Trojaner-Board
Seite 2 von 3 1 2 3
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Windows Verschlüsselungs-Trojaner (https://www.trojaner-board.de/116581-windows-verschluesselungs-trojaner.html)

cosinus 10.06.2012 20:37
Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C:) nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

http://saved.im/mtkwmtcxexhp/setting...8_16-25-18.jpg

Aeuto 12.06.2012 17:52
Code:
21:48:28.0605 3872        TDSS rootkit removing tool 2.7.36.0 May 21 2012 16:40:16
21:48:28.0965 3872        ============================================================
21:48:28.0965 3872        Current date / time: 2012/06/12 21:48:28.0965
21:48:28.0965 3872        SystemInfo:
21:48:28.0965 3872       
21:48:28.0965 3872        OS Version: 5.1.2600 ServicePack: 2.0
21:48:28.0965 3872        Product type: Workstation
21:48:28.0965 3872        ComputerName: KATRIN-2146E303
21:48:28.0965 3872        UserName: Katrin
21:48:28.0965 3872        Windows directory: C:\WINDOWS
21:48:28.0965 3872        System windows directory: C:\WINDOWS
21:48:28.0965 3872        Processor architecture: Intel x86
21:48:28.0965 3872        Number of processors: 1
21:48:28.0965 3872        Page size: 0x1000
21:48:28.0965 3872        Boot type: Normal boot
21:48:28.0965 3872        ============================================================
21:48:31.0769 3872        Drive \Device\Harddisk0\DR0 - Size: 0x12A1F16000 (74.53 Gb), SectorSize: 0x200, Cylinders: 0x2601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
21:48:31.0779 3872        Drive \Device\Harddisk1\DR1 - Size: 0x3948BA000 (14.32 Gb), SectorSize: 0x200, Cylinders: 0x74D, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
21:48:31.0809 3872        ============================================================
21:48:31.0809 3872        \Device\Harddisk0\DR0:
21:48:31.0809 3872        MBR partitions:
21:48:31.0809 3872        \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x950A5C1
21:48:31.0809 3872        \Device\Harddisk1\DR1:
21:48:31.0809 3872        MBR partitions:
21:48:31.0809 3872        \Device\Harddisk1\DR1\Partition0: MBR, Type 0xC, StartLBA 0x3F, BlocksNum 0x1CA26CE
21:48:31.0809 3872        ============================================================
21:48:31.0839 3872        C: <-> \Device\Harddisk0\DR0\Partition0
21:48:31.0849 3872        ============================================================
21:48:31.0849 3872        Initialize success
21:48:31.0849 3872        ============================================================
21:49:28.0901 1084        ============================================================
21:49:28.0901 1084        Scan started
21:49:28.0901 1084        Mode: Manual; SigCheck; TDLFS;
21:49:28.0901 1084        ============================================================
21:49:29.0202 1084        61883          (86d7b1e70661d754685b9ac6d749aae5) C:\WINDOWS\system32\DRIVERS\61883.sys
21:49:31.0124 1084        61883 - ok
21:49:31.0175 1084        Abiosdsk - ok
21:49:31.0225 1084        abp480n5 - ok
21:49:31.0285 1084        ACPI            (94b4741d2cf9ed38140b831293d1601a) C:\WINDOWS\system32\DRIVERS\ACPI.sys
21:49:31.0625 1084        ACPI - ok
21:49:31.0705 1084        ACPIEC          (9e1ca3160dafb159ca14f83b1e317f75) C:\WINDOWS\system32\drivers\ACPIEC.sys
21:49:32.0036 1084        ACPIEC - ok
21:49:32.0056 1084        adpu160m - ok
21:49:32.0116 1084        aec            (1ee7b434ba961ef845de136224c30fec) C:\WINDOWS\system32\drivers\aec.sys
21:49:32.0807 1084        aec - ok
21:49:32.0877 1084        AFD            (55e6e1c51b6d30e54335750955453702) C:\WINDOWS\System32\drivers\afd.sys
21:49:32.0927 1084        AFD - ok
21:49:32.0947 1084        Aha154x - ok
21:49:32.0987 1084        aic78u2 - ok
21:49:33.0027 1084        aic78xx - ok
21:49:33.0057 1084        Alerter        (1aab6c5f8376357cb9b16c38c42c4076) C:\WINDOWS\system32\alrsvc.dll
21:49:33.0358 1084        Alerter - ok
21:49:33.0408 1084        ALG            (6596dd260ffde1bdc994c1df236307bb) C:\WINDOWS\System32\alg.exe
21:49:33.0578 1084        ALG - ok
21:49:33.0618 1084        AliIde - ok
21:49:33.0668 1084        AmdK7          (fbf9ffb0b638df1448821bd0aceeb780) C:\WINDOWS\system32\DRIVERS\amdk7.sys
21:49:33.0959 1084        AmdK7 - ok
21:49:33.0979 1084        amsint - ok
21:49:34.0099 1084        AntiVirSchedulerService (9015bc03f62940527ec92d45ee89e46f) C:\Programme\Avira\AntiVir Desktop\sched.exe
21:49:34.0119 1084        AntiVirSchedulerService ( UnsignedFile.Multi.Generic ) - warning
21:49:34.0119 1084        AntiVirSchedulerService - detected UnsignedFile.Multi.Generic (1)
21:49:34.0179 1084        AntiVirService  (b8720a787c1223492e6f319465e996ce) C:\Programme\Avira\AntiVir Desktop\avguard.exe
21:49:34.0199 1084        AntiVirService ( UnsignedFile.Multi.Generic ) - warning
21:49:34.0199 1084        AntiVirService - detected UnsignedFile.Multi.Generic (1)
21:49:34.0279 1084        AnyDVD          (133b7b6d6a3ec9e46fbe742ee1516c37) C:\WINDOWS\system32\Drivers\AnyDVD.sys
21:49:34.0369 1084        AnyDVD - ok
21:49:34.0439 1084        AppMgmt        (becd5328e7869807d6557be4fe60c72f) C:\WINDOWS\System32\appmgmts.dll
21:49:34.0609 1084        AppMgmt - ok
21:49:34.0670 1084        Arp1394        (f0d692b0bffb46e30eb3cea168bbc49f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
21:49:34.0960 1084        Arp1394 - ok
21:49:34.0980 1084        asc - ok
21:49:35.0020 1084        asc3350p - ok
21:49:35.0060 1084        asc3550 - ok
21:49:35.0120 1084        ASPI32 - ok
21:49:35.0220 1084        aspnet_state    (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
21:49:35.0240 1084        aspnet_state - ok
21:49:35.0300 1084        AsyncMac        (02000abf34af4c218c35d257024807d6) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
21:49:35.0591 1084        AsyncMac - ok
21:49:35.0661 1084        atapi          (cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOWS\system32\DRIVERS\atapi.sys
21:49:35.0931 1084        atapi - ok
21:49:35.0961 1084        Atdisk - ok
21:49:36.0012 1084        Atmarpc        (ec88da854ab7d7752ec8be11a741bb7f) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
21:49:36.0332 1084        Atmarpc - ok
21:49:36.0372 1084        AudioSrv        (e98b8250398f6637b335a76ba8dfb602) C:\WINDOWS\System32\audiosrv.dll
21:49:36.0662 1084        AudioSrv - ok
21:49:36.0733 1084        audstub        (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
21:49:37.0023 1084        audstub - ok
21:49:37.0073 1084        Avc            (87c223adb8f7596b31caae3c67b16ddd) C:\WINDOWS\system32\DRIVERS\avc.sys
21:49:37.0414 1084        Avc - ok
21:49:37.0464 1084        avgio          (0b497c79824f8e1bf22fa6aacd3de3a0) C:\Programme\Avira\AntiVir Desktop\avgio.sys
21:49:37.0474 1084        avgio - ok
21:49:37.0544 1084        avgntflt        (14fe36d8f2c6a2435275338d061a0b66) C:\WINDOWS\system32\DRIVERS\avgntflt.sys
21:49:37.0574 1084        avgntflt - ok
21:49:37.0644 1084        avipbb          (6d52060b59e7d79cd2a044b6add1f1ef) C:\WINDOWS\system32\DRIVERS\avipbb.sys
21:49:37.0654 1084        avipbb - ok
21:49:37.0714 1084        Beep            (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
21:49:37.0974 1084        Beep - ok
21:49:38.0024 1084        bgsvcgen        (71489fa2c4a238f178e30ae6e4449013) C:\WINDOWS\system32\bgsvcgen.exe
21:49:38.0044 1084        bgsvcgen ( UnsignedFile.Multi.Generic ) - warning
21:49:38.0044 1084        bgsvcgen - detected UnsignedFile.Multi.Generic (1)
21:49:38.0125 1084        BITS            (3a5e54a9ab96ef2d273b58136fb58efe) C:\WINDOWS\system32\qmgr.dll
21:49:38.0495 1084        BITS - ok
21:49:38.0535 1084        Browser        (d8653dcd80cf2ebb333fc4fcc43a7def) C:\WINDOWS\System32\browser.dll
21:49:38.0826 1084        Browser - ok
21:49:38.0866 1084        BthEnum        (d24b8d1784c68a25060fffbe8ed34b76) C:\WINDOWS\system32\DRIVERS\BthEnum.sys
21:49:39.0186 1084        BthEnum - ok
21:49:39.0246 1084        BTHMODEM        (9df0adf74ce1d6371ed60cf92eb1d9a6) C:\WINDOWS\system32\DRIVERS\bthmodem.sys
21:49:39.0527 1084        BTHMODEM - ok
21:49:39.0587 1084        BthPan          (10355270be12641b9764235da39dcf0f) C:\WINDOWS\system32\DRIVERS\bthpan.sys
21:49:39.0887 1084        BthPan - ok
21:49:39.0977 1084        BTHPORT        (3a7a07b55adc58e2001537eb6e0a980d) C:\WINDOWS\system32\Drivers\BTHport.sys
21:49:40.0057 1084        BTHPORT - ok
21:49:40.0097 1084        BthServ        (822d1875b12b6219cece1d221349cef4) C:\WINDOWS\System32\bthserv.dll
21:49:40.0368 1084        BthServ - ok
21:49:40.0438 1084        BTHUSB          (f06d4cb9918b462a84d9ac00027efc30) C:\WINDOWS\system32\Drivers\BTHUSB.sys
21:49:40.0728 1084        BTHUSB - ok
21:49:40.0798 1084        cbidf2k        (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
21:49:41.0059 1084        cbidf2k - ok
21:49:41.0139 1084        CCDECODE        (6163ed60b684bab19d3352ab22fc48b2) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
21:49:41.0449 1084        CCDECODE - ok
21:49:41.0479 1084        cd20xrnt - ok
21:49:41.0519 1084        Cdaudio        (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
21:49:41.0790 1084        Cdaudio - ok
21:49:41.0850 1084        Cdfs            (cd7d5152df32b47f4e36f710b35aae02) C:\WINDOWS\system32\drivers\Cdfs.sys
21:49:42.0150 1084        Cdfs - ok
21:49:42.0210 1084        Cdrom          (af9c19b3100fe010496b1a27181fbf72) C:\WINDOWS\system32\DRIVERS\cdrom.sys
21:49:42.0491 1084        Cdrom - ok
21:49:42.0521 1084        Changer - ok
21:49:42.0571 1084        CiSvc          (234d52c63c67a8cf4af9becce43bfb4a) C:\WINDOWS\system32\cisvc.exe
21:49:42.0871 1084        CiSvc - ok
21:49:42.0911 1084        ClipSrv        (0461868578d29dc18fb1c79933c5158a) C:\WINDOWS\system32\clipsrv.exe
21:49:43.0162 1084        ClipSrv - ok
21:49:43.0262 1084        clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
21:49:43.0292 1084        clr_optimization_v2.0.50727_32 - ok
21:49:43.0312 1084        CmdIde - ok
21:49:43.0342 1084        COMSysApp - ok
21:49:43.0422 1084        Cpqarray - ok
21:49:43.0472 1084        CryptSvc        (1a5f9db98df7955b4c7cbdbf2c638238) C:\WINDOWS\System32\cryptsvc.dll
21:49:43.0753 1084        CryptSvc - ok
21:49:43.0793 1084        dac2w2k - ok
21:49:43.0843 1084        dac960nt - ok
21:49:43.0943 1084        DcomLaunch      (d45bbcddc74a1b0259a0c4b00c190d20) C:\WINDOWS\system32\rpcss.dll
21:49:44.0123 1084        DcomLaunch - ok
21:49:44.0193 1084        Dhcp            (7c4d218f9017725589adacab82beb0f8) C:\WINDOWS\System32\dhcpcsvc.dll
21:49:45.0024 1084        Dhcp - ok
21:49:45.0065 1084        Disk            (00ca44e4534865f8a3b64f7c0984bff0) C:\WINDOWS\system32\DRIVERS\disk.sys
21:49:45.0345 1084        Disk - ok
21:49:45.0385 1084        dmadmin - ok
21:49:45.0515 1084        dmboot          (5789b83ba87fc84c3568cf86cacef8ce) C:\WINDOWS\system32\drivers\dmboot.sys
21:49:45.0846 1084        dmboot - ok
21:49:45.0896 1084        dmio            (084eb0a50a4f7b4705c8a57f234e5291) C:\WINDOWS\system32\drivers\dmio.sys
21:49:46.0176 1084        dmio - ok
21:49:46.0236 1084        dmload          (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
21:49:46.0547 1084        dmload - ok
21:49:46.0607 1084        dmserver        (fa2d9d1a9f6b5a88d01e1685ce2378ba) C:\WINDOWS\System32\dmserver.dll
21:49:46.0847 1084        dmserver - ok
21:49:46.0897 1084        DMusic          (a6f881284ac1150e37d9ae47ff601267) C:\WINDOWS\system32\drivers\DMusic.sys
21:49:47.0168 1084        DMusic - ok
21:49:47.0248 1084        Dnscache        (d1f5b71bbaeee07b78980dbd878c0bc7) C:\WINDOWS\System32\dnsrslvr.dll
21:49:47.0528 1084        Dnscache - ok
21:49:47.0588 1084        dpti2o - ok
21:49:47.0638 1084        drmkaud        (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOWS\system32\drivers\drmkaud.sys
21:49:47.0879 1084        drmkaud - ok
21:49:47.0939 1084        dsltestSp5      (c6b2e10cfe79169c72f0269087b9a603) C:\WINDOWS\system32\Drivers\dsltestSp5.sys
21:49:47.0949 1084        dsltestSp5 - ok
21:49:48.0029 1084        dtscsi          (12aca694b50ea53563c1e7c99e7bb27d) C:\WINDOWS\System32\Drivers\dtscsi.sys
21:49:48.0029 1084        Suspicious file (NoAccess): C:\WINDOWS\System32\Drivers\dtscsi.sys. md5: 12aca694b50ea53563c1e7c99e7bb27d
21:49:48.0029 1084        dtscsi ( LockedFile.Multi.Generic ) - warning
21:49:48.0029 1084        dtscsi - detected LockedFile.Multi.Generic (1)
21:49:48.0119 1084        DtvAudio        (5a4b065d01e98ec0936a9bf1d358a13d) C:\WINDOWS\system32\DRIVERS\DtvAudio.sys
21:49:48.0129 1084        DtvAudio ( UnsignedFile.Multi.Generic ) - warning
21:49:48.0129 1084        DtvAudio - detected UnsignedFile.Multi.Generic (1)
21:49:48.0179 1084        DtvVideo        (89bcc026ebefe8d866378755e9e1330c) C:\WINDOWS\system32\DRIVERS\DtvVideo.sys
21:49:48.0189 1084        DtvVideo ( UnsignedFile.Multi.Generic ) - warning
21:49:48.0189 1084        DtvVideo - detected UnsignedFile.Multi.Generic (1)
21:49:48.0259 1084        ElbyCDFL        (0e078ae86965772e84d50ba15d77e63e) C:\WINDOWS\system32\Drivers\ElbyCDFL.sys
21:49:48.0269 1084        ElbyCDFL ( UnsignedFile.Multi.Generic ) - warning
21:49:48.0269 1084        ElbyCDFL - detected UnsignedFile.Multi.Generic (1)
21:49:48.0359 1084        ElbyCDIO        (d71233d7ccc2e64f8715a20428d5a33b) C:\WINDOWS\system32\Drivers\ElbyCDIO.sys
21:49:48.0379 1084        ElbyCDIO - ok
21:49:48.0439 1084        ERSvc          (877a4512cc9074d6954776af47021766) C:\WINDOWS\System32\ersvc.dll
21:49:48.0690 1084        ERSvc - ok
21:49:48.0760 1084        Eventlog        (65f6b774819bd727358157cedea67b8e) C:\WINDOWS\system32\services.exe
21:49:48.0860 1084        Eventlog - ok
21:49:48.0920 1084        EventSystem    (d68ed3908c7a0db446111d34ac40dc18) C:\WINDOWS\system32\es.dll
21:49:48.0970 1084        EventSystem - ok
21:49:49.0040 1084        Fastfat        (3117f595e9615e04f05a54fc15a03b20) C:\WINDOWS\system32\drivers\Fastfat.sys
21:49:49.0341 1084        Fastfat - ok
21:49:49.0441 1084        FastUserSwitchingCompatibility (521a4cb71cc419fdf60db83e7308ae2b) C:\WINDOWS\System32\shsvcs.dll
21:49:50.0392 1084        FastUserSwitchingCompatibility - ok
21:49:50.0462 1084        Fdc            (ced2e8396a8838e59d8fd529c680e02c) C:\WINDOWS\system32\DRIVERS\fdc.sys
21:49:50.0743 1084        Fdc - ok
21:49:50.0803 1084        Fips            (9e9af89f9b14aa6249065c309ce73bd8) C:\WINDOWS\system32\drivers\Fips.sys
21:49:51.0073 1084        Fips - ok
21:49:51.0093 1084        Flpydisk        (0dd1de43115b93f4d85e889d7a86f548) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
21:49:51.0374 1084        Flpydisk - ok
21:49:51.0444 1084        FltMgr          (3d234fb6d6ee875eb009864a299bea29) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
21:49:52.0435 1084        FltMgr - ok
21:49:52.0555 1084        FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
21:49:52.0585 1084        FontCache3.0.0.0 - ok
21:49:52.0645 1084        Fs_Rec          (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
21:49:52.0926 1084        Fs_Rec - ok
21:49:52.0976 1084        Ftdisk          (8f1955ce42e1484714b542f341647778) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
21:49:53.0246 1084        Ftdisk - ok
21:49:53.0296 1084        gameenum        (5f92fd09e5610a5995da7d775eadcd12) C:\WINDOWS\system32\DRIVERS\gameenum.sys
21:49:53.0557 1084        gameenum - ok
21:49:53.0577 1084        GMSIPCI - ok
21:49:53.0637 1084        Gpc            (c0f1d4a21de5a415df8170616703debf) C:\WINDOWS\system32\DRIVERS\msgpc.sys
21:49:53.0877 1084        Gpc - ok
21:49:53.0987 1084        gupdate        (8f0de4fef8201e306f9938b0905ac96a) C:\Programme\Google\Update\GoogleUpdate.exe
21:49:53.0997 1084        gupdate - ok
21:49:54.0037 1084        gupdatem        (8f0de4fef8201e306f9938b0905ac96a) C:\Programme\Google\Update\GoogleUpdate.exe
21:49:54.0047 1084        gupdatem - ok
21:49:54.0158 1084        gusvc          (cc839e8d766cc31a7710c9f38cf3e375) C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe
21:49:54.0188 1084        gusvc - ok
21:49:54.0258 1084        helpsvc        (ba85bcf1a2bcf927c3600574173403e0) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
21:49:54.0508 1084        helpsvc - ok
21:49:54.0528 1084        HidServ - ok
21:49:54.0588 1084        hidusb          (1de6783b918f540149aa69943bdfeba8) C:\WINDOWS\system32\DRIVERS\hidusb.sys
21:49:54.0839 1084        hidusb - ok
21:49:54.0879 1084        hpn - ok
21:49:54.0959 1084        HTTP            (9f8b0f4276f618964fd118be4289b7cd) C:\WINDOWS\system32\Drivers\HTTP.sys
21:49:55.0039 1084        HTTP - ok
21:49:55.0109 1084        HTTPFilter      (9ec7e866bbdbf3ecc0e67f4e0a838eb2) C:\WINDOWS\System32\w3ssl.dll
21:49:55.0379 1084        HTTPFilter - ok
21:49:55.0419 1084        i2omgmt - ok
21:49:55.0459 1084        i2omp - ok
21:49:55.0540 1084        i8042prt        (7c575018d0413440d75432a78b88c899) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
21:49:55.0800 1084        i8042prt - ok
21:49:55.0910 1084        IDriverT        (1cf03c69b49acb70c722df92755c0c8c) C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
21:49:55.0940 1084        IDriverT ( UnsignedFile.Multi.Generic ) - warning
21:49:55.0940 1084        IDriverT - detected UnsignedFile.Multi.Generic (1)
21:49:56.0100 1084        idsvc          (c01ac32dc5c03076cfb852cb5da5229c) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
21:49:56.0201 1084        idsvc - ok
21:49:56.0261 1084        Imapi          (f8aa320c6a0409c0380e5d8a99d76ec6) C:\WINDOWS\system32\DRIVERS\imapi.sys
21:49:56.0521 1084        Imapi - ok
21:49:56.0591 1084        ImapiService    (57d7267a9ed91ecaf4336b08c9628fca) C:\WINDOWS\system32\imapi.exe
21:49:56.0851 1084        ImapiService - ok
21:49:56.0892 1084        ini910u - ok
21:49:56.0952 1084        IntelIde - ok
21:49:57.0002 1084        Ip6Fw          (4448006b6bc60e6c027932cfc38d6855) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
21:49:57.0292 1084        Ip6Fw - ok
21:49:57.0342 1084        IpFilterDriver  (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
21:49:57.0613 1084        IpFilterDriver - ok
21:49:57.0673 1084        IpInIp          (e1ec7f5da720b640cd8fb8424f1b14bb) C:\WINDOWS\system32\DRIVERS\ipinip.sys
21:49:57.0923 1084        IpInIp - ok
21:49:58.0123 1084        IpNat          (e2168cbc7098ffe963c6f23f472a3593) C:\WINDOWS\system32\DRIVERS\ipnat.sys
21:49:59.0135 1084        IpNat - ok
21:49:59.0225 1084        IPSec          (64537aa5c003a6afeee1df819062d0d1) C:\WINDOWS\system32\DRIVERS\ipsec.sys
21:49:59.0485 1084        IPSec - ok
21:49:59.0515 1084        IRENUM          (50708daa1b1cbb7d6ac1cf8f56a24410) C:\WINDOWS\system32\DRIVERS\irenum.sys
21:49:59.0676 1084        IRENUM - ok
21:49:59.0846 1084        isapnp          (ce9b7afdf0a3d7dd8d1487262316b959) C:\WINDOWS\system32\DRIVERS\isapnp.sys
21:50:00.0136 1084        isapnp - ok
21:50:00.0206 1084        Iviaspi        (f59c3569a2f2c464bb78cb1bdcdca55e) C:\WINDOWS\system32\drivers\iviaspi.sys
21:50:00.0246 1084        Iviaspi ( UnsignedFile.Multi.Generic ) - warning
21:50:00.0246 1084        Iviaspi - detected UnsignedFile.Multi.Generic (1)
21:50:00.0677 1084        JavaQuickStarterService (5e06a9d23727daf96faa796f1135fdcd) C:\Programme\Java\jre6\bin\jqs.exe
21:50:00.0707 1084        JavaQuickStarterService - ok
21:50:00.0827 1084        Kbdclass        (b128fc0a5cd83f669d5de4b58f77c7d6) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
21:50:01.0088 1084        Kbdclass - ok
21:50:01.0188 1084        kbdhid          (7ec877aa899323b92874fe62c7ddcde7) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
21:50:01.0468 1084        kbdhid - ok
21:50:01.0638 1084        kmixer          (ba5deda4d934e6288c2f66caf58d2562) C:\WINDOWS\system32\drivers\kmixer.sys
21:50:02.0640 1084        kmixer - ok
21:50:02.0720 1084        KSecDD          (674d3e5a593475915dc6643317192403) C:\WINDOWS\system32\drivers\KSecDD.sys
21:50:02.0960 1084        KSecDD - ok
21:50:03.0070 1084        lanmanserver    (2865fa4ed4471929881c053a6e5a85f6) C:\WINDOWS\System32\srvsvc.dll
21:50:04.0252 1084        lanmanserver - ok
21:50:04.0392 1084        lanmanworkstation (f716a6f5babb6da60c0532510ab52245) C:\WINDOWS\System32\wkssvc.dll
21:50:04.0482 1084        lanmanworkstation - ok
21:50:04.0673 1084        Lavasoft Ad-Aware Service (c48b0f913c944d736a455191ecd8ff45) C:\Programme\Lavasoft\Ad-Aware\AAWService.exe
21:50:04.0813 1084        Lavasoft Ad-Aware Service - ok
21:50:04.0883 1084        Lbd            (713cd5267abfb86fe90a72e384e82a38) C:\WINDOWS\system32\DRIVERS\Lbd.sys
21:50:04.0893 1084        Lbd - ok
21:50:04.0923 1084        lbrtfdc - ok
21:50:04.0973 1084        LHidUsbK - ok
21:50:05.0033 1084        LmHosts        (4c25fadd7fe1d5bd779b20d3d0eb8d7c) C:\WINDOWS\System32\lmhsvc.dll
21:50:05.0284 1084        LmHosts - ok
21:50:05.0324 1084        LMouKE - ok
21:50:05.0364 1084        lxcf_device - ok
21:50:05.0484 1084        MDM            (44ce5579514334b801eed77e8c618cd8) C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe
21:50:05.0524 1084        MDM ( UnsignedFile.Multi.Generic ) - warning
21:50:05.0524 1084        MDM - detected UnsignedFile.Multi.Generic (1)
21:50:05.0594 1084        Messenger      (e5215ab942c5ac5f7eb0e54871d7a27c) C:\WINDOWS\System32\msgsvc.dll
21:50:05.0834 1084        Messenger - ok
21:50:05.0894 1084        mnmdd          (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
21:50:06.0145 1084        mnmdd - ok
21:50:06.0215 1084        mnmsrvc        (bb2470d20405b272ea47ca5e18f1c58e) C:\WINDOWS\system32\mnmsrvc.exe
21:50:06.0495 1084        mnmsrvc - ok
21:50:06.0585 1084        Modem          (91a3da4b12f6f1d760463a7f7857f748) C:\WINDOWS\system32\drivers\Modem.sys
21:50:06.0826 1084        Modem - ok
21:50:06.0876 1084        Mouclass        (71e15ca47fd947552054afb28536268f) C:\WINDOWS\system32\DRIVERS\mouclass.sys
21:50:07.0126 1084        Mouclass - ok
21:50:07.0166 1084        mouhid          (66a6f73c74e1791464160a7065ce711a) C:\WINDOWS\system32\DRIVERS\mouhid.sys
21:50:07.0417 1084        mouhid - ok
21:50:07.0457 1084        MountMgr        (65653f3b4477f3c63e68a9659f85ee2e) C:\WINDOWS\system32\drivers\MountMgr.sys
21:50:07.0727 1084        MountMgr - ok
21:50:07.0747 1084        mraid35x - ok
21:50:07.0827 1084        MRxDAV          (29414447eb5bde2f8397dc965dbb3156) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
21:50:08.0969 1084        MRxDAV - ok
21:50:09.0069 1084        MRxSmb          (fb6c89bb3ce282b08bdb1e3c179e1c39) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
21:50:09.0179 1084        MRxSmb - ok
21:50:09.0239 1084        MSDTC          (d059f9c7752ef461476e83180daa5c62) C:\WINDOWS\system32\msdtc.exe
21:50:09.0510 1084        MSDTC - ok
21:50:09.0610 1084        MSDV            (6dd721dfd2648f3f6d5808b5ba6cb095) C:\WINDOWS\system32\DRIVERS\msdv.sys
21:50:09.0860 1084        MSDV - ok
21:50:09.0950 1084        Msfs            (561b3a4333ca2dbdba28b5b956822519) C:\WINDOWS\system32\drivers\Msfs.sys
21:50:10.0171 1084        Msfs - ok
21:50:10.0231 1084        MSIServer - ok
21:50:10.0291 1084        MSKSSRV        (ae431a8dd3c1d0d0610cdbac16057ad0) C:\WINDOWS\system32\drivers\MSKSSRV.sys
21:50:10.0551 1084        MSKSSRV - ok
21:50:10.0601 1084        MSPCLOCK        (13e75fef9dfeb08eeded9d0246e1f448) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
21:50:10.0852 1084        MSPCLOCK - ok
21:50:10.0872 1084        MSPQM          (1988a33ff19242576c3d0ef9ce785da7) C:\WINDOWS\system32\drivers\MSPQM.sys
21:50:11.0132 1084        MSPQM - ok
21:50:11.0212 1084        mssmbios        (469541f8bfd2b32659d5d463a6714bce) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
21:50:11.0462 1084        mssmbios - ok
21:50:11.0543 1084        MSTEE          (bf13612142995096ab084f2db7f40f77) C:\WINDOWS\system32\drivers\MSTEE.sys
21:50:11.0763 1084        MSTEE - ok
21:50:11.0833 1084        Mup            (82035e0f41c2dd05ae41d27fe6cf7de1) C:\WINDOWS\system32\drivers\Mup.sys
21:50:12.0083 1084        Mup - ok
21:50:12.0174 1084        N3AB            (a943db6381fde3e38769d9420ec2b9d9) C:\WINDOWS\system32\DRIVERS\N3AB.sys
21:50:12.0224 1084        N3AB ( UnsignedFile.Multi.Generic ) - warning
21:50:12.0224 1084        N3AB - detected UnsignedFile.Multi.Generic (1)
21:50:12.0294 1084        NABTSFEC        (5c8dc6429c43dc6177c1fa5b76290d1a) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
21:50:12.0554 1084        NABTSFEC - ok
21:50:12.0624 1084        NDIS            (558635d3af1c7546d26067d5d9b6959e) C:\WINDOWS\system32\drivers\NDIS.sys
21:50:12.0875 1084        NDIS - ok
21:50:12.0915 1084        NdisIP          (520ce427a8b298f54112857bcf6bde15) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
21:50:13.0155 1084        NdisIP - ok
21:50:13.0235 1084        NdisTapi        (08d43bbdacdf23f34d79e44ed35c1b4c) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
21:50:13.0495 1084        NdisTapi - ok
21:50:13.0545 1084        Ndisuio        (34d6cd56409da9a7ed573e1c90a308bf) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
21:50:13.0786 1084        Ndisuio - ok
21:50:13.0866 1084        NdisWan        (0b90e255a9490166ab368cd55a529893) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
21:50:14.0116 1084        NdisWan - ok
21:50:14.0156 1084        NDProxy        (59fc3fb44d2669bc144fd87826bb571f) C:\WINDOWS\system32\drivers\NDProxy.sys
21:50:14.0417 1084        NDProxy - ok
21:50:14.0457 1084        NetBIOS        (3a2aca8fc1d7786902ca434998d7ceb4) C:\WINDOWS\system32\DRIVERS\netbios.sys
21:50:14.0717 1084        NetBIOS - ok
21:50:14.0787 1084        NetBT          (0c80e410cd2f47134407ee7dd19cc86b) C:\WINDOWS\system32\DRIVERS\netbt.sys
21:50:15.0038 1084        NetBT - ok
21:50:15.0088 1084        NetDDE          (f4eff57254f565f39b6029150414a0d5) C:\WINDOWS\system32\netdde.exe
21:50:15.0348 1084        NetDDE - ok
21:50:15.0368 1084        NetDDEdsdm      (f4eff57254f565f39b6029150414a0d5) C:\WINDOWS\system32\netdde.exe
21:50:15.0618 1084        NetDDEdsdm - ok
21:50:15.0659 1084        Netlogon        (183805eb05bca5a1e4aaaed4d2be3690) C:\WINDOWS\system32\lsass.exe
21:50:15.0919 1084        Netlogon - ok
21:50:15.0999 1084        Netman          (1e5218fbe323c375b488318950e10fb4) C:\WINDOWS\System32\netman.dll
21:50:17.0041 1084        Netman - ok
21:50:17.0161 1084        NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
21:50:17.0181 1084        NetTcpPortSharing - ok
21:50:17.0221 1084        NIC1394        (5c5c53db4fef16cf87b9911c7e8c6fbc) C:\WINDOWS\system32\DRIVERS\nic1394.sys
21:50:17.0491 1084        NIC1394 - ok
21:50:17.0561 1084        NIOC            (660afb141d2b66d46bbce3d0167e693b) C:\WINDOWS\system32\NIOC.SYS
21:50:17.0581 1084        NIOC ( UnsignedFile.Multi.Generic ) - warning
21:50:17.0581 1084        NIOC - detected UnsignedFile.Multi.Generic (1)
21:50:17.0651 1084        Nla            (774274c487493452df3b0126dbe7ff3b) C:\WINDOWS\System32\mswsock.dll
21:50:17.0752 1084        Nla - ok
21:50:17.0822 1084        Npfs            (4f601bcb8f64ea3ac0994f98fed03f8e) C:\WINDOWS\system32\drivers\Npfs.sys
21:50:18.0072 1084        Npfs - ok
21:50:18.0082 1084        NTACCESS - ok
21:50:18.0192 1084        Ntfs            (19a811ef5f1ed5c926a028ce107ff1af) C:\WINDOWS\system32\drivers\Ntfs.sys
21:50:19.0404 1084        Ntfs - ok
21:50:19.0424 1084        NtLmSsp        (183805eb05bca5a1e4aaaed4d2be3690) C:\WINDOWS\system32\lsass.exe
21:50:19.0674 1084        NtLmSsp - ok
21:50:19.0784 1084        NtmsSvc        (428aa946a8d9f32dbb4260c8e6e13377) C:\WINDOWS\system32\ntmssvc.dll
21:50:20.0075 1084        NtmsSvc - ok
21:50:20.0155 1084        Null            (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
21:50:20.0405 1084        Null - ok
21:50:20.0606 1084        nv              (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
21:50:20.0996 1084        nv - ok
21:50:21.0116 1084        NwlnkFlt        (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
21:50:21.0367 1084        NwlnkFlt - ok
21:50:21.0407 1084        NwlnkFwd        (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
21:50:21.0667 1084        NwlnkFwd - ok
21:50:21.0717 1084        ohci1394        (0951db8e5823ea366b0e408d71e1ba2a) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
21:50:21.0968 1084        ohci1394 - ok
21:50:22.0038 1084        optousb        (af312907835a5ea9e56779b22c561268) C:\WINDOWS\system32\DRIVERS\optousb.sys
21:50:22.0128 1084        optousb - ok
21:50:22.0188 1084        optovcm        (a6129c7e757e3e4ee634ccc4ad9cf826) C:\WINDOWS\system32\DRIVERS\optovcm.sys
21:50:22.0198 1084        optovcm - ok
21:50:22.0238 1084        ovt519 - ok
21:50:22.0318 1084        Parport        (b2f17a2edb5450e61973a037f63a595b) C:\WINDOWS\system32\DRIVERS\parport.sys
21:50:22.0588 1084        Parport - ok
21:50:22.0659 1084        PartMgr        (3334430c29dc338092f79c38ef7b4cd0) C:\WINDOWS\system32\drivers\PartMgr.sys
21:50:22.0869 1084        PartMgr - ok
21:50:22.0899 1084        ParVdm          (c2bf987829099a3eaa2ca6a0a90ecb4f) C:\WINDOWS\system32\drivers\ParVdm.sys
21:50:23.0149 1084        ParVdm - ok
21:50:23.0209 1084        PCI            (6fb463e5b243fbd6f3d3c83f914d94fb) C:\WINDOWS\system32\DRIVERS\pci.sys
21:50:23.0510 1084        PCI - ok
21:50:23.0530 1084        PCIDump - ok
21:50:23.0570 1084        PCIIde - ok
21:50:23.0640 1084        Pcmcia          (e2363f4c1daff89abee5f593e13d8a05) C:\WINDOWS\system32\drivers\Pcmcia.sys
21:50:23.0890 1084        Pcmcia - ok
21:50:23.0910 1084        PDCOMP - ok
21:50:23.0950 1084        PDFRAME - ok
21:50:23.0990 1084        PDRELI - ok
21:50:24.0011 1084        PDRFRAME - ok
21:50:24.0051 1084        perc2 - ok
21:50:24.0091 1084        perc2hib - ok
21:50:24.0221 1084        PlugPlay        (65f6b774819bd727358157cedea67b8e) C:\WINDOWS\system32\services.exe
21:50:24.0341 1084        PlugPlay - ok
21:50:24.0411 1084        PolicyAgent    (183805eb05bca5a1e4aaaed4d2be3690) C:\WINDOWS\system32\lsass.exe
21:50:24.0651 1084        PolicyAgent - ok
21:50:24.0722 1084        PptpMiniport    (1c5cc65aac0783c344f16353e60b72ac) C:\WINDOWS\system32\DRIVERS\raspptp.sys
21:50:24.0972 1084        PptpMiniport - ok
21:50:25.0012 1084        ProtectedStorage (183805eb05bca5a1e4aaaed4d2be3690) C:\WINDOWS\system32\lsass.exe
21:50:25.0252 1084        ProtectedStorage - ok
21:50:25.0292 1084        PSched          (48671f327553dcf1d27f6197f622a668) C:\WINDOWS\system32\DRIVERS\psched.sys
21:50:25.0573 1084        PSched - ok
21:50:25.0643 1084        Ptilink        (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
21:50:25.0883 1084        Ptilink - ok
21:50:25.0953 1084        PxHelp20        (0c8da0a8b0d227319c285e0eae65defd) C:\WINDOWS\system32\Drivers\PxHelp20.sys
21:50:25.0973 1084        PxHelp20 ( UnsignedFile.Multi.Generic ) - warning
21:50:25.0973 1084        PxHelp20 - detected UnsignedFile.Multi.Generic (1)
21:50:26.0013 1084        ql1080 - ok
21:50:26.0053 1084        Ql10wnt - ok
21:50:26.0094 1084        ql12160 - ok
21:50:26.0144 1084        ql1240 - ok
21:50:26.0184 1084        ql1280 - ok
21:50:26.0254 1084        RasAcd          (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
21:50:26.0514 1084        RasAcd - ok
21:50:26.0574 1084        RasAuto        (e3c6e87c1f84584a773d7c3dd205dbff) C:\WINDOWS\System32\rasauto.dll
21:50:26.0835 1084        RasAuto - ok
21:50:26.0885 1084        Rasl2tp        (98faeb4a4dcf812ba1c6fca4aa3e115c) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
21:50:27.0135 1084        Rasl2tp - ok
21:50:27.0205 1084        RasMan          (3af4cab244f0db9aa8c157aa320cfb32) C:\WINDOWS\System32\rasmans.dll
21:50:27.0245 1084        RasMan ( UnsignedFile.Multi.Generic ) - warning
21:50:27.0245 1084        RasMan - detected UnsignedFile.Multi.Generic (1)
21:50:27.0295 1084        RasPppoe        (7306eeed8895454cbed4669be9f79faa) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
21:50:27.0536 1084        RasPppoe - ok
21:50:27.0596 1084        Raspti          (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
21:50:27.0866 1084        Raspti - ok
21:50:27.0956 1084        Rdbss          (03b965b1ca47f6ef60eb5e51cb50e0af) C:\WINDOWS\system32\DRIVERS\rdbss.sys
21:50:29.0058 1084        Rdbss - ok
21:50:29.0118 1084        RDPCDD          (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
21:50:29.0378 1084        RDPCDD - ok
21:50:29.0468 1084        rdpdr          (a2cae2c60bc37e0751ef9dda7ceaf4ad) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
21:50:29.0719 1084        rdpdr - ok
21:50:29.0789 1084        RDPWD          (b54cd38a9ebfbf2b3561426e3fe26f62) C:\WINDOWS\system32\drivers\RDPWD.sys
21:50:30.0920 1084        RDPWD - ok
21:50:30.0991 1084        RDSessMgr      (aec159942df64a9890072d7bb1797762) C:\WINDOWS\system32\sessmgr.exe
21:50:31.0261 1084        RDSessMgr - ok
21:50:31.0311 1084        redbook        (aa56702e230860565cb8d43680f57f33) C:\WINDOWS\system32\DRIVERS\redbook.sys
21:50:31.0581 1084        redbook - ok
21:50:31.0621 1084        RemoteAccess    (eba80cdf25e02084857957e820004934) C:\WINDOWS\System32\mprdim.dll
21:50:31.0872 1084        RemoteAccess - ok
21:50:31.0942 1084        RemoteRegistry  (ae81cf7d7cfa79cd03e8fb99788a7e09) C:\WINDOWS\system32\regsvc.dll
21:50:32.0202 1084        RemoteRegistry - ok
21:50:32.0282 1084        RFCOMM          (99c4b74981a1413f142a3903130088cb) C:\WINDOWS\system32\DRIVERS\rfcomm.sys
21:50:32.0523 1084        RFCOMM - ok
21:50:32.0583 1084        RpcLocator      (da23f9f3f1b1871120f980a6879581ac) C:\WINDOWS\system32\locator.exe
21:50:32.0843 1084        RpcLocator - ok
21:50:32.0943 1084        RpcSs          (d45bbcddc74a1b0259a0c4b00c190d20) C:\WINDOWS\system32\rpcss.dll
21:50:33.0094 1084        RpcSs - ok
21:50:33.0144 1084        RSVP            (4bdd71b4b521521499dfd14735c4f398) C:\WINDOWS\system32\rsvp.exe
21:50:33.0404 1084        RSVP - ok
21:50:33.0464 1084        SamSs          (183805eb05bca5a1e4aaaed4d2be3690) C:\WINDOWS\system32\lsass.exe
21:50:33.0724 1084        SamSs - ok
21:50:33.0805 1084        SCardSvr        (b4cf7b42de6cfa6fde7d6af4daa55f57) C:\WINDOWS\System32\SCardSvr.exe
21:50:34.0075 1084        SCardSvr - ok
21:50:34.0135 1084        Schedule        (d5e73842f38e24457c63fef8ceffbe19) C:\WINDOWS\system32\schedsvc.dll
21:50:34.0405 1084        Schedule - ok
21:50:34.0496 1084        Secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
21:50:35.0687 1084        Secdrv - ok
21:50:35.0747 1084        seclogon        (fed544b43903fb801b106f062110358a) C:\WINDOWS\System32\seclogon.dll
21:50:36.0018 1084        seclogon - ok
21:50:36.0098 1084        SENS            (ab74d986c1dd0d0c95b6ad37ec1e9f4f) C:\WINDOWS\system32\sens.dll
21:50:36.0348 1084        SENS - ok
21:50:36.0458 1084        serenum        (a2d868aeeff612e70e213c451a70cafb) C:\WINDOWS\system32\DRIVERS\serenum.sys
21:50:36.0719 1084        serenum - ok
21:50:36.0799 1084        Serial          (cd5b9995afcdb466c9efc048d167e3be) C:\WINDOWS\system32\DRIVERS\serial.sys
21:50:37.0049 1084        Serial - ok
21:50:37.0139 1084        SetupNTGLM7X - ok
21:50:37.0179 1084        SFC4 - ok
21:50:37.0250 1084        Sfloppy        (0d13b6df6e9e101013a7afb0ce629fe0) C:\WINDOWS\system32\drivers\Sfloppy.sys
21:50:37.0520 1084        Sfloppy - ok
21:50:37.0700 1084        SharedAccess    (9245420422e409a25c1410acb4244060) C:\WINDOWS\System32\ipnathlp.dll
21:50:38.0121 1084        SharedAccess - ok
21:50:38.0241 1084        ShellHWDetection (521a4cb71cc419fdf60db83e7308ae2b) C:\WINDOWS\System32\shsvcs.dll
21:50:39.0453 1084        ShellHWDetection - ok
21:50:39.0493 1084        Simbad - ok
21:50:39.0633 1084        SLIP            (5caeed86821fa2c6139e32e9e05ccdc9) C:\WINDOWS\system32\DRIVERS\SLIP.sys
21:50:39.0923 1084        SLIP - ok
21:50:39.0973 1084        Sparrow - ok
21:50:40.0104 1084        splitter        (0ce218578fff5f4f7e4201539c45c78f) C:\WINDOWS\system32\drivers\splitter.sys
21:50:41.0345 1084        splitter - ok
21:50:41.0496 1084        Spooler        (da81ec57acd4cdc3d4c51cf3d409af9f) C:\WINDOWS\system32\spoolsv.exe
21:50:42.0778 1084        Spooler - ok
21:50:43.0368 1084        sptd            (02064d374133c1a65251ab4d85c391bb) C:\WINDOWS\system32\Drivers\sptd.sys
21:50:43.0368 1084        Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: 02064d374133c1a65251ab4d85c391bb
21:50:43.0378 1084        sptd ( LockedFile.Multi.Generic ) - warning
21:50:43.0378 1084        sptd - detected LockedFile.Multi.Generic (1)
21:50:43.0519 1084        sr              (e4200cb2f418d8fc4acdd7e38c419d6a) C:\WINDOWS\system32\DRIVERS\sr.sys
21:50:43.0669 1084        sr - ok
21:50:43.0839 1084        srservice      (015f302c4cf961f20c3f98f3a7ca7917) C:\WINDOWS\system32\srsvc.dll
21:50:44.0039 1084        srservice - ok
21:50:44.0280 1084        Srv            (7a4f147cc6b133f905f6e65e2f8669fb) C:\WINDOWS\system32\DRIVERS\srv.sys
21:50:44.0410 1084        Srv - ok
21:50:44.0470 1084        SSDPSRV        (6fa03b462b2fffe2627171b7fe73ee29) C:\WINDOWS\System32\ssdpsrv.dll
21:50:44.0630 1084        SSDPSRV - ok
21:50:44.0670 1084        ssmdrv          (5ec550b8952882ee856b862cf648522d) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
21:50:44.0680 1084        ssmdrv - ok
21:50:44.0760 1084        stisvc          (25e9b30af1fa1b9af1853577f39ff20b) C:\WINDOWS\system32\wiaservc.dll
21:50:45.0862 1084        stisvc - ok
21:50:45.0902 1084        streamip        (284c57df5dc7abca656bc2b96a667afb) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
21:50:46.0172 1084        streamip - ok
21:50:46.0212 1084        swenum          (03c1bae4766e2450219d20b993d6e046) C:\WINDOWS\system32\DRIVERS\swenum.sys
21:50:46.0473 1084        swenum - ok
21:50:46.0533 1084        swmidi          (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOWS\system32\drivers\swmidi.sys
21:50:46.0793 1084        swmidi - ok
21:50:46.0813 1084        SwPrv - ok
21:50:46.0853 1084        symc810 - ok
21:50:46.0893 1084        symc8xx - ok
21:50:46.0933 1084        sym_hi - ok
21:50:46.0954 1084        sym_u3 - ok
21:50:47.0034 1084        sysaudio        (650ad082d46bac0e64c9c0e0928492fd) C:\WINDOWS\system32\drivers\sysaudio.sys
21:50:47.0294 1084        sysaudio - ok
21:50:47.0384 1084        SysmonLog      (6d0c43df9d3a7c5a9b4f94772cbd5ddc) C:\WINDOWS\system32\smlogsvc.exe
21:50:47.0655 1084        SysmonLog - ok
21:50:47.0745 1084        TapiSrv        (427d7eb3b453347082c8f4b370065d60) C:\WINDOWS\System32\tapisrv.dll
21:50:48.0896 1084        TapiSrv - ok
21:50:48.0966 1084        Tcpip          (2a5554fc5b1e04e131230e3ce035c3f9) C:\WINDOWS\system32\DRIVERS\tcpip.sys
21:50:49.0137 1084        Tcpip - ok
21:50:49.0197 1084        TDPIPE          (38d437cf2d98965f239b0abcd66dcb0f) C:\WINDOWS\system32\drivers\TDPIPE.sys
21:50:49.0457 1084        TDPIPE - ok
21:50:49.0587 1084        TDslMgrService  (1226a953d4fdbdfd570da5cee66eaa55) C:\Programme\DSL-Manager\DslMgrSvc.exe
21:50:49.0627 1084        TDslMgrService ( UnsignedFile.Multi.Generic ) - warning
21:50:49.0627 1084        TDslMgrService - detected UnsignedFile.Multi.Generic (1)
21:50:49.0687 1084        TDTCP          (ed0580af02502d00ad8c4c066b156be9) C:\WINDOWS\system32\drivers\TDTCP.sys
21:50:49.0938 1084        TDTCP - ok
21:50:49.0978 1084        TermDD          (a540a99c281d933f3d69d55e48727f47) C:\WINDOWS\system32\DRIVERS\termdd.sys
21:50:50.0218 1084        TermDD - ok
21:50:50.0288 1084        TermService    (1850bc10de5dcccede063fc2d0f2ceda) C:\WINDOWS\System32\termsrv.dll
21:50:50.0569 1084        TermService - ok
21:50:50.0629 1084        Themes          (521a4cb71cc419fdf60db83e7308ae2b) C:\WINDOWS\System32\shsvcs.dll
21:50:51.0821 1084        Themes - ok
21:50:51.0871 1084        TlntSvr        (58708746b8267033e5cf2b29659e7f74) C:\WINDOWS\system32\tlntsvr.exe
21:50:52.0051 1084        TlntSvr - ok
21:50:52.0101 1084        TosIde - ok
21:50:52.0171 1084        TrkWks          (a34e894201d66e380e1fa96fe11b587e) C:\WINDOWS\system32\trkwks.dll
21:50:52.0431 1084        TrkWks - ok
21:50:52.0471 1084        TSMPacket      (7c1367bff5587cf49c0ed2e664f6eac0) C:\WINDOWS\system32\DRIVERS\tsmpkt.sys
21:50:52.0481 1084        TSMPacket ( UnsignedFile.Multi.Generic ) - warning
21:50:52.0481 1084        TSMPacket - detected UnsignedFile.Multi.Generic (1)
21:50:52.0562 1084        Udfs            (12f70256f140cd7d52c58c7048fde657) C:\WINDOWS\system32\drivers\Udfs.sys
21:50:52.0812 1084        Udfs - ok
21:50:52.0832 1084        ultra - ok
21:50:52.0902 1084        Update          (aff2e5045961bbc0a602bb6f95eb1345) C:\WINDOWS\system32\DRIVERS\update.sys
21:50:53.0162 1084        Update - ok
21:50:53.0243 1084        upnphost        (855790c1baced245a6b210af430ed17b) C:\WINDOWS\System32\upnphost.dll
21:50:54.0474 1084        upnphost - ok
21:50:54.0524 1084        UPS            (a99f867e76cfdaa28ee305b93f70e84f) C:\WINDOWS\System32\ups.exe
21:50:54.0795 1084        UPS - ok
21:50:54.0855 1084        usbaudio        (45a0d14b26c35497ad93bce7e15c9941) C:\WINDOWS\system32\drivers\usbaudio.sys
21:50:55.0095 1084        usbaudio - ok
21:50:55.0155 1084        usbccgp        (bffd9f120cc63bcbaa3d840f3eef9f79) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
21:50:55.0416 1084        usbccgp - ok
21:50:55.0466 1084        usbhub          (c72f40947f92cea56a8fb532edf025f1) C:\WINDOWS\system32\DRIVERS\usbhub.sys
21:50:55.0726 1084        usbhub - ok
21:50:55.0806 1084        usbprint        (a42369b7cd8886cd7c70f33da6fcbcf5) C:\WINDOWS\system32\DRIVERS\usbprint.sys
21:50:56.0057 1084        usbprint - ok
21:50:56.0127 1084        USBSTOR        (6cd7b22193718f1d17a47a1cd6d37e75) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
21:50:56.0377 1084        USBSTOR - ok
21:50:56.0467 1084        usbuhci        (f8fd1400092e23c8f2f31406ef06167b) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
21:50:56.0728 1084        usbuhci - ok
21:50:56.0768 1084        VgaSave        (8a60edd72b4ea5aea8202daf0e427925) C:\WINDOWS\System32\drivers\vga.sys
21:50:56.0998 1084        VgaSave - ok
21:50:57.0058 1084        viaagp          (d92e7c8a30cfd14d8e15b5f7f032151b) C:\WINDOWS\system32\DRIVERS\viaagp.sys
21:50:57.0308 1084        viaagp - ok
21:50:57.0348 1084        ViaIde          (59cb1338ad3654417bea49636457f65d) C:\WINDOWS\system32\DRIVERS\viaide.sys
21:50:57.0629 1084        ViaIde - ok
21:50:57.0669 1084        VIAPFD          (d956827780a0b7eae97930116e5649f7) C:\WINDOWS\System32\Drivers\VIAPFD.SYS
21:50:57.0679 1084        VIAPFD ( UnsignedFile.Multi.Generic ) - warning
21:50:57.0679 1084        VIAPFD - detected UnsignedFile.Multi.Generic (1)
21:50:57.0749 1084        VIAudio        (819bf44085104be6527b86a88acf856b) C:\WINDOWS\system32\drivers\ac97via.sys
21:50:57.0989 1084        VIAudio - ok
21:50:58.0029 1084        VolSnap        (d6888520ff56d72a50437e371ca25fc9) C:\WINDOWS\system32\drivers\VolSnap.sys
21:50:58.0300 1084        VolSnap - ok
21:50:58.0390 1084        VSS            (6635ecbf0d8090dc3a452d0d072b5d5b) C:\WINDOWS\System32\vssvc.exe
21:50:58.0580 1084        VSS - ok
21:50:58.0670 1084        W32Time        (c6d874cd2a5b83cd11cdebd28a638584) C:\WINDOWS\system32\w32time.dll
21:50:58.0931 1084        W32Time - ok
21:50:58.0991 1084        Wanarp          (984ef0b9788abf89974cfed4bfbaacbc) C:\WINDOWS\system32\DRIVERS\wanarp.sys
21:50:59.0241 1084        Wanarp - ok
21:50:59.0321 1084        wceusbsh        (b2e899062723723b3f150023b5a123ad) C:\WINDOWS\system32\DRIVERS\wceusbsh.sys
21:50:59.0582 1084        wceusbsh - ok
21:50:59.0622 1084        WDICA - ok
21:50:59.0692 1084        wdmaud          (efd235ca22b57c81118c1aeb4798f1c1) C:\WINDOWS\system32\drivers\wdmaud.sys
21:51:00.0843 1084        wdmaud - ok
21:51:00.0924 1084        WebClient      (879ecb9a5f14a03960b84edb7207a051) C:\WINDOWS\System32\webclnt.dll
21:51:02.0055 1084        WebClient - ok
21:51:02.0195 1084        winmgmt        (da2dadb42916e59c6e4bba593bccda73) C:\WINDOWS\system32\wbem\WMIsvc.dll
21:51:02.0456 1084        winmgmt - ok
21:51:02.0556 1084        WmdmPmSN        (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll
21:51:02.0646 1084        WmdmPmSN - ok
21:51:02.0756 1084        Wmi            (80d811741505365b79cbdb1254d5c98b) C:\WINDOWS\System32\advapi32.dll
21:51:02.0916 1084        Wmi - ok
21:51:02.0997 1084        WmiApSrv        (042a78fcd1adfb0fba9865d55c6f5cc1) C:\WINDOWS\system32\wbem\wmiapsrv.exe
21:51:03.0247 1084        WmiApSrv - ok
21:51:03.0447 1084        WMPNetworkSvc  (bf05650bb7df5e9ebdd25974e22403bb) C:\Programme\Windows Media Player\WMPNetwk.exe
21:51:03.0557 1084        WMPNetworkSvc - ok
21:51:03.0648 1084        wscsvc          (bd3561aae748150cf51c2ca876449ea7) C:\WINDOWS\system32\wscsvc.dll
21:51:03.0878 1084        wscsvc - ok
21:51:03.0968 1084        WSTCODEC        (d5842484f05e12121c511aa93f6439ec) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
21:51:04.0198 1084        WSTCODEC - ok
21:51:04.0238 1084        wuauserv        (1eddd5c0ecf3fa6edfd8a25b2b4e7df6) C:\WINDOWS\system32\wuauserv.dll
21:51:04.0499 1084        wuauserv - ok
21:51:04.0569 1084        WudfPf          (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
21:51:04.0629 1084        WudfPf - ok
21:51:04.0669 1084        WudfRd          (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
21:51:04.0719 1084        WudfRd - ok
21:51:04.0779 1084        WudfSvc        (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll
21:51:04.0819 1084        WudfSvc - ok
21:51:04.0869 1084        WZCBDLService  (a2a11f8062d0195bc3a4fc7e7641317e) C:\Programme\WZCBDL Service\WZCBDLS.exe
21:51:04.0879 1084        WZCBDLService ( UnsignedFile.Multi.Generic ) - warning
21:51:04.0879 1084        WZCBDLService - detected UnsignedFile.Multi.Generic (1)
21:51:04.0989 1084        WZCSVC          (ae83ada96575dacf533c2bcb1fc163dc) C:\WINDOWS\System32\wzcsvc.dll
21:51:05.0290 1084        WZCSVC - ok
21:51:05.0350 1084        xmlprov        (8302de1c64618d72346dd0034dbc5d9b) C:\WINDOWS\System32\xmlprov.dll
21:51:05.0630 1084        xmlprov - ok
21:51:05.0761 1084        MBR (0x1B8)    (72b8ce41af0de751c946802b3ed844b4) \Device\Harddisk0\DR0
21:51:06.0462 1084        \Device\Harddisk0\DR0 - ok
21:51:06.0522 1084        Boot (0x1200)  (6cb4800ae24665605a13b789689a9d50) \Device\Harddisk0\DR0\Partition0
21:51:06.0532 1084        \Device\Harddisk0\DR0\Partition0 - ok
21:51:06.0572 1084        Boot (0x1200)  (784b5380e764559c76b0a6c2b6024ddd) \Device\Harddisk1\DR1\Partition0
21:51:06.0572 1084        \Device\Harddisk1\DR1\Partition0 - ok
21:51:06.0582 1084        ============================================================
21:51:06.0582 1084        Scan finished
21:51:06.0582 1084        ============================================================
21:51:06.0732 3724        Detected object count: 19
21:51:06.0732 3724        Actual detected object count: 19
21:51:52.0688 3724        AntiVirSchedulerService ( UnsignedFile.Multi.Generic ) - skipped by user
21:51:52.0688 3724        AntiVirSchedulerService ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:51:52.0688 3724        AntiVirService ( UnsignedFile.Multi.Generic ) - skipped by user
21:51:52.0688 3724        AntiVirService ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:51:52.0688 3724        bgsvcgen ( UnsignedFile.Multi.Generic ) - skipped by user
21:51:52.0688 3724        bgsvcgen ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:51:52.0688 3724        dtscsi ( LockedFile.Multi.Generic ) - skipped by user
21:51:52.0688 3724        dtscsi ( LockedFile.Multi.Generic ) - User select action: Skip
21:51:52.0708 3724        DtvAudio ( UnsignedFile.Multi.Generic ) - skipped by user
21:51:52.0708 3724        DtvAudio ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:51:52.0708 3724        DtvVideo ( UnsignedFile.Multi.Generic ) - skipped by user
21:51:52.0708 3724        DtvVideo ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:51:52.0728 3724        ElbyCDFL ( UnsignedFile.Multi.Generic ) - skipped by user
21:51:52.0728 3724        ElbyCDFL ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:51:52.0728 3724        IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
21:51:52.0728 3724        IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:51:52.0738 3724        Iviaspi ( UnsignedFile.Multi.Generic ) - skipped by user
21:51:52.0738 3724        Iviaspi ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:51:52.0738 3724        MDM ( UnsignedFile.Multi.Generic ) - skipped by user
21:51:52.0738 3724        MDM ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:51:52.0738 3724        N3AB ( UnsignedFile.Multi.Generic ) - skipped by user
21:51:52.0738 3724        N3AB ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:51:52.0738 3724        NIOC ( UnsignedFile.Multi.Generic ) - skipped by user
21:51:52.0738 3724        NIOC ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:51:52.0738 3724        PxHelp20 ( UnsignedFile.Multi.Generic ) - skipped by user
21:51:52.0738 3724        PxHelp20 ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:51:52.0738 3724        RasMan ( UnsignedFile.Multi.Generic ) - skipped by user
21:51:52.0738 3724        RasMan ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:51:52.0738 3724        sptd ( LockedFile.Multi.Generic ) - skipped by user
21:51:52.0738 3724        sptd ( LockedFile.Multi.Generic ) - User select action: Skip
21:51:52.0738 3724        TDslMgrService ( UnsignedFile.Multi.Generic ) - skipped by user
21:51:52.0738 3724        TDslMgrService ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:51:52.0758 3724        TSMPacket ( UnsignedFile.Multi.Generic ) - skipped by user
21:51:52.0758 3724        TSMPacket ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:51:52.0758 3724        VIAPFD ( UnsignedFile.Multi.Generic ) - skipped by user
21:51:52.0758 3724        VIAPFD ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:51:52.0768 3724        WZCBDLService ( UnsignedFile.Multi.Generic ) - skipped by user
21:51:52.0768 3724        WZCBDLService ( UnsignedFile.Multi.Generic ) - User select action: Skip

cosinus 12.06.2012 21:55
Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.

Aeuto 17.06.2012 18:32
Code:
ComboFix 12-06-16.02 - Katrin 17.06.2012  20:24:18.1.1 - x86
ausgeführt von:: c:\dokumente und einstellungen\Katrin\Desktop\ComboFix.exe
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\dokumente und einstellungen\All Users\Anwendungsdaten\TEMP
c:\dokumente und einstellungen\Katrin\WINDOWS
C:\Images
c:\windows\IsUn0407.exe
c:\windows\system\WINSPOOL.DRV
c:\windows\unin0407.exe
.
Infizierte Kopie von c:\windows\system32\msgsvc.dll wurde gefunden und desinfiziert
Kopie von - c:\system volume information\_restore{285A22FE-DCF4-40E9-AD33-128518B8C588}\RP4\A0005150.dll wurde wiederhergestellt
.
c:\windows\system32\drivers\usbehci.sys . . . fehlt!!
.
.
(((((((((((((((((((((((  Dateien erstellt von 2012-05-17 bis 2012-06-17  ))))))))))))))))))))))))))))))
.
.
2012-06-09 03:22 . 2011-07-13 02:55        2237440        ----a-r-        C:\OTLPE.exe
2012-06-09 03:22 . 2012-06-09 03:22        --------        d-----w-        C:\_OTL
2012-06-09 02:38 . 2012-06-09 02:38        --------        d-----w-        c:\programme\ESET
2012-06-08 23:36 . 2012-06-08 23:36        --------        d-----w-        c:\dokumente und einstellungen\Katrin\Anwendungsdaten\Malwarebytes
2012-06-08 23:36 . 2012-06-08 23:36        --------        d-----w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\Malwarebytes
2012-06-08 23:36 . 2012-06-08 23:36        --------        d-----w-        c:\programme\Malwarebytes' Anti-Malware
2012-06-08 23:36 . 2012-04-04 13:56        22344        ----a-w-        c:\windows\system32\drivers\mbam.sys
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2004-03-11 11:27 . 2006-06-05 14:51        40960        ----a-w-        c:\programme\Uninstall_CDS.exe
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-01-01 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Conceptronic WLAN Utility"="c:\programme\Conceptronic\WLANmon.exe" [2003-08-12 458752]
"RemoteControl"="c:\programme\CyberLink DVD Solution\PowerDVD\PDVDServ.exe" [2003-12-08 32768]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-03-09 86016]
"QuickTime Task"="c:\programme\QuickTime\qttask.exe" [2006-08-30 282624]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2002-12-31 110592]
"avgnt"="c:\programme\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"Google Quick Search Box"="c:\programme\Google\Quick Search Box\GoogleQuickSearchBox.exe" [2010-01-01 122880]
"CloneCDTray"="c:\programme\Elaborate Bytes\CloneCD\CloneCDTray.exe" [2002-04-15 57344]
"LXCFCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\LXCFtime.dll" [2005-07-20 73728]
"LexwareInfoService"="c:\programme\Gemeinsame Dateien\Lexware\Update Manager\LxUpdateManager.exe" [2008-11-03 339240]
"Adobe Reader Speed Launcher"="c:\programme\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
"Adobe ARM"="c:\programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"SunJavaUpdateSched"="c:\programme\Gemeinsame Dateien\Java\Java Update\jusched.exe" [2010-10-29 249064]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2002-12-31 15360]
.
c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\
InterVideo WinCinema Manager.lnk - c:\programme\InterVideo\Common\Bin\WinCinemaMgr.exe [2006-9-15 278528]
Microsoft Office.lnk - c:\programme\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
WinManager.lnk - c:\programme\PC-TV\WinManager\WinManager.exe [2010-1-19 57344]
.
c:\dokumente und einstellungen\Default User\Startmenü\Programme\Autostart\
DSL-Manager.lnk - c:\programme\DSL-Manager\DslMgr.exe [2009-12-4 1085440]
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programme\\Messenger\\msmsgs.exe"=
"c:\\WINDOWS\\system32\\lxcfcoms.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxcfpswx.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"135:TCP"= 135:TCP:TCP Port 135
"5000:TCP"= 5000:TCP:TCP Port 5000
"5001:TCP"= 5001:TCP:TCP Port 5001
"5002:TCP"= 5002:TCP:TCP Port 5002
"5003:TCP"= 5003:TCP:TCP Port 5003
"5004:TCP"= 5004:TCP:TCP Port 5004
"5005:TCP"= 5005:TCP:TCP Port 5005
"5006:TCP"= 5006:TCP:TCP Port 5006
"5007:TCP"= 5007:TCP:TCP Port 5007
"5008:TCP"= 5008:TCP:TCP Port 5008
"5009:TCP"= 5009:TCP:TCP Port 5009
"5010:TCP"= 5010:TCP:TCP Port 5010
"5011:TCP"= 5011:TCP:TCP Port 5011
"5012:TCP"= 5012:TCP:TCP Port 5012
"5013:TCP"= 5013:TCP:TCP Port 5013
"5014:TCP"= 5014:TCP:TCP Port 5014
"5015:TCP"= 5015:TCP:TCP Port 5015
"5016:TCP"= 5016:TCP:TCP Port 5016
"5017:TCP"= 5017:TCP:TCP Port 5017
"5018:TCP"= 5018:TCP:TCP Port 5018
"5019:TCP"= 5019:TCP:TCP Port 5019
"5020:TCP"= 5020:TCP:TCP Port 5020
.
R2 gupdate;Google Update Service (gupdate);c:\programme\Google\Update\GoogleUpdate.exe [2010-01-30 135664]
R3 dsltestSp5;dsltestSp5 NDIS Protocol Driver;c:\windows\system32\Drivers\dsltestSp5.sys [2007-09-12 26816]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\programme\Google\Update\GoogleUpdate.exe [2010-01-30 135664]
R3 optousb;OPTO ELECTRONICS optousb;c:\windows\system32\DRIVERS\optousb.sys [2008-04-04 18432]
R3 optovcm;OPTO ELECTRONICS optovcm;c:\windows\system32\DRIVERS\optovcm.sys [2008-04-04 26368]
R3 SetupNTGLM7X;SetupNTGLM7X;F:\NTGLM7X.sys [x]
R3 SFC4;SFC4;c:\windows\system32\drivers\SFC4.sys [x]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2009-12-02 64288]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2006-08-09 642560]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\programme\Avira\AntiVir Desktop\sched.exe [2009-05-13 108289]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\programme\Lavasoft\Ad-Aware\AAWService.exe [2011-04-18 1181328]
S2 NIOC;NIOC Service;c:\windows\system32\NIOC.SYS [2002-09-27 22912]
S2 WZCBDLService;WZCBDL Service;c:\programme\WZCBDL Service\WZCBDLS.exe [2002-03-19 36864]
S3 DtvAudio;DtvAudio;c:\windows\system32\DRIVERS\DtvAudio.sys [2004-02-26 10330]
S3 DtvVideo;DtvVideo;c:\windows\system32\DRIVERS\DtvVideo.sys [2005-01-03 25600]
S3 N3AB;N3AB Wireless Network Adapter Service;c:\windows\system32\DRIVERS\N3AB.sys [2003-08-25 322336]
S3 TDslMgrService;DSL-Manager;c:\programme\DSL-Manager\DslMgrSvc.exe [2008-10-23 307200]
S3 TSMPacket;DSL-Manager Service;c:\windows\system32\DRIVERS\tsmpkt.sys [2007-06-26 13824]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
Inhalt des "geplante Tasks" Ordners
.
2012-06-17 c:\windows\Tasks\Ad-Aware Update (Daily 1).job
- c:\programme\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-12-02 17:52]
.
2012-06-17 c:\windows\Tasks\Ad-Aware Update (Daily 2).job
- c:\programme\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-12-02 17:52]
.
2012-06-17 c:\windows\Tasks\Ad-Aware Update (Daily 3).job
- c:\programme\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-12-02 17:52]
.
2012-06-17 c:\windows\Tasks\Ad-Aware Update (Daily 4).job
- c:\programme\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-12-02 17:52]
.
2012-06-17 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\programme\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-12-02 17:52]
.
2012-06-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\programme\Google\Update\GoogleUpdate.exe [2010-01-30 11:39]
.
2012-06-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programme\Google\Update\GoogleUpdate.exe [2010-01-30 11:39]
.
2012-06-17 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2009-12-04 21:18]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.web.de/
IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.1
DPF: {45A0A292-ECC6-4D8F-9EA9-A4BD411D24C1} - hxxp://www.king.com/ctl/kingcomie.cab
DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://game.zylom.com/activex/zylomgamesplayer.cab
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKLM-Run-Logitech Hardware Abstraction Layer - KHALMNPR.EXE
Notify-WgaLogon - (no file)
AddRemove-Ad-Aware - c:\dokumente und einstellungen\All Users\Anwendungsdaten\{BC9FCCF7-E686-494B-8C9B-55C9A39A7CA9}\Ad-AwareInstallation.exe
AddRemove-Amazon MP3-Downloader - c:\dokumente und einstellungen\Nina\Programm\Uninstall.exe
AddRemove-Dark Omen - c:\windows\IsUn0407.exe
AddRemove-PokerStars.net - c:\programme\PokerStars.NET\PokerStarsUninstall.exe
AddRemove-{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF} - c:\dokumente und einstellungen\All Users\Anwendungsdaten\{BC9FCCF7-E686-494B-8C9B-55C9A39A7CA9}\Ad-AwareInstallation.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2012-06-17 20:48
Windows 5.1.2600 Service Pack 2 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
  LXCFCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\LXCFtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'explorer.exe'(3392)
c:\programme\Google\Quick Search Box\bin\1.2.1151.245\qsb.dll
c:\programme\DSL-Manager\Deskband.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\system32\rundll32.exe
c:\programme\Avira\AntiVir Desktop\avguard.exe
c:\windows\system32\bgsvcgen.exe
c:\programme\Java\jre6\bin\jqs.exe
c:\programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe
c:\programme\Gemeinsame Dateien\Java\Java Update\jucheck.exe
c:\programme\Lavasoft\Ad-Aware\AAWTray.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-06-17  21:00:46 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2012-06-17 19:00
.
Vor Suchlauf: 14 Verzeichnis(se), 21.907.902.464 Bytes frei
Nach Suchlauf: 14 Verzeichnis(se), 24.182.308.864 Bytes frei
.
WindowsXP-KB310994-SP2-Pro-BootDisk-DEU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - 46C7BF58C70126A1CA15B6A2F61F1805

cosinus 18.06.2012 09:31
Combofix - Scripten

1. Starte das Notepad (Start / Ausführen / notepad[Enter])

2. Jetzt füge mit copy/paste den ganzen Inhalt der untenstehenden Codebox in das Notepad Fenster ein.

Code:
Registry::
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5000:TCP"=-
"5001:TCP"=-
"5002:TCP"=-
"5003:TCP"=-
"5004:TCP"=-
"5005:TCP"=-
"5006:TCP"=-
"5007:TCP"=-
"5008:TCP"=-
"5009:TCP"=-
"5010:TCP"=-
"5011:TCP"=-
"5012:TCP"=-
"5013:TCP"=-
"5014:TCP"=-
"5015:TCP"=-
"5016:TCP"=-
"5017:TCP"=-
"5018:TCP"=-
"5019:TCP"=-
"5020:TCP"=-

Driver::
SFC4
SetupNTGLM7X
3. Speichere im Notepad als CFScript.txt auf dem Desktop.

4. Deaktivere den Guard Deines Antivirenprogramms und eine eventuell vorhandene Software Firewall.
(Auch Guards von Ad-, Spyware Programmen und den Tea Timer (wenn vorhanden) !)

5. Dann ziehe die CFScript.txt auf die cofi.exe, so wie es im unteren Bild zu sehen ist. Damit wird Combofix neu gestartet.

http://users.pandora.be/bluepatchy/m...s/CFScript.gif

6. Nach dem Neustart (es wird gefragt ob Du neustarten willst), poste bitte die folgenden Log Dateien:
Combofix.txt

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

Aeuto 18.06.2012 19:30
Code:
ComboFix 12-06-16.02 - Katrin 18.06.2012  20:22:04.3.1 - x86
ausgeführt von:: c:\dokumente und einstellungen\Katrin\Desktop\ComboFix.exe
Benutzte Befehlsschalter :: c:\dokumente und einstellungen\Katrin\Desktop\CFScript.txt
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
Infizierte Kopie von c:\windows\system32\msgsvc.dll wurde gefunden und desinfiziert
Kopie von - c:\windows\erdnt\cache\msgsvc.dll wurde wiederhergestellt
.
c:\windows\system32\drivers\usbehci.sys . . . fehlt!!
.
.
(((((((((((((((((((((((((((((((((((((((  Treiber/Dienste  )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_SFC4
-------\Service_SetupNTGLM7X
-------\Service_SFC4
.
.
(((((((((((((((((((((((  Dateien erstellt von 2012-05-18 bis 2012-06-18  ))))))))))))))))))))))))))))))
.
.
2012-06-09 03:22 . 2011-07-13 02:55        2237440        ----a-r-        C:\OTLPE.exe
2012-06-09 03:22 . 2012-06-09 03:22        --------        d-----w-        C:\_OTL
2012-06-09 02:38 . 2012-06-09 02:38        --------        d-----w-        c:\programme\ESET
2012-06-08 23:36 . 2012-06-08 23:36        --------        d-----w-        c:\dokumente und einstellungen\Katrin\Anwendungsdaten\Malwarebytes
2012-06-08 23:36 . 2012-06-08 23:36        --------        d-----w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\Malwarebytes
2012-06-08 23:36 . 2012-06-08 23:36        --------        d-----w-        c:\programme\Malwarebytes' Anti-Malware
2012-06-08 23:36 . 2012-04-04 13:56        22344        ----a-w-        c:\windows\system32\drivers\mbam.sys
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2004-03-11 11:27 . 2006-06-05 14:51        40960        ----a-w-        c:\programme\Uninstall_CDS.exe
.
.
(((((((((((((((((((((((((((((  SnapShot@2012-06-17_18.48.59  )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-06-18 18:48 . 2012-06-18 18:48        16384              c:\windows\Temp\Perflib_Perfdata_5c8.dat
+ 2006-06-05 18:35 . 2012-06-17 17:33        56731752              c:\windows\system32\MRT.exe
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-01-01 39408]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"AutoLaunch"="c:\programme\Lavasoft\Ad-Aware\AutoLaunch.exe" [2011-04-18 743584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Conceptronic WLAN Utility"="c:\programme\Conceptronic\WLANmon.exe" [2003-08-12 458752]
"RemoteControl"="c:\programme\CyberLink DVD Solution\PowerDVD\PDVDServ.exe" [2003-12-08 32768]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-03-09 86016]
"QuickTime Task"="c:\programme\QuickTime\qttask.exe" [2006-08-30 282624]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2002-12-31 110592]
"avgnt"="c:\programme\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"Google Quick Search Box"="c:\programme\Google\Quick Search Box\GoogleQuickSearchBox.exe" [2010-01-01 122880]
"CloneCDTray"="c:\programme\Elaborate Bytes\CloneCD\CloneCDTray.exe" [2002-04-15 57344]
"LXCFCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\LXCFtime.dll" [2005-07-20 73728]
"LexwareInfoService"="c:\programme\Gemeinsame Dateien\Lexware\Update Manager\LxUpdateManager.exe" [2008-11-03 339240]
"Adobe Reader Speed Launcher"="c:\programme\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
"Adobe ARM"="c:\programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"SunJavaUpdateSched"="c:\programme\Gemeinsame Dateien\Java\Java Update\jusched.exe" [2010-10-29 249064]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2002-12-31 15360]
.
c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\
InterVideo WinCinema Manager.lnk - c:\programme\InterVideo\Common\Bin\WinCinemaMgr.exe [2006-9-15 278528]
Microsoft Office.lnk - c:\programme\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
WinManager.lnk - c:\programme\PC-TV\WinManager\WinManager.exe [2010-1-19 57344]
.
c:\dokumente und einstellungen\Default User\Startmenü\Programme\Autostart\
DSL-Manager.lnk - c:\programme\DSL-Manager\DslMgr.exe [2009-12-4 1085440]
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programme\\Messenger\\msmsgs.exe"=
"c:\\WINDOWS\\system32\\lxcfcoms.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxcfpswx.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"135:TCP"= 135:TCP:TCP Port 135
.
R2 gupdate;Google Update Service (gupdate);c:\programme\Google\Update\GoogleUpdate.exe [2010-01-30 135664]
R3 dsltestSp5;dsltestSp5 NDIS Protocol Driver;c:\windows\system32\Drivers\dsltestSp5.sys [2007-09-12 26816]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\programme\Google\Update\GoogleUpdate.exe [2010-01-30 135664]
R3 optousb;OPTO ELECTRONICS optousb;c:\windows\system32\DRIVERS\optousb.sys [2008-04-04 18432]
R3 optovcm;OPTO ELECTRONICS optovcm;c:\windows\system32\DRIVERS\optovcm.sys [2008-04-04 26368]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2009-12-02 64288]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2006-08-09 642560]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\programme\Avira\AntiVir Desktop\sched.exe [2009-05-13 108289]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\programme\Lavasoft\Ad-Aware\AAWService.exe [2011-04-18 1181328]
S2 NIOC;NIOC Service;c:\windows\system32\NIOC.SYS [2002-09-27 22912]
S2 WZCBDLService;WZCBDL Service;c:\programme\WZCBDL Service\WZCBDLS.exe [2002-03-19 36864]
S3 DtvAudio;DtvAudio;c:\windows\system32\DRIVERS\DtvAudio.sys [2004-02-26 10330]
S3 DtvVideo;DtvVideo;c:\windows\system32\DRIVERS\DtvVideo.sys [2005-01-03 25600]
S3 N3AB;N3AB Wireless Network Adapter Service;c:\windows\system32\DRIVERS\N3AB.sys [2003-08-25 322336]
S3 TDslMgrService;DSL-Manager;c:\programme\DSL-Manager\DslMgrSvc.exe [2008-10-23 307200]
S3 TSMPacket;DSL-Manager Service;c:\windows\system32\DRIVERS\tsmpkt.sys [2007-06-26 13824]
.
.
Inhalt des "geplante Tasks" Ordners
.
2012-06-18 c:\windows\Tasks\Ad-Aware Update (Daily 1).job
- c:\programme\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-12-02 17:52]
.
2012-06-18 c:\windows\Tasks\Ad-Aware Update (Daily 2).job
- c:\programme\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-12-02 17:52]
.
2012-06-18 c:\windows\Tasks\Ad-Aware Update (Daily 3).job
- c:\programme\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-12-02 17:52]
.
2012-06-18 c:\windows\Tasks\Ad-Aware Update (Daily 4).job
- c:\programme\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-12-02 17:52]
.
2012-06-18 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\programme\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-12-02 17:52]
.
2012-06-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\programme\Google\Update\GoogleUpdate.exe [2010-01-30 11:39]
.
2012-06-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programme\Google\Update\GoogleUpdate.exe [2010-01-30 11:39]
.
2012-06-18 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2009-12-04 21:18]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.web.de/
IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.1
DPF: {45A0A292-ECC6-4D8F-9EA9-A4BD411D24C1} - hxxp://www.king.com/ctl/kingcomie.cab
DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://game.zylom.com/activex/zylomgamesplayer.cab
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2012-06-18 20:50
Windows 5.1.2600 Service Pack 2 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
  LXCFCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\LXCFtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'explorer.exe'(648)
c:\programme\Google\Quick Search Box\bin\1.2.1151.245\qsb.dll
c:\programme\DSL-Manager\Deskband.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\programme\Avira\AntiVir Desktop\avguard.exe
c:\windows\system32\bgsvcgen.exe
c:\programme\Java\jre6\bin\jqs.exe
c:\programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe
c:\windows\system32\rundll32.exe
c:\programme\Lavasoft\Ad-Aware\AAWTray.exe
c:\programme\Gemeinsame Dateien\Java\Java Update\jucheck.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-06-18  20:57:52 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2012-06-18 18:57
ComboFix2.txt  2012-06-17 19:00
.
Vor Suchlauf: 13 Verzeichnis(se), 24.042.872.832 Bytes frei
Nach Suchlauf: 14 Verzeichnis(se), 23.962.628.096 Bytes frei
.
- - End Of File - - 23B8EE0C9F401B6355B31EE6AE7CD0F7

cosinus 18.06.2012 21:29
Ich brauch den Quarantäneordner von Combofix. Bitte folgendes machen:

1.) GANZ WICHTIG!! Virenscanner deaktivieren, der darf das Packen nicht beeinflussen!
2.) Ordner Quarantine in C:\Qoobox in eine Datei zippen
3.) die erstellte ZIP-Datei hier hochladen => http://www.trojaner-board.de/54791-a...ner-board.html

Hinweis: Die Datei bitte wie in der Anleitung zum UpChannel angegeben auch da hochladen. Bitte NICHT die ZIP-Datei hier als Anhang in den Thread posten!

4.) Wenns erfolgreich war Bescheid sagen
5.) Erst dann wieder den Virenscanner einschalten

Aeuto 19.06.2012 18:08
Habe den Quarantäneordner per Zip hochgeladen.

cosinus 19.06.2012 22:58
Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.

Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM!

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
  • Starte die aswMBR.exe - (aswMBR.exe Anleitung)
    Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
    Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS-Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).



Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes:
Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.

Aeuto 20.06.2012 21:20
Code:
GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-06-20 22:19:34
Windows 5.1.2600 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4 WDC_WD800BB-00DKA0 rev.77.07W77
Running: GMER.exe; Driver: C:\DOKUME~1\Katrin\LOKALE~1\Temp\kwddapob.sys


---- System - GMER 1.0.15 ----

SSDT            F8C9D1CE                                                                                                            ZwCreateKey
SSDT            F8C9D1C4                                                                                                            ZwCreateThread
SSDT            F8C9D1D3                                                                                                            ZwDeleteKey
SSDT            F8C9D1DD                                                                                                            ZwDeleteValueKey
SSDT            sptd.sys                                                                                                            ZwEnumerateKey [0xF858AC7E]
SSDT            sptd.sys                                                                                                            ZwEnumerateValueKey [0xF858AFF6]
SSDT            F8C9D1E2                                                                                                            ZwLoadKey
SSDT            sptd.sys                                                                                                            ZwOpenKey [0xF858AA18]
SSDT            F8C9D1B0                                                                                                            ZwOpenProcess
SSDT            F8C9D1B5                                                                                                            ZwOpenThread
SSDT            sptd.sys                                                                                                            ZwQueryKey [0xF858B0C0]
SSDT            sptd.sys                                                                                                            ZwQueryValueKey [0xF858AF58]
SSDT            F8C9D1EC                                                                                                            ZwReplaceKey
SSDT            F8C9D1E7                                                                                                            ZwRestoreKey
SSDT            F8C9D1D8                                                                                                            ZwSetValueKey
SSDT            F8C9D1BF                                                                                                            ZwTerminateProcess

---- Kernel code sections - GMER 1.0.15 ----

?              C:\WINDOWS\system32\drivers\sptd.sys                                                                                Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird.
?              C:\WINDOWS\System32\Drivers\SPTD4509.SYS                                                                            Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird.
.text          dtscsi.sys!A0DB34FC6FE35D429A28ADDE5467D4D7                                                                          F78C14D0 16 Bytes  [78, 03, 60, FF, F0, E0, 3B, ...]
.text          dtscsi.sys!A0DB34FC6FE35D429A28ADDE5467D4D7 + 12                                                                    F78C14E2 30 Bytes  [8C, F7, A7, AD, F7, B8, 68, ...]
?              C:\WINDOWS\System32\Drivers\dtscsi.sys                                                                              Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird.

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT            pci.sys[ntoskrnl.exe!IoDetachDevice]                                                                                [F8593DB2] sptd.sys
IAT            pci.sys[ntoskrnl.exe!IoAttachDeviceToDeviceStack]                                                                    [F85A971E] sptd.sys
IAT            ftdisk.sys[ntoskrnl.exe!IoGetAttachedDeviceReference]                                                                [F85943B2] sptd.sys
IAT            ftdisk.sys[ntoskrnl.exe!IoGetDeviceObjectPointer]                                                                    [F85942B6] sptd.sys
IAT            ftdisk.sys[ntoskrnl.exe!IofCallDriver]                                                                              [F8594482] sptd.sys
IAT            dmio.sys[ntoskrnl.exe!IofCallDriver]                                                                                [F8594482] sptd.sys
IAT            dmio.sys[ntoskrnl.exe!IoGetAttachedDeviceReference]                                                                  [F85943B2] sptd.sys
IAT            dmio.sys[ntoskrnl.exe!IoGetDeviceObjectPointer]                                                                      [F85942B6] sptd.sys
IAT            PartMgr.sys[ntoskrnl.exe!IoAttachDeviceToDeviceStack]                                                                [F85A9032] sptd.sys
IAT            PartMgr.sys[ntoskrnl.exe!IoDetachDevice]                                                                            [F8593F6E] sptd.sys
IAT            atapi.sys[ntoskrnl.exe!IofCompleteRequest]                                                                          [F85A8C76] sptd.sys
IAT            atapi.sys[ntoskrnl.exe!IoConnectInterrupt]                                                                          [F8593E06] sptd.sys
IAT            atapi.sys[HAL.dll!READ_PORT_UCHAR]                                                                                  [F8586A32] sptd.sys
IAT            atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT]                                                                          [F8586B6E] sptd.sys
IAT            atapi.sys[HAL.dll!READ_PORT_USHORT]                                                                                  [F8586AF6] sptd.sys
IAT            atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT]                                                                          [F85876CC] sptd.sys
IAT            atapi.sys[HAL.dll!WRITE_PORT_UCHAR]                                                                                  [F85875A2] sptd.sys
IAT            disk.sys[ntoskrnl.exe!IoAttachDeviceToDeviceStack]                                                                  [F85A9864] sptd.sys
IAT            \WINDOWS\system32\DRIVERS\CLASSPNP.SYS[ntoskrnl.exe!IoDetachDevice]                                                  [F8598F78] sptd.sys
IAT            \SystemRoot\system32\DRIVERS\cdrom.sys[ntoskrnl.exe!IoAttachDeviceToDeviceStack]                                    [F85A9864] sptd.sys
IAT            \SystemRoot\system32\DRIVERS\USBPORT.SYS[ntoskrnl.exe!IofCompleteRequest]                                            [F85A8C76] sptd.sys
IAT            \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR]                                                  [F85A8C82] sptd.sys
IAT            \SystemRoot\system32\DRIVERS\rdbss.sys[ntoskrnl.exe!IofCallDriver]                                                  [F8586020] sptd.sys
IAT            \SystemRoot\system32\DRIVERS\mrxsmb.sys[ntoskrnl.exe!IofCallDriver]                                                  [F8586020] sptd.sys

---- Devices - GMER 1.0.15 ----

Device          \FileSystem\Ntfs \Ntfs                                                                                              82F9F398
Device          \FileSystem\Fastfat \FatCdrom                                                                                        82DBE0E8
Device          \Driver\dmio \Device\DmControl\DmIoDaemon                                                                            82F9FA40
Device          \Driver\dmio \Device\DmControl\DmConfig                                                                              82F9FA40
Device          \Driver\dmio \Device\DmControl\DmPnP                                                                                82F9FA40
Device          \Driver\dmio \Device\DmControl\DmInfo                                                                                82F9FA40
Device          \Driver\NetBT \Device\NetBT_Tcpip_{31D9B59F-E0CA-4C97-8C2D-3851727F6C8A}                                            82D240E8

AttachedDevice  \Driver\Tcpip \Device\Tcp                                                                                            Lbd.sys (Boot Driver/Lavasoft AB)

Device          \Driver\00000107 \Device\00000049                                                                                    sptd.sys
Device          \Driver\Ftdisk \Device\HarddiskVolume1                                                                              82F9FC78
Device          \Driver\Ftdisk \Device\HarddiskVolume2                                                                              82F9FC78
Device          \Driver\Cdrom \Device\CdRom0                                                                                        82DDDE58
Device          \FileSystem\Rdbss \Device\FsWrap                                                                                    82CE61D8
Device          \Driver\atapi \Device\Ide\IdePort0                                                                                  [F84DB2F0] atapi.sys[unknown section] {MOV EAX, 0x82f9f728; XCHG [ESP], EAX; PUSH EAX; PUSH 0xf859b442; RET }
Device          \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4                                                                          [F84DB2F0] atapi.sys[unknown section] {MOV EAX, 0x82f9f728; XCHG [ESP], EAX; PUSH EAX; PUSH 0xf859b442; RET }
Device          \Driver\atapi \Device\Ide\IdePort1                                                                                  [F84DB2F0] atapi.sys[unknown section] {MOV EAX, 0x82f9f728; XCHG [ESP], EAX; PUSH EAX; PUSH 0xf859b442; RET }
Device          \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c                                                                          [F84DB2F0] atapi.sys[unknown section] {MOV EAX, 0x82f9f728; XCHG [ESP], EAX; PUSH EAX; PUSH 0xf859b442; RET }
Device          \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18                                                                        [F84DB2F0] atapi.sys[unknown section] {MOV EAX, 0x82f9f728; XCHG [ESP], EAX; PUSH EAX; PUSH 0xf859b442; RET }
Device          \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20                                                                        [F84DB2F0] atapi.sys[unknown section] {MOV EAX, 0x82f9f728; XCHG [ESP], EAX; PUSH EAX; PUSH 0xf859b442; RET }
Device          \Driver\Cdrom \Device\CdRom1                                                                                        82DDDE58
Device          \Driver\Cdrom \Device\CdRom2                                                                                        82DDDE58
Device          \Driver\NetBT \Device\NetBt_Wins_Export                                                                              82D240E8
Device          \Driver\NetBT \Device\NetbiosSmb                                                                                    82D240E8
Device          \Driver\Disk \Device\Harddisk0\DR0                                                                                  82F9F5D0
Device          \Driver\Disk \Device\Harddisk1\DR1                                                                                  82F9F5D0
Device          \FileSystem\MRxSmb \Device\LanmanDatagramReceiver                                                                    82D0F0E8
Device          \FileSystem\MRxSmb \Device\LanmanRedirector                                                                          82D0F0E8
Device          \FileSystem\Npfs \Device\NamedPipe                                                                                  82C682E0
Device          \Driver\Ftdisk \Device\FtControl                                                                                    82F9FC78
Device          \FileSystem\Msfs \Device\Mailslot                                                                                    82AD1EB0
Device          \Driver\dtscsi \Device\Scsi\dtscsi1Port2Path0Target0Lun0                                                            82CF5A88
Device          \Driver\dtscsi \Device\Scsi\dtscsi1                                                                                  82CF5A88
Device          \FileSystem\Fastfat \Fat                                                                                            82DBE0E8

AttachedDevice  \FileSystem\Fastfat \Fat                                                                                            fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

Device          \FileSystem\Cdfs \Cdfs                                                                                              82D7B0E8

---- Registry - GMER 1.0.15 ----

Reg            HKLM\SYSTEM\ControlSet001\Services\BTHPORT\Parameters\Keys\001167d71714 (not active ControlSet)                     
Reg            HKLM\SYSTEM\ControlSet001\Services\BTHPORT\Parameters\Keys\0018de3d0d14 (not active ControlSet)                     
Reg            HKLM\SYSTEM\ControlSet001\Services\BTHPORT\Parameters\Keys\0018de3d0d14@0080250a3637                                0x8B 0x48 0xAC 0x64 ...
Reg            HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)               
Reg            HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0                                      C:\Programme\DAEMON Tools\
Reg            HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0                                      0
Reg            HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh                                  0x30 0x94 0x02 0x19 ...
Reg            HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)       
Reg            HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0                            0x20 0x01 0x00 0x00 ...
Reg            HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh                          0x6E 0x44 0x95 0x65 ...
Reg            HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet) 
Reg            HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh                    0xB9 0xD7 0xF0 0x4D ...
Reg            HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001167d71714                                         
Reg            HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0018de3d0d14                                         
Reg            HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0018de3d0d14@0080250a3637                            0x8B 0x48 0xAC 0x64 ...
Reg            HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s0                                                                  506938146
Reg            HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1                                                                  1315771346
Reg            HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2                                                                  1204949027
Reg            HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0                                                                  1
Reg            HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4                                   
Reg            HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0                                  C:\Programme\DAEMON Tools\
Reg            HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0                                  0
Reg            HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh                              0x30 0x94 0x02 0x19 ...
Reg            HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001                           
Reg            HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0                        0x20 0x01 0x00 0x00 ...
Reg            HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh                      0x6E 0x44 0x95 0x65 ...
Reg            HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40                     
Reg            HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh                0xB9 0xD7 0xF0 0x4D ...
Reg            HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\001167d71714 (not active ControlSet)                     
Reg            HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\0018de3d0d14 (not active ControlSet)                     
Reg            HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\0018de3d0d14@0080250a3637                                0x8B 0x48 0xAC 0x64 ...
Reg            HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)               
Reg            HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0                                      C:\Programme\DAEMON Tools\
Reg            HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0                                      0
Reg            HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh                                  0x30 0x94 0x02 0x19 ...
Reg            HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)       
Reg            HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0                            0x20 0x01 0x00 0x00 ...
Reg            HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh                          0x6E 0x44 0x95 0x65 ...
Reg            HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet) 
Reg            HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh                    0xB9 0xD7 0xF0 0x4D ...

---- EOF - GMER 1.0.15 ----
der andere folgt gleich...

Code:
Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 22:34:10 on 20.06.2012

OS: Windows XP Professional Service Pack 2 (Build 2600)
Default Browser: Microsoft Corporation Internet Explorer 8.00.6001.18702

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Common]
-----( %SystemRoot%\Tasks )-----
"Ad-Aware Update (Daily 1).job" - "Lavasoft" - C:\Programme\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe
"Ad-Aware Update (Daily 2).job" - "Lavasoft" - C:\Programme\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe
"Ad-Aware Update (Daily 3).job" - "Lavasoft" - C:\Programme\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe
"Ad-Aware Update (Daily 4).job" - "Lavasoft" - C:\Programme\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe
"Ad-Aware Update (Weekly).job" - "Lavasoft" - C:\Programme\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe
"GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Programme\Google\Update\GoogleUpdate.exe
"GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Programme\Google\Update\GoogleUpdate.exe
"WGASetup.job" - "Microsoft Corporation" - C:\WINDOWS\system32\KB905474\wgasetup.exe

[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"FlashPlayerCPLApp.cpl" - "Adobe Systems Incorporated" - C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
"infocardcpl.cpl" - "Microsoft Corporation" - C:\WINDOWS\system32\infocardcpl.cpl
"javacpl.cpl" - "Sun Microsystems, Inc." - C:\WINDOWS\system32\javacpl.cpl
"nvtuicpl.cpl" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvtuicpl.cpl
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"Avira AntiVir Personal - Free Antivirus " - "Avira GmbH" - C:\PROGRA~1\Avira\AntiVir Desktop\avconfig.cpl
"Avira AntiVir PersonalEdition Classic Konfiguration" - ? - C:\PROGRA~1\ANTIVI~1\avconfig.cpl  (File not found)
"QuickTime" - "Apple Computer, Inc." - C:\Programme\QuickTime\QTSystem\QuickTime.cpl

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"%USB\vid_054c&pid_0155.DeviceDesc%" (ovt519) - ? - C:\WINDOWS\System32\Drivers\ov519vid.sys  (File not found)
"AnyDVD" (AnyDVD) - "SlySoft, Inc." - C:\WINDOWS\System32\Drivers\AnyDVD.sys
"ASPI32" (ASPI32) - ? - C:\WINDOWS\system32\drivers\ASPI32.sys  (File not found)
"avgio" (avgio) - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\avgio.sys
"avgntflt" (avgntflt) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\avgntflt.sys
"avipbb" (avipbb) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\avipbb.sys
"catchme" (catchme) - ? - C:\ComboFix\catchme.sys  (File not found)
"Changer" (Changer) - ? - C:\WINDOWS\system32\drivers\Changer.sys  (File not found)
"DSL-Manager Service" (TSMPacket) - "T-Systems" - C:\WINDOWS\System32\DRIVERS\tsmpkt.sys
"dsltestSp5 NDIS Protocol Driver" (dsltestSp5) - "Printing Communications Assoc., Inc. (PCAUSA)" - C:\WINDOWS\System32\Drivers\dsltestSp5.sys
"dtscsi" (dtscsi) - "DT Soft Ltd." - C:\WINDOWS\System32\Drivers\dtscsi.sys  (File is exclusively opened, access blocked)
"DtvAudio" (DtvAudio) - "TwinHan Provide" - C:\WINDOWS\System32\DRIVERS\DtvAudio.sys
"DtvVideo" (DtvVideo) - "TwinHan Provide" - C:\WINDOWS\System32\DRIVERS\DtvVideo.sys
"ElbyCDFL" (ElbyCDFL) - "Elaborate Bytes" - C:\WINDOWS\System32\Drivers\ElbyCDFL.sys
"ElbyCDIO Driver" (ElbyCDIO) - "Elaborate Bytes AG" - C:\WINDOWS\System32\Drivers\ElbyCDIO.sys
"GMSIPCI" (GMSIPCI) - ? - F:\INSTALL\GMSIPCI.SYS  (File not found)
"i2omgmt" (i2omgmt) - ? - C:\WINDOWS\system32\drivers\i2omgmt.sys  (File not found)
"IVI ASPI Shell" (Iviaspi) - "InterVideo, Inc." - C:\WINDOWS\System32\drivers\iviaspi.sys
"kwddapob" (kwddapob) - ? - C:\DOKUME~1\Katrin\LOKALE~1\Temp\kwddapob.sys  (Hidden registry entry, rootkit activity | File not found)
"Lbd" (Lbd) - "Lavasoft AB" - C:\WINDOWS\System32\DRIVERS\Lbd.sys
"lbrtfdc" (lbrtfdc) - ? - C:\WINDOWS\system32\drivers\lbrtfdc.sys  (File not found)
"Logitech SetPoint Mouse Filter Driver" (LMouKE) - ? - C:\WINDOWS\System32\DRIVERS\LMouKE.Sys  (File not found)
"Logitech SetPoint USB Receiver device driver" (LHidUsbK) - ? - C:\WINDOWS\System32\Drivers\LHidUsbK.Sys  (File not found)
"N3AB Wireless Network Adapter Service" (N3AB) - ? - C:\WINDOWS\System32\DRIVERS\N3AB.sys
"NIOC Service" (NIOC) - "D-Link Corporation" - C:\WINDOWS\system32\NIOC.SYS
"NTACCESS" (NTACCESS) - ? - F:\NTACCESS.sys  (File not found)
"PCIDump" (PCIDump) - ? - C:\WINDOWS\system32\drivers\PCIDump.sys  (File not found)
"PDCOMP" (PDCOMP) - ? - C:\WINDOWS\system32\drivers\PDCOMP.sys  (File not found)
"PDFRAME" (PDFRAME) - ? - C:\WINDOWS\system32\drivers\PDFRAME.sys  (File not found)
"PDRELI" (PDRELI) - ? - C:\WINDOWS\system32\drivers\PDRELI.sys  (File not found)
"PDRFRAME" (PDRFRAME) - ? - C:\WINDOWS\system32\drivers\PDRFRAME.sys  (File not found)
"PxHelp20" (PxHelp20) - "Sonic Solutions" - C:\WINDOWS\System32\Drivers\PxHelp20.sys
"sptd" (sptd) - "Duplex Secure Ltd." - C:\WINDOWS\System32\Drivers\sptd.sys  (File is exclusively opened, access blocked)
"ssmdrv" (ssmdrv) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\ssmdrv.sys
"VIAPFD" (VIAPFD) - "VIA Technologies. Inc." - C:\WINDOWS\System32\Drivers\VIAPFD.SYS
"WDICA" (WDICA) - ? - C:\WINDOWS\system32\drivers\WDICA.sys  (File not found)

[Explorer]
-----( HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components )-----
{89B4C1CD-B018-4511-B0A1-5476DBF70820} "StubPath" - "Microsoft Corporation" - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.dll
-----( HKLM\Software\Classes\Protocols\Filter )-----
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
-----( HKLM\Software\Classes\Protocols\Handler )-----
{3D9F03FA-7A94-11D3-BE81-0050048385D1} "Data Page Pluggable Protocol mso-offdap Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\WEBCOM~1\10\OWC10.DLL
{0A9007C0-4076-11D3-8789-0000F8105754} "Microsoft Infotech Storage Protocol for IE 4.0" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\MSITSS.DLL
{CD00020A-8B95-11D1-82DB-00C04FB1625D} "Microsoft PKM KnowledgePluggable Class" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Folders\PKMCDO.DLL
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{42071714-76d4-11d1-8b24-00a0c9068ff3} "CPL-Erweiterung für Anzeigeverschiebung" - ? -  (File not found | COM-object registry key not found)
{1CDB2949-8F65-4355-8456-263E7C208A5D} "Desktop Explorer" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvshell.dll
{1E9B04FB-F9E5-4718-997B-B8DA88302A47} "Desktop Explorer Menu" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvshell.dll
{A70C977A-BF00-412C-90B7-034C51DA2439} "DesktopContext Class" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvcpl.dll
{73B24247-042E-4EF5-ADC2-42F62E6FD654} "ICQ Lite Shell Extension" - ? -  (File not found | COM-object registry key not found)
{FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} "IE User Assist" - ? -  (File not found | COM-object registry key not found)
{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} "Kontextmenü für die Verschlüsselung" - ? -  (File not found | COM-object registry key not found)
{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Programme\Microsoft Office\Office10\msohev.dll
{1E9B04FB-F9E5-4718-997B-B8DA88302A48} "nView Desktop Context Menu" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvshell.dll
{0006F045-0000-0000-C000-000000000046} "Outlook-Dateisymbolerweiterung" - "Microsoft Corporation" - C:\Programme\Microsoft Office\Office10\OLKFSTUB.DLL
{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\shlext.dll
{E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} "Shell Icon Handler for Application References" - "Microsoft Corporation" - c:\WINDOWS\system32\dfshim.dll
{764BF0E1-F219-11ce-972D-00AA00A14F56} "Shellerweiterungen für die Dateikomprimierung" - ? -  (File not found | COM-object registry key not found)
{e82a2d71-5b2f-43a0-97b8-81be15854de8} "ShellLink for Application References" - "Microsoft Corporation" - c:\WINDOWS\system32\dfshim.dll
{0DF44EAA-FF21-4412-828E-260A8728E7F1} "Taskleiste und Startmenü" - ? -  (File not found | COM-object registry key not found)
{BDEADF00-C265-11D0-BCED-00A0C90AB50F} "Webordner" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
{B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - ? - C:\Programme\WinRAR\rarext.dll  (File found, but it contains no detailed information)

[Internet Explorer]
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
<binary data> "Google Toolbar" - "Google Inc." - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll
ITBar7Height "ITBar7Height" - ? -  (File not found | COM-object registry key not found)
<binary data> "ITBar7Layout" - ? -  (File not found | COM-object registry key not found)
<binary data> "ITBarLayout" - ? -  (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_24" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_24.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} "Java Plug-in 1.6.0_24" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_24.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_24" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_24.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
{45A0A292-ECC6-4D8F-9EA9-A4BD411D24C1} "king.com" - "Midasplayer.com Ltd" - C:\WINDOWS\KingComIE.dll / hxxp://www.king.com/ctl/kingcomie.cab
{7530BFB8-7293-4D34-9923-61A11451AFC5} "OnlineScanner Control" - "ESET" - C:\PROGRA~1\ESET\ESET Online Scanner\OnlineScanner.ocx / hxxp://download.eset.com/special/eos/OnlineScanner.cab
{D27CDB6E-AE6D-11CF-96B8-444553540000} "Shockwave Flash Object" - "Adobe Systems, Inc." - C:\WINDOWS\system32\Macromed\Flash\Flash11e.ocx / hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
{17492023-C23A-453E-A040-C7C580BBF700} "Windows Genuine Advantage Validation Tool" - "Microsoft Corporation" - C:\WINDOWS\system32\LegitCheckControl.DLL / hxxp://go.microsoft.com/fwlink/?linkid=39204
{BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} "Zylom Games Player" - "Zylom Games" - C:\WINDOWS\Downloaded Program Files\zylomgamesplayer.dll / hxxp://game.zylom.com/activex/zylomgamesplayer.cab
{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} "{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA}" - ? -  (File not found | COM-object registry key not found) / hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab
{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} "{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}" - ? -  (File not found | COM-object registry key not found) / hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab
{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} "{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}" - ? -  (File not found | COM-object registry key not found) / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
{E2883E8F-472F-4FB0-9522-AC9BF37916A7} "{E2883E8F-472F-4FB0-9522-AC9BF37916A7}" - ? -  (File not found | COM-object registry key not found) / hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )-----
<binary data> "Google Toolbar" - "Google Inc." - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
{AA58ED58-01DD-4d91-8333-CF10577473F7} "Google Toolbar Helper" - "Google Inc." - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} "Google Toolbar Notifier BHO" - "Google Inc." - C:\Programme\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jp2ssv.dll
{E7E6F031-17CE-4C07-BC86-EABFE594F69C} "JQSIEStartDetectorImpl Class" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

[Logon]
-----( %AllUsersProfile%\Startmenü\Programme\Autostart )-----
"desktop.ini" - ? - C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\desktop.ini
"InterVideo WinCinema Manager.lnk" - "InterVideo Inc." - C:\Programme\InterVideo\Common\Bin\WinCinemaMgr.exe  (Shortcut exists | File exists)
"Microsoft Office.lnk" - "Microsoft Corporation" - C:\Programme\Microsoft Office\Office10\OSA.EXE  (Shortcut exists | File exists)
"WinManager.lnk" - ? - C:\Programme\PC-TV\WinManager\WinManager.exe  (Shortcut exists | File exists)
-----( %UserProfile%\Startmenü\Programme\Autostart )-----
"desktop.ini" - ? - C:\Dokumente und Einstellungen\Katrin\Startmenü\Programme\Autostart\desktop.ini
-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----
"swg" - "Google Inc." - "C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce )-----
"AutoLaunch" - ? - C:\Programme\Lavasoft\Ad-Aware\AutoLaunch.exe monthly  (File found, but it contains no detailed information)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"Adobe ARM" - "Adobe Systems Incorporated" - "C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe"
"Adobe Reader Speed Launcher" - "Adobe Systems Incorporated" - "C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"avgnt" - "Avira GmbH" - "C:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min
"CloneCDTray" - "Elaborate Bytes" - "C:\Programme\Elaborate Bytes\CloneCD\CloneCDTray.exe"
"Conceptronic WLAN Utility" - ? - C:\Programme\Conceptronic\WLANmon.exe
"Google Quick Search Box" - "Google Inc." - "C:\Programme\Google\Quick Search Box\GoogleQuickSearchBox.exe"  /autorun
"LexwareInfoService" - ? - C:\Programme\Gemeinsame Dateien\Lexware\Update Manager\LxUpdateManager.exe /autostart  (File found, but it contains no detailed information)
"NeroFilterCheck" - "Ahead Software Gmbh" - C:\WINDOWS\system32\NeroCheck.exe
"NvMediaCenter" - "NVIDIA Corporation" - RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
"QuickTime Task" - "Apple Computer, Inc." - "C:\Programme\QuickTime\qttask.exe" -atboottime
"RemoteControl" - "Cyberlink Corp." - "C:\Programme\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
"SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe"

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
".NET Runtime Optimization Service v2.0.50727_X86" (clr_optimization_v2.0.50727_32) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
"ASP.NET State Service" (aspnet_state) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
"Avira AntiVir Guard" (AntiVirService) - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\avguard.exe
"Avira AntiVir Planer" (AntiVirSchedulerService) - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\sched.exe
"B's Recorder GOLD Library General Service" (bgsvcgen) - "B.H.A Corporation" - C:\WINDOWS\system32\bgsvcgen.exe
"DSL-Manager" (TDslMgrService) - "T-Systems Enterprise Services GmbH" - C:\Programme\DSL-Manager\DslMgrSvc.exe
"Google Software Updater" (gusvc) - "Google" - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe
"Google Update Service (gupdate)" (gupdate) - "Google Inc." - C:\Programme\Google\Update\GoogleUpdate.exe
"Google Update-Dienst (gupdatem)" (gupdatem) - "Google Inc." - C:\Programme\Google\Update\GoogleUpdate.exe
"InstallDriver Table Manager" (IDriverT) - "Macrovision Corporation" - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
"Java Quick Starter" (JavaQuickStarterService) - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jqs.exe
"Lavasoft Ad-Aware Service" (Lavasoft Ad-Aware Service) - "Lavasoft" - C:\Programme\Lavasoft\Ad-Aware\AAWService.exe
"Machine Debug Manager" (MDM) - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe
"RAS-Verbindungsverwaltung" (RasMan) - "Microsoft Corporation" - C:\WINDOWS\System32\rasmans.dll
"Windows CardSpace" (idsvc) - "Microsoft Corporation" - c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
"Windows Presentation Foundation Font Cache 3.0.0.0" (FontCache3.0.0.0) - "Microsoft Corporation" - c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
"WZCBDL Service" (WZCBDLService) - "D-Link" - C:\Programme\WZCBDL Service\WZCBDLS.exe

[Winlogon]
-----( HKCU\Control Panel\IOProcs )-----
"MVB" - ? - mvfs32.dll  (File not found)

===[ Logfile end ]=========================================[ Logfile end ]===

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru

cosinus 21.06.2012 11:56
Was ist mit aswMBR?

Aeuto 21.06.2012 14:20
Ddas kommt noch. Ist mir gestern Abend abgestürzt da ich täglich um 4 Uhr morgens aufstehen muss, wollte ich etwas schlafen gehen :-)
sorry

Code:
aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-06-21 20:11:59
-----------------------------
20:11:59.950    OS Version: Windows 5.1.2600 Service Pack 2
20:11:59.980    Number of processors: 1 586 0x602
20:11:59.990    ComputerName: KATRIN-2146E303  UserName: Katrin
20:12:08.622    Initialize success
20:14:19.731    AVAST engine defs: 12062001
20:16:04.552    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4
20:16:04.552    Disk 0 Vendor: WDC_WD800BB-00DKA0 77.07W77 Size: 76319MB BusType: 3
20:16:04.592    Disk 1  \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP0T1L0-c
20:16:04.592    Disk 1 Vendor: IBM-DJNA-351520 J56OA30K Size: 14664MB BusType: 3
20:16:04.772    Disk 0 MBR read successfully
20:16:04.772    Disk 0 MBR scan
20:16:05.293    Disk 0 Windows XP default MBR code
20:16:05.343    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS        76308 MB offset 63
20:16:05.563    Disk 0 scanning sectors +156280320
20:16:06.695    Disk 0 scanning C:\WINDOWS\system32\drivers
20:16:53.362    Service scanning
20:17:26.660    Service dtscsi C:\WINDOWS\System32\Drivers\dtscsi.sys **LOCKED** 32
20:17:31.967    Service GMSIPCI F:\INSTALL\GMSIPCI.SYS **LOCKED** 21
20:17:47.520    Service NTACCESS F:\NTACCESS.sys **LOCKED** 21
20:18:10.403    Service sptd C:\WINDOWS\System32\Drivers\sptd.sys **LOCKED** 32
20:18:28.358    Modules scanning
20:19:45.149    Disk 0 trace - called modules:
20:19:45.169    ntoskrnl.exe >>UNKNOWN [0x82f9f5d0]<<
20:19:45.179    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x82f6aab8]
20:19:45.179    \Driver\Disk[0x82fc72c8] -> IRP_MJ_CREATE -> 0x82f9f5d0
20:19:48.694    AVAST engine scan C:\WINDOWS
20:20:12.558    AVAST engine scan C:\WINDOWS\system32
20:33:10.827    AVAST engine scan C:\WINDOWS\system32\drivers
20:33:53.629    AVAST engine scan C:\Dokumente und Einstellungen\Katrin
20:39:54.428    AVAST engine scan C:\Dokumente und Einstellungen\All Users
20:50:26.006    Scan finished successfully
21:08:00.472    Disk 0 MBR has been saved successfully to "C:\Dokumente und Einstellungen\Katrin\Desktop\ASWMBR\MBR.dat"
21:08:00.472    The log file has been saved successfully to "C:\Dokumente und Einstellungen\Katrin\Desktop\ASWMBR\aswMBR.txt"
so hier bitte ;-)

Aeuto 24.06.2012 14:28
wie gehts denn jetzt weiter? du wolltest aswMBR - du hast den log von mir bekommen - und nun? :-)

cosinus 24.06.2012 16:50
Danke, dass ich mir auch 1-2 Tage mal Auszeit vom TB gönnen darf :balla:

Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SASW und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!

Aeuto 05.07.2012 20:21
Code:
Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Datenbank Version: v2012.07.02.04

Windows XP Service Pack 2 x86 NTFS
Internet Explorer 8.0.6001.18702
Katrin :: KATRIN-2146E303 [Administrator]

02.07.2012 21:31:49
mbam-log-2012-07-02 (21-31-49).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 273554
Laufzeit: 3 Stunde(n), 21 Minute(n), 46 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
Der von SUPERAntiSpyware kommt gleich.

Sag mal, kann ich die ganzen Programme später vom Rechner werfen, oder sollen die besser drauf bleiben. Der PC ist mitlerweise sehr langsam :-( oder liegt das z. B. an Cookis, TempDateien etc. ?


Alle Zeitangaben in WEZ +1. Es ist jetzt 12:25 Uhr.
Seite 2 von 3 1 2 3
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132