| |
| |||||||
Log-Analyse und Auswertung: Windows aus Sicherheitsgründen gesperrt- Zahlungaufforderung 50€Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
24.04.2012, 20:35
| #16 | |
| /// Winkelfunktion /// TB-Süch-Tiger™   |  Windows aus Sicherheitsgründen gesperrt- Zahlungaufforderung 50€ Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat! Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
25.04.2012, 20:18
| #17 |
 | Windows aus Sicherheitsgründen gesperrt- Zahlungaufforderung 50€ Okay die Combofix tet
__________________Combofix Logfile: Code:
ATTFilter ComboFix 12-04-25.02 - Sven Bruns 25.04.2012 21:01:37.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.49.1031.18.3066.2008 [GMT 2:00]
ausgeführt von:: c:\users\Sven Bruns\Downloads\ComboFix.exe
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\users\Sven Bruns\AppData\Roaming\Mozilla\Firefox\Profiles\0nx00ne6.default\weave\toFetch
c:\users\Sven Bruns\AppData\Roaming\Mozilla\Firefox\Profiles\0nx00ne6.default\weave\toFetch\clients.json
c:\users\Sven Bruns\AppData\Roaming\Mozilla\Firefox\Profiles\0nx00ne6.default\weave\toFetch\tabs.json
c:\users\Sven Bruns\AppData\Roaming\Uninstal.exe
c:\windows\IsUn0407.exe
c:\windows\system32\urttemp
c:\windows\system32\urttemp\regtlib.exe
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-03-25 bis 2012-04-25 ))))))))))))))))))))))))))))))
.
.
2074-05-07 17:38 . 2006-11-21 19:48 203576 ------w- c:\program files\Microsoft Games\Age of Empires III\autopatcher2.exe
2012-04-25 19:12 . 2012-04-25 19:12 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-04-25 19:12 . 2012-04-25 19:12 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-04-25 18:55 . 2012-04-25 18:55 111 ----a-w- C:\user.js
2012-04-25 18:55 . 2012-04-25 18:55 -------- d-----w- c:\program files\Softonic
2012-04-25 18:52 . 2012-04-25 18:52 -------- d-----w- c:\program files\Common Files\Blizzard Entertainment
2012-04-25 18:44 . 2012-04-25 18:44 -------- d-----w- c:\program files\Mozilla Maintenance Service
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-15 21:53 . 2011-06-05 19:17 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-03-22 19:12 . 2012-03-22 19:12 4435968 ----a-w- c:\windows\system32\GPhotos.scr
2012-02-15 17:06 . 2011-10-16 12:05 137416 ----a-w- c:\windows\system32\drivers\avipbb.sys
2012-01-31 17:15 . 2012-02-13 14:18 4659712 ----a-w- c:\windows\system32\Redemption.dll
2012-01-31 17:15 . 2012-01-31 17:15 90112 ----a-w- c:\windows\MAMCityDownload.ocx
2012-01-31 17:15 . 2012-01-31 17:15 49152 ----a-w- c:\windows\system32\MaJGUILib.dll
2012-01-31 17:15 . 2012-01-31 17:15 45056 ----a-w- c:\windows\system32\MaXMLProto.dll
2012-01-31 17:15 . 2012-01-31 17:15 40960 ----a-w- c:\windows\system32\MTTELECHIP.dll
2012-01-31 17:15 . 2012-01-31 17:15 325552 ----a-w- c:\windows\MASetupCaller.dll
2012-01-31 17:15 . 2012-01-31 17:15 30568 ----a-w- c:\windows\MusiccityDownload.exe
2012-01-31 17:15 . 2012-01-31 17:15 200704 ----a-w- c:\windows\system32\muzwmts.dll
2012-01-31 17:15 . 2012-01-31 17:15 135168 ----a-w- c:\windows\system32\muzaf1.dll
2012-01-31 17:15 . 2012-01-31 17:15 122880 ----a-w- c:\windows\system32\muzeffect.ax
2012-01-31 17:15 . 2012-01-31 17:15 118784 ----a-w- c:\windows\system32\MaDRM.dll
2012-01-31 17:15 . 2012-01-31 17:15 110592 ----a-w- c:\windows\system32\muzmp4sp.ax
2012-01-31 17:15 . 2012-02-13 14:17 821824 ----a-w- c:\windows\system32\dgderapi.dll
2012-01-31 17:15 . 2012-02-13 14:17 20032 ----a-w- c:\windows\system32\drivers\dgderdrv.sys
2012-01-31 17:15 . 2012-01-31 17:15 974848 ----a-w- c:\windows\system32\cis-2.4.dll
2012-01-31 17:15 . 2012-01-31 17:15 81920 ----a-w- c:\windows\system32\issacapi_bs-2.3.dll
2012-01-31 17:15 . 2012-01-31 17:15 65536 ----a-w- c:\windows\system32\issacapi_pe-2.3.dll
2012-01-31 17:15 . 2012-01-31 17:15 57344 ----a-w- c:\windows\system32\MTXSYNCICON.dll
2012-01-31 17:15 . 2012-01-31 17:15 57344 ----a-w- c:\windows\system32\MK_Lyric.dll
2012-01-31 17:15 . 2012-01-31 17:15 57344 ----a-w- c:\windows\system32\issacapi_se-2.3.dll
2012-01-31 17:15 . 2012-01-31 17:15 569344 ----a-w- c:\windows\system32\muzdecode.ax
2012-01-31 17:15 . 2012-01-31 17:15 491520 ----a-w- c:\windows\system32\muzapp.dll
2012-01-31 17:15 . 2012-01-31 17:15 45056 ----a-w- c:\windows\system32\MACXMLProto.dll
2012-01-31 17:15 . 2012-01-31 17:15 40960 ----a-w- c:\windows\system32\MAMACExtract.dll
2012-01-31 17:15 . 2012-01-31 17:15 352256 ----a-w- c:\windows\system32\MSLUR71.dll
2012-01-31 17:15 . 2012-01-31 17:15 258048 ----a-w- c:\windows\system32\muzoggsp.ax
2012-01-31 17:15 . 2012-01-31 17:15 245760 ----a-w- c:\windows\system32\MSCLib.dll
2012-01-31 17:15 . 2012-01-31 17:15 24576 ----a-w- c:\windows\system32\MASetupCleaner.exe
2012-01-31 17:15 . 2012-01-31 17:15 172032 ----a-w- c:\windows\system32\muzapp.exe
2012-01-31 17:15 . 2012-01-31 17:15 155648 ----a-w- c:\windows\system32\MSFLib.dll
2012-01-31 17:15 . 2012-01-31 17:15 143360 ----a-w- c:\windows\system32\3DAudio.ax
2012-01-31 17:15 . 2012-01-31 17:15 131072 ----a-w- c:\windows\system32\muzmpgsp.ax
2012-01-31 17:15 . 2009-04-26 08:44 319456 ----a-w- c:\windows\system32\DIFxAPI.dll
2012-04-25 18:44 . 2011-07-04 12:26 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E87806B5-E908-45FD-AF5E-957D83E58E68}]
2012-03-15 13:57 242384 ----a-w- c:\program files\Softonic\Softonic\1.5.21.0\bh\Softonic.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{5018CFD2-804D-4C99-9F81-25EAEA2769DE}"= "c:\program files\Softonic\Softonic\1.5.21.0\SoftonicTlbr.dll" [2012-03-15 250576]
.
[HKEY_CLASSES_ROOT\clsid\{5018cfd2-804d-4c99-9f81-25eaea2769de}]
[HKEY_CLASSES_ROOT\Softonic.dskBnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}]
[HKEY_CLASSES_ROOT\Softonic.dskBnd]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ProductReg"="c:\program files\Acer\WR_PopUp\ProductReg.exe" [2008-11-17 135168]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
"KiesHelper"="c:\program files\Samsung\Kies\KiesHelper.exe" [2012-02-03 943504]
"KiesPDLR"="c:\program files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" [2012-03-01 21416]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-02-11 186904]
"cAudioFilterAgent"="c:\program files\Conexant\cAudioFilterAgent\cAudioFilterAgent.exe" [2008-11-05 474168]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-03-05 1434920]
"LManager"="c:\program files\Launch Manager\LManager.exe" [2009-03-05 805384]
"Acer ePower Management"="c:\program files\Acer\Acer ePower Management\ePowerTray.exe" [2009-04-03 698912]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-10-11 258512]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-01 59240]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-01-03 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-12-08 421736]
"KiesTrayAgent"="c:\program files\Samsung\Kies\KiesTrayAgent.exe" [2012-02-03 3508624]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\4StoryPrePatch]
2010-11-01 17:45 319488 ----a-w- c:\program files\Gameforge4D\4Story\PrePatch.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-12-08 00:36 421736 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2008-12-02 20:39 3882312 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2011-06-09 12:06 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-15 253088]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Inhalt des "geplante Tasks" Ordners
.
2012-04-25 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-30 21:53]
.
2012-04-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-10 23:11]
.
2012-04-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-10 23:11]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page =
uDefault_Search_URL =
mStart Page =
uSearchAssistant =
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Free YouTube to Mp3 Converter - c:\users\Sven Bruns\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: {{77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - c:\program files\ICQ7.7\ICQ.exe
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 192.168.1.1
DPF: {C212D449-8B3C-41F2-BD9A-047BD770550F} - hxxp://operation7.fiaa.eu/OPLauncher.cab
FF - ProfilePath - c:\users\Sven Bruns\AppData\Roaming\Mozilla\Firefox\Profiles\0nx00ne6.default\
FF - prefs.js: browser.search.selectedEngine -
FF - prefs.js: browser.startup.homepage - hxxps://www.google.de/
FF - user.js: extensions.Softonic.rvrtMsg - Click Yes to keep current home page and default search settings, Click No to restore original settings
FF - user.js: extensions.Softonic.autoRvrt - false
FF - user.js: extensions.Softonic_i.newTab - false
FF - user.js: extensions.Softonic.tlbrSrchUrl - hxxp://search.softonic.com/MON1204T11/tb_v1?SearchSource=1&cc=&q=
FF - user.js: extensions.Softonic.id - a03fb7820000000000000c6076313ecc
FF - user.js: extensions.Softonic.instlDay - 15455
FF - user.js: extensions.Softonic.vrsn - 1.5.21.0
FF - user.js: extensions.Softonic.vrsni - 1.5.21.0
FF - user.js: extensions.Softonic_i.vrsnTs - 1.5.21.020:55
FF - user.js: extensions.Softonic.prtnrId - softonic
FF - user.js: extensions.Softonic.prdct - Softonic
FF - user.js: extensions.Softonic.aflt - SD
FF - user.js: extensions.Softonic_i.smplGrp - none
FF - user.js: extensions.Softonic.tlbrId - base
FF - user.js: extensions.Softonic.instlRef - MON1204T11
FF - user.js: extensions.Softonic.dfltLng - de
FF - user.js: extensions.Softonic.excTlbr - false
FF - user.js: extensions.Softonic.admin - false
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKCU-Run-MediaGet2 - c:\users\Sven Bruns\AppData\Local\MediaGet2\mediaget.exe
HKLM-Run-Ocs_SM - c:\users\Sven Bruns\AppData\Roaming\OCS\SM\SearchAnonymizer.exe
SafeBoot-mcmscsvc
SafeBoot-MCODS
MSConfigStartUp-ICQ - c:\program files\ICQ7.5\ICQ.exe
MSConfigStartUp-QuickTime Task - c:\program files\QuickTime\QTTask.exe
AddRemove-Minecraft 1.2.0_02 - c:\users\Sven Bruns\AppData\Roaming\Uninstal.exe
AddRemove-SearchAnonymizer - c:\users\Sven Bruns\AppData\Roaming\OCS\SM\SearchAnonymizer.exe
AddRemove-01_Simmental - c:\program files\Samsung\USB Drivers\01_Simmental\Uninstall.exe
AddRemove-02_Siberian - c:\program files\Samsung\USB Drivers\02_Siberian\Uninstall.exe
AddRemove-03_Swallowtail - c:\program files\Samsung\USB Drivers\03_Swallowtail\Uninstall.exe
AddRemove-04_semseyite - c:\program files\Samsung\USB Drivers\04_semseyite\Uninstall.exe
AddRemove-05_Sloan - c:\program files\Samsung\USB Drivers\05_Sloan\Uninstall.exe
AddRemove-06_Spencer - c:\program files\Samsung\USB Drivers\06_Spencer\Uninstall.exe
AddRemove-07_Schorl - c:\program files\Samsung\USB Drivers\07_Schorl\Uninstall.exe
AddRemove-08_EMPChipset - c:\program files\Samsung\USB Drivers\08_EMPChipset\Uninstall.exe
AddRemove-09_Hsp - c:\program files\Samsung\USB Drivers\09_Hsp\Uninstall.exe
AddRemove-11_HSP_Plus_Default - c:\program files\Samsung\USB Drivers\11_HSP_Plus_Default\Uninstall.exe
AddRemove-16_Shrewsbury - c:\program files\Samsung\USB Drivers\16_Shrewsbury\Uninstall.exe
AddRemove-17_EMP_Chipset2 - c:\program files\Samsung\USB Drivers\17_EMP_Chipset2\Uninstall.exe
AddRemove-18_Zinia_Serial_Driver - c:\program files\Samsung\USB Drivers\18_Zinia_Serial_Driver\Uninstall.exe
AddRemove-19_VIA_driver - c:\program files\Samsung\USB Drivers\19_VIA_driver\Uninstall.exe
AddRemove-20_NXP_Driver - c:\program files\Samsung\USB Drivers\20_NXP_Driver\Uninstall.exe
AddRemove-21_Searsburg - c:\program files\Samsung\USB Drivers\21_Searsburg\Uninstall.exe
AddRemove-22_WiBro_WiMAX - c:\program files\Samsung\USB Drivers\22_WiBro_WiMAX\Uninstall.exe
AddRemove-24_flashusbdriver - c:\program files\Samsung\USB Drivers\24_flashusbdriver\Uninstall.exe
AddRemove-25_escape - c:\program files\Samsung\USB Drivers\25_escape\Uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2012-04-25 21:12
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-1899564752-3391272897-2100108512-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
"??"=hex:5a,0c,62,98,3e,9d,8e,d7,c5,b2,40,62,46,b4,6a,08,af,e2,98,6f,22,e8,14,
f1,31,d8,2a,38,5f,70,30,f9,e1,e1,22,e9,f2,f2,14,fb,b0,4b,a1,9d,96,5f,56,1c,\
"??"=hex:b9,03,eb,50,79,e1,2e,2c,2e,24,7f,2b,a0,c2,0b,8f
.
[HKEY_USERS\S-1-5-21-1899564752-3391272897-2100108512-1003\Software\SecuROM\License information*]
"datasecu"=hex:d1,72,69,78,9d,0b,15,50,34,54,c6,e7,ac,58,18,a3,c3,49,f9,8c,48,
e8,92,11,51,1f,bf,a4,8e,d1,90,97,ca,f7,91,a0,95,6b,90,9f,51,1c,57,9a,45,d3,\
"rkeysecu"=hex:bb,c8,f2,f8,0a,59,09,8b,00,a3,e5,0c,84,45,b7,b3
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Zeit der Fertigstellung: 2012-04-25 21:16:03
ComboFix-quarantined-files.txt 2012-04-25 19:15
.
Vor Suchlauf: 23 Verzeichnis(se), 191.504.695.296 Bytes frei
Nach Suchlauf: 29 Verzeichnis(se), 191.428.112.384 Bytes frei
.
- - End Of File - - 9D135F640071102A507E27C6E707BFED
|
|
25.04.2012, 20:45
| #18 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Windows aus Sicherheitsgründen gesperrt- Zahlungaufforderung 50€ Combofix - Scripten
__________________1. Starte das Notepad (Start / Ausführen / notepad[Enter]) 2. Jetzt füge mit copy/paste den ganzen Inhalt der untenstehenden Codebox in das Notepad Fenster ein. Code:
ATTFilter File::
C:\user.js
Folder::
c:\program files\Softonic
Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E87806B5-E908-45FD-AF5E-957D83E58E68}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{5018CFD2-804D-4C99-9F81-25EAEA2769DE}"=-
[-HKEY_CLASSES_ROOT\clsid\{5018cfd2-804d-4c99-9f81-25eaea2769de}]
[-HKEY_CLASSES_ROOT\Softonic.dskBnd.1]
[-HKEY_CLASSES_ROOT\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}]
[-HKEY_CLASSES_ROOT\Softonic.dskBnd]
Firefox::
FF - ProfilePath - c:\users\Sven Bruns\AppData\Roaming\Mozilla\Firefox\Profiles\0nx00ne6.default\
FF - user.js: extensions.Softonic.rvrtMsg - Click Yes to keep current home page and default search settings, Click No to restore original settings
FF - user.js: extensions.Softonic.autoRvrt - false
FF - user.js: extensions.Softonic_i.newTab - false
FF - user.js: extensions.Softonic.tlbrSrchUrl - http://search.softonic.com/MON1204T11/tb_v1?SearchSource=1&cc=&q=
FF - user.js: extensions.Softonic.id - a03fb7820000000000000c6076313ecc
FF - user.js: extensions.Softonic.instlDay - 15455
FF - user.js: extensions.Softonic.vrsn - 1.5.21.0
FF - user.js: extensions.Softonic.vrsni - 1.5.21.0
FF - user.js: extensions.Softonic_i.vrsnTs - 1.5.21.020:55
FF - user.js: extensions.Softonic.prtnrId - softonic
FF - user.js: extensions.Softonic.prdct - Softonic
FF - user.js: extensions.Softonic.aflt - SD
FF - user.js: extensions.Softonic_i.smplGrp - none
FF - user.js: extensions.Softonic.tlbrId - base
FF - user.js: extensions.Softonic.instlRef - MON1204T11
FF - user.js: extensions.Softonic.dfltLng - de
FF - user.js: extensions.Softonic.excTlbr - false
FF - user.js: extensions.Softonic.admin - false
4. Deaktivere den Guard Deines Antivirenprogramms und eine eventuell vorhandene Software Firewall. (Auch Guards von Ad-, Spyware Programmen und den Tea Timer (wenn vorhanden) !) 5. Dann ziehe die CFScript.txt auf die cofi.exe, so wie es im unteren Bild zu sehen ist. Damit wird Combofix neu gestartet.  6. Nach dem Neustart (es wird gefragt ob Du neustarten willst), poste bitte die folgenden Log Dateien: Combofix.txt Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________ |
|
25.04.2012, 21:18
| #19 |
| | Windows aus Sicherheitsgründen gesperrt- Zahlungaufforderung 50€ Und das nächste log Combofix Logfile: Code:
ATTFilter ComboFix 12-04-25.02 - Sven Bruns 25.04.2012 22:02:55.2.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.49.1031.18.3066.1711 [GMT 2:00]
ausgeführt von:: c:\users\Sven Bruns\Downloads\ComboFix.exe
Benutzte Befehlsschalter :: c:\users\Sven Bruns\Desktop\CFScript.txt
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Neuer Wiederherstellungspunkt wurde erstellt
.
FILE ::
"C:\user.js"
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Softonic
c:\program files\Softonic\Softonic\1.5.21.0\bh\Softonic.dll
c:\program files\Softonic\Softonic\1.5.21.0\escortShld.dll
c:\program files\Softonic\Softonic\1.5.21.0\SoftonicApp.dll
c:\program files\Softonic\Softonic\1.5.21.0\SoftonicEng.dll
c:\program files\Softonic\Softonic\1.5.21.0\Softonicsrv.exe
c:\program files\Softonic\Softonic\1.5.21.0\SoftonicTlbr.dll
c:\program files\Softonic\Softonic\1.5.21.0\uninstall.exe
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-03-25 bis 2012-04-25 ))))))))))))))))))))))))))))))
.
.
2074-05-07 17:38 . 2006-11-21 19:48 203576 ------w- c:\program files\Microsoft Games\Age of Empires III\autopatcher2.exe
2012-04-25 20:13 . 2012-04-25 20:13 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-04-25 20:13 . 2012-04-25 20:13 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-04-25 18:55 . 2012-04-25 18:55 111 ----a-w- C:\user.js
2012-04-25 18:52 . 2012-04-25 18:52 -------- d-----w- c:\program files\Common Files\Blizzard Entertainment
2012-04-25 18:44 . 2012-04-25 18:44 -------- d-----w- c:\program files\Mozilla Maintenance Service
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-15 21:53 . 2011-06-05 19:17 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-03-22 19:12 . 2012-03-22 19:12 4435968 ----a-w- c:\windows\system32\GPhotos.scr
2012-02-15 17:06 . 2011-10-16 12:05 137416 ----a-w- c:\windows\system32\drivers\avipbb.sys
2012-01-31 17:15 . 2012-02-13 14:18 4659712 ----a-w- c:\windows\system32\Redemption.dll
2012-01-31 17:15 . 2012-01-31 17:15 90112 ----a-w- c:\windows\MAMCityDownload.ocx
2012-01-31 17:15 . 2012-01-31 17:15 49152 ----a-w- c:\windows\system32\MaJGUILib.dll
2012-01-31 17:15 . 2012-01-31 17:15 45056 ----a-w- c:\windows\system32\MaXMLProto.dll
2012-01-31 17:15 . 2012-01-31 17:15 40960 ----a-w- c:\windows\system32\MTTELECHIP.dll
2012-01-31 17:15 . 2012-01-31 17:15 325552 ----a-w- c:\windows\MASetupCaller.dll
2012-01-31 17:15 . 2012-01-31 17:15 30568 ----a-w- c:\windows\MusiccityDownload.exe
2012-01-31 17:15 . 2012-01-31 17:15 200704 ----a-w- c:\windows\system32\muzwmts.dll
2012-01-31 17:15 . 2012-01-31 17:15 135168 ----a-w- c:\windows\system32\muzaf1.dll
2012-01-31 17:15 . 2012-01-31 17:15 122880 ----a-w- c:\windows\system32\muzeffect.ax
2012-01-31 17:15 . 2012-01-31 17:15 118784 ----a-w- c:\windows\system32\MaDRM.dll
2012-01-31 17:15 . 2012-01-31 17:15 110592 ----a-w- c:\windows\system32\muzmp4sp.ax
2012-01-31 17:15 . 2012-02-13 14:17 821824 ----a-w- c:\windows\system32\dgderapi.dll
2012-01-31 17:15 . 2012-02-13 14:17 20032 ----a-w- c:\windows\system32\drivers\dgderdrv.sys
2012-01-31 17:15 . 2012-01-31 17:15 974848 ----a-w- c:\windows\system32\cis-2.4.dll
2012-01-31 17:15 . 2012-01-31 17:15 81920 ----a-w- c:\windows\system32\issacapi_bs-2.3.dll
2012-01-31 17:15 . 2012-01-31 17:15 65536 ----a-w- c:\windows\system32\issacapi_pe-2.3.dll
2012-01-31 17:15 . 2012-01-31 17:15 57344 ----a-w- c:\windows\system32\MTXSYNCICON.dll
2012-01-31 17:15 . 2012-01-31 17:15 57344 ----a-w- c:\windows\system32\MK_Lyric.dll
2012-01-31 17:15 . 2012-01-31 17:15 57344 ----a-w- c:\windows\system32\issacapi_se-2.3.dll
2012-01-31 17:15 . 2012-01-31 17:15 569344 ----a-w- c:\windows\system32\muzdecode.ax
2012-01-31 17:15 . 2012-01-31 17:15 491520 ----a-w- c:\windows\system32\muzapp.dll
2012-01-31 17:15 . 2012-01-31 17:15 45056 ----a-w- c:\windows\system32\MACXMLProto.dll
2012-01-31 17:15 . 2012-01-31 17:15 40960 ----a-w- c:\windows\system32\MAMACExtract.dll
2012-01-31 17:15 . 2012-01-31 17:15 352256 ----a-w- c:\windows\system32\MSLUR71.dll
2012-01-31 17:15 . 2012-01-31 17:15 258048 ----a-w- c:\windows\system32\muzoggsp.ax
2012-01-31 17:15 . 2012-01-31 17:15 245760 ----a-w- c:\windows\system32\MSCLib.dll
2012-01-31 17:15 . 2012-01-31 17:15 24576 ----a-w- c:\windows\system32\MASetupCleaner.exe
2012-01-31 17:15 . 2012-01-31 17:15 172032 ----a-w- c:\windows\system32\muzapp.exe
2012-01-31 17:15 . 2012-01-31 17:15 155648 ----a-w- c:\windows\system32\MSFLib.dll
2012-01-31 17:15 . 2012-01-31 17:15 143360 ----a-w- c:\windows\system32\3DAudio.ax
2012-01-31 17:15 . 2012-01-31 17:15 131072 ----a-w- c:\windows\system32\muzmpgsp.ax
2012-01-31 17:15 . 2009-04-26 08:44 319456 ----a-w- c:\windows\system32\DIFxAPI.dll
2012-04-25 18:44 . 2011-07-04 12:26 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ProductReg"="c:\program files\Acer\WR_PopUp\ProductReg.exe" [2008-11-17 135168]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
"KiesHelper"="c:\program files\Samsung\Kies\KiesHelper.exe" [2012-02-03 943504]
"KiesPDLR"="c:\program files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" [2012-03-01 21416]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-02-11 186904]
"cAudioFilterAgent"="c:\program files\Conexant\cAudioFilterAgent\cAudioFilterAgent.exe" [2008-11-05 474168]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-03-05 1434920]
"LManager"="c:\program files\Launch Manager\LManager.exe" [2009-03-05 805384]
"Acer ePower Management"="c:\program files\Acer\Acer ePower Management\ePowerTray.exe" [2009-04-03 698912]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-10-11 258512]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-01 59240]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-01-03 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-12-08 421736]
"KiesTrayAgent"="c:\program files\Samsung\Kies\KiesTrayAgent.exe" [2012-02-03 3508624]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\4StoryPrePatch]
2010-11-01 17:45 319488 ----a-w- c:\program files\Gameforge4D\4Story\PrePatch.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-12-08 00:36 421736 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2008-12-02 20:39 3882312 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2011-06-09 12:06 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-15 253088]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Inhalt des "geplante Tasks" Ordners
.
2012-04-25 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-30 21:53]
.
2012-04-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-10 23:11]
.
2012-04-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-10 23:11]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page =
uDefault_Search_URL =
mStart Page =
uSearchAssistant =
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Free YouTube to Mp3 Converter - c:\users\Sven Bruns\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: {{77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - c:\program files\ICQ7.7\ICQ.exe
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 192.168.1.1
DPF: {C212D449-8B3C-41F2-BD9A-047BD770550F} - hxxp://operation7.fiaa.eu/OPLauncher.cab
FF - ProfilePath - c:\users\Sven Bruns\AppData\Roaming\Mozilla\Firefox\Profiles\0nx00ne6.default\
FF - prefs.js: browser.search.selectedEngine -
FF - prefs.js: browser.startup.homepage - hxxps://www.google.de/
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
AddRemove-Softonic - c:\program files\Softonic\Softonic\1.5.21.0\uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2012-04-25 22:13
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-1899564752-3391272897-2100108512-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
"??"=hex:5a,0c,62,98,3e,9d,8e,d7,c5,b2,40,62,46,b4,6a,08,af,e2,98,6f,22,e8,14,
f1,31,d8,2a,38,5f,70,30,f9,e1,e1,22,e9,f2,f2,14,fb,b0,4b,a1,9d,96,5f,56,1c,\
"??"=hex:b9,03,eb,50,79,e1,2e,2c,2e,24,7f,2b,a0,c2,0b,8f
.
[HKEY_USERS\S-1-5-21-1899564752-3391272897-2100108512-1003\Software\SecuROM\License information*]
"datasecu"=hex:d1,72,69,78,9d,0b,15,50,34,54,c6,e7,ac,58,18,a3,c3,49,f9,8c,48,
e8,92,11,51,1f,bf,a4,8e,d1,90,97,ca,f7,91,a0,95,6b,90,9f,51,1c,57,9a,45,d3,\
"rkeysecu"=hex:bb,c8,f2,f8,0a,59,09,8b,00,a3,e5,0c,84,45,b7,b3
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Zeit der Fertigstellung: 2012-04-25 22:16:23
ComboFix-quarantined-files.txt 2012-04-25 20:16
ComboFix2.txt 2012-04-25 19:16
.
Vor Suchlauf: 28 Verzeichnis(se), 193.445.249.024 Bytes frei
Nach Suchlauf: 29 Verzeichnis(se), 192.677.404.672 Bytes frei
.
- - End Of File - - A400724B15FA55E4F38570FD1A0A96EA
|
|
26.04.2012, 09:23
| #20 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Windows aus Sicherheitsgründen gesperrt- Zahlungaufforderung 50€Zitat:
Du kannst diese Datei auch mit dem Editor notepad öffnen und den Inhalt hier komplett posten (bitte in CODE-Tags!)
__________________ Logfiles bitte immer in CODE-Tags posten |
|
27.04.2012, 21:26
| #21 |
| | Windows aus Sicherheitsgründen gesperrt- Zahlungaufforderung 50€ Da ich den Upload nicht hinbekomme ist hier der inhalt der .js Code:
ATTFilter user_pref("extensions.Softonic_i.dfltLng", "de");
user_pref("extensions.Softonic_i.instlRef", "MON1204T11");
|
|
28.04.2012, 14:05
| #22 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Windows aus Sicherheitsgründen gesperrt- Zahlungaufforderung 50€ Feinster SOftonic-Müll ist das  Kannst du die Datei C:\user.js manuell löschen?
__________________ Logfiles bitte immer in CODE-Tags posten |
|
29.04.2012, 08:33
| #23 |
| | Windows aus Sicherheitsgründen gesperrt- Zahlungaufforderung 50€ Also nachdem ich die Datei manuel gelöscht habe hat sich ein Fenster geüfnet mit der frage ob ich die daei neu erstellen möchte dieses habe ich mit ja beantwortet |
|
30.04.2012, 12:14
| #24 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Windows aus Sicherheitsgründen gesperrt- Zahlungaufforderung 50€ Bitte nun Logs mit GMER und OSAM erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen. Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst. Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM! Downloade dir bitte  aswMBR.exe und speichere die Datei auf deinem Desktop.
Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none). Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes: Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
05.05.2012, 11:18
| #25 |
| | Windows aus Sicherheitsgründen gesperrt- Zahlungaufforderung 50€ Das GMER log GMER Logfile: Code:
ATTFilter GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-05-05 11:42:57
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 WDC_WD32 rev.11.0
Running: y1omjiyt.exe; Driver: C:\Users\SVENBR~1\AppData\Local\Temp\uwdcquob.sys
---- System - GMER 1.0.15 ----
SSDT 8C60096E ZwCreateSection
SSDT 8C600978 ZwRequestWaitReplyPort
SSDT 8C600973 ZwSetContextThread
SSDT 8C60097D ZwSetSecurityObject
SSDT 8C600982 ZwSystemDebugControl
SSDT 8C60090F ZwTerminateProcess
INT 0x51 ? 86F00F00
INT 0x51 ? 86F00F00
INT 0x51 ? 86F00F00
INT 0x72 ? 86F00F00
INT 0x82 ? 86F00F00
INT 0x92 ? 86F00F00
INT 0xA2 ? 85520BF8
INT 0xA2 ? 86F00F00
INT 0xA2 ? 86F00F00
INT 0xA2 ? 85520BF8
---- Kernel code sections - GMER 1.0.15 ----
.text ntkrnlpa.exe!KeSetEvent + 215 820F4998 4 Bytes [6E, 09, 60, 8C] {OUTSB ; OR [EAX-0x74], ESP}
.text ntkrnlpa.exe!KeSetEvent + 539 820F4CBC 4 Bytes [78, 09, 60, 8C]
.text ntkrnlpa.exe!KeSetEvent + 56D 820F4CF0 4 Bytes [73, 09, 60, 8C]
.text ntkrnlpa.exe!KeSetEvent + 5D1 820F4D54 4 Bytes [7D, 09, 60, 8C]
.text ntkrnlpa.exe!KeSetEvent + 619 820F4D9C 4 Bytes [82, 09, 60, 8C]
.text ...
? System32\Drivers\spft.sys Das System kann den angegebenen Pfad nicht finden. !
.text USBPORT.SYS!DllUnload 8EEE741B 5 Bytes JMP 86F004E0
.text a52qqcux.SYS 8ED9B000 22 Bytes [82, C3, 01, 82, 6C, C2, 01, ...]
.text a52qqcux.SYS 8ED9B017 137 Bytes [00, 32, C7, 78, 80, 3D, C5, ...]
.text a52qqcux.SYS 8ED9B0A1 29 Bytes [10, 0F, 82, 74, 06, 09, 82, ...]
.text a52qqcux.SYS 8ED9B0BF 13 Bytes [82, 00, 00, 00, 00, 00, 00, ...] {ADD BYTE [EAX], 0x0; ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL}
.text a52qqcux.SYS 8ED9B0CE 10 Bytes [00, 00, 00, 00, 00, 00, C9, ...] {ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL; LEAVE ; HLT ; POP ESP; DEC EDX}
.text ...
---- User code sections - GMER 1.0.15 ----
.text C:\Program Files\Samsung\Kies\External\DeviceModules\DeviceManager.exe[2608] kernel32.dll!SetUnhandledExceptionFilter 76BAA8C5 3 Bytes JMP 00467D40 C:\Program Files\Samsung\Kies\External\DeviceModules\DeviceManager.exe (DeviceManager.exe/Mobileleader Co., Ltd.)
.text C:\Program Files\Samsung\Kies\External\DeviceModules\DeviceManager.exe[2608] kernel32.dll!SetUnhandledExceptionFilter + 4 76BAA8C9 1 Byte [89]
---- Kernel IAT/EAT - GMER 1.0.15 ----
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortUchar] [806906D6] \SystemRoot\System32\Drivers\spft.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUchar] [80690042] \SystemRoot\System32\Drivers\spft.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortBufferUshort] [80690800] \SystemRoot\System32\Drivers\spft.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUshort] [806900C0] \SystemRoot\System32\Drivers\spft.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortBufferUshort] [8069013E] \SystemRoot\System32\Drivers\spft.sys
IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [8069FB90] \SystemRoot\System32\Drivers\spft.sys
IAT \SystemRoot\System32\Drivers\a52qqcux.SYS[ataport.SYS!AtaPortNotification] CC358B04
IAT \SystemRoot\System32\Drivers\a52qqcux.SYS[ataport.SYS!AtaPortWritePortUchar] 838EDC1F
IAT \SystemRoot\System32\Drivers\a52qqcux.SYS[ataport.SYS!AtaPortWritePortUlong] 458B38C6
IAT \SystemRoot\System32\Drivers\a52qqcux.SYS[ataport.SYS!AtaPortGetPhysicalAddress] A5A5A514
IAT \SystemRoot\System32\Drivers\a52qqcux.SYS[ataport.SYS!AtaPortConvertPhysicalAddressToUlong] [100D8BA5] \Program Files\DAEMON Tools Lite\Engine.dll (Helper library/DT Soft Ltd)
IAT \SystemRoot\System32\Drivers\a52qqcux.SYS[ataport.SYS!AtaPortGetScatterGatherList] 5F8EDBF0
IAT \SystemRoot\System32\Drivers\a52qqcux.SYS[ataport.SYS!AtaPortReadPortUchar] 30810889
IAT \SystemRoot\System32\Drivers\a52qqcux.SYS[ataport.SYS!AtaPortStallExecution] 54771129
IAT \SystemRoot\System32\Drivers\a52qqcux.SYS[ataport.SYS!AtaPortGetParentBusType] 10C25D5E
IAT \SystemRoot\System32\Drivers\a52qqcux.SYS[ataport.SYS!AtaPortRequestCallback] 8B55CC00
IAT \SystemRoot\System32\Drivers\a52qqcux.SYS[ataport.SYS!AtaPortWritePortBufferUshort] 084D8BEC
IAT \SystemRoot\System32\Drivers\a52qqcux.SYS[ataport.SYS!AtaPortGetUnCachedExtension] 0CF0918B
IAT \SystemRoot\System32\Drivers\a52qqcux.SYS[ataport.SYS!AtaPortCompleteRequest] 458B0000
IAT \SystemRoot\System32\Drivers\a52qqcux.SYS[ataport.SYS!AtaPortMoveMemory] 8B108910
IAT \SystemRoot\System32\Drivers\a52qqcux.SYS[ataport.SYS!AtaPortCompleteAllActiveRequests] 000CF491
IAT \SystemRoot\System32\Drivers\a52qqcux.SYS[ataport.SYS!AtaPortReleaseRequestSenseIrb] 04508900
IAT \SystemRoot\System32\Drivers\a52qqcux.SYS[ataport.SYS!AtaPortBuildRequestSenseIrb] 053C7980
IAT \SystemRoot\System32\Drivers\a52qqcux.SYS[ataport.SYS!AtaPortReadPortUshort] 560C558B
IAT \SystemRoot\System32\Drivers\a52qqcux.SYS[ataport.SYS!AtaPortReadPortBufferUshort] C6127557
IAT \SystemRoot\System32\Drivers\a52qqcux.SYS[ataport.SYS!AtaPortInitialize] B18D0502
IAT \SystemRoot\System32\Drivers\a52qqcux.SYS[ataport.SYS!AtaPortGetDeviceBase] 00000CF8
IAT \SystemRoot\System32\Drivers\a52qqcux.SYS[ataport.SYS!AtaPortDeviceStateChange] A508788D
---- Devices - GMER 1.0.15 ----
Device \FileSystem\Ntfs \Ntfs 855221F8
Device \FileSystem\cdfs \Cdfs 84CFF1F8
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xC9 0x98 0xFE 0x09 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x54 0x10 0x19 0x3E ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x26 0x09 0x3F 0xF6 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xC9 0x98 0xFE 0x09 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x54 0x10 0x19 0x3E ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x26 0x09 0x3F 0xF6 ...
---- EOF - GMER 1.0.15 ----
Das OSAM log OSAM Logfile: Code:
ATTFilter Report of OSAM: Autorun Manager v5.0.11926.0 hxxp://www.online-solutions.ru/en/ Saved at 11:59:34 on 05.05.2012 OS: Windows Vista Home Premium Edition Service Pack 2 (Build 6002), 32-bit Default Browser: Mozilla Corporation Firefox 12.0 Scanner Settings [x] Rootkits detection (hidden registry) [x] Rootkits detection (hidden files) [x] Retrieve files information [x] Check Microsoft signatures Filters [ ] Trusted entries [ ] Empty entries [x] Hidden registry entries (rootkit activity) [x] Exclusively opened files [x] Not found files [x] Files without detailed information [x] Existing files [ ] Non-startable services [ ] Non-startable drivers [x] Active entries [x] Disabled entries [Common] -----( %SystemRoot%\Tasks )----- "GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe "GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe "Adobe Flash Player Updater.job" - "Adobe Systems Incorporated" - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [Control Panel Objects] -----( %SystemRoot%\system32 )----- "FlashPlayerCPLApp.cpl" - "Adobe Systems Incorporated" - C:\Windows\system32\FlashPlayerCPLApp.cpl -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )----- "mlcfg32.cpl" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\MLCFG32.CPL "Pando" - "Pando Networks" - C:\Program Files\Pando Networks\Media Booster\PMB.cpl [Drivers] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "ab0h1jtn" (ab0h1jtn) - "Microsoft Corporation" - C:\Windows\system32\drivers\ab0h1jtn.sys (Hidden registry entry, rootkit activity | File signed by Microsoft) "avipbb" (avipbb) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avipbb.sys "avkmgr" (avkmgr) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avkmgr.sys "catchme" (catchme) - ? - C:\Users\SVENBR~1\AppData\Local\Temp\catchme.sys (File not found) "EagleNT" (EagleNT) - ? - C:\Windows\system32\drivers\EagleNT.sys (File not found) "EagleXNt" (EagleXNt) - ? - C:\Windows\system32\drivers\EagleXNt.sys (File not found) "GridinSoft Trojan Killer Driver" (TrojanKillerDriver) - "Windows (R) Win 7 DDK provider" - C:\Windows\System32\DRIVERS\gtkdrv.sys "Hamachi Network Interface" (hamachi) - "LogMeIn, Inc." - C:\Windows\System32\DRIVERS\hamachi.sys "int15.sys" (int15.sys) - ? - C:\Windows\System32\OEM\Factory\int15.sys (File found, but it contains no detailed information) "IP in IP Tunnel Driver" (IpInIp) - ? - C:\Windows\System32\DRIVERS\ipinip.sys (File not found) "IPX Traffic Filter Driver" (NwlnkFlt) - ? - C:\Windows\System32\DRIVERS\nwlnkflt.sys (File not found) "IPX Traffic Forwarder Driver" (NwlnkFwd) - ? - C:\Windows\System32\DRIVERS\nwlnkfwd.sys (File not found) "sptd" (sptd) - "Duplex Secure Ltd." - C:\Windows\System32\Drivers\sptd.sys (File is exclusively opened, access blocked) "ssmdrv" (ssmdrv) - "Avira GmbH" - C:\Windows\System32\DRIVERS\ssmdrv.sys "UBHelper" (UBHelper) - "NewTech Infosystems Corporation" - C:\Windows\system32\drivers\UBHelper.sys "Upper Class Filter Driver" (NTIDrvr) - "NewTech Infosystems, Inc." - C:\Windows\System32\DRIVERS\NTIDrvr.sys "USBIO Driver (usbio.sys)" (USBIO) - "Thesycon GmbH, Germany" - C:\Windows\System32\Drivers\usbio.sys "XDva375" (XDva375) - ? - C:\Windows\system32\XDva375.sys (File not found) [Explorer] -----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )----- {F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll {C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll -----( HKLM\Software\Classes\Protocols\Filter )----- {807563E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL -----( HKLM\Software\Classes\Protocols\Handler )----- {32505114-5902-49B2-880A-1F7738E5A384} "Data Page Plugable Protocal mso-offdap11 Handler" - "Microsoft Corporation" - c:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL {314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL {828030A1-22C1-4009-854F-8E305202313F} "livecall" - "Microsoft Corporation" - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL {828030A1-22C1-4009-854F-8E305202313F} "msnim" - "Microsoft Corporation" - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL {03C514A3-1EFB-4856-9F99-10D7BE1653C0} "Windows Live Mail HTML Asynchronous Pluggable Protocol Handler" - "Microsoft Corporation" - C:\Program Files\Windows Live\Mail\mailcomm.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )----- {911051fa-c21c-4246-b470-070cd8df6dc4} ".cab or .zip files" - ? - (File not found | COM-object registry key not found) {23170F69-40C1-278A-1000-000100020000} "7-Zip Shell Extension" - "Igor Pavlov" - C:\Program Files\7-Zip\7-zip.dll {1b24a030-9b20-49bc-97ac-1be4426f9e59} "ActiveDirectory Folder" - ? - (File not found | COM-object registry key not found) {34449847-FD14-4fc8-A75A-7432F5181EFB} "ActiveDirectory Folder" - ? - (File not found | COM-object registry key not found) {D5906221-A717-479B-9B49-CD848F9CE816} "BitZipper32" - ? - (File not found | COM-object registry key not found) {0563DB41-F538-4B37-A92D-4659049B7766} "CLSID_WLMCMimeFilter" - "Microsoft Corporation" - C:\Program Files\Windows Live\Mail\mailcomm.dll {0F8604A5-4ECE-4DE1-BA7D-CF10F8AA4F48} "Contacts folder" - ? - (File not found | COM-object registry key not found) {A70C977A-BF00-412C-90B7-034C51DA2439} "DesktopContext Class" - "NVIDIA Corporation" - C:\Program Files\NVIDIA Corporation\Display\nvui.dll {2C2577C2-63A7-40e3-9B7F-586602617ECB} "Explorer Query Band" - ? - (File not found | COM-object registry key not found) {FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} "IE User Assist" - ? - (File not found | COM-object registry key not found) {B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} "iTunes" - "Apple Inc." - C:\Program Files\iTunes\iTunesMiniPlayer.dll {42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\OFFICE11\msohev.dll {993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll {00020d75-0000-0000-c000-000000000046} "Microsoft Office Outlook" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\MLSHEXT.DLL {C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} "NVIDIA CPL Context Menu Extension" - "NVIDIA Corporation" - C:\Windows\system32\nvshext.dll {C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "OpenOffice.org Column Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll {087B3AE3-E237-4467-B8DB-5A38AB959AC9} "OpenOffice.org Infotip Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll {63542C48-9552-494A-84F7-73AA6A7C99C1} "OpenOffice.org Property Sheet Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll {3B092F0C-7696-40E3-A80F-68D74DA84210} "OpenOffice.org Thumbnail Viewer" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll {0006F045-0000-0000-C000-000000000046} "Outlook File Icon Extension" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\OLKFSTUB.DLL {C8494E42-ACDD-4739-B0FB-217361E4894F} "Sam Account Folder" - ? - (File not found | COM-object registry key not found) {E29F9716-5C08-4FCD-955A-119FDB5A522D} "Sam Account Folder" - ? - (File not found | COM-object registry key not found) {45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira Operations GmbH & Co. KG" - C:\Program Files\Avira\AntiVir Desktop\shlext.dll {2BE99FD4-A181-4996-BFA9-58C5FFD11F6C} "Windows Live Photo Gallery Autoplay Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe {00F30F64-AC33-42F5-8FD1-5DC2D3FDE06C} "Windows Live Photo Gallery Editor Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe {00F3712A-CA79-45B4-9E4D-D7891E7F8B9D} "Windows Live Photo Gallery Editor Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll {00F30F90-3E96-453B-AFCD-D71989ECC2C7} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll {00F33137-EE26-412F-8D71-F84E4C2C6625} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll {00F374B7-B390-4884-B372-2FC349F2172B} "Windows Live Photo Gallery Viewer Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe {00F346CB-35A4-465B-8B8F-65A29DBAB1F6} "Windows Live Photo Gallery Viewer Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll {da67b8ad-e81b-4c70-9b91b417b5e33527} "Windows Search Shell Service" - ? - (File not found | COM-object registry key not found) {B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - "Alexander Roshal" - C:\Program Files\WinRAR\rarext.dll {06A2568A-CED6-4187-BB20-400B8C02BE5A} "{06A2568A-CED6-4187-BB20-400B8C02BE5A}" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoAcquireWizard.exe [Internet Explorer] -----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )----- ITBar7Height "ITBar7Height" - ? - (File not found | COM-object registry key not found) <binary data> "ITBar7Layout" - ? - (File not found | COM-object registry key not found) -----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )----- {8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_32" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} "Java Plug-in 1.6.0_32" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_32" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_32.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab {C212D449-8B3C-41F2-BD9A-047BD770550F} "Perparer Class" - "AB" - C:\Windows\DOWNLO~1\OPLAUN~1.DLL / hxxp://operation7.fiaa.eu/OPLauncher.cab {233C1507-6A77-46A4-9443-F871F945D258} "Shockwave ActiveX Control" - "Adobe Systems, Inc." - C:\Windows\system32\Adobe\Director\SwDir.dll / hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab {D27CDB6E-AE6D-11CF-96B8-444553540000} "Shockwave Flash Object" - "Adobe Systems, Inc." - C:\Windows\system32\Macromed\Flash\Flash32_11_2_202_233.ocx / hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab {1E54D648-B804-468d-BC78-4AFFED8E262F} "System Requirements Lab Class" - "Husdawg, LLC" - C:\Windows\Downloaded Program Files\sysreqlab_nvd.dll / hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )----- "ICQ7.7" - "ICQ, LLC." - C:\Program Files\ICQ7.7\ICQ.exe {5F7B1267-94A9-47F5-98DB-E99415F33AEC} "In Blog veröffentlichen" - "Microsoft Corporation" - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll {FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Research" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )----- {18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll {DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2ssv.dll {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} "Java(tm) Plug-In SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\ssv.dll [Logon] -----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )----- "desktop.ini" - ? - C:\Users\Sven Bruns\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini -----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )----- "desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini -----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )----- "KiesHelper" - "Samsung" - C:\Program Files\Samsung\Kies\KiesHelper.exe /s "KiesPDLR" - ? - C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe "ProductReg" - "Acer" - "C:\Program Files\Acer\WR_PopUp\ProductReg.exe" -----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )----- "StartupPrograms" - ? - rdpclip (File not found) -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )----- "Acer ePower Management" - "Acer Incorporated" - C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe "Adobe ARM" - "Adobe Systems Incorporated" - "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" "Adobe Reader Speed Launcher" - "Adobe Systems Incorporated" - "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" "APSDaemon" - "Apple Inc." - "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" "avgnt" - "Avira Operations GmbH & Co. KG" - "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min "cAudioFilterAgent" - "Conexant Systems, Inc." - C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent.exe "IAAnotif" - "Intel Corporation" - C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe "iTunesHelper" - "Apple Inc." - "C:\Program Files\iTunes\iTunesHelper.exe" "KiesTrayAgent" - "Samsung Electronics Co., Ltd." - C:\Program Files\Samsung\Kies\KiesTrayAgent.exe "LManager" - "Dritek System Inc." - C:\Program Files\Launch Manager\LManager.exe "SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Program Files\Common Files\Java\Java Update\jusched.exe" [Services] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "@C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100" (WPFFontCache_v0400) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe "Acer ePower Service" (ePowerSvc) - "Acer Incorporated" - C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe "Adobe Flash Player Update Service" (AdobeFlashPlayerUpdateSvc) - "Adobe Systems Incorporated" - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe "Apple Mobile Device" (Apple Mobile Device) - "Apple Inc." - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe "Application Updater" (Application Updater) - ? - "C:\Program Files\Application Updater\ApplicationUpdater.exe" (File not found) "ASP.NET-Zustandsdienst" (aspnet_state) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe "Avira Planer" (AntiVirSchedulerService) - "Avira Operations GmbH & Co. KG" - C:\Program Files\Avira\AntiVir Desktop\sched.exe "Dienst "Bonjour"" (Bonjour Service) - "Apple Inc." - C:\Program Files\Bonjour\mDNSResponder.exe "Google Software Updater" (gusvc) - "Google" - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe "Google Update Service (gupdate)" (gupdate) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe "Google Update-Dienst (gupdatem)" (gupdatem) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe "InstallDriver Table Manager" (IDriverT) - "Macrovision Corporation" - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe "Intel(R) Matrix Storage Event Monitor" (IAANTMON) - "Intel Corporation" - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe "iPod-Dienst" (iPod Service) - "Apple Inc." - C:\Program Files\iPod\bin\iPodService.exe "Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe "Microsoft Office Diagnostics Service" (odserv) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE "Mozilla Maintenance Service" (MozillaMaintenance) - "Mozilla Foundation" - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe "nProtect GameGuard Service" (npggsvc) - "INCA Internet Co., Ltd." - C:\Windows\system32\GameMon.des "NTI Backup Now 5 Backup Service" (NTIBackupSvc) - "NewTech InfoSystems, Inc." - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe "NTI Backup Now 5 Scheduler Service" (NTISchedulerSvc) - "NewTech Infosystems, Inc." - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe "NVIDIA Display Driver Service" (nvsvc) - "NVIDIA Corporation" - C:\Windows\system32\nvvsvc.exe "NVIDIA Update Service Daemon" (nvUpdatusService) - "NVIDIA Corporation" - C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe "Office Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE "Raw Socket Service" (RS_Service) - "Acer Incorporated" - C:\Program Files\Acer\Acer VCM\RS_Service.exe "SearchAnonymizer" (SearchAnonymizer) - ? - C:\Users\Sven Bruns\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe "Skype Updater" (SkypeUpdate) - "Skype Technologies" - C:\Program Files\Skype\Updater\Updater.exe "SQL Server (MSSMLBIZ)" (MSSQL$MSSMLBIZ) - "Microsoft Corporation" - C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe "SQL Server VSS Writer" (SQLWriter) - "Microsoft Corporation" - C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe "SQL Server-Startdienst für Business Contact Manager" (BcmSqlStartupSvc) - "Microsoft Corporation" - C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe "Steam Client Service" (Steam Client Service) - "Valve Corporation" - C:\Program Files\Common Files\Steam\SteamService.exe "TeamViewer 5" (TeamViewer5) - "TeamViewer GmbH" - C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe [Winsock Providers] -----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )----- "mdnsNSP" - "Apple Inc." - C:\Program Files\Bonjour\mdnsNSP.dll ===[ Logfile end ]=========================================[ Logfile end ]=== If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru [/code] und der aswMBR log Code:
ATTFilter aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-05-05 12:00:17
-----------------------------
12:00:17.670 OS Version: Windows 6.0.6002 Service Pack 2
12:00:17.670 Number of processors: 2 586 0x170A
12:00:17.672 ComputerName: SVENBRUNS-PC UserName: Sven Bruns
12:00:20.384 Initialize success
12:12:56.118 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
12:12:56.124 Disk 0 Vendor: WDC_WD32 11.0 Size: 305245MB BusType: 3
12:12:56.171 Disk 0 MBR read successfully
12:12:56.175 Disk 0 MBR scan
12:12:56.178 Disk 0 Windows VISTA default MBR code
12:12:56.187 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 12288 MB offset 2048
12:12:56.207 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 292955 MB offset 25167872
12:12:56.214 Disk 0 scanning sectors +625139712
12:12:56.292 Disk 0 scanning C:\Windows\system32\drivers
12:13:03.967 Service scanning
12:13:16.877 Service sptd C:\Windows\System32\Drivers\sptd.sys **LOCKED** 32
12:13:22.410 Modules scanning
12:13:27.662 Disk 0 trace - called modules:
12:13:27.689 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll iaStor.sys sppw.sys >>UNKNOWN [0x854d7938]<<
12:13:27.703 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8658f8a0]
12:13:27.712 3 CLASSPNP.SYS[8a79d8b3] -> nt!IofCallDriver -> [0x85592198]
12:13:27.721 5 acpi.sys[807bf6bc] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x85594028]
12:13:27.729 Scan finished successfully
12:15:30.160 Disk 0 MBR has been saved successfully to "C:\Users\Sven Bruns\Desktop\MBR.dat"
12:15:30.176 The log file has been saved successfully to "C:\Users\Sven Bruns\Desktop\aswMBR.txt"
|
|
06.05.2012, 18:13
| #26 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Windows aus Sicherheitsgründen gesperrt- Zahlungaufforderung 50€ Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs. Denk dran beide Tools zu updaten vor dem Scan!!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
| Themen zu Windows aus Sicherheitsgründen gesperrt- Zahlungaufforderung 50€ |
| 0xc0000006, 7-zip, akamai, alternate, antivir, audacity, avgnt, avira, bildschirm, black, bonjour, converter, dateisystem, desktop, device driver, error, festplatte, firefox, flash player, google, home, install.exe, iobit, launch, logfile, metin2, microsoft office 2003, microsoft office word, mp3, nicht möglich, nvidia update, office 2007, plug-in, popup, problem, realtek, scan, searchscopes, security, server, software, spyware, svchost.exe, system blockiert, trojaner, tubebox, usb 2.0, version=1.0, viren, vista, windows |
Linear-Darstellung
