Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Zwei Probleme: TR/PCK.tdss.Z.230 in system32\tdlclk.dll sowie TR/Crypt.ZPACK.Gen...

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 25.11.2009, 21:22   #1
Rivfader
 
Zwei Probleme: TR/PCK.tdss.Z.230 in system32\tdlclk.dll sowie TR/Crypt.ZPACK.Gen... - Standard

Zwei Probleme: TR/PCK.tdss.Z.230 in system32\tdlclk.dll sowie TR/Crypt.ZPACK.Gen...



Hallo allerseits,

seit einigen Tagen plagen mich zwei Probleme: AntiVir meldet ständig folgende beide Funde:

TR/PCK.tdss.Z.230 in C:\Windows\System32\tdlclk.dll

TR/Crypt.ZPACK.Gen in C:\Windows\System32\tdlcmd.dll

Nach Quarantäne bzw. Löschen in AntiVir treten die beide Funde kurz danach wieder auf; TR/PCK.tdss.Z.230 she hüfig, AntiVir meldet Fund ca. im 5-Minuten-Takt.

Da AntiVir beide anscheinend nicht entfernen kann, habe ich es nach Suche hier auch mit Malwarebytes versucht; infizierte Dateien werden gefunden, löschbar sind sie, aber auch hier tritt Meldung kurz danach wieder auf.

Außergewöhnlichkeiten am Rechner sind mir keine aufgefallen, keine Pop-Ups, keine langsamere Rechnerleistung und auch kein Umleiten auf unbekannte Seiten.

Software fragwürdiger Herkunft, Cracks o.ä., die verseucht gewesen sein könnten, habe ich nicht installiert.

Ich habe gemäß der Anleitung den CCleaner ausgeführt, Malwarebytes-Anti-Malware nochmal durchlaufen lassen (dort die Funde dann gelöscht) und dann die RSIT-Logs erstellt... ich hänge alles unten an.

Würde mich sehr freuen, wenn mir jemand helfen könnte! Vielen Dank!
Angehängte Dateien
Dateityp: txt mbam-log-2009-11-25 (21-49-57).txt (1,1 KB, 266x aufgerufen)
Dateityp: txt info.txt (43,1 KB, 276x aufgerufen)
Dateityp: txt log.txt (27,9 KB, 350x aufgerufen)

Alt 25.11.2009, 22:58   #2
Larusso
/// Selecta Jahrusso
 
Zwei Probleme: TR/PCK.tdss.Z.230 in system32\tdlclk.dll sowie TR/Crypt.ZPACK.Gen... - Standard

Zwei Probleme: TR/PCK.tdss.Z.230 in system32\tdlclk.dll sowie TR/Crypt.ZPACK.Gen...





Eine Bereinigung ist mitunter mit viel Arbeit für Dich verbunden.
  • Bitte arbeite alle Schritte der Reihe nach ab.
  • Sollte es Probleme geben, bitte stoppen und hier so gut es geht beschreiben.
  • Nur Scanns durchführen zu denen Du von einem Helfer aufgefordert wirst.
  • Bitte kein Crossposting ( posten in mehreren Foren).

Hinweis: Ich kann Dir niemals eine Garantie geben, dass ich auch alles finde. Eine Formatierung ist meist der Schnellere und immer der sicherste Weg.
Solltest Du Dich für eine Bereinigung entscheiden, arbeite bitte folgendes ab.

Poste bitte alle Logfiles in Code-Tags.
Klicke antworten --> #
danach [code]text[/code]
So sollte das dann hier aussehen nach dem antworten:
Code:
ATTFilter
deine Logfile
         

Vista und Win7 User
Alle Tools mit Rechtsklick "als Administrator ausführen" starten.


schritt 1

Windows-Explorer öffnen (Windows-Taste + E) und unter => Extras => Ordneroptionen => im Reiter "Ansicht"
  • Dateien und Ordner: Erweiterungen bei bekannten Dateitypen ausblenden deaktivieren
  • Dateien und Ordner: Geschützte Systemdateien ausblenden (empfohlen) deaktivieren
  • Dateien und Ordner: Inhalte von Systemordnern anzeigen aktivieren (bei Vista nicht vorhanden)
  • Versteckte Dateien und Ordner: alle Dateien und Ordner anzeigen aktivieren


schritt 2

CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Starte bitte die OTL.exe.
    Vista-User mit Rechtsklick "als Administrator starten"
  • Kopiere nun den Inhalt in die Textbox.
Code:
ATTFilter
netsvcs
%SYSTEMDRIVE%\*.exe
%SYSTEMDRIVE%\eventlog.dll /s /md5
%SYSTEMDRIVE%\scecli.dll /s /md5
%SYSTEMDRIVE%\netlogon.dll /s /md5
%SYSTEMDRIVE%\cngaudit.dll /s /md5
%SYSTEMDRIVE%\sceclt.dll /s /md5
%SYSTEMDRIVE%\ntelogon.dll /s /md5
%SYSTEMDRIVE%\logevent.dll /s /md5
%SYSTEMDRIVE%\iaStor.sys /s /md5
%SYSTEMDRIVE%\nvstor.sys /s /md5
%SYSTEMDRIVE%\atapi.sys /s /md5
%SYSTEMDRIVE%\IdeChnDr.sys /s /md5
%SYSTEMDRIVE%\viasraid.sys /s /md5
%SYSTEMDRIVE%\AGP440.sys /s /md5
%SYSTEMDRIVE%\vaxscsi.sys /s /md5
%SYSTEMDRIVE%\nvatabus.sys /s /md5
CREATERESTOREPOINT
         
  • Schliesse bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Quick Scan Button.
  • Klick auf .
  • Kopiere nun den Inhalt aus OTL.txt und Extra.txt hier in Code-Tags in Deinen Thread


schritt 3
  • alle anderen Scanner gegen Viren, Spyware, usw. deaktiviert sein,
  • keine Verbindung zu einem Netzwerk/Internet bestehen (WLAN nicht vergessen),
  • nichts am Rechner getan werden,
  • nach jedem Scan der Rechner neu gestartet werden.
Gmer scannen lassen
  • Lade Dir Gmer von dieser Seite herunter
    (auf den Button Download EXE drücken) und das Programm auf dem Desktop speichern.
  • Gmer ist geeignet für => NT/W2K/XP/VISTA.
  • Alle anderen Programme sollen geschlossen sein.
  • Starte gmer.exe (Programm hat einen willkürlichen Programm-Namen).
  • Vista-User mit Rechtsklick und als Administrator starten.
  • Sollte sich ein Fenster mit folgender Warnung öffnen:
    WARNING !!!
    GMER has found system modification, which might have been caused by ROOTKIT activity.
    Do you want to fully scan your system ?
    Unbedingt auf "No" klicken.
  • Starte den Scan mit "Scan". Mache nichts am Computer während der Scan läuft.
  • Wenn der Scan fertig ist klicke auf "Copy" um das Log in die Zwischenablage zu kopieren. Mit "Ok" wird GMER beendet.
  • Füge das Log aus der Zwischenablage in Deine Antwort hier ein.
Antiviren-Programm und sonstige Scanner wieder einschalten, bevor Du ins Netz gehst!

Manche Logs sind sehr lange, bitte in mehrere Posts aufteilen. Danke
__________________

__________________

Alt 26.11.2009, 17:22   #3
Rivfader
 
Zwei Probleme: TR/PCK.tdss.Z.230 in system32\tdlclk.dll sowie TR/Crypt.ZPACK.Gen... - Standard

Zwei Probleme: TR/PCK.tdss.Z.230 in system32\tdlclk.dll sowie TR/Crypt.ZPACK.Gen...



Vielen Dank für die schnelle Antwort!

Ich weiß, dass das viel Arbeit sein kann, die Dinger zu finden und dass eine Formatierung schneller wäre... würde es aber gerne versuchen aufgrund der Daten auf dem Rechner; Formatieren würde ich gerne nur im Notfall.

Ich arbeite mal deine Schritte ab:

Schritt 1:
erledigt. Alle Häkchen entspr. gesetzt,

Schritt 2:
hier die OTL Scans:

Extras.txt:

Code:
ATTFilter
OTL Extras logfile created on: 26.11.2009 18:06:06 - Run 1
OTL by OldTimer - Version 3.1.11.0     Folder = C:\Dokumente und Einstellungen\***\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,47 Gb Available Physical Memory | 73,55% Memory free
3,85 Gb Paging File | 3,34 Gb Available in Paging File | 86,85% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 232,88 Gb Total Space | 63,30 Gb Free Space | 27,18% Space Free | Partition Type: NTFS
Drive D: | 3,19 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive E: | 661,54 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: NAME-669645BBA2
Current User Name: ***
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Programme\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Programme\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
http [open] -- "C:\Programme\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Programme\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Programme\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Programme\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Programme\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Programme\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Programme\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Programme\THQ\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\XR_3DA.exe" = C:\Programme\THQ\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\XR_3DA.exe:*:Enabled:S.T.A.L.K.E.R. - Shadow of Chernobyl (CLI) -- ()
"C:\Programme\THQ\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\dedicated\XR_3DA.exe" = C:\Programme\THQ\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\dedicated\XR_3DA.exe:*:Enabled:S.T.A.L.K.E.R. - Shadow of Chernobyl (SRV) -- ()
"C:\Programme\KONAMI\Pro Evolution Soccer 2008\PES2008.exe" = C:\Programme\KONAMI\Pro Evolution Soccer 2008\PES2008.exe:*:Enabled:Pro Evolution Soccer 2008 -- File not found
"C:\Programme\KONAMI\Pro Evolution Soccer 2009\pes2009.exe" = C:\Programme\KONAMI\Pro Evolution Soccer 2009\pes2009.exe:*:Enabled:Pro Evolution Soccer 2009 -- (Konami Digital Entertainment Co., Ltd.)
"C:\Programme\Bonjour\mDNSResponder.exe" = C:\Programme\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour -- (Apple Inc.)
"C:\Programme\iTunes\iTunes.exe" = C:\Programme\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00C58EBE-223E-4AB6-8AE9-38F27F4420BD}" = WISO Sparbuch 2009
"{0216DA39-95B3-4D8A-9043-B748E0726C14}" = Gothic III - Götterdämmerung 1.08.9 Patch
"{02B244A2-7F6A-42E8-A36F-8C385D7A1625}" = Gothic III
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{0819E89D-6214-4B6F-A18D-4633CB4E0E4A}" = Softwareupdate für Webordner
"{15095BF3-A3D7-4DDF-B193-3A496881E003}" = Microsoft .NET Framework 3.0
"{155F4A0E-76ED-45A2-91FB-FF2A2133C31A}" = Risen
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{18F11181-EA1A-42AE-AF89-4867C7F7A6FA}" = Sound Blaster X-Fi
"{1998BD34-1AAB-4169-ACFF-67342E2AF9B4}" = Gothic III Release Update
"{1C4551A6-4743-4093-91E4-1477CD655043}" = NVIDIA PhysX
"{1D171963-9063-4423-898B-8EC4F1F190B7}" = EA downloader
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FD0C5C1-B01B-4B4C-9607-E5D3B3D1318F}" = Microsoft IntelliPoint 4.1
"{26B5D684-75D6-44B9-BBFF-D4100F43092A}" = Sony Ericsson PC Suite
"{2E0C1913-886B-4C5C-8DAF-D1E649CE5FCC}" = Creative MediaSource
"{3248F0A8-6813-11D6-A77B-00B0D0150100}" = J2SE Runtime Environment 5.0 Update 10
"{3248F0A8-6813-11D6-A77B-00B0D0150110}" = J2SE Runtime Environment 5.0 Update 11
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35CB6715-41F8-4F99-8881-6FC75BF054B0}" = Oblivion
"{3CF44BDE-BDDC-4510-A5CF-EBE97D1B8F73}" = eXperience112
"{3EE2F527-F306-49E9-0086-662C337ADD3B}" = FUSSBALL MANAGER 07
"{48FEB597-0410-4A17-B134-0DEF3083B944}" = eMusic Download Manager
"{491DD792-AD81-429C-9EB4-86DD3D22E333}" = Windows Communication Foundation
"{4BDFD2CE-6329-42E4-9801-9B3D1F10D79B}" = Adobe® Photoshop® Album Starter Edition 3.0
"{4EA2F95F-A537-4d17-9E7F-6B3FF8D9BBE3}" = Microsoft Works
"{5EDB9281-1F84-4195-9CDD-85985D17DDC7}" = WISO Sparbuch 2007
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69640730-B830-4C24-BB5C-222DA1260548}" = Turbo Lister 2
"{6C0628AE-4901-4AE4-B749-B9B3A36E656C}" = Microsoft IntelliType Pro 2.1
"{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}" = Microsoft .NET Framework 2.0
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{775DC704-AAE3-4A79-981F-EA1CBAF96EB7}" = Gothic III - Götterdämmerung
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7D1B85BD-AA07-48B8-808D-67A4067FC6BD}" = Windows Workflow Foundation
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD
"{929CE49F-1CA7-4CF3-A9A1-6D757443C63F}" = Microsoft Games for Windows - LIVE Redistributable
"{974C4B12-4D02-4879-85E0-61C95CC63E9E}" = Fallout 3
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A1973A71-BC23-4A8C-A0A0-2B0497B7EAF4}" = WISO Sparbuch 2008
"{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}" = QuickTime
"{A8DB611A-D80E-450D-85F6-3ACDD164BE31}" = Pro Evolution Soccer 2009
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AB2347E4-153B-4194-AA3B-97C0A662B369}" = PC Connectivity Solution
"{AC76BA86-7AD7-1031-7B44-A70800000002}" = Adobe Reader 7.0.8 - Deutsch
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B607C354-CD79-4D22-86D1-92DC94153F42}" = Apple Application Support
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{BE7347AD-2D93-4A74-8DBF-C1B073DAE509}" = Geheimakte 2 - Puritas Cordis
"{C1BBDCDD-8F08-4DE6-BA11-E7B14F7E129B}" = Nokia PC Suite 6.1
"{C4E2A4A7-B623-40CB-8EEA-72F577E49D56}" = Vampire - The Masquerade Bloodlines
"{C7340571-7773-4A8C-9EBC-4E4243B38C76}" = Microsoft XML Parser
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{D050D7362D214723AD585B541FFB6C11}" = DivX Content Uploader
"{D1A74FBB-CA8D-4CCA-9B89-BAAA436DB178}" = iTunes
"{EE91E474-9298-47B8-817F-8E0042408998}" = Risen Hotfix 1.01
"{F138762F-5A1F-4CF0-A5E1-1588EF6088A4}" = The Witcher
"{F41C11EC-7C13-47A7-A07C-251D96EC3879}" = Baphomets Fluch - Der Engel des Todes
"{FFAB5ABB-8AAB-42E2-847F-1743E51E01E9}" = Disc2Phone
"4CFD94C379217A02D5EA067615FF789CD731BCDB" = Windows Driver Package - Nokia (WUDFRd) WPD  (11/03/2006 6.82.26.2)
"7-Zip" = 7-Zip 4.57
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Ankh" = Ankh
"Ankh - Heart of Osiris" = Ankh - HdO
"Ankh 3 - Kampf der Götter_is1" = Ankh 3 - Kampf der Götter
"AnyDVD" = AnyDVD
"AudioCS" = Creative-Audiokonsole
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"CCleaner" = CCleaner
"CDex" = CDex extraction audio
"CloneCD" = CloneCD
"CloneDVD2" = CloneDVD2
"Drakensang_is1" = Drakensang (Patch Version 1.01)
"Firebird SQL Server D" = Firebird SQL Server (D)
"FLVPlayer" = FLV Player 1.3.3
"FUSSBALL MANAGER 08" = FUSSBALL MANAGER 08
"G3QP231012008_is1" = Questpaket 3 Deinstallation
"HijackThis" = HijackThis 2.0.2
"ie8" = Windows Internet Explorer 8
"InstallShield_{1D171963-9063-4423-898B-8EC4F1F190B7}" = EA downloader
"InstallShield_{69640730-B830-4C24-BB5C-222DA1260548}" = Turbo Lister 2
"InstallShield_{C1BBDCDD-8F08-4DE6-BA11-E7B14F7E129B}" = Nokia PC Suite 6.1
"InstallShield_{C4E2A4A7-B623-40CB-8EEA-72F577E49D56}" = Vampire - The Masquerade Bloodlines
"Jack Keane" = Jack Keane
"MAGIX Digital Foto Maker SE D" = MAGIX Digital Foto Maker SE (D)
"MAGIX Fotos auf CD D" = MAGIX Fotos auf CD (D)
"MAGIX Media Suite - Standard Edition D" = MAGIX Media Suite - Standard Edition (D)
"MAGIX mp3 maker SE D" = MAGIX mp3 maker SE (D)
"MAGIX Online Druck Service (FS)" = MAGIX Online Druck Service (FS) 
"MAGIX Video deLuxe SE D" = MAGIX Video deLuxe SE (D)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 2.0" = Microsoft .NET Framework 2.0
"Microsoft .NET Framework 3.0" = Microsoft .NET Framework 3.0
"MozBackup_is1" = MozBackup 1.4.5
"Mozilla Firefox (3.5.5)" = Mozilla Firefox (3.5.5)
"Mozilla Thunderbird (2.0.0.23)" = Mozilla Thunderbird (2.0.0.23)
"Mp3tag" = Mp3tag v2.42
"Nero - Burning Rom!UninstallKey" = Nero OEM
"Nero BurnRights!UninstallKey" = Nero BurnRights
"NeroVision!UninstallKey" = Nero Digital
"NVEContent!UninstallKey" = NeroVision Express Content
"NVIDIA Drivers" = NVIDIA Drivers
"Overclocked" = Overclocked
"PCCloneEX" = PCCloneEX
"PROSet" = Intel(R) PRO Network Connections Drivers
"ProtectDisc Driver 10" = ProtectDisc Helper Driver 10
"RealAlt_is1" = Real Alternative 1.7.5
"S.T.A.L.K.E.R. - Shadow of Chernobyl_is1" = S.T.A.L.K.E.R. - Shadow of Chernobyl [v1.0004]
"Samsung CLP-300 Series" = Samsung CLP-300 Series
"SUPER ©" = SUPER © Version 2008.bld.30 (Mar 22, 2008)
"SystemRequirementsLab" = System Requirements Lab
"tento.XT_is1" = tento.XT v1.1
"VLC media player" = VideoLAN VLC media player 0.8.6f
"WIC" = Windows Imaging Component
"Winamp" = Winamp
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows Media Player" = Windows Media Player 10
"WinRAR archiver" = WinRAR
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"Xvid_is1" = Xvid 1.1.3 final uninstall
"Yahoo! Companion" = Yahoo! Companion
"Yahoo! Messenger" = Yahoo! Messenger
"ZoneAlarm" = ZoneAlarm
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 20.11.2009 02:58:56 | Computer Name = NAME-669645BBA2 | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung firefox.exe, Version 1.9.1.3593, Stillstandmodul
 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
 
Error - 20.11.2009 03:02:24 | Computer Name = NAME-669645BBA2 | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung superantispyware.exe, Version 4.30.0.1004,
 fehlgeschlagenes Modul ntdll.dll, Version 5.1.2600.2180, Fehleradresse 0x00018fea.
 
Error - 20.11.2009 03:03:16 | Computer Name = NAME-669645BBA2 | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung wmplayer.exe, Version 10.0.0.3802, Stillstandmodul
 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
 
Error - 20.11.2009 04:37:17 | Computer Name = NAME-669645BBA2 | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung firefox.exe, Version 1.9.1.3593, Stillstandmodul
 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
 
Error - 20.11.2009 04:42:38 | Computer Name = NAME-669645BBA2 | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung firefox.exe, Version 1.9.1.3593, Stillstandmodul
 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
 
Error - 20.11.2009 04:43:04 | Computer Name = NAME-669645BBA2 | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung firefox.exe, Version 1.9.1.3593, Stillstandmodul
 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
 
Error - 22.11.2009 17:14:57 | Computer Name = NAME-669645BBA2 | Source = crypt32 | ID = 131080
Description = Der automatische Aktualisierungsabruf der Drittanbieterstammlisten-Sequenznummer
 von <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
 ist fehlgeschlagen mit dem Fehler: A connection with the server could not be established
.
 
Error - 23.11.2009 12:36:15 | Computer Name = NAME-669645BBA2 | Source = ESENT | ID = 490
Description = svchost (1136) Versuch, Datei "C:\WINDOWS\system32\CatRoot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb"
 für den Lese-/Schreibzugriff zu öffnen, ist mit Systemfehler 32 (0x00000020): "Der
 Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet
 wird. " fehlgeschlagen. Fehler -1032 (0xfffffbf8) beim Öffnen von Dateien.
 
Error - 23.11.2009 12:36:15 | Computer Name = NAME-669645BBA2 | Source = ESENT | ID = 470
Description = Catalog Database (1136) Datenbank C:\WINDOWS\system32\CatRoot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb
 wurde teilweise angehängt. Anhängungsstufe: 3. Fehler: -1032.
 
Error - 23.11.2009 13:30:23 | Computer Name = NAME-669645BBA2 | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung SUPERAntiSpyware.exe, Version 4.30.0.1004,
 Stillstandmodul hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
 
[ System Events ]
Error - 24.11.2009 12:59:23 | Computer Name = NAME-669645BBA2 | Source = Service Control Manager | ID = 7000
Description = Der Dienst "SSPORT" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%2
 
Error - 24.11.2009 14:26:34 | Computer Name = NAME-669645BBA2 | Source = Service Control Manager | ID = 7000
Description = Der Dienst "SSPORT" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%2
 
Error - 24.11.2009 16:09:26 | Computer Name = NAME-669645BBA2 | Source = Service Control Manager | ID = 7000
Description = Der Dienst "SSPORT" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%2
 
Error - 24.11.2009 16:10:09 | Computer Name = NAME-669645BBA2 | Source = DCOM | ID = 10010
Description = Der Server "{1BA06D22-B9EE-4C61-8CD9-5FC9E9FA3264}" konnte innerhalb
 des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.
 
Error - 24.11.2009 17:18:15 | Computer Name = NAME-669645BBA2 | Source = Service Control Manager | ID = 7000
Description = Der Dienst "SSPORT" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%2
 
Error - 25.11.2009 14:02:09 | Computer Name = NAME-669645BBA2 | Source = Service Control Manager | ID = 7000
Description = Der Dienst "SSPORT" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%2
 
Error - 25.11.2009 16:53:19 | Computer Name = NAME-669645BBA2 | Source = Service Control Manager | ID = 7000
Description = Der Dienst "SSPORT" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%2
 
Error - 25.11.2009 18:43:20 | Computer Name = NAME-669645BBA2 | Source = Service Control Manager | ID = 7000
Description = Der Dienst "SSPORT" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%2
 
Error - 25.11.2009 18:43:53 | Computer Name = NAME-669645BBA2 | Source = Cdrom | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\CdRom1.
 
Error - 26.11.2009 12:52:56 | Computer Name = NAME-669645BBA2 | Source = Service Control Manager | ID = 7000
Description = Der Dienst "SSPORT" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%2
 
 
< End of report >
         
__________________

Alt 26.11.2009, 17:30   #4
Rivfader
 
Zwei Probleme: TR/PCK.tdss.Z.230 in system32\tdlclk.dll sowie TR/Crypt.ZPACK.Gen... - Standard

Zwei Probleme: TR/PCK.tdss.Z.230 in system32\tdlclk.dll sowie TR/Crypt.ZPACK.Gen...



OTL.txt Teil 1

Code:
ATTFilter
OTL logfile created on: 26.11.2009 18:06:06 - Run 1
OTL by OldTimer - Version 3.1.11.0     Folder = C:\Dokumente und Einstellungen\***\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,47 Gb Available Physical Memory | 73,55% Memory free
3,85 Gb Paging File | 3,34 Gb Available in Paging File | 86,85% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 232,88 Gb Total Space | 63,30 Gb Free Space | 27,18% Space Free | Partition Type: NTFS
Drive D: | 3,19 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive E: | 661,54 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: NAME-669645BBA2
Current User Name: ***
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan
 
========== Processes (SafeList) ==========
 
PRC - [2009.11.26 18:04:40 | 00,532,992 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\***\Desktop\OTL.exe
PRC - [2009.11.11 10:44:44 | 02,001,648 | ---- | M] (SUPERAntiSpyware.com) -- C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe
PRC - [2009.10.28 20:21:26 | 00,141,600 | ---- | M] (Apple Inc.) -- C:\Programme\iTunes\iTunesHelper.exe
PRC - [2009.10.28 20:21:14 | 00,545,568 | ---- | M] (Apple Inc.) -- C:\Programme\iPod\bin\iPodService.exe
PRC - [2009.07.21 14:34:28 | 00,185,089 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2009.05.29 12:41:26 | 00,144,712 | ---- | M] (Apple Inc.) -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2009.05.13 16:48:18 | 00,108,289 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2009.03.02 13:08:43 | 00,209,153 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2008.12.12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Programme\Bonjour\mDNSResponder.exe
PRC - [2008.10.07 13:33:00 | 00,163,908 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe
PRC - [2008.03.07 18:24:18 | 00,417,792 | ---- | M] (Creative Technology Ltd) -- C:\Programme\Creative\Shared Files\CTAudSvc.exe
PRC - [2008.02.20 19:58:46 | 00,019,968 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\Ctxfihlp.exe
PRC - [2008.02.20 19:58:44 | 00,019,456 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\CtHelper.exe
PRC - [2008.02.20 19:55:12 | 00,969,216 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\CTxfispi.exe
PRC - [2007.11.06 19:02:24 | 04,102,656 | ---- | M] () -- C:\Programme\PCCloneEX\PCCloneEX.EXE
PRC - [2007.10.20 15:34:33 | 00,455,168 | ---- | M] (SlySoft, Inc.) -- C:\Programme\SlySoft\AnyDVD\AnyDVD.exe
PRC - [2007.10.10 06:28:32 | 00,036,352 | ---- | M] () -- C:\Programme\Winamp\winampa.exe
PRC - [2007.08.16 06:41:35 | 00,524,288 | ---- | M] () -- C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe
PRC - [2007.02.01 10:13:06 | 00,094,208 | ---- | M] (Creative Technology Ltd.) -- C:\Programme\Creative\ShareDLL\CADI\NotiMan.exe
PRC - [2006.12.15 03:23:27 | 00,075,520 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Java\jre1.5.0_11\bin\jusched.exe
PRC - [2006.11.06 14:21:10 | 00,210,432 | ---- | M] (Nokia.) -- C:\Programme\PC Connectivity Solution\ServiceLayer.exe
PRC - [2006.08.23 23:38:28 | 00,968,696 | ---- | M] (Zone Labs, LLC) -- C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe
PRC - [2006.08.23 23:38:26 | 00,075,768 | ---- | M] (Zone Labs, LLC) -- C:\WINDOWS\system32\ZoneLabs\vsmon.exe
PRC - [2006.08.16 12:33:12 | 01,826,816 | ---- | M] (Electronic Arts) -- C:\Programme\Electronic Arts\EA Downloader\Core.exe
PRC - [2006.06.26 15:55:04 | 00,227,840 | ---- | M] (Fujitsu Siemens Computers) -- C:\WINDOWS\fscreg.exe
PRC - [2006.05.10 13:42:32 | 00,872,448 | R--- | M] (Sony Ericsson Mobile Communications AB) -- C:\Programme\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
PRC - [2005.10.26 17:17:24 | 00,159,744 | R--- | M] (Sony Ericsson Mobile Communications AB) -- C:\Programme\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
PRC - [2005.08.10 08:54:34 | 00,385,024 | R--- | M] (Teleca Software Solutions) -- C:\Programme\Gemeinsame Dateien\Teleca Shared\Generic.exe
PRC - [2005.07.11 11:34:06 | 00,122,880 | ---- | M] (Creative Technology Ltd) -- C:\Programme\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe
PRC - [2005.06.23 19:33:00 | 00,057,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
PRC - [2005.06.16 18:25:28 | 00,049,152 | ---- | M] (Creative Technology Ltd.) -- C:\Programme\Creative\Shared Files\Module Loader\DLLML.exe
PRC - [2005.06.08 17:45:04 | 00,278,528 | ---- | M] (Teleca Software Solutions AB) -- C:\Programme\Gemeinsame Dateien\Teleca Shared\CapabilityManager.exe
PRC - [2005.05.19 14:47:36 | 00,057,344 | ---- | M] (SlySoft, Inc.) -- C:\Programme\SlySoft\CloneCD\CloneCDTray.exe
PRC - [2005.04.07 19:46:59 | 01,035,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2005.01.28 01:36:00 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wdfmgr.exe
PRC - [2004.12.02 18:23:34 | 00,102,400 | ---- | M] (Creative Technology Ltd) -- C:\Programme\Creative\MediaSource\Detector\CTDetect.exe
PRC - [2004.06.16 06:03:26 | 00,221,184 | ---- | M] (InstallShield Software Corporation) -- c:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\ISUSPM.exe
PRC - [2004.06.16 06:03:04 | 00,081,920 | ---- | M] (InstallShield Software Corporation) -- C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe
PRC - [2004.06.16 06:02:54 | 00,471,040 | ---- | M] (InstallShield Software Corporation) -- C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\agent.exe
PRC - [2004.05.06 15:47:22 | 01,159,168 | ---- | M] (Nokia Mobile Phones Ltd.) -- C:\Programme\Gemeinsame Dateien\PCSuite\DataLayer\DataLayer.exe
PRC - [2004.03.23 12:20:24 | 00,147,968 | ---- | M] () -- C:\Programme\Nokia\Nokia PC Suite 6\TrayApplication.exe
PRC - [2003.06.18 01:00:00 | 00,045,056 | ---- | M] (Creative Technology Ltd) -- C:\Programme\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.exe
PRC - [2002.04.11 19:47:52 | 00,176,128 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Hardware\Mouse\point32.exe
PRC - [2001.06.12 09:20:24 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Hardware\Keyboard\type32.exe
PRC - [1999.12.13 02:01:00 | 00,044,032 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\CTSVCCDA.EXE
 
 
========== Modules (SafeList) ==========
 
MOD - [2009.11.26 18:04:40 | 00,532,992 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\***\Desktop\OTL.exe
MOD - [2008.02.20 19:58:42 | 00,008,704 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\ctagent.dll
MOD - [2006.08.25 08:46:46 | 01,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
MOD - [2002.04.11 19:47:52 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Hardware\Mouse\Msh_zwf.dll
MOD - [2002.04.11 19:47:52 | 00,057,344 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Hardware\Mouse\point32.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2009.10.28 20:21:14 | 00,545,568 | ---- | M] (Apple Inc.) -- C:\Programme\iPod\bin\iPodService.exe -- (iPod Service)
SRV - [2009.07.21 14:34:28 | 00,185,089 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2009.05.29 12:41:26 | 00,144,712 | ---- | M] (Apple Inc.) -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2009.05.13 16:48:18 | 00,108,289 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2008.12.12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Programme\Bonjour\mDNSResponder.exe -- (Bonjour Service)
SRV - [2008.10.07 13:33:00 | 00,163,908 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe -- (NVSvc)
SRV - [2008.03.07 18:24:18 | 00,417,792 | ---- | M] (Creative Technology Ltd) -- C:\Programme\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService)
SRV - [2006.11.06 14:21:10 | 00,210,432 | ---- | M] (Nokia.) -- C:\Programme\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2006.08.23 23:38:26 | 00,075,768 | ---- | M] (Zone Labs, LLC) -- C:\WINDOWS\System32\ZoneLabs\vsmon.exe -- (vsmon)
SRV - [2005.08.10 13:26:14 | 01,527,900 | ---- | M] (The Firebird Project) -- C:\MAGIX\Common\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance)
SRV - [2005.04.04 00:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2005.01.28 01:36:00 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wdfmgr.exe -- (UMWdf)
SRV - [1999.12.13 02:01:00 | 00,044,032 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\CTSVCCDA.EXE -- (Creative Service for CDROM Access)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://de.yahoo.com/fsc/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.selectedEngine: "Google"
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Components: C:\Programme\Mozilla Firefox\components [2009.11.07 10:15:47 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2009.11.07 10:15:47 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.23\extensions\\Components: C:\Programme\Mozilla Thunderbird\components [2009.09.13 08:45:55 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.23\extensions\\Plugins: C:\Programme\Mozilla Thunderbird\plugins [2009.09.13 08:45:55 | 00,000,000 | ---D | M]
 
[2008.08.26 21:16:59 | 00,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Extensions
[2009.10.29 07:04:52 | 00,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\7eubkk0c.default\extensions
[2009.11.14 09:26:07 | 00,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions
[2007.12.21 03:00:00 | 00,144,720 | ---- | M] (RealNetworks, Inc.) -- C:\Programme\Mozilla Firefox\plugins\nppl3260.dll
[2007.12.21 03:00:00 | 00,081,920 | ---- | M] (RealNetworks, Inc.) -- C:\Programme\Mozilla Firefox\plugins\nprpjplug.dll
[2009.08.19 17:25:35 | 00,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2009.08.19 17:25:35 | 00,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2009.08.19 17:25:35 | 00,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2009.09.13 10:21:25 | 00,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2009.08.19 17:25:35 | 00,000,801 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: (820 bytes) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Yahoo! Companion BHO) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Programme\Yahoo!\Companion\Installs\cpn\ycomp5_3_19_0.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.5.0_11\bin\ssv.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (Yahoo! Companion) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\ycomp5_3_19_0.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Companion) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\ycomp5_3_19_0.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [Adobe Photo Downloader] C:\Programme\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AnyDVD] C:\Programme\SlySoft\AnyDVD\AnyDVD.exe (SlySoft, Inc.)
O4 - HKLM..\Run: [AudioDrvEmulator] C:\Programme\Creative\Shared Files\Module Loader\DLLML.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [CloneCDTray] C:\Programme\SlySoft\CloneCD\CloneCDTray.exe (SlySoft, Inc.)
O4 - HKLM..\Run: [CTDVDDET] C:\Programme\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE (Creative Technology Ltd)
O4 - HKLM..\Run: [CTHelper] C:\WINDOWS\System32\CtHelper.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [CTxfiHlp] C:\WINDOWS\System32\Ctxfihlp.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [DataLayer] C:\Programme\Gemeinsame Dateien\PCSuite\DataLayer\DataLayer.exe (Nokia Mobile Phones Ltd.)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [IntelliType] C:\Programme\Microsoft Hardware\Keyboard\type32.exe (Microsoft Corporation)
O4 - HKLM..\Run: [ISUSPM Startup] C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\ISUSPM.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [ISUSScheduler] C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [iTunesHelper] C:\Programme\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [ Malwarebytes Anti-Malware  (reboot)] C:\Programme\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe ()
O4 - HKLM..\Run: [Muscbrigade] c:\Musicbrigade\Musicbrigade.exe ( )
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [PCCloneEX] C:\Programme\PCCloneEX\PCCloneEX.EXE ()
O4 - HKLM..\Run: [PCSuiteTrayApplication] C:\Programme\Nokia\Nokia PC Suite 6\TrayApplication.exe ()
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [POINTER]  File not found
O4 - HKLM..\Run: [QuickTime Task] C:\Programme\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [RCSystem] C:\Programme\Creative\Shared Files\Module Loader\DLLML.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [Samsung PanelMgr] C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe ()
O4 - HKLM..\Run: [Sony Ericsson PC Suite] C:\Programme\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe (Sony Ericsson Mobile Communications AB)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre1.5.0_11\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [UpdReg] C:\WINDOWS\Updreg.EXE (Creative Technology Ltd.)
O4 - HKLM..\Run: [VolPanel] C:\Programme\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [WinampAgent] C:\Programme\Winamp\winampa.exe ()
O4 - HKLM..\Run: [Zone Labs Client] C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe (Zone Labs, LLC)
O4 - HKCU..\Run: [Creative Detector] C:\Programme\Creative\MediaSource\Detector\CTDetect.exe (Creative Technology Ltd)
O4 - HKCU..\Run: [EA Core] C:\Programme\Electronic Arts\EA Downloader\Core.exe (Electronic Arts)
O4 - HKCU..\Run: [fsc-reg] C:\windows\fscreg.exe (Fujitsu Siemens Computers)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Adobe Reader - Schnellstart.lnk = C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\WISO Mein Sparbuch heute.lnk = C:\Programme\WISO\Sparbuch 2009\meinsparbuchheute.exe ()
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_11\bin\NPJPI150_11.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Programme\Yahoo!\Messenger\YPager.exe (Yahoo! Inc.)
O9 - Extra 'Tools' menuitem : Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Programme\Yahoo!\Messenger\YPager.exe (Yahoo! Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1256376449531 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab (Java Plug-in 1.5.0_11)
O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab (Java Plug-in 1.5.0_10)
O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab (Java Plug-in 1.5.0_11)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab (Java Plug-in 1.5.0_11)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\cetihpz {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Programme\HP\hpcoretech\comp\hpuiprot.dll (Hewlett-Packard Company)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Programme\SUPERAntiSpyware\SASWINLO.dll - C:\Programme\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Programme\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.11.16 16:23:51 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2009.08.06 13:50:50 | 00,218,376 | R--- | M] () - D:\AutoStarter.exe -- [ CDFS ]
O32 - AutoRun File - [2009.07.20 14:07:04 | 00,003,496 | R--- | M] () - D:\autorun.inf -- [ CDFS ]
O32 - AutoRun File - [2009.08.17 11:14:02 | 00,000,000 | R--D | M] - D:\autostarter -- [ CDFS ]
O33 - MountPoints2\{1124b13f-75c4-11db-bd39-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{1124b13f-75c4-11db-bd39-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{1124b13f-75c4-11db-bd39-806d6172696f}\Shell\AutoRun\command - "" = D:\AutoStarter.exe -- [2009.08.06 13:50:50 | 00,218,376 | R--- | M] ()
O33 - MountPoints2\{aceb1ccc-24b7-11dd-a7dd-001676c7c5fb}\Shell\AutoRun\command - "" = K:\InstallTomTomHOME.exe -- File not found
O33 - MountPoints2\{fcdd05b8-957a-11dd-a8da-001676c7c5fb}\Shell - "" = AutoRun
O33 - MountPoints2\{fcdd05b8-957a-11dd-a8da-001676c7c5fb}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{fcdd05b8-957a-11dd-a8da-001676c7c5fb}\Shell\AutoRun\command - "" = K:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck) -  File not found
O34 - HKLM BootExecute: (*) -  File not found
O35 - comfile [open] -- "%1" %* File not found
O35 - exefile [open] -- "%1" %* File not found
 
NetSvcs: 6to4 -  File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2006.11.16 17:15:34 | 00,000,000 | ---D | M]
NetSvcs: Iprip -  File not found
NetSvcs: Irmon -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: Wmi - C:\WINDOWS\system32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp -  File not found
 
CREATERESTOREPOINT
Error starting restore point: System Restore is disabled.
Error closing restore point: System Restore is disabled.
 
========== Files/Folders - Created Within 14 Days ==========
         

Alt 26.11.2009, 17:32   #5
Rivfader
 
Zwei Probleme: TR/PCK.tdss.Z.230 in system32\tdlclk.dll sowie TR/Crypt.ZPACK.Gen... - Standard

Zwei Probleme: TR/PCK.tdss.Z.230 in system32\tdlclk.dll sowie TR/Crypt.ZPACK.Gen...



Otl.txt Teil 2

Code:
ATTFilter
 
========== Files/Folders - Created Within 14 Days ==========
 
[2009.11.26 18:04:37 | 00,532,992 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\***\Desktop\OTL.exe
[2009.11.25 20:25:00 | 00,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\***\Recent
[2009.11.25 20:17:22 | 00,000,000 | ---D | C] -- C:\Programme\trend micro
[2009.11.25 20:17:22 | 00,000,000 | ---D | C] -- C:\rsit
[2009.11.17 17:47:39 | 00,000,000 | -H-D | C] -- C:\WINDOWS\PIF
[2009.11.15 10:45:15 | 00,000,000 | ---D | C] -- C:\Programme\CCleaner
[2009.11.14 11:07:17 | 00,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SUPERAntiSpyware.com
[2009.11.14 11:07:09 | 00,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\SUPERAntiSpyware.com
[2009.11.14 11:07:09 | 00,000,000 | ---D | C] -- C:\Programme\SUPERAntiSpyware
[2009.11.14 00:12:55 | 00,173,456 | ---- | C] (Symantec Corporation) -- C:\Dokumente und Einstellungen\***\Desktop\FixVundo.exe
[2009.11.14 00:07:57 | 00,049,265 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\jpicpl32.cpl
[2009.11.13 23:53:45 | 00,000,000 | ---D | C] -- C:\VundoFix Backups
[2009.11.13 23:52:47 | 00,119,808 | ---- | C] (Atribune.org) -- C:\Dokumente und Einstellungen\***\Desktop\VundoFix.exe
[2006.11.15 10:48:56 | 00,034,816 | ---- | C] ( ) -- C:\WINDOWS\System32\a3d.dll
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
 
========== Files - Modified Within 14 Days ==========
 
[2009.11.26 18:07:48 | 00,012,800 | ---- | M] () -- C:\WINDOWS\System32\tdlclk.dll
[2009.11.26 18:04:40 | 00,532,992 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Florian Störzer\Desktop\OTL.exe
[2009.11.26 17:53:56 | 00,195,636 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2009.11.26 17:53:45 | 00,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009.11.26 17:53:02 | 00,054,112 | ---- | M] () -- C:\WINDOWS\System32\vsconfig.xml
[2009.11.26 17:52:44 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009.11.26 17:52:38 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009.11.26 17:52:34 | 21,448,00768 | -HS- | M] () -- C:\hiberfil.sys
[2009.11.25 23:53:15 | 07,077,888 | -H-- | M] () -- C:\Dokumente und Einstellungen\***\NTUSER.DAT
[2009.11.25 23:53:15 | 00,055,468 | ---- | M] () -- C:\WINDOWS\System32\BMXStateBkp-{00000008-00000000-00000002-00001102-00000005-00281102}.rfx
[2009.11.25 23:53:15 | 00,055,468 | ---- | M] () -- C:\WINDOWS\System32\BMXState-{00000008-00000000-00000002-00001102-00000005-00281102}.rfx
[2009.11.25 23:53:15 | 00,000,788 | ---- | M] () -- C:\WINDOWS\System32\DVCState-{00000008-00000000-00000002-00001102-00000005-00281102}.rfx
[2009.11.25 23:51:39 | 00,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2009.11.25 20:08:59 | 00,781,909 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Desktop\RSIT.exe
[2009.11.24 20:10:36 | 00,146,944 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.11.23 17:40:45 | 00,002,121 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\iTunes.lnk
[2009.11.20 07:59:41 | 00,000,190 | -HS- | M] () -- C:\Dokumente und Einstellungen\***\ntuser.ini
[2009.11.20 07:59:35 | 04,276,776 | -H-- | M] () -- C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\IconCache.db
[2009.11.17 21:10:05 | 00,091,301 | ---- | M] () -- C:\WINDOWS\System32\rdkdc
[2009.11.15 10:45:16 | 00,001,518 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Desktop\CCleaner.lnk
[2009.11.14 11:07:13 | 00,000,758 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2009.11.14 00:12:55 | 00,173,456 | ---- | M] (Symantec Corporation) -- C:\Dokumente und Einstellungen\***\Desktop\FixVundo.exe
[2009.11.13 23:52:47 | 00,119,808 | ---- | M] (Atribune.org) -- C:\Dokumente und Einstellungen\***\Desktop\VundoFix.exe
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2009.11.25 20:08:54 | 00,781,909 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Desktop\RSIT.exe
[2009.11.17 21:10:05 | 00,091,301 | ---- | C] () -- C:\WINDOWS\System32\rdkdc
[2009.11.15 10:45:16 | 00,001,518 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Desktop\CCleaner.lnk
[2009.11.14 11:07:13 | 00,000,758 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2008.10.07 08:13:30 | 00,197,912 | ---- | C] () -- C:\WINDOWS\System32\physxcudart_20.dll
[2008.10.07 08:13:22 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2008.10.07 08:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2008.10.07 08:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2008.10.07 08:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2008.10.07 08:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2008.10.07 08:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2008.10.07 08:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2008.10.07 08:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2008.10.07 08:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2008.05.08 18:10:27 | 00,408,576 | ---- | C] () -- C:\WINDOWS\System32\Smab.dll
[2008.05.08 18:10:26 | 00,027,648 | ---- | C] () -- C:\WINDOWS\System32\AVSredirect.dll
[2008.05.08 18:10:11 | 00,027,648 | -HS- | C] () -- C:\WINDOWS\System32\Smab0.dll
[2008.02.25 13:55:32 | 00,101,603 | ---- | C] () -- C:\WINDOWS\System32\instwdm.ini
[2008.02.20 20:24:36 | 00,000,054 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2008.02.20 20:00:12 | 00,043,520 | ---- | C] () -- C:\WINDOWS\System32\CTBurst.dll
[2008.02.03 15:05:44 | 00,000,120 | ---- | C] () -- C:\WINDOWS\buhl.ini
[2008.02.03 15:04:55 | 00,000,636 | ---- | C] () -- C:\WINDOWS\wiso.ini
[2007.12.31 15:12:13 | 00,000,023 | ---- | C] () -- C:\WINDOWS\BlendSettings.ini
[2007.11.29 23:30:28 | 03,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2007.11.29 23:28:24 | 00,000,416 | ---- | C] () -- C:\WINDOWS\System32\dtu100.dll.manifest
[2007.11.29 23:28:24 | 00,000,416 | ---- | C] () -- C:\WINDOWS\System32\dpl100.dll.manifest
[2007.11.28 22:52:32 | 00,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
[2007.11.26 21:56:28 | 00,151,415 | ---- | C] () -- C:\WINDOWS\System32\xlive.dll.cat
[2007.11.03 21:01:14 | 00,000,288 | ---- | C] () -- C:\WINDOWS\vtmb.ini
[2007.09.02 09:43:53 | 00,001,362 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\QTSBandwidthCache
[2007.08.13 19:45:02 | 00,077,824 | ---- | C] () -- C:\WINDOWS\System32\ctmmactl.dll
[2007.07.26 16:37:15 | 00,765,952 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2007.07.26 16:37:15 | 00,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2007.02.28 19:18:58 | 00,000,000 | ---- | C] () -- C:\WINDOWS\nokiacontentcopier.INI
[2006.12.23 14:04:51 | 00,281,760 | ---- | C] () -- C:\WINDOWS\System32\drivers\atksgt.sys
[2006.12.23 14:04:51 | 00,025,888 | ---- | C] () -- C:\WINDOWS\System32\drivers\lirsgt.sys
[2006.12.14 22:08:14 | 00,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2006.12.11 20:55:33 | 00,146,944 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006.12.10 23:01:11 | 00,004,583 | ---- | C] () -- C:\WINDOWS\hpdj3600.ini
[2006.12.10 19:41:02 | 00,003,580 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\wklnhst.dat
[2006.12.10 19:30:40 | 00,000,305 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\addr_file.html
[2006.12.10 18:59:27 | 00,796,584 | ---- | C] () -- C:\WINDOWS\System32\libeay32_0.9.6l.dll
[2006.12.10 18:48:44 | 00,000,148 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat
[2006.11.16 23:43:59 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006.11.16 17:21:55 | 00,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2006.11.16 17:21:55 | 00,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2006.11.16 17:21:55 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2006.11.16 17:21:55 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2006.11.16 17:21:55 | 00,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2006.11.16 17:21:55 | 00,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2006.11.16 17:20:27 | 00,019,968 | ---- | C] () -- C:\WINDOWS\System32\cpuinf32.dll
[2006.11.16 17:18:53 | 00,002,856 | ---- | C] () -- C:\WINDOWS\mgxoschk.ini
[2006.11.16 17:18:19 | 00,000,180 | ---- | C] () -- C:\WINDOWS\Option.ini
[2006.11.16 17:17:05 | 00,003,072 | ---- | C] () -- C:\WINDOWS\CTXFIGER.DLL
[2006.11.16 17:09:10 | 00,000,849 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2006.11.16 16:26:21 | 00,000,778 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2006.11.16 16:22:01 | 00,003,776 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2006.11.15 10:50:21 | 01,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2006.11.15 10:50:20 | 01,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2006.11.15 10:50:20 | 00,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2006.11.15 10:50:19 | 01,486,848 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2006.11.15 10:46:09 | 00,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
[2006.10.22 12:22:00 | 00,581,632 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2006.10.22 12:22:00 | 00,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2006.10.02 16:25:18 | 00,000,307 | ---- | C] () -- C:\WINDOWS\System32\kill.ini
[2002.04.11 19:47:52 | 00,049,152 | ---- | C] () -- C:\WINDOWS\System32\msmscoin.dll
 
========== LOP Check ==========
 
[2008.10.18 14:34:17 | 00,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\2DBoy
[2008.04.09 19:35:08 | 00,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Buhl Data Service GmbH
[2007.12.09 14:52:31 | 00,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\eBay
[2008.11.20 21:33:53 | 00,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Fallout3
[2008.10.31 21:07:07 | 00,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\KONAMI
[2006.11.16 17:20:50 | 00,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\MAGIX
[2007.02.02 21:19:28 | 00,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PC Suite
[2007.02.24 16:01:34 | 00,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Teleca
[2009.03.14 19:27:15 | 00,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
[2009.09.13 08:48:08 | 00,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009.04.12 10:26:43 | 00,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2006.12.11 21:55:18 | 00,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Ankh
[2008.11.12 19:58:40 | 00,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Ankh - Heart of Osiris
[2008.04.09 19:36:34 | 00,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Buhl Data Service
[2006.12.15 21:49:43 | 00,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\InterVideo
[2007.10.03 15:37:37 | 00,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Leadertech
[2006.12.24 00:09:55 | 00,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\MAGIX
[2008.11.19 20:34:44 | 00,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mp3tag
[2007.02.02 21:20:24 | 00,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Nokia
[2007.02.28 18:58:31 | 00,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\PC Suite
[2006.12.19 21:16:10 | 00,000,000 | RH-D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\SecuROM
[2007.10.30 07:10:09 | 00,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\SlySoft
[2007.02.24 16:04:46 | 00,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Teleca
[2007.11.12 19:15:16 | 00,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\temp
[2006.12.10 19:41:10 | 00,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Template
[2006.12.10 19:05:23 | 00,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Thunderbird
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %SYSTEMDRIVE%\*.exe >
[2009.10.25 20:43:48 | 32,832,4136 | ---- | M] (Microsoft Corporation) -- C:\WindowsXP-KB936929-SP3-x86-DEU.exe
 
< %SYSTEMDRIVE%\eventlog.dll /s /md5 >
[2004.08.04 13:00:00 | 00,055,808 | ---- | M] (Microsoft Corporation) MD5=B932C077D5A65B71B4512544AC404CB4 -- C:\recover\WINDOWS\system32\eventlog.dll
[1 C:\recover\WINDOWS\system32\*.tmp files -> C:\recover\WINDOWS\system32\*.tmp -> ]
[2004.08.04 13:00:00 | 00,055,808 | ---- | M] (Microsoft Corporation) MD5=B932C077D5A65B71B4512544AC404CB4 -- C:\recover\WINDOWS\system32\dllcache\eventlog.dll
[2008.04.14 03:22:10 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\SoftwareDistribution\Download\a746b2abbbec3e139e29152ba22decd1\eventlog.dll
[2004.08.04 13:00:00 | 00,055,808 | ---- | M] (Microsoft Corporation) MD5=B932C077D5A65B71B4512544AC404CB4 -- C:\WINDOWS\system32\eventlog.dll
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
[2004.08.04 13:00:00 | 00,055,808 | ---- | M] (Microsoft Corporation) MD5=B932C077D5A65B71B4512544AC404CB4 -- C:\WINDOWS\system32\dllcache\eventlog.dll
 
< %SYSTEMDRIVE%\scecli.dll /s /md5 >
[2004.08.04 13:00:00 | 00,186,880 | ---- | M] (Microsoft Corporation) MD5=64DC26B3CF7BCCAD431CE360A4C625D5 -- C:\recover\WINDOWS\system32\scecli.dll
[1 C:\recover\WINDOWS\system32\*.tmp files -> C:\recover\WINDOWS\system32\*.tmp -> ]
[2004.08.04 13:00:00 | 00,186,880 | ---- | M] (Microsoft Corporation) MD5=64DC26B3CF7BCCAD431CE360A4C625D5 -- C:\recover\WINDOWS\system32\dllcache\scecli.dll
[2008.04.14 03:22:23 | 00,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\SoftwareDistribution\Download\a746b2abbbec3e139e29152ba22decd1\scecli.dll
[2004.08.04 13:00:00 | 00,186,880 | ---- | M] (Microsoft Corporation) MD5=64DC26B3CF7BCCAD431CE360A4C625D5 -- C:\WINDOWS\system32\scecli.dll
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
[2004.08.04 13:00:00 | 00,186,880 | ---- | M] (Microsoft Corporation) MD5=64DC26B3CF7BCCAD431CE360A4C625D5 -- C:\WINDOWS\system32\dllcache\scecli.dll
 
< %SYSTEMDRIVE%\netlogon.dll /s /md5 >
[2004.08.04 13:00:00 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=D27395EDCD3416AFD125A9370DCB585C -- C:\recover\WINDOWS\system32\netlogon.dll
[1 C:\recover\WINDOWS\system32\*.tmp files -> C:\recover\WINDOWS\system32\*.tmp -> ]
[2004.08.04 13:00:00 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=D27395EDCD3416AFD125A9370DCB585C -- C:\recover\WINDOWS\system32\dllcache\netlogon.dll
[2008.04.14 03:22:19 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\SoftwareDistribution\Download\a746b2abbbec3e139e29152ba22decd1\netlogon.dll
[2004.08.04 13:00:00 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=D27395EDCD3416AFD125A9370DCB585C -- C:\WINDOWS\system32\netlogon.dll
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
[2004.08.04 13:00:00 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=D27395EDCD3416AFD125A9370DCB585C -- C:\WINDOWS\system32\dllcache\netlogon.dll
 
< %SYSTEMDRIVE%\cngaudit.dll /s /md5 >
 
< %SYSTEMDRIVE%\sceclt.dll /s /md5 >
 
< %SYSTEMDRIVE%\ntelogon.dll /s /md5 >
 
< %SYSTEMDRIVE%\logevent.dll /s /md5 >
 
< %SYSTEMDRIVE%\iaStor.sys /s /md5 >
 
< %SYSTEMDRIVE%\nvstor.sys /s /md5 >
 
< %SYSTEMDRIVE%\atapi.sys /s /md5 >
[2004.08.03 22:59:44 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\recover\WINDOWS\system32\dllcache\atapi.sys
[2004.08.03 22:59:44 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\recover\WINDOWS\system32\drivers\atapi.sys
[2004.08.04 13:00:00 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\recover\WINDOWS\system32\ReinstallBackups\0012\DriverFiles\i386\atapi.sys
[2004.08.03 22:59:44 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\recover\WINDOWS\system32\ReinstallBackups\0013\DriverFiles\i386\atapi.sys
[2008.04.13 19:40:30 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\SoftwareDistribution\Download\a746b2abbbec3e139e29152ba22decd1\atapi.sys
[2004.08.03 22:59:44 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\dllcache\atapi.sys
[2004.08.03 22:59:44 | 00,095,360 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004.08.04 13:00:00 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0012\DriverFiles\i386\atapi.sys
[2004.08.03 22:59:44 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0013\DriverFiles\i386\atapi.sys
 
< %SYSTEMDRIVE%\IdeChnDr.sys /s /md5 >
 
< %SYSTEMDRIVE%\viasraid.sys /s /md5 >
 
< %SYSTEMDRIVE%\AGP440.sys /s /md5 >
[2008.04.13 19:36:38 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\SoftwareDistribution\Download\a746b2abbbec3e139e29152ba22decd1\agp440.sys
 
< %SYSTEMDRIVE%\vaxscsi.sys /s /md5 >
 
< %SYSTEMDRIVE%\nvatabus.sys /s /md5 >
< End of report >
         


Alt 26.11.2009, 21:24   #6
Rivfader
 
Zwei Probleme: TR/PCK.tdss.Z.230 in system32\tdlclk.dll sowie TR/Crypt.ZPACK.Gen... - Standard

Zwei Probleme: TR/PCK.tdss.Z.230 in system32\tdlclk.dll sowie TR/Crypt.ZPACK.Gen...



So, und hier noch...

Schritt 3:

Gmer-Scan:

Code:
ATTFilter
GMER 1.0.15.15252 - http://www.gmer.net
Rootkit scan 2009-11-26 22:12:35
Windows 5.1.2600 Service Pack 2
Running: 1q7xnioc.exe; Driver: C:\DOKUME~1\FLORIA~1\LOKALE~1\Temp\awgdqpod.sys


---- System - GMER 1.0.15 ----

SSDT            \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)                                ZwCreateFile [0xB02BA2D0]
SSDT            BAEFE236                                                                                                   ZwCreateKey
SSDT            \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)                                ZwCreatePort [0xB02BDC60]
SSDT            BAEFE22C                                                                                                   ZwCreateThread
SSDT            \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)                                ZwCreateWaitablePort [0xB02BDD40]
SSDT            \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)                                ZwDeleteFile [0xB02BA950]
SSDT            BAEFE23B                                                                                                   ZwDeleteKey
SSDT            BAEFE245                                                                                                   ZwDeleteValueKey
SSDT            BAEFE24A                                                                                                   ZwLoadKey
SSDT            \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)                                ZwOpenFile [0xB02BA7A0]
SSDT            BAEFE218                                                                                                   ZwOpenProcess
SSDT            BAEFE21D                                                                                                   ZwOpenThread
SSDT            BAEFE254                                                                                                   ZwReplaceKey
SSDT            BAEFE24F                                                                                                   ZwRestoreKey
SSDT            \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)                                ZwSetInformationFile [0xB02BAAC0]
SSDT            BAEFE240                                                                                                   ZwSetValueKey
SSDT            \??\C:\Programme\SUPERAntiSpyware\SASKUTIL.sys (SASKUTIL.SYS/SUPERAdBlocker.com and SUPERAntiSpyware.com)  ZwTerminateProcess [0xB02250B0]

---- Kernel code sections - GMER 1.0.15 ----

.rsrc           C:\WINDOWS\system32\drivers\atapi.sys                                                                      entry point in ".rsrc" section [0xBA746380]
?               srescan.sys                                                                                                Das System kann die angegebene Datei nicht finden. !
.text           C:\WINDOWS\system32\DRIVERS\nv4_mini.sys                                                                   section is writeable [0xB8E57360, 0x32E00D, 0xE8000020]
.reloc          C:\WINDOWS\system32\drivers\acehlp10.sys                                                                   section is executable [0xB8C91B80, 0x37FC7, 0xE0000060]
.text           C:\WINDOWS\system32\drivers\ACEDRV05.sys                                                                   section is writeable [0xB03C1000, 0x30A4A, 0xE8000020]
.pklstb         C:\WINDOWS\system32\drivers\ACEDRV05.sys                                                                   entry point in ".pklstb" section [0xB0403000]
.relo2          C:\WINDOWS\system32\drivers\ACEDRV05.sys                                                                   unknown last section [0xB041E000, 0x8E, 0x42000040]
.reloc          C:\WINDOWS\system32\drivers\acedrv10.sys                                                                   section is executable [0xAF916000, 0x459C1, 0xE0000060]
.text           C:\WINDOWS\system32\DRIVERS\atksgt.sys                                                                     section is writeable [0xAF8C3300, 0x3B6D8, 0xE8000020]
.text           C:\WINDOWS\system32\DRIVERS\lirsgt.sys                                                                     section is writeable [0xBABB0300, 0x1BEE, 0xE8000020]

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT             \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisRegisterProtocol]                                   [B02C23E0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT             \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisOpenAdapter]                                        [B02C2900] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT             \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisCloseAdapter]                                       [B02C2A60] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT             \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisDeregisterProtocol]                                 [B02C2550] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT             \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisDeregisterProtocol]                                   [B02C2550] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT             \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisRegisterProtocol]                                     [B02C23E0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT             \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisOpenAdapter]                                          [B02C2900] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT             \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisCloseAdapter]                                         [B02C2A60] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT             \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisRegisterProtocol]                                    [B02C23E0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT             \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisCloseAdapter]                                        [B02C2A60] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT             \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisOpenAdapter]                                         [B02C2900] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT             \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisDeregisterProtocol]                                  [B02C2550] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT             \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisCloseAdapter]                                          [B02C2A60] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT             \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisOpenAdapter]                                           [B02C2900] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT             \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisRegisterProtocol]                                      [B02C23E0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT             \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisDeregisterProtocol]                                   [B02C2550] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT             \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisRegisterProtocol]                                     [B02C23E0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT             \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisOpenAdapter]                                          [B02C2900] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT             \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisCloseAdapter]                                         [B02C2A60] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT             \SystemRoot\system32\DRIVERS\arp1394.sys[NDIS.SYS!NdisCloseAdapter]                                        [B02C2A60] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT             \SystemRoot\system32\DRIVERS\arp1394.sys[NDIS.SYS!NdisOpenAdapter]                                         [B02C2900] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT             \SystemRoot\system32\DRIVERS\arp1394.sys[NDIS.SYS!NdisDeregisterProtocol]                                  [B02C2550] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT             \SystemRoot\system32\DRIVERS\arp1394.sys[NDIS.SYS!NdisRegisterProtocol]                                    [B02C23E0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT             \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisRegisterProtocol]                                    [B02C23E0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT             \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisDeregisterProtocol]                                  [B02C2550] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT             \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisCloseAdapter]                                        [B02C2A60] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT             \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisOpenAdapter]                                         [B02C2900] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)

---- Devices - GMER 1.0.15 ----

AttachedDevice  \FileSystem\Ntfs \Ntfs                                                                                     SiWinAcc.sys (Windows Accelerator Driver/Silicon Image, Inc.)

Device          \Driver\Tcpip \Device\Ip                                                                                   vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
Device          \Driver\Tcpip \Device\Tcp                                                                                  vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
Device          \Driver\atapi \Device\Ide\IdePort0                                                                         [BA7399F2] atapi.sys[unknown section] {MOV EAX, [0xffdf0308]; JMP [EAX+0xfc]}
Device          \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4                                                                [BA7399F2] atapi.sys[unknown section] {MOV EAX, [0xffdf0308]; JMP [EAX+0xfc]}
Device          \Driver\atapi \Device\Ide\IdePort1                                                                         [BA7399F2] atapi.sys[unknown section] {MOV EAX, [0xffdf0308]; JMP [EAX+0xfc]}
Device          \Driver\atapi \Device\Ide\IdePort2                                                                         [BA7399F2] atapi.sys[unknown section] {MOV EAX, [0xffdf0308]; JMP [EAX+0xfc]}
Device          \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c                                                                [BA7399F2] atapi.sys[unknown section] {MOV EAX, [0xffdf0308]; JMP [EAX+0xfc]}
Device          \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-17                                                               [BA7399F2] atapi.sys[unknown section] {MOV EAX, [0xffdf0308]; JMP [EAX+0xfc]}
Device          \Driver\Tcpip \Device\Udp                                                                                  vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
Device          \Driver\Tcpip \Device\RawIp                                                                                vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
Device          \Driver\Tcpip \Device\IPMULTICAST                                                                          vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)

---- Files - GMER 1.0.15 ----

File            C:\WINDOWS\system32\drivers\atapi.sys                                                                      suspicious modification

---- EOF - GMER 1.0.15 ----
         
Hmm... ist der Übeltäter in der atapi.sys?

Alt 27.11.2009, 13:23   #7
Larusso
/// Selecta Jahrusso
 
Zwei Probleme: TR/PCK.tdss.Z.230 in system32\tdlclk.dll sowie TR/Crypt.ZPACK.Gen... - Standard

Zwei Probleme: TR/PCK.tdss.Z.230 in system32\tdlclk.dll sowie TR/Crypt.ZPACK.Gen...



Solltest du noch irgendetwas mit dem Computer verbinden, wie Memorysticks, Speicherkarten, Digitalkameras, Handy, externe Laufwerke, ... dann stecke vor dem Scan alles an.

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Lade dir ComboFix hier herunter auf deinen Desktop. Benenne es beim Runterladen um in cofi.exe.
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:[indent]Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.
__________________
mfg, Daniel

ASAP & UNITE Member
Alliance of Security Analysis Professionals
Unified Network of Instructors and Trusted Eliminators

Lerne, zurück zu schlagen und unterstütze uns!
TB Akademie

Alt 27.11.2009, 16:44   #8
Rivfader
 
Zwei Probleme: TR/PCK.tdss.Z.230 in system32\tdlclk.dll sowie TR/Crypt.ZPACK.Gen... - Standard

Zwei Probleme: TR/PCK.tdss.Z.230 in system32\tdlclk.dll sowie TR/Crypt.ZPACK.Gen...



So, hier das ComboFix-Log:

Teil 1:


Code:
ATTFilter
ComboFix 09-11-26.02 - *** 27.11.2009 17:00.1.2 - x86
Microsoft Windows XP Home Edition  5.1.2600.2.1252.49.1031.18.2045.1656 [GMT 1:00]
ausgeführt von:: c:\dokumente und einstellungen\***\Desktop\cofi.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning disabled* (Updated) {8738C054-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning disabled* (Updated) {87622484-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {00000000-0000-0000-0000-000000000000}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {00000008-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {00000246-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {80544BC7-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {87510664-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {875A2B64-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {875A483C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {875A652C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {875A7DDC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {875BEDDC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {875C15AC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {875D7384-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {875DBB64-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {875F43F4-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {875F7B64-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {87604DDC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {87608DDC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {876117D4-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8762E65C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {87641BFC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {87642054-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {87643DDC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8764485C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {876483FC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8764CBFC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {87662C0C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8767A47C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8768B65C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {87694DDC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {87698DDC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {876B6DDC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {876B783C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {876BD83C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {876C6C04-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {876D5B64-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {876DBC04-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {876E5DDC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {876FEAAC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {877014A4-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {87721054-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {87724054-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8774586C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {87746DDC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {87786374-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8778FDDC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {877AE47C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {877F95CC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {87807BFC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8785EDDC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {878D4BF4-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8790B6EC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {87969DDC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8796AB5C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8796FDDC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {879B2BFC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {87AA7A1C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {87B16A1C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {87BC4A1C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {87FB772C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {880303F4-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {88033054-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {88056334-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8805B83C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8806166C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {880742AC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8807D054-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {88099674-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {88108494-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {881093DC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8811F64C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8814F2AC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {88152884-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8815D3B4-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {88167654-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8816B47C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {881985CC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {88215DDC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8829085C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8833E66C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {883D7BFC-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8851883C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {88574A24-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8857C634-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {885A2DDC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {885B931C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {885ECB64-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {885F1844-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {885F5BFC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {88605A1C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {88614DDC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8861AB7C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8861EDDC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8863483C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8865A284-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {88668C14-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8866FDDC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {88678BFC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8868064C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8869E5BC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8869EBFC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {886AB2BC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {886C732C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {886DF774-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {886E13C4-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {886F98EC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {88716BFC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8876F2CC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8878DA1C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {88817624-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {888366E4-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8883749C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {888DADDC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {888E13DC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {889A2DDC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {889A54F4-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {88AD66A4-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {88AFC484-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {88B2DBFC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {88B8F65C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {88BDF19C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {88C0EDDC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {88CFF224-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {88DBC924-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {88DDE30C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {88E08584-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {88E395AC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {88E73BBC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {88E7E1DC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {88E7E984-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {88E7EDDC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {88E9A844-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {88EA66F4-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {88EAE9FC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {88F1FDDC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {88F2E3FC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {88F7265C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {88F7F2A4-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {88F9D52C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {88F9D83C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {88FA0844-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {88FA4DDC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {88FCBDDC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {88FCF5C4-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {88FD63F4-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {88FF1DDC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {88FF9BFC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {88FFBDDC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {89001BFC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8900929C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {890106E4-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8902265C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8902DBC4-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8902E65C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8903329C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {89048754-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {89060AE4-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8907FA1C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8908597C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8908CDDC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8909065C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8909824C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {890BB6DC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {890C054C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {890C0DDC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {890D7BFC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {890E9B64-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8911696C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8911DDDC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {89162374-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {89189DDC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {891B17BC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {891D2C04-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {891EA504-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8929865C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8932957C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8942ABFC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {894B02BC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {894B3434-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {895C1A1C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {895C76AC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {895DC6FC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {895F1554-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {896025CC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {896086E4-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8963FDDC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {896513F4-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8965265C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8965833C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {896583EC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8965BA2C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8969E67C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {896AC504-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {896B142C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {896CD894-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {896F4DDC-FFA4-00DE-0D24-347CA8A3377C}
         

Alt 27.11.2009, 16:46   #9
Rivfader
 
Zwei Probleme: TR/PCK.tdss.Z.230 in system32\tdlclk.dll sowie TR/Crypt.ZPACK.Gen... - Standard

Zwei Probleme: TR/PCK.tdss.Z.230 in system32\tdlclk.dll sowie TR/Crypt.ZPACK.Gen...



Teil 2

Code:
ATTFilter
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {897354EC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {89748974-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {897493C4-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {89757364-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {897658EC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8976F984-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8977FDDC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8979C054-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {897A38AC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {897AADDC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {897AF814-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {897AFDDC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {897B5784-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {897D5A84-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {898195BC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8981B234-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8983085C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {898309D4-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {89856294-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {898D5964-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {898EC054-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8990B804-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8995D98C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8996FDDC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8997079C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8997A554-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8997D504-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8997FDDC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {89985604-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8998979C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {899945D4-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8999541C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8999BBFC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {899FF564-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {BAB40540-FFA4-00DE-0D24-347CA8A3377C}
FW: ZoneAlarm Firewall *disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
.

((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Images
c:\recycler\S-1-5-21-657154122-107968962-1548325518-1003
c:\windows\system32\tdlclk.dll

Infizierte Kopie von c:\windows\system32\DRIVERS\atapi.sys wurde gefunden und desinfiziert 
Kopie von - Kitty ate it :p wurde wiederhergestellt 
.
(((((((((((((((((((((((   Dateien erstellt von 2009-10-27 bis 2009-11-27  ))))))))))))))))))))))))))))))
.

2009-11-25 19:17 . 2009-11-25 20:54	--------	d-----w-	C:\rsit
2009-11-25 19:17 . 2009-11-25 20:54	--------	d-----w-	c:\programme\trend micro
2009-11-17 16:47 . 2009-11-17 16:47	--------	d--h--w-	c:\windows\PIF
2009-11-15 09:45 . 2009-11-15 09:45	--------	d-----w-	c:\programme\CCleaner
2009-11-14 10:07 . 2009-11-14 10:07	--------	d-----w-	c:\dokumente und einstellungen\All Users\Anwendungsdaten\SUPERAntiSpyware.com
2009-11-14 10:07 . 2009-11-14 10:07	--------	d-----w-	c:\programme\SUPERAntiSpyware
2009-11-13 22:53 . 2009-11-13 22:53	--------	d-----w-	C:\VundoFix Backups
2009-11-12 06:43 . 2009-11-12 06:43	--------	d-----r-	c:\dokumente und einstellungen\LocalService\Favoriten
2009-11-05 17:56 . 2009-11-05 17:56	--------	d-sh--w-	c:\dokumente und einstellungen\LocalService\IETldCache
2009-11-02 18:44 . 2009-11-02 18:44	--------	d-----w-	c:\programme\iPod
2009-11-02 18:44 . 2009-11-02 18:45	--------	d-----w-	c:\programme\iTunes
2009-11-02 18:39 . 2009-11-02 18:39	79144	----a-w-	c:\dokumente und einstellungen\All Users\Anwendungsdaten\Apple Computer\Installer Cache\iTunes 9.0.2.25\SetupAdmin.exe
2009-11-02 16:25 . 2009-11-02 16:25	--------	d-----w-	c:\dokumente und einstellungen\LocalService\Startmenü
2009-11-02 16:24 . 2009-07-28 15:33	55656	----a-w-	c:\windows\system32\drivers\avgntflt.sys
2009-11-02 16:24 . 2009-03-30 09:33	96104	----a-w-	c:\windows\system32\drivers\avipbb.sys
2009-11-02 16:24 . 2009-02-13 11:29	22360	----a-w-	c:\windows\system32\drivers\avgntmgr.sys
2009-11-02 16:24 . 2009-02-13 11:17	45416	----a-w-	c:\windows\system32\drivers\avgntdd.sys
2009-11-02 16:24 . 2009-11-02 16:24	--------	d-----w-	c:\programme\Avira
2009-11-02 16:24 . 2009-11-02 16:24	--------	d-----w-	c:\dokumente und einstellungen\All Users\Anwendungsdaten\Avira

.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-25 21:24 . 2006-12-10 18:02	--------	d-----w-	c:\programme\Mozilla Thunderbird
2009-11-14 10:06 . 2009-10-04 12:11	--------	d-----w-	c:\programme\Gemeinsame Dateien\Wise Installation Wizard
2009-11-13 23:08 . 2007-01-07 14:27	--------	d-----w-	c:\programme\Java
2009-11-10 16:23 . 2009-11-10 16:22	20575113	----a-w-	c:\windows\Internet Logs\vsmon_on_demand_2009_11_10_06_53_41_full.dmp.zip
2009-11-02 18:44 . 2009-03-14 18:24	--------	d-----w-	c:\programme\Gemeinsame Dateien\Apple
2009-10-31 08:28 . 2007-08-07 04:42	16936643	----a-w-	c:\windows\Internet Logs\tvDebug.zip
2006-05-03 09:06 . 2008-05-08 17:10	163328	--sh--r-	c:\windows\system32\flvDX.dll
2007-02-21 10:47 . 2008-05-08 17:10	31232	--sh--r-	c:\windows\system32\msfDX.dll
2007-12-17 12:43 . 2008-05-08 17:10	27648	--sh--w-	c:\windows\system32\Smab0.dll
.

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"fsc-reg"="c:\windows\fscreg.exe 20091126" [X]
"EA Core"="c:\programme\Electronic Arts\EA Downloader\Core.exe" [2006-08-16 1826816]
"Creative Detector"="c:\programme\Creative\MediaSource\Detector\CTDetect.exe" [2004-12-02 102400]
"SUPERAntiSpyware"="c:\programme\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-11-11 2001648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RCSystem"="c:\programme\Creative\Shared Files\Module Loader\DLLML.exe RCSystem * -Startup" [X]
"Muscbrigade"="c:\musicbrigade\Musicbrigade.exe check" [X]
"AudioDrvEmulator"="c:\programme\Creative\Shared Files\Module Loader\DLLML.exe" [2005-06-16 49152]
"PCCloneEX"="c:\programme\PCCloneEX\PCCloneEX.EXE" [2007-11-06 4102656]
"Zone Labs Client"="c:\programme\Zone Labs\ZoneAlarm\zlclient.exe" [2006-08-23 968696]
"WinampAgent"="c:\programme\Winamp\winampa.exe" [2007-10-10 36352]
"VolPanel"="c:\programme\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" [2005-07-11 122880]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"Sony Ericsson PC Suite"="c:\programme\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2005-10-26 159744]
"Samsung PanelMgr"="c:\windows\Samsung\PanelMgr\SSMMgr.exe" [2007-08-16 524288]
"QuickTime Task"="c:\programme\QuickTime\QTTask.exe" [2009-09-04 417792]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-10-07 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-10-07 13574144]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 59392]
"ISUSScheduler"="c:\programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe" [2004-06-16 81920]
"ISUSPM Startup"="c:\progra~1\GEMEIN~1\INSTAL~1\UPDATE~1\isuspm.exe" [2004-06-16 221184]
"IntelliType"="c:\programme\Microsoft Hardware\Keyboard\type32.exe" [2001-06-12 69632]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"CTDVDDET"="c:\programme\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE" [2003-06-18 45056]
"CloneCDTray"="c:\programme\SlySoft\CloneCD\CloneCDTray.exe" [2005-05-19 57344]
"AnyDVD"="c:\programme\SlySoft\AnyDVD\AnyDVD.exe" [2007-10-20 455168]
"Adobe Photo Downloader"="c:\programme\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-23 57344]
"avgnt"="c:\programme\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"iTunesHelper"="c:\programme\iTunes\iTunesHelper.exe" [2009-10-28 141600]
" Malwarebytes Anti-Malware  (reboot)"="c:\programme\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"SunJavaUpdateSched"="c:\programme\Java\jre1.5.0_11\bin\jusched.exe" [2006-12-15 75520]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2008-10-07 1630208]
"CTxfiHlp"="CTXFIHLP.EXE" - c:\windows\system32\Ctxfihlp.exe [2008-02-20 19968]
"CTHelper"="CTHELPER.EXE" - c:\windows\system32\CtHelper.exe [2008-02-20 19456]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]

c:\dokumente und einstellungen\All Users\Startmen\Programme\Autostart\
Adobe Reader - Schnellstart.lnk - c:\programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]
WISO Mein Sparbuch heute.lnk - c:\programme\WISO\Sparbuch 2009\meinsparbuchheute.exe [2009-2-8 1119528]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\programme\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 13:21	548352	----a-w-	c:\programme\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programme\\THQ\\S.T.A.L.K.E.R. - Shadow of Chernobyl\\bin\\XR_3DA.exe"=
"c:\\Programme\\THQ\\S.T.A.L.K.E.R. - Shadow of Chernobyl\\bin\\dedicated\\XR_3DA.exe"=
"c:\\Programme\\KONAMI\\Pro Evolution Soccer 2009\\pes2009.exe"=
"c:\\Programme\\Bonjour\\mDNSResponder.exe"=
"c:\\Programme\\iTunes\\iTunes.exe"=

R1 SASDIFSV;SASDIFSV;c:\programme\SUPERAntiSpyware\sasdifsv.sys [11.11.2009 10:44 9968]
R1 SASKUTIL;SASKUTIL;c:\programme\SUPERAntiSpyware\SASKUTIL.SYS [11.11.2009 10:44 74480]
R2 acedrv10;acedrv10;c:\windows\system32\drivers\ACEDRV10.sys [27.07.2007 09:13 330144]
R2 acehlp10;acehlp10;c:\windows\system32\drivers\acehlp10.sys [27.07.2007 11:46 251680]
R2 AntiVirSchedulerService;Avira AntiVir Planer;c:\programme\Avira\AntiVir Desktop\sched.exe [02.11.2009 17:24 108289]
S2 SSPORT;SSPORT;\??\c:\windows\system32\Drivers\SSPORT.sys --> c:\windows\system32\Drivers\SSPORT.sys [?]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\magix\Common\Database\bin\fbserver.exe [16.11.2006 17:20 1527900]
S3 SASENUM;SASENUM;c:\programme\SUPERAntiSpyware\SASENUM.SYS [11.11.2009 10:44 7408]
.
Inhalt des "geplante Tasks" Ordners

2009-09-28 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programme\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://de.yahoo.com/fsc/
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://red.clientapps.yahoo.com/customize/fuji/defaults/su/*http://www.yahoo.com
FF - ProfilePath - c:\dokumente und einstellungen\Florian Störzer\Anwendungsdaten\Mozilla\Firefox\Profiles\7eubkk0c.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - plugin: c:\programme\Java\jre1.5.0_11\bin\NPJava11.dll
FF - plugin: c:\programme\Java\jre1.5.0_11\bin\NPJava12.dll
FF - plugin: c:\programme\Java\jre1.5.0_11\bin\NPJava13.dll
FF - plugin: c:\programme\Java\jre1.5.0_11\bin\NPJava14.dll
FF - plugin: c:\programme\Java\jre1.5.0_11\bin\NPJava32.dll
FF - plugin: c:\programme\Java\jre1.5.0_11\bin\NPJPI150_11.dll
FF - plugin: c:\programme\Java\jre1.5.0_11\bin\NPOJI610.dll

---- FIREFOX Richtlinien ----
c:\programme\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -

HKLM-Run-POINTER - point32.exe
AddRemove-NVIDIA Drivers - c:\windows\system32\nvuninst.exe UninstallGUI
AddRemove-{91810AFC-A4F8-4EBA-A5AA-B198BBC81144} - c:\programme\InstallShield Installation Information\{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}\setup.exe REMOVEALL



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-27 17:16
Windows 5.1.2600 Service Pack 2 NTFS

Scanne versteckte Prozesse... 

Scanne versteckte Autostarteinträge... 

Scanne versteckte Dateien... 

Scan erfolgreich abgeschlossen
versteckte Dateien: 0

**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------

[HKEY_USERS\S-1-5-21-1738359562-3088748936-3465165708-1006\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:15,34,96,10,3e,f6,33,5a,d1,ef,4d,c1,5a,b9,8a,59,88,b9,67,e4,13,81,41,
   00,51,f8,a7,01,a9,e7,ab,33,ea,49,37,6a,01,66,33,8c,6c,22,9d,36,30,50,5b,cc,\
"??"=hex:c6,98,90,50,43,42,6d,65,40,d6,52,14,5f,3e,10,37

[HKEY_USERS\S-1-5-21-1738359562-3088748936-3465165708-1006\Software\SecuROM\License information*]
"datasecu"=hex:27,2a,78,1a,20,bc,d6,1b,6e,4f,c4,92,8d,58,5e,7c,6a,d1,e2,88,66,
   25,ef,27,2d,b7,30,a7,77,c6,af,d7,b7,39,cf,1e,10,0a,3b,98,57,08,11,19,41,6a,\
"rkeysecu"=hex:57,94,b2,4d,4c,cd,fe,bf,32,a3,20,a6,ce,19,23,b7
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------

- - - - - - - > 'winlogon.exe'(700)
c:\programme\SUPERAntiSpyware\SASWINLO.dll
.
Zeit der Fertigstellung: 2009-11-27 17:20
ComboFix-quarantined-files.txt  2009-11-27 16:20

Vor Suchlauf: 23 Verzeichnis(se), 67.776.401.408 Bytes frei
Nach Suchlauf: 25 Verzeichnis(se), 67.727.785.984 Bytes frei

WindowsXP-KB310994-SP2-Home-BootDisk-DEU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

- - End Of File - - 498845CA82D1DC097BC456938BF257AD
         

Alt 27.11.2009, 17:55   #10
Larusso
/// Selecta Jahrusso
 
Zwei Probleme: TR/PCK.tdss.Z.230 in system32\tdlclk.dll sowie TR/Crypt.ZPACK.Gen... - Standard

Zwei Probleme: TR/PCK.tdss.Z.230 in system32\tdlclk.dll sowie TR/Crypt.ZPACK.Gen...



schritt 1

Zweiter Lauf mit Gmer
  • Starte GMER erneut.
  • Dieses Mal machst Du einen Rechtsklick links in das weiße Feld und wählst im Kontext-Menü "Only non MS files".
  • Dann klickst Du auf "Scan" und erlaubst damit GMER erneut zu scannen.
  • Wenn der Scan fertig ist, klickst Du auf den "Copy"-Button, womit der Inhalt ins Clipboard kopiert wird.
  • Nun einen Rechtsklick auf den Desktop, wähle "Textdokument", was ein leeres Dokument auf dem Desktop erstellt.
  • Öffne das Textdokument per Doppelklick, Rechtsklick im Textfeld und "Einfügen".
  • Speichere das Dokument und poste mir den Inhalt hier in den Thread.


schritt 2

CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Starte bitte die OTL.exe.
    Vista-User mit Rechtsklick "als Administrator starten"
  • Kopiere nun den Inhalt in die Textbox.
Code:
ATTFilter
netsvcs
%SYSTEMDRIVE%\*.exe
%SYSTEMDRIVE%\eventlog.dll /s /md5
%SYSTEMDRIVE%\scecli.dll /s /md5
%SYSTEMDRIVE%\netlogon.dll /s /md5
%SYSTEMDRIVE%\cngaudit.dll /s /md5
%SYSTEMDRIVE%\sceclt.dll /s /md5
%SYSTEMDRIVE%\ntelogon.dll /s /md5
%SYSTEMDRIVE%\logevent.dll /s /md5
%SYSTEMDRIVE%\iaStor.sys /s /md5
%SYSTEMDRIVE%\nvstor.sys /s /md5
%SYSTEMDRIVE%\atapi.sys /s /md5
%SYSTEMDRIVE%\IdeChnDr.sys /s /md5
%SYSTEMDRIVE%\viasraid.sys /s /md5
%SYSTEMDRIVE%\AGP440.sys /s /md5
%SYSTEMDRIVE%\vaxscsi.sys /s /md5
%SYSTEMDRIVE%\nvatabus.sys /s /md5
CREATERESTOREPOINT
         
  • Schliesse bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Quick Scan Button.
  • Klick auf .
  • Kopiere nun den Inhalt aus OTL.txt und Extra.txt hier in Code-Tags in Deinen Thread
__________________
mfg, Daniel

ASAP & UNITE Member
Alliance of Security Analysis Professionals
Unified Network of Instructors and Trusted Eliminators

Lerne, zurück zu schlagen und unterstütze uns!
TB Akademie

Alt 27.11.2009, 19:00   #11
Rivfader
 
Zwei Probleme: TR/PCK.tdss.Z.230 in system32\tdlclk.dll sowie TR/Crypt.ZPACK.Gen... - Standard

Zwei Probleme: TR/PCK.tdss.Z.230 in system32\tdlclk.dll sowie TR/Crypt.ZPACK.Gen...



Hier der neue Gmer-Scan:

Teil 1:

Code:
ATTFilter
GMER 1.0.15.15252 - http://www.gmer.net
Rootkit scan 2009-11-27 19:36:02
Windows 5.1.2600 Service Pack 2
Running: 1q7xnioc.exe; Driver: C:\DOKUME~1\FLORIA~1\LOKALE~1\Temp\awgdqpod.sys


---- Modules - GMER 1.0.15 ----

Module   Si3114r5.sys (SATA SoftRAID 5 miniport driver/Silicon Image, Inc)                                                                                                          BA6FC000-BA730000 (212992 bytes)
Module   SiWinAcc.sys (Windows Accelerator Driver/Silicon Image, Inc.)                                                                                                              BACBC000-BACBF000 (12288 bytes)
Module   PxHelp20.sys (Px Engine Device Driver for Windows 2000/XP/Sonic Solutions)                                                                                                 BA918000-BA921000 (36864 bytes)
Module   srescan.sys                                                                                                                                                                BA928000-BA933000 (45056 bytes)
Module   \SystemRoot\system32\DRIVERS\nv4_mini.sys (NVIDIA Compatible Windows 2000 Miniport Driver, Version 178.24 /NVIDIA Corporation)                                             B9791000-B9D6B000 (6135808 bytes)
Module   \SystemRoot\system32\DRIVERS\e1e5132.sys (Intel(R) PRO/1000 Adapter NDIS 5.2 deserialized driver/Intel Corporation)                                                        B9744000-B977D000 (233472 bytes)
Module   \SystemRoot\system32\drivers\ctaud2k.sys (Creative WDM Audio Device Driver/Creative Technology Ltd)                                                                        B96A2000-B9721000 (520192 bytes)
Module   \SystemRoot\system32\drivers\ctoss2k.sys (Creative OS Services Driver (WDM)/Creative Technology Ltd.)                                                                      B9629000-B965D000 (212992 bytes)
Module   \SystemRoot\system32\drivers\ctprxy2k.sys (Creative Proxy Device Driver (WDM)/Creative Technology Ltd)                                                                     BAC88000-BAC90000 (32768 bytes)
Module   \SystemRoot\System32\Drivers\ElbyCDFL.sys (ElbyCDIO Filter Driver/SlySoft, Inc.)                                                                                           BAC90000-BAC97000 (28672 bytes)
Module   \SystemRoot\System32\Drivers\AnyDVD.sys (AnyDVD Filter Driver/SlySoft, Inc.)                                                                                               BAC98000-BAC9D000 (20480 bytes)
Module   \SystemRoot\System32\Drivers\ElbyDelay.sys (Elby Delay Lower Filter Driver/Elaborate Bytes AG)                                                                             BAE08000-BAE0A000 (8192 bytes)
Module   \??\C:\WINDOWS\system32\drivers\acehlp10.sys (ProtectDisc Filter Driver/Protect Software GmbH)                                                                             B95C8000-B9604000 (245760 bytes)
Module   \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys (CD DVD Filter/GEAR Software Inc.)                                                                                            BACA0000-BACA6000 (24576 bytes)
Module   \SystemRoot\system32\DRIVERS\ptilink.sys (Parallel Technologies DirectParallel IO Library/Parallel Technologies, Inc.)                                                     BACB0000-BACB5000 (20480 bytes)
Module   \SystemRoot\system32\drivers\ha20x2k.sys (Creative 20X HAL (WDM)/Creative Technology Ltd)                                                                                  B0FD5000-B10F7000 (1187840 bytes)
Module   \SystemRoot\system32\drivers\emupia2k.sys (E-mu Plug-in Architecture Driver (WDM)/Creative Technology Ltd)                                                                 B0FA6000-B0FD5000 (192512 bytes)
Module   \SystemRoot\system32\drivers\ctsfm2k.sys (SoundFont(R) Manager (WDM)/Creative Technology Ltd)                                                                              B0F7D000-B0FA6000 (167936 bytes)
Module   \SystemRoot\system32\drivers\ctac32k.sys (Creative AC3 SW Decoder Device Driver (WDM)/Creative Technology Ltd)                                                             B0EE1000-B0F7D000 (638976 bytes)
Module   \SystemRoot\system32\CT20XUT.DLL (Creative 20X Utility Effects/Creative Technology Ltd.)                                                                                   B0EA0000-B0ECC000 (180224 bytes)
Module   \SystemRoot\system32\CTEXFIFX.DLL (Creative XFi Effects/Creative Technology Ltd.)                                                                                          B0D59000-B0EA0000 (1339392 bytes)
Module   \??\C:\WINDOWS\system32\drivers\ACEDRV05.sys (Helper Driver - Access Level 1/Protect Software GmbH)                                                                        B0CFA000-B0D59000 (389120 bytes)
Module   \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)                                                                                                B0B9D000-B0BFC000 (389120 bytes)
Module   \??\C:\Programme\SUPERAntiSpyware\SASKUTIL.sys (SASKUTIL.SYS/SUPERAdBlocker.com and SUPERAntiSpyware.com)                                                                  B0B56000-B0B7B000 (151552 bytes)
Module   \??\C:\Programme\SUPERAntiSpyware\SASDIFSV.SYS (SASDIFSV.SYS/SUPERAdBlocker.com and SUPERAntiSpyware.com)                                                                  BABE8000-BABEE000 (24576 bytes)
Module   \SystemRoot\system32\DRIVERS\avipbb.sys (Avira Driver for RootKit Detection/Avira GmbH)                                                                                    B0AA0000-B0ABC000 (114688 bytes)
Module   \??\C:\Programme\Avira\AntiVir_Desktop\avgio.sys (Avira AntiVir Support for Minifilter/Avira GmbH)                                                                         BAE5E000-BAE60000 (8192 bytes)
Module   \SystemRoot\System32\nv4_disp.dll (NVIDIA Compatible Windows 2000 Display driver, Version 178.24 /NVIDIA Corporation)                                                      BF9D4000-BFF9C000 (6062080 bytes)
Module   \SystemRoot\System32\ATMFD.DLL (Windows NT OpenType/Type 1 Font Driver/Adobe Systems Incorporated)                                                                         BFFA0000-BFFE6000 (286720 bytes)
Module   \SystemRoot\system32\DRIVERS\avgntflt.sys (Avira Minifilter Driver/Avira GmbH)                                                                                             B05E8000-B05FC000 (81920 bytes)
Module   \??\C:\WINDOWS\system32\drivers\acedrv10.sys (Filter Driver ProtectDisc/Protect Software GmbH)                                                                             B021D000-B0273000 (352256 bytes)
Module   \SystemRoot\system32\DRIVERS\atksgt.sys                                                                                                                                    B013A000-B017D000 (274432 bytes)
Module   \??\C:\WINDOWS\system32\Drivers\DgiVecp.sys (Windows 2k,XP IEEE-1284 parallel class driver for ECP, Byte, and Nibble modes/Samsung Electronics Co., Ltd.)                  B0358000-B0367000 (61440 bytes)
Module   \SystemRoot\System32\Drivers\ElbyCDIO.sys (ElbyCD Windows NT/2000/XP I/O driver/Elaborate Bytes AG)                                                                        B02F0000-B02F3000 (12288 bytes)
Module   \SystemRoot\system32\DRIVERS\lirsgt.sys                                                                                                                                    BABC0000-BABC5000 (20480 bytes)
Module   \??\C:\Programme\SUPERAntiSpyware\SASENUM.SYS (SASENUM.SYS/ SUPERAdBlocker.com and SUPERAntiSpyware.com)                                                                   BABB0000-BABB5000 (20480 bytes)
Module   \SystemRoot\system32\CTEDSPSY.DLL (E-MU E-DSP DSP System Plugin/Creative Technology Ltd)                                                                                   ADBAB000-ADBFF000 (344064 bytes)
Module   \??\C:\DOKUME~1\FLORIA~1\LOKALE~1\Temp\awgdqpod.sys (GMER)                                                                                                                 AD914000-AD92B000 (94208 bytes)

---- Processes - GMER 1.0.15 ----

Process  C:\WINDOWS\system32\nvsvc32.exe (NVIDIA Driver Helper Service, Version 178.24/NVIDIA Corporation)                                                                          128
Library  C:\WINDOWS\system32\nvsvc32.exe (NVIDIA Driver Helper Service, Version 178.24/NVIDIA Corporation)                                                                          0x00400000
Library  C:\WINDOWS\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation)                                                                                   0x75790000
Library  C:\WINDOWS\system32\nvapi.dll (NVIDIA NVAPI Library, Version 178.24 /NVIDIA Corporation)                                                                                   0x00A60000

Process  C:\WINDOWS\System32\alg.exe (Application Layer Gateway Service/Microsoft Corporation)                                                                                      272
Library  C:\WINDOWS\System32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation)                                                                                   0x75790000

Process  C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation)                                                                            344
Library  C:\WINDOWS\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation)                                                                                   0x75790000

Process  C:\WINDOWS\system32\wdfmgr.exe (Windows User Mode Driver Manager/Microsoft Corporation)                                                                                    360
Library  C:\WINDOWS\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation)                                                                                   0x75790000

Process  C:\WINDOWS\Explorer.EXE (Windows Explorer/Microsoft Corporation)                                                                                                           604
Library  C:\WINDOWS\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation)                                                                                   0x75790000
Library  C:\WINDOWS\system32\ctagent.dll (ctagent/Creative Technology Ltd)                                                                                                          0x02000000
Library  C:\Programme\SUPERAntiSpyware\SASSEH.DLL (ShellExecuteHook/SuperAdBlocker.com)                                                                                             0x10000000

Process  C:\Programme\iPod\bin\iPodService.exe (iPodService Module (32-bit)/Apple Inc.)                                                                                             656
Library  C:\Programme\iPod\bin\iPodService.exe (iPodService Module (32-bit)/Apple Inc.)                                                                                             0x00400000
Library  C:\WINDOWS\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation)                                                                                   0x75790000
Library  C:\Programme\iPod\bin\iPodService.Resources\de.lproj\iPodServiceLocalized.DLL (iPodService Resource Library (32 Bit)/Apple Inc.)                                           0x10000000
Library  C:\Programme\iPod\bin\iPodService.Resources\iPodService.DLL (iPodService Resource Library (32-bit)/Apple Inc.)                                                             0x009A0000

Process  C:\WINDOWS\system32\csrss.exe (Client Server Runtime Process/Microsoft Corporation)                                                                                        668
Library  C:\WINDOWS\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation)                                                                                   0x75790000

Process  C:\WINDOWS\system32\winlogon.exe (Windows NT-Anmeldung/Microsoft Corporation)                                                                                              700
Library  C:\WINDOWS\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation)                                                                                   0x75790000
Library  C:\Programme\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware WinLogon Processor/SUPERAntiSpyware.com)                                                                      0x10000000

Process  C:\WINDOWS\system32\services.exe (Anwendung für Dienste und Controller/Microsoft Corporation)                                                                              744
Library  C:\WINDOWS\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation)                                                                                   0x75790000

Process  C:\WINDOWS\system32\lsass.exe (LSA Shell (Export Version)/Microsoft Corporation)                                                                                           756
Library  C:\WINDOWS\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation)                                                                                   0x75790000

Process  C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation)                                                                            944
Library  C:\WINDOWS\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation)                                                                                   0x75790000

Process  C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation)                                                                            1052
Library  C:\WINDOWS\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation)                                                                                   0x75790000
Library  C:\Programme\Bonjour\mdnsNSP.dll (Bonjour Namespace Provider/Apple Inc.)                                                                                                   0x16080000

Process  C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation)                                                                            1148
Library  C:\WINDOWS\System32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation)                                                                                   0x75790000

Process  C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation)                                                                            1196
Library  C:\WINDOWS\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation)                                                                                   0x75790000

Process  C:\Dokumente und Einstellungen\***\Desktop\1q7xnioc.exe                                                                                                        1316
Library  C:\Dokumente und Einstellungen\***\Desktop\1q7xnioc.exe                                                                                                        0x00400000
Library  C:\WINDOWS\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation)                                                                                   0x75790000
Library  C:\WINDOWS\system32\ctagent.dll (ctagent/Creative Technology Ltd)                                                                                                          0x02000000

Process  C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation)                                                                            1348
Library  C:\WINDOWS\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation)                                                                                   0x75790000

Process  C:\WINDOWS\system32\ZoneLabs\vsmon.exe (TrueVector Service/Zone Labs, LLC)                                                                                                 1360
Library  C:\WINDOWS\system32\ZoneLabs\vsmon.exe (TrueVector Service/Zone Labs, LLC)                                                                                                 0x00400000
Library  C:\WINDOWS\system32\VSUTIL.dll (TrueVector Service/Zone Labs, LLC)                                                                                                         0x50000000
Library  C:\WINDOWS\system32\VSINIT.dll (TrueVector Service/Zone Labs, LLC)                                                                                                         0x01CC0000
Library  C:\WINDOWS\system32\ZoneLabs\zpy.dll (Python Core/Python Software Foundation)                                                                                              0x1E000000
Library  C:\WINDOWS\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation)                                                                                   0x75790000
Library  C:\WINDOWS\system32\VSUTIL_Loc0407.dll (TrueVector Service/Zone Labs Inc.)                                                                                                 0x10000000
Library  C:\WINDOWS\system32\ZoneLabs\lib\pyd\signedDll.pyd                                                                                                                         0x00D20000
Library  C:\WINDOWS\system32\ZoneLabs\lib\pyd\pyvsinit.pyd                                                                                                                          0x00D30000
Library  C:\WINDOWS\system32\ZoneLabs\lib\pyd\pyexpat.pyd                                                                                                                           0x1D100000
Library  C:\WINDOWS\system32\ZoneLabs\lib\pyd\_socket.pyd                                                                                                                           0x1E1D0000
Library  C:\WINDOWS\system32\ZoneLabs\plugins\vsmon_plugin\vsmon_plugin.dll (vsmon plug-in/Zone Labs, LLC)                                                                          0x00D40000
Library  C:\WINDOWS\system32\ZoneLabs\plugins\rpc_server\rpc_server.dll (RPC Server plug-in/Zone Labs, LLC)                                                                         0x00D50000
Library  C:\WINDOWS\system32\ZoneLabs\vsmondll.dll (TrueVector Service/Zone Labs, LLC)                                                                                              0x00F60000
Library  C:\WINDOWS\system32\VSDATA.dll (TrueVector Service DLL/Zone Labs, LLC)                                                                                                     0x04000000
Library  C:\WINDOWS\system32\ZoneLabs\ssleay32.dll (TrueVector Service/Zone Labs, LLC)                                                                                              0x50E00000
Library  C:\WINDOWS\system32\vsxml.dll (TrueVector Service/Zone Labs, LLC)                                                                                                          0x01C80000
Library  C:\WINDOWS\system32\ZoneLabs\fbl.dll (Feature based licensing library/Zone Labs, LLC)                                                                                      0x013F0000
Library  C:\WINDOWS\system32\zlcomm.dll (ZLComm/Zone Labs, LLC)                                                                                                                     0x52600000
Library  C:\WINDOWS\system32\ZLCommDB.dll (ZLCommDB/Zone Labs, LLC)                                                                                                                 0x52800000
Library  C:\WINDOWS\system32\ZoneLabs\vsdb.dll (TrueVector Service/Zone Labs, LLC)                                                                                                  0x01420000
Library  C:\WINDOWS\system32\ZoneLabs\VSRULEDB.DLL (TrueVector Service/Zone Labs, LLC)                                                                                              0x50200000
Library  C:\WINDOWS\system32\ZoneLabs\VSRULEDB_Loc0407.dll (TrueVector Service/Zone Labs Inc.)                                                                                      0x01640000
Library  C:\WINDOWS\system32\ZoneLabs\vsvault.dll (TrueVector Service/Zone Labs, LLC)                                                                                               0x50A00000
Library  C:\WINDOWS\system32\vswmi.dll (vsmon component/Zone Labs, LLC)                                                                                                             0x02FB0000
Library  C:\WINDOWS\system32\ZoneLabs\zlquarantine.dll (zlquarantine/Zone Labs, LLC)                                                                                                0x030C0000
Library  C:\WINDOWS\system32\ZoneLabs\zlquarantine_Loc0407.dll (zlquarantine/Zone Labs Inc.)                                                                                        0x032F0000
Library  C:\WINDOWS\system32\ZoneLabs\qrbase.dll (qrbase/Zone Labs, LLC)                                                                                                            0x03300000
Library  C:\WINDOWS\system32\ZoneLabs\scheduler.dll (scheduler feature plug-in/Zone Labs, LLC)                                                                                      0x51E00000
Library  C:\WINDOWS\system32\ZoneLabs\zlsre.dll (zlsre/Zone Labs, LLC)                                                                                                              0x035E0000
Library  C:\WINDOWS\system32\ZoneLabs\zlsre_Loc0407.dll (zlsre/Zone Labs Inc.)                                                                                                      0x034B0000
Library  C:\WINDOWS\system32\ZoneLabs\srescan.dll (srescan/Zone Labs, LLC)                                                                                                          0x03620000
Library  C:\WINDOWS\system32\ZoneLabs\zlupdate.dll (ZLUpdate feature plug-in/Zone Labs, LLC)                                                                                        0x034C0000
Library  C:\WINDOWS\system32\ZoneLabs\streamapi\httpblocker\httpblocker.dll (HttpBlocker plug-in/Zone Labs, LLC)                                                                    0x03860000
Library  C:\WINDOWS\system32\LIBEAY32_0.9.6l.dll                                                                                                                                    0x038A0000
Library  C:\WINDOWS\system32\ZoneLabs\camupd.dll (camupd feature plug-in/Zone Labs, LLC)                                                                                            0x53200000
Library  C:\Programme\Bonjour\mdnsNSP.dll (Bonjour Namespace Provider/Apple Inc.)                                                                                                   0x16080000
         

Alt 27.11.2009, 19:01   #12
Rivfader
 
Zwei Probleme: TR/PCK.tdss.Z.230 in system32\tdlclk.dll sowie TR/Crypt.ZPACK.Gen... - Standard

Zwei Probleme: TR/PCK.tdss.Z.230 in system32\tdlclk.dll sowie TR/Crypt.ZPACK.Gen...



Teil 2:

Code:
ATTFilter
Process  C:\WINDOWS\system32\spoolsv.exe (Spooler SubSystem App/Microsoft Corporation)                                                                                              1684
Library  C:\WINDOWS\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation)                                                                                   0x75790000
Library  C:\WINDOWS\system32\SUGG1LMK.DLL (Language Monitor for Status Monitor/Samsung Electronics.)                                                                                0x00A90000
Library  C:\WINDOWS\System32\spool\PRTPROCS\W32X86\filterpipelineprintproc.dll (Print Filter Pipeline Proxy/Microsoft Corporation)                                                  0x00AA0000
Library  C:\Programme\Bonjour\mdnsNSP.dll (Bonjour Namespace Provider/Apple Inc.)                                                                                                   0x16080000
Library  C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\SUGG1UI.DLL (Printer Driver User Interface/Microsoft Corporation)                                                               0x6A900000

Process  C:\Programme\Creative\Shared Files\CTAudSvc.exe (Creative Audio Service/Creative Technology Ltd)                                                                           1724
Library  C:\Programme\Creative\Shared Files\CTAudSvc.exe (Creative Audio Service/Creative Technology Ltd)                                                                           0x00400000
Library  C:\WINDOWS\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation)                                                                                   0x75790000

Process  C:\Programme\Avira\AntiVir Desktop\sched.exe (Antivirus Scheduler/Avira GmbH)                                                                                              1744
Library  C:\Programme\Avira\AntiVir Desktop\sched.exe (Antivirus Scheduler/Avira GmbH)                                                                                              0x00400000
Library  C:\WINDOWS\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation)                                                                                   0x75790000
Library  C:\Programme\Avira\AntiVir Desktop\schedr.dll (avschdr Dynamic Link Library/Avira GmbH)                                                                                    0x10000000
Library  C:\Programme\Avira\AntiVir Desktop\avevtlog.dll (Event Logger/Avira GmbH)                                                                                                  0x00BC0000
Library  C:\Programme\Avira\AntiVir Desktop\sqlite3.dll                                                                                                                             0x00D10000

Process  C:\Programme\Avira\AntiVir Desktop\avguard.exe (Antivirus On-Access Service/Avira GmbH)                                                                                    1944
Library  C:\Programme\Avira\AntiVir Desktop\avguard.exe (Antivirus On-Access Service/Avira GmbH)                                                                                    0x00400000
Library  C:\WINDOWS\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation)                                                                                   0x75790000
Library  C:\Programme\Avira\AntiVir Desktop\AVEvtLog.dll (Event Logger/Avira GmbH)                                                                                                  0x10000000
Library  C:\Programme\Avira\AntiVir Desktop\guardmsg.dll (AVGuard Messages (Deutsch)/Avira GmbH)                                                                                    0x00A00000
Library  C:\Programme\Avira\AntiVir Desktop\sqlite3.dll                                                                                                                             0x00D80000
Library  C:\Programme\Avira\AntiVir Desktop\AVPREF.DLL (Prefix DLL/Avira GmbH)                                                                                                      0x00A30000
Library  C:\Programme\Avira\AntiVir Desktop\SMTPLIB.DLL (SMTPLIB/Avira GmbH)                                                                                                        0x00A50000
Library  C:\Programme\Avira\AntiVir Desktop\AVGIO.DLL (On-access scan support/Avira GmbH)                                                                                           0x01120000
Library  C:\Programme\Avira\AntiVir Desktop\aecore.dll (AntiVir Engine Module for Windows/Avira GmbH)                                                                               0x01150000
Library  C:\Programme\Avira\AntiVir Desktop\aevdf.dll (AntiVir Engine Module for Windows/Avira GmbH)                                                                                0x01190000
Library  C:\Programme\Avira\AntiVir Desktop\aescript.dll (AntiVir Engine Module for Windows/Avira GmbH)                                                                             0x014E0000
Library  C:\Programme\Avira\AntiVir Desktop\aescn.dll (AntiVir Engine Module for Windows/Avira GmbH)                                                                                0x01570000
Library  C:\Programme\Avira\AntiVir Desktop\aesbx.dll (AntiVir Engine Module for Windows/Avira GmbH)                                                                                0x015A0000
Library  C:\Programme\Avira\AntiVir Desktop\aerdl.dll (AntiVir Engine Module for Windows/Avira GmbH)                                                                                0x015F0000
Library  C:\Programme\Avira\AntiVir Desktop\aepack.dll (AntiVir Engine Module for Windows/Avira GmbH)                                                                               0x01680000
Library  C:\Programme\Avira\AntiVir Desktop\unacev2.dll (UNACE Dynamic Link Library/ACE Compression Software)                                                                       0x01700000
Library  C:\Programme\Avira\AntiVir Desktop\aeoffice.dll (AntiVir Engine Module for Windows/Avira GmbH)                                                                             0x01760000
Library  C:\Programme\Avira\AntiVir Desktop\aeheur.dll (AntiVir Engine Module for Windows/Avira GmbH)                                                                               0x017B0000
Library  C:\Programme\Avira\AntiVir Desktop\aehelp.dll (AntiVir Engine Module for Windows/Avira GmbH)                                                                               0x019C0000
Library  C:\Programme\Avira\AntiVir Desktop\aegen.dll (AntiVir Engine Module for Windows/Avira GmbH)                                                                                0x01A10000
Library  C:\Programme\Avira\AntiVir Desktop\aeemu.dll (AntiVir Engine Module for Windows/Avira GmbH)                                                                                0x01A80000
Library  C:\Programme\Avira\AntiVir Desktop\aebb.dll (AntiVir Engine Module for Windows/Avira GmbH)                                                                                 0x01B00000
Library  C:\Programme\Avira\AntiVir Desktop\avipc.dll (AVIRA IPC Library/Avira GmbH)                                                                                                0x01B20000

Process  C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Mobile Device Service/Apple Inc.)                                      1956
Library  C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Mobile Device Service/Apple Inc.)                                      0x00400000
Library  C:\WINDOWS\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation)                                                                                   0x75790000

Process  C:\Programme\Bonjour\mDNSResponder.exe (Bonjour Service/Apple Inc.)                                                                                                        1968
Library  C:\Programme\Bonjour\mDNSResponder.exe (Bonjour Service/Apple Inc.)                                                                                                        0x00400000
Library  C:\WINDOWS\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation)                                                                                   0x75790000

Process  C:\WINDOWS\system32\CTsvcCDA.EXE (Creative Service for CDROM Access/Creative Technology Ltd)                                                                               2000
Library  C:\WINDOWS\system32\CTsvcCDA.EXE (Creative Service for CDROM Access/Creative Technology Ltd)                                                                               0x00400000
Library  C:\WINDOWS\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation)                                                                                   0x75790000

Process  C:\Programme\Creative\Shared Files\Module Loader\DLLML.exe (DLL Module Loader/Creative Technology Ltd.)                                                                    2168
Library  C:\Programme\Creative\Shared Files\Module Loader\DLLML.exe (DLL Module Loader/Creative Technology Ltd.)                                                                    0x00400000
Library  C:\WINDOWS\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation)                                                                                   0x75790000
Library  C:\Programme\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll (Audio Driver Emulator DLL/Creative Technology Ltd.)                                          0x10000000
Library  C:\Programme\Creative\Sound Blaster X-Fi\Entertainment Center\CTAudSel.dll (CTAudSel library/Creative Technology Ltd)                                                      0x00A70000
Library  C:\Programme\Creative\ShareDLL\CADI\ctcadi.dll (Common Audio Driver Interface Manager/Creative Technology Ltd)                                                             0x00AC0000
Library  C:\WINDOWS\system32\cttele32.dll (Creative Common PS Module/Creative Technology Ltd)                                                                                       0x00E00000
Library  C:\Programme\Creative\ShareDLL\CADI\dbacs.dll (Creative /Creative Technology Ltd)                                                                                          0x00E40000
Library  C:\WINDOWS\SYSTEM32\CTMMACTL.DLL                                                                                                                                           0x01090000
Library  C:\WINDOWS\SYSTEM32\ctosuser.dll (Creative OS Services Module/Creative Technology Ltd)                                                                                     0x02000000

Process  C:\Programme\Gemeinsame Dateien\Teleca Shared\Generic.exe (Generic Device Management Executable./Teleca Software Solutions)                                                2180
Library  C:\Programme\Gemeinsame Dateien\Teleca Shared\Generic.exe (Generic Device Management Executable./Teleca Software Solutions)                                                0x00400000
Library  C:\Programme\Gemeinsame Dateien\Teleca Shared\Telecalib_logging.dll (Telecalib Logging, Dynamic Link Library. Dll used for logging purposes./Teleca/Popwire AB)            0x10000000
Library  C:\Programme\Gemeinsame Dateien\Teleca Shared\boost_log-vc71-mt-1_32.dll                                                                                                   0x00320000
Library  C:\WINDOWS\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation)                                                                                   0x75790000
Library  C:\Programme\Gemeinsame Dateien\Teleca Shared\TC Device Mgmt.dll (Device Management type library and proxy/stub dll./Teleca Software Solutions)                            0x01240000
Library  C:\Programme\Sony Ericsson\Mobile2\Device Manager\SpecificMPM.dll (Mobile Phone Monitor specific device management dll./SonyEricsson)                                      0x01040000
Library  C:\Programme\Sony Ericsson\Mobile2\Mobile Phone Monitor\anubisps.dll                                                                                                       0x01060000
Library  C:\Programme\Gemeinsame Dateien\Teleca Shared\SpecificUSB.dll (USB specific device management dll./Popwire AB)                                                             0x01070000
Library  C:\Programme\Gemeinsame Dateien\Teleca Shared\tlib_log.dll (Telecalib Logging, Dynamic Link Library used for logging./Popwire AB)                                          0x010B0000
Library  C:\Programme\Gemeinsame Dateien\Teleca Shared\boost_log-vc71-mt-1_33.dll                                                                                                   0x010E0000

Process  C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe (Zone Labs Client/Zone Labs, LLC)                                                                                            2200
Library  C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe (Zone Labs Client/Zone Labs, LLC)                                                                                            0x00400000
Library  C:\WINDOWS\system32\VSUTIL.dll (TrueVector Service/Zone Labs, LLC)                                                                                                         0x50000000
Library  C:\WINDOWS\system32\VSINIT.dll (TrueVector Service/Zone Labs, LLC)                                                                                                         0x01CC0000
Library  C:\WINDOWS\system32\VSPUBAPI.dll (TrueVector Service/Zone Labs, LLC)                                                                                                       0x10000000
Library  C:\Programme\Zone Labs\ZoneAlarm\framewrk.dll (ZoneAlarm Framework Module/Zone Labs, LLC)                                                                                  0x50400000
Library  C:\WINDOWS\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation)                                                                                   0x75790000
Library  C:\WINDOWS\system32\VSUTIL_Loc0407.dll (TrueVector Service/Zone Labs Inc.)                                                                                                 0x00AD0000
Library  C:\Programme\Zone Labs\ZoneAlarm\framewrk_Loc0407.dll (ZoneAlarm Framework Module/Zone Labs Inc.)                                                                          0x00AF0000
Library  C:\WINDOWS\system32\ZoneLabs\fbl.dll (Feature based licensing library/Zone Labs, LLC)                                                                                      0x00C70000
Library  C:\WINDOWS\system32\vsdata.dll (TrueVector Service DLL/Zone Labs, LLC)                                                                                                     0x04000000
Library  C:\WINDOWS\system32\vsxml.dll (TrueVector Service/Zone Labs, LLC)                                                                                                          0x01C80000
Library  C:\Programme\Zone Labs\ZoneAlarm\zlclient_Loc0407.dll (ZoneAlarm/Zone Labs Inc.)                                                                                           0x00DA0000
Library  C:\WINDOWS\system32\vsmonapi.dll (TrueVector Client Interface/Zone Labs, LLC)                                                                                              0x04100000
Library  C:\WINDOWS\system32\zlcomm.dll (ZLComm/Zone Labs, LLC)                                                                                                                     0x52600000
Library  C:\WINDOWS\system32\ZLCommDB.dll (ZLCommDB/Zone Labs, LLC)                                                                                                                 0x52800000
Library  C:\WINDOWS\system32\ZoneLabs\scheduler.dll (scheduler feature plug-in/Zone Labs, LLC)                                                                                      0x51E00000
Library  C:\Programme\Zone Labs\ZoneAlarm\alert.zap (Alerts Plugin Module/Zone Labs, LLC)                                                                                           0x01800000
Library  C:\Programme\Zone Labs\ZoneAlarm\alert_Loc0407.zap (Alerts Plugin Module/Zone Labs Inc.)                                                                                   0x01170000
Library  C:\Programme\Zone Labs\ZoneAlarm\cam.zap (Anti-Virus Monitoring Module/Zone Labs, LLC)                                                                                     0x01180000
Library  C:\Programme\Zone Labs\ZoneAlarm\cam_Loc0407.zap (Anti-virus-Überwachungsmodul/Zone Labs Inc.)                                                                             0x011A0000
Library  C:\Programme\Zone Labs\ZoneAlarm\email.zap (Email Plugin Module/Zone Labs, LLC)                                                                                            0x01840000
Library  C:\Programme\Zone Labs\ZoneAlarm\email_Loc0407.zap (Email Plugin Module/Zone Labs Inc.)                                                                                    0x011B0000
Library  C:\Programme\Zone Labs\ZoneAlarm\filter.zap (Filter Plugin Module/Zone Labs, LLC)                                                                                          0x01C00000
Library  C:\Programme\Zone Labs\ZoneAlarm\filter_Loc0407.zap (Filter Plugin Module/Zone Labs Inc.)                                                                                  0x011C0000
Library  C:\Programme\Zone Labs\ZoneAlarm\firewall.zap (Firewall Plugin Module/Zone Labs, LLC)                                                                                      0x01880000
Library  C:\Programme\Zone Labs\ZoneAlarm\firewall_Loc0407.zap (Firewall Plugin Module/Zone Labs Inc.)                                                                              0x011D0000
Library  C:\Programme\Zone Labs\ZoneAlarm\idlock.zap (ZoneAlarmPro/Zone Labs, LLC)                                                                                                  0x50C00000
Library  C:\Programme\Zone Labs\ZoneAlarm\idlock_Loc0407.zap (ZoneAlarmPro/Zone Labs Inc.)                                                                                          0x011E0000
Library  C:\Programme\Zone Labs\ZoneAlarm\privacy.zap (Privacy Plugin Module/Zone Labs, LLC)                                                                                        0x018C0000
Library  C:\Programme\Zone Labs\ZoneAlarm\privacy_Loc0407.zap (Privacy Plugin Module/Zone Labs Inc.)                                                                                0x01200000
Library  C:\Programme\Zone Labs\ZoneAlarm\programs.zap (Programs Plugin Module/Zone Labs, LLC)                                                                                      0x01900000
Library  C:\Programme\Zone Labs\ZoneAlarm\programs_Loc0407.zap (Programs Plugin Module/Zone Labs Inc.)                                                                              0x01210000
Library  C:\Programme\Zone Labs\ZoneAlarm\security.zap (Overview Plugin Module/Zone Labs, LLC)                                                                                      0x01240000
Library  C:\Programme\Zone Labs\ZoneAlarm\security_Loc0407.zap (Overview Plugin Module/Zone Labs Inc.)                                                                              0x012B0000
Library  C:\WINDOWS\system32\ZoneLabs\camupd.dll (camupd feature plug-in/Zone Labs, LLC)                                                                                            0x53200000
Library  C:\WINDOWS\system32\ctagent.dll (ctagent/Creative Technology Ltd)                                                                                                          0x02000000

Process  C:\Programme\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe (VolPanel.exe/Creative Technology Ltd)                                                                  2292
Library  C:\Programme\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe (VolPanel.exe/Creative Technology Ltd)                                                                  0x00400000
Library  C:\Programme\Creative\Sound Blaster X-Fi\Volume Panel\CTAudSel.dll (CTAudSel library/Creative Technology Ltd)                                                              0x10000000
Library  C:\WINDOWS\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation)                                                                                   0x75790000
Library  C:\Programme\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.crl (VolPanel.crl/Creative Technology Ltd)                                                                  0x61000000
Library  C:\Programme\Creative\ShareDLL\CADI\ctcadi.dll (Common Audio Driver Interface Manager/Creative Technology Ltd)                                                             0x00CE0000
Library  C:\WINDOWS\system32\cttele32.dll (Creative Common PS Module/Creative Technology Ltd)                                                                                       0x01020000
Library  C:\Programme\Creative\ShareDLL\CADI\dbacs.dll (Creative /Creative Technology Ltd)                                                                                          0x01060000
Library  C:\Programme\Creative\Shared Files\mxlib.dll (Creative Mixer Library/Creative Technology Ltd.)                                                                             0x011F0000
Library  C:\WINDOWS\SYSTEM32\CTDCIFCE.DLL (Creative Audio Device Control Interface/Creative Technology Ltd)                                                                         0x02000000
Library  C:\WINDOWS\SYSTEM32\CTDC0000.DLL (Creative Audio Device Control Module/Creative Technology Ltd)                                                                            0x01300000
Library  C:\WINDOWS\SYSTEM32\ctosuser.dll (Creative OS Services Module/Creative Technology Ltd)                                                                                     0x01450000
Library  C:\Programme\Creative\Shared Files\CTTheme.dll (Creative Theme Engine DLL/Creative Technology Ltd)                                                                         0x014B0000
Library  C:\Programme\Creative\Shared Files\CtrlSrc.dll (Creative Theme Engine RTX Base Control DLL/Creative Technology Ltd)                                                        0x01220000
Library  C:\Programme\Creative\Shared Files\CTIniF.dll (CTIniF/Creative Technology Ltd)                                                                                             0x012F0000
Library  C:\Programme\Creative\Shared Files\GDICtrl.skc (Creative Theme Engine GDI Controls plug-in/Creative Technology Ltd)                                                        0x014E0000
Library  C:\Programme\Creative\Shared Files\GDICtrl2.skc (Creative Theme Engine GDI2 Controls plug-in/Creative Technology Ltd)                                                      0x01540000
Library  C:\Programme\Creative\Shared Files\GDICtrl3.skc (Creative Theme Engine GDI3 Controls plug-in/Creative Technology Ltd)                                                      0x01580000
Library  C:\Programme\Creative\Shared Files\RtxCtrl.skc (Creative Theme Engine RTX Controls Plug-In/Creative Technology Ltd)                                                        0x015A0000
Library  C:\WINDOWS\system32\ctagent.dll (ctagent/Creative Technology Ltd)
         

Alt 27.11.2009, 19:02   #13
Rivfader
 
Zwei Probleme: TR/PCK.tdss.Z.230 in system32\tdlclk.dll sowie TR/Crypt.ZPACK.Gen... - Standard

Zwei Probleme: TR/PCK.tdss.Z.230 in system32\tdlclk.dll sowie TR/Crypt.ZPACK.Gen...



Teil 3:

Code:
ATTFilter
Process  C:\Programme\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe (Application Launcher/Sony Ericsson Mobile Communications AB)                             2308
Library  C:\Programme\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe (Application Launcher/Sony Ericsson Mobile Communications AB)                             0x00400000
Library  C:\Programme\Gemeinsame Dateien\Teleca Shared\Telecalib_logging.dll (Telecalib Logging, Dynamic Link Library. Dll used for logging purposes./Teleca/Popwire AB)            0x10000000
Library  C:\Programme\Gemeinsame Dateien\Teleca Shared\boost_log-vc71-mt-1_32.dll                                                                                                   0x00330000
Library  C:\WINDOWS\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation)                                                                                   0x75790000
Library  C:\Programme\Sony Ericsson\Mobile2\Application Launcher\Application LauncherLg.dll (Application Launcher/Sony Ericsson Mobile Communications AB)                           0x00CA0000
Library  C:\Programme\Sony Ericsson\Mobile2\Application Launcher\Application LauncherBmp.dll (Application Launcher/Sony Ericsson Mobile Communications AB)                          0x00E50000
Library  C:\Programme\Gemeinsame Dateien\Teleca Shared\TC Device Mgmt.dll (Device Management type library and proxy/stub dll./Teleca Software Solutions)                            0x00D20000
Library  C:\WINDOWS\system32\ctagent.dll (ctagent/Creative Technology Ltd)                                                                                                          0x02000000

Process  C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe                                                                                                                                     2316
Library  C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe                                                                                                                                     0x00400000
Library  C:\WINDOWS\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation)                                                                                   0x75790000

Process  C:\Programme\Creative\Shared Files\Module Loader\DLLML.exe (DLL Module Loader/Creative Technology Ltd.)                                                                    2324
Library  C:\Programme\Creative\Shared Files\Module Loader\DLLML.exe (DLL Module Loader/Creative Technology Ltd.)                                                                    0x00400000
Library  C:\WINDOWS\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation)                                                                                   0x75790000
Library  C:\Programme\Creative\Sound Blaster X-Fi\Entertainment Center\RCSystem.dll (Remote Control System Module/Creative Technology Ltd.)                                         0x10000000
Library  C:\Programme\Creative\Sound Blaster X-Fi\Entertainment Center\RCSystem.CRL (Remote Control System Resources/Creative Technology Ltd.)                                      0x00A70000
Library  C:\Programme\Creative\Shared Files\Module Loader\OSD\PanelSvc.dll (PanelSvc DLL/Creative Technology Ltd.)                                                                  0x00AA0000
Library  C:\Programme\Creative\ShareDLL\CADI\ctcadi.dll (Common Audio Driver Interface Manager/Creative Technology Ltd)                                                             0x01800000
Library  C:\WINDOWS\system32\cttele32.dll (Creative Common PS Module/Creative Technology Ltd)                                                                                       0x01B40000
Library  C:\Programme\Creative\Sound Blaster X-Fi\Entertainment Center\RCRx\RcHidUsb.dll (USB HID Remote Control Receiver Device Plugin/Creative Technology Ltd)                    0x01790000
Library  C:\Programme\Creative\Sound Blaster X-Fi\Entertainment Center\RCRx\RCIDM.dll (Infra Drive IR Device Plugin/Creative Technology Ltd.)                                       0x01B90000
Library  C:\Programme\Creative\Sound Blaster X-Fi\Entertainment Center\RCRx\RCKSIRWp.dll (Sound Blaster USB Remote Control Receiver Device Wrapper Plugin/Creative Technology Ltd)  0x01BA0000
Library  C:\Programme\Creative\Sound Blaster X-Fi\Entertainment Center\RCRx\RCSBUSB.DLL (SoundBlaster USB IR Plugin /Creative Technology Ltd)                                       0x01BB0000
Library  C:\Programme\Creative\Sound Blaster X-Fi\Entertainment Center\RCRx\rcks1k.dll (SB Extigy IR Plugin /Creative Technology Ltd.)                                              0x01BC0000
Library  C:\Programme\Creative\Sound Blaster X-Fi\Entertainment Center\EAXMod.dll (EAX Module/Creative Technology Ltd.)                                                             0x01BD0000
Library  C:\Programme\Creative\Sound Blaster X-Fi\Entertainment Center\RemoteEA.CRL (EAX resource module/Creative Technology Ltd)                                                   0x01BF0000
Library  C:\Programme\Creative\Sound Blaster X-Fi\Entertainment Center\EAXCADI.DLL (EAXCADI Implementation/Creative Technology Ltd.)                                                0x01C00000
Library  C:\Programme\Creative\Sound Blaster X-Fi\Entertainment Center\CTAudSel.dll (CTAudSel library/Creative Technology Ltd)                                                      0x01C10000
Library  C:\Programme\Creative\ShareDLL\CADI\dbacs.dll (Creative /Creative Technology Ltd)                                                                                          0x01C40000
Library  C:\Programme\Creative\ShareDLL\CADI\CTPreset.dll (CADI Helper COM Preset/Creative Technology Ltd.)                                                                         0x02020000
Library  C:\Programme\Creative\ShareDLL\CADI\NotiMan.dll (Notification Manager Proxy Stub/Creative Technology Ltd)                                                                  0x02080000
Library  C:\WINDOWS\SYSTEM32\CTDPROXY.DLL (Creative Audio Driver Proxy/Creative Technology Ltd)                                                                                     0x02000000

Process  C:\Programme\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe (CAPI_Worker Module/Sony Ericsson Mobile Communications AB)                                          2332
Library  C:\Programme\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe (CAPI_Worker Module/Sony Ericsson Mobile Communications AB)                                          0x00400000
Library  C:\Programme\Sony Ericsson\Mobile2\Mobile Phone Monitor\ShowMfcDialog.dll (ShowMfcDialog DLL/Sony Ericsson Mobile Communications AB)                                       0x10000000
Library  C:\WINDOWS\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation)                                                                                   0x75790000
Library  C:\Programme\Sony Ericsson\Mobile2\Mobile Phone Monitor\Capires0407.DLL (capires0407/Popwire AB)                                                                           0x10300000
Library  C:\Programme\Sony Ericsson\Mobile2\Mobile Phone Monitor\anubisps.dll                                                                                                       0x01190000
Library  C:\Programme\Sony Ericsson\Mobile2\Mobile Phone Monitor\cellphone_object.dll (cellphone_object Module/Sony Ericsson Mobile Communications AB)                              0x10400000
Library  C:\Programme\Sony Ericsson\Mobile2\Mobile Phone Monitor\ecsmoddata.dll (ecsmoddata/Sony Ericsson Mobile Communications AB)                                                 0x011A0000
Library  C:\Programme\Sony Ericsson\Mobile2\Mobile Phone Monitor\msmeirsock_object.dll (MSMEIrSock_object Module/Sony Ericsson Mobile Communications AB)                            0x10F00000
Library  C:\Programme\Sony Ericsson\Mobile2\Mobile Phone Monitor\ms98irsock_object.dll (MS98IrSock_object Module/Sony Ericsson Mobile Communications AB)                            0x10D00000
Library  C:\Programme\Sony Ericsson\Mobile2\Mobile Phone Monitor\msirsock_object.dll (MSIrSock_object Module/Sony Ericsson Mobile Communications AB)                                0x10E00000
Library  C:\Programme\Sony Ericsson\Mobile2\Mobile Phone Monitor\cabmain.dll (cabmain/Sony Ericsson Mobile Communications AB)                                                       0x02200000

Process  C:\PROGRA~1\Nokia\NOKIAP~1\TRAYAP~1.EXE                                                                                                                                    2356
Library  C:\PROGRA~1\Nokia\NOKIAP~1\TRAYAP~1.EXE                                                                                                                                    0x00400000
Library  C:\WINDOWS\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation)                                                                                   0x75790000
Library  C:\WINDOWS\system32\ctagent.dll (ctagent/Creative Technology Ltd)                                                                                                          0x02000000

Process  C:\WINDOWS\system32\RUNDLL32.EXE (Eine DLL-Datei als Anwendung ausführen/Microsoft Corporation)                                                                            2372
Library  C:\WINDOWS\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation)                                                                                   0x75790000
Library  C:\WINDOWS\system32\NvMcTray.dll (NVIDIA Media Center Library/NVIDIA Corporation)                                                                                          0x10000000
Library  C:\WINDOWS\system32\nvapi.dll (NVIDIA NVAPI Library, Version 178.24 /NVIDIA Corporation)                                                                                   0x00A50000
Library  C:\WINDOWS\system32\NVRSDE.DLL (NVIDIA German language resource library/NVIDIA Corporation)                                                                                0x00AF0000

Process  C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe (InstallShield Update Service Scheduler/InstallShield Software Corporation)                          2424
Library  C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe (InstallShield Update Service Scheduler/InstallShield Software Corporation)                          0x00400000
Library  C:\WINDOWS\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation)                                                                                   0x75790000

Process  C:\Programme\Microsoft Hardware\Keyboard\type32.exe (Microsoft IntelliType Pro/Microsoft Corporation)                                                                      2440
Library  C:\WINDOWS\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation)                                                                                   0x75790000

Process  C:\PROGRA~1\GEMEIN~1\PCSuite\DATALA~1\DATALA~1.EXE (DataLayer 2.0 Module/Nokia Mobile Phones Ltd.)                                                                         2484
Library  C:\PROGRA~1\GEMEIN~1\PCSuite\DATALA~1\DATALA~1.EXE (DataLayer 2.0 Module/Nokia Mobile Phones Ltd.)                                                                         0x00400000
Library  C:\WINDOWS\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation)                                                                                   0x75790000
Library  C:\PROGRA~1\GEMEIN~1\PCSuite\DATALA~1\Lang\DataLayer_ger.nlr (DataLayer 2 Module/Nokia)                                                                                    0x10000000
Library  C:\WINDOWS\system32\ctagent.dll (ctagent/Creative Technology Ltd)                                                                                                          0x02000000

Process  C:\Programme\Gemeinsame Dateien\Teleca Shared\CapabilityManager.exe (Capability Manager/Teleca Software Solutions AB)                                                      2492
Library  C:\Programme\Gemeinsame Dateien\Teleca Shared\CapabilityManager.exe (Capability Manager/Teleca Software Solutions AB)                                                      0x00400000
Library  C:\Programme\Gemeinsame Dateien\Teleca Shared\Telecalib_logging.dll (Telecalib Logging, Dynamic Link Library. Dll used for logging purposes./Teleca/Popwire AB)            0x10000000
Library  C:\Programme\Gemeinsame Dateien\Teleca Shared\boost_log-vc71-mt-1_32.dll                                                                                                   0x00320000
Library  C:\WINDOWS\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation)                                                                                   0x75790000

Process  C:\WINDOWS\SYSTEM32\CTXFISPI.EXE (SPI (Creative X-Fi Module)/Creative Technology Ltd)                                                                                      2500
Library  C:\WINDOWS\SYSTEM32\CTXFISPI.EXE (SPI (Creative X-Fi Module)/Creative Technology Ltd)                                                                                      0x01000000
Library  C:\WINDOWS\SYSTEM32\ctosuser.dll (Creative OS Services Module/Creative Technology Ltd)                                                                                     0x02000000
Library  C:\WINDOWS\SYSTEM32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation)                                                                                   0x75790000
Library  C:\WINDOWS\system32\cttele32.dll (Creative Common PS Module/Creative Technology Ltd)                                                                                       0x10000000
Library  C:\WINDOWS\SYSTEM32\CTDPROXY.DLL (Creative Audio Driver Proxy/Creative Technology Ltd)                                                                                     0x00CF0000
Library  C:\WINDOWS\SYSTEM32\PIAPROXY.DLL (E-mu Plug-in Architecture Device Driver Proxy/Creative Technology Ltd)                                                                   0x00D10000

Process  C:\WINDOWS\system32\CTXFIHLP.EXE (CTXfiHlp MFC Application/Creative Technology Ltd)                                                                                        2508
Library  C:\WINDOWS\system32\CTXFIHLP.EXE (CTXfiHlp MFC Application/Creative Technology Ltd)                                                                                        0x01000000
Library  C:\WINDOWS\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation)                                                                                   0x75790000
Library  C:\WINDOWS\system32\cttele32.dll (Creative Common PS Module/Creative Technology Ltd)                                                                                       0x10000000
Library  C:\WINDOWS\system32\ctagent.dll (ctagent/Creative Technology Ltd)                                                                                                          0x02000000
Library  C:\WINDOWS\system32\ctxfispk.dll (Ctxfispk.dll/Creative Technology Ltd)                                                                                                    0x00A80000
Library  C:\WINDOWS\system32\ctxfibtn.dll (CTXFIBTN DLL/Creative Technology Ltd)                                                                                                    0x00C70000
Library  C:\WINDOWS\CTXFIGER.DLL                                                                                                                                                    0x00C90000

Process  C:\WINDOWS\system32\CTHELPER.EXE (CtHelper Application/Creative Technology Ltd)                                                                                            2516
Library  C:\WINDOWS\system32\CTHELPER.EXE (CtHelper Application/Creative Technology Ltd)                                                                                            0x01000000
Library  C:\WINDOWS\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation)                                                                                   0x75790000
Library  C:\WINDOWS\system32\ctagent.dll (ctagent/Creative Technology Ltd)                                                                                                          0x02000000

Process  C:\Programme\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE (CTDVDDET/Creative Technology Ltd)                                                                          2528
Library  C:\Programme\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE (CTDVDDET/Creative Technology Ltd)                                                                          0x00400000
Library  C:\WINDOWS\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation)                                                                                   0x75790000
Library  C:\Programme\Creative\Shared Files\CTAudNav.dll (CTAudNav/Creative Technology Ltd)                                                                                         0x10000000

Process  C:\Programme\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe (Adobe Photoshop Album Starter Edition 3.0 component/Adobe Systems Incorporated)                  2584
Library  C:\Programme\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe (Adobe Photoshop Album Starter Edition 3.0 component/Adobe Systems Incorporated)                  0x00400000
Library  C:\Programme\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdboot.dll (Adobe Photoshop Album Starter Edition 3.0 component/Adobe Systems Incorporated)                   0x10000000
Library  C:\WINDOWS\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation)                                                                                   0x75790000
Library  C:\WINDOWS\system32\ctagent.dll (ctagent/Creative Technology Ltd)                                                                                                          0x02000000

Process  C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Antivirus System Tray Tool/Avira GmbH)                                                                                       2592
Library  C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Antivirus System Tray Tool/Avira GmbH)                                                                                       0x00400000
Library  C:\Programme\Avira\AntiVir Desktop\cclib.dll (Antivirus Control Center Common Library/Avira GmbH)                                                                          0x10000000
Library  C:\WINDOWS\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation)                                                                                   0x75790000
Library  C:\WINDOWS\system32\ctagent.dll (ctagent/Creative Technology Ltd)                                                                                                          0x02000000
Library  c:\programme\avira\antivir desktop\ccgen.dll (Control Center General Plugin/Avira GmbH)                                                                                    0x00C00000
Library  c:\programme\avira\antivir desktop\ccgenrc.dll (Control Center General Plugin Resources/Avira GmbH)                                                                        0x00C90000
Library  c:\programme\avira\antivir desktop\ccguard.dll (Control Center Guard Plugin/Avira GmbH)                                                                                    0x00CB0000
Library  c:\programme\avira\antivir desktop\ccgrdrc.dll (Control Center Guard Plugin Resources/Avira GmbH)                                                                          0x00D10000
Library  c:\programme\avira\antivir desktop\avipc.dll (AVIRA IPC Library/Avira GmbH)                                                                                                0x00D30000
Library  c:\programme\avira\antivir desktop\ccupdate.dll (Control Center Updater Plugin/Avira GmbH)                                                                                 0x00D60000
Library  c:\programme\avira\antivir desktop\ccupdrc.dll (Control Center Updater Plugin Resources/Avira GmbH)                                                                        0x00DB0000
Library  c:\programme\avira\antivir desktop\cclic.dll (Control Center License Plugin/Avira GmbH)                                                                                    0x00DD0000
Library  c:\programme\avira\antivir desktop\cclicrc.dll (Control Center License Plugin Resources/Avira GmbH)                                                                        0x00F30000
Library  c:\programme\avira\antivir desktop\ccmsg.dll (Control Center Message Plugin/Avira GmbH)                                                                                    0x00F50000
         

Alt 27.11.2009, 19:04   #14
Rivfader
 
Zwei Probleme: TR/PCK.tdss.Z.230 in system32\tdlclk.dll sowie TR/Crypt.ZPACK.Gen... - Standard

Zwei Probleme: TR/PCK.tdss.Z.230 in system32\tdlclk.dll sowie TR/Crypt.ZPACK.Gen...



Teil 4:

Code:
ATTFilter
Process  C:\Programme\iTunes\iTunesHelper.exe (iTunesHelper/Apple Inc.)                                                                                                             2600
Library  C:\Programme\iTunes\iTunesHelper.exe (iTunesHelper/Apple Inc.)                                                                                                             0x00400000
Library  C:\WINDOWS\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation)                                                                                   0x75790000
Library  C:\Programme\iTunes\iTunesHelper.dll (iTunesHelper DLL/Apple Inc.)                                                                                                         0x10000000
Library  C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\CoreFoundation.dll (CoreFoundation/Apple Inc.)                                                             0x00A50000
Library  C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\pthreadVC2.dll (POSIX Threads for Windows32 Library/Open Source Software community project)                0x009C0000
Library  C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\objc.dll                                                                                                   0x009D0000
Library  C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\icuin40.dll (IBM ICU I18N DLL/IBM Corporation and others)                                                  0x00B20000
Library  C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\icuuc40.dll (IBM ICU Common DLL/IBM Corporation and others)                                                0x00C20000
Library  C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\icudt40.dll (ICU Data DLL/IBM Corporation and others)                                                      0x4AD00000
Library  C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\ASL.dll                                                                                                    0x00A20000
Library  C:\Programme\iTunes\iTunesHelper.Resources\de.lproj\iTunesHelperLocalized.DLL (iTunesHelper Ressourcebibliothek/Apple Inc.)                                                0x01370000
Library  C:\Programme\iTunes\iTunesHelper.Resources\iTunesHelper.DLL (iTunesHelper Resource Library/Apple Inc.)                                                                     0x013A0000
Library  C:\Programme\QuickTime\QTSystem\QuickTime.qts (QuickTime/Apple Inc.)                                                                                                       0x66800000
Library  C:\Programme\QuickTime\QTSystem\QTCF.dll                                                                                                                                   0x68A40000
Library  C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\CFNetwork.dll (CFNetwork/Apple, Inc.)                                                                      0x01650000
Library  C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\SQLite3.dll (SQLite3 Dynamic Link Library/Apple Inc.)                                                      0x016F0000
Library  C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\zlib1.dll                                                                                                  0x01760000
Library  C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\iTunesMobileDevice.dll (iTunesMobileDevice/Apple Inc.)                                                     0x023B0000

Process  C:\Programme\Java\jre1.5.0_11\bin\jusched.exe (Java(TM) 2 Platform Standard Edition binary/Sun Microsystems, Inc.)                                                         2684
Library  C:\Programme\Java\jre1.5.0_11\bin\jusched.exe (Java(TM) 2 Platform Standard Edition binary/Sun Microsystems, Inc.)                                                         0x00400000
Library  C:\WINDOWS\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation)                                                                                   0x75790000

Process  C:\Programme\Electronic Arts\EA Downloader\Core.exe (EA Desktop Client/Electronic Arts)                                                                                    2724
Library  C:\Programme\Electronic Arts\EA Downloader\Core.exe (EA Desktop Client/Electronic Arts)                                                                                    0x00400000
Library  C:\WINDOWS\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation)                                                                                   0x75790000
Library  C:\Programme\Bonjour\mdnsNSP.dll (Bonjour Namespace Provider/Apple Inc.)                                                                                                   0x16080000
Library  C:\WINDOWS\system32\ctagent.dll (ctagent/Creative Technology Ltd)                                                                                                          0x02000000

Process  C:\Programme\PC Connectivity Solution\ServiceLayer.exe (ServiceLayer Module/Nokia.)                                                                                        2744
Library  C:\Programme\PC Connectivity Solution\ServiceLayer.exe (ServiceLayer Module/Nokia.)                                                                                        0x00400000
Library  C:\Programme\PC Connectivity Solution\NclTools.dll (NCL Tools/Nokia)                                                                                                       0x10000000
Library  C:\WINDOWS\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation)                                                                                   0x75790000
Library  C:\Programme\PC Connectivity Solution\Transports\NCLIrDAMM.dll (Infrared/Nokia Corp.)                                                                                      0x01490000
Library  C:\Programme\PC Connectivity Solution\Transports\NCLRSMM.dll (Serial cable/Nokia Corp.)                                                                                    0x01600000
Library  C:\Programme\PC Connectivity Solution\Transports\NCLUSBMM.dll (Nokia USB media module/Nokia Corp.)                                                                         0x01830000
Library  C:\Programme\PC Connectivity Solution\Transports\NclMSBTMM.dll (Bluetooth (Microsoft)/Nokia Corp.)                                                                         0x01960000

Process  C:\Programme\Creative\MediaSource\Detector\CTDetect.exe (Creative MediaSource Detector/Creative Technology Ltd)                                                            2756
Library  C:\Programme\Creative\MediaSource\Detector\CTDetect.exe (Creative MediaSource Detector/Creative Technology Ltd)                                                            0x00400000
Library  C:\Programme\Creative\MediaSource\Detector\CTIntrfc.dll (CTIntrfc/Creative Technology Ltd)                                                                                 0x10000000
Library  C:\WINDOWS\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation)                                                                                   0x75790000
Library  C:\Programme\Creative\MediaSource\Detector\CTDetect.Crl (Creative MediaSource Detector Resource Library/Creative Technology Ltd)                                           0x00A70000
Library  C:\WINDOWS\system32\ctagent.dll (ctagent/Creative Technology Ltd)                                                                                                          0x02000000
Library  C:\Programme\Creative\MediaSource\Detector\DtctrMgr.det (Creative MediaSource Detector Manager/Creative Technology Ltd)                                                    0x00A90000
Library  C:\Programme\Creative\MediaSource\Detector\Hdd.det (Harddisk Detector Plugin/Creative Technology Ltd)                                                                      0x00AA0000
Library  C:\Programme\Creative\Shared Files\ThmRes.DLL (Creative Theme Engine Theme Resources DLL/Creative Technology Ltd)                                                          0x00AB0000
Library  C:\Programme\Creative\Shared Files\CTIniF.dll (CTIniF/Creative Technology Ltd)                                                                                             0x00AD0000
Library  C:\Programme\Creative\MediaSource\Detector\Disc.det (Disc Detector Plugin/Creative Technology Ltd)                                                                         0x00AF0000

Process  C:\WINDOWS\system32\wuauclt.exe (Windows Update Automatic Updates/Microsoft Corporation)                                                                                   3608
Library  C:\WINDOWS\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation)                                                                                   0x75790000

Process  C:\Programme\Creative\ShareDLL\CADI\NotiMan.exe (Notification Manager/Creative Technology Ltd.)                                                                            3860
Library  C:\Programme\Creative\ShareDLL\CADI\NotiMan.exe (Notification Manager/Creative Technology Ltd.)                                                                            0x00400000
Library  C:\WINDOWS\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation)                                                                                   0x75790000
Library  C:\Programme\Creative\ShareDLL\CADI\NotiMan.dll (Notification Manager Proxy Stub/Creative Technology Ltd)                                                                  0x10000000

---- Services - GMER 1.0.15 ----

Service  C:\WINDOWS\system32\drivers\ACEDRV05.sys (Helper Driver - Access Level 1/Protect Software GmbH)                                                                            [SYSTEM] ACEDRV05
Service  C:\WINDOWS\system32\drivers\acedrv10.sys (Filter Driver ProtectDisc/Protect Software GmbH)                                                                                 [AUTO] acedrv10
Service  C:\WINDOWS\system32\drivers\acehlp10.sys (ProtectDisc Filter Driver/Protect Software GmbH)                                                                                 [AUTO] acehlp10
Service  C:\Programme\Avira\AntiVir Desktop\sched.exe (Antivirus Scheduler/Avira GmbH)                                                                                              [AUTO] AntiVirSchedulerService
Service  C:\Programme\Avira\AntiVir Desktop\avguard.exe (Antivirus On-Access Service/Avira GmbH)                                                                                    [AUTO] AntiVirService
Service  C:\WINDOWS\System32\Drivers\AnyDVD.sys (AnyDVD Filter Driver/SlySoft, Inc.)                                                                                                [MANUAL] AnyDVD
Service  C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Mobile Device Service/Apple Inc.)                                      [AUTO] Apple Mobile Device
Service  C:\WINDOWS\system32\DRIVERS\atksgt.sys                                                                                                                                     [AUTO] atksgt
Service  C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira AntiVir Support for Minifilter/Avira GmbH)                                                                             [SYSTEM] avgio
Service  C:\WINDOWS\system32\DRIVERS\avgntflt.sys (Avira Minifilter Driver/Avira GmbH)                                                                                              [AUTO] avgntflt
Service  C:\WINDOWS\system32\DRIVERS\avipbb.sys (Avira Driver for RootKit Detection/Avira GmbH)                                                                                     [SYSTEM] avipbb
Service  C:\Programme\Bonjour\mDNSResponder.exe (Bonjour Service/Apple Inc.)                                                                                                        [AUTO] Bonjour Service
Service  C:\DOKUME~1\FLORIA~1\LOKALE~1\Temp\catchme.sys                                                                                                                             [MANUAL] catchme
Service  C:\WINDOWS\system32\COMMONFX.DLL (Creative Common FX Plug-in/Creative Technology Ltd)                                                                                      [MANUAL] COMMONFX.DLL
Service  C:\WINDOWS\system32\CTsvcCDA.EXE (Creative Service for CDROM Access/Creative Technology Ltd)                                                                               [AUTO] Creative Service for CDROM Access
Service  C:\WINDOWS\system32\CT20XUT.DLL (Creative 20X Utility Effects/Creative Technology Ltd.)                                                                                    [MANUAL] CT20XUT.DLL
Service  C:\WINDOWS\system32\drivers\ctac32k.sys (Creative AC3 SW Decoder Device Driver (WDM)/Creative Technology Ltd)                                                              [MANUAL] ctac32k
Service  C:\WINDOWS\system32\drivers\ctaud2k.sys (Creative WDM Audio Device Driver/Creative Technology Ltd)                                                                         [MANUAL] ctaud2k
Service  C:\WINDOWS\system32\CTAUDFX.DLL (Creative SB FX Plug-in/Creative Technology Ltd)                                                                                           [MANUAL] CTAUDFX.DLL
Service  C:\Programme\Creative\Shared Files\CTAudSvc.exe (Creative Audio Service/Creative Technology Ltd)                                                                           [AUTO] CTAudSvcService
Service  C:\WINDOWS\system32\drivers\ctdvda2k.sys (Creative DVD-Audio Device Driver (WDM)/Creative Technology Ltd)                                                                  [MANUAL] ctdvda2k
Service  C:\WINDOWS\system32\CTEAPSFX.DLL (APS FX Plug-in/Creative Technology Ltd)                                                                                                  [MANUAL] CTEAPSFX.DLL
Service  C:\WINDOWS\system32\CTEDSPFX.DLL (E-MU E-DSP Effects Plugin Module/Creative Technology Ltd)                                                                                [MANUAL] CTEDSPFX.DLL
Service  C:\WINDOWS\system32\CTEDSPIO.DLL (E-MU E-DSP I/O Plugin/Creative Technology Ltd)                                                                                           [MANUAL] CTEDSPIO.DLL
Service  C:\WINDOWS\system32\CTEDSPSY.DLL (E-MU E-DSP DSP System Plugin/Creative Technology Ltd)                                                                                    [MANUAL] CTEDSPSY.DLL
Service  C:\WINDOWS\system32\CTERFXFX.DLL (E-MU E-DSP Effects Plugin Module/Creative Technology Ltd)                                                                                [MANUAL] CTERFXFX.DLL
Service  C:\WINDOWS\system32\CTEXFIFX.DLL (Creative XFi Effects/Creative Technology Ltd.)                                                                                           [MANUAL] CTEXFIFX.DLL
Service  C:\WINDOWS\system32\CTHWIUT.DLL (Creative Utility Effects/Creative Technology Ltd.)                                                                                        [MANUAL] CTHWIUT.DLL
Service  C:\WINDOWS\system32\drivers\ctprxy2k.sys (Creative Proxy Device Driver (WDM)/Creative Technology Ltd)                                                                      [MANUAL] ctprxy2k
Service  C:\WINDOWS\system32\CTSBLFX.DLL (Creative SB FX Plug-in/Creative Technology Ltd)                                                                                           [MANUAL] CTSBLFX.DLL
Service  C:\WINDOWS\system32\drivers\ctsfm2k.sys (SoundFont(R) Manager (WDM)/Creative Technology Ltd)                                                                               [MANUAL] ctsfm2k
Service  C:\WINDOWS\system32\Drivers\DgiVecp.sys (Windows 2k,XP IEEE-1284 parallel class driver for ECP, Byte, and Nibble modes/Samsung Electronics Co., Ltd.)                      [AUTO] DgiVecp
Service  C:\WINDOWS\system32\DRIVERS\e1e5132.sys (Intel(R) PRO/1000 Adapter NDIS 5.2 deserialized driver/Intel Corporation)                                                         [MANUAL] e1express
Service  C:\WINDOWS\System32\Drivers\ElbyCDFL.sys (ElbyCDIO Filter Driver/SlySoft, Inc.)                                                                                            [MANUAL] ElbyCDFL
Service  C:\WINDOWS\System32\Drivers\ElbyCDIO.sys (ElbyCD Windows NT/2000/XP I/O driver/Elaborate Bytes AG)                                                                         [AUTO] ElbyCDIO
Service  C:\WINDOWS\System32\Drivers\ElbyDelay.sys (Elby Delay Lower Filter Driver/Elaborate Bytes AG)                                                                              [MANUAL] ElbyDelay
Service  C:\WINDOWS\system32\drivers\emupia2k.sys (E-mu Plug-in Architecture Driver (WDM)/Creative Technology Ltd)                                                                  [MANUAL] emupia
Service  C:\MAGIX\Common\Database\bin\fbserver.exe (Firebird SQL Server/The Firebird Project)                                                                                       [MANUAL] FirebirdServerMAGIXInstance
Service  C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys (CD DVD Filter/GEAR Software Inc.)                                                                                             [MANUAL] GEARAspiWDM
Service  C:\WINDOWS\system32\drivers\ha20x2k.sys (Creative 20X HAL (WDM)/Creative Technology Ltd)                                                                                   [MANUAL] ha20x2k
Service  C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe (IDriverT Module/Macrovision Corporation)                                                    [MANUAL] IDriverT
Service  C:\Programme\iPod\bin\iPodService.exe (iPodService Module (32-bit)/Apple Inc.)                                                                                             [MANUAL] iPod Service
Service  C:\WINDOWS\system32\DRIVERS\lirsgt.sys                                                                                                                                     [AUTO] lirsgt
Service                                                                                                                                                                             MSDTC Bridge 3.0.0.0
Service  C:\WINDOWS\system32\DRIVERS\nv4_mini.sys (NVIDIA Compatible Windows 2000 Miniport Driver, Version 178.24 /NVIDIA Corporation)                                              [MANUAL] nv
Service  C:\WINDOWS\system32\nvsvc32.exe (NVIDIA Driver Helper Service, Version 178.24/NVIDIA Corporation)                                                                          [AUTO] NVSvc
Service  C:\WINDOWS\system32\drivers\ctoss2k.sys (Creative OS Services Driver (WDM)/Creative Technology Ltd.)                                                                       [MANUAL] ossrv
Service  C:\WINDOWS\system32\DRIVERS\ptilink.sys (Parallel Technologies DirectParallel IO Library/Parallel Technologies, Inc.)                                                      [MANUAL] Ptilink
Service  C:\WINDOWS\System32\Drivers\PxHelp20.sys (Px Engine Device Driver for Windows 2000/XP/Sonic Solutions)                                                                     [BOOT] PxHelp20
Service  C:\Programme\SUPERAntiSpyware\SASDIFSV.SYS (SASDIFSV.SYS/SUPERAdBlocker.com and SUPERAntiSpyware.com)                                                                      [SYSTEM] SASDIFSV
Service  C:\Programme\SUPERAntiSpyware\SASENUM.SYS (SASENUM.SYS/ SUPERAdBlocker.com and SUPERAntiSpyware.com)                                                                       [MANUAL] SASENUM
Service  C:\Programme\SUPERAntiSpyware\SASKUTIL.sys (SASKUTIL.SYS/SUPERAdBlocker.com and SUPERAntiSpyware.com)                                                                      [SYSTEM] SASKUTIL
Service  C:\WINDOWS\system32\DRIVERS\SE26bus.sys (Sony Ericsson Device 038 Driver Driver/MCCI)                                                                                      [MANUAL] SE26bus
Service  C:\WINDOWS\system32\DRIVERS\SE26mdfl.sys (Sony Ericsson Device 038 USB WMC Modem Filter Driver/MCCI)                                                                       [MANUAL] SE26mdfl
Service  C:\WINDOWS\system32\DRIVERS\SE26mdm.sys (Sony Ericsson Device 038 USB WMC Modem WDM Driver/MCCI)                                                                           [MANUAL] SE26mdm
Service  C:\WINDOWS\system32\DRIVERS\SE26mgmt.sys (Sony Ericsson Device 038 USB WMC Device Management Driver/MCCI)                                                                  [MANUAL] SE26mgmt
Service  C:\WINDOWS\system32\DRIVERS\se26nd5.sys (Sony Ericsson Device 038 USB Ethernet Emulation (NDIS 5 Miniport)/MCCI)                                                           [MANUAL] se26nd5
Service  C:\WINDOWS\system32\DRIVERS\SE26obex.sys (Sony Ericsson Device 038 USB WMC OBEX Interface Device Driver/MCCI)                                                              [MANUAL] SE26obex
Service  C:\WINDOWS\system32\DRIVERS\se26unic.sys (Sony Ericsson Device 038 USB Ethernet Emulation/MCCI)                                                                            [MANUAL] se26unic
Service  C:\WINDOWS\system32\DRIVERS\secdrv.sys                                                                                                                                     [MANUAL] Secdrv
Service  C:\Programme\PC Connectivity Solution\ServiceLayer.exe (ServiceLayer Module/Nokia.)                                                                                        [MANUAL] ServiceLayer
Service                                                                                                                                                                             ServiceModelEndpoint 3.0.0.0
Service                                                                                                                                                                             ServiceModelOperation 3.0.0.0
Service                                                                                                                                                                             ServiceModelService 3.0.0.0
Service  C:\WINDOWS\system32\DRIVERS\Si3114r5.sys (SATA SoftRAID 5 miniport driver/Silicon Image, Inc)                                                                              [BOOT] Si3114r5
Service  C:\WINDOWS\system32\DRIVERS\SiWinAcc.sys (Windows Accelerator Driver/Silicon Image, Inc.)                                                                                  [BOOT] SiFilter
Service                                                                                                                                                                             SMSvcHost 3.0.0.0
Service  C:\WINDOWS\system32\ZoneLabs\srescan.sys (srescan/Zone Labs, LLC)                                                                                                          [BOOT] srescan
Service  C:\WINDOWS\system32\DRIVERS\ssmdrv.sys (AVIRA SnapShot Driver/Avira GmbH)                                                                                                  [MANUAL] ssmdrv
Service  C:\WINDOWS\system32\Drivers\SSPORT.sys                                                                                                                                     [AUTO] SSPORT
Service  C:\WINDOWS\System32\Drivers\usbaapl.sys (Apple Mobile Device USB Driver/Apple, Inc.)                                                                                       [MANUAL] USBAAPL
Service  C:\WINDOWS\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)                                                                                                 [SYSTEM] vsdatant
Service  C:\WINDOWS\system32\ZoneLabs\vsmon.exe (TrueVector Service/Zone Labs, LLC)                                                                                                 [AUTO] vsmon
Service                                                                                                                                                                             Windows Workflow Foundation 3.0.0.0

---- EOF - GMER 1.0.15 ----
         

Alt 27.11.2009, 19:09   #15
Rivfader
 
Zwei Probleme: TR/PCK.tdss.Z.230 in system32\tdlclk.dll sowie TR/Crypt.ZPACK.Gen... - Standard

Zwei Probleme: TR/PCK.tdss.Z.230 in system32\tdlclk.dll sowie TR/Crypt.ZPACK.Gen...



... und hier die OTL.txt!

Teil 1:

Code:
ATTFilter
OTL logfile created on: 27.11.2009 19:51:55 - Run 3
OTL by OldTimer - Version 3.1.11.0     Folder = C:\Dokumente und Einstellungen\***\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,50 Gb Available Physical Memory | 75,05% Memory free
3,85 Gb Paging File | 3,48 Gb Available in Paging File | 90,58% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 232,88 Gb Total Space | 62,99 Gb Free Space | 27,05% Space Free | Partition Type: NTFS
Drive D: | 3,19 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive L: | 279,39 Gb Total Space | 39,64 Gb Free Space | 14,19% Space Free | Partition Type: FAT32
 
Computer Name: NAME-669645BBA2
Current User Name: ***
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan
 
========== Processes (SafeList) ==========
 
PRC - [2009.11.26 18:04:40 | 00,532,992 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Florian Störzer\Desktop\OTL.exe
PRC - [2009.10.28 20:21:26 | 00,141,600 | ---- | M] (Apple Inc.) -- C:\Programme\iTunes\iTunesHelper.exe
PRC - [2009.10.28 20:21:14 | 00,545,568 | ---- | M] (Apple Inc.) -- C:\Programme\iPod\bin\iPodService.exe
PRC - [2009.07.21 14:34:28 | 00,185,089 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2009.05.29 12:41:26 | 00,144,712 | ---- | M] (Apple Inc.) -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2009.05.13 16:48:18 | 00,108,289 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2009.03.02 13:08:43 | 00,209,153 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2008.12.12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Programme\Bonjour\mDNSResponder.exe
PRC - [2008.10.07 13:33:00 | 00,163,908 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe
PRC - [2008.03.07 18:24:18 | 00,417,792 | ---- | M] (Creative Technology Ltd) -- C:\Programme\Creative\Shared Files\CTAudSvc.exe
PRC - [2008.02.20 19:58:46 | 00,019,968 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\Ctxfihlp.exe
PRC - [2008.02.20 19:58:44 | 00,019,456 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\CtHelper.exe
PRC - [2008.02.20 19:55:12 | 00,969,216 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\CTxfispi.exe
PRC - [2007.02.01 10:13:06 | 00,094,208 | ---- | M] (Creative Technology Ltd.) -- C:\Programme\Creative\ShareDLL\CADI\NotiMan.exe
PRC - [2006.12.15 03:23:27 | 00,075,520 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Java\jre1.5.0_11\bin\jusched.exe
PRC - [2006.11.06 14:21:10 | 00,210,432 | ---- | M] (Nokia.) -- C:\Programme\PC Connectivity Solution\ServiceLayer.exe
PRC - [2006.05.10 13:42:32 | 00,872,448 | R--- | M] (Sony Ericsson Mobile Communications AB) -- C:\Programme\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
PRC - [2005.08.10 08:54:34 | 00,385,024 | R--- | M] (Teleca Software Solutions) -- C:\Programme\Gemeinsame Dateien\Teleca Shared\Generic.exe
PRC - [2005.07.11 11:34:06 | 00,122,880 | ---- | M] (Creative Technology Ltd) -- C:\Programme\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe
PRC - [2005.06.16 18:25:28 | 00,049,152 | ---- | M] (Creative Technology Ltd.) -- C:\Programme\Creative\Shared Files\Module Loader\DLLML.exe
PRC - [2005.06.16 18:25:28 | 00,049,152 | ---- | M] (Creative Technology Ltd.) -- C:\Programme\Creative\Shared Files\Module Loader\DLLML.exe
PRC - [2005.04.07 19:46:59 | 01,035,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2005.01.28 01:36:00 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wdfmgr.exe
PRC - [2004.12.02 18:23:34 | 00,102,400 | ---- | M] (Creative Technology Ltd) -- C:\Programme\Creative\MediaSource\Detector\CTDetect.exe
PRC - [2004.08.04 13:00:00 | 00,013,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wscntfy.exe
PRC - [2004.06.16 06:03:04 | 00,081,920 | ---- | M] (InstallShield Software Corporation) -- C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe
PRC - [2004.05.06 15:47:22 | 01,159,168 | ---- | M] (Nokia Mobile Phones Ltd.) -- C:\Programme\Gemeinsame Dateien\PCSuite\DataLayer\DataLayer.exe
PRC - [2004.03.23 12:20:24 | 00,147,968 | ---- | M] () -- C:\Programme\Nokia\Nokia PC Suite 6\TrayApplication.exe
PRC - [2003.06.18 01:00:00 | 00,045,056 | ---- | M] (Creative Technology Ltd) -- C:\Programme\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.exe
PRC - [2001.06.12 09:20:24 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Hardware\Keyboard\type32.exe
PRC - [1999.12.13 02:01:00 | 00,044,032 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\CTSVCCDA.EXE
 
 
========== Modules (SafeList) ==========
 
MOD - [2009.11.26 18:04:40 | 00,532,992 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\***\Desktop\OTL.exe
MOD - [2008.02.20 19:58:42 | 00,008,704 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\ctagent.dll
MOD - [2006.08.25 08:46:46 | 01,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2009.10.28 20:21:14 | 00,545,568 | ---- | M] (Apple Inc.) -- C:\Programme\iPod\bin\iPodService.exe -- (iPod Service)
SRV - [2009.07.21 14:34:28 | 00,185,089 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2009.05.29 12:41:26 | 00,144,712 | ---- | M] (Apple Inc.) -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2009.05.13 16:48:18 | 00,108,289 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2008.12.12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Programme\Bonjour\mDNSResponder.exe -- (Bonjour Service)
SRV - [2008.10.07 13:33:00 | 00,163,908 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe -- (NVSvc)
SRV - [2008.03.07 18:24:18 | 00,417,792 | ---- | M] (Creative Technology Ltd) -- C:\Programme\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService)
SRV - [2006.11.06 14:21:10 | 00,210,432 | ---- | M] (Nokia.) -- C:\Programme\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2006.08.23 23:38:26 | 00,075,768 | ---- | M] (Zone Labs, LLC) -- C:\WINDOWS\System32\ZoneLabs\vsmon.exe -- (vsmon)
SRV - [2005.08.10 13:26:14 | 01,527,900 | ---- | M] (The Firebird Project) -- C:\MAGIX\Common\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance)
SRV - [2005.04.04 00:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2005.01.28 01:36:00 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wdfmgr.exe -- (UMWdf)
SRV - [1999.12.13 02:01:00 | 00,044,032 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\CTSVCCDA.EXE -- (Creative Service for CDROM Access)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://de.yahoo.com/fsc/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.selectedEngine: "Google"
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Components: C:\Programme\Mozilla Firefox\components [2009.11.07 10:15:47 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2009.11.07 10:15:47 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.23\extensions\\Components: C:\Programme\Mozilla Thunderbird\components [2009.09.13 08:45:55 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.23\extensions\\Plugins: C:\Programme\Mozilla Thunderbird\plugins [2009.09.13 08:45:55 | 00,000,000 | ---D | M]
 
[2008.08.26 21:16:59 | 00,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Florian Störzer\Anwendungsdaten\Mozilla\Extensions
[2009.10.29 07:04:52 | 00,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Florian Störzer\Anwendungsdaten\Mozilla\Firefox\Profiles\7eubkk0c.default\extensions
[2009.11.14 09:26:07 | 00,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions
[2007.12.21 03:00:00 | 00,144,720 | ---- | M] (RealNetworks, Inc.) -- C:\Programme\Mozilla Firefox\plugins\nppl3260.dll
[2007.12.21 03:00:00 | 00,081,920 | ---- | M] (RealNetworks, Inc.) -- C:\Programme\Mozilla Firefox\plugins\nprpjplug.dll
[2009.08.19 17:25:35 | 00,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2009.08.19 17:25:35 | 00,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2009.08.19 17:25:35 | 00,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2009.09.13 10:21:25 | 00,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2009.08.19 17:25:35 | 00,000,801 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: (820 bytes) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Yahoo! Companion BHO) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Programme\Yahoo!\Companion\Installs\cpn\ycomp5_3_19_0.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.5.0_11\bin\ssv.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (Yahoo! Companion) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\ycomp5_3_19_0.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Companion) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\ycomp5_3_19_0.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [Adobe Photo Downloader] C:\Programme\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AnyDVD] C:\Programme\SlySoft\AnyDVD\AnyDVD.exe (SlySoft, Inc.)
O4 - HKLM..\Run: [AudioDrvEmulator] C:\Programme\Creative\Shared Files\Module Loader\DLLML.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [CloneCDTray] C:\Programme\SlySoft\CloneCD\CloneCDTray.exe (SlySoft, Inc.)
O4 - HKLM..\Run: [CTDVDDET] C:\Programme\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE (Creative Technology Ltd)
O4 - HKLM..\Run: [CTHelper] C:\WINDOWS\System32\CtHelper.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [CTxfiHlp] C:\WINDOWS\System32\Ctxfihlp.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [DataLayer] C:\Programme\Gemeinsame Dateien\PCSuite\DataLayer\DataLayer.exe (Nokia Mobile Phones Ltd.)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [IntelliType] C:\Programme\Microsoft Hardware\Keyboard\type32.exe (Microsoft Corporation)
O4 - HKLM..\Run: [ISUSPM Startup] C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\ISUSPM.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [ISUSScheduler] C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [iTunesHelper] C:\Programme\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [ Malwarebytes Anti-Malware  (reboot)] C:\Programme\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe ()
O4 - HKLM..\Run: [Muscbrigade] c:\Musicbrigade\Musicbrigade.exe ( )
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [PCCloneEX] C:\Programme\PCCloneEX\PCCloneEX.EXE ()
O4 - HKLM..\Run: [PCSuiteTrayApplication] C:\Programme\Nokia\Nokia PC Suite 6\TrayApplication.exe ()
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [QuickTime Task] C:\Programme\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [RCSystem] C:\Programme\Creative\Shared Files\Module Loader\DLLML.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [Samsung PanelMgr] C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe ()
O4 - HKLM..\Run: [Sony Ericsson PC Suite] C:\Programme\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe (Sony Ericsson Mobile Communications AB)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre1.5.0_11\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [UpdReg] C:\WINDOWS\Updreg.EXE (Creative Technology Ltd.)
O4 - HKLM..\Run: [VolPanel] C:\Programme\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [WinampAgent] C:\Programme\Winamp\winampa.exe ()
O4 - HKLM..\Run: [Zone Labs Client] C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe (Zone Labs, LLC)
O4 - HKCU..\Run: [Creative Detector] C:\Programme\Creative\MediaSource\Detector\CTDetect.exe (Creative Technology Ltd)
O4 - HKCU..\Run: [EA Core] C:\Programme\Electronic Arts\EA Downloader\Core.exe (Electronic Arts)
O4 - HKCU..\Run: [fsc-reg] C:\windows\fscreg.exe (Fujitsu Siemens Computers)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Adobe Reader - Schnellstart.lnk = C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\WISO Mein Sparbuch heute.lnk = C:\Programme\WISO\Sparbuch 2009\meinsparbuchheute.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_11\bin\NPJPI150_11.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Programme\Yahoo!\Messenger\YPager.exe (Yahoo! Inc.)
O9 - Extra 'Tools' menuitem : Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Programme\Yahoo!\Messenger\YPager.exe (Yahoo! Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1256376449531 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab (Java Plug-in 1.5.0_11)
O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab (Java Plug-in 1.5.0_10)
O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab (Java Plug-in 1.5.0_11)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab (Java Plug-in 1.5.0_11)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\cetihpz {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Programme\HP\hpcoretech\comp\hpuiprot.dll (Hewlett-Packard Company)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Programme\SUPERAntiSpyware\SASWINLO.dll - C:\Programme\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O27 - HKLM IFEO\chrome.exe: Debugger - C:\Programme\Internet Explorer\iexplore.exe (Microsoft Corporation)
O27 - HKLM IFEO\navigator.exe: Debugger - C:\Programme\Internet Explorer\iexplore.exe (Microsoft Corporation)
O27 - HKLM IFEO\opera.exe: Debugger - C:\Programme\Internet Explorer\iexplore.exe (Microsoft Corporation)
O27 - HKLM IFEO\safari.exe: Debugger - C:\Programme\Internet Explorer\iexplore.exe (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Programme\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.11.16 16:23:51 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2009.08.06 13:50:50 | 00,218,376 | R--- | M] () - D:\AutoStarter.exe -- [ CDFS ]
O32 - AutoRun File - [2009.07.20 14:07:04 | 00,003,496 | R--- | M] () - D:\autorun.inf -- [ CDFS ]
O32 - AutoRun File - [2009.08.17 11:14:02 | 00,000,000 | R--D | M] - D:\autostarter -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck) -  File not found
O34 - HKLM BootExecute: (*) -  File not found
O35 - comfile [open] -- "%1" %* File not found
O35 - exefile [open] -- "%1" %* File not found
 
NetSvcs: 6to4 -  File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2006.11.16 17:15:34 | 00,000,000 | ---D | M]
NetSvcs: Iprip -  File not found
NetSvcs: Irmon -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: Wmi - C:\WINDOWS\system32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp -  File not found
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point (16891947461378048)
         

Antwort

Themen zu Zwei Probleme: TR/PCK.tdss.Z.230 in system32\tdlclk.dll sowie TR/Crypt.ZPACK.Gen...
anleitung, antivir, antivir meldet, c:\windows, ccleaner, dateien, entfernen, folge, folgende, gelöscht, infizierte, infizierte dateien, löschen, malwarebytes, meldet, meldung, pop-ups, probleme, quarantäne, rechner, seite, suche, system, system32, tr/pck.tdss.z.230, umleiten, unbekannte, verseucht, windows



Ähnliche Themen: Zwei Probleme: TR/PCK.tdss.Z.230 in system32\tdlclk.dll sowie TR/Crypt.ZPACK.Gen...


  1. TR/Crypt.ZPACK.GEN8 in C:\Windows\System32\wmidxu.dll durch Avira gefunden und isoliert
    Plagegeister aller Art und deren Bekämpfung - 23.01.2013 (21)
  2. TR/Crypt.ZPACK.Gen2 in C:\WINDOWS\system32\jpgvve4z.dll
    Log-Analyse und Auswertung - 15.04.2012 (14)
  3. TR/Crypt.zpack.gen2 und TR/Atraps.Gen in C:\Windows\System32
    Log-Analyse und Auswertung - 06.04.2012 (10)
  4. TR/Crypt.ZPACK.Gen2 in C:\WINDOWS\system32\jpglkaly.dll
    Plagegeister aller Art und deren Bekämpfung - 04.04.2012 (3)
  5. Befall TR/Crypt.ZPACK.Gen sowie Agent.AO.205 und Agent.AO.223
    Log-Analyse und Auswertung - 26.12.2010 (6)
  6. TR/Crypt.ZPACK.Gen sowie -Gen2
    Plagegeister aller Art und deren Bekämpfung - 13.12.2010 (18)
  7. TR/Crypt.ZPACK.Gen in C:\WINDOWS\system32\drivers\gyhmiej.sys und TR/Autorun.AJH bzw .INF.184
    Plagegeister aller Art und deren Bekämpfung - 21.08.2010 (25)
  8. TR/Crypt.ZPACK.Gen - in system32/drivers
    Plagegeister aller Art und deren Bekämpfung - 23.06.2010 (3)
  9. TR/Crypt.ZPACK.Gen in C:\WINDOWS\system32\drivers\dbjrhi.sys
    Plagegeister aller Art und deren Bekämpfung - 22.06.2010 (12)
  10. TR/Crypt.ZPACK.Gen in C:\windows\system32\msekgh.exe
    Plagegeister aller Art und deren Bekämpfung - 02.03.2010 (5)
  11. PCK.Tdss.Z.230 und Crypt.ZPACK.Gen Trojaner Befall
    Log-Analyse und Auswertung - 03.02.2010 (8)
  12. Trojaner TR/PCK.Tdss.Z.230 Datei tdlclk.dll
    Plagegeister aller Art und deren Bekämpfung - 12.12.2009 (44)
  13. Trojaner C:\WINDOWS\SYSTEM32\tdlclk.dll loswerden.
    Plagegeister aller Art und deren Bekämpfung - 12.12.2009 (1)
  14. TR/PCK.tdss.Z.230 in system32\tdlclk.dll
    Log-Analyse und Auswertung - 11.12.2009 (35)
  15. TR/PCK.tdss.Z.230 in system32\tdlclk.dll entdeckt
    Log-Analyse und Auswertung - 25.11.2009 (1)
  16. TR/Crypt.ZPACK.Gen in System32
    Plagegeister aller Art und deren Bekämpfung - 01.11.2009 (3)
  17. 'TR/Crypt.ZPACK.Gen' in der Datei 'C:\WINDOWS\System32\twext.exe'
    Plagegeister aller Art und deren Bekämpfung - 31.08.2009 (2)

Zum Thema Zwei Probleme: TR/PCK.tdss.Z.230 in system32\tdlclk.dll sowie TR/Crypt.ZPACK.Gen... - Hallo allerseits, seit einigen Tagen plagen mich zwei Probleme: AntiVir meldet ständig folgende beide Funde: TR/PCK.tdss.Z.230 in C:\Windows\System32\tdlclk.dll TR/Crypt.ZPACK.Gen in C:\Windows\System32\tdlcmd.dll Nach Quarantäne bzw. Löschen in AntiVir treten die beide - Zwei Probleme: TR/PCK.tdss.Z.230 in system32\tdlclk.dll sowie TR/Crypt.ZPACK.Gen......
Archiv
Du betrachtest: Zwei Probleme: TR/PCK.tdss.Z.230 in system32\tdlclk.dll sowie TR/Crypt.ZPACK.Gen... auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.