebf.com/ ]

        C:\DOKUMENTE UND EINSTELLUNGEN\***\Cookies\***@ads.familymedia[1].txt [ Cookie:***@ads.familymedia.de/ ]

        C:\DOKUMENTE UND EINSTELLUNGEN\***\Cookies\***@holidaycheckag.122.2o7[1].txt [ Cookie:***@holidaycheckag.122.2o7.net/ ]

        C:\DOKUMENTE UND EINSTELLUNGEN\***\Cookies\19YGSKAE.txt [ Cookie:***@smartadserver.com/ ]

        C:\DOKUMENTE UND EINSTELLUNGEN\***\Cookies\TIAN2UEM.txt [ Cookie:***@fastclick.net/ ]

        C:\DOKUMENTE UND EINSTELLUNGEN\***\Cookies\***@stat.onestat[2].txt [ Cookie:***@stat.onestat.com/ ]

        C:\DOKUMENTE UND EINSTELLUNGEN\***\Cookies\***@adserver.mediadomain-verlag[2].txt [ Cookie:***@adserver.mediadomain-verlag.de/ ]

        C:\DOKUMENTE UND EINSTELLUNGEN\***\Cookies\76A5PA92.txt [ Cookie:***@webmasterplan.com/ ]

        C:\DOKUMENTE UND EINSTELLUNGEN\***\Cookies\JZM53LQR.txt [ Cookie:***@ad.zanox.com/ ]

        C:\DOKUMENTE UND EINSTELLUNGEN\***\Cookies\***@specificclick[2].txt [ Cookie:***@specificclick.net/ ]

        C:\DOKUMENTE UND EINSTELLUNGEN\***\Cookies\2XFUQVF2.txt [ Cookie:***@adviva.net/ ]

        C:\DOKUMENTE UND EINSTELLUNGEN\***\Cookies\***@fr.sitestat[1].txt [ Cookie:***@fr.sitestat.com/europcar/europcar-de/ ]

        C:\DOKUMENTE UND EINSTELLUNGEN\***\Cookies\***@tracking.metalyzer[1].txt [ Cookie:***@tracking.metalyzer.com/lastminute_com/lm/ ]

        C:\DOKUMENTE UND EINSTELLUNGEN\***\Cookies\OSGY4267.txt [ Cookie:***@doubleclick.net/ ]

        C:\DOKUMENTE UND EINSTELLUNGEN\***\Cookies\MBUNGN5J.txt [ Cookie:***@tracking.quisma.com/ ]

        C:\DOKUMENTE UND EINSTELLUNGEN\***\Cookies\BHBJY97R.txt [ Cookie:***@e-2dj6wjkywjcjchp.stats.esomniture.com/ ]

        C:\DOKUMENTE UND EINSTELLUNGEN\***\Cookies\***@adserver.onemediagroup[1].txt [ Cookie:***@adserver.onemediagroup.de/ ]

        C:\DOKUMENTE UND EINSTELLUNGEN\***\Cookies\***@adsrv.admediate[2].txt [ Cookie:***@adsrv.admediate.net/ ]

        C:\DOKUMENTE UND EINSTELLUNGEN\***\Cookies\***@fashionworld.112.2o7[1].txt [ Cookie:***@fashionworld.112.2o7.net/ ]

        C:\DOKUMENTE UND EINSTELLUNGEN\***\Cookies\***@ads.mikinimedia[2].txt [ Cookie:***@ads.mikinimedia.de/ ]

        C:\DOKUMENTE UND EINSTELLUNGEN\***\Cookies\***@fr.sitestat[2].txt [ Cookie:***@fr.sitestat.com/europcar/ ]

        C:\DOKUMENTE UND EINSTELLUNGEN\***\Cookies\***@cdn5.specificclick[1].txt [ Cookie:***@cdn5.specificclick.net/ ]

        C:\DOKUMENTE UND EINSTELLUNGEN\***\Cookies\LVNE7JAM.txt [ Cookie:***@adtech.de/ ]

        C:\DOKUMENTE UND EINSTELLUNGEN\***\Cookies\***@ad.adition[1].txt [ Cookie:***@ad.adition.net/ ]

        C:\DOKUMENTE UND EINSTELLUNGEN\***\Cookies\ZFRYXQDA.txt [ Cookie:***@serving-sys.com/ ]

        C:\DOKUMENTE UND EINSTELLUNGEN\***\Cookies\***@tracking.mindshare[1].txt [ Cookie:***@tracking.mindshare.de/ ]

        C:\DOKUMENTE UND EINSTELLUNGEN\***\Cookies\B5F2Q22R.txt [ Cookie:***@ad.yieldmanager.com/ ]

        C:\DOKUMENTE UND EINSTELLUNGEN\***\Cookies\***@www.etracker[1].txt [ Cookie:***@www.etracker.de/ ]

        C:\DOKUMENTE UND EINSTELLUNGEN\***\Cookies\***@a.revenuemax[1].txt [ Cookie:***@a.revenuemax.de/ ]

        C:\DOKUMENTE UND EINSTELLUNGEN\***\Cookies\IWJZBE3I.txt [ Cookie:***@mediaplex.com/ ]

        C:\DOKUMENTE UND EINSTELLUNGEN\***\Cookies\***@www.burstnet[2].txt [ Cookie:***@www.burstnet.com/ ]

        C:\DOKUMENTE UND EINSTELLUNGEN\***\Cookies\***@track.webtrekk[1].txt [ Cookie:***@track.webtrekk.de/141455347332844/ ]

        C:\DOKUMENTE UND EINSTELLUNGEN\***\Cookies\2NDMKWJG.txt [ Cookie:***@www.googleadservices.com/pagead/conversion/1038913304/ ]

        C:\DOKUMENTE UND EINSTELLUNGEN\***\Cookies\***@statse.webtrendslive[2].txt [ Cookie:***@statse.webtrendslive.com/ ]

        C:\DOKUMENTE UND EINSTELLUNGEN\***\Cookies\***@shop.zanox[2].txt [ Cookie:***@shop.zanox.com/ ]

        C:\DOKUMENTE UND EINSTELLUNGEN\***\Cookies\***@atdmt[2].txt [ Cookie:***@atdmt.com/ ]

        C:\DOKUMENTE UND EINSTELLUNGEN\***\Cookies\***@frontlinegmbh.122.2o7[1].txt [ Cookie:***@frontlinegmbh.122.2o7.net/ ]

        C:\DOKUMENTE UND EINSTELLUNGEN\***\Cookies\***@de.sitestat[4].txt [ Cookie:***@de.sitestat.com/otto-de/otto-de/ ]

        C:\DOKUMENTE UND EINSTELLUNGEN\***\Cookies\***@babybel[1].txt [ Cookie:***@babybel.de/tracker/ ]

        C:\DOKUMENTE UND EINSTELLUNGEN\***\Cookies\***@go.dynamic-tracking[1].txt [ Cookie:***@go.dynamic-tracking.de/ ]

        C:\DOKUMENTE UND EINSTELLUNGEN\***\Cookies\99S98ECG.txt [ Cookie:***@advertising.com/ ]

        C:\DOKUMENTE UND EINSTELLUNGEN\***\Cookies\***@www.active-tracking[1].txt [ Cookie:***@www.active-tracking.de/ ]

        C:\DOKUMENTE UND EINSTELLUNGEN\***\Cookies\CHM0LV74.txt [ Cookie:***@tradedoubler.com/ ]

        C:\DOKUMENTE UND EINSTELLUNGEN\***\Cookies\KLODZZM7.txt [ Cookie:***@content.yieldmanager.com/ ]

        C:\DOKUMENTE UND EINSTELLUNGEN\***\Cookies\N63EMRA7.txt [ Cookie:***@track.effiliation.com/servlet/ ]

        C:\DOKUMENTE UND EINSTELLUNGEN\***\Cookies\KQWG0R4O.txt [ Cookie:***@bs.serving-sys.com/ ]

        C:\DOKUMENTE UND EINSTELLUNGEN\***\Cookies\CFWMCNB9.txt [ Cookie:***@zanox-affiliate.de/ ]

        C:\DOKUMENTE UND EINSTELLUNGEN\***\Cookies\***@nextag[2].txt [ Cookie:***@nextag.de/ ]

        C:\DOKUMENTE UND EINSTELLUNGEN\***\Cookies\***@userstats[2].txt [ Cookie:***@userstats.de/ ]

        C:\DOKUMENTE UND EINSTELLUNGEN\***\Cookies\***@server.iad.liveperson[1].txt [ Cookie:***@server.iad.liveperson.net/hc/64975841 ]

        C:\DOKUMENTE UND EINSTELLUNGEN\***\Cookies\***@de.sitestat[2].txt [ Cookie:***@de.sitestat.com/karstadt-de/karstadt/ ]

        C:\DOKUMENTE UND EINSTELLUNGEN\***\Cookies\***@stat.dealtime[1].txt [ Cookie:***@stat.dealtime.com/ ]

        C:\DOKUMENTE UND EINSTELLUNGEN\***\Cookies\***@collective-media[2].txt [ Cookie:***@collective-media.net/ ]

        C:\DOKUMENTE UND EINSTELLUNGEN\***\Cookies\NHKV1C2W.txt [ Cookie:***@ad2.adfarm1.adition.com/ ]

        C:\DOKUMENTE UND EINSTELLUNGEN\***\Cookies\***@sevenoneintermedia.112.2o7[1].txt [ Cookie:***@sevenoneintermedia.112.2o7.net/ ]

        C:\DOKUMENTE UND EINSTELLUNGEN\***\Cookies\OPE790QI.txt [ Cookie:***@www.googleadservices.com/pagead/conversion/1026195524/ ]

        C:\DOKUMENTE UND EINSTELLUNGEN\***\Cookies\N27DYFBA.txt [ Cookie:***@www.zanox-affiliate.de/ ]

        C:\DOKUMENTE UND EINSTELLUNGEN\***\Cookies\***@clickandbuy[2].txt [ Cookie:***@clickandbuy.com/ ]

        C:\DOKUMENTE UND EINSTELLUNGEN\***\Cookies\***@komtrack[2].txt [ Cookie:***@komtrack.com/tr/400038 ]

        C:\DOKUMENTE UND EINSTELLUNGEN\***\Cookies\AWOTJS82.txt [ Cookie:***@e-2dj6wjk4qmczeho.stats.esomniture.com/ ]

        C:\DOKUMENTE UND EINSTELLUNGEN\***\Cookies\F4VRHMIU.txt [ Cookie:***@party-discount.de/ ]

        C:\DOKUMENTE UND EINSTELLUNGEN\***\Cookies\***@track.adform[1].txt [ Cookie:***@track.adform.net/ ]

        C:\DOKUMENTE UND EINSTELLUNGEN\***\Cookies\***@secmedia[2].txt [ Cookie:***@secmedia.de/ ]

        C:\DOKUMENTE UND EINSTELLUNGEN\***\Cookies\***@opodo.122.2o7[1].txt [ Cookie:***@opodo.122.2o7.net/ ]

        C:\DOKUMENTE UND EINSTELLUNGEN\***\Cookies\YPVPZSW4.txt [ Cookie:***@ad4.adfarm1.adition.com/ ]

        C:\DOKUMENTE UND EINSTELLUNGEN\***\Cookies\***@komtrack[1].txt [ Cookie:***@komtrack.com/tr ]

        C:\DOKUMENTE UND EINSTELLUNGEN\***\Cookies\1NIY0G9I.txt [ Cookie:***@ww251.smartadserver.com/ ]

        C:\DOKUMENTE UND EINSTELLUNGEN\***\Cookies\JD8K9T90.txt [ Cookie:***@www.usenext.de/ ]

        C:\DOKUMENTE UND EINSTELLUNGEN\***\Cookies\***@tribalfusion[2].txt [ Cookie:***@tribalfusion.com/ ]

        C:\DOKUMENTE UND EINSTELLUNGEN\***\Cookies\WSSIWQ1S.txt [ Cookie:***@ad3.adfarm1.adition.com/ ]

        C:\DOKUMENTE UND EINSTELLUNGEN\***\Cookies\***@xiti[1].txt [ Cookie:***@xiti.com/ ]

        C:\DOKUMENTE UND EINSTELLUNGEN\***\Cookies\CX89JR3L.txt [ Cookie:***@ad.dyntracker.com/ ]

        C:\DOKUMENTE UND EINSTELLUNGEN\***\Cookies\***@ad.adserver01[1].txt [ Cookie:***@ad.adserver01.de/ ]

        C:\DOKUMENTE UND EINSTELLUNGEN\***\Cookies\***@banner.adlive[2].txt [ Cookie:***@banner.adlive.de/ ]

        C:\DOKUMENTE UND EINSTELLUNGEN\***\Cookies\***@adservercentral[1].txt [ Cookie:***@adservercentral.info/ ]

        C:\DOKUMENTE UND EINSTELLUNGEN\***\Cookies\Q4X2IJWY.txt [ Cookie:***@www.googleadservices.com/pagead/conversion/1072259810/ ]

        C:\DOKUMENTE UND EINSTELLUNGEN\***\Cookies\***@jibjab.112.2o7[1].txt [ Cookie:***@jibjab.112.2o7.net/ ]

        C:\DOKUMENTE UND EINSTELLUNGEN\***\Cookies\***@ad5.adfarm1.adition[2].txt [ Cookie:***@ad5.adfarm1.adition.com/ ]

        C:\DOKUMENTE UND EINSTELLUNGEN\***\Cookies\***@statcounter[1].txt [ Cookie:***@statcounter.com/ ]

        C:\DOKUMENTE UND EINSTELLUNGEN\***\Cookies\***@adbrite[2].txt [ Cookie:***@adbrite.com/ ]

        C:\DOKUMENTE UND EINSTELLUNGEN\***\Cookies\I28PAE83.txt [ Cookie:***@e-2dj6aelygldjido.stats.esomniture.com/ ]

        C:\DOKUMENTE UND EINSTELLUNGEN\***\Cookies\***@tracking.mlsat02[2].txt [ Cookie:***@tracking.mlsat02.de/tmobile/ ]

        C:\DOKUMENTE UND EINSTELLUNGEN\***\Cookies\ZNH9Q5BI.txt [ Cookie:***@ad.dyntracker.de/ ]

        C:\DOKUMENTE UND EINSTELLUNGEN\***\COOKIES\***@ADS.ADSHOPPING[2].TXT [ /ADS.ADSHOPPING ]

        C:\DOKUMENTE UND EINSTELLUNGEN\***\COOKIES\***@BANNER.TESTBERICHTE[2].TXT [ /BANNER.TESTBERICHTE ]

        C:\DOKUMENTE UND EINSTELLUNGEN\***\COOKIES\***@BABYDISCOUNT[2].TXT [ /BABYDISCOUNT ]

        C:\DOKUMENTE UND EINSTELLUNGEN\***\COOKIES\***@AD.ZANOX[1].TXT [ /AD.ZANOX ]

        C:\DOKUMENTE UND EINSTELLUNGEN\***\COOKIES\***@AD.YIELDMANAGER[1].TXT [ /AD.YIELDMANAGER ]

        C:\DOKUMENTE UND EINSTELLUNGEN\***\COOKIES\***@TRACK.EFFILIATION[2].TXT [ /TRACK.EFFILIATION ]

        C:\DOKUMENTE UND EINSTELLUNGEN\***\COOKIES\***@MICROSOFTMACHINETRANSLATION.112.2O7[1].TXT [ /MICROSOFTMACHINETRANSLATION.112.2O7 ]

        C:\DOKUMENTE UND EINSTELLUNGEN\***\COOKIES\***@TRACKING.TCHIBO[1].TXT [ /TRACKING.TCHIBO ]

        C:\DOKUMENTE UND EINSTELLUNGEN\***\COOKIES\***@AD.ADC-SERV[1].TXT [ /AD.ADC-SERV ]

        C:\DOKUMENTE UND EINSTELLUNGEN\***\COOKIES\***@ADS.QUARTERMEDIA[1].TXT [ /ADS.QUARTERMEDIA ]

        C:\DOKUMENTE UND EINSTELLUNGEN\***\COOKIES\***@AD1.CHEFKOCH[1].TXT [ /AD1.CHEFKOCH ]

        C:\DOKUMENTE UND EINSTELLUNGEN\***\COOKIES\***@ADS.PUBMATIC[1].TXT [ /ADS.PUBMATIC ]

        C:\DOKUMENTE UND EINSTELLUNGEN\***\COOKIES\***@TRAFFICTRACK[2].TXT [ /TRAFFICTRACK ]

        C:\DOKUMENTE UND EINSTELLUNGEN\***\COOKIES\***@MEDIAPLEX[2].TXT [ /MEDIAPLEX ]

        C:\DOKUMENTE UND EINSTELLUNGEN\***\COOKIES\***@AD.BOREUS[1].TXT [ /AD.BOREUS ]

        C:\DOKUMENTE UND EINSTELLUNGEN\***\COOKIES\***@IM.BANNER.T-ONLINE[3].TXT [ /IM.BANNER.T-ONLINE ]

        C:\DOKUMENTE UND EINSTELLUNGEN\***\COOKIES\***@IM.BANNER.T-ONLINE[1].TXT [ /IM.BANNER.T-ONLINE ]

        C:\DOKUMENTE UND EINSTELLUNGEN\***\COOKIES\***@TRACKING.HANNOVERSCHE[2].TXT [ /TRACKING.HANNOVERSCHE ]

        C:\DOKUMENTE UND EINSTELLUNGEN\***\COOKIES\***@AXELSPRINGER.122.2O7[1].TXT [ /AXELSPRINGER.122.2O7 ]

        C:\DOKUMENTE UND EINSTELLUNGEN\***\COOKIES\***@EAS.APM.EMEDIATE[2].TXT [ /EAS.APM.EMEDIATE ]

        C:\DOKUMENTE UND EINSTELLUNGEN\***\COOKIES\***@ROTATOR.ADJUGGLER[2].TXT [ /ROTATOR.ADJUGGLER ]

        C:\DOKUMENTE UND EINSTELLUNGEN\***\COOKIES\***@SERVER.IAD.LIVEPERSON[2].TXT [ /SERVER.IAD.LIVEPERSON ]

        C:\DOKUMENTE UND EINSTELLUNGEN\***\COOKIES\***@ADS.MEDIENHAUS[1].TXT [ /ADS.MEDIENHAUS ]

        C:\DOKUMENTE UND EINSTELLUNGEN\***\COOKIES\***@DC.TREMORMEDIA[2].TXT [ /DC.TREMORMEDIA ]

        C:\DOKUMENTE UND EINSTELLUNGEN\***\COOKIES\***@FL01.CT2.COMCLICK[1].TXT [ /FL01.CT2.COMCLICK ]

        C:\DOKUMENTE UND EINSTELLUNGEN\***\COOKIES\***@KEYWORD-ADVERTISING.WEB[1].TXT [ /KEYWORD-ADVERTISING.WEB ]

        C:\DOKUMENTE UND EINSTELLUNGEN\***\COOKIES\***@ZEDO[1].TXT [ /ZEDO ]

        C:\DOKUMENTE UND EINSTELLUNGEN\***\COOKIES\***@ADFARM1.ADITION[2].TXT [ /ADFARM1.ADITION ]

        C:\DOKUMENTE UND EINSTELLUNGEN\***\COOKIES\***@TRACKING.KLICKTEL[1].TXT [ /TRACKING.KLICKTEL ]

        C:\DOKUMENTE UND EINSTELLUNGEN\***\COOKIES\***@AD.ADNET[2].TXT [ /AD.ADNET ]

        C:\DOKUMENTE UND EINSTELLUNGEN\***\COOKIES\***@ADS.123RECHT[1].TXT [ /ADS.123RECHT ]

        C:\DOKUMENTE UND EINSTELLUNGEN\***\COOKIES\***@STAT.ALDI[2].TXT [ /STAT.ALDI ]

        C:\DOKUMENTE UND EINSTELLUNGEN\***\COOKIES\***@ZANOX[2].TXT [ /ZANOX ]

        C:\DOKUMENTE UND EINSTELLUNGEN\***\COOKIES\***@IMRWORLDWIDE[2].TXT [ /IMRWORLDWIDE ]

        C:\DOKUMENTE UND EINSTELLUNGEN\***\COOKIES\***@ADS2.WWE[2].TXT [ /ADS2.WWE ]

        C:\DOKUMENTE UND EINSTELLUNGEN\***\COOKIES\***@STATS.SEARCHTRACK[1].TXT [ /STATS.SEARCHTRACK ]

        C:\DOKUMENTE UND EINSTELLUNGEN\***\COOKIES\***@AD.TRIPLEMIND[1].TXT [ /AD.TRIPLEMIND ]

        C:\DOKUMENTE UND EINSTELLUNGEN\***\COOKIES\***@AD1.ADFARM1.ADITION[1].TXT [ /AD1.ADFARM1.ADITION ]

        C:\DOKUMENTE UND EINSTELLUNGEN\***\COOKIES\***@ADSERVER.S-IMMOBILIEN-MAINFRANKEN[1].TXT [ /ADSERVER.S-IMMOBILIEN-MAINFRANKEN ]

        C:\DOKUMENTE UND EINSTELLUNGEN\***\COOKIES\***@2O7[2].TXT [ /2O7 ]