Trojaner-Board
Seite 1 von 3 1 23
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Antiviren-, Firewall- und andere Schutzprogramme (https://www.trojaner-board.de/antiviren-firewall-andere-schutzprogramme/)
-   -   google leitet automatisch um/Antivir meldet immer wieder Funde (https://www.trojaner-board.de/92390-google-leitet-automatisch-um-antivir-meldet-immer-funde.html)

hyperbel 01.11.2010 13:37
google leitet automatisch um/Antivir meldet immer wieder Funde
 
Guten Tag erstmal!

Mein Problem began so, dass mich google plötzlich auf auf andere Seiten umleitete als ich anklickte. Da kam mir das erste Mal etwas "spanisch" vor.
Wenig später fand meine Avira Antivir personal einige Schädlinge. Dann hat sich mal das Microsoft Alert dazugeschaltet und anscheinend irgendein MS Antivirus automatisch installiert.Systemwiederherstellung half auch nichts. Nachdem es nicht besser wurde, habe ich mal die Schritte die man vor der thread Eröffnung machen soll durchgeführt.(Logs kommen dann unten) Nachdem was MBAM was fand und auch löschte bin ich wieder ins I-net gegangen und die Funde von Avira(10.0.0.567) begannen wieder. Einmal bekam ich auch eine Sicherheitswarnung, dass jemand versucht Passwörter und Daten vom PC zu stehlen--> da bin ich dann sofort W-LAN abgedreht-->Meldung kam trotzdem noch ein paar mal und Icons haben sich selbstsändig am Desktop installiert!

Hab dann noch mal AviraAntivir durchlaufen lassen und MBAM wo wieder einige Funde waren. Seit dem ist es wieder minimal besser.

Seit neuestem(ich denk das war nach den Schritten die hier angegeben sind) bekomme ich beim einschalten also wenn der PC schon hochgefahren ist immer diese Fehlermeldung: "Fehler beim Laden von C://Users/***/AppData/local/kbrfoc.dll Das angegebene Modul wurde nicht gefunden."

Da ich nicht mehr weiter weiß hoffe ich nun, dass ich hier hilfe finde. In folgendem Thread habe ich schon sowas ähnliches gefunden. Bei mir findet gmer aber anscheinend nichts: h**p://www.trojaner-board.de/80670-google-leitet-um-browser-stuertzen-oft-ab-pc-haengt-scan-gemacht-wie-weiter-3.html#post489244

Danke schon mal im voraus!!!

Nun die ganzen logs:

OTL:OTL Logfile:
Code:
OTL logfile created on: 31.10.2010 20:13:35 - Run 1
OTL by OldTimer - Version 3.2.17.1 Folder = C:\Users\Public\Desktop\MFtools
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18975)
Locale: *** | Country: *** | Language: DEA | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 67,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 84,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 43,95 Gb Total Space | 2,28 Gb Free Space | 5,18% Space Free | Partition Type: NTFS
Drive D: | 246,33 Gb Total Space | 165,59 Gb Free Space | 67,22% Space Free | Partition Type: NTFS
 
Computer Name: *** | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2010.10.31 19:25:00 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Public\Desktop\MFtools\OTL.exe
PRC - [2010.10.29 17:16:14 | 000,125,440 | ---- | M] () -- C:\Users\***\AppData\Local\Temp\dwm.exe
PRC - [2010.04.20 10:23:01 | 000,267,432 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2010.03.02 09:28:23 | 000,282,792 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010.02.24 08:28:01 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2010.01.14 20:10:53 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009.01.30 15:22:40 | 000,992,256 | ---- | M] (GreenTree Applications, Inc.) -- C:\Program Files\pdfforge Toolbar\SearchSettings.exe
PRC - [2009.01.12 07:15:52 | 000,071,096 | ---- | M] () -- D:\Programme\BurnAware Free\NMSAccess32.exe
PRC - [2008.10.09 19:17:46 | 000,708,608 | ---- | M] (Mirco-Star International CO., LTD.) -- C:\Program Files\System Control Manager\MGSysCtrl.exe
PRC - [2008.08.27 01:52:14 | 000,159,744 | ---- | M] () -- C:\Program Files\System Control Manager\MSIService.exe
PRC - [2008.08.20 11:35:20 | 006,265,376 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2008.04.30 03:44:28 | 000,050,952 | ---- | M] (UPEK Inc.) -- C:\Program Files\Protector Suite QL\upeksvr.exe
PRC - [2008.04.30 03:25:36 | 000,278,792 | ---- | M] (UPEK Inc.) -- C:\Program Files\Protector Suite QL\psqltray.exe
PRC - [2008.03.18 05:27:12 | 000,013,312 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe
PRC - [2008.01.21 03:23:32 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2007.09.29 01:05:16 | 000,128,360 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
PRC - [2006.11.22 06:20:00 | 003,768,320 | ---- | M] (WIBU-SYSTEMS AG) -- C:\Program Files\WIBUKEY\Server\WkSvMgr.exe
 
 
========== Modules (SafeList) ==========
 
MOD - [2010.10.31 19:25:00 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Public\Desktop\MFtools\OTL.exe
MOD - [2010.08.31 16:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll
MOD - [2010.05.04 20:13:07 | 000,231,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msshsq.dll
MOD - [2010.04.24 12:28:41 | 000,632,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4053_none_d08d7da0442a985d\msvcr80.dll
MOD - [2009.09.25 03:10:10 | 000,974,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecs.dll
MOD - [2009.07.31 20:23:09 | 000,097,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.4053_none_d1c738ec43578ea1\ATL80.dll
MOD - [2009.04.11 07:28:23 | 000,228,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SLC.dll
MOD - [2009.04.11 07:28:19 | 000,114,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\EhStorShell.dll
MOD - [2009.04.11 07:28:18 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cscapi.dll
MOD - [2009.04.11 07:27:47 | 000,241,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\rsaenh.dll
MOD - [2009.04.11 07:21:38 | 001,748,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\GdiPlus.dll
MOD - [2008.04.30 03:55:02 | 004,232,968 | ---- | M] (UPEK Inc.) -- C:\Program Files\Protector Suite QL\farchns.dll
MOD - [2008.04.30 03:14:00 | 000,337,672 | ---- | M] (UPEK Inc.) -- C:\Program Files\Protector Suite QL\infql2.dll
MOD - [2008.01.21 03:25:01 | 000,183,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\duser.dll
MOD - [2008.01.21 03:24:56 | 000,326,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\actxprxy.dll
MOD - [2008.01.21 03:23:50 | 000,080,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\thumbcache.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2010.04.20 10:23:01 | 000,267,432 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010.03.18 12:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)
SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.03.02 15:32:10 | 001,029,456 | ---- | M] (Lavasoft) [Auto | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2010.02.24 08:28:01 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2009.09.25 02:27:04 | 000,793,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2009.09.06 13:38:06 | 000,071,096 | ---- | M] () [Auto | Stopped] -- D:\Programme\CDBurnerXP\NMSAccessU.exe -- (NMSAccessU)
SRV - [2009.01.12 07:15:52 | 000,071,096 | ---- | M] () [Auto | Running] -- D:\Programme\BurnAware Free\NMSAccess32.exe -- (NMSAccess)
SRV - [2008.08.27 01:52:14 | 000,159,744 | ---- | M] () [Auto | Running] -- C:\Program Files\System Control Manager\MSIService.exe -- (Micro Star SCM)
SRV - [2008.03.18 05:27:12 | 000,013,312 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2008.01.21 03:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV - [2007.09.29 01:05:16 | 000,128,360 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe -- (TOSHIBA Bluetooth Service)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\SymIM.sys -- (SymIMMP)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - [2010.03.01 08:05:19 | 000,124,784 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2010.02.16 12:24:01 | 000,060,936 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2009.09.28 20:57:28 | 000,007,168 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\StarOpen.sys -- (StarOpen)
DRV - [2009.06.08 18:38:33 | 000,064,160 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2009.05.11 08:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009.03.26 07:00:02 | 000,064,000 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTSTOR.sys -- (RTSTOR)
DRV - [2009.02.13 11:35:01 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2008.09.24 05:26:00 | 007,585,920 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2008.08.20 11:02:10 | 002,160,792 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2008.07.20 10:44:44 | 000,324,120 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\iaStor.sys -- (iaStor)
DRV - [2008.06.30 12:56:12 | 000,917,504 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2008.06.09 09:45:08 | 001,748,352 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\snp2uvc.sys -- (SNP2UVC) USB2.0 PC Camera (SNP2UVC)
DRV - [2008.06.02 20:50:44 | 000,050,576 | ---- | M] (UPEK Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tcusb.sys -- (TcUsb)
DRV - [2008.05.19 06:45:24 | 000,380,416 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netr28.sys -- (netr28)
DRV - [2008.05.02 06:59:40 | 000,122,368 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2008.04.28 18:54:58 | 000,054,784 | ---- | M] (ENE TECHNOLOGY INC.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\enecir.sys -- (enecir)
DRV - [2008.04.27 23:29:26 | 003,658,752 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32) Intel(R)
DRV - [2008.03.21 05:13:00 | 001,203,776 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2008.02.16 00:01:06 | 000,131,712 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tosrfbd.sys -- (tosrfbd)
DRV - [2008.02.01 00:55:06 | 000,074,240 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Tosrfhid.sys -- (Tosrfhid)
DRV - [2008.01.23 05:57:48 | 000,054,144 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TosRfSnd.sys -- (TosRfSnd)
DRV - [2008.01.21 03:23:27 | 000,386,616 | ---- | M] (LSI Corporation, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasr.sys -- (MegaSR)
DRV - [2008.01.21 03:23:27 | 000,149,560 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2008.01.21 03:23:27 | 000,031,288 | ---- | M] (LSI Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2008.01.21 03:23:26 | 000,101,432 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2008.01.21 03:23:26 | 000,074,808 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2008.01.21 03:23:26 | 000,040,504 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2008.01.21 03:23:25 | 000,300,600 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2008.01.21 03:23:25 | 000,089,656 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2008.01.21 03:23:24 | 001,122,360 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2008.01.21 03:23:24 | 000,118,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R)
DRV - [2008.01.21 03:23:24 | 000,079,928 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2008.01.21 03:23:23 | 000,235,064 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2008.01.21 03:23:23 | 000,130,616 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2008.01.21 03:23:23 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2008.01.21 03:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2008.01.21 03:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2008.01.21 03:23:23 | 000,079,416 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2008.01.21 03:23:22 | 000,342,584 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2008.01.21 03:23:21 | 000,422,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2008.01.21 03:23:21 | 000,102,968 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2008.01.21 03:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2008.01.21 03:23:20 | 000,238,648 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2008.01.21 03:23:00 | 000,020,024 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2008.01.21 03:23:00 | 000,019,000 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2008.01.21 03:23:00 | 000,017,464 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2007.11.29 18:45:44 | 000,036,608 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tosrfbnp.sys -- (tosrfbnp)
DRV - [2007.10.18 23:25:00 | 000,041,856 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tosrfusb.sys -- (Tosrfusb)
DRV - [2007.10.02 20:43:22 | 000,064,128 | ---- | M] (TOSHIBA Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\tosrfcom.sys -- (Tosrfcom)
DRV - [2007.03.19 15:00:14 | 000,031,616 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RLVrtAuCbl.sys -- (ReallusionVirtualAudio)
DRV - [2006.11.22 06:20:00 | 000,072,704 | ---- | M] (WIBU-SYSTEMS AG) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\WibuKey.sys -- (WIBUKEY)
DRV - [2006.11.02 10:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006.11.02 10:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006.11.02 10:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006.11.02 10:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006.11.02 10:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006.11.02 10:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006.11.02 10:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006.11.02 10:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006.11.02 10:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006.11.02 10:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006.11.02 10:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006.11.02 09:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006.11.02 09:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006.11.02 09:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006.11.02 09:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006.11.02 09:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006.11.02 09:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006.11.02 08:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006.10.11 04:33:00 | 000,041,600 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tosporte.sys -- (tosporte)
DRV - [2005.01.07 14:42:00 | 000,018,612 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tosrfnds.sys -- (tosrfnds)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.msi.com.tw
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.msi.com.tw
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.gmx.at/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\pdfforge Toolbar\SearchSettings.dll (GreenTree Applications, Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Components: D:\Programme\components [2010.10.06 08:02:17 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Plugins: D:\Programme\plugins [2010.10.06 08:02:17 | 000,000,000 | ---D | M]
 
[2009.04.21 11:26:01 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Extensions
[2010.10.13 16:14:20 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\xnezus8t.default\extensions
[2010.05.10 13:08:39 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\xnezus8t.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.06.13 13:54:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\xnezus8t.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
 
O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No CLSID value found.
O2 - BHO: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\WidgiToolbarIE.dll (GreenTree Applications, Inc.)
O2 - BHO: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\pdfforge Toolbar\SearchSettings.dll (GreenTree Applications, Inc.)
O3 - HKLM\..\Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O3 - HKLM\..\Toolbar: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\WidgiToolbarIE.dll (GreenTree Applications, Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] D:\Programme\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MGSysCtrl] C:\Program Files\System Control Manager\MGSysCtrl.exe (Mirco-Star International CO., LTD.)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [PSQLLauncher] C:\Program Files\Protector Suite QL\launcher.exe (UPEK Inc.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SearchSettings] C:\Program Files\pdfforge Toolbar\SearchSettings.exe (GreenTree Applications, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] D:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1
O8 - Extra context menu item: Free YouTube Download - C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers\youtubedownload.htm ()
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm ()
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {CAC677B6-4963-4305-9066-0BD135CD9233} https://asp.photoprintit.de/microsite/14/defaults/activex/ips/IPSUploader4.cab (IPSUploader4 Control)
O16 - DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.138 10.0.0.138
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: GinaDLL - (vrlogon.dll) - C:\Windows\System32\vrlogon.dll (UPEK Inc.)
O20 - Winlogon\Notify\psfus: DllName - C:\Windows\system32\psqlpwd.dll - C:\Windows\System32\psqlpwd.dll (UPEK Inc.)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img36.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img36.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{3ac51e08-d830-11de-bd0c-00218556bcd2}\Shell - "" = AutoRun
O33 - MountPoints2\{3ac51e08-d830-11de-bd0c-00218556bcd2}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\Windows\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - File not found
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found
 
 
Drivers32: aux - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midimapper - C:\Windows\System32\midimap.dll (Microsoft Corporation)
Drivers32: mixer - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer1 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: msacm.dvacm - C:\PROGRA~1\COMMON~1\ULEADS~1\vio\dvacm.acm (Ulead Systems, Inc.)
Drivers32: msacm.imaadpcm - C:\Windows\System32\imaadp32.acm (Microsoft Corporation)
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.msadpcm - C:\Windows\System32\msadp32.acm (Microsoft Corporation)
Drivers32: msacm.msg711 - C:\Windows\System32\msg711.acm (Microsoft Corporation)
Drivers32: msacm.msgsm610 - C:\Windows\System32\msgsm32.acm (Microsoft Corporation)
Drivers32: msacm.siren - C:\Windows\System32\sirenacm.dll (Microsoft Corporation)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.i420 - C:\Windows\System32\iyuv_32.dll (Microsoft Corporation)
Drivers32: VIDC.IYUV - C:\Windows\System32\iyuv_32.dll (Microsoft Corporation)
Drivers32: vidc.mrle - C:\Windows\System32\msrle32.dll (Microsoft Corporation)
Drivers32: vidc.msvc - C:\Windows\System32\msvidc32.dll (Microsoft Corporation)
Drivers32: VIDC.UYVY - C:\Windows\System32\msyuv.dll (Microsoft Corporation)
Drivers32: VIDC.YUY2 - C:\Windows\System32\msyuv.dll (Microsoft Corporation)
Drivers32: VIDC.YVU9 - C:\Windows\System32\tsbyuv.dll (Microsoft Corporation)
Drivers32: VIDC.YVYU - C:\Windows\System32\msyuv.dll (Microsoft Corporation)
Drivers32: wave - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wave1 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wavemapper - C:\Windows\System32\msacm32.drv (Microsoft Corporation)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2010.10.31 19:46:08 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010.10.31 19:28:22 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Malwarebytes
[2010.10.31 19:28:04 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010.10.31 19:28:01 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010.10.31 19:28:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010.10.31 19:26:42 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip
[2010.10.31 19:22:07 | 000,000,000 | ---D | C] -- C:\Users\Public\Desktop\MFtools
[2010.10.06 07:58:26 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee
 
========== Files - Modified Within 30 Days ==========
 
[2010.10.31 20:10:49 | 000,628,742 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2010.10.31 20:10:49 | 000,595,996 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010.10.31 20:10:49 | 000,126,454 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2010.10.31 20:10:49 | 000,104,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010.10.31 20:05:34 | 000,085,909 | ---- | M] () -- C:\ProgramData\nvModes.001
[2010.10.31 20:04:45 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010.10.31 20:04:45 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010.10.31 20:04:29 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.10.31 20:04:26 | 3220,340,736 | -HS- | M] () -- C:\hiberfil.sys
[2010.10.31 19:40:06 | 000,000,557 | ---- | M] () -- C:\Users\***\Desktop\NTREGOPT.lnk
[2010.10.31 19:40:06 | 000,000,544 | ---- | M] () -- C:\Users\***\Desktop\ERUNT.lnk
[2010.10.31 19:33:54 | 000,085,909 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2010.10.31 19:22:32 | 000,050,477 | ---- | M] () -- C:\Users\***\Desktop\defogger.exe
[2010.10.31 19:22:29 | 000,286,404 | ---- | M] () -- C:\Users\***\Desktop\Gmer.zip
[2010.10.18 21:56:10 | 000,000,544 | ---- | M] () -- C:\Users\Public\Desktop\Opera.lnk
[2010.10.14 02:28:14 | 000,379,240 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
 
========== Files Created - No Company Name ==========
 
[2010.10.31 19:40:06 | 000,000,557 | ---- | C] () -- C:\Users\***\Desktop\NTREGOPT.lnk
[2010.10.31 19:40:06 | 000,000,544 | ---- | C] () -- C:\Users\***\Desktop\ERUNT.lnk
[2010.10.31 19:22:31 | 000,050,477 | ---- | C] () -- C:\Users\***\Desktop\defogger.exe
[2010.10.31 19:22:25 | 000,286,404 | ---- | C] () -- C:\Users\***\Desktop\Gmer.zip
[2010.04.17 20:16:45 | 000,000,632 | ---- | C] () -- C:\ProgramData\qcadrc
[2010.02.14 18:26:21 | 000,000,133 | ---- | C] () -- C:\Users\***\AppData\Roaming\burnaware.ini
[2009.10.28 16:00:12 | 000,007,168 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen.sys
[2009.10.26 17:40:07 | 000,000,000 | ---- | C] () -- C:\Windows\Irremote.ini
[2009.06.03 07:56:22 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009.05.19 07:03:49 | 000,018,432 | ---- | C] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.05.05 20:09:19 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll
[2009.04.07 09:22:29 | 000,031,616 | ---- | C] () -- C:\Windows\System32\drivers\RLVrtAuCbl.sys
[2008.12.23 14:45:59 | 000,000,000 | ---- | C] () -- C:\Windows\tosOBEX.INI
[2008.12.22 22:27:19 | 001,748,352 | ---- | C] () -- C:\Windows\System32\drivers\snp2uvc.sys
[2008.12.22 22:27:19 | 000,028,672 | ---- | C] () -- C:\Windows\System32\drivers\sncduvc.sys
[2008.12.22 22:16:37 | 000,085,909 | ---- | C] () -- C:\ProgramData\nvModes.001
[2008.12.22 22:10:52 | 000,085,909 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2007.12.22 01:46:32 | 000,118,784 | ---- | C] () -- C:\Windows\System32\TosBtAcc.dll
[2006.11.02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2005.07.23 06:30:18 | 000,065,536 | ---- | C] () -- C:\Windows\System32\TosCommAPI.dll
 
========== LOP Check ==========
 
[2009.08.20 19:26:37 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DeepBurner
[2010.07.24 13:20:39 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers
[2010.04.24 13:20:57 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Graphisoft
[2009.08.20 19:21:47 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Opera
[2009.04.07 09:27:17 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Protector Suite
[2009.09.29 20:47:06 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TweakNow RegCleaner
[2009.04.07 09:45:55 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Ulead Systems
[2010.02.01 19:33:07 | 000,000,474 | ---- | M] () -- C:\Windows\Tasks\Ad-Aware Update (Weekly).job
[2010.10.31 20:03:48 | 000,032,510 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %SYSTEMDRIVE%\*.* >
[2010.10.31 20:04:25 | 000,207,196 | ---- | M] () -- C:\aaw7boot.log
[2006.09.18 22:43:36 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
[2009.04.11 07:36:36 | 000,333,257 | RHS- | M] () -- C:\bootmgr
[2008.12.22 20:46:16 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK
[2006.09.18 22:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys
[2008.12.23 14:56:43 | 000,011,484 | ---- | M] () -- C:\deviceInfo.txt
[2010.10.31 20:04:26 | 3220,340,736 | -HS- | M] () -- C:\hiberfil.sys
[2009.04.07 09:23:10 | 000,000,171 | ---- | M] () -- C:\msicssetup.log
[2010.10.31 20:04:25 | 3533,967,360 | -HS- | M] () -- C:\pagefile.sys
 
< %systemroot%\system32\*.wt >
 
< %systemroot%\system32\*.ruy >
 
< %systemroot%\Fonts\*.com >
[2006.11.02 13:37:12 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2006.11.02 13:37:12 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2006.11.02 13:37:12 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2009.06.03 08:03:25 | 000,037,665 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont
 
< %systemroot%\Fonts\*.dll >
 
< %systemroot%\Fonts\*.ini >
[2006.09.18 22:37:34 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini
 
< %systemroot%\Fonts\*.ini2 >
 
< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2006.11.02 13:35:48 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\jnwppr.dll
[2006.10.26 18:56:12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\msonpppr.dll
 
< %systemroot%\REPAIR\*.bak1 >
 
< %systemroot%\REPAIR\*.ini >
 
< %systemroot%\system32\*.jpg >
 
< %systemroot%\*.scr >
 
< %systemroot%\*._sy >
 
< %APPDATA%\Adobe\Update\*.* >
 
< %ALLUSERSPROFILE%\Favorites\*.* >
 
< %APPDATA%\Microsoft\*.* >
 
< %PROGRAMFILES%\*.* >
[2008.01.21 03:43:21 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini
 
< %APPDATA%\Update\*.* >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
[2009.03.08 12:31:42 | 000,348,160 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\dxtmsft.dll
[2009.03.08 12:31:37 | 000,216,064 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\dxtrans.dll
[2009.04.11 07:27:47 | 000,241,128 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\rsaenh.dll
[2009.04.11 07:28:23 | 000,228,352 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\SLC.dll
 
< %systemroot%\Tasks\*.job /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
[2008.01.21 04:14:18 | 016,846,848 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2008.01.21 04:14:08 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2008.01.21 04:14:18 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006.11.02 11:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006.11.02 11:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV
 
< %systemroot%\system32\user32.dll /md5 >
[2009.04.11 07:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\user32.dll
 
< %systemroot%\system32\ws2_32.dll /md5 >
[2008.01.21 03:24:48 | 000,179,200 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\ws2_32.dll
 
< %systemroot%\system32\ws2help.dll /md5 >
[2006.11.02 10:44:30 | 000,004,608 | ---- | M] (Microsoft Corporation) MD5=17C0671BF57057108A6D949510EE42C8 -- C:\Windows\System32\ws2help.dll
 
 
< MD5 for: EXPLORER.EXE >
[2008.10.29 07:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2008.10.29 07:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2008.10.30 04:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe
[2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
[2008.10.28 03:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2008.01.21 03:24:24 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe
 
< MD5 for: WININIT.EXE >
[2008.01.21 03:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\System32\wininit.exe
[2008.01.21 03:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe
 
< MD5 for: WINLOGON.EXE >
[2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2008.01.21 03:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2010-10-29 16:28:02
 
< End of report >
--- --- ---

Extras:OTL Logfile:
Code:
OTL Extras logfile created on: 31.10.2010 20:13:35 - Run 1
OTL by OldTimer - Version 3.2.17.1 Folder = C:\Users\Public\Desktop\MFtools
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18975)
Locale: *** | Country: *** | Language: DEA | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 67,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 84,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 43,95 Gb Total Space | 2,28 Gb Free Space | 5,18% Space Free | Partition Type: NTFS
Drive D: | 246,33 Gb Total Space | 165,59 Gb Free Space | 67,22% Space Free | Partition Type: NTFS
 
Computer Name: *** | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "D:\Programme\VLC media player\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" File not found
Directory [PlayWithVLC] -- "D:\Programme\VLC media player\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 0
"InternetSettingsDisableNotify" = 0
"AutoUpdateDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{36A6BF94-98A8-4221-B538-5D7AD0481D2D}" = rport=137 | protocol=17 | dir=out | app=system |
"{3B8D3B0F-6709-4AD8-99A2-26679859695C}" = lport=137 | protocol=17 | dir=in | app=system |
"{420FE540-D75E-4675-80FA-44F39E37C37F}" = lport=138 | protocol=17 | dir=in | app=system |
"{4E2E95CF-9F5B-4C9E-BC1B-8807026CF0D6}" = rport=139 | protocol=6 | dir=out | app=system |
"{64C5B8A0-CB15-4C5B-8490-C1C3ACBD6F36}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{6CA33458-BD7E-4CF2-BC8C-604CFA67F49B}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{7573DE06-7B78-493A-A5E3-F8A7067E4C72}" = lport=2869 | protocol=6 | dir=in | app=system |
"{7EBE830E-2A68-4A46-B4E3-39161D85A934}" = rport=445 | protocol=6 | dir=out | app=system |
"{7FB311AF-6B87-4410-AAA0-B79AF1F624C0}" = rport=138 | protocol=17 | dir=out | app=system |
"{89542E35-D32A-44D4-912C-31906945488E}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{98416DDA-0099-4EBF-BA4C-7C63E722979B}" = lport=139 | protocol=6 | dir=in | app=system |
"{A80B9591-F0E1-4AFE-921A-60BD2F6D20AE}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{C2147082-005A-44E7-99AD-D836446B4865}" = lport=445 | protocol=6 | dir=in | app=system |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0A83A87C-3104-4A56-9C43-BCDB29E7A39C}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{0E04D980-2F51-4413-9F8C-C68D94C071CD}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{545D90F0-99D4-4571-A80A-B40B86AE7A3B}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{558A494B-11A5-43B5-8BD7-57B766F7C8F1}" = protocol=17 | dir=in | app=d:\programme\opera\opera.exe |
"{5FC3415C-7CA4-442D-8601-0AEFFD4C0373}" = protocol=6 | dir=in | app=d:\programme\opera\opera.exe |
"{778BB034-9CC0-46F6-BDFD-50062A5A53B4}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{997C60FE-5D14-4623-AE6B-DE5E235FB0C8}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{B6A9B1A6-9646-4225-9B87-9A0AC9C37DBC}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{C62E7832-AC35-4262-B5C5-A83F4745EB03}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{D854CE9A-CB97-4CE6-801D-60E4FFB93BDE}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{F3C5B795-7C38-4ABE-A71F-615ED9039301}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{FAA0078F-360D-474B-B419-0FB012F73B8C}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"TCP Query User{00A729FC-0734-49E9-A2D3-818E118EDC0C}D:\programme\stheno_v4_0\medsys\med\java\jre\bin\java.exe" = protocol=6 | dir=in | app=d:\programme\stheno_v4_0\medsys\med\java\jre\bin\java.exe |
"TCP Query User{222F9704-6460-4871-82FC-8B9DD364E648}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{60366909-93A3-4721-B29D-F3DE01B0CB1B}D:\programme\stheno_v4_0\medcolraster\m2d\run\draft.exe" = protocol=6 | dir=in | app=d:\programme\stheno_v4_0\medcolraster\m2d\run\draft.exe |
"TCP Query User{BE08A945-D66D-4F1D-9B6B-BD9CD7E4647E}D:\programme\vlc media player\vlc\vlc.exe" = protocol=6 | dir=in | app=d:\programme\vlc media player\vlc\vlc.exe |
"TCP Query User{C714903C-CEF0-4AAF-858E-48AF468796E1}D:\programme\archi cad 13\archicad.exe" = protocol=6 | dir=in | app=d:\programme\archi cad 13\archicad.exe |
"TCP Query User{CDDEE7BD-E3E3-476A-B397-2F69C4F52266}C:\program files\windows sidebar\sidebar.exe" = protocol=6 | dir=in | app=c:\program files\windows sidebar\sidebar.exe |
"UDP Query User{125BA51C-6375-4BF9-859B-B42802CF2755}C:\program files\windows sidebar\sidebar.exe" = protocol=17 | dir=in | app=c:\program files\windows sidebar\sidebar.exe |
"UDP Query User{13A11B7D-F3C7-45BF-990F-277F3135526A}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{4485505C-D2D1-4B00-AA8F-5A2F150B9232}D:\programme\archi cad 13\archicad.exe" = protocol=17 | dir=in | app=d:\programme\archi cad 13\archicad.exe |
"UDP Query User{AEFA8A18-864A-48DB-AAB0-2A43CA69AE59}D:\programme\vlc media player\vlc\vlc.exe" = protocol=17 | dir=in | app=d:\programme\vlc media player\vlc\vlc.exe |
"UDP Query User{C89190C0-50F1-4142-8B5A-78B7ACDF8096}D:\programme\stheno_v4_0\medsys\med\java\jre\bin\java.exe" = protocol=17 | dir=in | app=d:\programme\stheno_v4_0\medsys\med\java\jre\bin\java.exe |
"UDP Query User{EEBF2AC8-D11D-4596-931E-21D0CE1FEB6A}D:\programme\stheno_v4_0\medcolraster\m2d\run\draft.exe" = protocol=17 | dir=in | app=d:\programme\stheno_v4_0\medcolraster\m2d\run\draft.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{00060000-0000-1004-8002-0000C06B5161}" = WIBU-KEY Setup (WIBU-KEY Remove)
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{07690F1C-04B1-4060-9691-6748ED1826B9}" = MSI Software Install
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{23B14BE4-5277-40B2-B602-3FCD456C27BC}" = Protector Suite QL 5.8
"{26A24AE4-039D-4CA4-87B4-2F83216019FF}" = Java(TM) 6 Update 19
"{2892E1B7-E24D-4CCB-B8A7-B63D4B66F89F}" = BurnRecovery
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{43602F34-1AA3-44FB-AEB2-D08C2C73743F}" = Paint.NET v3.36
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4EA2F95F-A537-4d17-9E7F-6B3FF8D9BBE3}" = Microsoft Works
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{87725CEF-1BC6-47C5-B2CD-96DD6D392EE3}" = Dolby Control Center
"{87CC8013-56D1-43E1-A0A5-AD406B4EBA95}" = Opera 10.63
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver
"{8DC42D05-680B-41B0-8878-6C14D24602DB}" = QuickTime
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A3BE3F1E-2472-4211-8735-E8239BE49D9F}" = Ulead Burn.Now 4.5
"{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.4
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B8B0FC8B-E69B-4215-AF1A-4BDFF20D794B}" = pdfforge Toolbar v1.0
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
"{D1504C77-1B19-4AF0-8DEC-946666123B55}" = CrazyTalk Cam Suite
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{EBBB1DEF-8878-4CB8-BC0D-1196B30E7527}" = ANNO 1503
"{ED9C5D25-55DF-48D8-9328-2AC0D75DE5D8}" = System Control Manager
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"001FFF1FFF13FF00FF0901F00F02F000-R1" = ArchiCAD 13 AUT
"045FFFFFFF13FF00FF0201F00F02F000-R1" = Cinema4D Add-On AC13 GER
"5D38134BF8A10D640B30E6B014EECDBC5F881E3D" = Windows Driver Package - ENE (enecir) HIDClass (04/29/2008 2.5.0.0)
"7-Zip" = 7-Zip 4.65
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Agere Systems Soft Modem" = Agere Systems HDA Modem
"Audacity_is1" = Audacity 1.2.6
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"BurnAware Free_is1" = BurnAware Free 2.4.4
"DVD Shrink DE_is1" = DVD Shrink 3.2 deutsch
"ENTERPRISE" = Microsoft Office Enterprise 2007
"ERUNT_is1" = ERUNT 1.1j
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4
"Free YouTube Download_is1" = Free YouTube Download 2.6
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.7
"HappyFoto-Designer_is1" = HappyFoto-Designer 2.7
"InstallShield_{A3BE3F1E-2472-4211-8735-E8239BE49D9F}" = Ulead Burn.Now 4.5 SE
"IsoBuster_is1" = IsoBuster 2.6
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox (3.6)" = Mozilla Firefox (3.6)
"NVIDIA Drivers" = NVIDIA Drivers
"STHENO_V4_0_0" = STHENO V4.0.0
"TweakNow RegCleaner_is1" = TweakNow RegCleaner
"Uninstall_is1" = Uninstall 1.0.0.1
"VLC media player" = VLC media player 0.9.9
"Win2day Poker" = Win2day Poker
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Mozilla Firefox (3.6.10)" = Mozilla Firefox (3.6.10)
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 17.10.2010 07:46:04 | Computer Name = *** | Source = NMSAccessU | ID = 0
Description =
 
Error - 17.10.2010 07:46:06 | Computer Name = *** | Source = WinMgmt | ID = 10
Description =
 
Error - 17.10.2010 07:46:12 | Computer Name = *** | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
 
Error - 17.10.2010 07:46:12 | Computer Name = *** | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
 
Error - 18.10.2010 16:16:05 | Computer Name = *** | Source = NMSAccessU | ID = 0
Description =
 
Error - 18.10.2010 16:16:11 | Computer Name = *** | Source = WinMgmt | ID = 10
Description =
 
Error - 18.10.2010 16:16:16 | Computer Name =*** | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
 
Error - 18.10.2010 16:16:16 | Computer Name = *** | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
 
Error - 18.10.2010 16:54:48 | Computer Name = *** | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
 
Error - 18.10.2010 16:55:18 | Computer Name = *** | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
 
[ System Events ]
Error - 31.10.2010 14:09:40 | Computer Name = *** | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 10000
Description =
 
Error - 31.10.2010 14:10:06 | Computer Name = *** | Source = Service Control Manager | ID = 7023
Description =
 
Error - 31.10.2010 14:12:01 | Computer Name = *** | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001
Description =
 
Error - 31.10.2010 14:33:17 | Computer Name = *** | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am 31.10.2010 um 19:30:29 unerwartet heruntergefahren.
 
Error - 31.10.2010 14:33:27 | Computer Name = *** | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 10000
Description =
 
Error - 31.10.2010 14:34:05 | Computer Name = *** | Source = Service Control Manager | ID = 7023
Description =
 
Error - 31.10.2010 14:35:17 | Computer Name = *** | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001
Description =
 
Error - 31.10.2010 15:04:39 | Computer Name = *** | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 10000
Description =
 
Error - 31.10.2010 15:05:05 | Computer Name = *** | Source = Service Control Manager | ID = 7023
Description =
 
Error - 31.10.2010 15:07:03 | Computer Name = *** | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001
Description =
 
 
< End of report >
--- --- ---

MBAM:(1.Scan)
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 5008

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18975

31.10.2010 20:01:58
mbam-log-2010-10-31 (20-01-58).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 159528
Laufzeit: 11 Minute(n), 42 Sekunde(n)

Infizierte Speicherprozesse: 2
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 10

Infizierte Speicherprozesse:
C:\Users\***\AppData\Roaming\Microsoft\svchost.exe (Trojan.Agent) -> Unloaded process successfully.
C:\Users\***\AppData\Roaming\Microsoft\Windows\shell.exe (Trojan.Shell) -> Unloaded process successfully.

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
C:\Users\***\AppData\Roaming\Microsoft\svchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\***\Desktop\Load.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\***\AppData\Local\Temp\FEEC.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\***\AppData\Local\Temp\7ACE.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\***\AppData\Roaming\Microsoft\Windows\shell.exe (Trojan.Shell) -> Quarantined and deleted successfully.
C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chkntfs.exe (Trojan.Downloader) -> Delete on reboot.
C:\Users\***\AppData\Local\Temp\0.027093661708496253.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Windows\010112010146116101.xxe (KoobFace.Trace) -> Quarantined and deleted successfully.
C:\Windows\0101120101465155.xxe (KoobFace.Trace) -> Quarantined and deleted successfully.
C:\Windows\bk23567.dat (KoobFace.Trace) -> Quarantined and deleted successfully.

MBR:
Windows 6.0.6002 Disk: WDC_WD32 rev.11.0 -> \Device\Ide\IAAStorageDevice-1

device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user & kernel MBR OK


PS: vorm letzten MBAM-Scan bekam ich immer wenn ich den IE8 aufmachen wollte eine Melung von MS alert, wegen einem trojaner. Keine Ahnung ob das noch was hilft.

Und hier noch die Funde von Avira:
klxriuclgrxtg[1].pdf
24C2.tmp
shell.exe
shell.exe
shell.exe
0.354302539589438.exe
0.16522045979743294.exe
4a7f31c5-182bbfda
bc99f53-6979b679
dwm.exe
tmpCF8F.tmp.exe
tmp364D.tmp
asd35C0.tmp.exe
5-direct[1].ex
jar_cache5854833125150505284.tmp

Danke nochmals im voraus und ich hoffe, dass mir jemand helfen kann.
Bin leider EDV-technisch nicht sehr bewandert :-(

mfg

cosinus 01.11.2010 18:42
Zitat:
Art des Suchlaufs: Quick-Scan
Hallo und :hallo:

Bitte routinemäßig einen Vollscan mit malwarebytes machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

hyperbel 02.11.2010 08:51
Hab ich nun gemacht.

hier der log:
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 5016

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18975

02.11.2010 00:10:40
mbam-log-2010-11-02 (00-10-40).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|F:\|)
Durchsuchte Objekte: 315816
Laufzeit: 1 Stunde(n), 35 Minute(n), 4 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 1
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 9

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\D:\Programme\extensions\{B922D405-6D13-4A2B-AE89-08A030DA4402}\components\pdfforgeToolbarFF.dll (Adware.WidgiToolbar) -> Quarantined and deleted successfully.

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
C:\Users\***\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\16M6J74Z\setup[1].exe (Trojan.Hiloti) -> Quarantined and deleted successfully.
C:\Users\***\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4J5W26JX\setup[1].exe (Trojan.FakeAV) -> Quarantined and deleted successfully.
C:\Users\***\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4J5W26JX\setup[2].exe (Trojan.Hiloti) -> Quarantined and deleted successfully.
C:\Users\***\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IDW8GK59\setup[1].exe (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\Users\***\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IDW8GK59\setup[2].exe (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\Users\***\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RAFCUPTB\setup[1].exe (Trojan.FakeAV) -> Quarantined and deleted successfully.
C:\Users\***\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RAFCUPTB\setup[2].exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Users\***\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RAFCUPTB\setup[3].exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
D:\Programme\extensions\{B922D405-6D13-4A2B-AE89-08A030DA4402}\components\pdfforgeToolbarFF.dll (Adware.WidgiToolbar) -> Quarantined and deleted successfully.

mfg

hyperbel 02.11.2010 11:32
Ich denk mal ich hab den Thread im falschen unterverzeichnis aufgemacht! :headbang:

Ist das recht schlimm? Und wie kann ich das sonst jetzt noch ändern?

mfg

cosinus 02.11.2010 15:18
Beende alle Programme, starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Hinweis: Falls Du Deinen Benutzernamen unkenntlich gemacht hast, musst Du das Ausgesternte in Deinen richtigen Benutzernamen wieder verwandeln, sonst funktioniert das Script nicht!!

Code:
:OTL
PRC - [2010.10.29 17:16:14 | 000,125,440 | ---- | M] () -- C:\Users\***\AppData\Local\Temp\dwm.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{3ac51e08-d830-11de-bd0c-00218556bcd2}\Shell - "" = AutoRun
O33 - MountPoints2\{3ac51e08-d830-11de-bd0c-00218556bcd2}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -- File not found
:Files
C:\Users\***\AppData\Local\Temp\dwm.exe
:Commands
[purity]
[resethosts]
[emptytemp]
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

hyperbel 02.11.2010 23:12
1.Meldung: The system requires a reboot to finish removing files. Click Ok to reboot now.
2.Meldung: Die in der Registrierung angegebene Anwendung "C:/Users/Mustermann~1/AppData/Local/Temp/dwm.exe konnte nicht geladen oder gestartet werden. Stellen Sie sicher, dass die Datei vorhanden ist, oder entfernen Sie den Eintrag mit Bezug auf diese Datei aus der Registrierung.

danach hab ich den OTL wieder als admin ausgeführt und dann kam der log:

All processes killed
========== OTL ==========
Process dwm.exe killed successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\autoexec.bat moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3ac51e08-d830-11de-bd0c-00218556bcd2}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3ac51e08-d830-11de-bd0c-00218556bcd2}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3ac51e08-d830-11de-bd0c-00218556bcd2}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3ac51e08-d830-11de-bd0c-00218556bcd2}\ not found.
File G:\LaunchU3.exe not found.
========== FILES ==========
C:\Users\***\AppData\Local\Temp\dwm.exe moved successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: Administrator

User: All Users

User: ***
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 11503997 bytes
->Java cache emptied: 43767878 bytes
->FireFox cache emptied: 49278447 bytes
->Opera cache emptied: 250366 bytes
->Flash cache emptied: 738 bytes

User: ***
->Temp folder emptied: 69937535 bytes
->Temporary Internet Files folder emptied: 47929304 bytes
->Java cache emptied: 111452204 bytes
->Opera cache emptied: 3996750 bytes
->Flash cache emptied: 45505 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 754098951 bytes
RecycleBin emptied: 25553855 bytes

Total Files Cleaned = 1.066,00 mb


OTL by OldTimer - Version 3.2.17.1 log created on 11022010_224903

Files\Folders moved on Reboot...
File\Folder C:\Users\***\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\WYKPNK8X\(compatible%3B+MSIE+7.0%3B+Windows+NT+6.0%3B+Trident%2F4.0%3B+SLCC1%3B+.NET+CLR+2.0.50727%3B+Media+Center+PC+5.0%3B+.NET+CL R+3.5.30729%3B+InfoPath.2%3B+.NET+CLR+3.0[1].htm not found!
File\Folder C:\Users\***\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\O49YKCMU\(compatible%3B+MSIE+7.0%3B+Windows+NT+6.0%3B+Trident%2F4.0%3B+SLCC1%3B+.NET+CLR+2.0.50727%3B+Media+Center+PC+5.0%3B+.NET+CL R+3.5.30729%3B+InfoPath.2%3B+.NET+CLR+3.0[1].htm not found!
File\Folder C:\Users\***\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\O49YKCMU\(compatible%3B+MSIE+7.0%3B+Windows+NT+6.0%3B+Trident%2F4.0%3B+SLCC1%3B+.NET+CLR+2.0.50727%3B+Media+Center+PC+5.0%3B+.NET+CL R+3.5.30729%3B+InfoPath.2%3B+.NET+CLR+3.0[2].htm not found!
File\Folder C:\Users\***\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\O49YKCMU\(compatible%3B+MSIE+7.0%3B+Windows+NT+6.0%3B+Trident%2F4.0%3B+SLCC1%3B+.NET+CLR+2.0.50727%3B+Media+Center+PC+5.0%3B+.NET+CL R+3.5.30729%3B+InfoPath.2%3B+.NET+CLR+3.0[3].htm not found!
File\Folder C:\Users\***\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\O49YKCMU\(compatible%3B+MSIE+7.0%3B+Windows+NT+6.0%3B+Trident%2F4.0%3B+SLCC1%3B+.NET+CLR+2.0.50727%3B+Media+Center+PC+5.0%3B+.NET+CL R+3.5.30729%3B+InfoPath.2%3B+.NET+CLR+3.0[4].htm not found!
File\Folder C:\Users\***\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\O49YKCMU\0wtoGBftvelvAxPkBkTChrBhI1WtzbFfxoMRioF07hxP34Dfw5+_I+ALxBkNeqGVhRcjgBWodOCCFnQcu2h_eAi8Buc1PhnqbXxcK4FXR97Z330sIrWR6lik2Hr NSRIqDUPZLN4LpInIGY9GbrSNq8dKvM0EpeYSxsQ=[1].gif not found!
File\Folder C:\Users\***\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\DUJ3UCY3\(compatible%3B+MSIE+7.0%3B+Windows+NT+6.0%3B+Trident%2F4.0%3B+SLCC1%3B+.NET+CLR+2.0.50727%3B+Media+Center+PC+5.0%3B+.NET+CL R+3.5.30729%3B+InfoPath.2%3B+.NET+CLR+3.0[1].htm not found!
C:\Users\***\AppData\Local\Temp\E23.tmp moved successfully.
File\Folder C:\Users\***\AppData\Local\Temp\~DFD9E5.tmp not found!
File\Folder C:\Users\***\AppData\Local\Temp\~DFD9F0.tmp not found!
File\Folder C:\Users\***\AppData\Local\Temp\~DFDA4E.tmp not found!
File\Folder C:\Users\***\AppData\Local\Temp\~DFDA59.tmp not found!
File\Folder C:\Users\***\AppData\Local\Temp\~DFDBA3.tmp not found!
File\Folder C:\Users\***\AppData\Local\Temp\~DFDBAE.tmp not found!
C:\Users\***\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\TIR16TT0\92390-google-leitet-automatisch-um-antivir-meldet-immer-wieder-funde[1].html moved successfully.
C:\Users\***\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\6PMESAJ4\ads[7].htm moved successfully.
C:\Users\***\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5SY5BTKC\ads[7].htm moved successfully.
C:\Users\***\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\07P7SLSH\ads[7].htm moved successfully.

Registry entries deleted on Reboot...

mfg hyperbel und jetzt schon mal recht herzlichen Dank, dass du dich um mein Problem annimmst!

cosinus 03.11.2010 13:27
Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Lade dir ComboFix hier herunter auf deinen Desktop. Benenne es beim Runterladen um in cofi.exe.
http://saved.im/mtm0nzyzmzd5/cofi.jpg
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

hyperbel 03.11.2010 23:23
Die 2.Fehlermeldung kam wieder. genauso die mit dem dll modul.
Ist das ein Problem?

Zitat:
Zitat von hyperbel (Beitrag 585181)
2.Meldung: Die in der Registrierung angegebene Anwendung "C:/Users/Mustermann~1/AppData/Local/Temp/dwm.exe konnte nicht geladen oder gestartet werden. Stellen Sie sicher, dass die Datei vorhanden ist, oder entfernen Sie den Eintrag mit Bezug auf diese Datei aus der Registrierung.
Weiters konnte ich nicht mehr ins Internet gehen.(Wäre schon nett wenn das auch wieder mal geht ;-) ) Aus diesem Grund habe ich alle Dateien von einem anderen PC heruntergeladen!

hier nun der log vom combofix:
Combofix Logfile:
Code:
ComboFix 10-11-02.06 - *** 03.11.2010  22:56:44.1.2 - x86
Microsoft® Windows Vista™ Home Premium  6.0.6002.2.1252.43.1031.18.3070.2035 [GMT 1:00]
ausgeführt von:: c:\users\***\Desktop\cofi.exe
SP: Lavasoft Ad-Watch Live! *disabled* (Updated) {67844DAE-4F77-4D69-9457-98E8CFFDAA22}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\pdfforge Toolbar\SeARchsettings.dll
c:\program files\pdfforge Toolbar\WiDGitoolbarie.dll
c:\users\***\AppData\Roaming\chkntfs.dat
c:\users\***\AppData\Roaming\Microsoft\stor.cfg

.
(((((((((((((((((((((((  Dateien erstellt von 2010-10-03 bis 2010-11-03  ))))))))))))))))))))))))))))))
.

2010-11-03 21:44 . 2010-11-03 21:44        --------        d-----w-        c:\program files\CCleaner
2010-11-02 21:49 . 2010-11-02 21:49        --------        d-----w-        C:\_OTL
2010-10-31 20:14 . 2010-10-31 20:14        --------        d-----w-        c:\users\***\AppData\Roaming\AnVi
2010-10-31 19:06 . 2010-10-31 19:06        --------        d-----w-        c:\users\***\AppData\Roaming\Malwarebytes
2010-10-31 18:28 . 2010-10-31 18:28        --------        d-----w-        c:\users\***\AppData\Roaming\Malwarebytes
2010-10-31 18:28 . 2010-04-29 14:39        38224        ----a-w-        c:\windows\system32\drivers\mbamswissarmy.sys
2010-10-31 18:28 . 2010-10-31 18:28        --------        d-----w-        c:\programdata\Malwarebytes
2010-10-31 18:28 . 2010-04-29 14:39        20952        ----a-w-        c:\windows\system32\drivers\mbam.sys
2010-10-31 18:26 . 2010-10-31 18:26        --------        d-----w-        c:\program files\7-Zip
2010-10-29 16:00 . 2010-10-07 23:21        6146896        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{CB31BECB-5B6E-4D76-BC13-F72811AF308C}\mpengine.dll
2010-10-29 16:00 . 2010-08-26 16:34        1696256        ----a-w-        c:\windows\system32\gameux.dll
2010-10-29 16:00 . 2010-08-26 16:33        28672        ----a-w-        c:\windows\system32\Apphlpdm.dll
2010-10-29 16:00 . 2010-08-26 14:23        4240384        ----a-w-        c:\windows\system32\GameUXLegacyGDFs.dll
2010-10-13 12:23 . 2010-05-04 19:13        231424        ----a-w-        c:\windows\system32\msshsq.dll
2010-10-13 12:23 . 2010-08-20 16:05        867328        ----a-w-        c:\windows\system32\wmpmde.dll
2010-10-13 12:23 . 2010-08-31 15:44        531968        ----a-w-        c:\windows\system32\comctl32.dll
2010-10-06 06:58 . 2010-10-06 06:58        --------        d-----w-        c:\programdata\McAfee

.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-19 09:41 . 2009-10-02 18:20        222080        ------w-        c:\windows\system32\MpSigStub.exe
2010-08-26 16:33 . 2010-10-29 16:00        173056        ----a-w-        c:\windows\apppatch\AcXtrnal.dll
2010-08-26 16:33 . 2010-10-29 16:00        2159616        ----a-w-        c:\windows\apppatch\AcGenral.dll
2010-08-26 16:33 . 2010-10-29 16:00        542720        ----a-w-        c:\windows\apppatch\AcLayers.dll
2010-08-26 16:33 . 2010-10-29 16:00        458752        ----a-w-        c:\windows\apppatch\AcSpecfc.dll
2010-08-17 14:11 . 2010-09-15 11:27        128000        ----a-w-        c:\windows\system32\spoolsv.exe
.

((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlay]
@="{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}"
[HKEY_CLASSES_ROOT\CLSID\{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}]
2008-04-30 02:55        4232968        ----a-w-        c:\program files\Protector Suite QL\farchns.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlayOpen]
@="{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}"
[HKEY_CLASSES_ROOT\CLSID\{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}]
2008-04-30 02:55        4232968        ----a-w-        c:\program files\Protector Suite QL\farchns.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-09-24 13556256]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-09-24 92704]
"RtHDVCpl"="RtHDVCpl.exe" [2008-08-20 6265376]
"PSQLLauncher"="c:\program files\Protector Suite QL\launcher.exe" [2008-04-30 49928]
"MGSysCtrl"="c:\program files\System Control Manager\MGSysCtrl.exe" [2008-10-09 708608]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-14 39792]
"SearchSettings"="c:\program files\pdfforge Toolbar\SearchSettings.exe" [2009-01-30 992256]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-03-02 282792]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2010-03-02 524632]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"QuickTime Task"="d:\programme\QuickTime\QTTask.exe" [2008-09-06 413696]
"Malwarebytes Anti-Malware (reboot)"="d:\programme\Malwarebytes' Anti-Malware\mbam.exe" [2010-04-29 1090952]

c:\users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Netzwerk Server.lnk - c:\program files\WIBUKEY\Server\WkSvMgr.exe [2010-4-24 3768320]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"DisableCAD"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
2008-04-30 02:43        96008        ----a-w-        c:\windows\System32\psqlpwd.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages        REG_MULTI_SZ          scecli psqlpwd

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2010-03-02 1029456]
R2 Micro Star SCM;Micro Star SCM;c:\program files\System Control Manager\MSIService.exe [2008-08-27 159744]
R3 netr28;Ralink 802.11n Wireless Driver for Windows Vista;c:\windows\system32\DRIVERS\netr28.sys [2008-05-19 380416]
R3 NETw5v32;Intel(R) Wireless WiFi Link Adapter Driver for Windows Vista 32 Bit ;c:\windows\system32\DRIVERS\NETw5v32.sys [2008-04-27 3658752]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2009-06-08 64160]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2010-02-24 135336]
S3 enecir;ENE CIR Receiver;c:\windows\system32\DRIVERS\enecir.sys [2008-04-28 54784]
S3 ReallusionVirtualAudio;Reallusion Virtual Audio;c:\windows\system32\DRIVERS\RLVrtAuCbl.sys [2007-03-19 31616]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation        REG_MULTI_SZ          FontCache
.
Inhalt des "geplante Tasks" Ordners

2010-02-01 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-01-18 14:32]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.gmx.at/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Free YouTube Download - c:\users\***\AppData\Roaming\DVDVideoSoftIEHelpers\youtubedownload.htm
IE: Free YouTube to Mp3 Converter - c:\users\***\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm
FF - ProfilePath - c:\users\***\AppData\Roaming\Mozilla\Firefox\Profiles\xnezus8t.default\
FF - plugin: d:\programme\Opera\program\plugins\npqtplugin.dll
FF - plugin: d:\programme\Opera\program\plugins\npqtplugin2.dll
FF - plugin: d:\programme\Opera\program\plugins\npqtplugin3.dll
FF - plugin: d:\programme\Opera\program\plugins\npqtplugin4.dll
FF - plugin: d:\programme\Opera\program\plugins\npqtplugin5.dll
FF - plugin: d:\programme\Opera\program\plugins\npqtplugin6.dll
FF - plugin: d:\programme\Opera\program\plugins\npqtplugin7.dll
FF - plugin: d:\programme\QuickTime\Plugins\npqtplugin.dll
FF - plugin: d:\programme\QuickTime\Plugins\npqtplugin2.dll
FF - plugin: d:\programme\QuickTime\Plugins\npqtplugin3.dll
FF - plugin: d:\programme\QuickTime\Plugins\npqtplugin4.dll
FF - plugin: d:\programme\QuickTime\Plugins\npqtplugin5.dll
FF - plugin: d:\programme\QuickTime\Plugins\npqtplugin6.dll
FF - plugin: d:\programme\QuickTime\Plugins\npqtplugin7.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX Richtlinien ----
d:\programme\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
d:\programme\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
d:\programme\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2010-11-03 23:04
Windows 6.0.6002 Service Pack 2 NTFS

Scanne versteckte Prozesse...

Scanne versteckte Autostarteinträge...

Scanne versteckte Dateien...

Scan erfolgreich abgeschlossen
versteckte Dateien: 0

**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------

- - - - - - - > 'lsass.exe'(732)
c:\windows\system32\psqlpwd.dll
c:\program files\Protector Suite QL\homefus2.dll
c:\program files\Protector Suite QL\infql2.dll
.
Zeit der Fertigstellung: 2010-11-03  23:07:28
ComboFix-quarantined-files.txt  2010-11-03 22:07

Vor Suchlauf: 4.628.152.320 Bytes frei
Nach Suchlauf: 4.491.124.736 Bytes frei

- - End Of File - - 4429243B143EFCC7EA7DF067300E2AD9
--- --- ---

SG hyperbel

cosinus 04.11.2010 18:19
Seit wann genau funktioniert die Verbindung ins Internet nicht mehr?

hyperbel 04.11.2010 21:27
Bin mir leider nicht sicher aber nach dem letzten otl auf jeden fall nicht mehr.

Vorher kann ich leider nicht genau sagen da ich auch öfters von einem anderen pc aus ins netzt gegangen bin--> aus angst dass sich wieder viren einschleichen.

update von adaware ging zb.(weil da braucht man ja keinen browser)

mfg hyperbel
danke arne/cosinus dast dir da zeit nimmst dafür

cosinus 04.11.2010 21:34
Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.


Downloade Dir danach bitte MBRCheck (by a_d_13) und speichere die Datei auf dem Desktop.
  • Doppelklick auf die MBRCheck.exe.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Das Tool braucht nur eine Sekunde.
  • Danach solltest du eine MBRCheck_<Datum>_<Uhrzeit>.txt auf dem Desktop finden.
Poste mir bitte den Inhalt des .txt Dokumentes

hyperbel 04.11.2010 21:39
ja mach ich sofort
hab ich mir da was schlimmeres eingefangen oder kann man jetzt schon sagen was das ist?

mfg hyperbel

hyperbel 04.11.2010 22:35
jetzt hab ich idiot leider den gmer log irgendwie verloren. Kann ich den wieder wo finden? Das Programm hatte geschrieben scan has stopped.

die anderen logs:
OSAM Logfile:
Code:
Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 22:21:37 on 04.11.2010

OS: Windows Vista Home Premium Edition Service Pack 2 (Build 6002), 32-bit
Default Browser: Microsoft Corporation Internet Explorer 8.00.6001.18702

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Boot Execute]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Session Manager )-----
"BootExecute" - ? - C:\Windows\system32\lsdelete.exe  (File found, but it contains no detailed information)

[Common]
-----( %SystemRoot%\Tasks )-----
"Ad-Aware Update (Weekly).job" - "Lavasoft" - C:\Program Files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe

[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"LocalCOM.cpl" - "TOSHIBA CORPORATION" - C:\Windows\system32\LocalCOM.cpl
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"mlcfg32.cpl" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\MLCFG32.CPL
"ProtectorSuiteInfoPanel" - "UPEK Inc." - C:\Program Files\Protector Suite QL\infopnl.cpl
"QuickTime" - "Apple Inc." - D:\Programme\QuickTime\QTSystem\QuickTime.cpl

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"avgio" (avgio) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\avgio.sys
"avgntflt" (avgntflt) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avgntflt.sys
"avipbb" (avipbb) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avipbb.sys
"catchme" (catchme) - ? - C:\Users\***~1\AppData\Local\Temp\catchme.sys  (File not found)
"fwliykod" (fwliykod) - ? - C:\Users\***~1\AppData\Local\Temp\fwliykod.sys  (Hidden registry entry, rootkit activity | File not found)
"IP in IP Tunnel Driver" (IpInIp) - ? - C:\Windows\System32\DRIVERS\ipinip.sys  (File not found)
"IPX Traffic Filter Driver" (NwlnkFlt) - ? - C:\Windows\System32\DRIVERS\nwlnkflt.sys  (File not found)
"IPX Traffic Forwarder Driver" (NwlnkFwd) - ? - C:\Windows\System32\DRIVERS\nwlnkfwd.sys  (File not found)
"Reallusion Virtual Audio" (ReallusionVirtualAudio) - ? - C:\Windows\System32\DRIVERS\RLVrtAuCbl.sys  (File signed by Microsoft | File found, but it contains no detailed information)
"ssmdrv" (ssmdrv) - "Avira GmbH" - C:\Windows\System32\DRIVERS\ssmdrv.sys
"StarOpen" (StarOpen) - ? - C:\Windows\system32\drivers\StarOpen.sys  (File found, but it contains no detailed information)
"SymIMMP" (SymIMMP) - ? - C:\Windows\System32\DRIVERS\SymIM.sys  (File not found)

[Explorer]
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
-----( HKLM\Software\Classes\Protocols\Filter )-----
{807563E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
-----( HKLM\Software\Classes\Protocols\Handler )-----
{314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
{828030A1-22C1-4009-854F-8E305202313F} "livecall" - "Microsoft Corporation" - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
{88FED34C-F0CA-4636-A375-3CB6248B04CD} "Local Groove Web Services Protocol" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
{0A9007C0-4076-11D3-8789-0000F8105754} "Microsoft Infotech Storage Protocol for IE 4.0" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll
{828030A1-22C1-4009-854F-8E305202313F} "msnim" - "Microsoft Corporation" - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )-----
{B5A7F190-DDA6-4420-B3BA-52453494E6CD} "Groove GFS Stub Execution Hook" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{AEB6717E-7E19-11d0-97EE-00C04FD91972} "{AEB6717E-7E19-11d0-97EE-00C04FD91972}" - ? -  (File not found | COM-object registry key not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{911051fa-c21c-4246-b470-070cd8df6dc4} ".cab or .zip files" - ? -  (File not found | COM-object registry key not found)
{23170F69-40C1-278A-1000-000100020000} "7-Zip Shell Extension" - "Igor Pavlov" - C:\Program Files\7-Zip\7-zip.dll
{055EF591-5C38-49a0-9BDA-51B1D69D0BF4} "@C:\Program Files\Protector Suite QL\farchns.dll,-4263" - "UPEK Inc." - C:\Program Files\Protector Suite QL\farchns.dll
{1b24a030-9b20-49bc-97ac-1be4426f9e59} "ActiveDirectory Folder" - ? -  (File not found | COM-object registry key not found)
{34449847-FD14-4fc8-A75A-7432F5181EFB} "ActiveDirectory Folder" - ? -  (File not found | COM-object registry key not found)
{45C6AFA5-2C13-402f-BC5D-45CC8172EF6B} "Bluetooth Information Exchanger" - "TOSHIBA" - C:\Windows\system32\TosBtExt.dll
{0F8604A5-4ECE-4DE1-BA7D-CF10F8AA4F48} "Contacts folder" - ? -  (File not found | COM-object registry key not found)
{2C2577C2-63A7-40e3-9B7F-586602617ECB} "Explorer Query Band" - ? -  (File not found | COM-object registry key not found)
{99FD978C-D287-4F50-827F-B2C658EDA8E7} "Groove Explorer Icon Overlay 1 (GFS Unread Stub)" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} "Groove Explorer Icon Overlay 2 (GFS Stub)" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{920E6DB1-9907-4370-B3A0-BAFC03D81399} "Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{16F3DD56-1AF5-4347-846D-7C10C4192619} "Groove Explorer Icon Overlay 3 (GFS Folder)" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{2916C86E-86A6-43FE-8112-43ABE6BF8DCC} "Groove Explorer Icon Overlay 4 (GFS Unread Mark)" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{2A541AE1-5BF6-4665-A8A3-CFA9672E4291} "Groove Folder Synchronization" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{72853161-30C5-4D22-B7F9-0BBC1D38A37E} "Groove GFS Browser Helper" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{6C467336-8281-4E60-8204-430CED96822D} "Groove GFS Context Menu Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{B5A7F190-DDA6-4420-B3BA-52453494E6CD} "Groove GFS Stub Execution Hook" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{A449600E-1DC6-4232-B948-9BD794D62056} "Groove GFS Stub Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{387E725D-DC16-4D76-B310-2C93ED4752A0} "Groove XML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} "IE User Assist" - ? -  (File not found | COM-object registry key not found)
{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\msohevi.dll
{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C} "Microsoft Office OneNote Namespace Extension for Windows Desktop Search" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\ONFILTER.DLL
{00020d75-0000-0000-c000-000000000046} "Microsoft Office Outlook" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\MLSHEXT.DLL
{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{0006F045-0000-0000-C000-000000000046} "Outlook File Icon Extension" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\OLKFSTUB.DLL
{9AFDE8D6-200C-4b41-A5FC-B7251DFD1A8E} "Safearchive ContextMenu Class" - "UPEK Inc." - C:\Program Files\Protector Suite QL\farchns.dll
{E6D7D89A-2232-446d-8A0F-D0F9B06DB1CA} "Safearchive ExtractIcon Class" - "UPEK Inc." - C:\Program Files\Protector Suite QL\farchns.dll
{66C99756-1C92-4d3e-BA69-9400A6F731F5} "Safearchive PropertySheetHandler Class" - "UPEK Inc." - C:\Program Files\Protector Suite QL\farchns.dll
{C8494E42-ACDD-4739-B0FB-217361E4894F} "Sam Account Folder" - ? -  (File not found | COM-object registry key not found)
{E29F9716-5C08-4FCD-955A-119FDB5A522D} "Sam Account Folder" - ? -  (File not found | COM-object registry key not found)
{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\shlext.dll
{da67b8ad-e81b-4c70-9b91b417b5e33527} "Windows Search Shell Service" - ? -  (File not found | COM-object registry key not found)
{B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - ? - C:\Program Files\WinRAR 3.61 Multi\rarext.dll  (File found, but it contains no detailed information)

[Internet Explorer]
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
<binary data> "ITBar7Layout" - ? -  (File not found | COM-object registry key not found)
<binary data> "{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}" - ? -  (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{0CCA191D-13A6-4E29-B746-314DEE697D83} "Facebook Photo Uploader 5 Control" - "The Facebook" - C:\Windows\Downloaded Program Files\PhotoUploader5.ocx / hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
{8100D56A-5661-482C-BEE8-AFECE305D968} "Facebook Photo Uploader 5 Control" - "The Facebook" - C:\Windows\Downloaded Program Files\PhotoUploader55.ocx / hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
{CAC677B6-4963-4305-9066-0BD135CD9233} "IPSUploader4 Control" - "IP Labs GmbH - Germany" - C:\Windows\Downloaded Program Files\IPSUploader4.ocx / https://asp.photoprintit.de/microsite/14/defaults/activex/ips/IPSUploader4.cab
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_19" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab
{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} "Java Plug-in 1.6.0_19" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_19" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_19.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab
{D27CDB6E-AE6D-11CF-96B8-444553540000} "Shockwave Flash Object" - "Adobe Systems, Inc." - C:\Windows\system32\Macromed\Flash\Flash10k.ocx / hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
{48E73304-E1D6-4330-914C-F5F514E3486C} "An OneNote senden" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
{FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Research" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )-----
{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} "NCO Toolbar 2.0" - ? -  (File not found | COM-object registry key not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} "Adobe PDF Reader Link Helper" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
{72853161-30C5-4D22-B7F9-0BBC1D38A37E} "Groove GFS Browser Helper" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2ssv.dll
{9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live Anmelde-Hilfsprogramm" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
{5C255C8A-E604-49b4-9D64-90988571CECB} "{5C255C8A-E604-49b4-9D64-90988571CECB}" - ? -  (File not found | COM-object registry key not found)
{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} "{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}" - ? -  (File not found | COM-object registry key not found)

[LSA Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Lsa )-----
"Notification packages" - "UPEK Inc." - C:\Windows\system32\psqlpwd.dll

[Logon]
-----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )-----
"StartupPrograms" - ? - rdpclip  (File not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"Ad-Watch" - "Lavasoft" - C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
"Adobe Reader Speed Launcher" - "Adobe Systems Incorporated" - "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"avgnt" - "Avira GmbH" - "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
"GrooveMonitor" - "Microsoft Corporation" - "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
"Malwarebytes Anti-Malware (reboot)" - "Malwarebytes Corporation" - "D:\Programme\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
"MGSysCtrl" - "Mirco-Star International  CO., LTD." - C:\Program Files\System Control Manager\MGSysCtrl.exe
"PSQLLauncher" - "UPEK Inc." - "C:\Program Files\Protector Suite QL\launcher.exe" /startup
"QuickTime Task" - "Apple Inc." - "D:\Programme\QuickTime\QTTask.exe" -atboottime
"SearchSettings" - "GreenTree Applications, Inc." - C:\Program Files\pdfforge Toolbar\SearchSettings.exe
"SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

[Print Monitors]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----
"PDFCreator" - ? - C:\Windows\system32\pdfcmnnt.dll  (File found, but it contains no detailed information)
"Send To Microsoft OneNote Monitor" - "Microsoft Corporation" - C:\Windows\system32\msonpmon.dll
"Toshiba Bluetooth Monitor" - "TOSHIBA CORPORATION." - C:\Windows\system32\tbtmon.dll

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"@C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100" (WPFFontCache_v0400) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
"Avira AntiVir Guard" (AntiVirService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
"Avira AntiVir Planer" (AntiVirSchedulerService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\sched.exe
"Lavasoft Ad-Aware Service" (Lavasoft Ad-Aware Service) - "Lavasoft" - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
"Micro Star SCM" (Micro Star SCM) - ? - C:\Program Files\System Control Manager\MSIService.exe  (File found, but it contains no detailed information)
"Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
"Microsoft Office Diagnostics Service" (odserv) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
"Microsoft Office Groove Audit Service" (Microsoft Office Groove Audit Service) - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
"NMSAccess" (NMSAccess) - ? - D:\Programme\BurnAware Free\NMSAccess32.exe  (File found, but it contains no detailed information)
"NMSAccessU" (NMSAccessU) - ? - D:\Programme\CDBurnerXP\NMSAccessU.exe  (File found, but it contains no detailed information)
"Office Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
"TOSHIBA Bluetooth Service" (TOSHIBA Bluetooth Service) - "TOSHIBA CORPORATION" - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe

[Winlogon]
-----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon )-----
"GinaDLL" - "UPEK Inc." - C:\Windows\system32\vrlogon.dll
-----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify )-----
"psfus" - "UPEK Inc." - C:\Windows\system32\psqlpwd.dll

===[ Logfile end ]=========================================[ Logfile end ]===
--- --- ---

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru



MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows Vista Home Premium Edition
Windows Information: Service Pack 2 (build 6002), 32-bit
Base Board Manufacturer: MSI
BIOS Manufacturer: American Megatrends Inc.
System Manufacturer: Micro-Star International
System Product Name: EX620
Logical Drives Mask: 0x0000003c

Kernel Drivers (total 149):
0x81E4E000 \SystemRoot\system32\ntkrnlpa.exe
0x81E1B000 \SystemRoot\system32\hal.dll
0x8040D000 \SystemRoot\system32\kdcom.dll
0x80414000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x80484000 \SystemRoot\system32\PSHED.dll
0x80495000 \SystemRoot\system32\BOOTVID.dll
0x8049D000 \SystemRoot\system32\CLFS.SYS
0x804DE000 \SystemRoot\system32\CI.dll
0x80603000 \SystemRoot\system32\drivers\Wdf01000.sys
0x8067F000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x8068C000 \SystemRoot\system32\drivers\acpi.sys
0x806D2000 \SystemRoot\system32\drivers\WMILIB.SYS
0x806DB000 \SystemRoot\system32\drivers\msisadrv.sys
0x806E3000 \SystemRoot\system32\drivers\pci.sys
0x8070A000 \SystemRoot\System32\drivers\partmgr.sys
0x80719000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x8071C000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x80726000 \SystemRoot\system32\drivers\volmgr.sys
0x80735000 \SystemRoot\System32\drivers\volmgrx.sys
0x8077F000 \SystemRoot\System32\drivers\mountmgr.sys
0x89E07000 \SystemRoot\system32\DRIVERS\iaStor.sys
0x89EE0000 \SystemRoot\system32\drivers\atapi.sys
0x89EE8000 \SystemRoot\system32\drivers\ataport.SYS
0x89F06000 \SystemRoot\system32\drivers\fltmgr.sys
0x89F38000 \SystemRoot\system32\drivers\fileinfo.sys
0x89F48000 \SystemRoot\system32\DRIVERS\Lbd.sys
0x89F57000 \SystemRoot\System32\Drivers\ksecdd.sys
0x8A00C000 \SystemRoot\system32\drivers\ndis.sys
0x8A117000 \SystemRoot\system32\drivers\msrpc.sys
0x8A142000 \SystemRoot\system32\drivers\NETIO.SYS
0x8A20B000 \SystemRoot\System32\drivers\tcpip.sys
0x8A2F5000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x8A40A000 \SystemRoot\System32\Drivers\Ntfs.sys
0x8A51A000 \SystemRoot\system32\drivers\volsnap.sys
0x8A553000 \SystemRoot\System32\Drivers\spldr.sys
0x8A55B000 \SystemRoot\System32\Drivers\mup.sys
0x8A56A000 \SystemRoot\System32\drivers\ecache.sys
0x8A591000 \SystemRoot\system32\drivers\disk.sys
0x8A5A2000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x8A5C3000 \SystemRoot\system32\drivers\crcdisk.sys
0x8A5D9000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x8A5E4000 \SystemRoot\system32\DRIVERS\tunmp.sys
0x8A5ED000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x8DE09000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
0x8E546000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x8E5E7000 \SystemRoot\System32\drivers\watchdog.sys
0x8E5F3000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x8A17D000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x8A3E9000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x8E605000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x8E692000 \SystemRoot\system32\DRIVERS\Rtlh86.sys
0x8E6B4000 \SystemRoot\system32\DRIVERS\athr.sys
0x8E79A000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x8E7AD000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x8E7B8000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x8E7C3000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x8E7C7000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0x8E7D0000 \SystemRoot\system32\DRIVERS\enecir.sys
0x8E7E8000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x8A1BB000 \SystemRoot\System32\Drivers\tosrfcom.sys
0x8A1CB000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0x8078F000 \SystemRoot\system32\DRIVERS\storport.sys
0x8A200000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x8DE00000 \SystemRoot\system32\DRIVERS\RLVrtAuCbl.sys
0x89FC8000 \SystemRoot\system32\DRIVERS\portcls.sys
0x807D0000 \SystemRoot\system32\DRIVERS\drmk.sys
0x805BE000 \SystemRoot\system32\DRIVERS\ks.sys
0x805E8000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x8A000000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x8EA0D000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x8EA30000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x8EA3F000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x8EA53000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x8EA68000 \SystemRoot\system32\DRIVERS\termdd.sys
0x8EA78000 \SystemRoot\system32\DRIVERS\swenum.sys
0x8EA7A000 \SystemRoot\system32\DRIVERS\circlass.sys
0x8EA88000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x8EA92000 \SystemRoot\system32\DRIVERS\umbus.sys
0x8EA9F000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x8EAD4000 \SystemRoot\system32\DRIVERS\tosporte.sys
0x8EADF000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x8EC02000 \SystemRoot\system32\drivers\RTKVHDA.sys
0x8EE11000 \SystemRoot\system32\DRIVERS\AGRSM.sys
0x8EF37000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x8EF39000 \SystemRoot\system32\drivers\modem.sys
0x8EF46000 \SystemRoot\system32\DRIVERS\hidir.sys
0x8EF51000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x8EF61000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x8EF68000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0x8EF71000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x8EF79000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x8EF82000 \SystemRoot\System32\Drivers\Null.SYS
0x8EF89000 \SystemRoot\System32\Drivers\Beep.SYS
0x8EF90000 \SystemRoot\System32\drivers\vga.sys
0x8EF9C000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x8EFBD000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x8EFC5000 \SystemRoot\system32\drivers\rdpencdd.sys
0x8EFCD000 \SystemRoot\System32\Drivers\Msfs.SYS
0x8EFD8000 \SystemRoot\System32\Drivers\Npfs.SYS
0x8EFE6000 \SystemRoot\System32\DRIVERS\rasacd.sys
0x8EAF0000 \SystemRoot\system32\DRIVERS\tdx.sys
0x8EB06000 \SystemRoot\system32\DRIVERS\smb.sys
0x8EB1A000 \SystemRoot\system32\drivers\afd.sys
0x8EB62000 \SystemRoot\System32\DRIVERS\netbt.sys
0x8EB94000 \SystemRoot\system32\DRIVERS\pacer.sys
0x8EFEF000 \SystemRoot\system32\DRIVERS\netbios.sys
0x8EBAA000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x8EBBD000 \SystemRoot\system32\DRIVERS\ssmdrv.sys
0x8EBC3000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x8EA00000 \SystemRoot\system32\drivers\nsiproxy.sys
0x8F20A000 \SystemRoot\System32\Drivers\dfsc.sys
0x8F221000 \SystemRoot\system32\DRIVERS\avipbb.sys
0x8F243000 \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys
0x8F245000 \SystemRoot\system32\drivers\RTSTOR.SYS
0x8F259000 \SystemRoot\System32\Drivers\tcusb.sys
0x8F264000 \SystemRoot\System32\Drivers\crashdmp.sys
0x8F271000 \SystemRoot\System32\Drivers\dump_iaStor.sys
0x97CD0000 \SystemRoot\System32\win32k.sys
0x8F34A000 \SystemRoot\System32\drivers\Dxapi.sys
0x8F354000 \SystemRoot\system32\DRIVERS\monitor.sys
0x97EF0000 \SystemRoot\System32\TSDDD.dll
0x97F10000 \SystemRoot\System32\cdd.dll
0x8F363000 \SystemRoot\system32\drivers\luafv.sys
0x8F37E000 \SystemRoot\system32\DRIVERS\avgntflt.sys
0x8A310000 \SystemRoot\system32\drivers\spsys.sys
0x8F393000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x8F3A3000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x8F3CD000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x8F3D7000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x9D607000 \SystemRoot\system32\drivers\HTTP.sys
0x9D674000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x9D691000 \SystemRoot\system32\DRIVERS\bowser.sys
0x9D6AA000 \SystemRoot\System32\drivers\mpsdrv.sys
0x9D6BF000 \SystemRoot\system32\drivers\mrxdav.sys
0x9D6E0000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x9D6FF000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x9D738000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x9D750000 \SystemRoot\System32\DRIVERS\srv2.sys
0x9D778000 \SystemRoot\System32\DRIVERS\srv.sys
0x9BC0D000 \SystemRoot\system32\drivers\peauth.sys
0x9BCEB000 \SystemRoot\System32\Drivers\secdrv.SYS
0x9BCF5000 \SystemRoot\System32\drivers\tcpipreg.sys
0x9BD01000 \SystemRoot\system32\DRIVERS\cdfs.sys
0x9BD2C000 \SystemRoot\System32\Drivers\fastfat.SYS
0x9BD7B000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0x9BDB7000 \??\C:\Users\***~1\AppData\Local\Temp\fwliykod.sys
0x9BD17000 \SystemRoot\system32\DRIVERS\WUDFRd.sys
0x9BD54000 \SystemRoot\system32\DRIVERS\WUDFPf.sys
0x771A0000 \Windows\System32\ntdll.dll

Processes (total 62):
0 System Idle Process
4 System
492 C:\Windows\System32\smss.exe
620 csrss.exe
672 C:\Windows\System32\wininit.exe
680 csrss.exe
716 C:\Windows\System32\services.exe
728 C:\Windows\System32\lsass.exe
736 C:\Windows\System32\lsm.exe
912 C:\Windows\System32\svchost.exe
976 C:\Windows\System32\nvvsvc.exe
1004 C:\Windows\System32\svchost.exe
1036 C:\Windows\System32\svchost.exe
1112 C:\Windows\System32\winlogon.exe
1124 C:\Windows\System32\svchost.exe
1164 C:\Windows\System32\svchost.exe
1184 C:\Windows\System32\svchost.exe
1268 C:\Windows\System32\audiodg.exe
1288 C:\Windows\System32\svchost.exe
1304 C:\Windows\System32\SLsvc.exe
1364 C:\Windows\System32\svchost.exe
1516 C:\Windows\System32\svchost.exe
1668 C:\Windows\System32\rundll32.exe
1732 C:\Program Files\Protector Suite QL\upeksvr.exe
1964 C:\Windows\System32\spoolsv.exe
1972 C:\Windows\System32\taskeng.exe
2020 C:\Program Files\Avira\AntiVir Desktop\sched.exe
308 C:\Program Files\Avira\AntiVir Desktop\avguard.exe
508 C:\Windows\System32\svchost.exe
1872 C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
2196 C:\Windows\System32\dwm.exe
2308 C:\Windows\explorer.exe
2324 C:\Windows\System32\taskeng.exe
2720 C:\Windows\System32\agrsmsvc.exe
2812 C:\Program Files\System Control Manager\MSIService.exe
2920 D:\Programme\BurnAware Free\NMSAccess32.exe
2968 C:\Windows\System32\svchost.exe
3024 C:\Windows\System32\svchost.exe
3092 C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
3116 C:\Windows\System32\svchost.exe
3164 C:\Windows\System32\SearchIndexer.exe
3724 WmiPrvSE.exe
3980 C:\Program Files\Windows Defender\MSASCui.exe
3996 C:\Windows\System32\rundll32.exe
4008 C:\Windows\RtHDVCpl.exe
4060 C:\Program Files\System Control Manager\MGSysCtrl.exe
4068 C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
4092 C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
2064 C:\Program Files\Common Files\Java\Java Update\jusched.exe
2212 C:\Program Files\Windows Sidebar\sidebar.exe
2160 C:\Windows\ehome\ehtray.exe
2424 C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
2632 ehmsas.exe
2124 unsecapp.exe
2592 C:\Program Files\Protector Suite QL\psqltray.exe
3132 C:\Program Files\Windows Sidebar\sidebar.exe
3672 WUDFHost.exe
1764 C:\Windows\System32\SearchProtocolHost.exe
3924 C:\Windows\System32\SearchFilterHost.exe
812 dllhost.exe
4052 dllhost.exe
2564 C:\Users\***\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000001`f4100000 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x0000000c`f0900000 (NTFS)

PhysicalDrive0 Model Number: WDCWD3200BEVT-22ZCT0, Rev: 11.01A11

Size Device Name MBR Status
--------------------------------------------
298 GB \\.\PhysicalDrive0 Windows 2008 MBR code detected
SHA1: 8DF43F2BDE2D9451948FA14B5279969C777A7979


Done!


mfg hyperbel

cosinus 04.11.2010 22:40
Mach den Scan mit gmer notfalls nochmal. Die anderen beiden Logs sehen schonmal ok aus.

hyperbel 05.11.2010 08:09
Hier der gmer log....bitteschön

GMER Logfile:
Code:
GMER 1.0.15.15507 - hxxp://www.gmer.net
Rootkit scan 2010-11-05 03:53:39
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 WDC_WD32 11.0
Running: dziq27w0.exe; Driver: C:\Users\***~1\AppData\Local\Temp\fwliykod.sys


---- Kernel code sections - GMER 1.0.15 ----

.text          C:\Windows\system32\DRIVERS\nvlddmkm.sys                                                            section is writeable [0x8DE09320, 0x3F54F7, 0xE8000020]

---- User IAT/EAT - GMER 1.0.15 ----

IAT            C:\Windows\Explorer.EXE[2308] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown]                [746E7817] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[2308] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage]                [7473A86D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[2308] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI]            [746EBB22] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[2308] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode]      [746DF695] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[2308] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup]                [746E75E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[2308] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC]              [746DE7CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[2308] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM]  [74718395] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[2308] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream]    [746EDA60] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[2308] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight]            [746DFFFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[2308] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth]              [746DFF61] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[2308] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage]              [746D71CF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[2308] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM]      [7476CAE2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[2308] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile]          [7470C8D8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[2308] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics]            [746DD968] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[2308] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree]                      [746D6853] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[2308] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc]                      [746D687E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[2308] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode]        [746E2AD1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice  \Driver\tdx \Device\Tcp                                                                              Lbd.sys (Boot Driver/Lavasoft AB)
AttachedDevice  \FileSystem\fastfat \Fat                                                                            fltmgr.sys (Microsoft Dateisystem-Filter-Manager/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----
--- --- ---

mfg hyperbel


Alle Zeitangaben in WEZ +1. Es ist jetzt 10:38 Uhr.
Seite 1 von 3 1 23
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131