Avira hat 3 Schädlinge gefunden, Win64, 32bit

xXAKOXx · 16.08.2012, 05:09

Hallo liebes Forum, ich brauche eure Hilfe.

Nach einem Avira-Virenscan zeigten sich 2 Schädlinge im System, meines Laptops:

Kleine Frage am Rande: Ist der erste Eintrag "JS/Expack.AT" vielleicht eine Fehlermeldung von Avira?

Zu den Schritten:

Schritt 1:
*******

defogger habe ich ausgeführt. EineFehlermeldung trat nicht auf, poste trotzdem mal den Logfile:

Code:

ATTFilter

defogger_disable by jpshortstuff (23.02.10.1)
Log created at 03:41 on 16/08/2012 (***)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-

Schritt 2:
*******

Ich hatte mit OTL gescant gehabt und bekam die 2 Textdateien (OTL.txt und Extra.txt), aber dann ist mir aufgefallen, dass ich den Adobe Reader zuvor deinstalliert hatte, da er nicht mehr startete und vergessen hatte die neuste Version zu installieren.
Deshalb habe ich die 2 Textdateien gelöscht und Adobe Reader installiert. Danach habe ich OTL nochmal scannen lassen, aber am Ende bekam ich nur die "OTL.Txt" Datei, die "Extra.txt" fehlt, selbst bei einem erneuten 2. Scan.

OTL.Txt:

Code:

ATTFilter

OTL logfile created on: 16.08.2012 04:53:16 - Run 3
OTL by OldTimer - Version 3.2.57.0     Folder = C:\Users\***\Desktop
 Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,37 Gb Available Physical Memory | 68,47% Memory free
4,00 Gb Paging File | 3,11 Gb Available in Paging File | 77,92% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 93,06 Gb Total Space | 36,45 Gb Free Space | 39,16% Space Free | Partition Type: NTFS
 
Computer Name: T60 | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.08.16 03:43:54 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
PRC - [2012.07.27 22:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012.07.18 18:04:42 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2012.07.18 18:04:33 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2012.07.18 18:04:23 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.07.18 18:04:22 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2011.07.04 03:02:00 | 000,292,200 | ---- | M] (Lenovo.) -- C:\Programme\ThinkPad\Utilities\DOZESVC.EXE
PRC - [2011.07.04 03:02:00 | 000,148,840 | ---- | M] (Lenovo Group Limited) -- C:\Programme\ThinkPad\Utilities\PWMEWSVC.exe
PRC - [2011.07.04 03:02:00 | 000,062,824 | ---- | M] (Lenovo Group Limited) -- C:\Programme\ThinkPad\Utilities\SCHTASK.EXE
PRC - [2011.06.24 06:22:20 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2011.05.19 21:06:18 | 000,132,392 | ---- | M] (Synaptics Incorporated) -- C:\Programme\Synaptics\SynTP\SynTPLpr.exe
PRC - [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010.11.20 14:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
PRC - [2010.11.20 14:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2008.07.15 17:09:52 | 000,090,112 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\AEADISRV.EXE
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.08.08 01:29:51 | 011,833,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\a501b7960f6c6e2e39162b83f3303aaa\System.Web.ni.dll
MOD - [2012.08.08 01:28:53 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll
MOD - [2012.08.08 01:28:43 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll
MOD - [2012.05.11 08:33:11 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c\System.Runtime.Remoting.ni.dll
MOD - [2012.05.11 08:31:34 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll
MOD - [2012.05.11 08:31:01 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll
MOD - [2012.05.11 08:30:47 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll
MOD - [2011.08.01 01:48:44 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\MOM.Foundation\2.0.2665.42168__90ba9c70f846762e\MOM.Foundation.dll
MOD - [2011.08.01 01:48:43 | 000,049,152 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation\2.0.2665.42152__90ba9c70f846762e\CLI.Foundation.dll
MOD - [2011.08.01 01:48:43 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation\2.0.2665.42149__90ba9c70f846762e\LOG.Foundation.dll
MOD - [2011.08.01 01:48:43 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation.XManifest\2.0.2665.42240__90ba9c70f846762e\CLI.Foundation.XManifest.dll
MOD - [2011.08.01 01:48:41 | 000,102,400 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\MOM.Implementation\2.0.2728.29178__90ba9c70f846762e\MOM.Implementation.dll
MOD - [2011.08.01 01:48:41 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.2728.29176__90ba9c70f846762e\LOG.Foundation.Implementation.dll
MOD - [2011.08.01 01:48:41 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.2665.42158__90ba9c70f846762e\LOG.Foundation.Private.dll
MOD - [2011.08.01 01:48:41 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.2665.42169__90ba9c70f846762e\LOG.Foundation.Implementation.Private.dll
MOD - [2011.08.01 01:48:40 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CCC.Implementation\2.0.2728.29177__90ba9c70f846762e\CCC.Implementation.dll
MOD - [2011.07.04 03:02:00 | 000,054,272 | ---- | M] () -- C:\Programme\ThinkPad\Utilities\GR\PWMRT32V.DLL
MOD - [2011.05.19 21:05:48 | 000,066,856 | ---- | M] () -- C:\Programme\Synaptics\SynTP\SynTPEnhPS.dll
MOD - [2010.11.13 02:02:21 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2007.03.02 11:44:34 | 000,073,728 | ---- | M] () -- C:\Programme\ATI Technologies\ATI.ACE\Core-Static\atiacmxx.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2012.08.09 02:50:18 | 000,529,232 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012.08.08 22:26:30 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.07.27 22:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.07.18 18:04:33 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.07.18 18:04:23 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.07.04 03:02:00 | 000,292,200 | ---- | M] (Lenovo.) [On_Demand | Running] -- C:\Programme\ThinkPad\Utilities\DOZESVC.EXE -- (DozeSvc)
SRV - [2011.07.04 03:02:00 | 000,148,840 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Programme\ThinkPad\Utilities\PWMEWSVC.exe -- (PwmEWSvc)
SRV - [2011.07.04 03:02:00 | 000,083,304 | ---- | M] (Lenovo) [Disabled | Stopped] -- C:\Programme\ThinkPad\Utilities\PWMDBSVC.exe -- (Power Manager DBC Service)
SRV - [2010.11.20 14:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008.07.15 17:09:52 | 000,090,112 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\AEADISRV.EXE -- (AEADIFilters)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\XDva397.sys -- (XDva397)
DRV - [2012.07.18 18:04:42 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2012.07.18 18:04:42 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2012.07.18 18:04:42 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2011.07.04 03:02:00 | 000,025,968 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\DOZEHDD.SYS -- (DozeHDD)
DRV - [2011.07.04 03:02:00 | 000,013,424 | ---- | M] (Lenovo Group Limited) [Kernel | System | Running] -- C:\Windows\System32\drivers\TPPWR32V.SYS -- (TPPWRIF)
DRV - [2011.06.27 17:54:30 | 000,022,640 | ---- | M] (PC-Doctor, Inc.) [Kernel | On_Demand | Stopped] -- c:\Programme\PC-Doctor\pcdsrvc.pkms -- (PCDSRVC{3037D694-FD904ACA-06020200}_0)
DRV - [2010.11.20 12:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010.11.20 11:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010.06.17 15:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009.07.14 01:12:52 | 000,030,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tpm.sys -- (TPM)
DRV - [2009.07.14 00:02:51 | 004,231,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\netw5v32.sys -- (netw5v32)
DRV - [2009.07.14 00:02:50 | 000,211,456 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express)
DRV - [2007.06.21 17:36:32 | 002,600,960 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "www.google.de"
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_271.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\***\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.08.08 22:26:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.08.08 22:26:33 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
 
[2011.07.30 17:56:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions
[2012.05.02 22:58:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\k3hns0r0.default\extensions
[2011.08.01 22:11:48 | 000,002,321 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\k3hns0r0.default\searchplugins\dictcc.xml
[2011.08.03 23:01:06 | 000,002,057 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\k3hns0r0.default\searchplugins\youtube-videosuche.xml
[2012.08.08 02:04:23 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.08.08 22:26:32 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.04.28 18:40:34 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.04.28 18:40:34 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.04.28 18:40:34 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.04.28 18:40:34 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.04.28 18:40:34 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.04.28 18:40:34 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [PWMTRV] C:\Programme\ThinkPad\Utilities\PWMTR32V.DLL (Lenovo Group Limited)
O4 - HKLM..\Run: [StartCCC] C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8D1B2DFF-F178-4E3A-80FA-429D18BD8EC5}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E93F9F3D-9C63-4952-8DE6-B23F294ED377}: DhcpNameServer = 192.168.2.1
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.08.16 04:53:03 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\Neuer Ordner
[2012.08.16 04:35:38 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2012.08.16 04:35:38 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2012.08.16 02:13:47 | 000,596,992 | ---- | C] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
[2012.08.13 16:59:48 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Adobe
[2012.08.13 16:59:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe
[2012.08.13 16:59:46 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Adobe
[2012.08.10 02:21:55 | 000,000,000 | ---D | C] -- C:\Spiele
[2012.08.10 01:44:26 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\DOSBox
[2012.08.10 01:44:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DOSBox-0.74
[2012.08.10 01:44:09 | 000,000,000 | ---D | C] -- C:\Program Files\DOSBox-0.74
[2012.08.08 05:52:05 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Spotify
[2012.08.08 05:51:31 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Spotify
[2012.08.08 02:50:01 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Avira
[2012.08.08 02:43:51 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys
[2012.08.08 02:43:50 | 000,137,928 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2012.08.08 02:43:50 | 000,083,392 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
[2012.08.08 02:43:50 | 000,036,000 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avkmgr.sys
[2012.08.08 02:43:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2012.08.08 02:43:50 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2012.08.08 02:06:58 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2012.08.08 02:06:20 | 000,000,000 | ---D | C] -- C:\Program Files\Oracle
[2012.08.08 01:58:24 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Macromedia
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.08.16 04:49:18 | 000,015,120 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.08.16 04:49:18 | 000,015,120 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.08.16 04:41:45 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.08.16 04:41:37 | 1609,375,744 | -HS- | M] () -- C:\hiberfil.sys
[2012.08.16 04:04:25 | 000,302,592 | ---- | M] () -- C:\Users\***\Desktop\biv7xecr.exe
[2012.08.16 03:43:54 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
[2012.08.16 03:41:23 | 000,000,000 | ---- | M] () -- C:\Users\***\defogger_reenable
[2012.08.16 03:39:05 | 000,050,477 | ---- | M] () -- C:\Users\***\Desktop\Defogger.exe
[2012.08.16 02:15:49 | 000,000,528 | ---- | M] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask.job
[2012.08.16 02:15:49 | 000,000,466 | ---- | M] () -- C:\Windows\tasks\SystemToolsDailyTest.job
[2012.08.14 21:46:30 | 000,283,024 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.08.12 02:09:02 | 000,000,000 | ---- | M] () -- C:\Windows\System32\msexcr.ini
[2012.08.10 01:44:10 | 000,001,868 | ---- | M] () -- C:\Users\Public\Desktop\DOSBox 0.74.lnk
[2012.08.08 01:17:47 | 000,696,856 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.08.08 01:17:47 | 000,652,134 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.08.08 01:17:47 | 000,148,120 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.08.08 01:17:47 | 000,121,066 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.07.18 18:04:42 | 000,137,928 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2012.07.18 18:04:42 | 000,083,392 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
[2012.07.18 18:04:42 | 000,036,000 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avkmgr.sys
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.08.16 04:36:15 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2012.08.16 04:04:24 | 000,302,592 | ---- | C] () -- C:\Users\***\Desktop\biv7xecr.exe
[2012.08.16 03:41:23 | 000,000,000 | ---- | C] () -- C:\Users\***\defogger_reenable
[2012.08.16 03:39:03 | 000,050,477 | ---- | C] () -- C:\Users\***\Desktop\Defogger.exe
[2012.08.12 02:09:02 | 000,000,000 | ---- | C] () -- C:\Windows\System32\msexcr.ini
[2012.08.10 01:44:10 | 000,001,868 | ---- | C] () -- C:\Users\Public\Desktop\DOSBox 0.74.lnk
[2012.08.08 05:52:03 | 000,001,776 | ---- | C] () -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk
[2012.05.03 04:54:46 | 000,042,392 | ---- | C] () -- C:\Windows\System32\xfcodec.dll
[2011.09.29 04:58:52 | 000,007,609 | ---- | C] () -- C:\Users\***\AppData\Local\Resmon.ResmonCfg
[2011.08.05 03:44:16 | 000,000,032 | R--- | C] () -- C:\ProgramData\hash.dat
[2011.07.31 05:28:32 | 000,472,576 | ---- | C] () -- C:\Windows\Radeon Omega Drivers v4.8.442 Uninstall.exe
[2011.07.07 23:37:28 | 000,053,760 | ---- | C] () -- C:\Windows\System32\OVDecode.dll
 
========== LOP Check ==========
 
[2012.02.22 22:04:13 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\.minecraft
[2011.08.06 03:31:11 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DesktopPwrMgr
[2011.08.20 02:25:06 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PCDr
[2011.09.19 00:46:48 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PwrMgr
[2012.02.25 20:10:25 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\RotMG.Production
[2012.08.16 02:14:00 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Spotify
[2012.05.11 06:10:45 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Teeworlds
[2011.08.20 02:23:40 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Update
[2012.08.16 02:15:49 | 000,000,528 | ---- | M] () -- C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job
[2012.05.04 15:34:15 | 000,032,630 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2012.08.16 02:15:49 | 000,000,466 | ---- | M] () -- C:\Windows\Tasks\SystemToolsDailyTest.job
 
========== Purity Check ==========
 
 

< End of report >

Schritt 3:

Code:

ATTFilter

GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-08-16 04:28:11
Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-2 HTS541010G9SA00 rev.MBZIC60R
Running: biv7xecr.exe; Driver: C:\Users\***\AppData\Local\Temp\pxldipow.sys


---- System - GMER 1.0.15 ----

SSDT            8E05739E                                                                                         ZwCreateSection
SSDT            8E0573A8                                                                                         ZwRequestWaitReplyPort
SSDT            8E0573A3                                                                                         ZwSetContextThread
SSDT            8E0573AD                                                                                         ZwSetSecurityObject
SSDT            8E0573B2                                                                                         ZwSystemDebugControl
SSDT            8E05733F                                                                                         ZwTerminateProcess

---- Kernel code sections - GMER 1.0.15 ----

.text           ntkrnlpa.exe!ZwRollbackEnlistment + 140D                                                         82A533C9 1 Byte  [06]
.text           ntkrnlpa.exe!KiDispatchInterrupt + 5A2                                                           82A8CD52 19 Bytes  [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text           ntkrnlpa.exe!KeRemoveQueueEx + 11F7                                                              82A93EAC 4 Bytes  [9E, 73, 05, 8E]
.text           ntkrnlpa.exe!KeRemoveQueueEx + 1553                                                              82A94208 4 Bytes  [A8, 73, 05, 8E]
.text           ntkrnlpa.exe!KeRemoveQueueEx + 1597                                                              82A9424C 4 Bytes  [A3, 73, 05, 8E]
.text           ntkrnlpa.exe!KeRemoveQueueEx + 1613                                                              82A942C8 4 Bytes  [AD, 73, 05, 8E]
.text           ntkrnlpa.exe!KeRemoveQueueEx + 1667                                                              82A9431C 4 Bytes  [B2, 73, 05, 8E]
.text           ...                                                                                              
PAGE            spsys.sys!?SPRevision@@3PADA + 4F90                                                              98BA1000 98 Bytes  [8B, FF, 55, 8B, EC, 33, C0, ...]
PAGE            spsys.sys!?SPRevision@@3PADA + 4FF3                                                              98BA1063 191 Bytes  [98, 8B, 45, 08, F0, 0F, BA, ...]
PAGE            spsys.sys!?SPRevision@@3PADA + 50B3                                                              98BA1123 32 Bytes  [C5, B9, 98, FE, 05, 34, C5, ...]
PAGE            spsys.sys!?SPRevision@@3PADA + 50D4                                                              98BA1144 596 Bytes  [B9, 98, A0, 34, C5, B9, 98, ...]
PAGE            spsys.sys!?SPRevision@@3PADA + 5329                                                              98BA1399 101 Bytes  [6A, 28, 59, A5, 5E, C6, 03, ...]
PAGE            ...                                                                                              

---- Devices - GMER 1.0.15 ----

AttachedDevice  \Driver\kbdclass \Device\KeyboardClass0                                                          Wdf01000.sys (Kernelmodustreiber-Frameworklaufzeit/Microsoft Corporation)
AttachedDevice  \Driver\kbdclass \Device\KeyboardClass1                                                          Wdf01000.sys (Kernelmodustreiber-Frameworklaufzeit/Microsoft Corporation)

Device          \Driver\ACPI_HAL \Device\00000046                                                                halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

AttachedDevice  \Driver\volmgr \Device\HarddiskVolume1                                                           fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume1                                                           rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume2                                                           fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume2                                                           rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)

---- Threads - GMER 1.0.15 ----

Thread          System [4:3176]                                                                                  98BAEF2E

---- Registry - GMER 1.0.15 ----

Reg             HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0016cfe0f58e                      
Reg             HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0016cfe0f58e (not active ControlSet)  

---- EOF - GMER 1.0.15 ----

Ich freue mich auf eure Hilfe und schätze Sie sehr!

Grüße
Ako

Specs:
Lenovo Thinkpad T60
MS Windows 7 Home Premium 32-bit SP1
Genuine Intel CPU T2500 @ 2.00GHz
2,0GB RAM
ATI Mobility Radeon X1400
100GB HDD

Avira hat 3 Schädlinge gefunden, Win64, 32bit

Log-Analyse und Auswertung: Avira hat 3 Schädlinge gefunden, Win64, 32bit

Avira hat 3 Schädlinge gefunden, Win64, 32bit

Ähnliche Themen: Avira hat 3 Schädlinge gefunden, Win64, 32bit