Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: tr crypt.zpack.gen im Temp Ordner

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 14.11.2010, 22:40   #1
TrjPferd
 
tr crypt.zpack.gen im Temp Ordner - Standard

tr crypt.zpack.gen im Temp Ordner



Hallo,
habe nach dem besuchen einer ominösen Seite, die ich über Google besucht habe, einen Virus Fund im "Temp" Ordner (Avira) gehabt. Mit dem "Temp Cleaner" oder so ähnlich habe ich dann den Temp-Ordner geklärt.

Ist der Virus immer noch da? Der Taskmanager wurde mir "gesperrt", ist also nicht mehr aufzurufen. Hier mal ein Scan mit OTL:
Code:
ATTFilter
OTL logfile created on: 14.11.2010 23:36:36 - Run 1
OTL by OldTimer - Version 3.2.17.3     Folder = C:\Users\Public\Desktop\MFtools
 Ultimate Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 69,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 82,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Programme
Drive C: | 148,95 Gb Total Space | 49,99 Gb Free Space | 33,56% Space Free | Partition Type: NTFS
Drive D: | 5,40 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive F: | 3,73 Gb Total Space | 3,73 Gb Free Space | 99,93% Space Free | Partition Type: FAT
 
Computer Name: JULIAN-PC | User Name: Julian | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2010.11.14 23:32:48 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Public\Desktop\MFtools\OTL.exe
PRC - [2010.10.28 16:43:46 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\firefox.exe
PRC - [2010.07.09 15:09:52 | 000,248,936 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2010.03.19 09:49:20 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Programme\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2009.10.31 06:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009.07.21 14:34:28 | 000,185,089 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2009.07.14 02:14:28 | 000,031,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\prevhost.exe
PRC - [2009.05.13 16:48:18 | 000,108,289 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
 
 
========== Modules (SafeList) ==========
 
MOD - [2010.11.14 23:32:48 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Public\Desktop\MFtools\OTL.exe
MOD - [2010.08.21 06:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll
MOD - [2009.07.14 02:16:15 | 000,099,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sspicli.dll
MOD - [2009.07.14 02:16:13 | 000,092,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sechost.dll
MOD - [2009.07.14 02:16:13 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\samcli.dll
MOD - [2009.07.14 02:16:12 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\profapi.dll
MOD - [2009.07.14 02:16:03 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\netutils.dll
MOD - [2009.07.14 02:15:35 | 000,288,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\KernelBase.dll
MOD - [2009.07.14 02:15:13 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dwmapi.dll
MOD - [2009.07.14 02:15:11 | 000,064,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\devobj.dll
MOD - [2009.07.14 02:15:07 | 000,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cryptbase.dll
MOD - [2009.07.14 02:15:02 | 000,145,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cfgmgr32.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2010.07.09 15:09:52 | 000,248,936 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2010.06.14 14:07:14 | 000,615,936 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Programme\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2010.03.19 09:49:20 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010.03.18 15:47:22 | 000,035,160 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe -- (aspnet_state)
SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.03.18 12:16:28 | 000,124,240 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe -- (NetTcpPortSharing)
SRV - [2010.03.18 12:16:28 | 000,124,240 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe -- (NetTcpActivator)
SRV - [2010.03.18 12:16:28 | 000,124,240 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe -- (NetPipeActivator)
SRV - [2010.03.18 12:16:28 | 000,124,240 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe -- (NetMsmqActivator)
SRV - [2009.07.21 14:34:28 | 000,185,089 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2009.07.16 16:04:16 | 000,316,664 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2009.07.14 02:16:21 | 000,185,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wwansvc.dll -- (WwanSvc)
SRV - [2009.07.14 02:16:17 | 000,151,552 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wbiosrvc.dll -- (WbioSrvc)
SRV - [2009.07.14 02:16:17 | 000,119,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\umpo.dll -- (Power)
SRV - [2009.07.14 02:16:16 | 000,037,376 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\themeservice.dll -- (Themes)
SRV - [2009.07.14 02:16:15 | 000,053,760 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sppuinotify.dll -- (sppuinotify)
SRV - [2009.07.14 02:16:13 | 000,043,520 | ---- | M] (Microsoft Corporation) [Unknown | Running] -- C:\Windows\System32\RpcEpMap.dll -- (RpcEptMapper)
SRV - [2009.07.14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 02:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009.07.14 02:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\pnrpsvc.dll -- (PNRPsvc)
SRV - [2009.07.14 02:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\pnrpsvc.dll -- (p2pimsvc)
SRV - [2009.07.14 02:16:12 | 000,165,376 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\provsvc.dll -- (HomeGroupProvider)
SRV - [2009.07.14 02:16:12 | 000,020,480 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpauto.dll -- (PNRPAutoReg)
SRV - [2009.07.14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009.07.14 02:15:36 | 000,194,560 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\ListSvc.dll -- (HomeGroupListener)
SRV - [2009.07.14 02:15:21 | 000,797,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2009.07.14 02:15:11 | 000,253,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dhcpcore.dll -- (Dhcp)
SRV - [2009.07.14 02:15:10 | 000,218,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\defragsvc.dll -- (defragsvc)
SRV - [2009.07.14 02:14:59 | 000,076,800 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\bdesvc.dll -- (BDESVC)
SRV - [2009.07.14 02:14:58 | 000,088,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\AxInstSv.dll -- (AxInstSV) ActiveX-Installer (AxInstSV)
SRV - [2009.07.14 02:14:53 | 000,027,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\appidsvc.dll -- (AppIDSvc)
SRV - [2009.07.14 02:14:29 | 003,179,520 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\sppsvc.exe -- (sppsvc)
SRV - [2009.05.13 16:48:18 | 000,108,289 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\RtVLAN60.sys -- (VLAN) Realtek Virtual Miniport Driver for VLAN (NDIS 6.2)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\RtTeam60.sys -- (TEAM) Realtek Virtual Miniport Driver for Teaming (NDIS 6.0)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\dgderdrv.sys -- (dgderdrv)
DRV - File not found [Kernel | Auto | Stopped] -- C:\Windows\System32\DRIVERS\BT848.sys -- (BT848)
DRV - [2010.07.09 23:37:00 | 011,008,040 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2010.04.27 03:25:20 | 000,123,648 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscemdm.sys -- (sscemdm)
DRV - [2010.04.27 03:25:20 | 000,098,560 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscebus.sys -- (sscebus) SAMSUNG USB Composite Device V2 driver (WDM)
DRV - [2010.04.27 03:25:20 | 000,014,848 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscemdfl.sys -- (sscemdfl)
DRV - [2010.02.26 13:32:44 | 000,022,528 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2010.02.26 13:32:44 | 000,018,176 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2010.02.26 13:21:22 | 000,137,344 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nmwcdnsu.sys -- (nmwcdnsu)
DRV - [2010.02.26 13:21:22 | 000,008,320 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nmwcdnsuc.sys -- (nmwcdnsuc)
DRV - [2009.12.11 08:44:02 | 000,133,720 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\ksecpkg.sys -- (KSecPkg)
DRV - [2009.12.08 14:34:49 | 000,056,816 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2009.11.25 17:00:17 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2009.11.18 10:09:52 | 000,376,832 | ---- | M] (NETGEAR Inc.                           ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\wg111v3.sys -- (RTL8187B)
DRV - [2009.11.15 14:19:18 | 000,281,504 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\atksgt.sys -- (atksgt)
DRV - [2009.11.15 14:19:17 | 000,025,888 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\lirsgt.sys -- (lirsgt)
DRV - [2009.10.07 09:49:38 | 006,756,632 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\lvuvc.sys -- (LVUVC) Logitech Webcam 200(UVC)
DRV - [2009.10.07 09:47:54 | 000,266,008 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvrs.sys -- (LVRS)
DRV - [2009.10.07 09:46:12 | 000,114,712 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvpopflt.sys -- (lvpopflt)
DRV - [2009.08.22 19:25:00 | 000,009,088 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Programme\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner32.sys -- (RivaTuner32)
DRV - [2009.08.13 22:09:58 | 000,060,160 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\xusb21.sys -- (xusb21)
DRV - [2009.08.06 22:39:28 | 000,167,936 | ---- | M] (D-Link corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\DLKRT32.sys -- (DLKRT32)
DRV - [2009.07.14 02:26:21 | 000,015,952 | ---- | M] (CMD Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\cmdide.sys -- (cmdide)
DRV - [2009.07.14 02:26:17 | 000,297,552 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adpahci.sys -- (adpahci)
DRV - [2009.07.14 02:26:15 | 000,422,976 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adp94xx.sys -- (adp94xx)
DRV - [2009.07.14 02:26:15 | 000,159,312 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdsbs.sys -- (amdsbs)
DRV - [2009.07.14 02:26:15 | 000,146,512 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adpu320.sys -- (adpu320)
DRV - [2009.07.14 02:26:15 | 000,086,608 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\arcsas.sys -- (arcsas)
DRV - [2009.07.14 02:26:15 | 000,079,952 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdsata.sys -- (amdsata)
DRV - [2009.07.14 02:26:15 | 000,076,368 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\arc.sys -- (arc)
DRV - [2009.07.14 02:26:15 | 000,023,616 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\amdxata.sys -- (amdxata)
DRV - [2009.07.14 02:26:15 | 000,014,400 | ---- | M] (Acer Laboratories Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\aliide.sys -- (aliide)
DRV - [2009.07.14 02:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nvstor.sys -- (nvstor)
DRV - [2009.07.14 02:20:44 | 000,117,312 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nvraid.sys -- (nvraid)
DRV - [2009.07.14 02:20:44 | 000,044,624 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nfrd960.sys -- (nfrd960)
DRV - [2009.07.14 02:20:37 | 000,089,168 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_sas.sys -- (LSI_SAS)
DRV - [2009.07.14 02:20:36 | 000,332,352 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\iaStorV.sys -- (iaStorV)
DRV - [2009.07.14 02:20:36 | 000,235,584 | ---- | M] (LSI Corporation, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\MegaSR.sys -- (MegaSR)
DRV - [2009.07.14 02:20:36 | 000,096,848 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2009.07.14 02:20:36 | 000,095,824 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_fc.sys -- (LSI_FC)
DRV - [2009.07.14 02:20:36 | 000,054,864 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_sas2.sys -- (LSI_SAS2)
DRV - [2009.07.14 02:20:36 | 000,041,040 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\iirsp.sys -- (iirsp)
DRV - [2009.07.14 02:20:36 | 000,030,800 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\megasas.sys -- (megasas)
DRV - [2009.07.14 02:20:36 | 000,013,904 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\hwpolicy.sys -- (hwpolicy)
DRV - [2009.07.14 02:20:28 | 000,453,712 | ---- | M] (Emulex) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\elxstor.sys -- (elxstor)
DRV - [2009.07.14 02:20:28 | 000,070,720 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\djsvs.sys -- (aic78xx)
DRV - [2009.07.14 02:20:28 | 000,067,152 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\HpSAMD.sys -- (HpSAMD)
DRV - [2009.07.14 02:20:28 | 000,046,160 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\fsdepends.sys -- (FsDepends)
DRV - [2009.07.14 02:19:11 | 000,141,904 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vsmraid.sys -- (vsmraid)
DRV - [2009.07.14 02:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vmbus.sys -- (vmbus)
DRV - [2009.07.14 02:19:10 | 000,159,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vhdmp.sys -- (vhdmp)
DRV - [2009.07.14 02:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vmstorfl.sys -- (storflt)
DRV - [2009.07.14 02:19:10 | 000,032,832 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vdrvroot.sys -- (vdrvroot)
DRV - [2009.07.14 02:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\storvsc.sys -- (storvsc)
DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\wimmount.sys -- (WIMMount)
DRV - [2009.07.14 02:19:10 | 000,016,976 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\viaide.sys -- (viaide)
DRV - [2009.07.14 02:19:04 | 001,383,488 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\ql2300.sys -- (ql2300)
DRV - [2009.07.14 02:19:04 | 000,173,648 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\rdyboost.sys -- (rdyboost)
DRV - [2009.07.14 02:19:04 | 000,106,064 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\ql40xx.sys -- (ql40xx)
DRV - [2009.07.14 02:19:04 | 000,077,888 | ---- | M] (Silicon Integrated Systems) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\sisraid4.sys -- (SiSRaid4)
DRV - [2009.07.14 02:19:04 | 000,043,088 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\pcw.sys -- (pcw)
DRV - [2009.07.14 02:19:04 | 000,040,016 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\SiSRaid2.sys -- (SiSRaid2)
DRV - [2009.07.14 02:19:04 | 000,021,072 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\stexstor.sys -- (stexstor)
DRV - [2009.07.14 02:17:54 | 000,369,568 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\cng.sys -- (CNG)
DRV - [2009.07.14 01:57:25 | 000,272,128 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\Brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2009.07.14 01:02:41 | 000,018,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rdpbus.sys -- (rdpbus)
DRV - [2009.07.14 01:01:41 | 000,007,168 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\RDPREFMP.sys -- (RDPREFMP)
DRV - [2009.07.14 00:55:00 | 000,049,152 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\agilevpn.sys -- (RasAgileVpn) WAN Miniport (IKEv2)
DRV - [2009.07.14 00:53:51 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\wfplwf.sys -- (WfpLwf)
DRV - [2009.07.14 00:52:44 | 000,027,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ndiscap.sys -- (NdisCap)
DRV - [2009.07.14 00:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009.07.14 00:52:04 | 000,048,128 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\vwififlt.sys -- (vwififlt)
DRV - [2009.07.14 00:52:02 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vwifibus.sys -- (vwifibus)
DRV - [2009.07.14 00:52:00 | 000,163,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\1394ohci.sys -- (1394ohci)
DRV - [2009.07.14 00:51:35 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\umpass.sys -- (UmPass)
DRV - [2009.07.14 00:51:23 | 000,080,640 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\USBAUDIO.sys -- (usbaudio) USB-Audiotreiber (WDM)
DRV - [2009.07.14 00:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2009.07.14 00:51:08 | 000,004,096 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mshidkmdf.sys -- (mshidkmdf)
DRV - [2009.07.14 00:46:55 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\MTConfig.sys -- (MTConfig)
DRV - [2009.07.14 00:45:42 | 000,465,408 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\xnacc.sys -- (xnacc)
DRV - [2009.07.14 00:45:26 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CompositeBus.sys -- (CompositeBus)
DRV - [2009.07.14 00:36:52 | 000,050,176 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\appid.sys -- (AppID)
DRV - [2009.07.14 00:33:50 | 000,026,624 | ---- | M] (Microsoft Corporation) [Kernel | Unknown | Stopped] -- C:\Windows\System32\drivers\scfilter.sys -- (scfilter)
DRV - [2009.07.14 00:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vms3cap.sys -- (s3cap)
DRV - [2009.07.14 00:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\VMBusHID.sys -- (VMBusHID)
DRV - [2009.07.14 00:24:05 | 000,032,256 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\discache.sys -- (discache)
DRV - [2009.07.14 00:16:36 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\acpipmi.sys -- (AcpiPmi)
DRV - [2009.07.14 00:11:04 | 000,052,736 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\amdppm.sys -- (AmdPPM)
DRV - [2009.07.13 23:54:15 | 001,311,232 | ---- | M] (NXP Semiconductors) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Ph3xIB32.sys -- (Ph3xIB32)
DRV - [2009.07.13 23:54:14 | 000,026,624 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009.07.13 23:53:33 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbMdm.sys -- (BrUsbMdm)
DRV - [2009.07.13 23:53:33 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbSer.sys -- (BrUsbSer)
DRV - [2009.07.13 23:53:32 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrSerWdm.sys -- (BrSerWdm)
DRV - [2009.07.13 23:53:28 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltLo.sys -- (BrFiltLo)
DRV - [2009.07.13 23:53:28 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltUp.sys -- (BrFiltUp)
DRV - [2009.07.13 23:02:52 | 000,139,776 | ---- | M] (Realtek Corporation                                            ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Rt86win7.sys -- (RTL8167)
DRV - [2009.07.13 23:02:49 | 000,229,888 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\b57nd60x.sys -- (b57nd60x)
DRV - [2009.07.13 23:02:48 | 003,100,160 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\evbdx.sys -- (ebdrv)
DRV - [2009.07.13 23:02:48 | 000,430,080 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\bxvbdx.sys -- (b06bdrv)
DRV - [2009.05.11 10:12:20 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009.05.04 17:30:28 | 000,014,392 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\AtiPcie.sys -- (AtiPcie) AMD PCI Express (3GIO)
DRV - [2009.03.30 10:33:03 | 000,096,104 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2009.02.13 12:35:01 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Programme\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2008.08.26 09:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2006.09.24 14:28:46 | 000,005,248 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | Boot | Running] -- C:\Windows\system32\speedfan.sys -- (speedfan)
DRV - [1996.04.03 20:33:26 | 000,005,248 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\system32\giveio.sys -- (giveio)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = F3 D8 C8 DB F8 65 CA 01  [binary data]
IE - HKCU\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://web.de/"
FF - prefs.js..extensions.enabledItems: battlefieldheroespatcher@ea.com:4.0.53.0
FF - prefs.js..extensions.enabledItems: {b749fc7c-e949-447f-926c-3f4eed6accfe}:0.6.6
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.63
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Components: C:\Programme\Mozilla Firefox\components [2010.11.04 17:38:00 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2010.10.28 16:43:48 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.6\extensions\\Components: C:\Programme\Mozilla Firefox\components [2010.11.04 17:38:00 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.6\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2010.10.28 16:43:48 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Components: C:\Programme\Mozilla Firefox\components [2010.11.04 17:38:00 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2010.10.28 16:43:48 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Components: C:\Programme\Mozilla Firefox\components [2010.11.04 17:38:00 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2010.10.28 16:43:48 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Components: C:\Programme\Mozilla Firefox\components [2010.11.04 17:38:00 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2010.10.28 16:43:48 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.11\extensions\\Components: C:\Programme\Mozilla Firefox\components [2010.11.04 17:38:00 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.11\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2010.10.28 16:43:48 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Programme\Mozilla Firefox\components [2010.11.04 17:38:00 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2010.10.28 16:43:48 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.2pre\extensions\\Components: C:\Programme\Mozilla Firefox\components [2010.11.04 17:38:00 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.2pre\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2010.10.28 16:43:48 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Programme\Mozilla Firefox\components [2010.11.04 17:38:00 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2010.10.28 16:43:48 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.4\extensions\\Components: C:\Programme\Mozilla Firefox\components [2010.11.04 17:38:00 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.4\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2010.10.28 16:43:48 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Components: C:\Programme\Mozilla Firefox\components [2010.11.04 17:38:00 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2010.10.28 16:43:48 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.7\extensions\\Components: C:\Programme\Mozilla Firefox\components [2010.11.04 17:38:00 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.7\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2010.10.28 16:43:48 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Programme\Mozilla Firefox\components [2010.11.04 17:38:00 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2010.10.28 16:43:48 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.9\extensions\\Components: C:\Programme\Mozilla Firefox\components [2010.11.04 17:38:00 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.9\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2010.10.28 16:43:48 | 000,000,000 | ---D | M]
 
[2009.11.15 12:31:50 | 000,000,000 | ---D | M] -- C:\Users\Julian\AppData\Roaming\mozilla\Extensions
[2010.11.14 22:18:01 | 000,000,000 | ---D | M] -- C:\Users\Julian\AppData\Roaming\mozilla\Firefox\Profiles\2ef4xmbb.default\extensions
[2010.04.14 19:31:02 | 000,000,000 | ---D | M] (Modify Headers) -- C:\Users\Julian\AppData\Roaming\mozilla\Firefox\Profiles\2ef4xmbb.default\extensions\{b749fc7c-e949-447f-926c-3f4eed6accfe}
[2010.07.24 12:55:00 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus(R))) -- C:\Users\Julian\AppData\Roaming\mozilla\Firefox\Profiles\2ef4xmbb.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2010.05.28 16:21:20 | 000,000,000 | ---D | M] -- C:\Users\Julian\AppData\Roaming\mozilla\Firefox\Profiles\2ef4xmbb.default\extensions\battlefieldheroespatcher@ea.com
[2010.11.14 22:18:01 | 000,000,000 | ---D | M] -- C:\Programme\mozilla firefox\extensions
[2009.11.22 18:47:21 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\mozilla firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2010.07.12 17:33:56 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Programme\mozilla firefox\plugins\npwachk.dll
[2010.10.21 17:20:29 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml
[2010.10.21 17:20:29 | 000,002,344 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml
[2010.10.21 17:20:30 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml
[2010.10.21 17:20:30 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml
[2010.10.21 17:20:30 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2010.01.17 01:07:15 | 000,373,541 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1	www.007guard.com
O1 - Hosts: 127.0.0.1	007guard.com
O1 - Hosts: 127.0.0.1	008i.com
O1 - Hosts: 127.0.0.1	www.008k.com
O1 - Hosts: 127.0.0.1	008k.com
O1 - Hosts: 127.0.0.1	www.00hq.com
O1 - Hosts: 127.0.0.1	00hq.com
O1 - Hosts: 127.0.0.1	010402.com
O1 - Hosts: 127.0.0.1	www.032439.com
O1 - Hosts: 127.0.0.1	032439.com
O1 - Hosts: 127.0.0.1	www.0scan.com
O1 - Hosts: 127.0.0.1	0scan.com
O1 - Hosts: 127.0.0.1	www.1000gratisproben.com
O1 - Hosts: 127.0.0.1	1000gratisproben.com
O1 - Hosts: 127.0.0.1	www.1001namen.com
O1 - Hosts: 127.0.0.1	1001namen.com
O1 - Hosts: 127.0.0.1	www.100888290cs.com
O1 - Hosts: 127.0.0.1	100888290cs.com
O1 - Hosts: 127.0.0.1	www.100sexlinks.com
O1 - Hosts: 127.0.0.1	100sexlinks.com
O1 - Hosts: 127.0.0.1	10sek.com
O1 - Hosts: 127.0.0.1	www.10sek.com
O1 - Hosts: 127.0.0.1	1-2005-search.com
O1 - Hosts: 127.0.0.1	www.1-2005-search.com
O1 - Hosts: 127.0.0.1	123fporn.info
O1 - Hosts: 12871 more lines...
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [RivaTunerStartupDaemon] C:\Programme\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTunerWrapper.exe ()
O4 - HKLM..\Run: [ROUTE66Sync] C:\Programme\ROUTE 66\ROUTE 66 Sync\Sync9Loader.exe (ROUTE 66)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Programme\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [sGYdOWNVnv.exe] C:\Users\Julian\AppData\Local\Temp\sGYdOWNVnv.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\Pokerstars\PokerStarsUpdate.exe File not found
O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe File not found
O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe File not found
O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6\ICQ6.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6\ICQ6.5\ICQ.exe (ICQ, LLC.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {140E4DF8-9E14-4A34-9577-C77561ED7883} hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.1.71.0.cab (SysInfo Class)
O16 - DPF: {40F576AD-8680-4F9E-9490-99D069CD665F} hxxp://srtest-cdn.systemrequirementslab.com.s3.amazonaws.com/bin/sysreqlabdetect.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {B8A48F42-30E1-48f8-AE87-7BD7C75DB8AA} hxxp://www.systemrequirementslab.com/srl_bin/sysreqlab_test.cab (System Requirements Lab Class)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 217.0.43.97 217.0.43.113
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2010.02.10 02:55:59 | 000,423,304 | R--- | M] (Electronic Arts) - D:\AutoRun.exe -- [ CDFS ]
O32 - AutoRun File - [2010.02.10 07:21:09 | 000,000,000 | ---D | M] - D:\Autorun -- [ CDFS ]
O32 - AutoRun File - [2010.01.31 09:21:13 | 000,367,686 | R--- | M] () - D:\Autorun.ico -- [ CDFS ]
O32 - AutoRun File - [2010.02.10 03:55:03 | 009,965,568 | R--- | M] () - D:\autorun.dat -- [ CDFS ]
O32 - AutoRun File - [2010.02.10 03:54:55 | 000,000,155 | R--- | M] () - D:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{1a216b38-e4c7-11de-8d23-edf966cd8af4}\Shell - "" = AutoRun
O33 - MountPoints2\{1a216b38-e4c7-11de-8d23-edf966cd8af4}\Shell\AutoRun\command - "" = F:\autorun.exe -- File not found
O33 - MountPoints2\{4474ce59-d794-11dd-bcc1-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{4474ce59-d794-11dd-bcc1-806e6f6e6963}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- [2010.02.10 02:55:59 | 000,423,304 | R--- | M] (Electronic Arts)
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2010.11.14 23:33:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010.11.14 23:32:24 | 000,000,000 | ---D | C] -- C:\Users\Public\Desktop\MFtools
[2010.11.14 12:05:54 | 000,000,000 | ---D | C] -- C:\Users\Julian\AppData\Roaming\ROUTE 66 Sync
[2010.11.14 12:05:50 | 000,000,000 | ---D | C] -- C:\Users\Julian\AppData\Local\ROUTE 66 Sync 9
[2010.11.14 12:00:38 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\ROUTE 66
[2010.11.14 11:57:51 | 000,000,000 | ---D | C] -- C:\Users\Julian\AppData\Local\Downloaded Installations
[2010.10.28 16:42:08 | 000,000,000 | ---D | C] -- C:\Users\Julian\Documents\LucasArts
[2010.10.28 16:42:08 | 000,000,000 | ---D | C] -- C:\Users\Julian\AppData\Local\LucasArts
[2010.10.27 18:10:32 | 000,000,000 | ---D | C] -- C:\Users\Julian\Documents\Samsung
[2010.10.27 18:02:43 | 000,123,648 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\sscemdm.sys
[2010.10.27 18:02:43 | 000,098,560 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\sscebus.sys
[2010.10.27 18:02:43 | 000,014,848 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\sscemdfl.sys
[2010.10.27 18:02:43 | 000,012,416 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\sscecmnt.sys
[2010.10.27 18:02:43 | 000,012,416 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\sscecm.sys
[2010.10.27 18:02:43 | 000,012,288 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\sscewhnt.sys
[2010.10.27 18:02:43 | 000,012,288 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\sscewh.sys
[2010.10.27 17:52:16 | 000,000,000 | ---D | C] -- C:\Users\Julian\AppData\Roaming\Samsung
[2010.10.27 17:52:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Samsung
[2010.10.27 17:52:01 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Samsung
[2010.10.24 16:37:36 | 000,000,000 | ---D | C] -- C:\Users\Julian\AppData\Local\FalloutNV
[2010.10.19 17:08:07 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2010.10.17 19:48:10 | 000,000,000 | ---D | C] -- C:\Windows\Sun
 
========== Files - Modified Within 30 Days ==========
 
[2010.11.14 23:32:27 | 000,050,477 | ---- | M] () -- C:\Users\Julian\Desktop\defogger.exe
[2010.11.14 23:32:26 | 000,288,107 | ---- | M] () -- C:\Users\Julian\Desktop\Gmer.zip
[2010.11.14 20:46:30 | 000,696,832 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2010.11.14 20:46:30 | 000,652,150 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010.11.14 20:46:30 | 000,148,128 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2010.11.14 20:46:30 | 000,121,082 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010.11.14 18:56:11 | 000,014,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010.11.14 18:56:11 | 000,014,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010.11.14 18:46:58 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.11.14 18:46:57 | 000,000,000 | ---- | M] () -- C:\Windows\System32\drivers\lvuvc.hs
[2010.11.14 18:46:52 | 2414,731,264 | -HS- | M] () -- C:\hiberfil.sys
[2010.11.14 12:00:48 | 000,002,016 | ---- | M] () -- C:\Users\Public\Desktop\ROUTE 66 Sync.lnk
[2010.11.12 15:15:26 | 000,137,976 | ---- | M] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2010.11.12 15:15:17 | 000,234,280 | ---- | M] () -- C:\Windows\System32\PnkBstrB.xtr
[2010.10.31 10:43:24 | 000,002,006 | ---- | M] () -- C:\aqua_bitmap.cpp
[2010.10.30 17:03:12 | 000,004,670 | ---- | M] () -- C:\Users\Julian\Documents\cc_20101030_180257.reg
[2010.10.30 17:01:11 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_wpdcomp_01_09_00.Wdf
[2010.10.30 16:20:11 | 000,136,244 | ---- | M] () -- C:\Users\Julian\Documents\cc_20101030_172000.reg
[2010.10.24 16:37:29 | 000,001,216 | ---- | M] () -- C:\Users\Public\Desktop\Fallout New Vegas.lnk
[2010.10.21 14:29:23 | 000,000,007 | ---- | M] () -- C:\Users\Julian\Desktop\101022-000033.rtf
[2010.10.18 16:24:01 | 000,017,718 | ---- | M] () -- C:\Users\Julian\Desktop\KARTEN!.odt
 
========== Files Created - No Company Name ==========
 
[2010.11.14 23:32:26 | 000,050,477 | ---- | C] () -- C:\Users\Julian\Desktop\defogger.exe
[2010.11.14 23:32:25 | 000,288,107 | ---- | C] () -- C:\Users\Julian\Desktop\Gmer.zip
[2010.11.14 12:00:48 | 000,002,016 | ---- | C] () -- C:\Users\Public\Desktop\ROUTE 66 Sync.lnk
[2010.10.30 17:02:59 | 000,004,670 | ---- | C] () -- C:\Users\Julian\Documents\cc_20101030_180257.reg
[2010.10.30 17:01:11 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_wpdcomp_01_09_00.Wdf
[2010.10.30 16:20:05 | 000,136,244 | ---- | C] () -- C:\Users\Julian\Documents\cc_20101030_172000.reg
[2010.10.27 17:51:23 | 000,002,006 | ---- | C] () -- C:\aqua_bitmap.cpp
[2010.10.24 16:37:29 | 000,001,216 | ---- | C] () -- C:\Users\Public\Desktop\Fallout New Vegas.lnk
[2010.10.21 14:29:23 | 000,000,007 | ---- | C] () -- C:\Users\Julian\Desktop\101022-000033.rtf
[2010.10.18 16:23:57 | 000,017,718 | ---- | C] () -- C:\Users\Julian\Desktop\KARTEN!.odt
[2010.08.17 00:59:48 | 000,000,032 | ---- | C] () -- C:\Windows\CD_Start.INI
[2010.06.03 13:50:40 | 000,000,375 | ---- | C] () -- C:\Users\Julian\AppData\Local\postgresinstall.bat
[2010.04.27 16:48:16 | 000,000,432 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2010.04.13 16:26:45 | 000,000,023 | ---- | C] () -- C:\Windows\BlendSettings.ini
[2010.04.02 16:17:34 | 000,179,091 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2010.03.24 17:27:16 | 000,073,728 | ---- | C] () -- C:\Windows\System32\RtNicProp.dll
[2010.02.21 00:58:13 | 000,082,289 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini
[2010.02.12 18:37:08 | 000,027,648 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll
[2009.12.20 15:05:44 | 000,015,873 | ---- | C] () -- C:\Windows\System32\Inetde.dll
[2009.11.25 16:50:25 | 000,691,696 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys
[2009.11.18 15:53:07 | 000,138,056 | ---- | C] () -- C:\Users\Julian\AppData\Roaming\PnkBstrK.sys
[2009.11.18 15:53:07 | 000,137,976 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2009.11.15 14:19:18 | 000,281,504 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys
[2009.11.15 14:19:17 | 000,025,888 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys
[2009.07.14 00:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[1996.04.03 20:33:26 | 000,005,248 | ---- | C] () -- C:\Windows\System32\giveio.sys
 
========== LOP Check ==========
 
[2010.09.29 21:28:10 | 000,000,000 | ---D | M] -- C:\Users\Julian\AppData\Roaming\Azureus
[2009.12.20 15:08:29 | 000,000,000 | ---D | M] -- C:\Users\Julian\AppData\Roaming\BOM
[2009.11.25 17:03:20 | 000,000,000 | ---D | M] -- C:\Users\Julian\AppData\Roaming\DAEMON Tools Lite
[2009.11.25 16:50:24 | 000,000,000 | ---D | M] -- C:\Users\Julian\AppData\Roaming\DAEMON Tools Pro
[2010.05.12 16:29:34 | 000,000,000 | ---D | M] -- C:\Users\Julian\AppData\Roaming\Degener
[2010.05.12 16:29:44 | 000,000,000 | ---D | M] -- C:\Users\Julian\AppData\Roaming\Ebner
[2010.10.02 13:33:40 | 000,000,000 | ---D | M] -- C:\Users\Julian\AppData\Roaming\foobar2000
[2010.11.12 18:26:32 | 000,000,000 | ---D | M] -- C:\Users\Julian\AppData\Roaming\ICQ
[2010.02.21 00:59:18 | 000,000,000 | ---D | M] -- C:\Users\Julian\AppData\Roaming\Leadertech
[2009.11.22 19:42:28 | 000,000,000 | ---D | M] -- C:\Users\Julian\AppData\Roaming\Miranda
[2010.03.29 20:05:14 | 000,000,000 | ---D | M] -- C:\Users\Julian\AppData\Roaming\Nokia
[2010.03.29 13:22:34 | 000,000,000 | ---D | M] -- C:\Users\Julian\AppData\Roaming\Notepad++
[2010.01.10 11:53:13 | 000,000,000 | ---D | M] -- C:\Users\Julian\AppData\Roaming\OpenOffice.org
[2010.03.29 19:43:33 | 000,000,000 | ---D | M] -- C:\Users\Julian\AppData\Roaming\PC Suite
[2010.11.14 12:05:55 | 000,000,000 | ---D | M] -- C:\Users\Julian\AppData\Roaming\ROUTE 66 Sync
[2010.11.06 16:27:15 | 000,000,000 | ---D | M] -- C:\Users\Julian\AppData\Roaming\Samsung
[2009.11.23 18:26:33 | 000,000,000 | ---D | M] -- C:\Users\Julian\AppData\Roaming\uTorrent
[2010.02.21 02:20:00 | 000,000,346 | ---- | M] () -- C:\Windows\Tasks\Driver Robot.job
[2010.11.12 18:24:25 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 

< End of report >
         

Alt 15.11.2010, 05:14   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
tr crypt.zpack.gen im Temp Ordner - Standard

tr crypt.zpack.gen im Temp Ordner



Zitat:
habe nach dem besuchen einer ominösen Seite
Was für ne Seite hast du da besucht?
__________________

__________________

Alt 15.11.2010, 14:36   #3
TrjPferd
 
tr crypt.zpack.gen im Temp Ordner - Standard

tr crypt.zpack.gen im Temp Ordner



Hallo, danke erstmal für die schnelle Antwort.
Die genaue Seite kann ich nicht mehr finden, auch nicht im Verlauf, der Fehler ist auch nicht mir sondern einem "totalem" Laien unterlaufen.
__________________

Alt 15.11.2010, 20:33   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
tr crypt.zpack.gen im Temp Ordner - Standard

tr crypt.zpack.gen im Temp Ordner



Zitat:
[2010.11.14 23:33:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
Wenn das Tool schon offensichtlich benutzt wurde, warum wurden die Logs nicht gepostet?
Bitte alle Logs posten, auch wenn keine Funde dabei waren!
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 15.11.2010, 20:43   #5
TrjPferd
 
tr crypt.zpack.gen im Temp Ordner - Standard

tr crypt.zpack.gen im Temp Ordner



Das Tool hat auch nach manuellem Update nur eine Fehlermeldung ausgespuckt und funktioniert nicht. Die Sperre des Taskmanagers find Ich ganz besonders schlimm.

Code:
ATTFilter
MBAM_ERROR_EXPANDING_VARIABLES (0,9)
         


Alt 15.11.2010, 21:24   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
tr crypt.zpack.gen im Temp Ordner - Standard

tr crypt.zpack.gen im Temp Ordner



Das schon probiert => http://www.trojaner-board.de/82699-m...tet-nicht.html
Ggf im Zusammenhang mit dem random installer probieren, falls man schon Probleme bei der Installation bzw. beim Download hat => http://malwarebytes.org/mbam-download-exe-random.php
__________________
--> tr crypt.zpack.gen im Temp Ordner

Alt 16.11.2010, 16:24   #7
TrjPferd
 
tr crypt.zpack.gen im Temp Ordner - Standard

tr crypt.zpack.gen im Temp Ordner



Der Fehler bleibt, zunächst während der Installation, und danach!

Alt 16.11.2010, 21:07   #8
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
tr crypt.zpack.gen im Temp Ordner - Standard

tr crypt.zpack.gen im Temp Ordner



Auch beim random installer und die mbam.exe unbenannt wurde??
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 16.11.2010, 21:41   #9
TrjPferd
 
tr crypt.zpack.gen im Temp Ordner - Standard

tr crypt.zpack.gen im Temp Ordner



Ja, beides ausprobiert, das ändert nichts daran.

Alt 16.11.2010, 22:43   #10
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
tr crypt.zpack.gen im Temp Ordner - Standard

tr crypt.zpack.gen im Temp Ordner



Beende alle Programme, starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:
ATTFilter
:OTL
DRV - File not found [Kernel | Auto | Stopped] -- C:\Windows\System32\DRIVERS\BT848.sys -- (BT848)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O4 - HKLM..\Run: []  File not found
O4 - HKCU..\Run: [sGYdOWNVnv.exe] C:\Users\Julian\AppData\Local\Temp\sGYdOWNVnv.exe File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2010.02.10 02:55:59 | 000,423,304 | R--- | M] (Electronic Arts) - D:\AutoRun.exe -- [ CDFS ]
O32 - AutoRun File - [2010.02.10 07:21:09 | 000,000,000 | ---D | M] - D:\Autorun -- [ CDFS ]
O32 - AutoRun File - [2010.01.31 09:21:13 | 000,367,686 | R--- | M] () - D:\Autorun.ico -- [ CDFS ]
O32 - AutoRun File - [2010.02.10 03:55:03 | 009,965,568 | R--- | M] () - D:\autorun.dat -- [ CDFS ]
O32 - AutoRun File - [2010.02.10 03:54:55 | 000,000,155 | R--- | M] () - D:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{1a216b38-e4c7-11de-8d23-edf966cd8af4}\Shell - "" = AutoRun
O33 - MountPoints2\{1a216b38-e4c7-11de-8d23-edf966cd8af4}\Shell\AutoRun\command - "" = F:\autorun.exe -- File not found
O33 - MountPoints2\{4474ce59-d794-11dd-bcc1-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{4474ce59-d794-11dd-bcc1-806e6f6e6963}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- [2010.02.10 02:55:59 | 000,423,304 | R--- | M] (Electronic Arts)
:Commands
[purity]
[resethosts]
[emptytemp]
         
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 17.11.2010, 14:22   #11
TrjPferd
 
tr crypt.zpack.gen im Temp Ordner - Standard

tr crypt.zpack.gen im Temp Ordner



Code:
ATTFilter
All processes killed
========== OTL ==========
Service BT848 stopped successfully!
Service BT848 deleted successfully!
File C:\Windows\System32\DRIVERS\BT848.sys not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\sGYdOWNVnv.exe deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\autoexec.bat moved successfully.
File move failed. D:\AutoRun.exe scheduled to be moved on reboot.
File  not found.
File move failed. D:\Autorun.ico scheduled to be moved on reboot.s
File move failed. D:\autorun.dat scheduled to be moved on reboot.
File move failed. D:\autorun.inf scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1a216b38-e4c7-11de-8d23-edf966cd8af4}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1a216b38-e4c7-11de-8d23-edf966cd8af4}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1a216b38-e4c7-11de-8d23-edf966cd8af4}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1a216b38-e4c7-11de-8d23-edf966cd8af4}\ not found.
File F:\autorun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4474ce59-d794-11dd-bcc1-806e6f6e6963}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4474ce59-d794-11dd-bcc1-806e6f6e6963}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4474ce59-d794-11dd-bcc1-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4474ce59-d794-11dd-bcc1-806e6f6e6963}\ not found.
File move failed. D:\AutoRun.exe scheduled to be moved on reboot.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
[EMPTYTEMP]
 
User: Administrator
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Gast
 
User: HomeGroupUser$
 
User: Julian
->Temp folder emptied: 668475 bytes
->Temporary Internet Files folder emptied: 4908667 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 96198118 bytes
->Flash cache emptied: 2016 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 3696 bytes
RecycleBin emptied: 2541116 bytes
 
Total Files Cleaned = 99,00 mb
 
 
OTL by OldTimer - Version 3.2.17.3 log created on 11172010_151728

Files\Folders moved on Reboot...
File move failed. D:\AutoRun.exe scheduled to be moved on reboot.
File move failed. D:\Autorun.ico scheduled to be moved on reboot.
File move failed. D:\autorun.dat scheduled to be moved on reboot.
File move failed. D:\autorun.inf scheduled to be moved on reboot.

Registry entries deleted on Reboot...
         
Danke schonmal.

Alt 17.11.2010, 15:12   #12
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
tr crypt.zpack.gen im Temp Ordner - Standard

tr crypt.zpack.gen im Temp Ordner



Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Lade dir ComboFix hier herunter auf deinen Desktop. Benenne es beim Runterladen um in cofi.exe.
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 17.11.2010, 15:27   #13
TrjPferd
 
tr crypt.zpack.gen im Temp Ordner - Standard

tr crypt.zpack.gen im Temp Ordner



Code:
ATTFilter
ComboFix 10-11-16.06 - Julian 17.11.2010  16:21:59.1.2 - x86
Microsoft Windows 7 Ultimate   6.1.7600.0.1252.49.1031.18.3070.1972 [GMT 1:00]
ausgeführt von:: c:\users\Julian\Desktop\cofi.exe
.

(((((((((((((((((((((((   Dateien erstellt von 2010-10-17 bis 2010-11-17  ))))))))))))))))))))))))))))))
.

2010-11-17 15:25 . 2010-11-17 15:25	--------	d-----w-	c:\users\Default\AppData\Local\temp
2010-11-17 14:17 . 2010-11-17 14:17	--------	d-----w-	C:\_OTL
2010-11-16 21:41 . 2010-04-29 14:39	38224	----a-w-	c:\windows\system32\drivers\mbamswissarmy.sys
2010-11-16 21:41 . 2010-04-29 14:39	20952	----a-w-	c:\windows\system32\drivers\mbam.sys
2010-11-16 15:57 . 2010-10-07 23:21	6146896	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{0127E211-0554-4D32-A2D1-616A8BB560A8}\mpengine.dll
2010-11-14 22:33 . 2010-11-14 22:33	--------	d-----w-	c:\programdata\Malwarebytes
2010-11-14 11:05 . 2010-11-14 11:05	--------	d-----w-	c:\users\Julian\AppData\Roaming\ROUTE 66 Sync
2010-11-14 11:05 . 2010-11-17 14:19	--------	d-----w-	c:\users\Julian\AppData\Local\ROUTE 66 Sync 9
2010-11-14 11:00 . 2010-11-14 11:00	--------	d-----w-	c:\program files\Common Files\ROUTE 66
2010-11-14 10:57 . 2010-11-14 10:57	--------	d-----w-	c:\users\Julian\AppData\Local\Downloaded Installations
2010-10-28 15:42 . 2010-10-28 15:42	--------	d-----w-	c:\users\Julian\AppData\Local\LucasArts
2010-10-27 17:02 . 2010-04-27 02:25	98560	----a-w-	c:\windows\system32\drivers\sscebus.sys
2010-10-27 17:02 . 2010-04-27 02:25	14848	----a-w-	c:\windows\system32\drivers\sscemdfl.sys
2010-10-27 17:02 . 2010-04-27 02:25	12416	----a-w-	c:\windows\system32\drivers\sscecmnt.sys
2010-10-27 17:02 . 2010-04-27 02:25	12416	----a-w-	c:\windows\system32\drivers\sscecm.sys
2010-10-27 17:02 . 2010-04-27 02:25	123648	----a-w-	c:\windows\system32\drivers\sscemdm.sys
2010-10-27 17:02 . 2010-04-27 02:25	12288	----a-w-	c:\windows\system32\drivers\sscewhnt.sys
2010-10-27 17:02 . 2010-04-27 02:25	12288	----a-w-	c:\windows\system32\drivers\sscewh.sys
2010-10-27 16:52 . 2010-11-06 15:27	--------	d-----w-	c:\users\Julian\AppData\Roaming\Samsung
2010-10-27 16:52 . 2010-11-06 15:27	--------	d-----w-	c:\programdata\Samsung
2010-10-27 16:52 . 2010-10-27 16:52	--------	d-----w-	c:\program files\Common Files\Samsung
2010-10-27 09:55 . 2010-08-04 06:18	641536	----a-w-	c:\windows\system32\CPFilters.dll
2010-10-27 09:55 . 2010-08-04 06:17	417792	----a-w-	c:\windows\system32\msdri.dll
2010-10-27 09:55 . 2010-08-04 06:15	204288	----a-w-	c:\windows\system32\MSNP.ax
2010-10-27 09:55 . 2010-08-04 06:15	199680	----a-w-	c:\windows\system32\mpg2splt.ax
2010-10-27 09:55 . 2010-07-13 05:22	26504	----a-w-	c:\windows\system32\drivers\Diskdump.sys
2010-10-24 15:37 . 2010-10-24 15:37	--------	d-----w-	c:\users\Julian\AppData\Local\FalloutNV

.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-12 14:15 . 2009-11-18 14:53	137976	----a-w-	c:\windows\system32\drivers\PnkBstrK.sys
2010-11-12 14:15 . 2009-11-18 14:56	234280	----a-w-	c:\windows\system32\PnkBstrB.xtr
2010-11-12 14:15 . 2009-11-18 14:52	234280	----a-w-	c:\windows\system32\PnkBstrB.exe
2010-10-19 09:41 . 2009-11-17 18:52	222080	------w-	c:\windows\system32\MpSigStub.exe
2010-10-13 07:47 . 2010-10-13 07:47	526336	----a-w-	c:\programdata\Microsoft\Windows\Templates\NPSDCACHINA2HSP.dll
2010-10-13 07:47 . 2010-10-13 07:47	254464	----a-w-	c:\programdata\Microsoft\Windows\Templates\DCACDMAVIA.dll
2010-10-13 07:46 . 2010-10-13 07:46	299008	----a-w-	c:\programdata\Microsoft\Windows\Templates\BackupRestoreWM.dll
2010-10-13 07:42 . 2010-10-13 07:42	200192	----a-w-	c:\programdata\Microsoft\Windows\Templates\DeviceSearch.dll
2010-10-13 07:42 . 2010-10-13 07:42	1017856	----a-w-	c:\programdata\Microsoft\Windows\Templates\DCAPARAGONATOBEX.dll
2010-10-13 07:41 . 2010-10-13 07:41	622080	----a-w-	c:\programdata\Microsoft\Windows\Templates\DevFileService.dll
2010-10-13 07:41 . 2010-10-13 07:41	578048	----a-w-	c:\programdata\Microsoft\Windows\Templates\SyncService.dll
2010-10-13 07:40 . 2010-10-13 07:40	1205248	----a-w-	c:\programdata\Microsoft\Windows\Templates\DCAPARAGONOBEX.dll
2010-10-13 07:40 . 2010-10-13 07:40	1092096	----a-w-	c:\programdata\Microsoft\Windows\Templates\DCAKOREAMITSOBEX.dll
2010-10-13 07:40 . 2010-10-13 07:40	800768	----a-w-	c:\programdata\Microsoft\Windows\Templates\DCAPARAGONGM.dll
2010-10-13 07:39 . 2010-10-13 07:39	271360	----a-w-	c:\programdata\Microsoft\Windows\Templates\DeviceDataService.exe
2010-10-13 07:39 . 2010-10-13 07:39	33280	----a-w-	c:\programdata\Microsoft\Windows\Templates\FUSBCommander.exe
2010-10-13 07:38 . 2010-10-13 07:38	919040	----a-w-	c:\programdata\Microsoft\Windows\Templates\DCAMITSOBEX.dll
2010-10-13 07:38 . 2010-10-13 07:38	640000	----a-w-	c:\programdata\Microsoft\Windows\Templates\DCASW.dll
2010-10-13 07:38 . 2010-10-13 07:38	15872	----a-w-	c:\programdata\Microsoft\Windows\Templates\IPCLib.dll
2010-10-13 07:38 . 2010-10-13 07:38	230912	----a-w-	c:\programdata\Microsoft\Windows\Templates\BackupRestoreLib.dll
2010-10-13 07:38 . 2010-10-13 07:38	506368	----a-w-	c:\programdata\Microsoft\Windows\Templates\DCAKOREAHSP.dll
2010-10-13 07:37 . 2010-10-13 07:37	332800	----a-w-	c:\programdata\Microsoft\Windows\Templates\DCAHSP.dll
2010-10-13 07:37 . 2010-10-13 07:37	434688	----a-w-	c:\programdata\Microsoft\Windows\Templates\DCASYM.dll
2010-10-13 07:37 . 2010-10-13 07:37	820224	----a-w-	c:\programdata\Microsoft\Windows\Templates\DCAGMOBEX.dll
2010-10-13 07:37 . 2010-10-13 07:37	748544	----a-w-	c:\programdata\Microsoft\Windows\Templates\DCADU.dll
2010-10-13 07:37 . 2010-10-13 07:37	584192	----a-w-	c:\programdata\Microsoft\Windows\Templates\DCACHINAHSP.dll
2010-10-13 07:36 . 2010-10-13 07:36	905728	----a-w-	c:\programdata\Microsoft\Windows\Templates\DCAATOBEX.dll
2010-10-13 07:36 . 2010-10-13 07:36	763392	----a-w-	c:\programdata\Microsoft\Windows\Templates\DCAWM.dll
2010-10-13 07:36 . 2010-10-13 07:36	528384	----a-w-	c:\programdata\Microsoft\Windows\Templates\DCAGM.dll
2010-10-13 07:36 . 2010-10-13 07:36	1007104	----a-w-	c:\programdata\Microsoft\Windows\Templates\DCAOBEX.dll
2010-10-13 07:36 . 2010-10-13 07:36	461824	----a-w-	c:\programdata\Microsoft\Windows\Templates\DCAATCDMA.dll
2010-10-13 07:35 . 2010-10-13 07:35	626688	----a-w-	c:\programdata\Microsoft\Windows\Templates\DeviceManager.exe
2010-10-13 07:34 . 2010-10-13 07:34	59904	----a-w-	c:\programdata\Microsoft\Windows\Templates\DeviceCommunication.dll
2010-10-13 07:34 . 2010-10-13 07:34	18944	----a-w-	c:\programdata\Microsoft\Windows\Templates\HSPConnection.exe
2010-10-13 07:34 . 2010-10-13 07:34	142336	----a-w-	c:\programdata\Microsoft\Windows\Templates\ConnectionManager.exe
2010-10-13 07:34 . 2010-10-13 07:34	152576	----a-w-	c:\programdata\Microsoft\Windows\Templates\THNRProghelp.dll
2010-10-13 07:34 . 2010-10-13 07:34	281088	----a-w-	c:\programdata\Microsoft\Windows\Templates\MObexDll.dll
2010-10-13 07:33 . 2010-10-13 07:33	182784	----a-w-	c:\programdata\Microsoft\Windows\Templates\DeviceServiceCBT.dll
2010-10-13 07:33 . 2010-10-13 07:33	97792	----a-w-	c:\programdata\Microsoft\Windows\Templates\DeviceServiceHSPAgent.dll
2010-10-13 07:33 . 2010-10-13 07:33	58880	----a-w-	c:\programdata\Microsoft\Windows\Templates\DeviceServiceModelDB.dll
2010-10-13 07:33 . 2010-10-13 07:33	47616	----a-w-	c:\programdata\Microsoft\Windows\Templates\DeviceServiceCore.dll
2010-10-13 06:53 . 2010-10-13 06:53	907776	----a-w-	c:\programdata\Microsoft\Windows\Templates\DCAMITS2OBEX.dll
2010-10-13 06:47 . 2010-10-13 06:47	66560	----a-w-	c:\programdata\Microsoft\Windows\Templates\DeviceErrorRecovery.dll
2010-09-15 08:42 . 2010-09-15 08:42	904192	----a-w-	c:\programdata\Microsoft\Windows\Templates\JSRHandler_SP.dll
2010-09-15 08:42 . 2010-09-15 08:42	7168	----a-w-	c:\programdata\Microsoft\Windows\Templates\PBRefresher.exe
2010-09-15 08:42 . 2010-09-15 08:42	712704	----a-w-	c:\programdata\Microsoft\Windows\Templates\SHOWDRM_UCC.dll
2010-09-15 08:42 . 2010-09-15 08:42	598912	----a-w-	c:\programdata\Microsoft\Windows\Templates\NPSRapiServer_k2.dll
2010-09-15 08:42 . 2010-09-15 08:42	596864	----a-w-	c:\programdata\Microsoft\Windows\Templates\NPSRapiServer_f.dll
2010-09-15 08:42 . 2010-09-15 08:42	595840	----a-w-	c:\programdata\Microsoft\Windows\Templates\NPSRapiServer_k2_a.dll
2010-09-15 08:42 . 2010-09-15 08:42	578944	----a-w-	c:\programdata\Microsoft\Windows\Templates\NPSRapiServer.dll
2010-09-15 08:42 . 2010-09-15 08:42	567168	----a-w-	c:\programdata\Microsoft\Windows\Templates\NPSRapiServer_l.dll
2010-09-15 08:42 . 2010-09-15 08:42	482816	----a-w-	c:\programdata\Microsoft\Windows\Templates\JSRHandler.dll
2010-09-15 08:42 . 2010-09-15 08:42	36864	----a-w-	c:\programdata\Microsoft\Windows\Templates\ConvLunar.dll
2010-09-15 08:42 . 2010-09-15 08:42	35328	----a-w-	c:\programdata\Microsoft\Windows\Templates\BackupSYM.dll
2010-09-15 08:42 . 2010-09-15 08:42	242176	----a-w-	c:\programdata\Microsoft\Windows\Templates\FsDeviceLib64Ex.dll
2010-09-15 08:42 . 2010-09-15 08:42	237568	----a-w-	c:\programdata\Microsoft\Windows\Templates\drmcm.dll
2010-09-15 08:42 . 2010-09-15 08:42	16896	----a-w-	c:\programdata\Microsoft\Windows\Templates\ksmsbackupapi_l.dll
2010-09-15 08:42 . 2010-09-15 08:42	14408	----a-w-	c:\programdata\Microsoft\Windows\Templates\SetupNPSRapiServer_GT-B7320.exe
2010-09-15 08:42 . 2010-09-15 08:42	13880	----a-w-	c:\programdata\Microsoft\Windows\Templates\SetupNPSRapiServer.exe
2010-09-15 08:42 . 2010-09-15 08:42	12800	----a-w-	c:\programdata\Microsoft\Windows\Templates\ksmsbackupapi_f.dll
2010-09-15 08:42 . 2010-09-15 08:42	103424	----a-w-	c:\programdata\Microsoft\Windows\Templates\UPNPDevice_Kies.dll
2010-09-15 08:42 . 2010-09-15 08:42	487424	----a-w-	c:\programdata\Microsoft\Windows\Templates\PxtrMP4S.dll
2010-09-15 08:42 . 2010-09-15 08:42	348160	----a-w-	c:\programdata\Microsoft\Windows\Templates\msvcr71.dll
2010-09-15 08:42 . 2010-09-15 08:42	283136	----a-w-	c:\programdata\Microsoft\Windows\Templates\PxtrVDF.dll
2010-09-15 08:42 . 2010-09-15 08:42	2400768	----a-w-	c:\programdata\Microsoft\Windows\Templates\HTH264VD.dll
2010-09-15 08:42 . 2010-09-15 08:42	122880	----a-w-	c:\programdata\Microsoft\Windows\Templates\PT_AACAD.dll
2010-09-15 08:42 . 2010-09-15 08:42	114688	----a-w-	c:\programdata\Microsoft\Windows\Templates\PxtrAACD.dll
2010-09-15 08:41 . 2010-09-15 08:41	413696	----a-w-	c:\programdata\Microsoft\Windows\Templates\msvcp60.dll
2010-09-15 08:41 . 2010-09-15 08:41	23040	----a-w-	c:\programdata\Microsoft\Windows\Templates\psapi.dll
2010-09-15 08:41 . 2010-09-15 08:41	511328	----a-w-	c:\windows\system32\Synchronization2.dll
2010-09-15 08:41 . 2010-09-15 08:41	288608	----a-w-	c:\windows\system32\Microsoft.Synchronization.dll
2010-09-15 08:41 . 2010-09-15 08:41	253280	----a-w-	c:\windows\system32\MetaStore2.dll
2010-09-15 08:40 . 2010-09-15 08:40	204288	----a-w-	c:\programdata\Microsoft\Windows\Templates\CmdAgent.dll
2010-09-15 08:38 . 2010-09-15 08:38	657408	----a-w-	c:\programdata\Microsoft\Windows\Templates\DeviceServiceCBTD.dll
2010-09-15 08:38 . 2010-09-15 08:38	416768	----a-w-	c:\programdata\Microsoft\Windows\Templates\libMediaTranscoderDLL.dll
2010-09-15 08:38 . 2010-09-15 08:38	32256	----a-w-	c:\programdata\Microsoft\Windows\Templates\IPCLibD.dll
2010-09-15 08:38 . 2010-09-15 08:38	299105	----a-w-	c:\programdata\Microsoft\Windows\Templates\NEDEncoderD.dll
2010-09-15 08:38 . 2010-09-15 08:38	2023936	----a-w-	c:\programdata\Microsoft\Windows\Templates\libMediaTranscoderDLLD.dll
2010-09-15 08:38 . 2010-09-15 08:38	1905664	----a-w-	c:\programdata\Microsoft\Windows\Templates\MObexDllD.dll
2010-09-15 08:37 . 2010-09-15 08:37	319456	----a-w-	c:\programdata\Microsoft\Windows\Templates\DIFxAPI.dll
2010-09-15 08:37 . 2010-09-15 08:37	208896	----a-w-	c:\programdata\Microsoft\Windows\Templates\HSPIO.dll
2010-09-15 08:33 . 2010-09-15 08:33	10752	----a-w-	c:\programdata\Microsoft\Windows\Templates\DllReg.exe
2010-09-15 08:33 . 2010-09-15 08:33	36640	----a-w-	c:\programdata\Microsoft\Windows\Templates\FsUsbExDisk.sys
2010-09-15 08:33 . 2010-09-15 08:33	341960	----a-w-	c:\programdata\Microsoft\Windows\Templates\FsAdmin64.exe
2010-09-15 08:33 . 2010-09-15 08:33	217088	----a-w-	c:\programdata\Microsoft\Windows\Templates\FsUsbExService.exe
2010-09-15 08:33 . 2010-09-15 08:33	214544	----a-w-	c:\programdata\Microsoft\Windows\Templates\FsUsbExAdmin.exe
2010-09-15 08:33 . 2010-09-15 08:33	207360	----a-w-	c:\programdata\Microsoft\Windows\Templates\FsDeviceLib64.dll
2010-09-15 08:33 . 2010-09-15 08:33	20480	----a-w-	c:\programdata\Microsoft\Windows\Templates\FsExService64.exe
2010-09-15 08:33 . 2010-09-15 08:33	16392	----a-w-	c:\programdata\Microsoft\Windows\Templates\TFsExDisk.sys
2010-09-15 08:33 . 2010-09-15 08:33	126976	----a-w-	c:\programdata\Microsoft\Windows\Templates\FsUsbExDeviceLib.dll
2010-09-15 08:33 . 2010-09-15 08:33	110592	----a-w-	c:\programdata\Microsoft\Windows\Templates\FsUsbExDevice.Dll
2010-09-08 04:30 . 2010-10-13 17:43	978432	----a-w-	c:\windows\system32\wininet.dll
2010-09-08 04:28 . 2010-10-13 17:43	44544	----a-w-	c:\windows\system32\licmgr10.dll
2010-09-08 03:22 . 2010-10-13 17:43	386048	----a-w-	c:\windows\system32\html.iec
2010-09-08 02:48 . 2010-10-13 17:43	1638912	----a-w-	c:\windows\system32\mshtml.tlb
2010-09-01 04:23 . 2010-10-13 17:42	12625408	----a-w-	c:\windows\system32\wmploc.DLL
2010-09-01 02:34 . 2010-10-13 17:42	2327552	----a-w-	c:\windows\system32\win32k.sys
2010-08-31 04:32 . 2010-10-13 17:42	954752	----a-w-	c:\windows\system32\mfc40.dll
2010-08-31 04:32 . 2010-10-13 17:42	954288	----a-w-	c:\windows\system32\mfc40u.dll
2010-08-27 19:31 . 2009-11-16 17:47	1113408	----a-w-	c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2006-05-03 10:06	163328	--sh--r-	c:\windows\System32\flvDX.dll
2007-02-21 11:47	31232	--sh--r-	c:\windows\System32\msfDX.dll
2008-03-16 13:30	216064	--sh--r-	c:\windows\System32\nbDX.dll
.

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\programme\DAEMON Tools Lite\DTLite.exe" [2009-10-30 369200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\programme\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"RivaTunerStartupDaemon"="c:\programme\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTunerWrapper.exe" [2009-08-22 24576]
"ROUTE66Sync"="c:\programme\ROUTE 66\ROUTE 66 Sync\Sync9Loader.exe" [2010-06-29 176128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^NETGEAR WG111v3 Setup-Assistent.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\NETGEAR WG111v3 Setup-Assistent.lnk
backup=c:\windows\pss\NETGEAR WG111v3 Setup-Assistent.lnk.CommonStartup
backupExtension=.CommonStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-09-21 18:37	932288	----a-w-	c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-10-03 03:08	35696	----a-w-	c:\programme\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2007-06-27 18:03	152872	----a-w-	c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2009-10-30 11:57	369200	----a-w-	c:\programme\DAEMON Tools Lite\DTLite.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ]
2009-11-16 08:36	172792	----a-w-	c:\program files\ICQ6\ICQ6.5\ICQ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-03-25 23:10	142120	----a-w-	c:\programme\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2009-07-26 15:44	3883840	----a-w-	c:\program files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2007-03-01 14:57	153136	----a-w-	c:\program files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-03-17 19:53	421888	----a-w-	c:\programme\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RivaTunerStartupDaemon]
2009-08-22 18:25	24576	----a-w-	c:\programme\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTunerWrapper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2010-09-02 13:15	13351304	----a-r-	c:\program files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2010-10-23 11:40	1242448	----a-w-	c:\programme\Steam\steam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-01-10 10:36	149280	----a-w-	c:\programme\Java\jre6\bin\jusched.exe

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys [x]
R3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2010-02-26 137344]
R3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [2010-02-26 8320]
R3 Ph3xIB32;Philips 713x Inbox PCI TV Card;c:\windows\system32\DRIVERS\Ph3xIB32.sys [2009-07-13 1311232]
R3 RTL8167;Realtek 8167 NT-Treiber;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-07-13 139776]
R3 RTL8187B;NETGEAR WG111v3 Wireless-G USB Adapter Win7 Driver;c:\windows\system32\DRIVERS\wg111v3.sys [2009-11-18 376832]
R3 sscebus;SAMSUNG USB Composite Device V2 driver (WDM);c:\windows\system32\DRIVERS\sscebus.sys [2010-04-27 98560]
R3 sscemdfl;SAMSUNG Mobile Modem V2 Filter;c:\windows\system32\DRIVERS\sscemdfl.sys [2010-04-27 14848]
R3 sscemdm;SAMSUNG Mobile Modem V2 Drivers;c:\windows\system32\DRIVERS\sscemdm.sys [2010-04-27 123648]
R3 TEAM;Realtek Virtual Miniport Driver for Teaming (NDIS 6.0);c:\windows\system32\DRIVERS\RtTeam60.sys [x]
R3 VLAN;Realtek Virtual Miniport Driver for VLAN (NDIS 6.2);c:\windows\system32\DRIVERS\RtVLAN60.sys [x]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2009-11-25 691696]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\programme\Avira\AntiVir Desktop\sched.exe [2009-05-13 108289]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-07-09 248936]
S3 DLKRT32;D-Link DGE-528T Gigabit Ethernet Adapter Driver;c:\windows\system32\DRIVERS\DLKRT32.sys [2009-08-06 167936]

.
Inhalt des "geplante Tasks" Ordners
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://start.icq.com/
uInternet Settings,ProxyOverride = *.local
DPF: {140E4DF8-9E14-4A34-9577-C77561ED7883} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.1.71.0.cab
DPF: {B8A48F42-30E1-48f8-AE87-7BD7C75DB8AA} - hxxp://www.systemrequirementslab.com/srl_bin/sysreqlab_test.cab
FF - ProfilePath - c:\users\Julian\AppData\Roaming\Mozilla\Firefox\Profiles\2ef4xmbb.default\
FF - prefs.js: browser.startup.homepage - hxxp://web.de/
FF - plugin: c:\programdata\id Software\QuakeLive\npquakezero.dll
FF - plugin: c:\programme\Mozilla Firefox\plugins\npwachk.dll
FF - plugin: c:\programme\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: c:\programme\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: c:\users\Julian\AppData\Roaming\Mozilla\Firefox\Profiles\2ef4xmbb.default\extensions\battlefieldheroespatcher@ea.com\platform\WINNT_x86-msvc\plugins\npBFHUpdater.dll

---- FIREFOX Richtlinien ----
c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true); 
c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); 
c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true);  // Traditional
c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true);  // Simplified
c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -

AddRemove-01_Simmental - c:\program files\Samsung\USB Drivers\01_Simmental\Uninstall.exe
AddRemove-02_Siberian - c:\program files\Samsung\USB Drivers\02_Siberian\Uninstall.exe
AddRemove-03_Swallowtail - c:\program files\Samsung\USB Drivers\03_Swallowtail\Uninstall.exe
AddRemove-04_semseyite - c:\program files\Samsung\USB Drivers\04_semseyite\Uninstall.exe
AddRemove-07_Schorl - c:\program files\Samsung\USB Drivers\07_Schorl\Uninstall.exe
AddRemove-09_Hsp - c:\program files\Samsung\USB Drivers\09_Hsp\Uninstall.exe
AddRemove-11_HSP_Plus_Default - c:\program files\Samsung\USB Drivers\11_HSP_Plus_Default\Uninstall.exe
AddRemove-12_Symbian_USB_Download_Driver - c:\program files\Samsung\USB Drivers\12_Symbian_USB_Download_Driver\Uninstall.exe
AddRemove-15_Symbian_Samsung_PC_DLC_Driver - c:\program files\Samsung\USB Drivers\15_Symbian_Samsung_PC_DLC_Driver\Uninstall.exe
AddRemove-16_Shrewsbury - c:\program files\Samsung\USB Drivers\16_Shrewsbury\Uninstall.exe


.
--------------------- Gesperrte Registrierungsschluessel ---------------------

[HKEY_USERS\S-1-5-21-239202734-4043522191-3066779163-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
"??"=hex:2d,3e,1b,35,bc,cd,0f,0a,c6,73,dc,91,dc,42,de,8f,54,de,a0,f4,3d,80,b2,
   d2,22,f0,38,8f,a8,c7,1d,fd,5a,97,43,7f,5d,76,20,c6,9d,27,b2,d3,c4,14,da,97,\
"??"=hex:e5,ce,93,33,38,6e,29,51,7e,f6,c6,24,4f,f0,d7,31

[HKEY_USERS\S-1-5-21-239202734-4043522191-3066779163-1000\Software\SecuROM\License information*]
"datasecu"=hex:61,85,f9,d0,48,e5,7e,ee,e9,cf,e3,1e,40,e5,f6,7c,42,23,e4,96,3c,
   4b,71,fa,19,b3,bd,f4,5f,49,7a,ba,bb,38,df,5b,d5,01,07,2c,52,ab,a3,19,fc,6a,\
"rkeysecu"=hex:dd,5a,b5,21,90,9d,1a,a8,19,e7,cd,16,7c,fc,17,e2

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2010-11-17  16:26:20
ComboFix-quarantined-files.txt  2010-11-17 15:26

Vor Suchlauf: 10 Verzeichnis(se), 52.976.398.336 Bytes frei
Nach Suchlauf: 14 Verzeichnis(se), 52.496.814.080 Bytes frei

- - End Of File - - 5D3A9E9CB91F57261A717D2EA55BD33F
         
CCleaner hat keine Fehlermeldung ausgespuckt, beides sauber gelaufen.

Grüße & Danke

Alt 17.11.2010, 18:05   #14
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
tr crypt.zpack.gen im Temp Ordner - Standard

tr crypt.zpack.gen im Temp Ordner



Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.


Downloade Dir danach bitte MBRCheck (by a_d_13) und speichere die Datei auf dem Desktop.
  • Doppelklick auf die MBRCheck.exe.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Das Tool braucht nur eine Sekunde.
  • Danach solltest du eine MBRCheck_<Datum>_<Uhrzeit>.txt auf dem Desktop finden.
Poste mir bitte den Inhalt des .txt Dokumentes
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 18.11.2010, 15:30   #15
TrjPferd
 
tr crypt.zpack.gen im Temp Ordner - Standard

tr crypt.zpack.gen im Temp Ordner



GMER
Code:
ATTFilter
GMER 1.0.15.15530 - hxxp://www.gmer.net
Rootkit scan 2010-11-18 16:30:03
Windows 6.1.7600  Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T1L0-7 ST3160827AS rev.3.42
Running: gmer.exe; Driver: C:\Users\Julian\AppData\Local\Temp\uxryqpod.sys


---- System - GMER 1.0.15 ----

SSDT            96DE22E4                                                                                                            ZwCreateThread
SSDT            96DE22D0                                                                                                            ZwOpenProcess
SSDT            96DE22D5                                                                                                            ZwOpenThread
SSDT            96DE22DF                                                                                                            ZwTerminateProcess

---- Kernel code sections - GMER 1.0.15 ----

.text           ntkrnlpa.exe!ZwSaveKeyEx + 13AD                                                                                     82E4D599 1 Byte  [06]
.text           ntkrnlpa.exe!KiDispatchInterrupt + 5A2                                                                              82E71F52 19 Bytes  [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text           ntkrnlpa.exe!RtlSidHashLookup + 34C                                                                                 82E7985C 4 Bytes  [E4, 22, DE, 96]
.text           ntkrnlpa.exe!RtlSidHashLookup + 4E8                                                                                 82E799F8 4 Bytes  [D0, 22, DE, 96]
.text           ntkrnlpa.exe!RtlSidHashLookup + 508                                                                                 82E79A18 4 Bytes  [D5, 22, DE, 96]
.text           ntkrnlpa.exe!RtlSidHashLookup + 7B8                                                                                 82E79CC8 4 Bytes  [DF, 22, DE, 96]
?               System32\Drivers\spbu.sys                                                                                           Das System kann den angegebenen Pfad nicht finden. !
.text           USBPORT.SYS!DllUnload                                                                                               925B9CA0 5 Bytes  JMP 86AAA1D8 
.text           aeylrkox.SYS                                                                                                        97234000 12 Bytes  [44, F8, 21, 83, EE, F6, 21, ...]
.text           aeylrkox.SYS                                                                                                        9723400D 9 Bytes  [D7, 21, 83, 48, FB, 21, 83, ...] {XLATB ; AND [EBX-0x7cde04b8], EAX; ADD [EAX], AL}
.text           aeylrkox.SYS                                                                                                        97234017 20 Bytes  [00, DE, 17, 53, 8B, E6, 15, ...]
.text           aeylrkox.SYS                                                                                                        9723402C 149 Bytes  [00, 00, 00, 00, D0, 81, E4, ...]
.text           aeylrkox.SYS                                                                                                        972340C3 8 Bytes  [00, 00, 00, 00, 00, 00, 00, ...] {ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL}
.text           ...                                                                                                                 
.text           C:\Windows\system32\DRIVERS\atksgt.sys                                                                              section is writeable [0xA076D300, 0x3B638, 0xE8000020]
.text           C:\Windows\system32\DRIVERS\lirsgt.sys                                                                              section is writeable [0xA07B0300, 0x1BEE, 0xE8000020]

---- User code sections - GMER 1.0.15 ----

.text           C:\Programme\Mozilla Firefox\plugin-container.exe[2392] USER32.dll!TrackPopupMenu                                   75B94B3B 5 Bytes  JMP 6C295CF5 C:\Programme\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text           C:\Programme\Mozilla Firefox\firefox.exe[3320] ntdll.dll!LdrLoadDll                                                 776BF625 5 Bytes  JMP 008213F0 C:\Programme\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation)

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT             \SystemRoot\system32\DRIVERS\atapi.sys[ataport.SYS!AtaPortReadPortUchar]                                            [8B435042] \SystemRoot\System32\Drivers\spbu.sys
IAT             \SystemRoot\system32\DRIVERS\atapi.sys[ataport.SYS!AtaPortWritePortUchar]                                           [8B4356D6] \SystemRoot\System32\Drivers\spbu.sys
IAT             \SystemRoot\system32\DRIVERS\atapi.sys[ataport.SYS!AtaPortWritePortBufferUshort]                                    [8B435800] \SystemRoot\System32\Drivers\spbu.sys
IAT             \SystemRoot\system32\DRIVERS\atapi.sys[ataport.SYS!AtaPortReadPortBufferUshort]                                     [8B43513E] \SystemRoot\System32\Drivers\spbu.sys
IAT             \SystemRoot\System32\Drivers\aeylrkox.SYS[ataport.SYS!AtaPortNotification]                                          00147880
IAT             \SystemRoot\System32\Drivers\aeylrkox.SYS[ataport.SYS!AtaPortQuerySystemTime]                                       78800C75
IAT             \SystemRoot\System32\Drivers\aeylrkox.SYS[ataport.SYS!AtaPortReadPortUchar]                                         06750015
IAT             \SystemRoot\System32\Drivers\aeylrkox.SYS[ataport.SYS!AtaPortStallExecution]                                        C25DC033
IAT             \SystemRoot\System32\Drivers\aeylrkox.SYS[ataport.SYS!AtaPortWritePortUchar]                                        458B0008
IAT             \SystemRoot\System32\Drivers\aeylrkox.SYS[ataport.SYS!AtaPortWritePortUlong]                                        6A006A08
IAT             \SystemRoot\System32\Drivers\aeylrkox.SYS[ataport.SYS!AtaPortGetPhysicalAddress]                                    50056A24
IAT             \SystemRoot\System32\Drivers\aeylrkox.SYS[ataport.SYS!AtaPortConvertPhysicalAddressToUlong]                         005AB7E8
IAT             \SystemRoot\System32\Drivers\aeylrkox.SYS[ataport.SYS!AtaPortGetScatterGatherList]                                  0001B800
IAT             \SystemRoot\System32\Drivers\aeylrkox.SYS[ataport.SYS!AtaPortGetParentBusType]                                      C25D0000
IAT             \SystemRoot\System32\Drivers\aeylrkox.SYS[ataport.SYS!AtaPortRequestCallback]                                       CCCC0008
IAT             \SystemRoot\System32\Drivers\aeylrkox.SYS[ataport.SYS!AtaPortWritePortBufferUshort]                                 CCCCCCCC
IAT             \SystemRoot\System32\Drivers\aeylrkox.SYS[ataport.SYS!AtaPortGetUnCachedExtension]                                  CCCCCCCC
IAT             \SystemRoot\System32\Drivers\aeylrkox.SYS[ataport.SYS!AtaPortCompleteRequest]                                       CCCCCCCC
IAT             \SystemRoot\System32\Drivers\aeylrkox.SYS[ataport.SYS!AtaPortCopyMemory]                                            53EC8B55
IAT             \SystemRoot\System32\Drivers\aeylrkox.SYS[ataport.SYS!AtaPortEtwTraceLog]                                           800C5D8B
IAT             \SystemRoot\System32\Drivers\aeylrkox.SYS[ataport.SYS!AtaPortCompleteAllActiveRequests]                             7500117B
IAT             \SystemRoot\System32\Drivers\aeylrkox.SYS[ataport.SYS!AtaPortReleaseRequestSenseIrb]                                127B806A
IAT             \SystemRoot\System32\Drivers\aeylrkox.SYS[ataport.SYS!AtaPortBuildRequestSenseIrb]                                  80647500
IAT             \SystemRoot\System32\Drivers\aeylrkox.SYS[ataport.SYS!AtaPortReadPortBufferUshort]                                  7500137B
IAT             \SystemRoot\System32\Drivers\aeylrkox.SYS[ataport.SYS!AtaPortInitialize]                                            157B805E
IAT             \SystemRoot\System32\Drivers\aeylrkox.SYS[ataport.SYS!AtaPortGetDeviceBase]                                         56587500
IAT             \SystemRoot\System32\Drivers\aeylrkox.SYS[ataport.SYS!AtaPortDeviceStateChange]                                     8008758B

---- Devices - GMER 1.0.15 ----

Device          \FileSystem\Ntfs \Ntfs                                                                                              857811F8
Device          \FileSystem\fastfat \FatCdrom                                                                                       8782A1F8
Device          \Driver\volmgr \Device\VolMgrControl                                                                                8577D1F8
Device          \Driver\usbohci \Device\USBPDO-0                                                                                    869481F8
Device          \Driver\usbohci \Device\USBPDO-1                                                                                    869481F8
Device          \Driver\usbohci \Device\USBPDO-2                                                                                    869481F8
Device          \Driver\ACPI_HAL \Device\00000053                                                                                   halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)
Device          \Driver\usbohci \Device\USBPDO-3                                                                                    869481F8
Device          \Driver\usbohci \Device\USBPDO-4                                                                                    869481F8
Device          \Driver\usbehci \Device\USBPDO-5                                                                                    86A861F8
Device          \Driver\volmgr \Device\HarddiskVolume1                                                                              8577D1F8

AttachedDevice  \Driver\volmgr \Device\HarddiskVolume1                                                                              fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume1                                                                              rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)

Device          \Driver\cdrom \Device\CdRom0                                                                                        8680C500
Device          \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-2                                                                         8577F1F8
Device          \Driver\atapi \Device\Ide\IdePort0                                                                                  8577F1F8
Device          \Driver\atapi \Device\Ide\IdePort1                                                                                  8577F1F8
Device          \Driver\atapi \Device\Ide\IdePort2                                                                                  8577F1F8
Device          \Driver\atapi \Device\Ide\IdePort3                                                                                  8577F1F8
Device          \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-7                                                                         8577F1F8
Device          \Driver\cdrom \Device\CdRom1                                                                                        8680C500
Device          \Driver\NetBT \Device\NetBt_Wins_Export                                                                             868281F8
Device          \Driver\sptd \Device\3593724022                                                                                     spbu.sys
Device          \Driver\PCI_PNP0021 \Device\0000005c                                                                                spbu.sys
Device          \Driver\NetBT \Device\NetBT_Tcpip_{998A2711-7648-4EDA-B71B-A9E5D12787BD}                                            868281F8
Device          \Driver\usbohci \Device\USBFDO-0                                                                                    869481F8
Device          \Driver\usbohci \Device\USBFDO-1                                                                                    869481F8
Device          \Driver\usbohci \Device\USBFDO-2                                                                                    869481F8
Device          \Driver\usbohci \Device\USBFDO-3                                                                                    869481F8
Device          \Driver\usbohci \Device\USBFDO-4                                                                                    869481F8
Device          \Driver\usbehci \Device\USBFDO-5                                                                                    86A861F8
Device          \Driver\aeylrkox \Device\Scsi\aeylrkox1                                                                             86A40218
Device          \Driver\aeylrkox \Device\Scsi\aeylrkox1Port4Path0Target0Lun0                                                        86A40218
Device          \FileSystem\fastfat \Fat                                                                                            8782A1F8

AttachedDevice  \FileSystem\fastfat \Fat                                                                                            fltmgr.sys (Microsoft Dateisystem-Filter-Manager/Microsoft Corporation)

Device          \FileSystem\cdfs \Cdfs                                                                                              8686C1F8

---- Registry - GMER 1.0.15 ----

Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s1                                                                  771343423
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s2                                                                  285507792
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@h0                                                                  1
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC                                    
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0                                 C:\Programme\DAEMON Tools Lite\
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0                                 0xD4 0xC3 0x97 0x02 ...
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                 0
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                              0xA5 0x76 0x53 0xFE ...
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001                           
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0                        0x20 0x01 0x00 0x00 ...
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12                     0x92 0xE0 0xE9 0x4A ...
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0                      
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12                0x4F 0xC5 0x27 0xD0 ...
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1                      
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12                0xBB 0x9E 0xB0 0x21 ...
Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)                
Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0                                     C:\Programme\DAEMON Tools Lite\
Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0                                     0xD4 0xC3 0x97 0x02 ...
Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                     0
Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                                  0xA5 0x76 0x53 0xFE ...
Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)       
Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0                            0x20 0x01 0x00 0x00 ...
Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12                         0x92 0xE0 0xE9 0x4A ...
Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)  
Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12                    0x4F 0xC5 0x27 0xD0 ...
Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1 (not active ControlSet)  
Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12                    0xBB 0x9E 0xB0 0x21 ...

---- EOF - GMER 1.0.15 ----
         
Code:
ATTFilter
Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 16:50:09 on 18.11.2010

OS: Windows 7 Ultimate Edition (Build 7600), 32-bit
Default Browser: Mozilla Corporation Firefox 3.6.12

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"nvcpl.cpl" - "NVIDIA Corporation" - C:\Windows\system32\nvcpl.cpl
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"Nero BurnRights" - "Nero AG" - C:\Programme\Nero\Nero 7\Nero Toolkit\NeroBurnRights.cpl
"QuickTime" - "Apple Inc." - C:\Programme\QuickTime\QTSystem\QuickTime.cpl

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"aeylrkox" (aeylrkox) - "Microsoft Corporation" - C:\Windows\system32\drivers\aeylrkox.sys  (Hidden registry entry, rootkit activity | File signed by Microsoft)
"atksgt" (atksgt) - ? - C:\Windows\System32\DRIVERS\atksgt.sys  (File found, but it contains no detailed information)
"avgio" (avgio) - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\avgio.sys
"avgntflt" (avgntflt) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avgntflt.sys
"avipbb" (avipbb) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avipbb.sys
"catchme" (catchme) - ? - C:\Users\Julian\AppData\Local\Temp\catchme.sys  (File not found)
"dgderdrv" (dgderdrv) - ? - C:\Windows\System32\drivers\dgderdrv.sys  (File not found)
"giveio" (giveio) - ? - C:\Windows\System32\giveio.sys  (File found, but it contains no detailed information)
"lirsgt" (lirsgt) - ? - C:\Windows\System32\DRIVERS\lirsgt.sys  (File found, but it contains no detailed information)
"Realtek Virtual Miniport Driver for Teaming (NDIS 6.0)" (TEAM) - ? - C:\Windows\System32\DRIVERS\RtTeam60.sys  (File not found)
"Realtek Virtual Miniport Driver for VLAN (NDIS 6.2)" (VLAN) - ? - C:\Windows\System32\DRIVERS\RtVLAN60.sys  (File not found)
"RivaTuner32" (RivaTuner32) - ? - C:\Programme\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner32.sys  (File found, but it contains no detailed information)
"Service for Realtek HD Audio (WDM)" (IntcAzAudAddService) - ? - C:\Windows\System32\drivers\RTKVHDA.sys  (File not found)
"speedfan" (speedfan) - "Windows (R) 2000 DDK provider" - C:\Windows\System32\speedfan.sys
"sptd" (sptd) - "Duplex Secure Ltd." - C:\Windows\System32\Drivers\sptd.sys  (File is exclusively opened, access blocked)
"ssmdrv" (ssmdrv) - "Avira GmbH" - C:\Windows\System32\DRIVERS\ssmdrv.sys
"uxryqpod" (uxryqpod) - ? - C:\Users\Julian\AppData\Local\Temp\uxryqpod.sys  (Hidden registry entry, rootkit activity | File not found)

[Explorer]
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" - ? - C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
-----( HKLM\Software\Classes\Protocols\Handler )-----
{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
{828030A1-22C1-4009-854F-8E305202313F} "livecall" - "Microsoft Corporation" - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll
{828030A1-22C1-4009-854F-8E305202313F} "msnim" - "Microsoft Corporation" - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )-----
{AEB6717E-7E19-11d0-97EE-00C04FD91972} "{AEB6717E-7E19-11d0-97EE-00C04FD91972}" - ? -   (File not found | COM-object registry key not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{23170F69-40C1-278A-1000-000100020000} "7-Zip Shell Extension" - "Igor Pavlov" - C:\Programme\7-Zip\7-zip.dll
{A70C977A-BF00-412C-90B7-034C51DA2439} "DesktopContext Class" - "NVIDIA Corporation" - C:\Windows\system32\nvcpl.dll
{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} "iTunes" - "Apple Inc." - C:\Programme\iTunes\iTunesMiniPlayer.dll
{97F68CE3-7146-45FF-BE24-D9A7DD7CB8A2} "NeroCoverEdLiveIcons Class" - "Nero AG" - C:\Programme\Nero\Nero 7\Nero CoverDesigner\CoverEdExtension.dll
{3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} "NVIDIA CPL Context Menu Extension" - "NVIDIA Corporation" - C:\Windows\system32\nvshext.dll
{FFB699E0-306A-11d3-8BD1-00104B6F7516} "NVIDIA CPL Extension" - "NVIDIA Corporation" - C:\Windows\system32\nvcpl.dll
{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "OpenOffice.org Column Handler" - ? - C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{087B3AE3-E237-4467-B8DB-5A38AB959AC9} "OpenOffice.org Infotip Handler" - ? - C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{63542C48-9552-494A-84F7-73AA6A7C99C1} "OpenOffice.org Property Sheet Handler" - ? - C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{3B092F0C-7696-40E3-A80F-68D74DA84210} "OpenOffice.org Thumbnail Viewer" - ? - C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\shlext.dll
{B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - "Alexander Roshal" - C:\Program Files\WinRAR\rarext.dll

[Internet Explorer]
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
ITBar7Height "ITBar7Height" - ? -   (File not found | COM-object registry key not found)
<binary data> "ITBar7Layout" - ? -   (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_17" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_17.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} "Java Plug-in 1.6.0_17" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_17.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_17" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_17.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
{D27CDB6E-AE6D-11CF-96B8-444553540000} "Shockwave Flash Object" - "Adobe Systems, Inc." - C:\Windows\system32\Macromed\Flash\Flash10c.ocx / hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
{140E4DF8-9E14-4A34-9577-C77561ED7883} "SysInfo Class" - "Husdawg, LLC" - C:\Programme\SystemRequirementsLab\srldetect_cyri_4.1.71.0.dll / hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.1.71.0.cab
{B8A48F42-30E1-48f8-AE87-7BD7C75DB8AA} "System Requirements Lab Class" - "Husdawg, LLC" - C:\Windows\Downloaded Program Files\sysreqlab_test.dll / hxxp://www.systemrequirementslab.com/srl_bin/sysreqlab_test.cab
{40F576AD-8680-4F9E-9490-99D069CD665F} "{40F576AD-8680-4F9E-9490-99D069CD665F}" - ? -   (File not found | COM-object registry key not found) / hxxp://srtest-cdn.systemrequirementslab.com.s3.amazonaws.com/bin/sysreqlabdetect.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
"ICQ6" - "ICQ, LLC." - C:\Program Files\ICQ6\ICQ6.5\ICQ.exe
"PartyPoker.com" - ? - C:\Programs\PartyGaming\PartyPoker\RunApp.exe  (File not found)
"PokerStars" - ? - C:\Program Files\Pokerstars\PokerStarsUpdate.exe  (File not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jp2ssv.dll
{9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live ID Sign-in Helper" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

[LSA Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Lsa )-----
"Security Packages" - "Microsoft Corporation" - C:\Windows\system32\livessp.dll

[Logon]
-----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\Users\Julian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----
"DAEMON Tools Lite" - "DT Soft Ltd" - "C:\Programme\DAEMON Tools Lite\DTLite.exe" -autorun
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"avgnt" - "Avira GmbH" - "C:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min
"RivaTunerStartupDaemon" - ? - "C:\Programme\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTunerWrapper.exe" /S
"ROUTE66Sync" - "ROUTE 66" - C:\Programme\ROUTE 66\ROUTE 66 Sync\Sync9Loader.exe -runinbackground

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"Apple Mobile Device" (Apple Mobile Device) - "Apple Inc." - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
"ASP.NET-Zustandsdienst" (aspnet_state) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
"Avira AntiVir Guard" (AntiVirService) - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\avguard.exe
"Avira AntiVir Planer" (AntiVirSchedulerService) - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\sched.exe
"Dienst "Bonjour"" (Bonjour Service) - "Apple Inc." - C:\Programme\Bonjour\mDNSResponder.exe
"iPod-Dienst" (iPod Service) - "Apple Inc." - C:\Programme\iPod\bin\iPodService.exe
"Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
"NMIndexingService" (NMIndexingService) - "Nero AG" - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
"NVIDIA Display Driver Service" (nvsvc) - "NVIDIA Corporation" - C:\Windows\system32\nvvsvc.exe
"NVIDIA Stereoscopic 3D Driver Service" (Stereo Service) - "NVIDIA Corporation" - C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
"PnkBstrA" (PnkBstrA) - ? - C:\Windows\system32\PnkBstrA.exe  (File found, but it contains no detailed information)
"ServiceLayer" (ServiceLayer) - "Nokia" - C:\Programme\PC Connectivity Solution\ServiceLayer.exe
"Steam Client Service" (Steam Client Service) - "Valve Corporation" - C:\Program Files\Common Files\Steam\SteamService.exe
"Windows Live ID Sign-in Assistant" (wlidsvc) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

[Winsock Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )-----
"mdnsNSP" - "Apple Inc." - C:\Programme\Bonjour\mdnsNSP.dll
"WindowsLive Local NSP" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL
"WindowsLive NSP" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL

===[ Logfile end ]=========================================[ Logfile end ]===

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru
         

Geändert von TrjPferd (18.11.2010 um 15:51 Uhr)

Antwort

Themen zu tr crypt.zpack.gen im Temp Ordner
antivir, avgntflt.sys, avira, bho, bonjour, corp./icp, crypt.zpack.gen, defender, desktop, disabletaskmgr, error, firefox, fontcache, format, gesperrt, google, karte, langs, location, logfile, mozilla, netgear, nvlddmkm.sys, nvstor.sys, object, oldtimer, otl logfile, programdata, realtek, registry, scan, searchplugins, security, software, sptd.sys, taskmanager, usb, virus, virus fund, webcheck, windows



Ähnliche Themen: tr crypt.zpack.gen im Temp Ordner


  1. TR/Crypt.ZPACK.Gen8 in C:\Users\XXX\AppData\Local\Temp\msimg32.dll
    Plagegeister aller Art und deren Bekämpfung - 16.08.2012 (27)
  2. TR/Crypt.ZPACK.Gen - in C:\Users\acer\AppData\Local\Temp\43001410.exe
    Plagegeister aller Art und deren Bekämpfung - 09.08.2012 (8)
  3. TR/Crypt.ZPACK.Gen2 im Steam-Ordner
    Antiviren-, Firewall- und andere Schutzprogramme - 19.07.2012 (2)
  4. TR/Crypt.ZPACK.Gen in C:\Users\***\AppData\Local\Temp\eapp32hst.dl
    Plagegeister aller Art und deren Bekämpfung - 18.10.2010 (18)
  5. TR\Crypt.ZPACK.Gen in C:\Windows\Temp\gsxm.tmp\svchost.exe
    Plagegeister aller Art und deren Bekämpfung - 01.05.2010 (1)
  6. Datensicherung bei TR/Crypt.ZPack.Gen Temp Ordner
    Plagegeister aller Art und deren Bekämpfung - 01.05.2010 (1)
  7. TR/Crypt.ZPACK.Gen C:\WINDOWS\Temp\uagx.tmp\svchost.exe
    Plagegeister aller Art und deren Bekämpfung - 01.05.2010 (1)
  8. Trojaner TR/Crypt.ZPACK.gen in C:/WINDOWS/TEMP/xxxx.temp/svchost.exe
    Plagegeister aller Art und deren Bekämpfung - 30.04.2010 (33)
  9. Antivir meldet TR/Crypt.ZPACK.Gen in C/Windows/Temp/xxxx.tmp/svchost.exe
    Plagegeister aller Art und deren Bekämpfung - 26.04.2010 (2)
  10. Avira meldet TR/Crypt.ZPACK.Gen in C:\Windows\Temp\xxxx.tmp\svchost.exe
    Plagegeister aller Art und deren Bekämpfung - 24.04.2010 (1)
  11. Antivir meldet TR/Crypt.ZPACK.Gen in C/Windows/Temp/xxxx.tmp/svchost.exe
    Plagegeister aller Art und deren Bekämpfung - 24.04.2010 (4)
  12. TR/Crypt.ZPACK.Gen in C:\Windows\Temp\rmwc.tmp\svchost.exe
    Plagegeister aller Art und deren Bekämpfung - 17.04.2010 (53)
  13. TR/Crypt.ZPACK.Gen in C:\Temp\bcot.tmp\svchost.exe , C:\Temp\qmub.tmp\svchost.exe usw
    Plagegeister aller Art und deren Bekämpfung - 12.04.2010 (1)
  14. 'TR/Crypt.ZPACK.Gen' in 'C:\WINDOWS\Temp\akjo.tmp'
    Log-Analyse und Auswertung - 03.11.2009 (5)
  15. TR/Crypt.ZPACK.Gen in C:\WINDOWS\Temp\
    Plagegeister aller Art und deren Bekämpfung - 31.10.2009 (11)
  16. TR/Crypt.ZPACK.Gen in C:\WINDOWS\Temp\b2.exe
    Plagegeister aller Art und deren Bekämpfung - 27.07.2009 (1)
  17. TR/Crypt.XPACK.Gen im TEMP-Ordner
    Plagegeister aller Art und deren Bekämpfung - 08.04.2007 (2)

Zum Thema tr crypt.zpack.gen im Temp Ordner - Hallo, habe nach dem besuchen einer ominösen Seite, die ich über Google besucht habe, einen Virus Fund im "Temp" Ordner (Avira) gehabt. Mit dem "Temp Cleaner" oder so ähnlich habe - tr crypt.zpack.gen im Temp Ordner...
Archiv
Du betrachtest: tr crypt.zpack.gen im Temp Ordner auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.