Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Malware + verschiedene Fehler im System

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 23.12.2010, 17:51   #1
fl4m3
 
Malware + verschiedene Fehler im System - Standard

Malware + verschiedene Fehler im System



Hi zusammen,

ich hab hier ein ziemliches Problem mit meinem Pc und zwar benutze ich Kaspersky als Virus Programm und der hat mir seit einiger Zeit angezeigt das mein Pc von Malware befallen ist... Kasperskys Rat: Quarantäne
Doch die Meldung kam immer wieder und da ich beruflich momentan ziemlich viel unterwegs war kam ich einfach nicht dazu mich weiter drum zu kümmern.

So jetzt hat er aber angefangen zu lahmen und bei jedem SystemStart kommen 1000 von Fehlern. (blablub.exe - Fehler in Anwendung / Die Anwendung konnte nicht richt initialisiert werden usw.)
Das ist immer unterschiedlich und von programm zu programm unterschiedlich, sind aber ne Menge. So Kaspersky findet nix mehr und da ich mich schon was umgeguckt habe wollt ich Spybot mal drüber laufen lassen doch ich kriegs nicht zum laufen.

Jemand nen Tipp?

Mein Log:
HiJackthis Logfile:
Code:
ATTFilter
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 18:23:25, on 23.12.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
 
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\Programme\ICQ6Toolbar\ICQ Service.exe
C:\Programme\FRITZ!DSL\IGDCTRL.EXE
C:\Programme\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Programme\Java\jre6\bin\jusched.exe
C:\Programme\iTunes\iTunesHelper.exe
C:\Programme\avmwlanstick\FRITZWLANMini.exe
C:\Programme\HP\HP Software Update\HPWuSchd2.exe
C:\Programme\Gemeinsame Dateien\Nokia\MPlatform\NokiaMServer.exe
C:\Programme\Logitech\GamePanel Software\LgDevAgt.exe
C:\Programme\Logitech\GamePanel Software\G-series Software\LGDCore.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Programme\Logitech\Video\LogiTray.exe
C:\Programme\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Programme\DivX\DivX Update\DivXUpdate.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\SarbyxTrayClock\trayclock.exe
C:\Programme\ICQ7.0\ICQ.exe
C:\Programme\Logitech\Video\FxSvr2.exe
C:\Programme\FRITZ!DSL\StCenter.exe
C:\Programme\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Programme\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Dokumente und Einstellungen\*******\Desktop\HiJackThis204.exe
C:\Programme\Opera\opera.exe
 
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2269050
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://de.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://search.qip.ru/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = Root: HKCU; Subkey: Software\Microsoft\Internet Explorer\SearchUrl; ValueType: string; ValueName: '; ValueData: '; Flags: createvalueifdoesntexist noerror; Tasks: AddSearchQip
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = hxxp://de.yahoo.com/
R3 - URLSearchHook: (no name) - {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - (no file)
R3 - URLSearchHook: {1A03F196-9617-4CA0-842B-A83CEECB022B} - - (no file)
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll
R3 - URLSearchHook: XfireXO Toolbar - {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Programme\XfireXO\tbXfir.dll (file missing)
R3 - URLSearchHook: (no name) - {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - (no file)
R3 - URLSearchHook: DVDVideoSoftTB Toolbar - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\tbDVD1.dll
F2 - REG:system.ini: UserInit=c:\windows\system32\userinit.exe,c:\windows\system32\sdra64.exe,C:\WINDOWS\system32\MPK\MPK.exeC:\WINDOWS\system32\appconf32.exe,C:\WINDOWS\system32\appconf32.exe,
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Programme\Yahoo!\Companion\Installs\cpn\ycomp5_6_0_1.dll (file missing)
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Programme\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Programme\BitComet\tools\BitCometBHO_1.2.2.28.dll (file missing)
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 2010\ievkbd.dll
O2 - BHO: XfireXO Toolbar - {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Programme\XfireXO\tbXfir.dll (file missing)
O2 - BHO: DVDVideoSoftTB Toolbar - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\tbDVD1.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre6\bin\jp2ssv.dll
O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: (no name) - {ED0CF0C8-62F1-4865-A3FD-2E2A2B50FAFA} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {F22C37FD-2BCB-40b6-A12E-77DDA1FBDD88} - C:\WINDOWS\system32\AcroIEHelpe.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Programme\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\ycomp5_6_0_1.dll (file missing)
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll
O3 - Toolbar: XfireXO Toolbar - {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Programme\XfireXO\tbXfir.dll (file missing)
O3 - Toolbar: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
O3 - Toolbar: DVDVideoSoftTB Toolbar - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\tbDVD1.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\RaidTool\xInsIDE.exe
O4 - HKLM\..\Run: [36X Raid Configurer] C:\WINDOWS\System32\xRaidSetup.exe boot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [NBKeyScan] "C:\Programme\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programme\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Launch LCDMon] "C:\Programme\Gemeinsame Dateien\Logitech\LCD Manager\lcdmon.exe"
O4 - HKLM\..\Run: [AVMWlanClient] C:\Programme\avmwlanstick\FRITZWLANMini.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Programme\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [NokiaMServer] C:\Programme\Gemeinsame Dateien\Nokia\MPlatform\NokiaMServer /watchfiles startup
O4 - HKLM\..\Run: [Nokia FastStart] "C:\Programme\Nokia\Nokia Music\NokiaMusic.exe" /command:faststart
O4 - HKLM\..\Run: [NokiaMusic FastStart] "C:\Programme\Nokia\Ovi Player\NokiaOviPlayer.exe" /command:faststart
O4 - HKLM\..\Run: [Launch LgDeviceAgent] "C:\Programme\Logitech\GamePanel Software\LgDevAgt.exe"
O4 - HKLM\..\Run: [Launch LGDCore] "C:\Programme\Logitech\GamePanel Software\G-series Software\LGDCore.exe" /SHOWHIDE
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Ocs_SM] C:\Dokumente und Einstellungen\S.Oberreich\Anwendungsdaten\OCS\SM\SearchAnonymizer.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Programme\Logitech\Video\ISStart.exe 
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Programme\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Programme\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
O4 - HKLM\..\Run: [DivXUpdate] "C:\Programme\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [avp] "C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BitComet] "C:\Programme\BitComet\BitComet.exe" /tray
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programme\Gemeinsame Dateien\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Programme\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [Wecker 2.2] C:\Programme\Wecker 2.2\wecker220.exe
O4 - HKCU\..\Run: [AdobeUpdater] C:\Programme\Gemeinsame Dateien\Adobe\Updater5\AdobeUpdater.exe
O4 - HKCU\..\Run: [SarbyxTrayClock] C:\Programme\SarbyxTrayClock\trayclock.exe
O4 - HKCU\..\Run: [Software Informer] "C:\Programme\Software Informer\softinfo.exe" -autorun
O4 - HKCU\..\Run: [RGSC] E:\Rockstar Games Social Club\RGSCLauncher.exe /silent
O4 - HKCU\..\Run: [Steam] "c:\programme\valve\steam\steam.exe" -silent
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] C:\Programme\Logitech\Video\ManifestEngine.exe boot
O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "C:\Programme\DAEMON Tools Pro\DTAgent.exe" -autorun
O4 - HKCU\..\Run: [ICQ] "C:\Programme\ICQ7.0\ICQ.exe" silent loginmode=4
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\Run: [Userinit] C:\WINDOWS\system32\appconf32.exe (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Product Registration.lnk = C:\Dokumente und Einstellungen\S.Oberreich\Lokale Einstellungen\Temp\is-Q3S1D.tmp\ATR1.exe
O4 - Startup: Stardock ObjectDock.lnk = C:\Programme\Stardock\ObjectDock\ObjectDock.exe
O4 - Startup: Xfire.lnk = C:\Programme\Xfire\Xfire.exe
O4 - Global Startup: FRITZ!DSL Startcenter.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programme\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O8 - Extra context menu item: &Alles mit BitComet downloaden - res://C:\Programme\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Alle &Videos mit BitComet &d&ownloaden - res://C:\Programme\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: Free YouTube Download - C:\Dokumente und Einstellungen\********\Anwendungsdaten\DVDVideoSoftIEHelpers\youtubedownload.htm
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Dokumente und Einstellungen\******\Anwendungsdaten\DVDVideoSoftIEHelpers\youtubetomp3.htm
O8 - Extra context menu item: Mit BitComet &downloaden - res://C:\Programme\BitComet\BitComet.exe/AddLink.htm
O9 - Extra button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll
O9 - Extra button: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Programme\ICQ7.0\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Programme\ICQ7.0\ICQ.exe
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe (file missing)
O9 - Extra button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Programme\BitComet\tools\BitCometBHO_1.2.2.28.dll/206 (file missing)
O9 - Extra button: HP Intelligente Auswahl - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Programme\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra button: QIP 2005 - {1EF681F7-A04B-4D6D-9012-A307CCA55610} - C:\Programme\QIP\qip.exe (HKCU)
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - hxxp://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Avira AntiVir Personal – Free Antivirus Planer (AntiVirScheduler) - Unknown owner - C:\Programme\Avira\AntiVir PersonalEdition Classic\sched.exe (file missing)
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Unknown owner - C:\Programme\Avira\AntiVir PersonalEdition Classic\avguard.exe (file missing)
O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Programme\Google\Update\GoogleUpdate.exe
O23 - Service: ICQ Service - Unknown owner - C:\Programme\ICQ6Toolbar\ICQ Service.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: AVM IGD CTRL Service (IGDCTRL) - AVM Berlin - C:\Programme\FRITZ!DSL\IGDCTRL.EXE
O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Programme\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programme\Java\jre6\bin\jqs.exe
O23 - Service: NMSAccess - Unknown owner - C:\Programme\CDBurnerXP\NMSAccessU.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: ServiceLayer - Nokia - C:\Programme\Nokia\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
 
--
End of file - 14864 bytes
         
--- --- ---

Alt 23.12.2010, 20:39   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Malware + verschiedene Fehler im System - Standard

Malware + verschiedene Fehler im System



Zitat:
Kaspersky als Virus Programm und der hat mir seit einiger Zeit angezeigt das mein Pc von Malware befallen ist.
Immer die genauen Schädlingsnamen und Pfadangaben notieren und posten!

Aus den Regeln:

5. Beschreibe Dein Problem in einigen Sätzen und arbeite diese Anleitung ab Punkt 2. durch
Auch Funde von deiner Sicherheitssoftware bitte im Thema nennen: (z.B. c:\windows\virus.exe)
Fehlen diese Angaben, kann und wird dir hier niemand helfen.
__________________

__________________

Alt 24.12.2010, 18:59   #3
fl4m3
 
Malware + verschiedene Fehler im System - Standard

Malware + verschiedene Fehler im System



Hiho,

also den genauen Namen kann ich dir nicht nennen weil Kaspersky nur gesagt hat: Pc ist von Malware befallen

Hier die Logs

[Code]
GMER Logfile:
Code:
ATTFilter
GMER 1.0.15.15530 - hxxp://www.gmer.net
Rootkit scan 2010-12-24 18:50:06
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdePort0 SAMSUNG_HD501LJ rev.CR100-12
Running: gmer.exe; Driver: C:\DOKUME~1\S88D3~1.OBE\LOKALE~1\Temp\pxtdrpow.sys


---- System - GMER 1.0.15 ----

SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)                                                                                          ZwAdjustPrivilegesToken [0xA356658C]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)                                                                                          ZwClose [0xA3566E0C]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)                                                                                          ZwConnectPort [0xA3567922]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)                                                                                          ZwCreateEvent [0xA3567E94]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)                                                                                          ZwCreateFile [0xA35670EE]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)                                                                                          ZwCreateKey [0xA3565436]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)                                                                                          ZwCreateMutant [0xA3567D6C]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)                                                                                          ZwCreateNamedPipeFile [0xA3566192]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)                                                                                          ZwCreatePort [0xA3567C28]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)                                                                                          ZwCreateSection [0xA356634E]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)                                                                                          ZwCreateSemaphore [0xA3567FC6]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)                                                                                          ZwCreateSymbolicLinkObject [0xA3569C08]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)                                                                                          ZwCreateThread [0xA3566AAA]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)                                                                                          ZwCreateWaitablePort [0xA3567CCA]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)                                                                                          ZwDebugActiveProcess [0xA35695FA]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)                                                                                          ZwDeleteKey [0xA35659FA]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)                                                                                          ZwDeleteValueKey [0xA3565D88]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)                                                                                          ZwDeviceIoControlFile [0xA3567576]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)                                                                                          ZwDuplicateObject [0xA356A5CA]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)                                                                                          ZwEnumerateKey [0xA3565ECA]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)                                                                                          ZwEnumerateValueKey [0xA3565F74]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)                                                                                          ZwFsControlFile [0xA3567382]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)                                                                                          ZwLoadDriver [0xA356968C]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)                                                                                          ZwLoadKey [0xA3565412]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)                                                                                          ZwLoadKey2 [0xA3565424]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)                                                                                          ZwMapViewOfSection [0xA3569CBC]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)                                                                                          ZwNotifyChangeKey [0xA35660C0]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)                                                                                          ZwOpenEvent [0xA3567F36]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)                                                                                          ZwOpenFile [0xA3566E8E]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)                                                                                          ZwOpenKey [0xA35655DC]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)                                                                                          ZwOpenMutant [0xA3567E04]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)                                                                                          ZwOpenProcess [0xA3566792]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)                                                                                          ZwOpenSection [0xA3569C32]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)                                                                                          ZwOpenSemaphore [0xA3568068]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)                                                                                          ZwOpenThread [0xA35666B6]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)                                                                                          ZwQueryKey [0xA356601E]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)                                                                                          ZwQueryMultipleValueKey [0xA3565C46]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)                                                                                          ZwQuerySection [0xA3569FD4]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)                                                                                          ZwQueryValueKey [0xA3565896]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)                                                                                          ZwQueueApcThread [0xA3569922]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)                                                                                          ZwRenameKey [0xA3565B0E]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)                                                                                          ZwReplaceKey [0xA35652B0]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)                                                                                          ZwReplyPort [0xA35683F2]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)                                                                                          ZwReplyWaitReceivePort [0xA35682B8]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)                                                                                          ZwRequestWaitReplyPort [0xA356939A]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)                                                                                          ZwRestoreKey [0xA356CE2C]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)                                                                                          ZwResumeThread [0xA356A4AC]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)                                                                                          ZwSaveKey [0xA3565248]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)                                                                                          ZwSecureConnectPort [0xA356765C]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)                                                                                          ZwSetContextThread [0xA3566CC8]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)                                                                                          ZwSetInformationToken [0xA3568C4A]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)                                                                                          ZwSetSecurityObject [0xA3569786]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)                                                                                          ZwSetSystemInformation [0xA356A114]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)                                                                                          ZwSetValueKey [0xA356571E]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)                                                                                          ZwSuspendProcess [0xA356A1F8]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)                                                                                          ZwSuspendThread [0xA356A320]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)                                                                                          ZwSystemDebugControl [0xA3569526]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)                                                                                          ZwTerminateProcess [0xA356690A]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)                                                                                          ZwTerminateThread [0xA3566860]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)                                                                                          ZwUnmapViewOfSection [0xA3569E8A]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)                                                                                          ZwWriteVirtualMemory [0xA35669EA]

Code            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)                                                                                          FsRtlCheckLockForReadAccess
Code            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)                                                                                          IoIsOperationSynchronous

---- Kernel code sections - GMER 1.0.15 ----

.text           ntoskrnl.exe!ZwYieldExecution + DA                                                                                                                                             804E4934 2 Bytes  [0C, 6E] {OR AL, 0x6e}
.text           ntoskrnl.exe!ZwYieldExecution + 13E                                                                                                                                            804E4998 2 Bytes  [4E, 63]
.text           ntoskrnl.exe!ZwYieldExecution + 141                                                                                                                                            804E499B 13 Bytes  [A3, C6, 7F, 56, A3, 08, 9C, ...]
.text           ntoskrnl.exe!ZwYieldExecution + 376                                                                                                                                            804E4BD0 16 Bytes  [0E, 5B, 56, A3, B0, 52, 56, ...]
.text           ntoskrnl.exe!ZwYieldExecution + 46A                                                                                                                                            804E4CC4 12 Bytes  [F8, A1, 56, A3, 20, A3, 56, ...] {CLC ; MOV EAX, [0xa320a356]; PUSH ESI; MOV [0xa3569526], EAX}
.text           ...                                                                                                                                                                            
.text           ntoskrnl.exe!IoIsOperationSynchronous                                                                                                                                          804EAFCE 5 Bytes  JMP A355B8B6 \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)
.text           ntoskrnl.exe!FsRtlCheckLockForReadAccess                                                                                                                                       804F45B3 5 Bytes  JMP A355B4DC \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)
.text           C:\WINDOWS\system32\DRIVERS\nv4_mini.sys                                                                                                                                       section is writeable [0xB5990380, 0x550AF5, 0xE8000020]

---- User code sections - GMER 1.0.15 ----

.text           C:\WINDOWS\Explorer.EXE[448] ntdll.dll!NtProtectVirtualMemory                                                                                                                  7C91D6EE 5 Bytes  JMP 00D9000A 
.text           C:\WINDOWS\Explorer.EXE[448] ntdll.dll!NtWriteVirtualMemory                                                                                                                    7C91DFAE 5 Bytes  JMP 00DA000A 
.text           C:\WINDOWS\Explorer.EXE[448] ntdll.dll!KiUserExceptionDispatcher                                                                                                               7C91E47C 5 Bytes  JMP 00B3000C 
.text           C:\WINDOWS\System32\svchost.exe[1296] ntdll.dll!NtProtectVirtualMemory                                                                                                         7C91D6EE 5 Bytes  JMP 009A000A 
.text           C:\WINDOWS\System32\svchost.exe[1296] ntdll.dll!NtWriteVirtualMemory                                                                                                           7C91DFAE 5 Bytes  JMP 009B000A 
.text           C:\WINDOWS\System32\svchost.exe[1296] ntdll.dll!KiUserExceptionDispatcher                                                                                                      7C91E47C 5 Bytes  JMP 0074000C 
.text           C:\WINDOWS\System32\svchost.exe[1296] ole32.dll!CoCreateInstance                                                                                                               774CF1AC 5 Bytes  JMP 00D5000A 
.text           C:\WINDOWS\system32\wuauclt.exe[2856] ntdll.dll!NtProtectVirtualMemory                                                                                                         7C91D6EE 3 Bytes  JMP 0092000A 
.text           C:\WINDOWS\system32\wuauclt.exe[2856] ntdll.dll!NtProtectVirtualMemory + 4                                                                                                     7C91D6F2 1 Byte  [84]
.text           C:\WINDOWS\system32\wuauclt.exe[2856] ntdll.dll!NtWriteVirtualMemory                                                                                                           7C91DFAE 5 Bytes  JMP 0093000A 
.text           C:\WINDOWS\system32\wuauclt.exe[2856] ntdll.dll!KiUserExceptionDispatcher                                                                                                      7C91E47C 5 Bytes  JMP 0091000C 
.text           C:\WINDOWS\system32\wuauclt.exe[3048] ntdll.dll!NtProtectVirtualMemory                                                                                                         7C91D6EE 5 Bytes  JMP 00BA000A 
.text           C:\WINDOWS\system32\wuauclt.exe[3048] ntdll.dll!NtWriteVirtualMemory                                                                                                           7C91DFAE 5 Bytes  JMP 00BB000A 
.text           C:\WINDOWS\system32\wuauclt.exe[3048] ntdll.dll!KiUserExceptionDispatcher                                                                                                      7C91E47C 5 Bytes  JMP 00B9000C 
.text           C:\Programme\Mozilla Firefox\firefox.exe[3904] ntdll.dll!NtProtectVirtualMemory                                                                                                7C91D6EE 5 Bytes  JMP 014F000A 
.text           C:\Programme\Mozilla Firefox\firefox.exe[3904] ntdll.dll!NtWriteVirtualMemory                                                                                                  7C91DFAE 5 Bytes  JMP 0150000A 
.text           C:\Programme\Mozilla Firefox\firefox.exe[3904] ntdll.dll!KiUserExceptionDispatcher                                                                                             7C91E47C 5 Bytes  JMP 014E000C 
.text           C:\Programme\Mozilla Firefox\firefox.exe[3904] ntdll.dll!LdrLoadDll                                                                                                            7C9263C3 5 Bytes  JMP 004013F0 C:\Programme\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation)

---- Devices - GMER 1.0.15 ----

Device                                                                                                                                                                                         Ntfs.sys (NT File System Driver/Microsoft Corporation)

AttachedDevice  \Driver\Tcpip \Device\Ip                                                                                                                                                       kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
AttachedDevice  \Driver\Tcpip \Device\Tcp                                                                                                                                                      kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)

Device          \Driver\atapi -> DriverStartIo \Device\Ide\IdePort0                                                                                                                            8A9CC39B
Device          \Driver\atapi -> DriverStartIo \Device\Ide\IdePort1                                                                                                                            8A9CC39B
Device          \Driver\atapi -> DriverStartIo \Device\Ide\IdePort2                                                                                                                            8A9CC39B
Device          \Driver\atapi -> DriverStartIo \Device\Ide\IdePort3                                                                                                                            8A9CC39B
Device          \Driver\atapi -> DriverStartIo \Device\Ide\IdeDeviceP0T1L0-c                                                                                                                   8A9CC39B

AttachedDevice  \Driver\Tcpip \Device\Udp                                                                                                                                                      kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
AttachedDevice  \Driver\Tcpip \Device\RawIp                                                                                                                                                    kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)

Device                                                                                                                                                                                         mrxsmb.sys (Windows NT SMB Minirdr/Microsoft Corporation)
Device          \Device\Ide\IdeDeviceP0T0L0-4 -> \??\IDE#DiskSAMSUNG_HD501LJ_________________________CR100-12#3053554d444a5157373237333033202020202020#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}  device not found

---- Registry - GMER 1.0.15 ----

Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04                                                                                               
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0                                                                                            C:\Programme\Alcohol Soft\Alcohol 120\
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC                                                                                               
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0                                                                                            0xBC 0x08 0x00 0x00 ...
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0                                                                                            C:\Programme\DAEMON Tools Pro\
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                                                                            1
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                                                                                         0x9F 0xEF 0x25 0x5B ...
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001                                                                                      
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0                                                                                   0xA0 0x02 0x00 0x00 ...
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12                                                                                0xC3 0xE9 0x06 0x5D ...
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0                                                                                 
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12                                                                           0xEF 0x91 0xEE 0xDE ...
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4                                                                                               
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0                                                                                            0
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh                                                                                         0xA6 0xC8 0x49 0xF0 ...
Reg             HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)                                                                           
Reg             HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0                                                                                                C:\Programme\Alcohol Soft\Alcohol 120\
Reg             HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)                                                                           
Reg             HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0                                                                                                0
Reg             HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh                                                                                             0xA6 0xC8 0x49 0xF0 ...
Reg             HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)                                                                           
Reg             HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0                                                                                                C:\Programme\Alcohol Soft\Alcohol 120\
Reg             HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)                                                                           
Reg             HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0                                                                                                0
Reg             HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh                                                                                             0xA6 0xC8 0x49 0xF0 ...
Reg             HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)                                                                           
Reg             HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0                                                                                                C:\Programme\Alcohol Soft\Alcohol 120\
Reg             HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)                                                                           
Reg             HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0                                                                                                0
Reg             HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh                                                                                             0xA6 0xC8 0x49 0xF0 ...
Reg             HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)                                                                           
Reg             HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0                                                                                                C:\Programme\Alcohol Soft\Alcohol 120\
Reg             HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)                                                                           
Reg             HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0                                                                                                0xBC 0x08 0x00 0x00 ...
Reg             HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0                                                                                                C:\Programme\DAEMON Tools Pro\
Reg             HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                                                                                1
Reg             HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                                                                                             0x9F 0xEF 0x25 0x5B ...
Reg             HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)                                                                  
Reg             HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0                                                                                       0xA0 0x02 0x00 0x00 ...
Reg             HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12                                                                                    0xC3 0xE9 0x06 0x5D ...
Reg             HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)                                                             
Reg             HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12                                                                               0xEF 0x91 0xEE 0xDE ...
Reg             HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)                                                                           
Reg             HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0                                                                                                0
Reg             HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh                                                                                             0xA6 0xC8 0x49 0xF0 ...
Reg             HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\FD8F9B0A949Cde548980D75C0C1CC918\Usage@statusexe                                           1033421148

---- Disk sectors - GMER 1.0.15 ----

Disk            \Device\Harddisk0\DR0                                                                                                                                                          sector 63: rootkit-like behavior; 

---- EOF - GMER 1.0.15 ----
         
--- --- ---
__________________

Alt 24.12.2010, 19:00   #4
fl4m3
 
Malware + verschiedene Fehler im System - Standard

Malware + verschiedene Fehler im System



OTL EXTRAS Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 24.12.2010 18:52:18 - Run 1
OTL by OldTimer - Version 3.2.18.0     Folder = C:\Dokumente und Einstellungen\All Users\Desktop\MFtools
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 68,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 88,00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 75,13 Gb Total Space | 25,92 Gb Free Space | 34,50% Space Free | Partition Type: NTFS
Drive D: | 195,31 Gb Total Space | 83,32 Gb Free Space | 42,66% Space Free | Partition Type: NTFS
Drive E: | 195,32 Gb Total Space | 114,44 Gb Free Space | 58,59% Space Free | Partition Type: NTFS
 
Computer Name: AFFE | User Name: S.Oberreich | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = Opera.HTML] -- C:\Programme\Opera\Opera.exe (Opera Software)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = Opera.HTML] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
http [open] -- "C:\Programme\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Programme\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1
"" = 
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"9726:TCP" = 9726:TCP:*:Enabled:BitComet 9726 TCP
"9726:UDP" = 9726:UDP:*:Enabled:BitComet 9726 UDP
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Programme\ICQ7.0\ICQ.exe" = C:\Programme\ICQ7.0\ICQ.exe:*:Enabled:ICQ7 -- (ICQ, LLC.)
"C:\Programme\ICQ7.0\aolload.exe" = C:\Programme\ICQ7.0\aolload.exe:*:Enabled:aolload.exe -- (AOL LLC)
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Programme\BitComet\BitComet.exe" = C:\Programme\BitComet\BitComet.exe:*:Enabled:BitComet - a BitTorrent Client -- File not found
"C:\Programme\Veoh Networks\Veoh\VeohClient.exe" = C:\Programme\Veoh Networks\Veoh\VeohClient.exe:*:Disabled:Veoh Client -- File not found
"C:\Programme\ICQLite\ICQLite.exe" = C:\Programme\ICQLite\ICQLite.exe:*:Enabled:ICQ Lite -- File not found
"C:\Programme\mIRC\mirc.exe" = C:\Programme\mIRC\mirc.exe:*:Enabled:mIRC -- File not found
"C:\Programme\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe" = C:\Programme\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:*:Enabled:Call of Duty(R) 4 - Modern Warfare(TM) -- File not found
"C:\Programme\ICQ6\ICQ.exe" = C:\Programme\ICQ6\ICQ.exe:*:Enabled:ICQ6 -- File not found
"C:\Programme\iTunes\iTunes.exe" = C:\Programme\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Programme\BitTorrent\bittorrent.exe" = C:\Programme\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- File not found
"C:\Programme\ICQ6.5\ICQ.exe" = C:\Programme\ICQ6.5\ICQ.exe:*:Enabled:ICQ6 -- (ICQ, LLC.)
"C:\Dokumente und Einstellungen\S.Oberreich\Lokale Einstellungen\Anwendungsdaten\Dyyno Receiver\DPPM.exe" = C:\Dokumente und Einstellungen\S.Oberreich\Lokale Einstellungen\Anwendungsdaten\Dyyno Receiver\DPPM.exe:*:Enabled:Dyyno Plugin Receiver -- ()
"E:\Rockstar Games Social Club\RGSCLauncher.exe" = E:\Rockstar Games Social Club\RGSCLauncher.exe:*:Enabled:Rockstar Games Social Club -- File not found
"C:\Programme\Ubisoft\Far Cry 2\bin\FarCry2.exe" = C:\Programme\Ubisoft\Far Cry 2\bin\FarCry2.exe:*:Enabled:Far Cry 2 -- File not found
"C:\Programme\Ubisoft\Far Cry 2\bin\FC2Launcher.exe" = C:\Programme\Ubisoft\Far Cry 2\bin\FC2Launcher.exe:*:Enabled:Far Cry 2 Updater -- File not found
"C:\Programme\Ubisoft\Far Cry 2\bin\FC2Editor.exe" = C:\Programme\Ubisoft\Far Cry 2\bin\FC2Editor.exe:*:Enabled:Editor -- File not found
"D:\Grand Theft Auto IV\LaunchGTAIV.exe" = D:\Grand Theft Auto IV\LaunchGTAIV.exe:*:Enabled:Grand Theft Auto IV -- File not found
"C:\Programme\Rockstar Games\Grand Theft Auto IV\LaunchGTAIV.exe" = C:\Programme\Rockstar Games\Grand Theft Auto IV\LaunchGTAIV.exe:*:Enabled:Grand Theft Auto IV -- File not found
"C:\Programme\Opera\opera.exe" = C:\Programme\Opera\opera.exe:*:Enabled:Opera Internet Browser -- (Opera Software)
"C:\Programme\ICQ7.0\ICQ.exe" = C:\Programme\ICQ7.0\ICQ.exe:*:Enabled:ICQ7 -- (ICQ, LLC.)
"C:\Programme\ICQ7.0\aolload.exe" = C:\Programme\ICQ7.0\aolload.exe:*:Enabled:aolload.exe -- (AOL LLC)
"C:\Programme\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe" = C:\Programme\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe:*:Enabled:Ubisoft Game Launcher -- File not found
"C:\Programme\Ubisoft\Tom Clancy's Splinter Cell Conviction\src\system\conviction_game.exe" = C:\Programme\Ubisoft\Tom Clancy's Splinter Cell Conviction\src\system\conviction_game.exe:*:Enabled:Tom Clancy's Splinter Cell Conviction -- File not found
"C:\Programme\Ubisoft\Tom Clancy's Splinter Cell Conviction\src\system\gu.exe" = C:\Programme\Ubisoft\Tom Clancy's Splinter Cell Conviction\src\system\gu.exe:*:Enabled:Tom Clancy's Splinter Cell Conviction aktualisieren -- File not found
"C:\Programme\LucasArts\Star Wars The Force Unleashed 2\SWTFU2.exe" = C:\Programme\LucasArts\Star Wars The Force Unleashed 2\SWTFU2.exe:*:Enabled:Star Wars The Force Unleashed 2 -- File not found
"C:\Programme\Microsoft Games\Age of Empires III\age3x.exe" = C:\Programme\Microsoft Games\Age of Empires III\age3x.exe:*:Enabled:Age of Empires III - The WarChiefs -- (Ensemble Studios)
"C:\WINDOWS\TEMP\fnuf\setup.exe" = C:\WINDOWS\TEMP\fnuf\setup.exe:*:Enabled:setup -- File not found
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam(TM)
"{08B3869E-D282-424C-9AFC-870E04A4BA14}" = Rockstar Games Social Club
"{0A5825FD-0FB7-4e45-9037-858D463F2943}" = BPDSoftware
"{0B5154C0-8F00-4616-B0AB-6240AE80D9CE}" = SimCity™ Societies
"{0F7C2E47-089E-4d23-B9F7-39BE00100776}" = Toolbox
"{11B83AD3-7A46-4C2E-A568-9505981D4C6F}" = HP Update
"{150C6C87-D187-4105-BF7A-090378D7AE2A}" = Nokia Ovi Suite
"{1545207E-C6F3-31D7-9918-BDBB65075FBF}" = Microsoft .NET Framework 3.5 Language Pack - deu
"{1597D0AE-34A7-4A8B-A395-2E30EB745470}" = Nokia Connectivity Cable Driver
"{195F2C6C-A343-4b10-B1A4-3F00AB9E9DD9}" = Fax
"{1C08A24C-B168-407E-A826-68FAF5F20710}" = Age of Empires III - The WarChiefs
"{1EE88B84-7BE5-4FB5-8DEA-B81D5409D62E}" = Opera 11.00
"{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}" = QuickTime
"{2457326B-C110-40C3-89B0-889CC913871A}" = AVM FRITZ!DSL
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java(TM) 6 Update 16
"{2951A232-69BA-4925-BB9A-CEEB72B18B4F}" = BPDSoftware_Ini
"{2BD2FA21-B51D-4F01-94A7-AC16737B2163}" = Adobe Flash Player 10 ActiveX
"{2E660A2A-A55F-43CD-9F73-CAD7382EEB78}" = Microsoft Games for Windows - LIVE Redistributable
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3762698E-E9DF-4DD8-99F1-8192D0F8EE06}" = Nokia_Multimedia_Common_Components_2_5
"{398E8625-6F3A-4C54-B54C-28F0ABB89774}" = BPD_HPSU
"{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}" = Gigabyte Raid Configurer
"{3DED3A72-61A8-4B87-98A5-EF0BC8038AA0}" = DAEMON Tools
"{415030B8-3E8B-462A-8C03-41D95AA3AB3B}" = Medal of Honor (TM)
"{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth
"{42B74521-4706-412A-9A27-AED12B83E886}" = Nokia Ovi Application Installer
"{4AE48A64-6C6A-4E5A-95FA-55F5131DECF9}" = Nokia Ovi One Touch Access
"{5109C064-813E-4e87-B0DE-C8AF7B5BC02B}" = SmartWebPrintingOC
"{52A69E11-7CEB-4a7d-9607-68BA4F39A89B}" = DeviceDiscovery
"{5527CA99-AAEC-45E2-9EB9-CED0BB2FC2BD}" = MorphVOX Pro
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{572F2A62-70CD-4429-8758-6D4D6DC696E1}" = 4500_Help
"{579BA58C-F33D-4970-9953-B94B43768AC3}" = Grand Theft Auto IV
"{5ACE69F0-A3E8-44eb-88C1-0A841E700180}" = TrayApp
"{5AD05333-600A-4CD8-88C6-BF22A3BE9767}_is1" = Multi-ICQ 1.2
"{5BB4D7C1-52F2-4BFD-9E40-0D419E2E3021}" = bpd_scan
"{5C209D68-1411-4725-8CDE-1676A85E083E}_is1" = ICQ Contact Revealer 1.0
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{6442DEDF-AC2F-4CBA-85DE-42E459C5006C}" = Nokia Ovi Content Copier
"{6697D99E-E550-4498-B793-4A8DD8A1821F}" = ProductContext
"{679EC478-3FF9-4987-B2FF-C2C2B27532A2}" = DocProc
"{687FEF8A-8597-40b4-832C-297EA3F35817}" = BufferChm
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6CC95B76-D380-46B2-9022-9353938E48BA}" = Logitech GamePanel Software 3.03.133
"{6D8DDB4A-C263-40DE-BA16-AFDAD159D59A}" = Tom Clancy's Splinter Cell Conviction
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{80533B67-C407-485D-8B5D-63BB8ED9D878}" = Scan
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{88EB38EF-4D2C-436D-ABD3-56B232674062}" = ICQ7
"{8A06714C-F24B-4144-9BA2-788B5DD4F270}_is1" = ICQ Ignore Checker 1.3
"{8F295D2F-7C03-4FE6-8A97-99F8962D455B}_is1" = CLICK & LEARN DiDi 360°
"{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}" = Logitech Desktop Messenger
"{9309DD7E-EBFE-3C95-8B47-30D3A012F606}" = Microsoft .NET Framework 2.0 Service Pack 1 Language Pack - DEU
"{943B6738-4801-4982-90EC-0442EF7AEB16}" = Kaspersky Anti-Virus 2010
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{99E862CC-6F69-4D39-99AA-DBF71BF3B585}" = OpenOffice.org 3.1
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B0F9788-3141-4009-846E-52E59843E963}" = SimCity™ Societies
"{9D6B740F-D9A2-45A6-BDC4-0A453D499FE6}" = PC Connectivity Solution
"{9E012857-0B5E-40A0-A36A-36751966A79B}_is1" = ICQ Status Checker 1.7
"{A0B9F8DF-C949-45ed-9808-7DC5C0C19C81}" = Status
"{A1071AEB-B0EF-3F5F-BC84-83A270EBE496}" = Microsoft .NET Framework 3.0 Service Pack 1 Language Pack - DEU
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A528306A-C5EC-481C-A619-6106334E6800}" = Nokia Ovi Player
"{A8CF5C37-8EC5-4C33-BB4A-87F468B77D45}" = Age of Empires III
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1031-7B44-A81200000003}" = Adobe Reader 8.1.2 - Deutsch
"{B0B49C20-D2D1-437B-80F0-C2298F5DCD2B}" = Nokia Photos
"{B0C30E93-D3D9-4F04-A2AC-54749B573275}" = Command & Conquer 3
"{B17E235C-7A3B-4482-B650-21FFDE1D452E}" = Empire Earth III
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B8DBED1E-8BC3-4d08-B94A-F9D7D88E9BBF}" = HPSSupply
"{BEE64C14-BEF1-4610-8A68-A16EAA47B882}" = Futuremark SystemInfo
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C1A80F67-656F-4DF3-A6C4-DE18A47477C5}_is1" = ICQ Away Reader 1.4
"{C43048A9-742C-4DAD-90D2-E3B53C9DB825}" = Logitech QuickCam-Software
"{C7CDB2AC-A0AB-4D83-B046-187E24D9EA68}" = Nokia Ovi System Utilities
"{C9BED750-1211-4480-B1A5-718A3BE15525}" = REALTEK GbE & FE Ethernet PCI-E NIC Driver
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC2422C9-F7B5-4175-B295-5EC2283AA674}" = Command & Conquer™ 3: Kanes Rache
"{CCB9B81A-167F-4832-B305-D2A0430840B3}" = WebReg
"{CD0773D5-C18E-495c-B39B-21A96415EDD5}" = HP Officejet J4500 Series
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D142FE39-3386-4d82-9AD3-36D4A92AC3C2}" = DocMgr
"{D1C7BB12-BE01-11DC-AAC9-EEBA55D89593}" = SimCity™ Societies Reisewelten
"{D2E0F0CC-6BE0-490b-B08B-9267083E34C9}" = MarketResearch
"{D99A8E3A-AE5A-4692-8B19-6F16D454E240}" = Destination Component
"{DF5A03CC-D5AA-43D8-B948-D9903F2AF94A}" = Counter-Strike(TM)
"{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM)
"{E63E34A7-E552-412B-9E40-FD6FC5227ABA}_is1" = Uniblue RegistryBooster 2010
"{F112F66E-25CA-42DD-983C-6118EB38F606}" = Microsoft Games for Windows - LIVE
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}" = 32 Bit HP CIO Components Installer
"{F2835483-37F2-4123-B4FE-0E77D58447F2}" = Far Cry 2
"{F5C63795-2708-4D15-BF18-5ABBFF7DFFC8}" = iTunes
"{F9835182-794B-4F24-902A-E2CA9D43380F}" = NVIDIA PhysX
"{FDEC11CC-4BD6-4a8c-A398-3CCD8E43EACA}" = J4500
"504244733D18C8F63FF584AEB290E3904E791693" = Windows-Treiberpaket - Nokia pccsmcfd  (08/22/2008 7.0.0.0)
"7-Zip" = 7-Zip 4.57
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player
"Assassin's Creed 2_is1" = Black_Box v1
"Call of Duty Modern Warfare 2_is1" = Call of Duty Modern Warfare 2
"Combined Community Codec Pack_is1" = Combined Community Codec Pack 2008-01-24
"CUEcards 2000" = CUEcards 2000
"DivX Setup.divx.com" = DivX-Setup
"DVDVideoSoftTB Toolbar" = DVDVideoSoftTB Toolbar
"ERUNT_is1" = ERUNT 1.1j
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.2
"Free Studio_is1" = Free Studio version 4.8
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.2
"HP Document Manager" = HP Document Manager 1.0
"HP Imaging Device Functions" = HP Imaging Device Functions 10.0
"HP Smart Web Printing" = HP Smart Web Printing
"HPExtendedCapabilities" = HP Customer Participation Program 10.0
"HPOCR" = OCR Software by I.R.I.S. 10.0
"ICQToolbar" = ICQ Toolbar
"InstallShield_{1C08A24C-B168-407E-A826-68FAF5F20710}" = Age of Empires III - The WarChiefs
"InstallShield_{A8CF5C37-8EC5-4C33-BB4A-87F468B77D45}" = Age of Empires III
"InstallShield_{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM)
"InstallWIX_{943B6738-4801-4982-90EC-0442EF7AEB16}" = Kaspersky Anti-Virus 2010
"IsoBuster_is1" = IsoBuster 2.5.5
"JDownloader" = JDownloader
"Just Cause 2_is1" = Just Cause 2
"Logitech Print Service" = Logitech Print Service
"Mafia II_is1" = Mafia II
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 Language Pack - deu" = Microsoft .NET Framework 3.5 Language Pack - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Miranda IM" = Miranda IM 0.8.13
"Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13)
"Mozilla Thunderbird (2.0.0.16)" = Mozilla Thunderbird (2.0.0.16)
"Nokia Ovi Application Installer" = Nokia Ovi Application Installer 6.85.3011
"Nokia Ovi Content Copier" = Nokia Ovi Content Copier 6.85.3011
"Nokia Ovi One Touch Access" = Nokia Ovi One Touch Access 6.85.3011
"Nokia Ovi System Utilities" = Nokia Ovi System Utilities 6.85.3014
"NSS" = Norton Security Scan
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager
"OpenAL" = OpenAL
"Portrait Professional 9 Test_is1" = Portrait Professional 9.0 Test
"PunkBusterSvc" = PunkBuster Services
"QcDrv" = Logitech® Camera-Treiber
"ratDVD" = ratDVD 0.78.1444
"RollerCoaster Tycoon 3_is1" = RollerCoaster Tycoon 3
"SearchAnonymizer" = SearchAnonymizer
"Shop for HP Supplies" = Shop for HP Supplies
"SHOUTcastDSP" = SHOUTcast Source DSP 1.9.0 (remove only)
"Softonic_Deutsch Toolbar" = Softonic_Deutsch Toolbar
"SpeedFan" = SpeedFan (remove only)
"Star Wars: The Force Unleashed 2_is1" = Star Wars: The Force Unleashed 2
"Star Wars: The Force Unleashed_is1" = Star Wars: The Force Unleashed
"Steam App 240" = Counter-Strike: Source
"SystemRequirementsLab" = System Requirements Lab
"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"The Core Media Player" = The Core Media Player 4.0
"Uninstall_is1" = Uninstall 1.0.0.1
"VirtualCloneDrive" = VirtualCloneDrive
"virtualPhotographer_is1" = virtualPhotographer 1.5.6
"virtualStudio_is1" = virtualStudio 1.0.38
"VLC media player" = VLC media player 1.1.0
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinGimp-2.0_is1" = GIMP 2.6.8
"WinRAR archiver" = WinRAR
"WMFDist11" = Windows Media Format 11 runtime
"World of Warcraft" = World of Warcraft
"Wudf01005" = Microsoft User-Mode Driver Framework Feature Pack 1.5
"Xfire" = Xfire (remove only)
"XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0
"Yahoo! Companion" = Yahoo! Companion
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"e0c143f1d5b5e1b8" = RapidShare Manager
"QIP 2005" = QIP 2005 8095
"World of Warcraft Trial" = Probeversion von World of Warcraft
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 26.11.2010 16:57:27 | Computer Name = AFFE | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung ICQ.exe, Version 7.2.0.3159, Stillstandmodul
 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
 
Error - 26.11.2010 16:57:27 | Computer Name = AFFE | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung ICQ.exe, Version 7.2.0.3159, Stillstandmodul
 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
 
Error - 05.12.2010 10:26:30 | Computer Name = AFFE | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung opera.exe, Version 10.63.3516.0, fehlgeschlagenes
 Modul unknown, Version 0.0.0.0, Fehleradresse 0x000a003a.
 
Error - 15.12.2010 14:46:31 | Computer Name = AFFE | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung mplayerc.exe, Version 6.4.9.0, fehlgeschlagenes
 Modul libavcodec.dll, Version 0.0.0.0, Fehleradresse 0x00074999.
 
Error - 15.12.2010 14:46:48 | Computer Name = AFFE | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung mplayerc.exe, Version 6.4.9.0, fehlgeschlagenes
 Modul libavcodec.dll, Version 0.0.0.0, Fehleradresse 0x00074999.
 
Error - 15.12.2010 14:47:20 | Computer Name = AFFE | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung coreplayer.exe, Version 4.1.1.452, fehlgeschlagenes
 Modul libavcodec.dll, Version 0.0.0.0, Fehleradresse 0x0006a03f.
 
Error - 15.12.2010 14:47:36 | Computer Name = AFFE | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung coreplayer.exe, Version 4.1.1.452, fehlgeschlagenes
 Modul dmfsource.ax, Version 1.0.2.6, Fehleradresse 0x0000423b.
 
Error - 18.12.2010 10:53:09 | Computer Name = AFFE | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung Nss.exe, Version 2.7.6.11, Stillstandmodul
 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
 
Error - 18.12.2010 10:53:12 | Computer Name = AFFE | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung Nss.exe, Version 2.7.6.11, Stillstandmodul
 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
 
Error - 21.12.2010 16:54:04 | Computer Name = AFFE | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung svchost.exe, Version 5.1.2600.5512, fehlgeschlagenes
 Modul ntdll.dll, Version 5.1.2600.5755, Fehleradresse 0x00023845.
 
[ System Events ]
Error - 24.12.2010 13:11:26 | Computer Name = AFFE | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Avira AntiVir Personal – Free Antivirus Planer" wurde 
aufgrund folgenden Fehlers nicht gestartet:   %%3
 
Error - 24.12.2010 13:11:26 | Computer Name = AFFE | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Avira AntiVir Personal – Free Antivirus Guard" wurde aufgrund
 folgenden Fehlers nicht gestartet:   %%3
 
Error - 24.12.2010 13:12:50 | Computer Name = AFFE | Source = Service Control Manager | ID = 7022
Description = Der Dienst "HP CUE DeviceDiscovery Service" wurde nicht ordnungsgemäß
 gestartet.
 
Error - 24.12.2010 13:25:58 | Computer Name = AFFE | Source = sr | ID = 1
Description = Beim Verarbeiten der Datei "" auf Volume "HarddiskVolume1" ist im 
Wiederherstellungsfilter der unerwartete Fehler "0xC0000001" aufgetreten. Die Volumeüberwachung
 wurde angehalten.
 
Error - 24.12.2010 13:26:02 | Computer Name = AFFE | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Avira AntiVir Personal – Free Antivirus Planer" wurde 
aufgrund folgenden Fehlers nicht gestartet:   %%3
 
Error - 24.12.2010 13:26:02 | Computer Name = AFFE | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Avira AntiVir Personal – Free Antivirus Guard" wurde aufgrund
 folgenden Fehlers nicht gestartet:   %%3
 
Error - 24.12.2010 13:27:23 | Computer Name = AFFE | Source = Service Control Manager | ID = 7022
Description = Der Dienst "HP CUE DeviceDiscovery Service" wurde nicht ordnungsgemäß
 gestartet.
 
Error - 24.12.2010 13:34:12 | Computer Name = AFFE | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Avira AntiVir Personal – Free Antivirus Planer" wurde 
aufgrund folgenden Fehlers nicht gestartet:   %%3
 
Error - 24.12.2010 13:34:12 | Computer Name = AFFE | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Avira AntiVir Personal – Free Antivirus Guard" wurde aufgrund
 folgenden Fehlers nicht gestartet:   %%3
 
Error - 24.12.2010 13:35:33 | Computer Name = AFFE | Source = Service Control Manager | ID = 7022
Description = Der Dienst "HP CUE DeviceDiscovery Service" wurde nicht ordnungsgemäß
 gestartet.
 
 
< End of report >
         
--- --- ---

Alt 24.12.2010, 19:01   #5
fl4m3
 
Malware + verschiedene Fehler im System - Standard

Malware + verschiedene Fehler im System



Code:
ATTFilter
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 18:30 on 24/12/2010 (S.Oberreich)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
HKCU:DAEMON Tools Pro Agent -> Removed
HKCU:AlcoholAutomount -> Removed

Checking for services/drivers...
d347prt -> Disabled (Service running -> reboot required)
Unable to read sptd.sys
SPTD -> Disabled (Service running -> reboot required)
d347bus -> Disabled (Service running -> reboot required)


-=E.O.F=-
[/Quote]

[Quote]
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Datenbank Version: 5389

Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512

24.12.2010 18:23:16
mbam-log-2010-12-24 (18-23-16).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 151877
Laufzeit: 4 Minute(n), 31 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 1
Infizierte Registrierungsschlüssel: 9
Infizierte Registrierungswerte: 1
Infizierte Dateiobjekte der Registrierung: 1
Infizierte Verzeichnisse: 2
Infizierte Dateien: 3

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
c:\WINDOWS\system32\autovert.dll (Trojan.Agent) -> Delete on reboot.

Infizierte Registrierungsschlüssel:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{F22C37FD-2BCB-40B6-A12E-77DDA1FBDD88} (Trojan.Banker) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127AD2-394B-70F5-C650-B97867BAA1F7} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127AD2-394B-70F5-C650-B97867BAA1F7} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43BF8CD1-C5D5-2230-7BB2-98F22C2B7DC6} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43BF8CD1-C5D5-2230-7BB2-98F22C2B7DC6} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{494E6CEC-7483-A4EE-0938-895519A84BC7} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{494E6CEC-7483-A4EE-0938-895519A84BC7} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\prh (Trojan.Banker) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\tst (Trojan.Banker) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Network\UID (Malware.Trace) -> Value: UID -> Quarantined and deleted successfully.

Infizierte Dateiobjekte der Registrierung:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Hijack.UserInit) -> Bad: (c:\windows\system32\userinit.exe,c:\windows\system32\sdra64.exeC:\WINDOWS\system32\appconf32.exe,C:\WINDOWS\system32\appconf32.exe,) Good: (userinit.exe) -> Quarantined and deleted successfully.

Infizierte Verzeichnisse:
c:\WINDOWS\system32\lowsec (Stolen.data) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\xmldm (Stolen.Data) -> Quarantined and deleted successfully.

Infizierte Dateien:
c:\WINDOWS\system32\autovert.dll (Trojan.Agent) -> Delete on reboot.
c:\WINDOWS\system32\lowsec\local.ds (Stolen.data) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\lowsec\user.ds (Stolen.data) -> Quarantined and deleted successfully.
         


Alt 24.12.2010, 23:58   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Malware + verschiedene Fehler im System - Standard

Malware + verschiedene Fehler im System



Zitat:
Art des Suchlaufs: Quick-Scan
Bitte routinemäßig einen Vollscan mit Malwarebytes machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!
__________________
--> Malware + verschiedene Fehler im System

Alt 25.12.2010, 12:09   #7
fl4m3
 
Malware + verschiedene Fehler im System - Standard

Malware + verschiedene Fehler im System



Hier der neue Log, ältere hab ich leider nicht zur Verfügung.

Code:
ATTFilter
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Datenbank Version: 5391

Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512

25.12.2010 13:07:05
mbam-log-2010-12-25 (13-07-05).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|)
Durchsuchte Objekte: 285768
Laufzeit: 2 Stunde(n), 15 Minute(n), 15 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 3

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
c:\dokumente und einstellungen\s.oberreich\anwendungsdaten\144d8886710ec8f845a18f8afe519e56\binupdt700max.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
e:\cod\rzr-cod4.exe (Trojan.Agent.CK) -> Quarantined and deleted successfully.
e:\call.of.duty.4.german-postmortem\rzr-cod4.exe (Trojan.Agent.CK) -> Quarantined and deleted successfully.
         

Alt 25.12.2010, 16:35   #8
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Malware + verschiedene Fehler im System - Standard

Malware + verschiedene Fehler im System



Zitat:
e:\cod\rzr-cod4.exe (Trojan.Agent.CK) -> Quarantined and deleted successfully.
e:\call.of.duty.4.german-postmortem\rzr-cod4.exe (Trojan.Agent.CK) -> Quarantined and deleted successfully.
Die (Be)nutzung von Cracks, Serials und Keygens ist illegal, somit gibt es im Trojaner-Board keinen weiteren Support mehr.

Für Dich geht es hier weiter => Neuaufsetzen des Systems
Bitte auch alle Passwörter abändern (für E-Mail-Konten, StudiVZ, Ebay...einfach alles!) da nicht selten in dieser dubiosen Software auch Keylogger und Backdoorfunktionen stecken.

Danach nie wieder sowas anrühren!
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Antwort

Themen zu Malware + verschiedene Fehler im System
.com, antivir, antivirus, avira, avp, avp.exe, bho, cdburnerxp, converter, desktop, fehler, google, hijack, hijackthis, hkus\s-1-5-18, internet explorer, kaspersky, launch, malware, mp3, problem, programm, software, stick, system, tastatur, unterschiedlich, virus, windows, windows xp



Ähnliche Themen: Malware + verschiedene Fehler im System


  1. Taskmanager, verschiedene Diensthoster, Dateipfad Win, system 32 , svchost hohe Auslastung
    Plagegeister aller Art und deren Bekämpfung - 25.08.2015 (24)
  2. Ständiger Internet abbruch - Fehler im System oder Malware?
    Plagegeister aller Art und deren Bekämpfung - 05.08.2015 (9)
  3. Malware & SSL-Fehler
    Log-Analyse und Auswertung - 23.07.2014 (16)
  4. Malware & SSL-Fehler
    Log-Analyse und Auswertung - 16.07.2014 (3)
  5. Wie schließt man 2 verschiedene Monitore mit 2 verschiedene Grafikkarten richtig an?
    Netzwerk und Hardware - 11.02.2014 (5)
  6. adware.RKN, malware.Trace und verschiedene PUP.optional gefunden
    Log-Analyse und Auswertung - 09.02.2014 (10)
  7. Ereignissprotokolle fehler nach Malware
    Plagegeister aller Art und deren Bekämpfung - 06.01.2014 (13)
  8. 25 verschiedene Trojaner bzw. Malware,Exploit und backdoor server!
    Log-Analyse und Auswertung - 15.01.2013 (21)
  9. Fehler bei System 32 was tun
    Netzwerk und Hardware - 27.06.2012 (1)
  10. Verschiedene Trojaner in C:\System Volume Information\_restore
    Log-Analyse und Auswertung - 06.01.2011 (19)
  11. Fehler im System
    Alles rund um Windows - 26.08.2010 (2)
  12. Trojaner irgendwo im system... Verschiedene Logs ausgeführt...
    Log-Analyse und Auswertung - 21.08.2010 (15)
  13. Malware, kritischer Fehler
    Plagegeister aller Art und deren Bekämpfung - 12.08.2010 (20)
  14. Rundll Fehler Anti Malware Doctor
    Plagegeister aller Art und deren Bekämpfung - 13.06.2010 (1)
  15. IE öffnete Werbung - nun verschiedene Trojaner im System
    Plagegeister aller Art und deren Bekämpfung - 31.05.2010 (15)
  16. verschiedene Würmer/Viren auf dem System
    Plagegeister aller Art und deren Bekämpfung - 14.03.2009 (1)
  17. Malware oder Sonstige Fehler
    Log-Analyse und Auswertung - 07.11.2008 (9)

Zum Thema Malware + verschiedene Fehler im System - Hi zusammen, ich hab hier ein ziemliches Problem mit meinem Pc und zwar benutze ich Kaspersky als Virus Programm und der hat mir seit einiger Zeit angezeigt das mein Pc - Malware + verschiedene Fehler im System...
Archiv
Du betrachtest: Malware + verschiedene Fehler im System auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.