Hacker schreibt auf meinem Pc mit mir! 8 Viren (z.B. DR/Zwangi.Cp) gefunden!

cosinus · 28.04.2010, 19:42

Das sieht unauffällig aus. Kriegste das mit GMER auch noch hin?

Siren · 28.04.2010, 19:44

Das ist eine gute Nachricht!

Ich probiers nochmal, aber versprechen kann ich nichts.

Meld mich dann gleich wieder.

Gruß,

Siren

Siren · 28.04.2010, 20:25

Soo.

Ich habs noch 2 mal probiert,aber immer das Gleiche.
Er startet ganz kurz das Programm, dann hakt der PC und er macht garnichts.
Wieder "Stopp" gedrükt,und dann ist er endgültig abgestürzt. ^^
Gibts vll. ne Alternative zu GMER?

Gruß

cosinus · 28.04.2010, 20:46

Dann probier sonst mal RootRepeal wenn GMER nich will.

rootrepeal auf dem Desktop speichern, in einen eigenen Ordner entpacken und ausführen
Klicke auf den Reiter Report und dann auf den Button Scan.
Mache einen Haken bei den folgenden Elementen und klicke Ok.

Code:

ATTFilter

Drivers
Files
Processes
SSDT
Stealth Objects
Hidden Services
Shadow SSDT

Im Anschluss wirst Du gefragt, welche Laufwerke gescannt werden sollen.
Wähle C:\ und klicke wieder Ok.
Der Suchlauf beginnt automatisch, es wird eine Weile dauern, bitte Geduld.
Wenn der Suchlauf beendet ist, klicke auf Save Report.
Speichere das Logfile als RootRepeal.txt auf dem Desktop.
Kopiere den Inhalt hier in den Thread.

Siren · 29.04.2010, 14:08

Tagchen

Hab jetzt den RootRepeal-Scan gemacht, hier die Ergebnisse.

ROOTREPEAL (c) AD, 2007-2009
==================================================
Scan Start Time: 2010/04/29 14:02
Program Version: Version 1.3.5.0
Windows Version: Windows Vista SP1
==================================================

Drivers
-------------------
Name: dump_dumpata.sys
Image Path: C:\Windows\System32\Drivers\dump_dumpata.sys
Address: 0x90239000 Size: 45056 File Visible: No Signed: -
Status: -

Name: dump_msahci.sys
Image Path: C:\Windows\System32\Drivers\dump_msahci.sys
Address: 0x90244000 Size: 40960 File Visible: No Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\Windows\system32\drivers\rootrepeal.sys
Address: 0xA1FCC000 Size: 49152 File Visible: No Signed: -
Status: -

Name: spij.sys
Image Path: C:\Windows\System32\Drivers\spij.sys
Address: 0x80693000 Size: 1052672 File Visible: No Signed: -
Status: -

Name: sptd
Image Path: \Driver\sptd
Address: 0x00000000 Size: 0 File Visible: No Signed: -
Status: -

Hidden/Locked Files
-------------------
Path: C:\hiberfil.sys
Status: Locked to the Windows API!

Path: C:\System Volume Information\{14431315-332e-11df-aae0-00235a89b724}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{1443131e-332e-11df-aae0-00235a89b724}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{1443132c-332e-11df-aae0-00235a89b724}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{aff3ce5e-3b35-11df-8107-00235a89b724}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{aff3ceb9-3b35-11df-8107-00235a89b724}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{aff3cefb-3b35-11df-8107-00235a89b724}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{aff3cf02-3b35-11df-8107-00235a89b724}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{aff3cf17-3b35-11df-8107-00235a89b724}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{aff3cf31-3b35-11df-8107-00235a89b724}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{aff3cf47-3b35-11df-8107-00235a89b724}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{aff3cf87-3b35-11df-8107-00235a89b724}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{aff3ce4f-3b35-11df-8107-00235a89b724}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{3a48b609-51fc-11df-93f3-00235a89b724}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{a43aeca9-52e1-11df-98ff-00235a89b724}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{aff3cdb1-3b35-11df-8107-00235a89b724}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{aff3cde5-3b35-11df-8107-00235a89b724}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{aff3cdfe-3b35-11df-8107-00235a89b724}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{aff3ce2f-3b35-11df-8107-00235a89b724}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\Program Files\Windows Media Player\Network Sharing\RENDER~1.XML
Status: Locked to the Windows API!

Path: C:\Windows\System32\wbem\PRINTF~1.MOF
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.mfcloc_1fc8b3b9a1e18e3b_9.0.30729.1_none_da4695fc507e16e1.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.atl_1fc8b3b9a1e18e3b_9.0.30729.1_none_81c25f21d3d46d84.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.4053_none_03ca5532205cb096.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.atl_1fc8b3b9a1e18e3b_9.0.30729.4148_none_f0efb442f8a0f46c.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.openmp_1fc8b3b9a1e18e3b_8.0.50727.4053_none_3b0e32bdc9afe437.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.msxml2_6bd6b9abf345378f_4.20.9818.0_none_b7e811947b297f6d.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.atl_1fc8b3b9a1e18e3b_9.0.30729.4148_none_51ca66a2bbe76806.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.mfcloc_1fc8b3b9a1e18e3b_9.0.30729.1_none_818f59bf601aa775.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4053_none_d08d7da0442a985d.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.openmp_1fc8b3b9a1e18e3b_8.0.50727.4053_none_6b86c0e9b0196766.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.4053_none_4ddfc6cd11929a02.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.4053_none_cbf21254470d8752.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.mfc_1fc8b3b9a1e18e3b_9.0.30729.1_none_dcc7eae99ad0d9cf.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.mfc_1fc8b3b9a1e18e3b_9.0.30729.1_none_7dd1e0ebd6590e0b.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.4053_none_d1c738ec43578ea1.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.4053_none_49ef489714173a89.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.msxml2r_6bd6b9abf345378f_4.1.0.0_none_3658456fda6654f6.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.4053_none_4db266e67dd280ef.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.1_none_e163563597edeada.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4053_none_516e2e610f48bda6.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.1_none_8550c6b5d18a9128.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.atl_1fc8b3b9a1e18e3b_9.0.30729.1_none_e29d1181971ae11e.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Manifests\ab5212c08b080c18511d0f344aedd3cbb0cfda87bc12ac2bb88e9f8ef7635b5e.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Manifests\1154a0dd8ec7062351d700a2d07b3bb5154c840bfc84077d20f6947d1e08bb6f.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Manifests\611281d2ae7e5728e1298dcbf5aa626dad5a5a746964c9c425d183f86d0289de.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Manifests\534cf013667c78b2ecf44e00183c95e4c2336f1e150a38452cd7e61ec2a73bfc.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Manifests\17187dd8585ec10ff914a12b3996436e3822c0d7ab634fd243562bf6b0a10711.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Manifests\935df4549e21123a2efb986a707f54475380a037519679510e4b4dfc4bdb5767.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Manifests\74ff96d7d46907976c63c8c8e3a7457e950c6fd8a7661600aab23382051de0e0.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Manifests\a768d09fe494b7325cb036213b4704e844529604bd7621580cc69b6c76e3baa8.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Manifests\a951d53950c367acc37622f0dd619a954df5de2c4ec40296e6636605aa33714a.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Manifests\2d3cb7907b1336ea5889a2b731d5e97ad40903a4efd2287c1c117bc30f208f46.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Manifests\3dd5a727f2a1142223c6d9a7bff73ae7676aac714a4da8192f66123045b11c41.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Manifests\bd83dce340498e7c363093c2fc74dfb58e1ec17770453905172c7471fadd9333.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Manifests\dd72f7ab2def5f75f58d01b24643b308750c38685daaed50bcddf61c18460dee.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Manifests\d14225a52543aa5a9605b00dd7574812bf89c605ebc73a9730e1e386bfc965f8.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Manifests\d5ecf2ab9387e082648bbcccd6eceb9d67b096939150833d0ae3066b3a1a676e.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Manifests\91ca50cec42075fff02b366323bf3b45d2053b24544bd12b622b65621bd0edd5.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Manifests\f7bf65ca621d8ad32ead1500a08827be239d0f49d83dc20dabf57d2eb17adbd7.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Manifests\ae866863bd234bc6fd016eab6d40c7fc996cb58ab511179d087596835c8182ab.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Manifests\be665d05f40feae483878d15c39e6fff25800f58d7364b309a49983afcd19841.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Manifests\ec6ab08cec3c4a5939ec1a58eda071d547416f00bee0e337715c0e20fbe1e1bf.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Manifests\610730c853431925508643e33960e750427cd10c421d9ddced230f74ec671e4b.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Manifests\b643d2bc101b4fb5e41380ec953ffef572cd8c97f43c6cff8fa6b4538e188ba0.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Manifests\5ba439378027b451247f04ae2a57f0cfe7c12eb038148c7ce49ae9af2ee3822b.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Manifests\88b03fe13d2710ad787d5d96cd0e5cbeda3a61c2a0a2bdc0c0984a48365242e2.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Manifests\26340819d2ef86080d9001c6f2737d70fd6602ddf4b86b6c26b326ef81cc3342.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Manifests\ef483ae0673e2975dd4224fe26749623c1c702b8b3fded10161417459e1771a7.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\msil_system.servicemodel.resources_b77a5c561934e089_6.0.6000.16716_de-de_25025fdedb611a73\SYSTEM~1.DLL
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\msil_system.servicemodel.resources_b77a5c561934e089_6.0.6000.20876_de-de_0e3abadaf5031283\SYSTEM~1.DLL
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\msil_system.servicemodel.resources_b77a5c561934e089_6.0.6001.18106_de-de_24dd5b5cdbb30d73\SYSTEM~1.DLL
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\msil_system.servicemodel.resources_b77a5c561934e089_6.0.6001.22221_de-de_0e122718f5582002\SYSTEM~1.DLL
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-m..-downlevelmanifests_31bf3856ad364e35_6.0.6002.18005_none_04642e8a80bb8b27\MI2095~1.MAN
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-m..-downlevelmanifests_31bf3856ad364e35_6.0.6002.18005_none_04642e8a80bb8b27\MIC237~1.MAN
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6001.18330_none_0b49590d4f3204dd\RENDER~1.XML
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6002.22172_none_0d9028a465949c3d\RENDER~1.XML
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6000.16789_none_09360999522be962\RENDER~1.XML
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6000.16885_none_09320a57522f812d\RENDER~1.XML
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6000.16926_none_0973ec0f51fdf005\RENDER~1.XML
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6000.20976_none_09c777586b441e5d\RENDER~1.XML
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6000.21083_none_09b97eb06b4f218b\RENDER~1.XML
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6000.21125_none_09fc60b26b1ca9ba\RENDER~1.XML
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6001.18185_none_0b1847174f5614f7\RENDER~1.XML
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6001.18289_none_0b1c4a254f52777a\RENDER~1.XML
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-p..oler-filterpipeline_31bf3856ad364e35_6.0.6000.16830_none_29a6eeebde589a97\PRINTF~1.MOF
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-p..oler-filterpipeline_31bf3856ad364e35_6.0.6000.21023_none_2a3e34a2f76b9db7\PRINTF~1.MOF
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-p..oler-filterpipeline_31bf3856ad364e35_6.0.6001.18226_none_2b9dff39db71a7a1\PRINTF~1.MOF
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-p..oler-filterpipeline_31bf3856ad364e35_6.0.6001.22389_none_2be9bd5af4bd3b16\PRINTF~1.MOF
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-p..oler-filterpipeline_31bf3856ad364e35_6.0.6002.18005_none_2d991295d888a8b3\PRINTF~1.MOF
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-wcfcorecomp.resources_31bf3856ad364e35_6.0.6000.16708_en-us_9eec237d3c4b6ca7\_SERVI~3.INI
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-wcfcorecomp.resources_31bf3856ad364e35_6.0.6000.16708_en-us_9eec237d3c4b6ca7\_SERVI~1.INI
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-wcfcorecomp.resources_31bf3856ad364e35_6.0.6000.16708_en-us_9eec237d3c4b6ca7\_TRANS~1.INI
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-wcfcorecomp.resources_31bf3856ad364e35_6.0.6000.16716_de-de_f5ee7d044d774a25\9A6B6C~1.INI
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-wcfcorecomp.resources_31bf3856ad364e35_6.0.6000.20864_en-us_9f30df98559d4ebb\_SERVI~3.INI
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-wcfcorecomp.resources_31bf3856ad364e35_6.0.6000.20864_en-us_9f30df98559d4ebb\_SERVI~1.INI
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-wcfcorecomp.resources_31bf3856ad364e35_6.0.6000.20864_en-us_9f30df98559d4ebb\_TRANS~1.INI
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-wcfcorecomp.resources_31bf3856ad364e35_6.0.6000.20876_de-de_f6373a4766c59195\9A6B6C~1.INI
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-wcfcorecomp.resources_31bf3856ad364e35_6.0.6001.18096_en-us_a06f105d39bcc93c\_SERVI~3.INI
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-wcfcorecomp.resources_31bf3856ad364e35_6.0.6001.18096_en-us_a06f105d39bcc93c\_SERVI~1.INI
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-wcfcorecomp.resources_31bf3856ad364e35_6.0.6001.18096_en-us_a06f105d39bcc93c\_TRANS~1.INI
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-wcfcorecomp.resources_31bf3856ad364e35_6.0.6001.18106_de-de_f7df8b964a95bf25\9A6B6C~1.INI
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-wcfcorecomp.resources_31bf3856ad364e35_6.0.6001.22208_en-us_a15bfeee528f9d62\_SERVI~3.INI
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-wcfcorecomp.resources_31bf3856ad364e35_6.0.6001.22208_en-us_a15bfeee528f9d62\_SERVI~1.INI
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-wcfcorecomp.resources_31bf3856ad364e35_6.0.6001.22208_en-us_a15bfeee528f9d62\_TRANS~1.INI
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-wcfcorecomp.resources_31bf3856ad364e35_6.0.6001.22221_de-de_f84e871763c8181e\9A6B6C~1.INI
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-wcfcorecomp.resources_31bf3856ad364e35_6.0.6002.18005_de-de_f9c5010047bcf540\9A6B6C~1.INI
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_appdata_b03f5f7f11d50a3a_6.0.6000.16720_none_9b31bbe79077558b\GROUPE~1.XML
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_appdata_b03f5f7f11d50a3a_6.0.6000.20883_none_8469d28baa199a7e\GROUPE~1.XML
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_appdata_b03f5f7f11d50a3a_6.0.6001.18111_none_9b0ca09d90c9622c\GROUPE~1.XML
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_appdata_b03f5f7f11d50a3a_6.0.6001.22230_none_84411139aa6edb3f\GROUPE~1.XML
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_perm_res_b03f5f7f11d50a3a_6.0.6000.16720_none_4cb2b120b7498755\CREATE~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_perm_res_b03f5f7f11d50a3a_6.0.6000.16720_none_4cb2b120b7498755\MANAGE~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_perm_res_b03f5f7f11d50a3a_6.0.6000.20883_none_35eac7c4d0ebcc48\CREATE~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_perm_res_b03f5f7f11d50a3a_6.0.6000.20883_none_35eac7c4d0ebcc48\MANAGE~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_perm_res_b03f5f7f11d50a3a_6.0.6001.18111_none_4c8d95d6b79b93f6\CREATE~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_perm_res_b03f5f7f11d50a3a_6.0.6001.18111_none_4c8d95d6b79b93f6\MANAGE~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_perm_res_b03f5f7f11d50a3a_6.0.6001.22230_none_35c20672d1410d09\CREATE~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_perm_res_b03f5f7f11d50a3a_6.0.6001.22230_none_35c20672d1410d09\MANAGE~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_providers_b03f5f7f11d50a3a_6.0.6000.16720_none_7325c867d7281910\CHOOSE~1.ASP
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_providers_b03f5f7f11d50a3a_6.0.6000.16720_none_7325c867d7281910\MANAGE~1.ASP
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_providers_b03f5f7f11d50a3a_6.0.6000.16720_none_7325c867d7281910\MANAGE~2.ASP
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_providers_b03f5f7f11d50a3a_6.0.6000.20883_none_5c5ddf0bf0ca5e03\CHOOSE~1.ASP
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_providers_b03f5f7f11d50a3a_6.0.6000.20883_none_5c5ddf0bf0ca5e03\MANAGE~1.ASP
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_providers_b03f5f7f11d50a3a_6.0.6000.20883_none_5c5ddf0bf0ca5e03\MANAGE~2.ASP
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_providers_b03f5f7f11d50a3a_6.0.6001.18111_none_7300ad1dd77a25b1\CHOOSE~1.ASP
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_providers_b03f5f7f11d50a3a_6.0.6001.18111_none_7300ad1dd77a25b1\MANAGE~1.ASP
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_providers_b03f5f7f11d50a3a_6.0.6001.18111_none_7300ad1dd77a25b1\MANAGE~2.ASP
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_providers_b03f5f7f11d50a3a_6.0.6001.22230_none_5c351db9f11f9ec4\CHOOSE~1.ASP
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_providers_b03f5f7f11d50a3a_6.0.6001.22230_none_5c351db9f11f9ec4\MANAGE~1.ASP
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_providers_b03f5f7f11d50a3a_6.0.6001.22230_none_5c351db9f11f9ec4\MANAGE~2.ASP
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_prov_res_b03f5f7f11d50a3a_6.0.6000.16720_none_e1f7e8f41a7be9de\CHOOSE~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_prov_res_b03f5f7f11d50a3a_6.0.6000.16720_none_e1f7e8f41a7be9de\MANAGE~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_prov_res_b03f5f7f11d50a3a_6.0.6000.16720_none_e1f7e8f41a7be9de\MANAGE~2.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_prov_res_b03f5f7f11d50a3a_6.0.6000.16720_none_e1f7e8f41a7be9de\PROVID~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_prov_res_b03f5f7f11d50a3a_6.0.6000.20883_none_cb2fff98341e2ed1\CHOOSE~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_prov_res_b03f5f7f11d50a3a_6.0.6000.20883_none_cb2fff98341e2ed1\MANAGE~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_prov_res_b03f5f7f11d50a3a_6.0.6000.20883_none_cb2fff98341e2ed1\MANAGE~2.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_prov_res_b03f5f7f11d50a3a_6.0.6000.20883_none_cb2fff98341e2ed1\PROVID~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_prov_res_b03f5f7f11d50a3a_6.0.6001.18111_none_e1d2cdaa1acdf67f\CHOOSE~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_prov_res_b03f5f7f11d50a3a_6.0.6001.18111_none_e1d2cdaa1acdf67f\MANAGE~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_prov_res_b03f5f7f11d50a3a_6.0.6001.18111_none_e1d2cdaa1acdf67f\MANAGE~2.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_prov_res_b03f5f7f11d50a3a_6.0.6001.18111_none_e1d2cdaa1acdf67f\PROVID~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_users_res_b03f5f7f11d50a3a_6.0.6000.16720_none_b103fb905f6db0d9\MANAGE~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_users_res_b03f5f7f11d50a3a_6.0.6000.20883_none_9a3c1234790ff5cc\MANAGE~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_users_res_b03f5f7f11d50a3a_6.0.6001.18111_none_b0dee0465fbfbd7a\MANAGE~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_users_res_b03f5f7f11d50a3a_6.0.6001.22230_none_9a1350e27965368d\MANAGE~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_wizard_b03f5f7f11d50a3a_6.0.6000.16720_none_66f75d098c217f33\WIZARD~2.ASC
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_wizard_b03f5f7f11d50a3a_6.0.6000.16720_none_66f75d098c217f33\WIZARD~3.ASC
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_wizard_b03f5f7f11d50a3a_6.0.6000.16720_none_66f75d098c217f33\WIZARD~4.ASC
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_wizard_b03f5f7f11d50a3a_6.0.6000.16720_none_66f75d098c217f33\WI1344~1.ASC
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_wizard_b03f5f7f11d50a3a_6.0.6000.16720_none_66f75d098c217f33\WI5BF5~1.ASC
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_wizard_b03f5f7f11d50a3a_6.0.6000.20883_none_502f73ada5c3c426\WIZARD~2.ASC
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_wizard_b03f5f7f11d50a3a_6.0.6000.20883_none_502f73ada5c3c426\WIZARD~3.ASC
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_wizard_b03f5f7f11d50a3a_6.0.6000.20883_none_502f73ada5c3c426\WIZARD~4.ASC
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_wizard_b03f5f7f11d50a3a_6.0.6000.20883_none_502f73ada5c3c426\WI1344~1.ASC
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_wizard_b03f5f7f11d50a3a_6.0.6000.20883_none_502f73ada5c3c426\WI5BF5~1.ASC
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_wizard_b03f5f7f11d50a3a_6.0.6001.18111_none_66d241bf8c738bd4\WIZARD~2.ASC
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_wizard_b03f5f7f11d50a3a_6.0.6001.18111_none_66d241bf8c738bd4\WIZARD~3.ASC
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_wizard_b03f5f7f11d50a3a_6.0.6001.18111_none_66d241bf8c738bd4\WIZARD~4.ASC
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_wizard_b03f5f7f11d50a3a_6.0.6001.18111_none_66d241bf8c738bd4\WI1344~1.ASC
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_wizard_b03f5f7f11d50a3a_6.0.6001.18111_none_66d241bf8c738bd4\WI5BF5~1.ASC
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webmintrust_config_b03f5f7f11d50a3a_6.0.6000.16720_none_e2c358ab062e054b\WEB_MI~1.CON
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webmintrust_config_b03f5f7f11d50a3a_6.0.6000.20883_none_cbfb6f4f1fd04a3e\WEB_MI~1.CON
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webmintrust_config_b03f5f7f11d50a3a_6.0.6001.18111_none_e29e3d61068011ec\WEB_MI~1.CON
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webmintrust_config_b03f5f7f11d50a3a_6.0.6001.22230_none_cbd2adfd20258aff\WEB_MI~1.CON
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-csc_exe_config_b03f5f7f11d50a3a_6.0.6000.16720_none_879a188098bde787\CSCEXE~1.CON
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-csc_exe_config_b03f5f7f11d50a3a_6.0.6000.20883_none_70d22f24b2602c7a\CSCEXE~1.CON
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_prov_res_b03f5f7f11d50a3a_6.0.6001.22230_none_cb073e4634736f92\CHOOSE~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_prov_res_b03f5f7f11d50a3a_6.0.6001.22230_none_cb073e4634736f92\MANAGE~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_prov_res_b03f5f7f11d50a3a_6.0.6001.22230_none_cb073e4634736f92\MANAGE~2.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_prov_res_b03f5f7f11d50a3a_6.0.6001.22230_none_cb073e4634736f92\PROVID~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_roles_res_b03f5f7f11d50a3a_6.0.6001.18111_none_87ae800b19ca9087\MANAGE~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_roles_res_b03f5f7f11d50a3a_6.0.6001.18111_none_87ae800b19ca9087\MANAGE~2.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_wizard_b03f5f7f11d50a3a_6.0.6001.22230_none_5006b25ba61904e7\WIZARD~2.ASC
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_wizard_b03f5f7f11d50a3a_6.0.6001.22230_none_5006b25ba61904e7\WIZARD~3.ASC
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_wizard_b03f5f7f11d50a3a_6.0.6001.22230_none_5006b25ba61904e7\WIZARD~4.ASC
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_wizard_b03f5f7f11d50a3a_6.0.6001.22230_none_5006b25ba61904e7\WI1344~1.ASC
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_wizard_b03f5f7f11d50a3a_6.0.6001.22230_none_5006b25ba61904e7\WI5BF5~1.ASC
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-config_files_.._gacutil_exe_config_31bf3856ad364e35_6.0.6001.18111_none_9cf3b4d9d654a956\GACUTI~1.CON
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_policy.1.2.microsof..op.security.azroles_31bf3856ad364e35_6.0.6000.16386_none_ea83414c2e75b887\Microsoft.Interop.Security.AzRole s.config
Status: Locked to the Windows API!

Path: Processes
-------------------
Path: System
PID: 4 Status: Locked to the Windows API!

Path: C:\Windows\System32\audiodg.exe
PID: 1268 Status: Locked to the Windows API!

SSDT
-------------------
#: 078 Function Name: NtCreateThread
Status: Hooked by "<unknown>" at address 0x9b5b54d4

#: 194 Function Name: NtOpenProcess
Status: Hooked by "<unknown>" at address 0x9b5b54c0

#: 201 Function Name: NtOpenThread
Status: Hooked by "<unknown>" at address 0x9b5b54c5

#: 334 Function Name: NtTerminateProcess
Status: Hooked by "<unknown>" at address 0x9b5b54cf

Stealth Objects
-------------------
Object: Hidden Module [Name: msgsres.dll]
Process: msnmsgr.exe (PID: 3944) Address: 0x66610000 Size: 11403264

Object: Hidden Module [Name: msgslang.14.0.8064.0206.dll]
Process: msnmsgr.exe (PID: 3944) Address: 0x6e280000 Size: 372736

Object: Hidden Module [Name: msgrvsta.thm]
Process: msnmsgr.exe (PID: 3944) Address: 0x71420000 Size: 20480

Object: Hidden Code [Driver: Ntfs, IRP_MJ_CREATE]
Process: System Address: 0x858fa1f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_CLOSE]
Process: System Address: 0x858fa1f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_READ]
Process: System Address: 0x858fa1f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_WRITE]
Process: System Address: 0x858fa1f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0x858fa1f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_INFORMATION]
Process: System Address: 0x858fa1f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_EA]
Process: System Address: 0x858fa1f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_EA]
Process: System Address: 0x858fa1f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x858fa1f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0x858fa1f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_VOLUME_INFORMATION]
Process: System Address: 0x858fa1f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x858fa1f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System Address: 0x858fa1f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x858fa1f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SHUTDOWN]
Process: System Address: 0x858fa1f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_LOCK_CONTROL]
Process: System Address: 0x858fa1f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_CLEANUP]
Process: System Address: 0x858fa1f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_SECURITY]
Process: System Address: 0x858fa1f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_SECURITY]
Process: System Address: 0x858fa1f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_QUOTA]
Process: System Address: 0x858fa1f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_QUOTA]
Process: System Address: 0x858fa1f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_PNP]
Process: System Address: 0x858fa1f8 Size: 121

Object: Hidden Code [Driver: fastfat, IRP_MJ_CREATE]
Process: System Address: 0x88b3e1f8 Size: 121

Object: Hidden Code [Driver: fastfat, IRP_MJ_CLOSE]
Process: System Address: 0x88b3e1f8 Size: 121

Object: Hidden Code [Driver: fastfat, IRP_MJ_READ]
Process: System Address: 0x88b3e1f8 Size: 121

Object: Hidden Code [Driver: fastfat, IRP_MJ_WRITE]
Process: System Address: 0x88b3e1f8 Size: 121

Object: Hidden Code [Driver: fastfat, IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0x88b3e1f8 Size: 121

Object: Hidden Code [Driver: fastfat, IRP_MJ_SET_INFORMATION]
Process: System Address: 0x88b3e1f8 Size: 121

Object: Hidden Code [Driver: fastfat, IRP_MJ_QUERY_EA]
Process: System Address: 0x88b3e1f8 Size: 121

Object: Hidden Code [Driver: fastfat, IRP_MJ_SET_EA]
Process: System Address: 0x88b3e1f8 Size: 121

Object: Hidden Code [Driver: fastfat, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x88b3e1f8 Size: 121

Object: Hidden Code [Driver: fastfat, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0x88b3e1f8 Size: 121

Object: Hidden Code [Driver: fastfat, IRP_MJ_SET_VOLUME_INFORMATION]
Process: System Address: 0x88b3e1f8 Size: 121

Object: Hidden Code [Driver: fastfat, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x88b3e1f8 Size: 121

Object: Hidden Code [Driver: fastfat, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System Address: 0x88b3e1f8 Size: 121

Object: Hidden Code [Driver: fastfat, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x88b3e1f8 Size: 121

Object: Hidden Code [Driver: fastfat, IRP_MJ_SHUTDOWN]
Process: System Address: 0x88b3e1f8 Size: 121

Object: Hidden Code [Driver: fastfat, IRP_MJ_LOCK_CONTROL]
Process: System Address: 0x88b3e1f8 Size: 121

Object: Hidden Code [Driver: fastfat, IRP_MJ_CLEANUP]
Process: System Address: 0x88b3e1f8 Size: 121

Object: Hidden Code [Driver: fastfat, IRP_MJ_PNP]
Process: System Address: 0x88b3e1f8 Size: 121

Object: Hidden Code [Driver: udfsЃ浍楓, IRP_MJ_CREATE]
Process: System Address: 0x8a3f01f8 Size: 121

Object: Hidden Code [Driver: udfsЃ浍楓, IRP_MJ_CLOSE]
Process: System Address: 0x8a3f01f8 Size: 121

Object: Hidden Code [Driver: udfsЃ浍楓, IRP_MJ_READ]
Process: System Address: 0x8a3f01f8 Size: 121

Object: Hidden Code [Driver: udfsЃ浍楓, IRP_MJ_WRITE]
Process: System Address: 0x8a3f01f8 Size: 121

Object: Hidden Code [Driver: udfsЃ浍楓, IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0x8a3f01f8 Size: 121

Object: Hidden Code [Driver: udfsЃ浍楓, IRP_MJ_SET_INFORMATION]
Process: System Address: 0x8a3f01f8 Size: 121

Object: Hidden Code [Driver: udfsЃ浍楓, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x8a3f01f8 Size: 121

Object: Hidden Code [Driver: udfsЃ浍楓, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0x8a3f01f8 Size: 121

Object: Hidden Code [Driver: udfsЃ浍楓, IRP_MJ_SET_VOLUME_INFORMATION]
Process: System Address: 0x8a3f01f8 Size: 121

Object: Hidden Code [Driver: udfsЃ浍楓, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x8a3f01f8 Size: 121

Object: Hidden Code [Driver: udfsЃ浍楓, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System Address: 0x8a3f01f8 Size: 121

Object: Hidden Code [Driver: udfsЃ浍楓, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8a3f01f8 Size: 121

Object: Hidden Code [Driver: udfsЃ浍楓, IRP_MJ_SHUTDOWN]
Process: System Address: 0x8a3f01f8 Size: 121

Object: Hidden Code [Driver: udfsЃ浍楓, IRP_MJ_LOCK_CONTROL]
Process: System Address: 0x8a3f01f8 Size: 121

Object: Hidden Code [Driver: udfsЃ浍楓, IRP_MJ_CLEANUP]
Process: System Address: 0x8a3f01f8 Size: 121

Object: Hidden Code [Driver: udfsЃ浍楓, IRP_MJ_PNP]
Process: System Address: 0x8a3f01f8 Size: 121

Object: Hidden Code [Driver: cdrom薫, IRP_MJ_CREATE]
Process: System Address: 0x86b8a1f8 Size: 121

Object: Hidden Code [Driver: cdrom薫, IRP_MJ_CLOSE]
Process: System Address: 0x86b8a1f8 Size: 121

Object: Hidden Code [Driver: cdrom薫, IRP_MJ_READ]
Process: System Address: 0x86b8a1f8 Size: 121

Object: Hidden Code [Driver: cdrom薫, IRP_MJ_WRITE]
Process: System Address: 0x86b8a1f8 Size: 121

Object: Hidden Code [Driver: cdrom薫, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x86b8a1f8 Size: 121

Object: Hidden Code [Driver: cdrom薫, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x86b8a1f8 Size: 121

Object: Hidden Code [Driver: cdrom薫, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x86b8a1f8 Size: 121

Object: Hidden Code [Driver: cdrom薫, IRP_MJ_SHUTDOWN]
Process: System Address: 0x86b8a1f8 Size: 121

Object: Hidden Code [Driver: cdrom薫, IRP_MJ_POWER]
Process: System Address: 0x86b8a1f8 Size: 121

Object: Hidden Code [Driver: cdrom薫, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x86b8a1f8 Size: 121

Object: Hidden Code [Driver: cdrom薫, IRP_MJ_PNP]
Process: System Address: 0x86b8a1f8 Size: 121

Object: Hidden Code [Driver: atapi, IRP_MJ_CREATE]
Process: System Address: 0x858f81f8 Size: 121

Object: Hidden Code [Driver: atapi, IRP_MJ_CLOSE]
Process: System Address: 0x858f81f8 Size: 121

Object: Hidden Code [Driver: atapi, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x858f81f8 Size: 121

Object: Hidden Code [Driver: atapi, IRP_MJ_POWER]
Process: System Address: 0x858f81f8 Size: 121

Object: Hidden Code [Driver: atapi, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x858f81f8 Size: 121

Object: Hidden Code [Driver: atapi, IRP_MJ_PNP]
Process: System Address: 0x858f81f8 Size: 121

Object: Hidden Code [Driver: usbuhci舳П牄ꀰ謆垨賄, IRP_MJ_CREATE]
Process: System Address: 0x86a471f8 Size: 121

Object: Hidden Code [Driver: usbuhci舳П牄ꀰ謆垨賄, IRP_MJ_CLOSE]
Process: System Address: 0x86a471f8 Size: 121

Object: Hidden Code [Driver: usbuhci舳П牄ꀰ謆垨賄, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x86a471f8 Size: 121

Object: Hidden Code [Driver: usbuhci舳П牄ꀰ謆垨賄, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x86a471f8 Size: 121

Object: Hidden Code [Driver: usbuhci舳П牄ꀰ謆垨賄, IRP_MJ_POWER]
Process: System Address: 0x86a471f8 Size: 121

Object: Hidden Code [Driver: usbuhci舳П牄ꀰ謆垨賄, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x86a471f8 Size: 121

Object: Hidden Code [Driver: usbuhci舳П牄ꀰ謆垨賄, IRP_MJ_PNP]
Process: System Address: 0x86a471f8 Size: 121

Object: Hidden Code [Driver: Smb†І瑎湦܇$, IRP_MJ_CREATE]
Process: System Address: 0x885b51f8 Size: 121

Object: Hidden Code [Driver: Smb†І瑎湦܇$, IRP_MJ_CLOSE]
Process: System Address: 0x885b51f8 Size: 121

Object: Hidden Code [Driver: Smb†І瑎湦܇$, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x885b51f8 Size: 121

Object: Hidden Code [Driver: Smb†І瑎湦܇$, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x885b51f8 Size: 121

Object: Hidden Code [Driver: Smb†І瑎湦܇$, IRP_MJ_CLEANUP]
Process: System Address: 0x885b51f8 Size: 121

Object: Hidden Code [Driver: Smb†І瑎湦܇$, IRP_MJ_PNP]
Process: System Address: 0x885b51f8 Size: 121

Object: Hidden Code [Driver: netbt蛝, IRP_MJ_CREATE]
Process: System Address: 0x887f8500 Size: 121

Object: Hidden Code [Driver: netbt蛝, IRP_MJ_CLOSE]
Process: System Address: 0x887f8500 Size: 121

Object: Hidden Code [Driver: netbt蛝, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x887f8500 Size: 121

Object: Hidden Code [Driver: netbt蛝, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x887f8500 Size: 121

Object: Hidden Code [Driver: netbt蛝, IRP_MJ_CLEANUP]
Process: System Address: 0x887f8500 Size: 121

Object: Hidden Code [Driver: netbt蛝, IRP_MJ_PNP]
Process: System Address: 0x887f8500 Size: 121

Object: Hidden Code [Driver: iScsiPrtП牄ꀰ謆䘘趫, IRP_MJ_CREATE]
Process: System Address: 0x86a8e1f8 Size: 121

Object: Hidden Code [Driver: iScsiPrtП牄ꀰ謆䘘趫, IRP_MJ_CLOSE]
Process: System Address: 0x86a8e1f8 Size: 121

Object: Hidden Code [Driver: iScsiPrtП牄ꀰ謆䘘趫, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x86a8e1f8 Size: 121

Object: Hidden Code [Driver: iScsiPrtП牄ꀰ謆䘘趫, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x86a8e1f8 Size: 121

Object: Hidden Code [Driver: iScsiPrtП牄ꀰ謆䘘趫, IRP_MJ_POWER]
Process: System Address: 0x86a8e1f8 Size: 121

Object: Hidden Code [Driver: iScsiPrtП牄ꀰ謆䘘趫, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x86a8e1f8 Size: 121

Object: Hidden Code [Driver: iScsiPrtП牄ꀰ謆䘘趫, IRP_MJ_PNP]
Process: System Address: 0x86a8e1f8 Size: 121

Object: Hidden Code [Driver: volmgr, IRP_MJ_CREATE]
Process: System Address: 0x84b351f8 Size: 121

Object: Hidden Code [Driver: volmgr, IRP_MJ_READ]
Process: System Address: 0x84b351f8 Size: 121

Object: Hidden Code [Driver: volmgr, IRP_MJ_WRITE]
Process: System Address: 0x84b351f8 Size: 121

Object: Hidden Code [Driver: volmgr, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x84b351f8 Size: 121

Object: Hidden Code [Driver: volmgr, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x84b351f8 Size: 121

Object: Hidden Code [Driver: volmgr, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x84b351f8 Size: 121

Object: Hidden Code [Driver: volmgr, IRP_MJ_SHUTDOWN]
Process: System Address: 0x84b351f8 Size: 121

Object: Hidden Code [Driver: volmgr, IRP_MJ_CLEANUP]
Process: System Address: 0x84b351f8 Size: 121

Object: Hidden Code [Driver: volmgr, IRP_MJ_POWER]
Process: System Address: 0x84b351f8 Size: 121

Object: Hidden Code [Driver: volmgr, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x84b351f8 Size: 121

Object: Hidden Code [Driver: volmgr, IRP_MJ_PNP]
Process: System Address: 0x84b351f8 Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_CREATE]
Process: System Address: 0x86a581f8 Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_CLOSE]
Process: System Address: 0x86a581f8 Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x86a581f8 Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x86a581f8 Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_POWER]
Process: System Address: 0x86a581f8 Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x86a581f8 Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_PNP]
Process: System Address: 0x86a581f8 Size: 121

Object: Hidden Code [Driver: msahci, IRP_MJ_POWER]
Process: System Address: 0x858f91f8 Size: 121

Object: Hidden Code [Driver: msahci, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x858f91f8 Size: 121

Object: Hidden Code [Driver: msahci, IRP_MJ_PNP]
Process: System Address: 0x858f91f8 Size: 121

Object: Hidden Code [Driver: VClone, IRP_MJ_CREATE]
Process: System Address: 0x86c861f8 Size: 121

Object: Hidden Code [Driver: VClone, IRP_MJ_CLOSE]
Process: System Address: 0x86c861f8 Size: 121

Object: Hidden Code [Driver: VClone, IRP_MJ_POWER]
Process: System Address: 0x86c861f8 Size: 121

Object: Hidden Code [Driver: VClone, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x86c861f8 Size: 121

Object: Hidden Code [Driver: VClone, IRP_MJ_PNP]
Process: System Address: 0x86c861f8 Size: 121

Object: Hidden Code [Driver: mrxsmb㚸覼Ї慖⁤獀訔掠評觓䩰䫑ܠ, IRP_MJ_CREATE]
Process: System Address: 0x88b901f8 Size: 121

Object: Hidden Code [Driver: mrxsmb㚸覼Ї慖⁤獀訔掠評觓䩰䫑ܠ, IRP_MJ_CREATE_NAMED_PIPE]
Process: System Address: 0x88b901f8 Size: 121

Object: Hidden Code [Driver: mrxsmb㚸覼Ї慖⁤獀訔掠評觓䩰䫑ܠ, IRP_MJ_CLOSE]
Process: System Address: 0x88b901f8 Size: 121

Object: Hidden Code [Driver: mrxsmb㚸覼Ї慖⁤獀訔掠評觓䩰䫑ܠ, IRP_MJ_READ]
Process: System Address: 0x88b901f8 Size: 121

Object: Hidden Code [Driver: mrxsmb㚸覼Ї慖⁤獀訔掠評觓䩰䫑ܠ, IRP_MJ_WRITE]
Process: System Address: 0x88b901f8 Size: 121

Object: Hidden Code [Driver: mrxsmb㚸覼Ї慖⁤獀訔掠評觓䩰䫑ܠ, IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0x88b901f8 Size: 121

Object: Hidden Code [Driver: mrxsmb㚸覼Ї慖⁤獀訔掠評觓䩰䫑ܠ, IRP_MJ_SET_INFORMATION]
Process: System Address: 0x88b901f8 Size: 121

Object: Hidden Code [Driver: mrxsmb㚸覼Ї慖⁤獀訔掠評觓䩰䫑ܠ, IRP_MJ_QUERY_EA]
Process: System Address: 0x88b901f8 Size: 121

Object: Hidden Code [Driver: mrxsmb㚸覼Ї慖⁤獀訔掠評觓䩰䫑ܠ, IRP_MJ_SET_EA]
Process: System Address: 0x88b901f8 Size: 121

Object: Hidden Code [Driver: mrxsmb㚸覼Ї慖⁤獀訔掠評觓䩰䫑ܠ, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x88b901f8 Size: 121

Object: Hidden Code [Driver: mrxsmb㚸覼Ї慖⁤獀訔掠評觓䩰䫑ܠ, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0x88b901f8 Size: 121

Object: Hidden Code [Driver: mrxsmb㚸覼Ї慖⁤獀訔掠評觓䩰䫑ܠ, IRP_MJ_SET_VOLUME_INFORMATION]
Process: System Address: 0x88b901f8 Size: 121

Object: Hidden Code [Driver: mrxsmb㚸覼Ї慖⁤獀訔掠評觓䩰䫑ܠ, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x88b901f8 Size: 121

Object: Hidden Code [Driver: mrxsmb㚸覼Ї慖⁤獀訔掠評觓䩰䫑ܠ, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System Address: 0x88b901f8 Size: 121

Object: Hidden Code [Driver: mrxsmb㚸覼Ї慖⁤獀訔掠評觓䩰䫑ܠ, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x88b901f8 Size: 121

Object: Hidden Code [Driver: mrxsmb㚸覼Ї慖⁤獀訔掠評觓䩰䫑ܠ, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x88b901f8 Size: 121

Object: Hidden Code [Driver: mrxsmb㚸覼Ї慖⁤獀訔掠評觓䩰䫑ܠ, IRP_MJ_SHUTDOWN]
Process: System Address: 0x88b901f8 Size: 121

Object: Hidden Code [Driver: mrxsmb㚸覼Ї慖⁤獀訔掠評觓䩰䫑ܠ, IRP_MJ_LOCK_CONTROL]
Process: System Address: 0x88b901f8 Size: 121

Object: Hidden Code [Driver: mrxsmb㚸覼Ї慖⁤獀訔掠評觓䩰䫑ܠ, IRP_MJ_CLEANUP]
Process: System Address: 0x88b901f8 Size: 121

Object: Hidden Code [Driver: mrxsmb㚸覼Ї慖⁤獀訔掠評觓䩰䫑ܠ, IRP_MJ_CREATE_MAILSLOT]
Process: System Address: 0x88b901f8 Size: 121

Object: Hidden Code [Driver: mrxsmb㚸覼Ї慖⁤獀訔掠評觓䩰䫑ܠ, IRP_MJ_QUERY_SECURITY]
Process: System Address: 0x88b901f8 Size: 121

Object: Hidden Code [Driver: mrxsmb㚸覼Ї慖⁤獀訔掠評觓䩰䫑ܠ, IRP_MJ_SET_SECURITY]
Process: System Address: 0x88b901f8 Size: 121

Object: Hidden Code [Driver: mrxsmb㚸覼Ї慖⁤獀訔掠評觓䩰䫑ܠ, IRP_MJ_POWER]
Process: System Address: 0x88b901f8 Size: 121

Object: Hidden Code [Driver: mrxsmb㚸覼Ї慖⁤獀訔掠評觓䩰䫑ܠ, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x88b901f8 Size: 121

Object: Hidden Code [Driver: mrxsmb㚸覼Ї慖⁤獀訔掠評觓䩰䫑ܠ, IRP_MJ_DEVICE_CHANGE]
Process: System Address: 0x88b901f8 Size: 121

Object: Hidden Code [Driver: mrxsmb㚸覼Ї慖⁤獀訔掠評觓䩰䫑ܠ, IRP_MJ_QUERY_QUOTA]
Process: System Address: 0x88b901f8 Size: 121

Object: Hidden Code [Driver: mrxsmb㚸覼Ї慖⁤獀訔掠評觓䩰䫑ܠ, IRP_MJ_SET_QUOTA]
Process: System Address: 0x88b901f8 Size: 121

Object: Hidden Code [Driver: mrxsmb㚸覼Ї慖⁤獀訔掠評觓䩰䫑ܠ, IRP_MJ_PNP]
Process: System Address: 0x88b901f8 Size: 121

Object: Hidden Code [Driver: cdfsП牄謆쐀ꆺ, IRP_MJ_CREATE]
Process: System Address: 0x867861f8 Size: 121

Object: Hidden Code [Driver: cdfsП牄謆쐀ꆺ, IRP_MJ_CLOSE]
Process: System Address: 0x867861f8 Size: 121

Object: Hidden Code [Driver: cdfsП牄謆쐀ꆺ, IRP_MJ_READ]
Process: System Address: 0x867861f8 Size: 121

Object: Hidden Code [Driver: cdfsП牄謆쐀ꆺ, IRP_MJ_WRITE]
Process: System Address: 0x867861f8 Size: 121

Object: Hidden Code [Driver: cdfsП牄謆쐀ꆺ, IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0x867861f8 Size: 121

Object: Hidden Code [Driver: cdfsП牄謆쐀ꆺ, IRP_MJ_SET_INFORMATION]
Process: System Address: 0x867861f8 Size: 121

Object: Hidden Code [Driver: cdfsП牄謆쐀ꆺ, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0x867861f8 Size: 121

Object: Hidden Code [Driver: cdfsП牄謆쐀ꆺ, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x867861f8 Size: 121

Object: Hidden Code [Driver: cdfsП牄謆쐀ꆺ, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System Address: 0x867861f8 Size: 121

Object: Hidden Code [Driver: cdfsП牄謆쐀ꆺ, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x867861f8 Size: 121

Object: Hidden Code [Driver: cdfsП牄謆쐀ꆺ, IRP_MJ_SHUTDOWN]
Process: System Address: 0x867861f8 Size: 121

Object: Hidden Code [Driver: cdfsП牄謆쐀ꆺ, IRP_MJ_LOCK_CONTROL]
Process: System Address: 0x867861f8 Size: 121

Object: Hidden Code [Driver: cdfsП牄謆쐀ꆺ, IRP_MJ_CLEANUP]
Process: System Address: 0x867861f8 Size: 121

Object: Hidden Code [Driver: cdfsП牄謆쐀ꆺ, IRP_MJ_PNP]
Process: System Address: 0x867861f8 Size: 121

==EOF==

Dankeschön und Gruß,

Siren

cosinus · 29.04.2010, 15:29

Zitat:

Object: Hidden Code [Driver: cdfsП牄謆쐀ꆺ, IRP_MJ_PNP]
Process: System Address: 0x867861f8 Size: 121

Ach Du K... was steht da denn drin?

Das kann ich absolut nicht einordnen. Beachte, dass eine Bereinigung nicht immer Erfolgreich sein kann und Du nur nach einem format c: die Garantie hast, dass der Albaner keinen Zugang zu Deinem PC mehr hat!

Siren · 29.04.2010, 15:42

Irgendwie haben sich da unergründliche Zeichen eingeschlichen.

Sollte ich evt. nocheinmal scannen? Vll. würden die dann weggehen.
Oder geht es um den Driver an sich?

Ja,ich hab schon überlegt alles neu aufzuspielen. ^^
Aber ich denke ich warte erstmal ab, bin schon wieder ne ganze Zeit im Internet, und es hat sich noch nichts getan (zum Glück).

Gruß

cosinus · 29.04.2010, 15:44

Hatten wir schon CF angewendet? Wenn nicht, bitte mal machen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix

Lade dir ComboFix hier herunter auf deinen Desktop. Benenne es beim Runterladen um in cofi.exe.

Dann folgende Anleitung durchlesen und abarbeiten -> CCleaner Systembereinigung

Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.

Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.

Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.

Wichtiger Hinweis:

Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Siren · 29.04.2010, 16:20

Hier erstmal der CombiFix Scan-Log.

ComboFix 10-04-28.08 - Wanja 29.04.2010 16:58:01.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.49.1031.18.3038.2236 [GMT 2:00]
ausgeführt von:: c:\users\Wanja\Desktop\cofi.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
ADS - Windows: deleted 48 bytes in 1 streams.

(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\$recycle.bin\S-1-5-21-1404076782-1682293008-319507863-500
c:\$recycle.bin\S-1-5-21-2411504786-2722078166-2254585214-500
c:\program files\Fast Browser Search
c:\program files\Fast Browser Search\IE\1.bat
c:\program files\Fast Browser Search\IE\about.html
c:\program files\Fast Browser Search\IE\affid.dat
c:\program files\Fast Browser Search\IE\basis.xml
c:\program files\Fast Browser Search\IE\basis_br.xml
c:\program files\Fast Browser Search\IE\basis_de.xml
c:\program files\Fast Browser Search\IE\basis_en.xml
c:\program files\Fast Browser Search\IE\basis_es.xml
c:\program files\Fast Browser Search\IE\basis_fr.xml
c:\program files\Fast Browser Search\IE\basis_it.xml
c:\program files\Fast Browser Search\IE\basis_nr.xml
c:\program files\Fast Browser Search\IE\basis_pt.xml
c:\program files\Fast Browser Search\IE\basis_ru.xml
c:\program files\Fast Browser Search\IE\basis_tr.xml
c:\program files\Fast Browser Search\IE\BHO.dll
c:\program files\Fast Browser Search\IE\ClearRecycleBin.exe
c:\program files\Fast Browser Search\IE\error.html
c:\program files\Fast Browser Search\IE\fbsProtection.xml
c:\program files\Fast Browser Search\IE\FbsSearchProvider.xml
c:\program files\Fast Browser Search\IE\search_de.bmp
c:\program files\Fast Browser Search\IE\search_es.bmp
c:\program files\Fast Browser Search\IE\search_fr.bmp
c:\program files\Fast Browser Search\IE\search_it.bmp
c:\program files\Fast Browser Search\IE\search_pt.bmp
c:\program files\Fast Browser Search\IE\search_ru.bmp
c:\program files\Fast Browser Search\IE\SearchAssistant.dll
c:\program files\Fast Browser Search\IE\SearchGuardPlus.exe
c:\program files\Fast Browser Search\IE\SearchGuardPlus.ico
c:\program files\Fast Browser Search\IE\SGPU.ico
c:\program files\Fast Browser Search\IE\sgpUpdater.exe
c:\program files\Fast Browser Search\IE\sgpUpdater.xml
c:\program files\Fast Browser Search\IE\SGPUpdaterS.exe
c:\program files\Fast Browser Search\IE\tbhelper.dll
c:\program files\Fast Browser Search\IE\tbs_include_script_003175.js
c:\program files\Fast Browser Search\IE\tbs_include_script_005064.js
c:\program files\Fast Browser Search\IE\tbs_include_script_012817.js
c:\program files\Fast Browser Search\IE\Toolbar Help.htm
c:\program files\Fast Browser Search\IE\uninstall.exe
c:\program files\Fast Browser Search\IE\uninstalSGP.exe
c:\program files\Fast Browser Search\IE\uninstalSGPU.exe
c:\program files\Fast Browser Search\IE\update.exe
c:\program files\Fast Browser Search\IE\version.txt
c:\program files\SGPSA
c:\program files\SGPSA\SearchAssistant.dll
c:\users\Wanja\AppData\Roaming\addon.dat

.
((((((((((((((((((((((( Dateien erstellt von 2010-03-28 bis 2010-04-29 ))))))))))))))))))))))))))))))
.

2010-04-27 18:08 . 2010-04-27 18:08 -------- d-----w- C:\_OTL
2010-04-26 13:27 . 2010-04-26 13:27 -------- d-----w- c:\users\Wanja\AppData\Roaming\Malwarebytes
2010-04-26 13:27 . 2010-03-29 22:46 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-26 13:27 . 2010-04-27 12:56 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-04-26 13:27 . 2010-04-26 13:27 -------- d-----w- c:\programdata\Malwarebytes
2010-04-26 13:27 . 2010-03-29 22:45 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-25 20:11 . 2010-04-28 19:30 -------- d-----w- c:\users\Wanja\AppData\Roaming\ICQ
2010-04-05 13:31 . 2010-04-05 13:31 233472 ----a-w- c:\windows\system32\REX Shared Library.dll
2010-04-05 13:31 . 2010-04-05 13:31 368640 ----a-w- c:\windows\system32\ReWire.dll
2010-04-05 13:26 . 2010-04-05 13:27 -------- d-----w- c:\programdata\Propellerhead Software
2010-04-05 13:26 . 2010-04-05 13:26 -------- d-----w- c:\users\Wanja\AppData\Roaming\Propellerhead Software

.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-29 15:02 . 2008-01-21 07:15 628910 ----a-w- c:\windows\system32\perfh007.dat
2010-04-29 15:02 . 2008-01-21 07:15 127606 ----a-w- c:\windows\system32\perfc007.dat
2010-04-29 14:53 . 2009-10-20 04:21 0 ----a-w- c:\windows\system32\Access.dat
2010-04-29 14:53 . 2009-06-12 20:39 -------- d-----w- c:\users\Wanja\AppData\Roaming\Hamachi
2010-04-28 19:27 . 2009-04-21 10:46 48639 ----a-w- c:\programdata\nvModes.dat
2010-04-28 12:50 . 2009-03-20 01:20 -------- d-----w- c:\programdata\Norton
2010-04-27 18:08 . 2009-08-23 19:18 -------- d-----w- c:\program files\Ask.com
2010-04-25 18:23 . 2009-06-12 11:48 -------- d-----w- c:\users\Wanja\AppData\Roaming\Skype
2010-04-25 14:06 . 2009-06-12 11:52 -------- d-----w- c:\users\Wanja\AppData\Roaming\skypePM
2010-04-21 15:51 . 2009-06-12 21:54 214520 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-04-18 14:16 . 2009-11-30 18:49 -------- d-----w- c:\program files\No23 Recorder
2010-03-30 09:50 . 2009-06-12 21:54 137464 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2010-03-30 09:11 . 2009-06-12 13:58 -------- d-----w- c:\users\Wanja\AppData\Roaming\Xfire
2010-03-30 09:11 . 2009-06-12 13:58 -------- d-----w- c:\programdata\Xfire
2010-03-29 13:31 . 2010-03-30 09:11 6319632 ----a-w- c:\programdata\Xfire\123.exe
2010-03-19 08:22 . 2009-06-25 14:49 680 ----a-w- c:\users\Wanja\AppData\Local\d3d9caps.dat
2010-03-19 08:06 . 2009-06-12 11:21 588472 ----a-w- c:\windows\system32\ezsvc7x.dll
2010-03-17 19:18 . 2010-02-14 14:43 -------- d-----w- c:\users\Wanja\AppData\Roaming\DivX
2010-03-08 18:25 . 2010-03-08 18:25 317760 ----a-w- c:\users\Public\RemoveSGP0.exe
2010-03-05 00:11 . 2010-03-05 00:11 41872 ----a-w- c:\windows\system32\xfcodec.dll
2010-02-24 08:16 . 2009-10-02 16:07 181632 ------w- c:\windows\system32\MpSigStub.exe
2010-02-21 12:21 . 2009-11-28 12:56 1 ----a-w- c:\users\Wanja\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2009-08-19 08:43 . 2009-08-19 08:43 336 ----a-w- c:\program files\setup.ini
2002-03-11 09:06 . 2002-03-11 09:06 1822520 ----a-w- c:\program files\instmsiw.exe
2002-03-11 08:45 . 2002-03-11 08:45 1708856 ----a-w- c:\program files\instmsia.exe
2009-09-25 16:41 . 2009-09-25 16:41 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-09-25 16:41 . 2009-09-25 16:41 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.

(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SmpcSys"="c:\program files\PACKARD BELL\SetupMyPC\SmpSys.exe" [2009-03-18 1160736]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-06-12 68856]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]
"AnyDVD"="c:\program files\SlySoft\AnyDVD\AnyDVDtray.exe" [2009-11-11 3124160]
"ICQ"="c:\program files\ICQ6.5\ICQ.exe" [2009-11-16 172792]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
"{B7A00906-FC95-2A68-11D1-83169E2B26EB}"="c:\users\Wanja\AppData\Roaming\Micos\Kernel39.exe" [2008-10-29 196331]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Shockwave Updater"="c:\windows\system32\Adobe\Shockwave 11\SwHelper_1150600.exe" [2009-06-05 468408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"BackupManagerTray"="c:\program files\NewTech Infosystems\Packard Bell MyBackup\BackupManagerTray.exe" [2009-03-09 250624]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2009-03-20 30192]
"Acer ePower Management"="c:\program files\Packard Bell\Packard Bell PowerSave Solution\ePowerTray.exe" [2009-03-11 715296]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-02-09 13605408]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-02-09 92704]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-02-24 6789664]
"Camera Assistant Software"="c:\program files\Video Web Camera\traybar.exe" [2009-02-24 630784]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-02-06 1430824]
"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2009-02-12 862728]
"RemoteControl8"="c:\program files\CyberLink\PowerDVD8\PDVD8Serv.exe" [2008-10-17 91432]
"PDVD8LanguageShortcut"="c:\program files\CyberLink\PowerDVD8\Language\Language.exe" [2007-12-14 50472]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-06-05 292136]
"VirtualCloneDrive"="c:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2009-05-26 85160]
"snpstd3"="c:\windows\vsnpstd3.exe" [2006-09-19 827392]
"H2O"="c:\program files\SyncroSoft\Pos\H2O\cledx.exe" [2005-10-22 385024]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-11-28 149280]
" Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-03-29 1086856]

c:\users\Wanja\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.1.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-8-18 384000]
Xfire.lnk - c:\spiele\Xfire\Xfire.exe [2010-3-5 3233168]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Hamachi.lnk - c:\program files\Hamachi\hamachi.exe [2009-10-3 599592]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
"HideFastUserSwitching"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

R0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2009-10-02 722416]
R2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe [2008-01-21 21504]
R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\Common Files\MAGIX Services\Database\bin\fbserver.exe [2008-08-07 3276800]
R3 GoogleDesktopManager-092308-165331;Google Desktop Manager 5.8.809.23506;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2009-03-20 30192]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2009-05-13 108289]
S2 ePowerSvc;Acer ePower Service;c:\program files\PACKARD BELL\Packard Bell PowerSave Solution\ePowerSvc.exe [2009-03-11 666144]
S2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe [2008-01-21 21504]
S2 Fabs;FABS - Helping agent for MAGIX media database;c:\program files\Common Files\MAGIX Services\Database\bin\FABS.exe [2009-05-06 1220608]
S2 HamachiService;Hamachi Service;c:\program files\Hamachi\hamachi.exe [2009-10-03 599592]
S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe [2009-03-09 44800]
S2 TunngleService;TunngleService;c:\program files\Tunngle\TnglCtrl.exe [2009-09-16 666360]
S3 CLEDX;Team H2O CLEDX service;c:\windows\system32\DRIVERS\cledx.sys [2005-05-09 33792]
S3 k57nd60x;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60x.sys [2008-09-03 223232]
S3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\NETw5v32.sys [2008-09-24 3666432]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2009-01-22 52768]
S3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);c:\windows\system32\DRIVERS\tap0901t.sys [2009-09-16 27136]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
ezSharedSvc
.
Inhalt des "geplante Tasks" Ordners

2010-04-29 c:\windows\Tasks\User_Feed_Synchronization-{9DAAB002-0573-4F99-8191-F73EA9DB858C}.job
- c:\windows\system32\msfeedssync.exe [2008-01-21 02:24]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://ecosia.org/?cc=de&lang=de&nocookie=1
mStart Page = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&s=2&o=vp32&d=0409&m=easynote_lj65
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Save YouTube Video as MP3 - c:\program files\Common Files\DVDVideoSoft\Dll\IEContextMenuY.dll/scriptY2MP3.htm
DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} - hxxps://www.battlefieldheroes.com/static/updater/BFHUpdater_4.0.21.0.cab
FF - ProfilePath - c:\users\Wanja\AppData\Roaming\Mozilla\Firefox\Profiles\5fnim5mp.default\
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX Richtlinien ----
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -

HKCU-Run-RGSC - c:\spiele\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe
AddRemove-Age Of Pirates 1.41_is1 - c:\spiele\Age of Pirates - Caribbean Tales\unins000.exe
AddRemove-Blitzkrieg 2 - c:\spiele\Blitzkkrieg\Uninstall\uninstall.exe
AddRemove-Saiteninstrument-Stimmgerät für Open-Tunings (De~FEB13E95_is1 - c:\program files\Stimmgerät für Open-Tunings (Demoversion)\unins000.exe
AddRemove-Steinberg Cubase SX v3.1.1.944 - c:\progra~1\STEINB~1\CUBASE~1\UNWISE.EXE
AddRemove-{8DC910CD-8EE3-4ffc-A4EB-9B02701059C4} - c:\spiele\Battlefield Heroes\uninstaller.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2010-04-29 17:12
Windows 6.0.6001 Service Pack 1 NTFS

Scanne versteckte Prozesse...

Scanne versteckte Autostarteinträge...

Scanne versteckte Dateien...

Scan erfolgreich abgeschlossen
versteckte Dateien: 0

**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------

[HKEY_USERS\S-1-5-21-2411504786-2722078166-2254585214-1000\Software\SecuROM\License information*]
"datasecu"=hex:f3,d1,0c,6a,fe,fd,3a,ed,98,91,90,aa,a0,58,59,b6,8a,8a,24,cc,d2,
5b,a1,99,00,43,01,f2,9a,89,4e,77,53,dc,8e,7b,be,6e,cc,b4,24,a7,13,52,74,59,\
"rkeysecu"=hex:cc,c2,01,52,e2,9f,50,f1,a0,d4,a5,59,78,5a,21,f1
.
Zeit der Fertigstellung: 2010-04-29 17:16:57
ComboFix-quarantined-files.txt 2010-04-29 15:16

Vor Suchlauf: 14 Verzeichnis(se), 66.399.289.344 Bytes frei
Nach Suchlauf: 19 Verzeichnis(se), 66.358.374.400 Bytes frei

- - End Of File - - D669438EB5BB6DA69898988657655E7F

CCleaner kommt gleich

Gruß

Siren · 29.04.2010, 16:34

CCleaner hab ich auch durchgeführt wie beschrieben.
Hat alles super geklappt.

Jetzt hab ich noch ne Frage: Wärs ratsam mir ein besseres Anti-Virenprogramm zu kaufen?

Gruß

cosinus · 29.04.2010, 18:13

Zitat:

Jetzt hab ich noch ne Frage: Wärs ratsam mir ein besseres Anti-Virenprogramm zu kaufen?

Nein. Für reine private Zwecke reicht was Kostenloses wie AntiVir, AVG Free oder Avast. Eine Bezahlversion ist nur unbedingt dann nötig, wenn Du nicht mehr reine private Dinge machst.
Auch ist die Schutzwirkung einer Bezahlversion nicht unbedingt besser, Du musst auch wissen, dass ein Virenscanner nur ein kleiner Teil des Sicherheitskonzept ist: wichtiger als der Virenscanner ist zB das regelmäßig Einspielen von Updates und Anfertigen von Backups, Nutzen von eingeschränkter Rechte usw.

Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!

traxa · 29.04.2010, 21:08

Jetzt hab ich noch ne Frage: Wärs ratsam mir ein besseres Anti-Virenprogramm zu kaufen?

Also ich habe momentan Windows Defender Avira Antivir Professional und Microsofrt SE(security essentials) auf meinem laptop^^ klappt alles wunderbar werden beim downloaden schon sofort erkannt ob viren oder anderweitig böse dateien drin sind.
alle 3 sind freeware kannst dich ja mal erkundigen ob diese für dich ausreichen :P

P.S habe diese jetzt auch auf meinem rechner nach der bösen attacke ^^

cosinus · 30.04.2010, 08:53

Zitat:

Zitat von traxa

werden beim downloaden schon sofort erkannt ob viren oder anderweitig böse dateien drin sind.

Das klingt aber eine Spur zu optimistisch, man sollte immer bedenken, dass ein Virenscanner nie alle Schädlinge erkennen kann! D.h. man darf nicht hirnlos etwas anklicken, nur weil der Virenscanner nichts meldet.

http://www.malte-wetz.de/wiki/pmwiki.php/De/KompromittierungUnvermeidbar
http://www.oschad.de/wiki/Virenscanner

traxa · 30.04.2010, 13:09

@ ich appeliere schon an den menschlichen verstand das man nicht wahllos auf irgendwelche seiten geht und da einfach alles downloaded was geht^^

aber du hast recht ich habe mich ein bisschen zu allgemein ausgedrückt :P

Siren · 30.04.2010, 15:04

Guten Tag.

Hier is dann mal der SUPERAntiSpyware-Scan.
Muss ich die Dateien in der Quarantäne löschen?

SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com

Generated 04/29/2010 at 10:51 PM

Application Version : 4.36.1006

Core Rules Database Version : 4867
Trace Rules Database Version: 2679

Scan type : Complete Scan
Total Scan Time : 03:24:17

Memory items scanned : 745
Memory threats detected : 0
Registry items scanned : 7892
Registry threats detected : 26
File items scanned : 248686
File threats detected : 11

Adware.Tracking Cookie
C:\Users\Wanja\AppData\Roaming\Microsoft\Windows\Cookies\wanja@sevenoneintermedia.112.2o7[1].txt
C:\Users\Wanja\AppData\Roaming\Microsoft\Windows\Cookies\wanja@bs.serving-sys[1].txt
C:\Users\Wanja\AppData\Roaming\Microsoft\Windows\Cookies\wanja@ad.yieldmanager[2].txt
C:\Users\Wanja\AppData\Roaming\Microsoft\Windows\Cookies\wanja@ar.atwola[1].txt
C:\Users\Wanja\AppData\Roaming\Microsoft\Windows\Cookies\wanja@content.yieldmanager[2].txt
C:\Users\Wanja\AppData\Roaming\Microsoft\Windows\Cookies\wanja@atwola[1].txt
C:\Users\Wanja\AppData\Roaming\Microsoft\Windows\Cookies\wanja@serving-sys[2].txt
C:\Users\Wanja\AppData\Roaming\Microsoft\Windows\Cookies\wanja@content.yieldmanager[3].txt
C:\Users\Wanja\AppData\Roaming\Microsoft\Windows\Cookies\wanja@tradedoubler[2].txt
C:\Users\Wanja\AppData\Roaming\Microsoft\Windows\Cookies\wanja@doubleclick[1].txt
C:\Users\Wanja\AppData\Roaming\Microsoft\Windows\Cookies\wanja@ad.adnet[1].txt

Browser Hijacker.Deskbar
HKCR\TypeLib\{77AA25E8-6083-4949-A831-9CB11861DC10}
HKCR\TypeLib\{77AA25E8-6083-4949-A831-9CB11861DC10}\1.0
HKCR\TypeLib\{77AA25E8-6083-4949-A831-9CB11861DC10}\1.0\0
HKCR\TypeLib\{77AA25E8-6083-4949-A831-9CB11861DC10}\1.0\0\win32
HKCR\TypeLib\{77AA25E8-6083-4949-A831-9CB11861DC10}\1.0\FLAGS
HKCR\TypeLib\{77AA25E8-6083-4949-A831-9CB11861DC10}\1.0\HELPDIR
HKCR\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}
HKCR\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}\ProxyStubClsid
HKCR\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}\ProxyStubClsid32
HKCR\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}\TypeLib
HKCR\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}\TypeLib#Version
HKCR\Interface\{9EBB289A-2D7B-465B-825F-1530B813E95A}
HKCR\Interface\{9EBB289A-2D7B-465B-825F-1530B813E95A}\ProxyStubClsid
HKCR\Interface\{9EBB289A-2D7B-465B-825F-1530B813E95A}\ProxyStubClsid32
HKCR\Interface\{9EBB289A-2D7B-465B-825F-1530B813E95A}\TypeLib
HKCR\Interface\{9EBB289A-2D7B-465B-825F-1530B813E95A}\TypeLib#Version
HKCR\Interface\{CD5C92AE-97B0-4BC3-BA65-BA0308D543BF}
HKCR\Interface\{CD5C92AE-97B0-4BC3-BA65-BA0308D543BF}\ProxyStubClsid
HKCR\Interface\{CD5C92AE-97B0-4BC3-BA65-BA0308D543BF}\ProxyStubClsid32
HKCR\Interface\{CD5C92AE-97B0-4BC3-BA65-BA0308D543BF}\TypeLib
HKCR\Interface\{CD5C92AE-97B0-4BC3-BA65-BA0308D543BF}\TypeLib#Version
HKCR\Interface\{E67D5BC7-7129-493E-9281-F47BDAFACE4F}
HKCR\Interface\{E67D5BC7-7129-493E-9281-F47BDAFACE4F}\ProxyStubClsid
HKCR\Interface\{E67D5BC7-7129-493E-9281-F47BDAFACE4F}\ProxyStubClsid32
HKCR\Interface\{E67D5BC7-7129-493E-9281-F47BDAFACE4F}\TypeLib
HKCR\Interface\{E67D5BC7-7129-493E-9281-F47BDAFACE4F}\TypeLib#Version

Gruß,

Siren

P.S.: Malwarebytes kommt gleich, also in ca. 2 Stunden.

28.04.2010, 19:42	#16
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Hacker schreibt auf meinem Pc mit mir! 8 Viren (z.B. DR/Zwangi.Cp) gefunden! Das sieht unauffällig aus. Kriegste das mit GMER auch noch hin? __________________ Logfiles bitte immer in CODE-Tags posten

Hacker schreibt auf meinem Pc mit mir! 8 Viren (z.B. DR/Zwangi.Cp) gefunden!

Plagegeister aller Art und deren Bekämpfung: Hacker schreibt auf meinem Pc mit mir! 8 Viren (z.B. DR/Zwangi.Cp) gefunden!