Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   tr crypt.zpack.gen im Temp Ordner (https://www.trojaner-board.de/92865-tr-crypt-zpack-gen-temp-ordner.html)

TrjPferd 14.11.2010 23:40
tr crypt.zpack.gen im Temp Ordner
 
Hallo,
habe nach dem besuchen einer ominösen Seite, die ich über Google besucht habe, einen Virus Fund im "Temp" Ordner (Avira) gehabt. Mit dem "Temp Cleaner" oder so ähnlich ;) habe ich dann den Temp-Ordner geklärt.

Ist der Virus immer noch da? Der Taskmanager wurde mir "gesperrt", ist also nicht mehr aufzurufen. Hier mal ein Scan mit OTL:
Code:
OTL logfile created on: 14.11.2010 23:36:36 - Run 1
OTL by OldTimer - Version 3.2.17.3    Folder = C:\Users\Public\Desktop\MFtools
 Ultimate Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 69,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 82,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Programme
Drive C: | 148,95 Gb Total Space | 49,99 Gb Free Space | 33,56% Space Free | Partition Type: NTFS
Drive D: | 5,40 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive F: | 3,73 Gb Total Space | 3,73 Gb Free Space | 99,93% Space Free | Partition Type: FAT
 
Computer Name: JULIAN-PC | User Name: Julian | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2010.11.14 23:32:48 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Public\Desktop\MFtools\OTL.exe
PRC - [2010.10.28 16:43:46 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\firefox.exe
PRC - [2010.07.09 15:09:52 | 000,248,936 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2010.03.19 09:49:20 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Programme\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2009.10.31 06:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009.07.21 14:34:28 | 000,185,089 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2009.07.14 02:14:28 | 000,031,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\prevhost.exe
PRC - [2009.05.13 16:48:18 | 000,108,289 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
 
 
========== Modules (SafeList) ==========
 
MOD - [2010.11.14 23:32:48 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Public\Desktop\MFtools\OTL.exe
MOD - [2010.08.21 06:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll
MOD - [2009.07.14 02:16:15 | 000,099,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sspicli.dll
MOD - [2009.07.14 02:16:13 | 000,092,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sechost.dll
MOD - [2009.07.14 02:16:13 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\samcli.dll
MOD - [2009.07.14 02:16:12 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\profapi.dll
MOD - [2009.07.14 02:16:03 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\netutils.dll
MOD - [2009.07.14 02:15:35 | 000,288,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\KernelBase.dll
MOD - [2009.07.14 02:15:13 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dwmapi.dll
MOD - [2009.07.14 02:15:11 | 000,064,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\devobj.dll
MOD - [2009.07.14 02:15:07 | 000,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cryptbase.dll
MOD - [2009.07.14 02:15:02 | 000,145,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cfgmgr32.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2010.07.09 15:09:52 | 000,248,936 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2010.06.14 14:07:14 | 000,615,936 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Programme\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2010.03.19 09:49:20 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010.03.18 15:47:22 | 000,035,160 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe -- (aspnet_state)
SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.03.18 12:16:28 | 000,124,240 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe -- (NetTcpPortSharing)
SRV - [2010.03.18 12:16:28 | 000,124,240 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe -- (NetTcpActivator)
SRV - [2010.03.18 12:16:28 | 000,124,240 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe -- (NetPipeActivator)
SRV - [2010.03.18 12:16:28 | 000,124,240 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe -- (NetMsmqActivator)
SRV - [2009.07.21 14:34:28 | 000,185,089 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2009.07.16 16:04:16 | 000,316,664 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2009.07.14 02:16:21 | 000,185,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wwansvc.dll -- (WwanSvc)
SRV - [2009.07.14 02:16:17 | 000,151,552 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wbiosrvc.dll -- (WbioSrvc)
SRV - [2009.07.14 02:16:17 | 000,119,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\umpo.dll -- (Power)
SRV - [2009.07.14 02:16:16 | 000,037,376 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\themeservice.dll -- (Themes)
SRV - [2009.07.14 02:16:15 | 000,053,760 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sppuinotify.dll -- (sppuinotify)
SRV - [2009.07.14 02:16:13 | 000,043,520 | ---- | M] (Microsoft Corporation) [Unknown | Running] -- C:\Windows\System32\RpcEpMap.dll -- (RpcEptMapper)
SRV - [2009.07.14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 02:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009.07.14 02:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\pnrpsvc.dll -- (PNRPsvc)
SRV - [2009.07.14 02:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\pnrpsvc.dll -- (p2pimsvc)
SRV - [2009.07.14 02:16:12 | 000,165,376 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\provsvc.dll -- (HomeGroupProvider)
SRV - [2009.07.14 02:16:12 | 000,020,480 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpauto.dll -- (PNRPAutoReg)
SRV - [2009.07.14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009.07.14 02:15:36 | 000,194,560 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\ListSvc.dll -- (HomeGroupListener)
SRV - [2009.07.14 02:15:21 | 000,797,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2009.07.14 02:15:11 | 000,253,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dhcpcore.dll -- (Dhcp)
SRV - [2009.07.14 02:15:10 | 000,218,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\defragsvc.dll -- (defragsvc)
SRV - [2009.07.14 02:14:59 | 000,076,800 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\bdesvc.dll -- (BDESVC)
SRV - [2009.07.14 02:14:58 | 000,088,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\AxInstSv.dll -- (AxInstSV) ActiveX-Installer (AxInstSV)
SRV - [2009.07.14 02:14:53 | 000,027,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\appidsvc.dll -- (AppIDSvc)
SRV - [2009.07.14 02:14:29 | 003,179,520 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\sppsvc.exe -- (sppsvc)
SRV - [2009.05.13 16:48:18 | 000,108,289 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\RtVLAN60.sys -- (VLAN) Realtek Virtual Miniport Driver for VLAN (NDIS 6.2)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\RtTeam60.sys -- (TEAM) Realtek Virtual Miniport Driver for Teaming (NDIS 6.0)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\dgderdrv.sys -- (dgderdrv)
DRV - File not found [Kernel | Auto | Stopped] -- C:\Windows\System32\DRIVERS\BT848.sys -- (BT848)
DRV - [2010.07.09 23:37:00 | 011,008,040 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2010.04.27 03:25:20 | 000,123,648 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscemdm.sys -- (sscemdm)
DRV - [2010.04.27 03:25:20 | 000,098,560 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscebus.sys -- (sscebus) SAMSUNG USB Composite Device V2 driver (WDM)
DRV - [2010.04.27 03:25:20 | 000,014,848 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscemdfl.sys -- (sscemdfl)
DRV - [2010.02.26 13:32:44 | 000,022,528 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2010.02.26 13:32:44 | 000,018,176 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2010.02.26 13:21:22 | 000,137,344 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nmwcdnsu.sys -- (nmwcdnsu)
DRV - [2010.02.26 13:21:22 | 000,008,320 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nmwcdnsuc.sys -- (nmwcdnsuc)
DRV - [2009.12.11 08:44:02 | 000,133,720 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\ksecpkg.sys -- (KSecPkg)
DRV - [2009.12.08 14:34:49 | 000,056,816 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2009.11.25 17:00:17 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2009.11.18 10:09:52 | 000,376,832 | ---- | M] (NETGEAR Inc.                          ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\wg111v3.sys -- (RTL8187B)
DRV - [2009.11.15 14:19:18 | 000,281,504 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\atksgt.sys -- (atksgt)
DRV - [2009.11.15 14:19:17 | 000,025,888 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\lirsgt.sys -- (lirsgt)
DRV - [2009.10.07 09:49:38 | 006,756,632 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\lvuvc.sys -- (LVUVC) Logitech Webcam 200(UVC)
DRV - [2009.10.07 09:47:54 | 000,266,008 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvrs.sys -- (LVRS)
DRV - [2009.10.07 09:46:12 | 000,114,712 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvpopflt.sys -- (lvpopflt)
DRV - [2009.08.22 19:25:00 | 000,009,088 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Programme\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner32.sys -- (RivaTuner32)
DRV - [2009.08.13 22:09:58 | 000,060,160 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\xusb21.sys -- (xusb21)
DRV - [2009.08.06 22:39:28 | 000,167,936 | ---- | M] (D-Link corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\DLKRT32.sys -- (DLKRT32)
DRV - [2009.07.14 02:26:21 | 000,015,952 | ---- | M] (CMD Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\cmdide.sys -- (cmdide)
DRV - [2009.07.14 02:26:17 | 000,297,552 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adpahci.sys -- (adpahci)
DRV - [2009.07.14 02:26:15 | 000,422,976 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adp94xx.sys -- (adp94xx)
DRV - [2009.07.14 02:26:15 | 000,159,312 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdsbs.sys -- (amdsbs)
DRV - [2009.07.14 02:26:15 | 000,146,512 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adpu320.sys -- (adpu320)
DRV - [2009.07.14 02:26:15 | 000,086,608 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\arcsas.sys -- (arcsas)
DRV - [2009.07.14 02:26:15 | 000,079,952 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdsata.sys -- (amdsata)
DRV - [2009.07.14 02:26:15 | 000,076,368 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\arc.sys -- (arc)
DRV - [2009.07.14 02:26:15 | 000,023,616 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\amdxata.sys -- (amdxata)
DRV - [2009.07.14 02:26:15 | 000,014,400 | ---- | M] (Acer Laboratories Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\aliide.sys -- (aliide)
DRV - [2009.07.14 02:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nvstor.sys -- (nvstor)
DRV - [2009.07.14 02:20:44 | 000,117,312 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nvraid.sys -- (nvraid)
DRV - [2009.07.14 02:20:44 | 000,044,624 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nfrd960.sys -- (nfrd960)
DRV - [2009.07.14 02:20:37 | 000,089,168 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_sas.sys -- (LSI_SAS)
DRV - [2009.07.14 02:20:36 | 000,332,352 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\iaStorV.sys -- (iaStorV)
DRV - [2009.07.14 02:20:36 | 000,235,584 | ---- | M] (LSI Corporation, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\MegaSR.sys -- (MegaSR)
DRV - [2009.07.14 02:20:36 | 000,096,848 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2009.07.14 02:20:36 | 000,095,824 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_fc.sys -- (LSI_FC)
DRV - [2009.07.14 02:20:36 | 000,054,864 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_sas2.sys -- (LSI_SAS2)
DRV - [2009.07.14 02:20:36 | 000,041,040 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\iirsp.sys -- (iirsp)
DRV - [2009.07.14 02:20:36 | 000,030,800 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\megasas.sys -- (megasas)
DRV - [2009.07.14 02:20:36 | 000,013,904 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\hwpolicy.sys -- (hwpolicy)
DRV - [2009.07.14 02:20:28 | 000,453,712 | ---- | M] (Emulex) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\elxstor.sys -- (elxstor)
DRV - [2009.07.14 02:20:28 | 000,070,720 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\djsvs.sys -- (aic78xx)
DRV - [2009.07.14 02:20:28 | 000,067,152 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\HpSAMD.sys -- (HpSAMD)
DRV - [2009.07.14 02:20:28 | 000,046,160 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\fsdepends.sys -- (FsDepends)
DRV - [2009.07.14 02:19:11 | 000,141,904 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vsmraid.sys -- (vsmraid)
DRV - [2009.07.14 02:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vmbus.sys -- (vmbus)
DRV - [2009.07.14 02:19:10 | 000,159,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vhdmp.sys -- (vhdmp)
DRV - [2009.07.14 02:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vmstorfl.sys -- (storflt)
DRV - [2009.07.14 02:19:10 | 000,032,832 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vdrvroot.sys -- (vdrvroot)
DRV - [2009.07.14 02:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\storvsc.sys -- (storvsc)
DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\wimmount.sys -- (WIMMount)
DRV - [2009.07.14 02:19:10 | 000,016,976 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\viaide.sys -- (viaide)
DRV - [2009.07.14 02:19:04 | 001,383,488 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\ql2300.sys -- (ql2300)
DRV - [2009.07.14 02:19:04 | 000,173,648 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\rdyboost.sys -- (rdyboost)
DRV - [2009.07.14 02:19:04 | 000,106,064 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\ql40xx.sys -- (ql40xx)
DRV - [2009.07.14 02:19:04 | 000,077,888 | ---- | M] (Silicon Integrated Systems) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\sisraid4.sys -- (SiSRaid4)
DRV - [2009.07.14 02:19:04 | 000,043,088 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\pcw.sys -- (pcw)
DRV - [2009.07.14 02:19:04 | 000,040,016 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\SiSRaid2.sys -- (SiSRaid2)
DRV - [2009.07.14 02:19:04 | 000,021,072 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\stexstor.sys -- (stexstor)
DRV - [2009.07.14 02:17:54 | 000,369,568 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\cng.sys -- (CNG)
DRV - [2009.07.14 01:57:25 | 000,272,128 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\Brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2009.07.14 01:02:41 | 000,018,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rdpbus.sys -- (rdpbus)
DRV - [2009.07.14 01:01:41 | 000,007,168 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\RDPREFMP.sys -- (RDPREFMP)
DRV - [2009.07.14 00:55:00 | 000,049,152 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\agilevpn.sys -- (RasAgileVpn) WAN Miniport (IKEv2)
DRV - [2009.07.14 00:53:51 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\wfplwf.sys -- (WfpLwf)
DRV - [2009.07.14 00:52:44 | 000,027,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ndiscap.sys -- (NdisCap)
DRV - [2009.07.14 00:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009.07.14 00:52:04 | 000,048,128 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\vwififlt.sys -- (vwififlt)
DRV - [2009.07.14 00:52:02 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vwifibus.sys -- (vwifibus)
DRV - [2009.07.14 00:52:00 | 000,163,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\1394ohci.sys -- (1394ohci)
DRV - [2009.07.14 00:51:35 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\umpass.sys -- (UmPass)
DRV - [2009.07.14 00:51:23 | 000,080,640 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\USBAUDIO.sys -- (usbaudio) USB-Audiotreiber (WDM)
DRV - [2009.07.14 00:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2009.07.14 00:51:08 | 000,004,096 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mshidkmdf.sys -- (mshidkmdf)
DRV - [2009.07.14 00:46:55 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\MTConfig.sys -- (MTConfig)
DRV - [2009.07.14 00:45:42 | 000,465,408 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\xnacc.sys -- (xnacc)
DRV - [2009.07.14 00:45:26 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CompositeBus.sys -- (CompositeBus)
DRV - [2009.07.14 00:36:52 | 000,050,176 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\appid.sys -- (AppID)
DRV - [2009.07.14 00:33:50 | 000,026,624 | ---- | M] (Microsoft Corporation) [Kernel | Unknown | Stopped] -- C:\Windows\System32\drivers\scfilter.sys -- (scfilter)
DRV - [2009.07.14 00:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vms3cap.sys -- (s3cap)
DRV - [2009.07.14 00:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\VMBusHID.sys -- (VMBusHID)
DRV - [2009.07.14 00:24:05 | 000,032,256 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\discache.sys -- (discache)
DRV - [2009.07.14 00:16:36 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\acpipmi.sys -- (AcpiPmi)
DRV - [2009.07.14 00:11:04 | 000,052,736 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\amdppm.sys -- (AmdPPM)
DRV - [2009.07.13 23:54:15 | 001,311,232 | ---- | M] (NXP Semiconductors) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Ph3xIB32.sys -- (Ph3xIB32)
DRV - [2009.07.13 23:54:14 | 000,026,624 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009.07.13 23:53:33 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbMdm.sys -- (BrUsbMdm)
DRV - [2009.07.13 23:53:33 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbSer.sys -- (BrUsbSer)
DRV - [2009.07.13 23:53:32 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrSerWdm.sys -- (BrSerWdm)
DRV - [2009.07.13 23:53:28 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltLo.sys -- (BrFiltLo)
DRV - [2009.07.13 23:53:28 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltUp.sys -- (BrFiltUp)
DRV - [2009.07.13 23:02:52 | 000,139,776 | ---- | M] (Realtek Corporation                                            ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Rt86win7.sys -- (RTL8167)
DRV - [2009.07.13 23:02:49 | 000,229,888 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\b57nd60x.sys -- (b57nd60x)
DRV - [2009.07.13 23:02:48 | 003,100,160 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\evbdx.sys -- (ebdrv)
DRV - [2009.07.13 23:02:48 | 000,430,080 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\bxvbdx.sys -- (b06bdrv)
DRV - [2009.05.11 10:12:20 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009.05.04 17:30:28 | 000,014,392 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\AtiPcie.sys -- (AtiPcie) AMD PCI Express (3GIO)
DRV - [2009.03.30 10:33:03 | 000,096,104 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2009.02.13 12:35:01 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Programme\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2008.08.26 09:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2006.09.24 14:28:46 | 000,005,248 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | Boot | Running] -- C:\Windows\system32\speedfan.sys -- (speedfan)
DRV - [1996.04.03 20:33:26 | 000,005,248 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\system32\giveio.sys -- (giveio)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = F3 D8 C8 DB F8 65 CA 01  [binary data]
IE - HKCU\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://web.de/"
FF - prefs.js..extensions.enabledItems: battlefieldheroespatcher@ea.com:4.0.53.0
FF - prefs.js..extensions.enabledItems: {b749fc7c-e949-447f-926c-3f4eed6accfe}:0.6.6
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.63
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Components: C:\Programme\Mozilla Firefox\components [2010.11.04 17:38:00 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2010.10.28 16:43:48 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.6\extensions\\Components: C:\Programme\Mozilla Firefox\components [2010.11.04 17:38:00 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.6\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2010.10.28 16:43:48 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Components: C:\Programme\Mozilla Firefox\components [2010.11.04 17:38:00 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2010.10.28 16:43:48 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Components: C:\Programme\Mozilla Firefox\components [2010.11.04 17:38:00 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2010.10.28 16:43:48 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Components: C:\Programme\Mozilla Firefox\components [2010.11.04 17:38:00 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2010.10.28 16:43:48 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.11\extensions\\Components: C:\Programme\Mozilla Firefox\components [2010.11.04 17:38:00 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.11\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2010.10.28 16:43:48 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Programme\Mozilla Firefox\components [2010.11.04 17:38:00 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2010.10.28 16:43:48 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.2pre\extensions\\Components: C:\Programme\Mozilla Firefox\components [2010.11.04 17:38:00 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.2pre\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2010.10.28 16:43:48 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Programme\Mozilla Firefox\components [2010.11.04 17:38:00 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2010.10.28 16:43:48 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.4\extensions\\Components: C:\Programme\Mozilla Firefox\components [2010.11.04 17:38:00 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.4\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2010.10.28 16:43:48 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Components: C:\Programme\Mozilla Firefox\components [2010.11.04 17:38:00 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2010.10.28 16:43:48 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.7\extensions\\Components: C:\Programme\Mozilla Firefox\components [2010.11.04 17:38:00 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.7\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2010.10.28 16:43:48 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Programme\Mozilla Firefox\components [2010.11.04 17:38:00 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2010.10.28 16:43:48 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.9\extensions\\Components: C:\Programme\Mozilla Firefox\components [2010.11.04 17:38:00 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.9\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2010.10.28 16:43:48 | 000,000,000 | ---D | M]
 
[2009.11.15 12:31:50 | 000,000,000 | ---D | M] -- C:\Users\Julian\AppData\Roaming\mozilla\Extensions
[2010.11.14 22:18:01 | 000,000,000 | ---D | M] -- C:\Users\Julian\AppData\Roaming\mozilla\Firefox\Profiles\2ef4xmbb.default\extensions
[2010.04.14 19:31:02 | 000,000,000 | ---D | M] (Modify Headers) -- C:\Users\Julian\AppData\Roaming\mozilla\Firefox\Profiles\2ef4xmbb.default\extensions\{b749fc7c-e949-447f-926c-3f4eed6accfe}
[2010.07.24 12:55:00 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus(R))) -- C:\Users\Julian\AppData\Roaming\mozilla\Firefox\Profiles\2ef4xmbb.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2010.05.28 16:21:20 | 000,000,000 | ---D | M] -- C:\Users\Julian\AppData\Roaming\mozilla\Firefox\Profiles\2ef4xmbb.default\extensions\battlefieldheroespatcher@ea.com
[2010.11.14 22:18:01 | 000,000,000 | ---D | M] -- C:\Programme\mozilla firefox\extensions
[2009.11.22 18:47:21 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\mozilla firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2010.07.12 17:33:56 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Programme\mozilla firefox\plugins\npwachk.dll
[2010.10.21 17:20:29 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml
[2010.10.21 17:20:29 | 000,002,344 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml
[2010.10.21 17:20:30 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml
[2010.10.21 17:20:30 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml
[2010.10.21 17:20:30 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2010.01.17 01:07:15 | 000,373,541 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1        www.007guard.com
O1 - Hosts: 127.0.0.1        007guard.com
O1 - Hosts: 127.0.0.1        008i.com
O1 - Hosts: 127.0.0.1        www.008k.com
O1 - Hosts: 127.0.0.1        008k.com
O1 - Hosts: 127.0.0.1        www.00hq.com
O1 - Hosts: 127.0.0.1        00hq.com
O1 - Hosts: 127.0.0.1        010402.com
O1 - Hosts: 127.0.0.1        www.032439.com
O1 - Hosts: 127.0.0.1        032439.com
O1 - Hosts: 127.0.0.1        www.0scan.com
O1 - Hosts: 127.0.0.1        0scan.com
O1 - Hosts: 127.0.0.1        www.1000gratisproben.com
O1 - Hosts: 127.0.0.1        1000gratisproben.com
O1 - Hosts: 127.0.0.1        www.1001namen.com
O1 - Hosts: 127.0.0.1        1001namen.com
O1 - Hosts: 127.0.0.1        www.100888290cs.com
O1 - Hosts: 127.0.0.1        100888290cs.com
O1 - Hosts: 127.0.0.1        www.100sexlinks.com
O1 - Hosts: 127.0.0.1        100sexlinks.com
O1 - Hosts: 127.0.0.1        10sek.com
O1 - Hosts: 127.0.0.1        www.10sek.com
O1 - Hosts: 127.0.0.1        1-2005-search.com
O1 - Hosts: 127.0.0.1        www.1-2005-search.com
O1 - Hosts: 127.0.0.1        123fporn.info
O1 - Hosts: 12871 more lines...
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [RivaTunerStartupDaemon] C:\Programme\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTunerWrapper.exe ()
O4 - HKLM..\Run: [ROUTE66Sync] C:\Programme\ROUTE 66\ROUTE 66 Sync\Sync9Loader.exe (ROUTE 66)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Programme\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [sGYdOWNVnv.exe] C:\Users\Julian\AppData\Local\Temp\sGYdOWNVnv.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\Pokerstars\PokerStarsUpdate.exe File not found
O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe File not found
O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe File not found
O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6\ICQ6.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6\ICQ6.5\ICQ.exe (ICQ, LLC.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {140E4DF8-9E14-4A34-9577-C77561ED7883} hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.1.71.0.cab (SysInfo Class)
O16 - DPF: {40F576AD-8680-4F9E-9490-99D069CD665F} hxxp://srtest-cdn.systemrequirementslab.com.s3.amazonaws.com/bin/sysreqlabdetect.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {B8A48F42-30E1-48f8-AE87-7BD7C75DB8AA} hxxp://www.systemrequirementslab.com/srl_bin/sysreqlab_test.cab (System Requirements Lab Class)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 217.0.43.97 217.0.43.113
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2010.02.10 02:55:59 | 000,423,304 | R--- | M] (Electronic Arts) - D:\AutoRun.exe -- [ CDFS ]
O32 - AutoRun File - [2010.02.10 07:21:09 | 000,000,000 | ---D | M] - D:\Autorun -- [ CDFS ]
O32 - AutoRun File - [2010.01.31 09:21:13 | 000,367,686 | R--- | M] () - D:\Autorun.ico -- [ CDFS ]
O32 - AutoRun File - [2010.02.10 03:55:03 | 009,965,568 | R--- | M] () - D:\autorun.dat -- [ CDFS ]
O32 - AutoRun File - [2010.02.10 03:54:55 | 000,000,155 | R--- | M] () - D:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{1a216b38-e4c7-11de-8d23-edf966cd8af4}\Shell - "" = AutoRun
O33 - MountPoints2\{1a216b38-e4c7-11de-8d23-edf966cd8af4}\Shell\AutoRun\command - "" = F:\autorun.exe -- File not found
O33 - MountPoints2\{4474ce59-d794-11dd-bcc1-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{4474ce59-d794-11dd-bcc1-806e6f6e6963}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- [2010.02.10 02:55:59 | 000,423,304 | R--- | M] (Electronic Arts)
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2010.11.14 23:33:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010.11.14 23:32:24 | 000,000,000 | ---D | C] -- C:\Users\Public\Desktop\MFtools
[2010.11.14 12:05:54 | 000,000,000 | ---D | C] -- C:\Users\Julian\AppData\Roaming\ROUTE 66 Sync
[2010.11.14 12:05:50 | 000,000,000 | ---D | C] -- C:\Users\Julian\AppData\Local\ROUTE 66 Sync 9
[2010.11.14 12:00:38 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\ROUTE 66
[2010.11.14 11:57:51 | 000,000,000 | ---D | C] -- C:\Users\Julian\AppData\Local\Downloaded Installations
[2010.10.28 16:42:08 | 000,000,000 | ---D | C] -- C:\Users\Julian\Documents\LucasArts
[2010.10.28 16:42:08 | 000,000,000 | ---D | C] -- C:\Users\Julian\AppData\Local\LucasArts
[2010.10.27 18:10:32 | 000,000,000 | ---D | C] -- C:\Users\Julian\Documents\Samsung
[2010.10.27 18:02:43 | 000,123,648 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\sscemdm.sys
[2010.10.27 18:02:43 | 000,098,560 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\sscebus.sys
[2010.10.27 18:02:43 | 000,014,848 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\sscemdfl.sys
[2010.10.27 18:02:43 | 000,012,416 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\sscecmnt.sys
[2010.10.27 18:02:43 | 000,012,416 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\sscecm.sys
[2010.10.27 18:02:43 | 000,012,288 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\sscewhnt.sys
[2010.10.27 18:02:43 | 000,012,288 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\sscewh.sys
[2010.10.27 17:52:16 | 000,000,000 | ---D | C] -- C:\Users\Julian\AppData\Roaming\Samsung
[2010.10.27 17:52:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Samsung
[2010.10.27 17:52:01 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Samsung
[2010.10.24 16:37:36 | 000,000,000 | ---D | C] -- C:\Users\Julian\AppData\Local\FalloutNV
[2010.10.19 17:08:07 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2010.10.17 19:48:10 | 000,000,000 | ---D | C] -- C:\Windows\Sun
 
========== Files - Modified Within 30 Days ==========
 
[2010.11.14 23:32:27 | 000,050,477 | ---- | M] () -- C:\Users\Julian\Desktop\defogger.exe
[2010.11.14 23:32:26 | 000,288,107 | ---- | M] () -- C:\Users\Julian\Desktop\Gmer.zip
[2010.11.14 20:46:30 | 000,696,832 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2010.11.14 20:46:30 | 000,652,150 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010.11.14 20:46:30 | 000,148,128 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2010.11.14 20:46:30 | 000,121,082 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010.11.14 18:56:11 | 000,014,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010.11.14 18:56:11 | 000,014,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010.11.14 18:46:58 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.11.14 18:46:57 | 000,000,000 | ---- | M] () -- C:\Windows\System32\drivers\lvuvc.hs
[2010.11.14 18:46:52 | 2414,731,264 | -HS- | M] () -- C:\hiberfil.sys
[2010.11.14 12:00:48 | 000,002,016 | ---- | M] () -- C:\Users\Public\Desktop\ROUTE 66 Sync.lnk
[2010.11.12 15:15:26 | 000,137,976 | ---- | M] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2010.11.12 15:15:17 | 000,234,280 | ---- | M] () -- C:\Windows\System32\PnkBstrB.xtr
[2010.10.31 10:43:24 | 000,002,006 | ---- | M] () -- C:\aqua_bitmap.cpp
[2010.10.30 17:03:12 | 000,004,670 | ---- | M] () -- C:\Users\Julian\Documents\cc_20101030_180257.reg
[2010.10.30 17:01:11 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_wpdcomp_01_09_00.Wdf
[2010.10.30 16:20:11 | 000,136,244 | ---- | M] () -- C:\Users\Julian\Documents\cc_20101030_172000.reg
[2010.10.24 16:37:29 | 000,001,216 | ---- | M] () -- C:\Users\Public\Desktop\Fallout New Vegas.lnk
[2010.10.21 14:29:23 | 000,000,007 | ---- | M] () -- C:\Users\Julian\Desktop\101022-000033.rtf
[2010.10.18 16:24:01 | 000,017,718 | ---- | M] () -- C:\Users\Julian\Desktop\KARTEN!.odt
 
========== Files Created - No Company Name ==========
 
[2010.11.14 23:32:26 | 000,050,477 | ---- | C] () -- C:\Users\Julian\Desktop\defogger.exe
[2010.11.14 23:32:25 | 000,288,107 | ---- | C] () -- C:\Users\Julian\Desktop\Gmer.zip
[2010.11.14 12:00:48 | 000,002,016 | ---- | C] () -- C:\Users\Public\Desktop\ROUTE 66 Sync.lnk
[2010.10.30 17:02:59 | 000,004,670 | ---- | C] () -- C:\Users\Julian\Documents\cc_20101030_180257.reg
[2010.10.30 17:01:11 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_wpdcomp_01_09_00.Wdf
[2010.10.30 16:20:05 | 000,136,244 | ---- | C] () -- C:\Users\Julian\Documents\cc_20101030_172000.reg
[2010.10.27 17:51:23 | 000,002,006 | ---- | C] () -- C:\aqua_bitmap.cpp
[2010.10.24 16:37:29 | 000,001,216 | ---- | C] () -- C:\Users\Public\Desktop\Fallout New Vegas.lnk
[2010.10.21 14:29:23 | 000,000,007 | ---- | C] () -- C:\Users\Julian\Desktop\101022-000033.rtf
[2010.10.18 16:23:57 | 000,017,718 | ---- | C] () -- C:\Users\Julian\Desktop\KARTEN!.odt
[2010.08.17 00:59:48 | 000,000,032 | ---- | C] () -- C:\Windows\CD_Start.INI
[2010.06.03 13:50:40 | 000,000,375 | ---- | C] () -- C:\Users\Julian\AppData\Local\postgresinstall.bat
[2010.04.27 16:48:16 | 000,000,432 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2010.04.13 16:26:45 | 000,000,023 | ---- | C] () -- C:\Windows\BlendSettings.ini
[2010.04.02 16:17:34 | 000,179,091 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2010.03.24 17:27:16 | 000,073,728 | ---- | C] () -- C:\Windows\System32\RtNicProp.dll
[2010.02.21 00:58:13 | 000,082,289 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini
[2010.02.12 18:37:08 | 000,027,648 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll
[2009.12.20 15:05:44 | 000,015,873 | ---- | C] () -- C:\Windows\System32\Inetde.dll
[2009.11.25 16:50:25 | 000,691,696 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys
[2009.11.18 15:53:07 | 000,138,056 | ---- | C] () -- C:\Users\Julian\AppData\Roaming\PnkBstrK.sys
[2009.11.18 15:53:07 | 000,137,976 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2009.11.15 14:19:18 | 000,281,504 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys
[2009.11.15 14:19:17 | 000,025,888 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys
[2009.07.14 00:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[1996.04.03 20:33:26 | 000,005,248 | ---- | C] () -- C:\Windows\System32\giveio.sys
 
========== LOP Check ==========
 
[2010.09.29 21:28:10 | 000,000,000 | ---D | M] -- C:\Users\Julian\AppData\Roaming\Azureus
[2009.12.20 15:08:29 | 000,000,000 | ---D | M] -- C:\Users\Julian\AppData\Roaming\BOM
[2009.11.25 17:03:20 | 000,000,000 | ---D | M] -- C:\Users\Julian\AppData\Roaming\DAEMON Tools Lite
[2009.11.25 16:50:24 | 000,000,000 | ---D | M] -- C:\Users\Julian\AppData\Roaming\DAEMON Tools Pro
[2010.05.12 16:29:34 | 000,000,000 | ---D | M] -- C:\Users\Julian\AppData\Roaming\Degener
[2010.05.12 16:29:44 | 000,000,000 | ---D | M] -- C:\Users\Julian\AppData\Roaming\Ebner
[2010.10.02 13:33:40 | 000,000,000 | ---D | M] -- C:\Users\Julian\AppData\Roaming\foobar2000
[2010.11.12 18:26:32 | 000,000,000 | ---D | M] -- C:\Users\Julian\AppData\Roaming\ICQ
[2010.02.21 00:59:18 | 000,000,000 | ---D | M] -- C:\Users\Julian\AppData\Roaming\Leadertech
[2009.11.22 19:42:28 | 000,000,000 | ---D | M] -- C:\Users\Julian\AppData\Roaming\Miranda
[2010.03.29 20:05:14 | 000,000,000 | ---D | M] -- C:\Users\Julian\AppData\Roaming\Nokia
[2010.03.29 13:22:34 | 000,000,000 | ---D | M] -- C:\Users\Julian\AppData\Roaming\Notepad++
[2010.01.10 11:53:13 | 000,000,000 | ---D | M] -- C:\Users\Julian\AppData\Roaming\OpenOffice.org
[2010.03.29 19:43:33 | 000,000,000 | ---D | M] -- C:\Users\Julian\AppData\Roaming\PC Suite
[2010.11.14 12:05:55 | 000,000,000 | ---D | M] -- C:\Users\Julian\AppData\Roaming\ROUTE 66 Sync
[2010.11.06 16:27:15 | 000,000,000 | ---D | M] -- C:\Users\Julian\AppData\Roaming\Samsung
[2009.11.23 18:26:33 | 000,000,000 | ---D | M] -- C:\Users\Julian\AppData\Roaming\uTorrent
[2010.02.21 02:20:00 | 000,000,346 | ---- | M] () -- C:\Windows\Tasks\Driver Robot.job
[2010.11.12 18:24:25 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 

< End of report >

cosinus 15.11.2010 06:14
Zitat:
habe nach dem besuchen einer ominösen Seite
Was für ne Seite hast du da besucht?

TrjPferd 15.11.2010 15:36
Hallo, danke erstmal für die schnelle Antwort.
Die genaue Seite kann ich nicht mehr finden, auch nicht im Verlauf, der Fehler ist auch nicht mir sondern einem "totalem" Laien unterlaufen.

cosinus 15.11.2010 21:33
Zitat:
[2010.11.14 23:33:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
Wenn das Tool schon offensichtlich benutzt wurde, warum wurden die Logs nicht gepostet?
Bitte alle Logs posten, auch wenn keine Funde dabei waren!

TrjPferd 15.11.2010 21:43
Das Tool hat auch nach manuellem Update nur eine Fehlermeldung ausgespuckt und funktioniert nicht. Die Sperre des Taskmanagers find Ich ganz besonders schlimm.

Code:
MBAM_ERROR_EXPANDING_VARIABLES (0,9)

cosinus 15.11.2010 22:24
Das schon probiert => http://www.trojaner-board.de/82699-m...tet-nicht.html
Ggf im Zusammenhang mit dem random installer probieren, falls man schon Probleme bei der Installation bzw. beim Download hat => http://malwarebytes.org/mbam-download-exe-random.php

TrjPferd 16.11.2010 17:24
Der Fehler bleibt, zunächst während der Installation, und danach!

cosinus 16.11.2010 22:07
Auch beim random installer und die mbam.exe unbenannt wurde?? :wtf:

TrjPferd 16.11.2010 22:41
Ja, beides ausprobiert, das ändert nichts daran.

cosinus 16.11.2010 23:43
Beende alle Programme, starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:
:OTL
DRV - File not found [Kernel | Auto | Stopped] -- C:\Windows\System32\DRIVERS\BT848.sys -- (BT848)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O4 - HKLM..\Run: []  File not found
O4 - HKCU..\Run: [sGYdOWNVnv.exe] C:\Users\Julian\AppData\Local\Temp\sGYdOWNVnv.exe File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2010.02.10 02:55:59 | 000,423,304 | R--- | M] (Electronic Arts) - D:\AutoRun.exe -- [ CDFS ]
O32 - AutoRun File - [2010.02.10 07:21:09 | 000,000,000 | ---D | M] - D:\Autorun -- [ CDFS ]
O32 - AutoRun File - [2010.01.31 09:21:13 | 000,367,686 | R--- | M] () - D:\Autorun.ico -- [ CDFS ]
O32 - AutoRun File - [2010.02.10 03:55:03 | 009,965,568 | R--- | M] () - D:\autorun.dat -- [ CDFS ]
O32 - AutoRun File - [2010.02.10 03:54:55 | 000,000,155 | R--- | M] () - D:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{1a216b38-e4c7-11de-8d23-edf966cd8af4}\Shell - "" = AutoRun
O33 - MountPoints2\{1a216b38-e4c7-11de-8d23-edf966cd8af4}\Shell\AutoRun\command - "" = F:\autorun.exe -- File not found
O33 - MountPoints2\{4474ce59-d794-11dd-bcc1-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{4474ce59-d794-11dd-bcc1-806e6f6e6963}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- [2010.02.10 02:55:59 | 000,423,304 | R--- | M] (Electronic Arts)
:Commands
[purity]
[resethosts]
[emptytemp]
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

TrjPferd 17.11.2010 15:22
Code:
All processes killed
========== OTL ==========
Service BT848 stopped successfully!
Service BT848 deleted successfully!
File C:\Windows\System32\DRIVERS\BT848.sys not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\sGYdOWNVnv.exe deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\autoexec.bat moved successfully.
File move failed. D:\AutoRun.exe scheduled to be moved on reboot.
File  not found.
File move failed. D:\Autorun.ico scheduled to be moved on reboot.s
File move failed. D:\autorun.dat scheduled to be moved on reboot.
File move failed. D:\autorun.inf scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1a216b38-e4c7-11de-8d23-edf966cd8af4}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1a216b38-e4c7-11de-8d23-edf966cd8af4}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1a216b38-e4c7-11de-8d23-edf966cd8af4}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1a216b38-e4c7-11de-8d23-edf966cd8af4}\ not found.
File F:\autorun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4474ce59-d794-11dd-bcc1-806e6f6e6963}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4474ce59-d794-11dd-bcc1-806e6f6e6963}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4474ce59-d794-11dd-bcc1-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4474ce59-d794-11dd-bcc1-806e6f6e6963}\ not found.
File move failed. D:\AutoRun.exe scheduled to be moved on reboot.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
[EMPTYTEMP]
 
User: Administrator
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Gast
 
User: HomeGroupUser$
 
User: Julian
->Temp folder emptied: 668475 bytes
->Temporary Internet Files folder emptied: 4908667 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 96198118 bytes
->Flash cache emptied: 2016 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 3696 bytes
RecycleBin emptied: 2541116 bytes
 
Total Files Cleaned = 99,00 mb
 
 
OTL by OldTimer - Version 3.2.17.3 log created on 11172010_151728

Files\Folders moved on Reboot...
File move failed. D:\AutoRun.exe scheduled to be moved on reboot.
File move failed. D:\Autorun.ico scheduled to be moved on reboot.
File move failed. D:\autorun.dat scheduled to be moved on reboot.
File move failed. D:\autorun.inf scheduled to be moved on reboot.

Registry entries deleted on Reboot...
Danke schonmal.

cosinus 17.11.2010 16:12
Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Lade dir ComboFix hier herunter auf deinen Desktop. Benenne es beim Runterladen um in cofi.exe.
http://saved.im/mtm0nzyzmzd5/cofi.jpg
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

TrjPferd 17.11.2010 16:27
Code:
ComboFix 10-11-16.06 - Julian 17.11.2010  16:21:59.1.2 - x86
Microsoft Windows 7 Ultimate  6.1.7600.0.1252.49.1031.18.3070.1972 [GMT 1:00]
ausgeführt von:: c:\users\Julian\Desktop\cofi.exe
.

(((((((((((((((((((((((  Dateien erstellt von 2010-10-17 bis 2010-11-17  ))))))))))))))))))))))))))))))
.

2010-11-17 15:25 . 2010-11-17 15:25        --------        d-----w-        c:\users\Default\AppData\Local\temp
2010-11-17 14:17 . 2010-11-17 14:17        --------        d-----w-        C:\_OTL
2010-11-16 21:41 . 2010-04-29 14:39        38224        ----a-w-        c:\windows\system32\drivers\mbamswissarmy.sys
2010-11-16 21:41 . 2010-04-29 14:39        20952        ----a-w-        c:\windows\system32\drivers\mbam.sys
2010-11-16 15:57 . 2010-10-07 23:21        6146896        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{0127E211-0554-4D32-A2D1-616A8BB560A8}\mpengine.dll
2010-11-14 22:33 . 2010-11-14 22:33        --------        d-----w-        c:\programdata\Malwarebytes
2010-11-14 11:05 . 2010-11-14 11:05        --------        d-----w-        c:\users\Julian\AppData\Roaming\ROUTE 66 Sync
2010-11-14 11:05 . 2010-11-17 14:19        --------        d-----w-        c:\users\Julian\AppData\Local\ROUTE 66 Sync 9
2010-11-14 11:00 . 2010-11-14 11:00        --------        d-----w-        c:\program files\Common Files\ROUTE 66
2010-11-14 10:57 . 2010-11-14 10:57        --------        d-----w-        c:\users\Julian\AppData\Local\Downloaded Installations
2010-10-28 15:42 . 2010-10-28 15:42        --------        d-----w-        c:\users\Julian\AppData\Local\LucasArts
2010-10-27 17:02 . 2010-04-27 02:25        98560        ----a-w-        c:\windows\system32\drivers\sscebus.sys
2010-10-27 17:02 . 2010-04-27 02:25        14848        ----a-w-        c:\windows\system32\drivers\sscemdfl.sys
2010-10-27 17:02 . 2010-04-27 02:25        12416        ----a-w-        c:\windows\system32\drivers\sscecmnt.sys
2010-10-27 17:02 . 2010-04-27 02:25        12416        ----a-w-        c:\windows\system32\drivers\sscecm.sys
2010-10-27 17:02 . 2010-04-27 02:25        123648        ----a-w-        c:\windows\system32\drivers\sscemdm.sys
2010-10-27 17:02 . 2010-04-27 02:25        12288        ----a-w-        c:\windows\system32\drivers\sscewhnt.sys
2010-10-27 17:02 . 2010-04-27 02:25        12288        ----a-w-        c:\windows\system32\drivers\sscewh.sys
2010-10-27 16:52 . 2010-11-06 15:27        --------        d-----w-        c:\users\Julian\AppData\Roaming\Samsung
2010-10-27 16:52 . 2010-11-06 15:27        --------        d-----w-        c:\programdata\Samsung
2010-10-27 16:52 . 2010-10-27 16:52        --------        d-----w-        c:\program files\Common Files\Samsung
2010-10-27 09:55 . 2010-08-04 06:18        641536        ----a-w-        c:\windows\system32\CPFilters.dll
2010-10-27 09:55 . 2010-08-04 06:17        417792        ----a-w-        c:\windows\system32\msdri.dll
2010-10-27 09:55 . 2010-08-04 06:15        204288        ----a-w-        c:\windows\system32\MSNP.ax
2010-10-27 09:55 . 2010-08-04 06:15        199680        ----a-w-        c:\windows\system32\mpg2splt.ax
2010-10-27 09:55 . 2010-07-13 05:22        26504        ----a-w-        c:\windows\system32\drivers\Diskdump.sys
2010-10-24 15:37 . 2010-10-24 15:37        --------        d-----w-        c:\users\Julian\AppData\Local\FalloutNV

.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-12 14:15 . 2009-11-18 14:53        137976        ----a-w-        c:\windows\system32\drivers\PnkBstrK.sys
2010-11-12 14:15 . 2009-11-18 14:56        234280        ----a-w-        c:\windows\system32\PnkBstrB.xtr
2010-11-12 14:15 . 2009-11-18 14:52        234280        ----a-w-        c:\windows\system32\PnkBstrB.exe
2010-10-19 09:41 . 2009-11-17 18:52        222080        ------w-        c:\windows\system32\MpSigStub.exe
2010-10-13 07:47 . 2010-10-13 07:47        526336        ----a-w-        c:\programdata\Microsoft\Windows\Templates\NPSDCACHINA2HSP.dll
2010-10-13 07:47 . 2010-10-13 07:47        254464        ----a-w-        c:\programdata\Microsoft\Windows\Templates\DCACDMAVIA.dll
2010-10-13 07:46 . 2010-10-13 07:46        299008        ----a-w-        c:\programdata\Microsoft\Windows\Templates\BackupRestoreWM.dll
2010-10-13 07:42 . 2010-10-13 07:42        200192        ----a-w-        c:\programdata\Microsoft\Windows\Templates\DeviceSearch.dll
2010-10-13 07:42 . 2010-10-13 07:42        1017856        ----a-w-        c:\programdata\Microsoft\Windows\Templates\DCAPARAGONATOBEX.dll
2010-10-13 07:41 . 2010-10-13 07:41        622080        ----a-w-        c:\programdata\Microsoft\Windows\Templates\DevFileService.dll
2010-10-13 07:41 . 2010-10-13 07:41        578048        ----a-w-        c:\programdata\Microsoft\Windows\Templates\SyncService.dll
2010-10-13 07:40 . 2010-10-13 07:40        1205248        ----a-w-        c:\programdata\Microsoft\Windows\Templates\DCAPARAGONOBEX.dll
2010-10-13 07:40 . 2010-10-13 07:40        1092096        ----a-w-        c:\programdata\Microsoft\Windows\Templates\DCAKOREAMITSOBEX.dll
2010-10-13 07:40 . 2010-10-13 07:40        800768        ----a-w-        c:\programdata\Microsoft\Windows\Templates\DCAPARAGONGM.dll
2010-10-13 07:39 . 2010-10-13 07:39        271360        ----a-w-        c:\programdata\Microsoft\Windows\Templates\DeviceDataService.exe
2010-10-13 07:39 . 2010-10-13 07:39        33280        ----a-w-        c:\programdata\Microsoft\Windows\Templates\FUSBCommander.exe
2010-10-13 07:38 . 2010-10-13 07:38        919040        ----a-w-        c:\programdata\Microsoft\Windows\Templates\DCAMITSOBEX.dll
2010-10-13 07:38 . 2010-10-13 07:38        640000        ----a-w-        c:\programdata\Microsoft\Windows\Templates\DCASW.dll
2010-10-13 07:38 . 2010-10-13 07:38        15872        ----a-w-        c:\programdata\Microsoft\Windows\Templates\IPCLib.dll
2010-10-13 07:38 . 2010-10-13 07:38        230912        ----a-w-        c:\programdata\Microsoft\Windows\Templates\BackupRestoreLib.dll
2010-10-13 07:38 . 2010-10-13 07:38        506368        ----a-w-        c:\programdata\Microsoft\Windows\Templates\DCAKOREAHSP.dll
2010-10-13 07:37 . 2010-10-13 07:37        332800        ----a-w-        c:\programdata\Microsoft\Windows\Templates\DCAHSP.dll
2010-10-13 07:37 . 2010-10-13 07:37        434688        ----a-w-        c:\programdata\Microsoft\Windows\Templates\DCASYM.dll
2010-10-13 07:37 . 2010-10-13 07:37        820224        ----a-w-        c:\programdata\Microsoft\Windows\Templates\DCAGMOBEX.dll
2010-10-13 07:37 . 2010-10-13 07:37        748544        ----a-w-        c:\programdata\Microsoft\Windows\Templates\DCADU.dll
2010-10-13 07:37 . 2010-10-13 07:37        584192        ----a-w-        c:\programdata\Microsoft\Windows\Templates\DCACHINAHSP.dll
2010-10-13 07:36 . 2010-10-13 07:36        905728        ----a-w-        c:\programdata\Microsoft\Windows\Templates\DCAATOBEX.dll
2010-10-13 07:36 . 2010-10-13 07:36        763392        ----a-w-        c:\programdata\Microsoft\Windows\Templates\DCAWM.dll
2010-10-13 07:36 . 2010-10-13 07:36        528384        ----a-w-        c:\programdata\Microsoft\Windows\Templates\DCAGM.dll
2010-10-13 07:36 . 2010-10-13 07:36        1007104        ----a-w-        c:\programdata\Microsoft\Windows\Templates\DCAOBEX.dll
2010-10-13 07:36 . 2010-10-13 07:36        461824        ----a-w-        c:\programdata\Microsoft\Windows\Templates\DCAATCDMA.dll
2010-10-13 07:35 . 2010-10-13 07:35        626688        ----a-w-        c:\programdata\Microsoft\Windows\Templates\DeviceManager.exe
2010-10-13 07:34 . 2010-10-13 07:34        59904        ----a-w-        c:\programdata\Microsoft\Windows\Templates\DeviceCommunication.dll
2010-10-13 07:34 . 2010-10-13 07:34        18944        ----a-w-        c:\programdata\Microsoft\Windows\Templates\HSPConnection.exe
2010-10-13 07:34 . 2010-10-13 07:34        142336        ----a-w-        c:\programdata\Microsoft\Windows\Templates\ConnectionManager.exe
2010-10-13 07:34 . 2010-10-13 07:34        152576        ----a-w-        c:\programdata\Microsoft\Windows\Templates\THNRProghelp.dll
2010-10-13 07:34 . 2010-10-13 07:34        281088        ----a-w-        c:\programdata\Microsoft\Windows\Templates\MObexDll.dll
2010-10-13 07:33 . 2010-10-13 07:33        182784        ----a-w-        c:\programdata\Microsoft\Windows\Templates\DeviceServiceCBT.dll
2010-10-13 07:33 . 2010-10-13 07:33        97792        ----a-w-        c:\programdata\Microsoft\Windows\Templates\DeviceServiceHSPAgent.dll
2010-10-13 07:33 . 2010-10-13 07:33        58880        ----a-w-        c:\programdata\Microsoft\Windows\Templates\DeviceServiceModelDB.dll
2010-10-13 07:33 . 2010-10-13 07:33        47616        ----a-w-        c:\programdata\Microsoft\Windows\Templates\DeviceServiceCore.dll
2010-10-13 06:53 . 2010-10-13 06:53        907776        ----a-w-        c:\programdata\Microsoft\Windows\Templates\DCAMITS2OBEX.dll
2010-10-13 06:47 . 2010-10-13 06:47        66560        ----a-w-        c:\programdata\Microsoft\Windows\Templates\DeviceErrorRecovery.dll
2010-09-15 08:42 . 2010-09-15 08:42        904192        ----a-w-        c:\programdata\Microsoft\Windows\Templates\JSRHandler_SP.dll
2010-09-15 08:42 . 2010-09-15 08:42        7168        ----a-w-        c:\programdata\Microsoft\Windows\Templates\PBRefresher.exe
2010-09-15 08:42 . 2010-09-15 08:42        712704        ----a-w-        c:\programdata\Microsoft\Windows\Templates\SHOWDRM_UCC.dll
2010-09-15 08:42 . 2010-09-15 08:42        598912        ----a-w-        c:\programdata\Microsoft\Windows\Templates\NPSRapiServer_k2.dll
2010-09-15 08:42 . 2010-09-15 08:42        596864        ----a-w-        c:\programdata\Microsoft\Windows\Templates\NPSRapiServer_f.dll
2010-09-15 08:42 . 2010-09-15 08:42        595840        ----a-w-        c:\programdata\Microsoft\Windows\Templates\NPSRapiServer_k2_a.dll
2010-09-15 08:42 . 2010-09-15 08:42        578944        ----a-w-        c:\programdata\Microsoft\Windows\Templates\NPSRapiServer.dll
2010-09-15 08:42 . 2010-09-15 08:42        567168        ----a-w-        c:\programdata\Microsoft\Windows\Templates\NPSRapiServer_l.dll
2010-09-15 08:42 . 2010-09-15 08:42        482816        ----a-w-        c:\programdata\Microsoft\Windows\Templates\JSRHandler.dll
2010-09-15 08:42 . 2010-09-15 08:42        36864        ----a-w-        c:\programdata\Microsoft\Windows\Templates\ConvLunar.dll
2010-09-15 08:42 . 2010-09-15 08:42        35328        ----a-w-        c:\programdata\Microsoft\Windows\Templates\BackupSYM.dll
2010-09-15 08:42 . 2010-09-15 08:42        242176        ----a-w-        c:\programdata\Microsoft\Windows\Templates\FsDeviceLib64Ex.dll
2010-09-15 08:42 . 2010-09-15 08:42        237568        ----a-w-        c:\programdata\Microsoft\Windows\Templates\drmcm.dll
2010-09-15 08:42 . 2010-09-15 08:42        16896        ----a-w-        c:\programdata\Microsoft\Windows\Templates\ksmsbackupapi_l.dll
2010-09-15 08:42 . 2010-09-15 08:42        14408        ----a-w-        c:\programdata\Microsoft\Windows\Templates\SetupNPSRapiServer_GT-B7320.exe
2010-09-15 08:42 . 2010-09-15 08:42        13880        ----a-w-        c:\programdata\Microsoft\Windows\Templates\SetupNPSRapiServer.exe
2010-09-15 08:42 . 2010-09-15 08:42        12800        ----a-w-        c:\programdata\Microsoft\Windows\Templates\ksmsbackupapi_f.dll
2010-09-15 08:42 . 2010-09-15 08:42        103424        ----a-w-        c:\programdata\Microsoft\Windows\Templates\UPNPDevice_Kies.dll
2010-09-15 08:42 . 2010-09-15 08:42        487424        ----a-w-        c:\programdata\Microsoft\Windows\Templates\PxtrMP4S.dll
2010-09-15 08:42 . 2010-09-15 08:42        348160        ----a-w-        c:\programdata\Microsoft\Windows\Templates\msvcr71.dll
2010-09-15 08:42 . 2010-09-15 08:42        283136        ----a-w-        c:\programdata\Microsoft\Windows\Templates\PxtrVDF.dll
2010-09-15 08:42 . 2010-09-15 08:42        2400768        ----a-w-        c:\programdata\Microsoft\Windows\Templates\HTH264VD.dll
2010-09-15 08:42 . 2010-09-15 08:42        122880        ----a-w-        c:\programdata\Microsoft\Windows\Templates\PT_AACAD.dll
2010-09-15 08:42 . 2010-09-15 08:42        114688        ----a-w-        c:\programdata\Microsoft\Windows\Templates\PxtrAACD.dll
2010-09-15 08:41 . 2010-09-15 08:41        413696        ----a-w-        c:\programdata\Microsoft\Windows\Templates\msvcp60.dll
2010-09-15 08:41 . 2010-09-15 08:41        23040        ----a-w-        c:\programdata\Microsoft\Windows\Templates\psapi.dll
2010-09-15 08:41 . 2010-09-15 08:41        511328        ----a-w-        c:\windows\system32\Synchronization2.dll
2010-09-15 08:41 . 2010-09-15 08:41        288608        ----a-w-        c:\windows\system32\Microsoft.Synchronization.dll
2010-09-15 08:41 . 2010-09-15 08:41        253280        ----a-w-        c:\windows\system32\MetaStore2.dll
2010-09-15 08:40 . 2010-09-15 08:40        204288        ----a-w-        c:\programdata\Microsoft\Windows\Templates\CmdAgent.dll
2010-09-15 08:38 . 2010-09-15 08:38        657408        ----a-w-        c:\programdata\Microsoft\Windows\Templates\DeviceServiceCBTD.dll
2010-09-15 08:38 . 2010-09-15 08:38        416768        ----a-w-        c:\programdata\Microsoft\Windows\Templates\libMediaTranscoderDLL.dll
2010-09-15 08:38 . 2010-09-15 08:38        32256        ----a-w-        c:\programdata\Microsoft\Windows\Templates\IPCLibD.dll
2010-09-15 08:38 . 2010-09-15 08:38        299105        ----a-w-        c:\programdata\Microsoft\Windows\Templates\NEDEncoderD.dll
2010-09-15 08:38 . 2010-09-15 08:38        2023936        ----a-w-        c:\programdata\Microsoft\Windows\Templates\libMediaTranscoderDLLD.dll
2010-09-15 08:38 . 2010-09-15 08:38        1905664        ----a-w-        c:\programdata\Microsoft\Windows\Templates\MObexDllD.dll
2010-09-15 08:37 . 2010-09-15 08:37        319456        ----a-w-        c:\programdata\Microsoft\Windows\Templates\DIFxAPI.dll
2010-09-15 08:37 . 2010-09-15 08:37        208896        ----a-w-        c:\programdata\Microsoft\Windows\Templates\HSPIO.dll
2010-09-15 08:33 . 2010-09-15 08:33        10752        ----a-w-        c:\programdata\Microsoft\Windows\Templates\DllReg.exe
2010-09-15 08:33 . 2010-09-15 08:33        36640        ----a-w-        c:\programdata\Microsoft\Windows\Templates\FsUsbExDisk.sys
2010-09-15 08:33 . 2010-09-15 08:33        341960        ----a-w-        c:\programdata\Microsoft\Windows\Templates\FsAdmin64.exe
2010-09-15 08:33 . 2010-09-15 08:33        217088        ----a-w-        c:\programdata\Microsoft\Windows\Templates\FsUsbExService.exe
2010-09-15 08:33 . 2010-09-15 08:33        214544        ----a-w-        c:\programdata\Microsoft\Windows\Templates\FsUsbExAdmin.exe
2010-09-15 08:33 . 2010-09-15 08:33        207360        ----a-w-        c:\programdata\Microsoft\Windows\Templates\FsDeviceLib64.dll
2010-09-15 08:33 . 2010-09-15 08:33        20480        ----a-w-        c:\programdata\Microsoft\Windows\Templates\FsExService64.exe
2010-09-15 08:33 . 2010-09-15 08:33        16392        ----a-w-        c:\programdata\Microsoft\Windows\Templates\TFsExDisk.sys
2010-09-15 08:33 . 2010-09-15 08:33        126976        ----a-w-        c:\programdata\Microsoft\Windows\Templates\FsUsbExDeviceLib.dll
2010-09-15 08:33 . 2010-09-15 08:33        110592        ----a-w-        c:\programdata\Microsoft\Windows\Templates\FsUsbExDevice.Dll
2010-09-08 04:30 . 2010-10-13 17:43        978432        ----a-w-        c:\windows\system32\wininet.dll
2010-09-08 04:28 . 2010-10-13 17:43        44544        ----a-w-        c:\windows\system32\licmgr10.dll
2010-09-08 03:22 . 2010-10-13 17:43        386048        ----a-w-        c:\windows\system32\html.iec
2010-09-08 02:48 . 2010-10-13 17:43        1638912        ----a-w-        c:\windows\system32\mshtml.tlb
2010-09-01 04:23 . 2010-10-13 17:42        12625408        ----a-w-        c:\windows\system32\wmploc.DLL
2010-09-01 02:34 . 2010-10-13 17:42        2327552        ----a-w-        c:\windows\system32\win32k.sys
2010-08-31 04:32 . 2010-10-13 17:42        954752        ----a-w-        c:\windows\system32\mfc40.dll
2010-08-31 04:32 . 2010-10-13 17:42        954288        ----a-w-        c:\windows\system32\mfc40u.dll
2010-08-27 19:31 . 2009-11-16 17:47        1113408        ----a-w-        c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2006-05-03 10:06        163328        --sh--r-        c:\windows\System32\flvDX.dll
2007-02-21 11:47        31232        --sh--r-        c:\windows\System32\msfDX.dll
2008-03-16 13:30        216064        --sh--r-        c:\windows\System32\nbDX.dll
.

((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\programme\DAEMON Tools Lite\DTLite.exe" [2009-10-30 369200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\programme\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"RivaTunerStartupDaemon"="c:\programme\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTunerWrapper.exe" [2009-08-22 24576]
"ROUTE66Sync"="c:\programme\ROUTE 66\ROUTE 66 Sync\Sync9Loader.exe" [2010-06-29 176128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^NETGEAR WG111v3 Setup-Assistent.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\NETGEAR WG111v3 Setup-Assistent.lnk
backup=c:\windows\pss\NETGEAR WG111v3 Setup-Assistent.lnk.CommonStartup
backupExtension=.CommonStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-09-21 18:37        932288        ----a-w-        c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-10-03 03:08        35696        ----a-w-        c:\programme\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2007-06-27 18:03        152872        ----a-w-        c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2009-10-30 11:57        369200        ----a-w-        c:\programme\DAEMON Tools Lite\DTLite.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ]
2009-11-16 08:36        172792        ----a-w-        c:\program files\ICQ6\ICQ6.5\ICQ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-03-25 23:10        142120        ----a-w-        c:\programme\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2009-07-26 15:44        3883840        ----a-w-        c:\program files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2007-03-01 14:57        153136        ----a-w-        c:\program files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-03-17 19:53        421888        ----a-w-        c:\programme\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RivaTunerStartupDaemon]
2009-08-22 18:25        24576        ----a-w-        c:\programme\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTunerWrapper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2010-09-02 13:15        13351304        ----a-r-        c:\program files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2010-10-23 11:40        1242448        ----a-w-        c:\programme\Steam\steam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-01-10 10:36        149280        ----a-w-        c:\programme\Java\jre6\bin\jusched.exe

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys [x]
R3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2010-02-26 137344]
R3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [2010-02-26 8320]
R3 Ph3xIB32;Philips 713x Inbox PCI TV Card;c:\windows\system32\DRIVERS\Ph3xIB32.sys [2009-07-13 1311232]
R3 RTL8167;Realtek 8167 NT-Treiber;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-07-13 139776]
R3 RTL8187B;NETGEAR WG111v3 Wireless-G USB Adapter Win7 Driver;c:\windows\system32\DRIVERS\wg111v3.sys [2009-11-18 376832]
R3 sscebus;SAMSUNG USB Composite Device V2 driver (WDM);c:\windows\system32\DRIVERS\sscebus.sys [2010-04-27 98560]
R3 sscemdfl;SAMSUNG Mobile Modem V2 Filter;c:\windows\system32\DRIVERS\sscemdfl.sys [2010-04-27 14848]
R3 sscemdm;SAMSUNG Mobile Modem V2 Drivers;c:\windows\system32\DRIVERS\sscemdm.sys [2010-04-27 123648]
R3 TEAM;Realtek Virtual Miniport Driver for Teaming (NDIS 6.0);c:\windows\system32\DRIVERS\RtTeam60.sys [x]
R3 VLAN;Realtek Virtual Miniport Driver for VLAN (NDIS 6.2);c:\windows\system32\DRIVERS\RtVLAN60.sys [x]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2009-11-25 691696]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\programme\Avira\AntiVir Desktop\sched.exe [2009-05-13 108289]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-07-09 248936]
S3 DLKRT32;D-Link DGE-528T Gigabit Ethernet Adapter Driver;c:\windows\system32\DRIVERS\DLKRT32.sys [2009-08-06 167936]

.
Inhalt des "geplante Tasks" Ordners
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://start.icq.com/
uInternet Settings,ProxyOverride = *.local
DPF: {140E4DF8-9E14-4A34-9577-C77561ED7883} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.1.71.0.cab
DPF: {B8A48F42-30E1-48f8-AE87-7BD7C75DB8AA} - hxxp://www.systemrequirementslab.com/srl_bin/sysreqlab_test.cab
FF - ProfilePath - c:\users\Julian\AppData\Roaming\Mozilla\Firefox\Profiles\2ef4xmbb.default\
FF - prefs.js: browser.startup.homepage - hxxp://web.de/
FF - plugin: c:\programdata\id Software\QuakeLive\npquakezero.dll
FF - plugin: c:\programme\Mozilla Firefox\plugins\npwachk.dll
FF - plugin: c:\programme\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: c:\programme\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: c:\users\Julian\AppData\Roaming\Mozilla\Firefox\Profiles\2ef4xmbb.default\extensions\battlefieldheroespatcher@ea.com\platform\WINNT_x86-msvc\plugins\npBFHUpdater.dll

---- FIREFOX Richtlinien ----
c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true);  // Traditional
c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true);  // Simplified
c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -

AddRemove-01_Simmental - c:\program files\Samsung\USB Drivers\01_Simmental\Uninstall.exe
AddRemove-02_Siberian - c:\program files\Samsung\USB Drivers\02_Siberian\Uninstall.exe
AddRemove-03_Swallowtail - c:\program files\Samsung\USB Drivers\03_Swallowtail\Uninstall.exe
AddRemove-04_semseyite - c:\program files\Samsung\USB Drivers\04_semseyite\Uninstall.exe
AddRemove-07_Schorl - c:\program files\Samsung\USB Drivers\07_Schorl\Uninstall.exe
AddRemove-09_Hsp - c:\program files\Samsung\USB Drivers\09_Hsp\Uninstall.exe
AddRemove-11_HSP_Plus_Default - c:\program files\Samsung\USB Drivers\11_HSP_Plus_Default\Uninstall.exe
AddRemove-12_Symbian_USB_Download_Driver - c:\program files\Samsung\USB Drivers\12_Symbian_USB_Download_Driver\Uninstall.exe
AddRemove-15_Symbian_Samsung_PC_DLC_Driver - c:\program files\Samsung\USB Drivers\15_Symbian_Samsung_PC_DLC_Driver\Uninstall.exe
AddRemove-16_Shrewsbury - c:\program files\Samsung\USB Drivers\16_Shrewsbury\Uninstall.exe


.
--------------------- Gesperrte Registrierungsschluessel ---------------------

[HKEY_USERS\S-1-5-21-239202734-4043522191-3066779163-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
"??"=hex:2d,3e,1b,35,bc,cd,0f,0a,c6,73,dc,91,dc,42,de,8f,54,de,a0,f4,3d,80,b2,
  d2,22,f0,38,8f,a8,c7,1d,fd,5a,97,43,7f,5d,76,20,c6,9d,27,b2,d3,c4,14,da,97,\
"??"=hex:e5,ce,93,33,38,6e,29,51,7e,f6,c6,24,4f,f0,d7,31

[HKEY_USERS\S-1-5-21-239202734-4043522191-3066779163-1000\Software\SecuROM\License information*]
"datasecu"=hex:61,85,f9,d0,48,e5,7e,ee,e9,cf,e3,1e,40,e5,f6,7c,42,23,e4,96,3c,
  4b,71,fa,19,b3,bd,f4,5f,49,7a,ba,bb,38,df,5b,d5,01,07,2c,52,ab,a3,19,fc,6a,\
"rkeysecu"=hex:dd,5a,b5,21,90,9d,1a,a8,19,e7,cd,16,7c,fc,17,e2

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2010-11-17  16:26:20
ComboFix-quarantined-files.txt  2010-11-17 15:26

Vor Suchlauf: 10 Verzeichnis(se), 52.976.398.336 Bytes frei
Nach Suchlauf: 14 Verzeichnis(se), 52.496.814.080 Bytes frei

- - End Of File - - 5D3A9E9CB91F57261A717D2EA55BD33F
CCleaner hat keine Fehlermeldung ausgespuckt, beides sauber gelaufen.

Grüße & Danke

cosinus 17.11.2010 19:05
Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.


Downloade Dir danach bitte MBRCheck (by a_d_13) und speichere die Datei auf dem Desktop.
  • Doppelklick auf die MBRCheck.exe.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Das Tool braucht nur eine Sekunde.
  • Danach solltest du eine MBRCheck_<Datum>_<Uhrzeit>.txt auf dem Desktop finden.
Poste mir bitte den Inhalt des .txt Dokumentes

TrjPferd 18.11.2010 16:30
GMER
Code:
GMER 1.0.15.15530 - hxxp://www.gmer.net
Rootkit scan 2010-11-18 16:30:03
Windows 6.1.7600  Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T1L0-7 ST3160827AS rev.3.42
Running: gmer.exe; Driver: C:\Users\Julian\AppData\Local\Temp\uxryqpod.sys


---- System - GMER 1.0.15 ----

SSDT            96DE22E4                                                                                                            ZwCreateThread
SSDT            96DE22D0                                                                                                            ZwOpenProcess
SSDT            96DE22D5                                                                                                            ZwOpenThread
SSDT            96DE22DF                                                                                                            ZwTerminateProcess

---- Kernel code sections - GMER 1.0.15 ----

.text          ntkrnlpa.exe!ZwSaveKeyEx + 13AD                                                                                    82E4D599 1 Byte  [06]
.text          ntkrnlpa.exe!KiDispatchInterrupt + 5A2                                                                              82E71F52 19 Bytes  [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text          ntkrnlpa.exe!RtlSidHashLookup + 34C                                                                                82E7985C 4 Bytes  [E4, 22, DE, 96]
.text          ntkrnlpa.exe!RtlSidHashLookup + 4E8                                                                                82E799F8 4 Bytes  [D0, 22, DE, 96]
.text          ntkrnlpa.exe!RtlSidHashLookup + 508                                                                                82E79A18 4 Bytes  [D5, 22, DE, 96]
.text          ntkrnlpa.exe!RtlSidHashLookup + 7B8                                                                                82E79CC8 4 Bytes  [DF, 22, DE, 96]
?              System32\Drivers\spbu.sys                                                                                          Das System kann den angegebenen Pfad nicht finden. !
.text          USBPORT.SYS!DllUnload                                                                                              925B9CA0 5 Bytes  JMP 86AAA1D8
.text          aeylrkox.SYS                                                                                                        97234000 12 Bytes  [44, F8, 21, 83, EE, F6, 21, ...]
.text          aeylrkox.SYS                                                                                                        9723400D 9 Bytes  [D7, 21, 83, 48, FB, 21, 83, ...] {XLATB ; AND [EBX-0x7cde04b8], EAX; ADD [EAX], AL}
.text          aeylrkox.SYS                                                                                                        97234017 20 Bytes  [00, DE, 17, 53, 8B, E6, 15, ...]
.text          aeylrkox.SYS                                                                                                        9723402C 149 Bytes  [00, 00, 00, 00, D0, 81, E4, ...]
.text          aeylrkox.SYS                                                                                                        972340C3 8 Bytes  [00, 00, 00, 00, 00, 00, 00, ...] {ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL}
.text          ...                                                                                                               
.text          C:\Windows\system32\DRIVERS\atksgt.sys                                                                              section is writeable [0xA076D300, 0x3B638, 0xE8000020]
.text          C:\Windows\system32\DRIVERS\lirsgt.sys                                                                              section is writeable [0xA07B0300, 0x1BEE, 0xE8000020]

---- User code sections - GMER 1.0.15 ----

.text          C:\Programme\Mozilla Firefox\plugin-container.exe[2392] USER32.dll!TrackPopupMenu                                  75B94B3B 5 Bytes  JMP 6C295CF5 C:\Programme\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text          C:\Programme\Mozilla Firefox\firefox.exe[3320] ntdll.dll!LdrLoadDll                                                776BF625 5 Bytes  JMP 008213F0 C:\Programme\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation)

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT            \SystemRoot\system32\DRIVERS\atapi.sys[ataport.SYS!AtaPortReadPortUchar]                                            [8B435042] \SystemRoot\System32\Drivers\spbu.sys
IAT            \SystemRoot\system32\DRIVERS\atapi.sys[ataport.SYS!AtaPortWritePortUchar]                                          [8B4356D6] \SystemRoot\System32\Drivers\spbu.sys
IAT            \SystemRoot\system32\DRIVERS\atapi.sys[ataport.SYS!AtaPortWritePortBufferUshort]                                    [8B435800] \SystemRoot\System32\Drivers\spbu.sys
IAT            \SystemRoot\system32\DRIVERS\atapi.sys[ataport.SYS!AtaPortReadPortBufferUshort]                                    [8B43513E] \SystemRoot\System32\Drivers\spbu.sys
IAT            \SystemRoot\System32\Drivers\aeylrkox.SYS[ataport.SYS!AtaPortNotification]                                          00147880
IAT            \SystemRoot\System32\Drivers\aeylrkox.SYS[ataport.SYS!AtaPortQuerySystemTime]                                      78800C75
IAT            \SystemRoot\System32\Drivers\aeylrkox.SYS[ataport.SYS!AtaPortReadPortUchar]                                        06750015
IAT            \SystemRoot\System32\Drivers\aeylrkox.SYS[ataport.SYS!AtaPortStallExecution]                                        C25DC033
IAT            \SystemRoot\System32\Drivers\aeylrkox.SYS[ataport.SYS!AtaPortWritePortUchar]                                        458B0008
IAT            \SystemRoot\System32\Drivers\aeylrkox.SYS[ataport.SYS!AtaPortWritePortUlong]                                        6A006A08
IAT            \SystemRoot\System32\Drivers\aeylrkox.SYS[ataport.SYS!AtaPortGetPhysicalAddress]                                    50056A24
IAT            \SystemRoot\System32\Drivers\aeylrkox.SYS[ataport.SYS!AtaPortConvertPhysicalAddressToUlong]                        005AB7E8
IAT            \SystemRoot\System32\Drivers\aeylrkox.SYS[ataport.SYS!AtaPortGetScatterGatherList]                                  0001B800
IAT            \SystemRoot\System32\Drivers\aeylrkox.SYS[ataport.SYS!AtaPortGetParentBusType]                                      C25D0000
IAT            \SystemRoot\System32\Drivers\aeylrkox.SYS[ataport.SYS!AtaPortRequestCallback]                                      CCCC0008
IAT            \SystemRoot\System32\Drivers\aeylrkox.SYS[ataport.SYS!AtaPortWritePortBufferUshort]                                CCCCCCCC
IAT            \SystemRoot\System32\Drivers\aeylrkox.SYS[ataport.SYS!AtaPortGetUnCachedExtension]                                  CCCCCCCC
IAT            \SystemRoot\System32\Drivers\aeylrkox.SYS[ataport.SYS!AtaPortCompleteRequest]                                      CCCCCCCC
IAT            \SystemRoot\System32\Drivers\aeylrkox.SYS[ataport.SYS!AtaPortCopyMemory]                                            53EC8B55
IAT            \SystemRoot\System32\Drivers\aeylrkox.SYS[ataport.SYS!AtaPortEtwTraceLog]                                          800C5D8B
IAT            \SystemRoot\System32\Drivers\aeylrkox.SYS[ataport.SYS!AtaPortCompleteAllActiveRequests]                            7500117B
IAT            \SystemRoot\System32\Drivers\aeylrkox.SYS[ataport.SYS!AtaPortReleaseRequestSenseIrb]                                127B806A
IAT            \SystemRoot\System32\Drivers\aeylrkox.SYS[ataport.SYS!AtaPortBuildRequestSenseIrb]                                  80647500
IAT            \SystemRoot\System32\Drivers\aeylrkox.SYS[ataport.SYS!AtaPortReadPortBufferUshort]                                  7500137B
IAT            \SystemRoot\System32\Drivers\aeylrkox.SYS[ataport.SYS!AtaPortInitialize]                                            157B805E
IAT            \SystemRoot\System32\Drivers\aeylrkox.SYS[ataport.SYS!AtaPortGetDeviceBase]                                        56587500
IAT            \SystemRoot\System32\Drivers\aeylrkox.SYS[ataport.SYS!AtaPortDeviceStateChange]                                    8008758B

---- Devices - GMER 1.0.15 ----

Device          \FileSystem\Ntfs \Ntfs                                                                                              857811F8
Device          \FileSystem\fastfat \FatCdrom                                                                                      8782A1F8
Device          \Driver\volmgr \Device\VolMgrControl                                                                                8577D1F8
Device          \Driver\usbohci \Device\USBPDO-0                                                                                    869481F8
Device          \Driver\usbohci \Device\USBPDO-1                                                                                    869481F8
Device          \Driver\usbohci \Device\USBPDO-2                                                                                    869481F8
Device          \Driver\ACPI_HAL \Device\00000053                                                                                  halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)
Device          \Driver\usbohci \Device\USBPDO-3                                                                                    869481F8
Device          \Driver\usbohci \Device\USBPDO-4                                                                                    869481F8
Device          \Driver\usbehci \Device\USBPDO-5                                                                                    86A861F8
Device          \Driver\volmgr \Device\HarddiskVolume1                                                                              8577D1F8

AttachedDevice  \Driver\volmgr \Device\HarddiskVolume1                                                                              fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume1                                                                              rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)

Device          \Driver\cdrom \Device\CdRom0                                                                                        8680C500
Device          \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-2                                                                        8577F1F8
Device          \Driver\atapi \Device\Ide\IdePort0                                                                                  8577F1F8
Device          \Driver\atapi \Device\Ide\IdePort1                                                                                  8577F1F8
Device          \Driver\atapi \Device\Ide\IdePort2                                                                                  8577F1F8
Device          \Driver\atapi \Device\Ide\IdePort3                                                                                  8577F1F8
Device          \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-7                                                                        8577F1F8
Device          \Driver\cdrom \Device\CdRom1                                                                                        8680C500
Device          \Driver\NetBT \Device\NetBt_Wins_Export                                                                            868281F8
Device          \Driver\sptd \Device\3593724022                                                                                    spbu.sys
Device          \Driver\PCI_PNP0021 \Device\0000005c                                                                                spbu.sys
Device          \Driver\NetBT \Device\NetBT_Tcpip_{998A2711-7648-4EDA-B71B-A9E5D12787BD}                                            868281F8
Device          \Driver\usbohci \Device\USBFDO-0                                                                                    869481F8
Device          \Driver\usbohci \Device\USBFDO-1                                                                                    869481F8
Device          \Driver\usbohci \Device\USBFDO-2                                                                                    869481F8
Device          \Driver\usbohci \Device\USBFDO-3                                                                                    869481F8
Device          \Driver\usbohci \Device\USBFDO-4                                                                                    869481F8
Device          \Driver\usbehci \Device\USBFDO-5                                                                                    86A861F8
Device          \Driver\aeylrkox \Device\Scsi\aeylrkox1                                                                            86A40218
Device          \Driver\aeylrkox \Device\Scsi\aeylrkox1Port4Path0Target0Lun0                                                        86A40218
Device          \FileSystem\fastfat \Fat                                                                                            8782A1F8

AttachedDevice  \FileSystem\fastfat \Fat                                                                                            fltmgr.sys (Microsoft Dateisystem-Filter-Manager/Microsoft Corporation)

Device          \FileSystem\cdfs \Cdfs                                                                                              8686C1F8

---- Registry - GMER 1.0.15 ----

Reg            HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s1                                                                  771343423
Reg            HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s2                                                                  285507792
Reg            HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@h0                                                                  1
Reg            HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC                                   
Reg            HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0                                C:\Programme\DAEMON Tools Lite\
Reg            HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0                                0xD4 0xC3 0x97 0x02 ...
Reg            HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                0
Reg            HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                              0xA5 0x76 0x53 0xFE ...
Reg            HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001                         
Reg            HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0                        0x20 0x01 0x00 0x00 ...
Reg            HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12                    0x92 0xE0 0xE9 0x4A ...
Reg            HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0                     
Reg            HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12                0x4F 0xC5 0x27 0xD0 ...
Reg            HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1                     
Reg            HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12                0xBB 0x9E 0xB0 0x21 ...
Reg            HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)               
Reg            HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0                                    C:\Programme\DAEMON Tools Lite\
Reg            HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0                                    0xD4 0xC3 0x97 0x02 ...
Reg            HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                    0
Reg            HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                                  0xA5 0x76 0x53 0xFE ...
Reg            HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)     
Reg            HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0                            0x20 0x01 0x00 0x00 ...
Reg            HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12                        0x92 0xE0 0xE9 0x4A ...
Reg            HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet) 
Reg            HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12                    0x4F 0xC5 0x27 0xD0 ...
Reg            HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1 (not active ControlSet) 
Reg            HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12                    0xBB 0x9E 0xB0 0x21 ...

---- EOF - GMER 1.0.15 ----
Code:
Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 16:50:09 on 18.11.2010

OS: Windows 7 Ultimate Edition (Build 7600), 32-bit
Default Browser: Mozilla Corporation Firefox 3.6.12

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"nvcpl.cpl" - "NVIDIA Corporation" - C:\Windows\system32\nvcpl.cpl
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"Nero BurnRights" - "Nero AG" - C:\Programme\Nero\Nero 7\Nero Toolkit\NeroBurnRights.cpl
"QuickTime" - "Apple Inc." - C:\Programme\QuickTime\QTSystem\QuickTime.cpl

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"aeylrkox" (aeylrkox) - "Microsoft Corporation" - C:\Windows\system32\drivers\aeylrkox.sys  (Hidden registry entry, rootkit activity | File signed by Microsoft)
"atksgt" (atksgt) - ? - C:\Windows\System32\DRIVERS\atksgt.sys  (File found, but it contains no detailed information)
"avgio" (avgio) - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\avgio.sys
"avgntflt" (avgntflt) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avgntflt.sys
"avipbb" (avipbb) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avipbb.sys
"catchme" (catchme) - ? - C:\Users\Julian\AppData\Local\Temp\catchme.sys  (File not found)
"dgderdrv" (dgderdrv) - ? - C:\Windows\System32\drivers\dgderdrv.sys  (File not found)
"giveio" (giveio) - ? - C:\Windows\System32\giveio.sys  (File found, but it contains no detailed information)
"lirsgt" (lirsgt) - ? - C:\Windows\System32\DRIVERS\lirsgt.sys  (File found, but it contains no detailed information)
"Realtek Virtual Miniport Driver for Teaming (NDIS 6.0)" (TEAM) - ? - C:\Windows\System32\DRIVERS\RtTeam60.sys  (File not found)
"Realtek Virtual Miniport Driver for VLAN (NDIS 6.2)" (VLAN) - ? - C:\Windows\System32\DRIVERS\RtVLAN60.sys  (File not found)
"RivaTuner32" (RivaTuner32) - ? - C:\Programme\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner32.sys  (File found, but it contains no detailed information)
"Service for Realtek HD Audio (WDM)" (IntcAzAudAddService) - ? - C:\Windows\System32\drivers\RTKVHDA.sys  (File not found)
"speedfan" (speedfan) - "Windows (R) 2000 DDK provider" - C:\Windows\System32\speedfan.sys
"sptd" (sptd) - "Duplex Secure Ltd." - C:\Windows\System32\Drivers\sptd.sys  (File is exclusively opened, access blocked)
"ssmdrv" (ssmdrv) - "Avira GmbH" - C:\Windows\System32\DRIVERS\ssmdrv.sys
"uxryqpod" (uxryqpod) - ? - C:\Users\Julian\AppData\Local\Temp\uxryqpod.sys  (Hidden registry entry, rootkit activity | File not found)

[Explorer]
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" - ? - C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
-----( HKLM\Software\Classes\Protocols\Handler )-----
{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
{828030A1-22C1-4009-854F-8E305202313F} "livecall" - "Microsoft Corporation" - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll
{828030A1-22C1-4009-854F-8E305202313F} "msnim" - "Microsoft Corporation" - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )-----
{AEB6717E-7E19-11d0-97EE-00C04FD91972} "{AEB6717E-7E19-11d0-97EE-00C04FD91972}" - ? -  (File not found | COM-object registry key not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{23170F69-40C1-278A-1000-000100020000} "7-Zip Shell Extension" - "Igor Pavlov" - C:\Programme\7-Zip\7-zip.dll
{A70C977A-BF00-412C-90B7-034C51DA2439} "DesktopContext Class" - "NVIDIA Corporation" - C:\Windows\system32\nvcpl.dll
{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} "iTunes" - "Apple Inc." - C:\Programme\iTunes\iTunesMiniPlayer.dll
{97F68CE3-7146-45FF-BE24-D9A7DD7CB8A2} "NeroCoverEdLiveIcons Class" - "Nero AG" - C:\Programme\Nero\Nero 7\Nero CoverDesigner\CoverEdExtension.dll
{3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} "NVIDIA CPL Context Menu Extension" - "NVIDIA Corporation" - C:\Windows\system32\nvshext.dll
{FFB699E0-306A-11d3-8BD1-00104B6F7516} "NVIDIA CPL Extension" - "NVIDIA Corporation" - C:\Windows\system32\nvcpl.dll
{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "OpenOffice.org Column Handler" - ? - C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{087B3AE3-E237-4467-B8DB-5A38AB959AC9} "OpenOffice.org Infotip Handler" - ? - C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{63542C48-9552-494A-84F7-73AA6A7C99C1} "OpenOffice.org Property Sheet Handler" - ? - C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{3B092F0C-7696-40E3-A80F-68D74DA84210} "OpenOffice.org Thumbnail Viewer" - ? - C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\shlext.dll
{B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - "Alexander Roshal" - C:\Program Files\WinRAR\rarext.dll

[Internet Explorer]
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
ITBar7Height "ITBar7Height" - ? -  (File not found | COM-object registry key not found)
<binary data> "ITBar7Layout" - ? -  (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_17" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_17.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} "Java Plug-in 1.6.0_17" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_17.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_17" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_17.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
{D27CDB6E-AE6D-11CF-96B8-444553540000} "Shockwave Flash Object" - "Adobe Systems, Inc." - C:\Windows\system32\Macromed\Flash\Flash10c.ocx / hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
{140E4DF8-9E14-4A34-9577-C77561ED7883} "SysInfo Class" - "Husdawg, LLC" - C:\Programme\SystemRequirementsLab\srldetect_cyri_4.1.71.0.dll / hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.1.71.0.cab
{B8A48F42-30E1-48f8-AE87-7BD7C75DB8AA} "System Requirements Lab Class" - "Husdawg, LLC" - C:\Windows\Downloaded Program Files\sysreqlab_test.dll / hxxp://www.systemrequirementslab.com/srl_bin/sysreqlab_test.cab
{40F576AD-8680-4F9E-9490-99D069CD665F} "{40F576AD-8680-4F9E-9490-99D069CD665F}" - ? -  (File not found | COM-object registry key not found) / hxxp://srtest-cdn.systemrequirementslab.com.s3.amazonaws.com/bin/sysreqlabdetect.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
"ICQ6" - "ICQ, LLC." - C:\Program Files\ICQ6\ICQ6.5\ICQ.exe
"PartyPoker.com" - ? - C:\Programs\PartyGaming\PartyPoker\RunApp.exe  (File not found)
"PokerStars" - ? - C:\Program Files\Pokerstars\PokerStarsUpdate.exe  (File not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jp2ssv.dll
{9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live ID Sign-in Helper" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

[LSA Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Lsa )-----
"Security Packages" - "Microsoft Corporation" - C:\Windows\system32\livessp.dll

[Logon]
-----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\Users\Julian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----
"DAEMON Tools Lite" - "DT Soft Ltd" - "C:\Programme\DAEMON Tools Lite\DTLite.exe" -autorun
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"avgnt" - "Avira GmbH" - "C:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min
"RivaTunerStartupDaemon" - ? - "C:\Programme\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTunerWrapper.exe" /S
"ROUTE66Sync" - "ROUTE 66" - C:\Programme\ROUTE 66\ROUTE 66 Sync\Sync9Loader.exe -runinbackground

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"Apple Mobile Device" (Apple Mobile Device) - "Apple Inc." - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
"ASP.NET-Zustandsdienst" (aspnet_state) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
"Avira AntiVir Guard" (AntiVirService) - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\avguard.exe
"Avira AntiVir Planer" (AntiVirSchedulerService) - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\sched.exe
"Dienst "Bonjour"" (Bonjour Service) - "Apple Inc." - C:\Programme\Bonjour\mDNSResponder.exe
"iPod-Dienst" (iPod Service) - "Apple Inc." - C:\Programme\iPod\bin\iPodService.exe
"Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
"NMIndexingService" (NMIndexingService) - "Nero AG" - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
"NVIDIA Display Driver Service" (nvsvc) - "NVIDIA Corporation" - C:\Windows\system32\nvvsvc.exe
"NVIDIA Stereoscopic 3D Driver Service" (Stereo Service) - "NVIDIA Corporation" - C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
"PnkBstrA" (PnkBstrA) - ? - C:\Windows\system32\PnkBstrA.exe  (File found, but it contains no detailed information)
"ServiceLayer" (ServiceLayer) - "Nokia" - C:\Programme\PC Connectivity Solution\ServiceLayer.exe
"Steam Client Service" (Steam Client Service) - "Valve Corporation" - C:\Program Files\Common Files\Steam\SteamService.exe
"Windows Live ID Sign-in Assistant" (wlidsvc) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

[Winsock Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )-----
"mdnsNSP" - "Apple Inc." - C:\Programme\Bonjour\mdnsNSP.dll
"WindowsLive Local NSP" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL
"WindowsLive NSP" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL

===[ Logfile end ]=========================================[ Logfile end ]===

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru

cosinus 18.11.2010 19:29
Zitat:
"dgderdrv" (dgderdrv) - ? - C:\Windows\System32\drivers\dgderdrv.sys (File not found)
Bitte mit osam deaktivieren und löschen
Außerdem das Log vom mbrcheck noch posten

TrjPferd 18.11.2010 20:31
Code:
MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:                       
Windows Version:                Windows 7 Ultimate Edition
Windows Information:                (build 7600), 32-bit
Base Board Manufacturer:        Gigabyte Technology Co., Ltd.
BIOS Manufacturer:                Award Software International, Inc.
System Manufacturer:                Gigabyte Technology Co., Ltd.
System Product Name:                GA-MA790X-DS4
Logical Drives Mask:                0x0000001d

Kernel Drivers (total 206):
  0x82E3C000 \SystemRoot\system32\ntkrnlpa.exe
  0x82E05000 \SystemRoot\system32\halmacpi.dll
  0x80BA5000 \SystemRoot\system32\kdcom.dll
  0x8B227000 \SystemRoot\system32\mcupdate_AuthenticAMD.dll
  0x8B232000 \SystemRoot\system32\PSHED.dll
  0x8B243000 \SystemRoot\system32\BOOTVID.dll
  0x8B24B000 \SystemRoot\system32\CLFS.SYS
  0x8B28D000 \SystemRoot\system32\CI.dll
  0x8B338000 \SystemRoot\System32\Drivers\hjidhp.sys
  0x8B387000 \SystemRoot\system32\drivers\Wdf01000.sys
  0x8B200000 \SystemRoot\system32\drivers\WDFLDR.SYS
  0x8B437000 \SystemRoot\System32\Drivers\spwi.sys
  0x8B52A000 \SystemRoot\System32\Drivers\WMILIB.SYS
  0x8B533000 \SystemRoot\System32\Drivers\SCSIPORT.SYS
  0x8B559000 \SystemRoot\system32\DRIVERS\ACPI.sys
  0x8B5A1000 \SystemRoot\system32\DRIVERS\msisadrv.sys
  0x8B5A9000 \SystemRoot\system32\DRIVERS\vdrvroot.sys
  0x8B5B4000 \SystemRoot\system32\DRIVERS\pci.sys
  0x8B5DE000 \SystemRoot\System32\drivers\partmgr.sys
  0x8B5EF000 \SystemRoot\system32\DRIVERS\volmgr.sys
  0x8B630000 \SystemRoot\System32\drivers\volmgrx.sys
  0x8B67B000 \SystemRoot\system32\DRIVERS\pciide.sys
  0x8B682000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS
  0x8B690000 \SystemRoot\System32\drivers\mountmgr.sys
  0x8B6A6000 \SystemRoot\system32\DRIVERS\atapi.sys
  0x8B6AF000 \SystemRoot\system32\DRIVERS\ataport.SYS
  0x8B6D2000 \SystemRoot\system32\DRIVERS\amdxata.sys
  0x8B6DB000 \SystemRoot\system32\drivers\fltmgr.sys
  0x8B70F000 \SystemRoot\system32\drivers\fileinfo.sys
  0x8B823000 \SystemRoot\System32\Drivers\Ntfs.sys
  0x8B952000 \SystemRoot\System32\Drivers\msrpc.sys
  0x8B97D000 \SystemRoot\System32\Drivers\ksecdd.sys
  0x8B990000 \SystemRoot\System32\Drivers\cng.sys
  0x8B9ED000 \SystemRoot\System32\drivers\pcw.sys
  0x8B800000 \SystemRoot\System32\Drivers\Fs_Rec.sys
  0x8B720000 \SystemRoot\system32\drivers\ndis.sys
  0x8BA05000 \SystemRoot\system32\drivers\NETIO.SYS
  0x8BA43000 \SystemRoot\System32\Drivers\ksecpkg.sys
  0x8BA68000 \SystemRoot\System32\drivers\tcpip.sys
  0x8BBB1000 \SystemRoot\System32\drivers\fwpkclnt.sys
  0x8BBE2000 \SystemRoot\system32\DRIVERS\vmstorfl.sys
  0x8BC0E000 \SystemRoot\system32\DRIVERS\volsnap.sys
  0x8BC4D000 \SystemRoot\System32\Drivers\spldr.sys
  0x8BC55000 \SystemRoot\system32\speedfan.sys
  0x8BC57000 \SystemRoot\System32\drivers\rdyboost.sys
  0x8BC84000 \SystemRoot\System32\Drivers\mup.sys
  0x8BC94000 \SystemRoot\System32\drivers\hwpolicy.sys
  0x8BC9C000 \SystemRoot\system32\giveio.sys
  0x8BC9D000 \SystemRoot\System32\DRIVERS\fvevol.sys
  0x8BCCF000 \SystemRoot\system32\DRIVERS\disk.sys
  0x8BCE0000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
  0x8BD05000 \SystemRoot\system32\DRIVERS\AtiPcie.sys
  0x8BD3F000 \SystemRoot\system32\DRIVERS\cdrom.sys
  0x8BD5E000 \SystemRoot\System32\Drivers\Null.SYS
  0x8BD65000 \SystemRoot\System32\Drivers\Beep.SYS
  0x8BD6C000 \SystemRoot\System32\drivers\vga.sys
  0x8BD78000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
  0x8BD99000 \SystemRoot\System32\drivers\watchdog.sys
  0x8BDA6000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
  0x8BDAE000 \SystemRoot\system32\drivers\rdpencdd.sys
  0x8BDB6000 \SystemRoot\system32\drivers\rdprefmp.sys
  0x8BDBE000 \SystemRoot\System32\Drivers\Msfs.SYS
  0x8BDC9000 \SystemRoot\System32\Drivers\Npfs.SYS
  0x8BDD7000 \SystemRoot\system32\DRIVERS\tdx.sys
  0x8BDEE000 \SystemRoot\system32\DRIVERS\TDI.SYS
  0x90A0B000 \SystemRoot\system32\drivers\afd.sys
  0x90A65000 \SystemRoot\System32\DRIVERS\netbt.sys
  0x90A97000 \SystemRoot\system32\DRIVERS\wfplwf.sys
  0x90A9E000 \SystemRoot\system32\DRIVERS\pacer.sys
  0x90ABD000 \SystemRoot\system32\DRIVERS\vwififlt.sys
  0x90ACE000 \SystemRoot\system32\DRIVERS\netbios.sys
  0x90ADC000 \SystemRoot\system32\DRIVERS\serial.sys
  0x90AF6000 \SystemRoot\system32\DRIVERS\wanarp.sys
  0x90B09000 \SystemRoot\system32\DRIVERS\termdd.sys
  0x90B19000 \SystemRoot\system32\DRIVERS\ssmdrv.sys
  0x90B1F000 \SystemRoot\system32\DRIVERS\rdbss.sys
  0x90B60000 \SystemRoot\system32\drivers\nsiproxy.sys
  0x90B6A000 \SystemRoot\system32\DRIVERS\mssmbios.sys
  0x90B74000 \SystemRoot\System32\drivers\discache.sys
  0x90B80000 \SystemRoot\system32\drivers\csc.sys
  0x90BE4000 \SystemRoot\System32\Drivers\dfsc.sys
  0x8BC00000 \SystemRoot\system32\DRIVERS\blbdrive.sys
  0x8B7D7000 \SystemRoot\system32\DRIVERS\avipbb.sys
  0x90BFC000 \??\C:\Programme\Avira\AntiVir Desktop\avgio.sys
  0x8B600000 \SystemRoot\system32\DRIVERS\tunnel.sys
  0x8BBEB000 \SystemRoot\system32\DRIVERS\amdppm.sys
  0x90A00000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
  0x90E0B000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
  0x91889000 \SystemRoot\system32\DRIVERS\nvBridge.kmd
  0x9188B000 \SystemRoot\System32\drivers\dxgkrnl.sys
  0x91942000 \SystemRoot\System32\drivers\dxgmms1.sys
  0x9197B000 \SystemRoot\system32\DRIVERS\usbohci.sys
  0x91985000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
  0x919D0000 \SystemRoot\system32\DRIVERS\usbehci.sys
  0x919DF000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
  0x8B400000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
  0x96807000 \SystemRoot\system32\DRIVERS\DLKRT32.sys
  0x96833000 \SystemRoot\system32\DRIVERS\1394ohci.sys
  0x9685F000 \SystemRoot\System32\Drivers\avkomed1.SYS
  0x96898000 \SystemRoot\system32\DRIVERS\fdc.sys
  0x968A3000 \SystemRoot\system32\DRIVERS\serenum.sys
  0x968AD000 \SystemRoot\system32\DRIVERS\parport.sys
  0x968C5000 \SystemRoot\system32\DRIVERS\i8042prt.sys
  0x968DD000 \SystemRoot\system32\DRIVERS\kbdclass.sys
  0x968EA000 \SystemRoot\system32\DRIVERS\CompositeBus.sys
  0x968F7000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
  0x96909000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
  0x96921000 \SystemRoot\system32\DRIVERS\ndistapi.sys
  0x9692C000 \SystemRoot\system32\DRIVERS\ndiswan.sys
  0x9694E000 \SystemRoot\system32\DRIVERS\raspppoe.sys
  0x96966000 \SystemRoot\system32\DRIVERS\raspptp.sys
  0x9697D000 \SystemRoot\system32\DRIVERS\rassstp.sys
  0x96994000 \SystemRoot\system32\DRIVERS\rdpbus.sys
  0x9699E000 \SystemRoot\system32\DRIVERS\mouclass.sys
  0x969AB000 \SystemRoot\system32\DRIVERS\swenum.sys
  0x969AD000 \SystemRoot\system32\DRIVERS\ks.sys
  0x969E1000 \SystemRoot\system32\DRIVERS\umbus.sys
  0x96C0B000 \SystemRoot\system32\DRIVERS\usbhub.sys
  0x96C4F000 \SystemRoot\system32\DRIVERS\flpydisk.sys
  0x96C59000 \SystemRoot\System32\Drivers\NDProxy.SYS
  0x96C6A000 \SystemRoot\system32\drivers\HdAudio.sys
  0x96CBA000 \SystemRoot\system32\drivers\portcls.sys
  0x96CE9000 \SystemRoot\system32\drivers\drmk.sys
  0x98670000 \SystemRoot\System32\win32k.sys
  0x96D02000 \SystemRoot\System32\drivers\Dxapi.sys
  0x96D0C000 \SystemRoot\system32\DRIVERS\usbccgp.sys
  0x96D23000 \SystemRoot\system32\DRIVERS\USBD.SYS
  0x9FA0F000 \SystemRoot\system32\DRIVERS\lvuvc.sys
  0xA007F000 \SystemRoot\system32\drivers\usbaudio.sys
  0xA00D3000 \SystemRoot\system32\DRIVERS\monitor.sys
  0xA00DE000 \SystemRoot\system32\DRIVERS\hidusb.sys
  0xA00E9000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
  0xA00FC000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
  0xA0103000 \SystemRoot\system32\DRIVERS\mouhid.sys
  0xA010E000 \SystemRoot\system32\DRIVERS\kbdhid.sys
  0x988D0000 \SystemRoot\System32\TSDDD.dll
  0x98900000 \SystemRoot\System32\cdd.dll
  0xA011A000 \SystemRoot\system32\drivers\luafv.sys
  0xA0135000 \SystemRoot\system32\DRIVERS\avgntflt.sys
  0xA0149000 \SystemRoot\system32\drivers\WudfPf.sys
  0xA0163000 \SystemRoot\system32\DRIVERS\cdfs.sys
  0xA0179000 \SystemRoot\System32\Drivers\crashdmp.sys
  0xA0186000 \SystemRoot\System32\Drivers\dump_dumpata.sys
  0xA0191000 \SystemRoot\System32\Drivers\dump_atapi.sys
  0xA019A000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
  0xA01AB000 \SystemRoot\system32\DRIVERS\lltdio.sys
  0x96D25000 \SystemRoot\system32\DRIVERS\nwifi.sys
  0xA01BB000 \SystemRoot\system32\DRIVERS\ndisuio.sys
  0xA01CB000 \SystemRoot\system32\DRIVERS\rspndr.sys
  0x96D6B000 \SystemRoot\system32\drivers\HTTP.sys
  0xA01DE000 \SystemRoot\system32\DRIVERS\bowser.sys
  0xA0093000 \SystemRoot\System32\drivers\mpsdrv.sys
  0xA00A5000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
  0xA0420000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
  0xA045B000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
  0xA0476000 \SystemRoot\system32\DRIVERS\parvdm.sys
  0xA047D000 \SystemRoot\system32\DRIVERS\atksgt.sys
  0xA04C0000 \SystemRoot\system32\DRIVERS\lirsgt.sys
  0xA04C5000 \SystemRoot\system32\drivers\peauth.sys
  0xA055C000 \SystemRoot\System32\Drivers\secdrv.SYS
  0xA0566000 \SystemRoot\System32\DRIVERS\srvnet.sys
  0xA0587000 \SystemRoot\System32\drivers\tcpipreg.sys
  0xA0594000 \SystemRoot\System32\DRIVERS\srv2.sys
  0xA1A16000 \SystemRoot\System32\DRIVERS\srv.sys
  0xA1A67000 \??\C:\Programme\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner32.sys
  0xA1A6A000 \SystemRoot\System32\Drivers\fastfat.SYS
  0x77CB0000 \Windows\System32\ntdll.dll
  0x48090000 \Windows\System32\smss.exe
  0x77EF0000 \Windows\System32\apisetschema.dll
  0x00620000 \Windows\System32\autochk.exe
  0x10000000 \Program Files\DAEMON Tools Lite\Engine.dll
  0x77B50000 \Windows\System32\ole32.dll
  0x77E50000 \Windows\System32\oleaut32.dll
  0x77E40000 \Windows\System32\psapi.dll
  0x77E10000 \Windows\System32\imagehlp.dll
  0x77A10000 \Windows\System32\urlmon.dll
  0x779B0000 \Windows\System32\difxapi.dll
  0x77970000 \Windows\System32\ws2_32.dll
  0x77770000 \Windows\System32\iertutil.dll
  0x77DF0000 \Windows\System32\imm32.dll
  0x776C0000 \Windows\System32\msvcrt.dll
  0x76A70000 \Windows\System32\shell32.dll
  0x769C0000 \Windows\System32\rpcrt4.dll
  0x76970000 \Windows\System32\Wldap32.dll
  0x768E0000 \Windows\System32\clbcatq.dll
  0x768C0000 \Windows\System32\sechost.dll
  0x767F0000 \Windows\System32\user32.dll
  0x767A0000 \Windows\System32\gdi32.dll
  0x76700000 \Windows\System32\usp10.dll
  0x76630000 \Windows\System32\msctf.dll
  0x76620000 \Windows\System32\normaliz.dll
  0x765C0000 \Windows\System32\shlwapi.dll
  0x765B0000 \Windows\System32\lpk.dll
  0x76530000 \Windows\System32\comdlg32.dll
  0x76390000 \Windows\System32\setupapi.dll
  0x762F0000 \Windows\System32\advapi32.dll
  0x76210000 \Windows\System32\kernel32.dll
  0x76200000 \Windows\System32\nsi.dll
  0x76100000 \Windows\System32\wininet.dll
  0x760B0000 \Windows\System32\KernelBase.dll
  0x76090000 \Windows\System32\devobj.dll
  0x76000000 \Windows\System32\comctl32.dll
  0x75FD0000 \Windows\System32\wintrust.dll
  0x75EB0000 \Windows\System32\crypt32.dll
  0x75E80000 \Windows\System32\cfgmgr32.dll
  0x75E70000 \Windows\System32\msasn1.dll

Processes (total 50):
      0 System Idle Process
      4 System
    272 C:\Windows\System32\smss.exe
    364 csrss.exe
    440 C:\Windows\System32\wininit.exe
    452 csrss.exe
    488 C:\Windows\System32\services.exe
    512 C:\Windows\System32\lsass.exe
    520 C:\Windows\System32\lsm.exe
    580 C:\Windows\System32\winlogon.exe
    680 C:\Windows\System32\svchost.exe
    760 C:\Windows\System32\nvvsvc.exe
    800 C:\Windows\System32\svchost.exe
    940 C:\Windows\System32\svchost.exe
    972 C:\Windows\System32\svchost.exe
    1012 C:\Windows\System32\svchost.exe
    1076 C:\Windows\System32\audiodg.exe
    1144 C:\Windows\System32\svchost.exe
    1308 C:\Windows\System32\svchost.exe
    1404 C:\Windows\System32\nvvsvc.exe
    1484 C:\Windows\System32\spoolsv.exe
    1512 C:\Program Files\Avira\AntiVir Desktop\sched.exe
    1532 C:\Windows\System32\svchost.exe
    1664 C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    1692 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    1720 C:\Program Files\Bonjour\mDNSResponder.exe
    1784 C:\Windows\System32\PnkBstrA.exe
    1816 C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    1860 C:\Windows\System32\svchost.exe
    2012 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
    372 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
    1276 C:\Windows\System32\taskhost.exe
    1348 C:\Windows\System32\dwm.exe
    1208 C:\Windows\explorer.exe
    2444 C:\Program Files\ROUTE 66\ROUTE 66 Sync\Sync9Loader.exe
    2472 C:\Program Files\DAEMON Tools Lite\DTLite.exe
    2584 C:\Windows\System32\SearchIndexer.exe
    3116 C:\Program Files\Windows Media Player\wmpnetwk.exe
    3156 C:\Program Files\Mozilla Firefox\firefox.exe
    3232 C:\Windows\System32\svchost.exe
    3404 WmiPrvSE.exe
    3856 C:\Windows\System32\SearchProtocolHost.exe
    3896 C:\Windows\System32\svchost.exe
    3924 C:\Windows\System32\SearchFilterHost.exe
    1552 C:\Program Files\Mozilla Firefox\plugin-container.exe
    2328 dllhost.exe
    3104 C:\Users\Julian\Downloads\MBRCheck.exe
    3052 C:\Windows\System32\conhost.exe
    3076 C:\Windows\System32\dllhost.exe
    3612 C:\Program Files\Windows NT\Accessories\wordpad.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`06500000  (NTFS)

PhysicalDrive0 Model Number: ST3160827AS, Rev: 3.42   

      Size  Device Name          MBR Status
  --------------------------------------------
    149 GB  \\.\PhysicalDrive0  Windows 7 MBR code detected
            SHA1: -


Done!
Den Windows 7 MBR Code hab ich mal zensiert.

TrjPferd 18.11.2010 20:44
Eben meldet Avira: Im Firefox\Profiles\...B4.... wurde ein HTML Scriptvirus mit dem Erkennungsmuster HTML/Crypted Gen gefunden. Hab jetzt mal den Zugriff verweigert.

cosinus 18.11.2010 20:54
Hast den Eintrag mit OSAM gefixt?

TrjPferd 18.11.2010 21:17
Ja habe ich, nach der Anleitung im Link, halt den von dir genannten ;)

cosinus 18.11.2010 21:39
Dann mach jetzt bitte zur Kontrolle Vollscans mit Malwarebytes und SASW und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!


Alle Zeitangaben in WEZ +1. Es ist jetzt 12:15 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132