Trojaner-Board - kazy.mekml.1 auch bei mir , ich bin auch dabei

Trojaner-Board (https://www.trojaner-board.de/)

- Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)

- - kazy.mekml.1 auch bei mir , ich bin auch dabei (https://www.trojaner-board.de/97912-kazy-mekml-1-mir-dabei.html)

kazy.mekml.1 auch bei mir , ich bin auch dabei

Mich hats gestern beim surfen auch erwischt.

Anti-Malware-Log

Anhang 16214

OTL-Log

Anhang 16213

Danke im voraus für die Hilfe.

Zitat:

Art des Suchlaufs: Quick-Scan

Hallo und :hallo:

Bitte routinemäßig einen Vollscan mit malwarebytes machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!

Anhang 16214 ist das Log von Malwarebytes.

Ich lass es nochmals laufen und poste dann das Log

Nach dem Lauf von Malwarebytes ist folgendes rausgekommen.

Anhang 16251

Gruß

Michael

Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:

:OTL

FF - prefs.js..browser.search.defaultenginename: "Yoog Search"

FF - prefs.js..browser.search.defaulturl: "http://www15.yoog.com/search.php?q="

FF - prefs.js..browser.search.selectedEngine: "Yoog Search"

FF - prefs.js..keyword.URL: "http://www15.yoog.com/search.php?q="

FF - prefs.js..network.proxy.no_proxies_on: ""

FF - prefs.js..network.proxy.type: 4

FF - user.js..browser.search.selectedEngine: "Yoog Search"

FF - user.js..keyword.URL: "http://www15.yoog.com/search.php?q="

FF - user.js..keyword.enabled: true

FF - user.js..browser.search.defaultenginename: "Yoog Search"

FF - user.js..browser.search.defaulturl: "http://www15.yoog.com/search.php?q="

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O33 - MountPoints2\F\Shell - "" = AutoRun

O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\Bin\assetup.exe

@Alternate Data Stream - 102 bytes -> C:\ProgramData\TEMP:CB0AACC9

:Commands

[purity]

[resethosts]

[emptytemp]

Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hier ist mal das Log

Anhang 16429

Nur nach dem Start könnte ich im OTL den Fix-Button nicht nützen.

Die Meldung: "Es wurde kein Fix vorgesehen. Klicke auf OK um einen Fix von einer Datei zu laden oder auf Abbrechen um den Fix zu beenden." kommt.

Bitte nun dieses Tool von Kaspersky ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, bitte unhide ausführen:
Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop.
Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )
http://www.trojaner-board.de/images/icons/icon4.gif Vista und 7 User müssen das Tool per Rechtsklick als Administrator ausführen! http://www.trojaner-board.de/images/icons/icon4.gif

Hier der Report:
2011/04/26 17:58:03.0170 2248 TDSS rootkit removing tool 2.4.21.0 Mar 10 2011 12:26:28
2011/04/26 17:58:03.0321 2248 ================================================================================
2011/04/26 17:58:03.0321 2248 SystemInfo:
2011/04/26 17:58:03.0321 2248
2011/04/26 17:58:03.0321 2248 OS Version: 6.0.6002 ServicePack: 2.0
2011/04/26 17:58:03.0321 2248 Product type: Workstation
2011/04/26 17:58:03.0321 2248 ComputerName: MITSCH-PC
2011/04/26 17:58:03.0321 2248 UserName: Mitsch
2011/04/26 17:58:03.0321 2248 Windows directory: C:\Windows
2011/04/26 17:58:03.0321 2248 System windows directory: C:\Windows
2011/04/26 17:58:03.0321 2248 Processor architecture: Intel x86
2011/04/26 17:58:03.0321 2248 Number of processors: 2
2011/04/26 17:58:03.0321 2248 Page size: 0x1000
2011/04/26 17:58:03.0321 2248 Boot type: Normal boot
2011/04/26 17:58:03.0321 2248 ================================================================================
2011/04/26 17:58:04.0249 2248 Initialize success
2011/04/26 17:58:14.0596 2656 ================================================================================
2011/04/26 17:58:14.0597 2656 Scan started
2011/04/26 17:58:14.0597 2656 Mode: Manual;
2011/04/26 17:58:14.0597 2656 ================================================================================
2011/04/26 17:58:15.0546 2656 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
2011/04/26 17:58:15.0675 2656 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
2011/04/26 17:58:15.0786 2656 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
2011/04/26 17:58:15.0942 2656 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
2011/04/26 17:58:16.0097 2656 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
2011/04/26 17:58:16.0291 2656 AFD (a201207363aa900abf1a388468688570) C:\Windows\system32\drivers\afd.sys
2011/04/26 17:58:16.0389 2656 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
2011/04/26 17:58:16.0406 2656 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
2011/04/26 17:58:16.0710 2656 ALCXWDM (75d32999d2711f8a5ca49ffd0cbb9abb) C:\Windows\system32\drivers\RTKVAC.SYS
2011/04/26 17:58:16.0973 2656 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
2011/04/26 17:58:17.0048 2656 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
2011/04/26 17:58:17.0078 2656 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
2011/04/26 17:58:17.0093 2656 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
2011/04/26 17:58:17.0168 2656 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\DRIVERS\amdk8.sys
2011/04/26 17:58:17.0208 2656 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
2011/04/26 17:58:17.0227 2656 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
2011/04/26 17:58:17.0314 2656 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/04/26 17:58:17.0346 2656 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
2011/04/26 17:58:17.0669 2656 atikmdag (632a5be70d168b84f658a82ac8dbbead) C:\Windows\system32\DRIVERS\atikmdag.sys
2011/04/26 17:58:17.0851 2656 avgio (0b497c79824f8e1bf22fa6aacd3de3a0) C:\Program Files\Avira\AntiVir Desktop\avgio.sys
2011/04/26 17:58:17.0932 2656 avgntflt (14fe36d8f2c6a2435275338d061a0b66) C:\Windows\system32\DRIVERS\avgntflt.sys
2011/04/26 17:58:17.0970 2656 avipbb (6d52060b59e7d79cd2a044b6add1f1ef) C:\Windows\system32\DRIVERS\avipbb.sys
2011/04/26 17:58:18.0047 2656 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
2011/04/26 17:58:18.0092 2656 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
2011/04/26 17:58:18.0125 2656 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
2011/04/26 17:58:18.0196 2656 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
2011/04/26 17:58:18.0211 2656 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
2011/04/26 17:58:18.0238 2656 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
2011/04/26 17:58:18.0260 2656 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
2011/04/26 17:58:18.0271 2656 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
2011/04/26 17:58:18.0289 2656 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
2011/04/26 17:58:18.0307 2656 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
2011/04/26 17:58:18.0431 2656 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
2011/04/26 17:58:18.0541 2656 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
2011/04/26 17:58:18.0682 2656 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
2011/04/26 17:58:18.0823 2656 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
2011/04/26 17:58:18.0975 2656 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
2011/04/26 17:58:19.0063 2656 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\drivers\compbatt.sys
2011/04/26 17:58:19.0193 2656 cpuz134 (75fa19142531cbf490770c2988a7db64) C:\Windows\system32\drivers\cpuz134_x32.sys
2011/04/26 17:58:19.0223 2656 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
2011/04/26 17:58:19.0249 2656 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
2011/04/26 17:58:19.0362 2656 DfsC (218d8ae46c88e82014f5d73d0236d9b2) C:\Windows\system32\Drivers\dfsc.sys
2011/04/26 17:58:19.0416 2656 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
2011/04/26 17:58:19.0499 2656 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
2011/04/26 17:58:19.0655 2656 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
2011/04/26 17:58:19.0726 2656 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
2011/04/26 17:58:19.0791 2656 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
2011/04/26 17:58:19.0905 2656 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
2011/04/26 17:58:19.0928 2656 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
2011/04/26 17:58:19.0985 2656 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
2011/04/26 17:58:20.0079 2656 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
2011/04/26 17:58:20.0103 2656 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
2011/04/26 17:58:20.0130 2656 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
2011/04/26 17:58:20.0217 2656 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
2011/04/26 17:58:20.0235 2656 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/04/26 17:58:20.0279 2656 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
2011/04/26 17:58:20.0434 2656 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
2011/04/26 17:58:20.0554 2656 FWLANUSB (ff12fa487265da2ac7de4be53f72ff1a) C:\Windows\system32\DRIVERS\fwlanusb.sys
2011/04/26 17:58:20.0632 2656 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
2011/04/26 17:58:20.0661 2656 giveio (77ebf3e9386daa51551af429052d88d0) C:\Windows\system32\giveio.sys
2011/04/26 17:58:20.0807 2656 HdAudAddService (3f90e001369a07243763bd5a523d8722) C:\Windows\system32\drivers\HdAudio.sys
2011/04/26 17:58:20.0917 2656 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/04/26 17:58:20.0949 2656 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
2011/04/26 17:58:21.0032 2656 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
2011/04/26 17:58:21.0108 2656 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
2011/04/26 17:58:21.0156 2656 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
2011/04/26 17:58:21.0201 2656 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
2011/04/26 17:58:21.0261 2656 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
2011/04/26 17:58:21.0309 2656 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/04/26 17:58:21.0335 2656 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
2011/04/26 17:58:21.0389 2656 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
2011/04/26 17:58:21.0445 2656 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
2011/04/26 17:58:21.0459 2656 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
2011/04/26 17:58:21.0484 2656 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/04/26 17:58:21.0565 2656 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
2011/04/26 17:58:21.0583 2656 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
2011/04/26 17:58:21.0601 2656 irda (e50a95179211b12946f7e035d60af560) C:\Windows\system32\DRIVERS\irda.sys
2011/04/26 17:58:21.0615 2656 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
2011/04/26 17:58:21.0696 2656 irsir (5896b5ff6332ab2be1582523e9656a67) C:\Windows\system32\DRIVERS\irsir.sys
2011/04/26 17:58:21.0743 2656 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
2011/04/26 17:58:21.0782 2656 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/04/26 17:58:21.0914 2656 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
2011/04/26 17:58:21.0966 2656 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
2011/04/26 17:58:22.0018 2656 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/04/26 17:58:22.0103 2656 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/04/26 17:58:22.0216 2656 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
2011/04/26 17:58:22.0374 2656 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
2011/04/26 17:58:22.0413 2656 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
2011/04/26 17:58:22.0431 2656 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
2011/04/26 17:58:22.0467 2656 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
2011/04/26 17:58:22.0536 2656 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
2011/04/26 17:58:22.0559 2656 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
2011/04/26 17:58:22.0597 2656 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
2011/04/26 17:58:22.0691 2656 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
2011/04/26 17:58:22.0739 2656 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
2011/04/26 17:58:22.0756 2656 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
2011/04/26 17:58:22.0809 2656 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
2011/04/26 17:58:22.0839 2656 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
2011/04/26 17:58:22.0859 2656 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
2011/04/26 17:58:22.0880 2656 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
2011/04/26 17:58:22.0989 2656 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
2011/04/26 17:58:23.0047 2656 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
2011/04/26 17:58:23.0078 2656 mrxsmb (5fe5cf325f5b02ebc60832d3440cb414) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/04/26 17:58:23.0116 2656 mrxsmb10 (30b9c769446af379a2afb72b0392604d) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/04/26 17:58:23.0144 2656 mrxsmb20 (fea239b3ec4877e2b7e23204af589ddf) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/04/26 17:58:23.0173 2656 msahci (28023e86f17001f7cd9b15a5bc9ae07d) C:\Windows\system32\drivers\msahci.sys
2011/04/26 17:58:23.0212 2656 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
2011/04/26 17:58:23.0282 2656 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
2011/04/26 17:58:23.0306 2656 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
2011/04/26 17:58:23.0364 2656 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
2011/04/26 17:58:23.0381 2656 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/04/26 17:58:23.0415 2656 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
2011/04/26 17:58:23.0480 2656 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
2011/04/26 17:58:23.0539 2656 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/04/26 17:58:23.0643 2656 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
2011/04/26 17:58:23.0745 2656 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
2011/04/26 17:58:23.0781 2656 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
2011/04/26 17:58:23.0808 2656 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
2011/04/26 17:58:23.0900 2656 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/04/26 17:58:23.0911 2656 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/04/26 17:58:23.0949 2656 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/04/26 17:58:24.0016 2656 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
2011/04/26 17:58:24.0050 2656 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
2011/04/26 17:58:24.0134 2656 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
2011/04/26 17:58:24.0204 2656 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
2011/04/26 17:58:24.0371 2656 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
2011/04/26 17:58:24.0419 2656 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
2011/04/26 17:58:24.0515 2656 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
2011/04/26 17:58:24.0627 2656 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
2011/04/26 17:58:24.0642 2656 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
2011/04/26 17:58:24.0715 2656 NVENETFD (d958a2b5f6ad5c3b8ccdc4d7da62466c) C:\Windows\system32\DRIVERS\nvmfdx32.sys
2011/04/26 17:58:24.0802 2656 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
2011/04/26 17:58:24.0819 2656 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
2011/04/26 17:58:24.0846 2656 nvstor32 (8ee374b6fb3cb2bb8d70395218b464a5) C:\Windows\system32\DRIVERS\nvstor32.sys
2011/04/26 17:58:24.0939 2656 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
2011/04/26 17:58:24.0980 2656 ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\drivers\ohci1394.sys
2011/04/26 17:58:25.0127 2656 Parport (8a79fdf04a73428597e2caf9d0d67850) C:\Windows\system32\DRIVERS\parport.sys
2011/04/26 17:58:25.0184 2656 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
2011/04/26 17:58:25.0221 2656 Parvdm (6c580025c81caf3ae9e3617c22cad00e) C:\Windows\system32\DRIVERS\parvdm.sys
2011/04/26 17:58:25.0307 2656 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
2011/04/26 17:58:25.0344 2656 pciide (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys
2011/04/26 17:58:25.0449 2656 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
2011/04/26 17:58:25.0631 2656 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
2011/04/26 17:58:25.0775 2656 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
2011/04/26 17:58:25.0801 2656 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\DRIVERS\processr.sys
2011/04/26 17:58:25.0853 2656 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
2011/04/26 17:58:25.0936 2656 PxHelp20 (49452bfcec22f36a7a9b9c2181bc3042) C:\Windows\system32\Drivers\PxHelp20.sys
2011/04/26 17:58:26.0192 2656 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
2011/04/26 17:58:26.0292 2656 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
2011/04/26 17:58:26.0316 2656 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
2011/04/26 17:58:26.0331 2656 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
2011/04/26 17:58:26.0429 2656 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/04/26 17:58:26.0546 2656 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/04/26 17:58:26.0568 2656 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
2011/04/26 17:58:26.0668 2656 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
2011/04/26 17:58:26.0697 2656 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/04/26 17:58:26.0879 2656 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
2011/04/26 17:58:27.0038 2656 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
2011/04/26 17:58:27.0164 2656 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
2011/04/26 17:58:27.0289 2656 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
2011/04/26 17:58:27.0336 2656 RTHDMIAzAudService (a95b16ff762ff217847b97e6f05778ee) C:\Windows\system32\drivers\RtHDMIV.sys
2011/04/26 17:58:27.0416 2656 RTL8169 (174b9514cd1a0c33ce4bbc02a3c81a62) C:\Windows\system32\DRIVERS\Rtlh86.sys
2011/04/26 17:58:27.0447 2656 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
2011/04/26 17:58:27.0496 2656 scsiscan (8f96f3a2cf6f5830c69e0d1393e23fb6) C:\Windows\system32\DRIVERS\scsiscan.sys
2011/04/26 17:58:27.0584 2656 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2011/04/26 17:58:27.0615 2656 Serenum (ce9ec966638ef0b10b864ddedf62a099) C:\Windows\system32\DRIVERS\serenum.sys
2011/04/26 17:58:27.0634 2656 Serial (6d663022db3e7058907784ae14b69898) C:\Windows\system32\DRIVERS\serial.sys
2011/04/26 17:58:27.0775 2656 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
2011/04/26 17:58:27.0946 2656 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
2011/04/26 17:58:28.0050 2656 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
2011/04/26 17:58:28.0132 2656 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
2011/04/26 17:58:28.0187 2656 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
2011/04/26 17:58:28.0290 2656 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
2011/04/26 17:58:28.0308 2656 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
2011/04/26 17:58:28.0330 2656 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
2011/04/26 17:58:28.0436 2656 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
2011/04/26 17:58:28.0552 2656 speedfan (5d6401db90ec81b71f8e2c5c8f0fef23) C:\Windows\system32\speedfan.sys
2011/04/26 17:58:28.0599 2656 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
2011/04/26 17:58:28.0732 2656 sptd (1a606a8d611816adc47d2b25dbedcb1f) C:\Windows\system32\Drivers\sptd.sys
2011/04/26 17:58:28.0732 2656 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: 1a606a8d611816adc47d2b25dbedcb1f
2011/04/26 17:58:28.0736 2656 sptd - detected Locked file (1)
2011/04/26 17:58:29.0234 2656 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
2011/04/26 17:58:29.0341 2656 srv2 (a5940ca32ed206f90be9fabdf6e92de4) C:\Windows\system32\DRIVERS\srv2.sys
2011/04/26 17:58:29.0368 2656 srvnet (37aa1d560d5fa486c4b11c2f276ada61) C:\Windows\system32\DRIVERS\srvnet.sys
2011/04/26 17:58:29.0400 2656 ssmdrv (5ec550b8952882ee856b862cf648522d) C:\Windows\system32\DRIVERS\ssmdrv.sys
2011/04/26 17:58:29.0490 2656 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
2011/04/26 17:58:29.0538 2656 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
2011/04/26 17:58:29.0673 2656 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
2011/04/26 17:58:29.0769 2656 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
2011/04/26 17:58:29.0821 2656 tbhsd (0a396237c3c4164de12d7c26450bd69c) C:\Windows\system32\drivers\tbhsd.sys
2011/04/26 17:58:29.0910 2656 Tcpip (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\drivers\tcpip.sys
2011/04/26 17:58:30.0246 2656 Tcpip6 (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\DRIVERS\tcpip.sys
2011/04/26 17:58:30.0384 2656 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
2011/04/26 17:58:30.0506 2656 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
2011/04/26 17:58:30.0593 2656 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
2011/04/26 17:58:30.0696 2656 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
2011/04/26 17:58:30.0738 2656 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
2011/04/26 17:58:30.0992 2656 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/04/26 17:58:31.0663 2656 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
2011/04/26 17:58:31.0841 2656 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
2011/04/26 17:58:31.0922 2656 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
2011/04/26 17:58:32.0241 2656 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
2011/04/26 17:58:32.0750 2656 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
2011/04/26 17:58:33.0002 2656 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
2011/04/26 17:58:33.0573 2656 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
2011/04/26 17:58:33.0713 2656 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
2011/04/26 17:58:33.0789 2656 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
2011/04/26 17:58:34.0358 2656 usbaudio (32db9517628ff0d070682aab61e688f0) C:\Windows\system32\drivers\usbaudio.sys
2011/04/26 17:58:35.0378 2656 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/04/26 17:58:35.0833 2656 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
2011/04/26 17:58:36.0843 2656 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
2011/04/26 17:58:38.0075 2656 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
2011/04/26 17:58:38.0301 2656 usbohci (ce697fee0d479290d89bec80dfe793b7) C:\Windows\system32\DRIVERS\usbohci.sys
2011/04/26 17:58:38.0735 2656 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
2011/04/26 17:58:39.0035 2656 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
2011/04/26 17:58:39.0121 2656 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/04/26 17:58:39.0420 2656 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/04/26 17:58:39.0675 2656 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/04/26 17:58:39.0806 2656 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
2011/04/26 17:58:40.0059 2656 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
2011/04/26 17:58:40.0458 2656 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
2011/04/26 17:58:40.0566 2656 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
2011/04/26 17:58:40.0738 2656 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
2011/04/26 17:58:41.0101 2656 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
2011/04/26 17:58:41.0794 2656 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
2011/04/26 17:58:42.0133 2656 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
2011/04/26 17:58:42.0287 2656 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
2011/04/26 17:58:42.0744 2656 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/04/26 17:58:42.0786 2656 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/04/26 17:58:42.0821 2656 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
2011/04/26 17:58:43.0323 2656 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
2011/04/26 17:58:43.0745 2656 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
2011/04/26 17:58:44.0435 2656 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
2011/04/26 17:58:44.0730 2656 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/04/26 17:58:44.0791 2656 ================================================================================
2011/04/26 17:58:44.0791 2656 Scan finished
2011/04/26 17:58:44.0791 2656 ================================================================================
2011/04/26 17:58:44.0799 3560 Detected object count: 1
2011/04/26 17:59:22.0366 3560 Locked file(sptd) - User select action: Skip

___________________________

Danke nochmals für die Hilfe.

Wars das nun?

Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix

Lade dir ComboFix hier herunter auf deinen Desktop. Benenne es beim Runterladen um in cofi.exe.

http://saved.im/mtm0nzyzmzd5/cofi.jpg

Dann folgende Anleitung durchlesen und abarbeiten -> CCleaner Systembereinigung

Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.

Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.

Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.

Wichtiger Hinweis:

Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

So, COFI ist durch:

Das Log:Combofix Logfile:

Code:

ComboFix 11-04-26.01 - Mitsch 26.04.2011  23:15:02.1.2 - x86

Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.49.1031.18.3071.2058 [GMT 2:00]

ausgeführt von:: c:\users\Mitsch\Desktop\cofi.exe

AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}

SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\users\Mitsch\AppData\Roaming\ImgBurn.exe

c:\users\Mitsch\setup_Mueller_Fotowelt.exe

.

.

(((((((((((((((((((((((   Dateien erstellt von 2011-03-26 bis 2011-04-26  ))))))))))))))))))))))))))))))

.

.

2011-04-26 21:10 . 2011-04-26 21:10        --------        d-----w-        c:\program files\CCleaner

2011-04-26 14:17 . 2011-04-11 07:04        7071056        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{37FE8189-998C-4DC0-82DA-2B2EAEA17947}\mpengine.dll

2011-04-24 19:51 . 2011-04-24 19:51        --------        d-----w-        C:\_OTL

2011-04-23 15:43 . 2011-02-05 06:20        94208        ----a-w-        c:\program files\Internet Explorer\de\iediag.resources.dll

2011-04-23 15:43 . 2011-04-23 15:43        94208        ----a-w-        c:\program files\Internet Explorer\en\iediag.resources.dll

2011-04-23 15:41 . 2011-04-23 15:41        --------        d-----w-        c:\program files\Feedback Tool

2011-04-22 07:51 . 2011-04-22 07:51        --------        d-----w-        c:\users\Mitsch\AppData\Roaming\Malwarebytes

2011-04-22 07:51 . 2010-12-20 16:09        38224        ----a-w-        c:\windows\system32\drivers\mbamswissarmy.sys

2011-04-22 07:51 . 2011-04-22 07:51        --------        d-----w-        c:\programdata\Malwarebytes

2011-04-22 07:50 . 2011-04-22 07:51        --------        d-----w-        c:\program files\Malwarebytes' Anti-Malware

2011-04-22 07:50 . 2010-12-20 16:08        20952        ----a-w-        c:\windows\system32\drivers\mbam.sys

2011-04-21 21:07 . 2006-06-19 11:01        69632        ----a-w-        c:\windows\system32\ztvcabinet.dll

2011-04-21 21:07 . 2006-05-25 13:52        162304        ----a-w-        c:\windows\system32\ztvunrar36.dll

2011-04-21 21:07 . 2005-08-25 23:50        77312        ----a-w-        c:\windows\system32\ztvunace26.dll

2011-04-21 21:07 . 2002-03-05 23:00        75264        ----a-w-        c:\windows\system32\unacev2.dll

2011-04-21 21:07 . 2003-02-02 18:06        153088        ----a-w-        c:\windows\system32\UNRAR3.dll

.

.

.

((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-03-16 18:54 . 2009-07-27 13:13        927706        ----a-w-        c:\users\Mitsch\AppData\Roaming\mdbu.bin

2011-02-22 14:13 . 2011-03-23 15:29        288768        ----a-w-        c:\windows\system32\XpsGdiConverter.dll

2011-02-22 13:33 . 2011-03-23 15:29        1068544        ----a-w-        c:\windows\system32\DWrite.dll

2011-02-22 13:33 . 2011-03-23 15:29        797696        ----a-w-        c:\windows\system32\FntCache.dll

2011-02-02 16:11 . 2009-10-02 15:46        222080        ------w-        c:\windows\system32\MpSigStub.exe

.

.

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))

.

.

*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 

REGEDIT4

.

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{57BCA5FA-5DBB-45a2-B558-1755C3F6253B}"= "c:\program files\Winamp Toolbar\winamptb.dll" [2009-02-19 1262888]

.

[HKEY_CLASSES_ROOT\clsid\{57bca5fa-5dbb-45a2-b558-1755c3f6253b}]

[HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch.1]

[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]

[HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch]

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"aux"=wdmaud.drv

.

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Microsoft Office.lnk]

path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk

backup=c:\windows\pss\Microsoft Office.lnk.CommonStartup

backupExtension=.CommonStartup

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

2008-01-11 20:16        39792        ----a-w-        c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonMyPrinter]

2007-04-04 01:50        1603152        ----a-w-        c:\program files\Canon\MyPrinter\BJMYPRT.EXE

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonSolutionMenu]

2007-05-15 01:01        644696        ----a-w-        c:\program files\Canon\SolutionMenu\CNSLMAIN.EXE

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2009-01-05 14:18        413696        ----a-w-        c:\program files\QuickTime\QTTask.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]

2009-04-11 06:28        1233920        ----a-w-        c:\program files\Windows Sidebar\sidebar.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Tunebite]

2008-06-12 10:14        6366512        ----a-w-        c:\program files\RapidSolution\Tunebite\Tunebite.exe

.

R1 ntiomin;ntiomin; [x]

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R3 DfSdkS;Defragmentation-Service;c:\program files\Ashampoo\Ashampoo WinOptimizer 7\Dfsdks.exe [2009-08-24 406016]

R3 FWLANUSB;AVM FRITZ!WLAN;c:\windows\system32\DRIVERS\fwlanusb.sys [2009-05-07 265088]

R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2010-03-25 30969208]

R3 scsiscan;Microsoft SCSI/1394 Generic Scanner Class;c:\windows\system32\DRIVERS\scsiscan.sys [2008-01-21 14848]

R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]

S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2009-12-05 721904]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-07-02 176128]

S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2009-05-13 108289]

S2 cpuz134;cpuz134;c:\windows\system32\drivers\cpuz134_x32.sys [2010-07-09 20328]

S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]

S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

LocalServiceAndNoImpersonation        REG_MULTI_SZ           FontCache

.

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]

2011-03-04 10:29        451872        ----a-w-        c:\program files\Common Files\LightScribe\LSRunOnce.exe

.

Inhalt des "geplante Tasks" Ordners

.

.

------- Zusätzlicher Suchlauf -------

.

uStart Page = hxxp://www.google.de/

IE: &Winamp Search - c:\programdata\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html

IE: An OneNote s&enden - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105

IE: Nach Microsoft E&xcel exportieren - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000

FF - ProfilePath - c:\users\Mitsch\AppData\Roaming\Mozilla\Firefox\Profiles\02hiex44.default\

FF - prefs.js: browser.search.defaulturl - 

FF - prefs.js: browser.search.selectedEngine - 

FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/webhp?hl=de

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}

FF - Ext: Google Toolbar for Firefox: {3112ca9c-de6d-4884-a869-9855de68056c} - %profile%\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

FF - Ext: Google Toolbar for Firefox: {3112ca9c-de6d-4884-a869-9855de68056c} - c:\programdata\Mozilla\Firefox Extensions\{3112ca9c-de6d-4884-a869-9855de68056c}

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension

.

- - - - Entfernte verwaiste Registrierungseinträge - - - -

.

MSConfigStartUp-Google Desktop Search - c:\program files\Google\Google Desktop Search\GoogleDesktop.exe

MSConfigStartUp-NapsterShell - c:\program files\Napster\napster.exe

MSConfigStartUp-tunebite - c:\program files\tunebite2\tunebite.exe

AddRemove-{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC} - c:\program files\Realtek\Audio\HDA\RtlUpd.exe

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover

Rootkit scan 2011-04-26 23:22

Windows 6.0.6002 Service Pack 2 NTFS

.

Scanne versteckte Prozesse... 

.

Scanne versteckte Autostarteinträge... 

.

Scanne versteckte Dateien... 

.

Scan erfolgreich abgeschlossen

versteckte Dateien: 0

.

**************************************************************************

.

--------------------- Gesperrte Registrierungsschluessel ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

Zeit der Fertigstellung: 2011-04-26  23:26:23

ComboFix-quarantined-files.txt  2011-04-26 21:26

.

Vor Suchlauf: 4.736.249.856 Bytes frei

Nach Suchlauf: 4.418.805.760 Bytes frei

.

- - End Of File - - CD2B7A2368877EE05CACADC7002F11D9

--- --- ---

Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.

Downloade Dir danach bitte MBRCheck (by a_d_13) und speichere die Datei auf dem Desktop.

Doppelklick auf die MBRCheck.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Das Tool braucht nur wenige Sekunden.
Danach solltest du eine MBRCheck_<Datum>_<Uhrzeit>.txt auf dem Desktop finden.

Poste mir bitte den Inhalt des .txt Dokumentes

So, guten Abend.

Weiter gehts.

Osam.Log:OSAM Logfile:

Code:

Report of OSAM: Autorun Manager v5.0.11926.0

Online Solutions. Complex Protection for Information Systems

Saved at 17:14:06 on 28.04.2011
 

OS: Windows Vista Home Premium Edition Service Pack 2 (Build 6002), 32-bit

Default Browser: Mozilla Corporation Firefox 3.6.16
 

Scanner Settings

[x] Rootkits detection (hidden registry)

[x] Rootkits detection (hidden files)

[x] Retrieve files information

[x] Check Microsoft signatures
 

Filters

[ ] Trusted entries

[ ] Empty entries

[x] Hidden registry entries (rootkit activity)

[x] Exclusively opened files

[x] Not found files

[x] Files without detailed information

[x] Existing files

[ ] Non-startable services

[ ] Non-startable drivers

[x] Active entries

[x] Disabled entries
 
 

[Control Panel Objects]

-----( %SystemRoot%\system32 )-----

"ALSNDMGR.CPL" - ? - C:\Windows\system32\ALSNDMGR.CPL  (File signed by Microsoft | File found, but it contains no detailed information)

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----

"mlcfg32.cpl" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office14\MLCFG32.CPL

"QuickTime" - "Apple Inc." - C:\Program Files\QuickTime\QTSystem\QuickTime.cpl
 

[Drivers]

-----( HKLM\SYSTEM\CurrentControlSet\Services )-----

"avgio" (avgio) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\avgio.sys

"avgntflt" (avgntflt) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avgntflt.sys

"avipbb" (avipbb) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avipbb.sys

"catchme" (catchme) - ? - C:\Users\Mitsch\AppData\Local\Temp\catchme.sys  (File not found)

"cpuz134" (cpuz134) - "Windows (R) Win 7 DDK provider" - C:\Windows\system32\drivers\cpuz134_x32.sys

"giveio" (giveio) - ? - C:\Windows\System32\giveio.sys  (File found, but it contains no detailed information)

"IP in IP Tunnel Driver" (IpInIp) - ? - C:\Windows\System32\DRIVERS\ipinip.sys  (File not found)

"IPX Traffic Filter Driver" (NwlnkFlt) - ? - C:\Windows\System32\DRIVERS\nwlnkflt.sys  (File not found)

"IPX Traffic Forwarder Driver" (NwlnkFwd) - ? - C:\Windows\System32\DRIVERS\nwlnkfwd.sys  (File not found)

"LGE Mobile Composite USB Device" (usbbus) - ? - C:\Windows\System32\DRIVERS\lgusbbus.sys  (File not found)

"LGE Mobile USB Modem" (USBModem) - ? - C:\Windows\System32\DRIVERS\lgusbmodem.sys  (File not found)

"LGE Mobile USB Serial Port" (UsbDiag) - ? - C:\Windows\System32\DRIVERS\lgusbdiag.sys  (File not found)

"ntiomin" (ntiomin) - ? - C:\Windows\system32\drivers\ntiomin.sys  (File not found)

"PxHelp20" (PxHelp20) - "Sonic Solutions" - C:\Windows\System32\Drivers\PxHelp20.sys

"speedfan" (speedfan) - "Windows (R) 2000 DDK provider" - C:\Windows\System32\speedfan.sys

"sptd" (sptd) - "Duplex Secure Ltd." - C:\Windows\System32\Drivers\sptd.sys  (File is exclusively opened, access blocked)

"ssmdrv" (ssmdrv) - "Avira GmbH" - C:\Windows\System32\DRIVERS\ssmdrv.sys
 

[Explorer]

-----( HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----

{BDEADF00-C265-11d0-BCED-00A0C90AB50F} "Webordner" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL

-----( HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components )-----

{10880D85-AAD9-4558-ABDC-2AB1552D831F} "LightScribe Control Panel" - "Hewlett-Packard Company" - "C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"

-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----

{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll

-----( HKLM\Software\Classes\Protocols\Filter )-----

{807573E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

-----( HKLM\Software\Classes\Protocols\Handler )-----

{314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )-----

{B5A7F190-DDA6-4420-B3BA-52453494E6CD} "Groove GFS Stub Execution Hook" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL

{AEB6717E-7E19-11d0-97EE-00C04FD91972} "{AEB6717E-7E19-11d0-97EE-00C04FD91972}" - ? -   (File not found | COM-object registry key not found)

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----

{3D60EDA7-9AB4-4DA8-864C-D9B5F2E7281D} "Arbeitsbereiche" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL

{D66DC78C-4F61-447F-942B-3FB6980118CF} "CInfoTipShellExt Class" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office14\VISSHE.DLL

{99FD978C-D287-4F50-827F-B2C658EDA8E7} "Groove Explorer Icon Overlay 1 (GFS Unread Stub)" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL

{AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} "Groove Explorer Icon Overlay 2 (GFS Stub)" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL

{920E6DB1-9907-4370-B3A0-BAFC03D81399} "Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL

{16F3DD56-1AF5-4347-846D-7C10C4192619} "Groove Explorer Icon Overlay 3 (GFS Folder)" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL

{2916C86E-86A6-43FE-8112-43ABE6BF8DCC} "Groove Explorer Icon Overlay 4 (GFS Unread Mark)" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL

{2A541AE1-5BF6-4665-A8A3-CFA9672E4291} "Groove Folder Synchronization" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL

{72853161-30C5-4D22-B7F9-0BBC1D38A37E} "Groove GFS Browser Helper" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL

{6C467336-8281-4E60-8204-430CED96822D} "Groove GFS Context Menu Handler" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL

{B5A7F190-DDA6-4420-B3BA-52453494E6CD} "Groove GFS Stub Execution Hook" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL

{A449600E-1DC6-4232-B948-9BD794D62056} "Groove GFS Stub Icon Handler" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL

{387E725D-DC16-4D76-B310-2C93ED4752A0} "Groove XML Icon Handler" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL

{506F4668-F13E-4AA1-BB04-B43203AB3CC0} "ImageExtractorShellExt Class" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office14\VISSHE.DLL

{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office14\msohevi.dll

{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\msoshext.dll

{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\msoshext.dll

{0875DCB6-C686-4243-9432-ADCCF0B9F2D7} "Microsoft OneNote Namespace Extension for Windows Desktop Search" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office14\ONFILTER.DLL

{00020D75-0000-0000-C000-000000000046} "Microsoft Outlook" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office14\MLSHEXT.DLL

{0006F045-0000-0000-C000-000000000046} "Outlook File Icon Extension" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office14\OLKFSTUB.DLL

{52B87208-9CCF-42C9-B88E-069281105805} "Trojan Remover Shell Extension" - ? -   (File not found | COM-object registry key not found)
 

[Internet Explorer]

-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----

ITBar7Height "ITBar7Height" - ? -   (File not found | COM-object registry key not found)

<binary data> "ITBar7Layout" - ? -   (File not found | COM-object registry key not found)

<binary data> "Winamp Toolbar" - "AOL LLC." - C:\Program Files\Winamp Toolbar\winamptb.dll

-----( HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks )-----

{57BCA5FA-5DBB-45a2-B558-1755C3F6253B} "Winamp Search Class" - "AOL LLC." - C:\Program Files\Winamp Toolbar\winamptb.dll

-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----

{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_20" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_20.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

{8FFBE65D-2C9C-4669-84BD-5829DC0B603C} "{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}" - ? -   (File not found | COM-object registry key not found) / hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab

{E2883E8F-472F-4FB0-9522-AC9BF37916A7} "{E2883E8F-472F-4FB0-9522-AC9BF37916A7}" - ? -   (File not found | COM-object registry key not found) / hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----

{48E73304-E1D6-4330-914C-F5F514E3486C} "An OneNote senden" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll

{53707962-6F74-2D53-2644-206D7942484F} "ClsidExtension" - "Safer Networking Limited" - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

{FFFDC614-B694-4AE6-AB38-5D6374584B52} "Verknüpfte &OneNote-Notizen" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )-----

{EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} "Winamp Toolbar" - "AOL LLC." - C:\Program Files\Winamp Toolbar\winamptb.dll

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----

{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} "Adobe PDF Reader" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

{72853161-30C5-4D22-B7F9-0BBC1D38A37E} "Groove GFS Browser Helper" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL

{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2ssv.dll

{B4F3A835-0E21-4959-BA22-42B3008E02FF} "Office Document Cache Handler" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL

{53707962-6F74-2D53-2644-206D7942484F} "Spybot-S&D IE Protection" - "Safer Networking Limited" - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

{25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} "Winamp Toolbar Loader" - "AOL LLC." - C:\Program Files\Winamp Toolbar\winamptb.dll
 

[Logon]

-----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )-----

"desktop.ini" - ? - C:\Users\Mitsch\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini

-----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )-----

"desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini

-----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )-----

"StartupPrograms" - ? - rdpclip  (File not found)

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----

"avgnt" - "Avira GmbH" - "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
 

[Services]

-----( HKLM\SYSTEM\CurrentControlSet\Services )-----

"@C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100" (WPFFontCache_v0400) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe

"Avira AntiVir Guard" (AntiVirService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\avguard.exe

"Avira AntiVir Planer" (AntiVirSchedulerService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\sched.exe

"Defragmentation-Service" (DfSdkS) - "mst software GmbH, Germany" - C:\Program Files\Ashampoo\Ashampoo WinOptimizer 7\Dfsdks.exe

"FLEXnet Licensing Service" (FLEXnet Licensing Service) - "Macrovision Europe Ltd." - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

"InstallDriver Table Manager" (IDriverT) - "Macrovision Corporation" - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe

"LightScribeService Direct Disc Labeling Service" (LightScribeService) - "Hewlett-Packard Company" - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

"Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

"Microsoft SharePoint Workspace Audit Service" (Microsoft SharePoint Workspace Audit Service) - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office14\GROOVE.EXE

"Office  Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE

"Office Software Protection Platform" (osppsvc) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

"SBSD Security Center Service" (SBSDWSCService) - "Safer Networking Ltd." - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
 

[Winsock Providers]

-----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )-----

"mdnsNSP" - "Apple Inc." - C:\Program Files\Bonjour\mdnsNSP.dll
 

===[ Logfile end ]=========================================[ Logfile end ]===

--- --- ---
If You have questions or want to get some help, You can visit Online Solutions :: Index

_______________________

MBRCheck-Log:

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows Vista Home Premium Edition
Windows Information: Service Pack 2 (build 6002), 32-bit
Base Board Manufacturer: ASRock
BIOS Manufacturer: American Megatrends Inc.
System Manufacturer: To Be Filled By O.E.M.
System Product Name: To Be Filled By O.E.M.
Logical Drives Mask: 0x00000f3d

Kernel Drivers (total 151):
0x84C13000 \SystemRoot\system32\ntkrnlpa.exe
0x84FCD000 \SystemRoot\system32\hal.dll
0x80401000 \SystemRoot\system32\kdcom.dll
0x80408000 \SystemRoot\system32\PSHED.dll
0x80419000 \SystemRoot\system32\BOOTVID.dll
0x80421000 \SystemRoot\system32\CLFS.SYS
0x80462000 \SystemRoot\system32\CI.dll
0x80542000 \SystemRoot\system32\drivers\Wdf01000.sys
0x805BE000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x80601000 \SystemRoot\System32\Drivers\spjl.sys
0x80702000 \SystemRoot\System32\Drivers\WMILIB.SYS
0x8070B000 \SystemRoot\System32\Drivers\SCSIPORT.SYS
0x80731000 \SystemRoot\system32\drivers\acpi.sys
0x80777000 \SystemRoot\system32\drivers\msisadrv.sys
0x8077F000 \SystemRoot\system32\drivers\pci.sys
0x807A6000 \SystemRoot\System32\drivers\partmgr.sys
0x807B5000 \SystemRoot\system32\drivers\volmgr.sys
0x85206000 \SystemRoot\System32\drivers\volmgrx.sys
0x85250000 \SystemRoot\system32\drivers\pciide.sys
0x85257000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0x85265000 \SystemRoot\System32\drivers\mountmgr.sys
0x85275000 \SystemRoot\system32\drivers\atapi.sys
0x8527D000 \SystemRoot\system32\drivers\ataport.SYS
0x8529B000 \SystemRoot\system32\DRIVERS\nvstor32.sys
0x852C0000 \SystemRoot\system32\DRIVERS\storport.sys
0x85301000 \SystemRoot\system32\drivers\fltmgr.sys
0x85333000 \SystemRoot\system32\drivers\fileinfo.sys
0x85343000 \SystemRoot\System32\Drivers\PxHelp20.sys
0x8534C000 \SystemRoot\System32\Drivers\ksecdd.sys
0x85807000 \SystemRoot\system32\drivers\ndis.sys
0x85912000 \SystemRoot\system32\drivers\msrpc.sys
0x8593D000 \SystemRoot\system32\drivers\NETIO.SYS
0x85A0E000 \SystemRoot\System32\drivers\tcpip.sys
0x85AF8000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x8D201000 \SystemRoot\System32\Drivers\Ntfs.sys
0x8D311000 \SystemRoot\system32\drivers\volsnap.sys
0x8D34A000 \SystemRoot\System32\Drivers\spldr.sys
0x8D352000 \SystemRoot\system32\speedfan.sys
0x8D354000 \SystemRoot\System32\Drivers\mup.sys
0x8D363000 \SystemRoot\system32\giveio.sys
0x8D364000 \SystemRoot\System32\drivers\ecache.sys
0x8D38B000 \SystemRoot\system32\drivers\disk.sys
0x8D39C000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x8D3BD000 \SystemRoot\system32\drivers\crcdisk.sys
0x8D3E6000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x8D3F1000 \SystemRoot\system32\DRIVERS\tunmp.sys
0x85B13000 \SystemRoot\system32\DRIVERS\processr.sys
0x94C0A000 \SystemRoot\system32\DRIVERS\atikmdag.sys
0x9511F000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x951BF000 \SystemRoot\System32\drivers\watchdog.sys
0x85B22000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x951CB000 \SystemRoot\system32\DRIVERS\Rtlh86.sys
0x951ED000 \SystemRoot\system32\DRIVERS\usbohci.sys
0x85BAF000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x85BED000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x85978000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x85990000 \SystemRoot\system32\DRIVERS\serial.sys
0x85A00000 \SystemRoot\system32\DRIVERS\irsir.sys
0x951F7000 \SystemRoot\system32\drivers\irenum.sys
0x859AA000 \SystemRoot\system32\DRIVERS\fdc.sys
0x94C00000 \SystemRoot\system32\DRIVERS\serenum.sys
0x859B5000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0x859BE000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0x859ED000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x853BD000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x853D4000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x807C4000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x853DF000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x807E7000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x805CB000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x853EE000 \SystemRoot\system32\DRIVERS\termdd.sys
0x805E0000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x805EB000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x8D3FA000 \SystemRoot\system32\DRIVERS\swenum.sys
0x9560E000 \SystemRoot\system32\DRIVERS\ks.sys
0x95638000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x95642000 \SystemRoot\system32\DRIVERS\umbus.sys
0x9564F000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x95684000 \SystemRoot\system32\DRIVERS\flpydisk.sys
0x9568E000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x9569F000 \SystemRoot\system32\drivers\RtHDMIV.sys
0x956C4000 \SystemRoot\system32\drivers\portcls.sys
0x956F1000 \SystemRoot\system32\drivers\drmk.sys
0x95716000 \SystemRoot\system32\drivers\HdAudio.sys
0x95755000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x9575E000 \SystemRoot\System32\Drivers\Null.SYS
0x95765000 \SystemRoot\System32\Drivers\Beep.SYS
0x95788000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x9578F000 \SystemRoot\System32\drivers\vga.sys
0x9579B000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x957BC000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x957C4000 \SystemRoot\system32\drivers\rdpencdd.sys
0x957CC000 \SystemRoot\System32\Drivers\Msfs.SYS
0x957D7000 \SystemRoot\System32\Drivers\Npfs.SYS
0x957E5000 \SystemRoot\System32\DRIVERS\rasacd.sys
0x9576C000 \SystemRoot\system32\DRIVERS\tdx.sys
0x95A0A000 \SystemRoot\system32\DRIVERS\smb.sys
0x95A1E000 \SystemRoot\system32\drivers\afd.sys
0x95A66000 \SystemRoot\System32\DRIVERS\netbt.sys
0x95A98000 \SystemRoot\system32\DRIVERS\pacer.sys
0x95AAE000 \SystemRoot\system32\DRIVERS\netbios.sys
0x95ABC000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x95ACF000 \SystemRoot\system32\DRIVERS\ssmdrv.sys
0x95AD5000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x95B11000 \SystemRoot\system32\drivers\nsiproxy.sys
0x95B1B000 \SystemRoot\System32\Drivers\dfsc.sys
0x95B32000 \SystemRoot\system32\DRIVERS\avipbb.sys
0x95B4E000 \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys
0x95B50000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x95B67000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x95B69000 \SystemRoot\system32\DRIVERS\usbprint.sys
0x95B73000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x95B7C000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x95B8C000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0x95B95000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0x95BAA000 \SystemRoot\system32\DRIVERS\cdfs.sys
0x95BC0000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x95BC8000 \SystemRoot\System32\Drivers\crashdmp.sys
0x95BD5000 \SystemRoot\System32\Drivers\dump_dumpata.sys
0x95BE0000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xA14E0000 \SystemRoot\System32\win32k.sys
0x95BE8000 \SystemRoot\System32\drivers\Dxapi.sys
0x957EE000 \SystemRoot\system32\DRIVERS\monitor.sys
0xA1700000 \SystemRoot\System32\TSDDD.dll
0xA1720000 \SystemRoot\System32\cdd.dll
0xA1730000 \SystemRoot\System32\ATMFD.DLL
0x8D3C6000 \SystemRoot\system32\drivers\luafv.sys
0x82A06000 \SystemRoot\system32\DRIVERS\avgntflt.sys
0x82A1A000 \SystemRoot\system32\drivers\spsys.sys
0x82ACA000 \SystemRoot\system32\DRIVERS\irda.sys
0x82AE8000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x82AF8000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x82B22000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x82B2C000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x82B3F000 \SystemRoot\system32\drivers\HTTP.sys
0x82BAC000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x82BC9000 \SystemRoot\system32\DRIVERS\bowser.sys
0x82BE2000 \SystemRoot\System32\drivers\mpsdrv.sys
0xA5A0C000 \SystemRoot\system32\drivers\mrxdav.sys
0xA5A2D000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xA5A4C000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0xA5A85000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0xA5A9D000 \SystemRoot\System32\DRIVERS\srv2.sys
0xA5AC5000 \SystemRoot\System32\DRIVERS\srv.sys
0xA5B2C000 \SystemRoot\system32\DRIVERS\asyncmac.sys
0xA5B35000 \??\C:\Windows\system32\drivers\cpuz134_x32.sys
0xA5C0F000 \SystemRoot\system32\drivers\peauth.sys
0xA5CED000 \SystemRoot\System32\Drivers\secdrv.SYS
0xA5CF7000 \SystemRoot\System32\drivers\tcpipreg.sys
0xA5D03000 \SystemRoot\System32\Drivers\fastfat.SYS
0x77040000 \Windows\System32\ntdll.dll

Processes (total 48):
0 System Idle Process
4 System
472 C:\Windows\System32\smss.exe
540 csrss.exe
604 C:\Windows\System32\wininit.exe
616 csrss.exe
648 C:\Windows\System32\services.exe
660 C:\Windows\System32\lsass.exe
668 C:\Windows\System32\lsm.exe
740 C:\Windows\System32\winlogon.exe
864 C:\Windows\System32\svchost.exe
944 C:\Windows\System32\svchost.exe
984 C:\Windows\System32\svchost.exe
1036 C:\Windows\System32\atiesrxx.exe
1068 C:\Windows\System32\svchost.exe
1108 C:\Windows\System32\svchost.exe
1136 C:\Windows\System32\svchost.exe
1220 C:\Windows\System32\audiodg.exe
1296 C:\Windows\System32\svchost.exe
1312 C:\Windows\System32\SLsvc.exe
1392 C:\Windows\System32\atieclxx.exe
1416 C:\Windows\System32\svchost.exe
1532 C:\Windows\System32\svchost.exe
1796 C:\Windows\System32\spoolsv.exe
1824 C:\Program Files\Avira\AntiVir Desktop\sched.exe
1844 C:\Windows\System32\svchost.exe
520 C:\Program Files\Avira\AntiVir Desktop\avguard.exe
852 C:\Program Files\Common Files\LightScribe\LSSrvc.exe
1700 C:\Windows\System32\svchost.exe
1404 C:\Windows\System32\svchost.exe
216 C:\Windows\System32\SearchIndexer.exe
704 C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
2340 C:\Program Files\Windows Media Player\wmpnetwk.exe
2612 C:\Windows\System32\taskeng.exe
3404 C:\Windows\System32\taskeng.exe
3420 C:\Windows\System32\dwm.exe
3472 C:\Windows\explorer.exe
3796 C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
3804 C:\Program Files\Windows Sidebar\sidebar.exe
2304 C:\Program Files\Windows Media Player\wmpnscfg.exe
500 C:\Windows\System32\wbem\unsecapp.exe
2124 WmiPrvSE.exe
2808 C:\Program Files\Windows Sidebar\sidebar.exe
3000 C:\Windows\System32\svchost.exe
4008 C:\Windows\System32\SearchProtocolHost.exe
3136 C:\Windows\System32\SearchFilterHost.exe
480 C:\Users\Mitsch\Desktop\MBRCheck.exe
2988 C:\Windows\System32\conime.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00100000 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x0000001d`4c100000 (NTFS)
\\.\E: --> \\.\PhysicalDrive0 at offset 0x00000009`c4100000 (NTFS)

PhysicalDrive0 Model Number: HitachiHDP725025GLA380, Rev: GM2OA52A

Size Device Name MBR Status
--------------------------------------------
232 GB \\.\PhysicalDrive0 Windows 2008 MBR code detected
SHA1: 8DF43F2BDE2D9451948FA14B5279969C777A7979

Done!

___________________________

Danke für die Hilfe.

Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SASW und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!

Ok, mach ich bei Gelegenheit.

Vielen Dank für die tolle Hilfe. Gute Nacht