malewarebytes scan mit vielen funden

burke · 11.05.2012, 16:55

Code:

ATTFilter

ComboFix 12-05-10.02 - Boris 10.05.2012  17:07:40.1.2 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.49.1031.18.3070.1805 [GMT 2:00]
ausgeführt von:: c:\users\Boris\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Boris\AppData\Local\assembly\tmp
c:\users\Boris\AppData\Roaming\AcroIEHelpe.txt
c:\users\Boris\AppData\Roaming\Avaq
c:\users\Boris\AppData\Roaming\Avaq\iryr.ehm
c:\users\Boris\AppData\Roaming\Desktopicon
c:\users\Boris\AppData\Roaming\Desktopicon\eBay.ico
c:\users\Boris\AppData\Roaming\Desktopicon\uninst.exe
c:\users\Boris\AppData\Roaming\Gutep
c:\users\Boris\AppData\Roaming\Gutep\ahuro.ebk
c:\users\Boris\AppData\Roaming\Help\coredb\storage
c:\users\Boris\AppData\Roaming\Ocpode
c:\users\Boris\AppData\Roaming\Ocpode\myboq.zid
c:\users\Boris\AppData\Roaming\srvblck5.tmp
c:\windows\$NtUninstallKB9818$
c:\windows\$NtUninstallKB9818$\2081765780
c:\windows\$NtUninstallKB9818$\2876207818\@
c:\windows\$NtUninstallKB9818$\2876207818\L\qnbwvoto
c:\windows\IsUn0407.exe
c:\windows\iun6002.exe
c:\windows\system32\Install.cmd
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-04-10 bis 2012-05-10  ))))))))))))))))))))))))))))))
.
.
2012-05-10 15:17 . 2012-05-10 15:17	--------	d-----w-	c:\users\Boris\AppData\Local\temp
2012-05-08 12:32 . 2012-05-08 12:32	--------	d-----w-	C:\_OTL
2012-05-08 12:02 . 2012-04-13 07:36	6734704	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{DA5773BA-9F3C-4F01-BEC2-DCA5211CF27F}\mpengine.dll
2012-05-06 21:16 . 2012-05-06 21:19	--------	d-----w-	c:\program files\Euthanasia
2012-05-04 12:56 . 2012-05-04 12:56	--------	d-----w-	c:\program files\ESET
2012-05-03 14:08 . 2012-05-03 14:08	--------	d-----w-	c:\users\Boris\AppData\Roaming\Malwarebytes
2012-05-03 14:08 . 2012-05-03 14:08	--------	d-----w-	c:\programdata\Malwarebytes
2012-05-03 14:08 . 2012-05-03 14:08	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2012-05-03 14:08 . 2012-04-04 13:56	22344	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-05-03 07:31 . 2001-04-12 16:00	182272	----a-w-	c:\windows\patchw32.dll
2012-05-03 07:27 . 2012-05-03 07:32	--------	d-----w-	c:\program files\Black & White
2012-04-28 22:20 . 2012-04-28 22:20	--------	d-----w-	c:\program files\Dead Island
2012-04-14 19:10 . 2012-02-09 09:59	28992	----a-w-	c:\windows\system32\uxtuneup.dll
2012-04-14 11:56 . 2012-02-09 09:59	31552	----a-w-	c:\windows\system32\TURegOpt.exe
2012-04-14 11:56 . 2012-02-09 09:59	21312	----a-w-	c:\windows\system32\authuitu.dll
2012-04-14 11:56 . 2012-04-14 19:11	--------	d-----w-	c:\program files\TuneUp Utilities 2012
2012-04-13 12:39 . 2012-04-13 12:39	--------	d-----w-	c:\program files\GOG.com
2012-04-12 01:16 . 2012-04-13 11:51	--------	d-----w-	c:\program files\Legend of Grimrock
2012-04-11 21:42 . 2012-04-11 21:42	--------	d-----w-	c:\program files\Interplay
2012-04-11 21:14 . 2012-04-11 21:42	52224	----a-w-	c:\windows\ipuninst.exe
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-08 13:55 . 2012-03-07 12:54	83392	----a-w-	c:\windows\system32\drivers\avgntflt.sys
2012-05-08 13:55 . 2012-03-07 12:54	137928	----a-w-	c:\windows\system32\drivers\avipbb.sys
2012-04-05 13:17 . 2012-04-05 13:16	23146296	----a-w-	c:\windows\REGBK00.ZIP
2012-04-05 12:44 . 2012-04-05 12:44	632064	----a-w-	c:\windows\system32\msvcr80.dll
2012-04-05 12:44 . 2012-04-05 12:44	554240	----a-w-	c:\windows\system32\msvcp80.dll
2012-04-05 12:44 . 2012-04-05 12:44	34048	----a-w-	c:\windows\system32\eEmpty.exe
2012-02-29 23:59 . 2012-04-08 21:18	61248	----a-w-	c:\windows\system32\OpenCL.dll
2012-02-29 23:59 . 2012-04-08 21:18	19444544	----a-w-	c:\windows\system32\nvoglv32.dll
2012-02-29 23:59 . 2012-04-08 21:18	5892928	----a-w-	c:\windows\system32\nvcuda.dll
2012-02-29 23:59 . 2012-04-08 21:18	2517312	----a-w-	c:\windows\system32\nvcuvid.dll
2012-02-29 23:59 . 2012-04-08 21:18	2437440	----a-w-	c:\windows\system32\nvcuvenc.dll
2012-02-29 23:59 . 2012-04-08 21:18	10819392	----a-w-	c:\windows\system32\drivers\nvlddmkm.sys
2012-02-29 23:59 . 2012-04-08 21:18	17543488	----a-w-	c:\windows\system32\nvcompiler.dll
2012-02-29 23:59 . 2012-02-01 18:45	881984	----a-w-	c:\windows\system32\nvgenco32.dll
2012-02-29 23:59 . 2012-02-01 18:45	1000256	----a-w-	c:\windows\system32\nvdispco32.dll
2012-02-29 23:59 . 2011-05-21 04:01	7713088	----a-w-	c:\windows\system32\nvwgf2um.dll
2012-02-29 23:59 . 2009-06-12 10:26	15009600	----a-w-	c:\windows\system32\nvd3dum.dll
2012-02-29 23:59 . 2009-06-12 10:26	2301248	----a-w-	c:\windows\system32\nvapi.dll
2012-02-29 20:56 . 2010-07-24 12:51	3881792	----a-w-	c:\windows\system32\nvcpl.dll
2012-02-29 20:55 . 2010-07-24 12:51	2719040	----a-w-	c:\windows\system32\nvsvc.dll
2012-02-29 20:53 . 2010-07-24 12:51	108352	----a-w-	c:\windows\system32\nvmctray.dll
2012-02-29 20:53 . 2010-07-24 12:51	645440	----a-w-	c:\windows\system32\nvvsvc.exe
2012-02-29 20:53 . 2009-06-06 17:29	62272	----a-w-	c:\windows\system32\nvshext.dll
2012-02-29 20:53 . 2010-07-24 12:51	2561344	----a-w-	c:\windows\system32\nvsvcr.dll
2012-02-29 11:26 . 2012-02-29 11:26	416064	----a-w-	c:\windows\system32\nvStreaming.exe
2012-02-23 08:18 . 2010-01-16 00:43	237072	------w-	c:\windows\system32\MpSigStub.exe
2012-03-13 04:38 . 2012-04-04 12:37	97208	----a-w-	c:\program files\mozilla firefox\components\browsercomps.dll
2010-07-22 01:21	40490118	--sh--w-	c:\windows\mb_warband_upgrade_1100_to_1113.exe
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2008-05-07 6139904]
"ITSecMng"="c:\program files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe" [2009-07-22 83336]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-05-08 348624]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"InfoCockpit"="c:\program files\T-Online\T-Online_Software_6\Info-Cockpit\IC_START.EXE" [2007-07-30 176128]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"WindowsWelcomeCenter"=rundll32.exe oobefldr.dll,ShowWelcomeCenter
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
"ehTray.exe"=c:\windows\ehome\ehTray.exe
"SmpcSys"=c:\program files\PACKARD BELL\SetUpMyPC\SmpSys.exe
"Steam"="c:\program files\Steam\steam.exe" -silent
"Pando Media Booster"=c:\program files\Pando Networks\Media Booster\PMB.exe
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
"Skype"="c:\program files\Skype\Phone\Skype.exe" /nosplash /minimized
"clictend"=rundll32 ",CreateProcessNotify
"TBPanel"=c:\program files\Vtune\TBPanel.exe /A
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
"FijiKeyboard"=c:\acer\Preload\Autorun\DRV\FIJI Keyboard\ABoard.exe
"PWRISOVM.EXE"=c:\program files\PowerISO\PWRISOVM.EXE
"SmpcSys"=c:\program files\Packard Bell\SetupMyPC\SmpSys.exe
"ToADiMon.exe"=c:\program files\T-Online\T-Online_Software_6\Basis-Software\Basis1\ToADiMon.exe -TOnlineAutodialStart
"LogMeIn Hamachi Ui"="c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
"WinampAgent"="c:\program files\Winamp\winampa.exe"
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" /min
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation	REG_MULTI_SZ   	FontCache
bthsvcs	REG_MULTI_SZ   	BthServ
.
Inhalt des "geplante Tasks" Ordners
.
2012-05-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-22 20:54]
.
2012-05-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-22 20:54]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = 
mStart Page = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&s=1&o=vp32&d=0709&m=imedia_d3860_ge
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
IE: &Download by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/204
IE: Do&wnload selected by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/202
IE: Free YouTube to Mp3 Converter - c:\users\Boris\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: {{7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - c:\program files\ICQ7.5\ICQ.exe
IE: {{7644E42D-B096-457F-8B5B-901238FC81AE} - c:\program files\ICQ7.6\ICQ.exe
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Boris\AppData\Roaming\Mozilla\Firefox\Profiles\j1lg8v7j.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
AddRemove-eBay Icon - c:\users\Boris\AppData\Roaming\Desktopicon\uninst.exe
AddRemove-GT Interactive - Driver - c:\windows\IsUn0407.exe
AddRemove-Heroes of Might and Magic® III - c:\windows\IsUn0407.exe
AddRemove-MDT - c:\windows\iun6002.exe
AddRemove-Theme Park World - c:\windows\IsUn0407.exe
AddRemove-I-Doser v4 - c:\program files\IDoser v4\Uninstal.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2012-05-10 17:17
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse... 
.
Scanne versteckte Autostarteinträge... 
.
Scanne versteckte Dateien... 
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-209655109-2756548685-674970729-1000\* *ð*j* *e*\TOnline\T-Online_Software_6\Basis-Software\ToADial\100\AppReg\c:/program files/mozilla firefox/firefox.exe]
"AppState"=dword:00000002
"LastADUserDisabledAccessTime"=dword:4d99c147
"ADUserDisabledAccessCount"=dword:000000d9
.
[HKEY_USERS\S-1-5-21-209655109-2756548685-674970729-1000\*& *0*_*: *e*\TOnline\T-Online_Software_6\Basis-Software\ToADial\100\AppReg\c:/program files/mozilla firefox/firefox.exe]
"AppState"=dword:00000003
"LastADUserDisabledAccessTime"=dword:4bae778f
"ADUserDisabledAccessCount"=dword:00000001
.
[HKEY_USERS\S-1-5-21-209655109-2756548685-674970729-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{977DD83E-1770-5780-6B82-71A624E61845}*]
"iabjdkhacbjjjeepad"=hex:63,61,69,6c,6d,61,00,74
"hanopnaponobkido"=hex:67,61,65,6d,62,63,66,69,63,64,62,6d,65,68,00,00
.
[HKEY_USERS\S-1-5-21-209655109-2756548685-674970729-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:bb,00,b4,b9,c6,75,47,c7,c8,9f,b4,a3,15,4f,3f,0a,83,2f,4b,0e,cb,79,65,
   e7,71,7b,e2,87,2e,92,72,27,08,c2,97,3b,dc,eb,39,f3,0a,80,ac,cc,40,c7,61,4e,\
"??"=hex:eb,e3,74,83,86,99,fa,39,c9,dc,4b,3b,22,f4,dd,37
.
[HKEY_USERS\S-1-5-21-209655109-2756548685-674970729-1000\Software\SecuROM\License information*]
"datasecu"=hex:be,09,ec,d1,99,08,40,db,fa,31,90,f1,10,84,a7,e5,b0,51,f2,d0,c5,
   a0,f2,03,2f,ae,9b,7d,74,87,fb,86,7d,0f,2c,0e,e1,8e,c4,e0,d2,91,bb,cf,30,c9,\
"rkeysecu"=hex:26,38,ac,43,d4,93,b6,1a,b2,14,20,53,e4,20,4f,0e
.
[HKEY_USERS\S-1-5-21-209655109-2756548685-674970729-1000\|  
 °   
 e \TOnline\T-Online_Software_6\Basis-Software\ToADial\100\AppReg\c:/program files/mozilla firefox/firefox.exe]
"ADUserDisabledAccessCount"=dword:000de5f8
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Zeit der Fertigstellung: 2012-05-10  17:20:30
ComboFix-quarantined-files.txt  2012-05-10 15:20
.
Vor Suchlauf: 19 Verzeichnis(se), 38.239.797.248 Bytes frei
Nach Suchlauf: 26 Verzeichnis(se), 38.169.964.544 Bytes frei
.
- - End Of File - - 7F08EA2D2E32893889E5593AFCC1B989

cosinus · 11.05.2012, 20:53

Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.

Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM!

Downloade dir bitte

aswMBR.exe und speichere die Datei auf deinem Desktop.

Starte die aswMBR.exe - (aswMBR.exe Anleitung)
Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
Klicke auf Scan.
Warte bitte bis Scan finished successfully im DOS-Fenster steht.
Drücke auf Save Log und speichere diese auf dem Desktop.

Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).

Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes:
Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.

burke · 17.05.2012, 13:54

gmer log:

Code:

ATTFilter

GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-05-15 05:45:46
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\0000007a ST332041 rev.CC44
Running: gmer.exe; Driver: C:\Users\Boris\AppData\Local\Temp\fgloqpod.sys


---- System - GMER 1.0.15 ----

SSDT      907DD24E                                                                                                                                                                               ZwCreateSection
SSDT      907DD258                                                                                                                                                                               ZwRequestWaitReplyPort
SSDT      907DD253                                                                                                                                                                               ZwSetContextThread
SSDT      907DD25D                                                                                                                                                                               ZwSetSecurityObject
SSDT      907DD262                                                                                                                                                                               ZwSystemDebugControl
SSDT      907DD1EF                                                                                                                                                                               ZwTerminateProcess

INT 0x51  ?                                                                                                                                                                                      851FABF8
INT 0x52  ?                                                                                                                                                                                      87763F00
INT 0x92  ?                                                                                                                                                                                      851F9BF8
INT 0xA2  ?                                                                                                                                                                                      851FABF8
INT 0xA3  ?                                                                                                                                                                                      87763F00

---- Kernel code sections - GMER 1.0.15 ----

.text     ntkrnlpa.exe!KeSetEvent + 215                                                                                                                                                          828B4998 4 Bytes  [4E, D2, 7D, 90] {DEC ESI; SAR BYTE [EBP-0x70], CL}
.text     ntkrnlpa.exe!KeSetEvent + 539                                                                                                                                                          828B4CBC 4 Bytes  [58, D2, 7D, 90] {POP EAX; SAR BYTE [EBP-0x70], CL}
.text     ntkrnlpa.exe!KeSetEvent + 56D                                                                                                                                                          828B4CF0 4 Bytes  [53, D2, 7D, 90] {PUSH EBX; SAR BYTE [EBP-0x70], CL}
.text     ntkrnlpa.exe!KeSetEvent + 5D1                                                                                                                                                          828B4D54 4 Bytes  [5D, D2, 7D, 90] {POP EBP; SAR BYTE [EBP-0x70], CL}
.text     ntkrnlpa.exe!KeSetEvent + 619                                                                                                                                                          828B4D9C 4 Bytes  [62, D2, 7D, 90]
.text     ...                                                                                                                                                                                    
?         System32\Drivers\spou.sys                                                                                                                                                              Das System kann den angegebenen Pfad nicht finden. !
.text     USBPORT.SYS!DllUnload                                                                                                                                                                  8AF9741B 5 Bytes  JMP 877634E0 
.text     C:\Windows\system32\DRIVERS\atksgt.sys                                                                                                                                                 section is writeable [0xA70CB300, 0x3B6D8, 0xE8000020]
.text     C:\Windows\system32\DRIVERS\lirsgt.sys                                                                                                                                                 section is writeable [0xA7115300, 0x1BEE, 0xE8000020]

---- User code sections - GMER 1.0.15 ----

.text     C:\Program Files\Tunngle\TnglCtrl.exe[3500] ntdll.dll!DbgBreakPoint                                                                                                                    771C884E 1 Byte  [90]

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT       \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortUchar]                                                                                                              [806936D6] \SystemRoot\System32\Drivers\spou.sys
IAT       \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUchar]                                                                                                               [80693042] \SystemRoot\System32\Drivers\spou.sys
IAT       \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortBufferUshort]                                                                                                       [80693800] \SystemRoot\System32\Drivers\spou.sys
IAT       \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUshort]                                                                                                              [806930C0] \SystemRoot\System32\Drivers\spou.sys
IAT       \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortBufferUshort]                                                                                                        [8069313E] \SystemRoot\System32\Drivers\spou.sys
IAT       \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR]                                                                                                                     [806A2B90] \SystemRoot\System32\Drivers\spou.sys

---- Devices - GMER 1.0.15 ----

Device    \FileSystem\Ntfs \Ntfs                                                                                                                                                                 85F301F8
Device    \Driver\netbt \Device\NetBT_Tcpip_{C3A2DF7F-1230-48FE-B4BD-279B3F7814A7}                                                                                                               87AAD500
Device    \Driver\volmgr \Device\VolMgrControl                                                                                                                                                   851FC1F8
Device    \Driver\usbohci \Device\USBPDO-0                                                                                                                                                       877C91F8
Device    \Driver\usbehci \Device\USBPDO-1                                                                                                                                                       877CA1F8
Device    \Driver\netbt \Device\NetBT_Tcpip_{3F39D017-B652-4270-AB6F-6878927A7424}                                                                                                               87AAD500
Device    \Driver\USBSTOR \Device\000000a0                                                                                                                                                       879D0500
Device    \Driver\USBSTOR \Device\000000a1                                                                                                                                                       879D0500
Device    \Driver\USBSTOR \Device\000000a2                                                                                                                                                       879D0500
Device    \Driver\volmgr \Device\HarddiskVolume1                                                                                                                                                 851FC1F8
Device    \Driver\netbt \Device\NetBT_Tcpip_{36931A3B-291C-4867-B965-612740A42758}                                                                                                               87AAD500
Device    \Driver\USBSTOR \Device\000000a3                                                                                                                                                       879D0500
Device    \Driver\volmgr \Device\HarddiskVolume2                                                                                                                                                 851FC1F8
Device    \Driver\USBSTOR \Device\000000a4                                                                                                                                                       879D0500
Device    \Driver\cdrom \Device\CdRom0                                                                                                                                                           878001F8
Device    \Driver\atapi \Device\Ide\IdePort0                                                                                                                                                     85F2C1F8
Device    \Driver\atapi \Device\Ide\IdePort1                                                                                                                                                     85F2C1F8
Device    \Driver\volmgr \Device\HarddiskVolume3                                                                                                                                                 851FC1F8
Device    \Driver\cdrom \Device\CdRom1                                                                                                                                                           878001F8
Device    \Driver\volmgr \Device\HarddiskVolume4                                                                                                                                                 851FC1F8
Device    \Driver\cdrom \Device\CdRom2                                                                                                                                                           878001F8
Device    \Driver\volmgr \Device\HarddiskVolume5                                                                                                                                                 851FC1F8
Device    \Driver\volmgr \Device\HarddiskVolume6                                                                                                                                                 851FC1F8
Device    \Driver\netbt \Device\NetBt_Wins_Export                                                                                                                                                87AAD500
Device    \Driver\dtsoftbus01 \Device\DTSoftBusCtl                                                                                                                                               877F01F8
Device    \Driver\Smb \Device\NetbiosSmb                                                                                                                                                         87D9D1F8
Device    \Driver\nvstor32 \Device\RaidPort0                                                                                                                                                     85F2D1F8
Device    \Driver\netbt \Device\NetBT_Tcpip_{8CB6643F-D5F4-41C1-881B-435912BECCFE}                                                                                                               87AAD500
Device    \Driver\iScsiPrt \Device\RaidPort1                                                                                                                                                     877E31F8
Device    \Driver\usbohci \Device\USBFDO-0                                                                                                                                                       877C91F8
Device    \Driver\nvstor32 \Device\0000007a                                                                                                                                                      85F2D1F8
Device    \Driver\usbehci \Device\USBFDO-1                                                                                                                                                       877CA1F8
Device    \Driver\nvstor32 \Device\0000007b                                                                                                                                                      85F2D1F8
Device    \Driver\dtsoftbus01 \Device\0000007f                                                                                                                                                   877F01F8
Device    \Driver\phmcd \GLOBAL??\phmcd                                                                                                                                                          85F2E1F8
Device    \FileSystem\cdfs \Cdfs                                                                                                                                                                 88B0F1F8

---- Registry - GMER 1.0.15 ----

Reg       HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0009dd509215                                                                                                            
Reg       HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1                                                                                                                                     771343423
Reg       HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2                                                                                                                                     285507792
Reg       HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0                                                                                                                                     2
Reg       HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04                                                                                                       
Reg       HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0                                                                                                    0
Reg       HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew                                                                                                 0x0F 0xA5 0x77 0x06 ...
Reg       HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC                                                                                                       
Reg       HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                                                                                    1
Reg       HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                                                                                                 0x0D 0x66 0xC4 0x3A ...
Reg       HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\0009dd509215 (not active ControlSet)                                                                                        
Reg       HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)                                                                                   
Reg       HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0                                                                                                        0
Reg       HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew                                                                                                     0x0F 0xA5 0x77 0x06 ...
Reg       HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)                                                                                   
Reg       HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                                                                                        1
Reg       HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                                                                                                     0x0D 0x66 0xC4 0x3A ...
Reg       HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{977DD83E-1770-5780-6B82-71A624E61845}                                                                        
Reg       HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{977DD83E-1770-5780-6B82-71A624E61845}@iabjdkhacbjjjeepad                                                     0x63 0x61 0x69 0x6C ...
Reg       HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{977DD83E-1770-5780-6B82-71A624E61845}@hanopnaponobkido                                                       0x67 0x61 0x65 0x6D ...
Reg       HKCU\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Persisted@C:\Program Files\\x2014zŽË\x201aµ\x201aÌ\x2019\x2020\x201aÌƒŠƒAƒ\x2039\_uninst.exe  1

---- EOF - GMER 1.0.15 ----

osma log:

Code:

ATTFilter

Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 14:34:21 on 17.05.2012

OS: Windows Vista Home Premium Edition Service Pack 2 (Build 6002), 32-bit
Default Browser: Mozilla Corporation Firefox 11.0

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Common]
-----( %SystemRoot%\Tasks )-----
"GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe

[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"DivXControlPanelApplet.cpl" - "DivX, Inc." - C:\Windows\system32\DivXControlPanelApplet.cpl
"FlashPlayerCPLApp.cpl" - "Adobe Systems Incorporated" - C:\Windows\system32\FlashPlayerCPLApp.cpl
"nvcpl.cpl" - "NVIDIA Corporation" - C:\Windows\system32\nvcpl.cpl
"PhysX.cpl" - "NVIDIA Corporation" - C:\Windows\system32\PhysX.cpl
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"Nero BurnRights" - "Nero AG" - C:\Program Files\Nero\Nero8\Nero Toolkit\NeroBurnRights.cpl
"Pando" - "Pando Networks" - C:\Program Files\Pando Networks\Media Booster\PMB.cpl
"TosBtLocalCOM" - "TOSHIBA CORPORATION" - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\sys\LocalCOM.cpl
"ToSysCnf" - "Deutsche Telekom AG, Marmiko IT-Solutions GmbH" - C:\Program Files\T-Online\T-Online_Software_6\Basis-Software\Basis1\ToSysCnf.cpl

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"atksgt" (atksgt) - ? - C:\Windows\System32\DRIVERS\atksgt.sys  (File found, but it contains no detailed information)
"avgntflt" (avgntflt) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avgntflt.sys
"avipbb" (avipbb) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avipbb.sys
"avkmgr" (avkmgr) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avkmgr.sys
"catchme" (catchme) - ? - C:\Users\Boris\AppData\Local\Temp\catchme.sys  (File not found)
"Driver for MagicISO SCSI Host Controller" (mcdbus) - "MagicISO, Inc." - C:\Windows\System32\DRIVERS\mcdbus.sys
"Hamachi Network Interface" (hamachi) - "LogMeIn, Inc." - C:\Windows\System32\DRIVERS\hamachi.sys
"int15" (int15) - "Acer, Inc." - C:\Windows\system32\drivers\int15.sys
"IP in IP Tunnel Driver" (IpInIp) - ? - C:\Windows\System32\DRIVERS\ipinip.sys  (File not found)
"IPX Traffic Filter Driver" (NwlnkFlt) - ? - C:\Windows\System32\DRIVERS\nwlnkflt.sys  (File not found)
"IPX Traffic Forwarder Driver" (NwlnkFwd) - ? - C:\Windows\System32\DRIVERS\nwlnkfwd.sys  (File not found)
"lirsgt" (lirsgt) - ? - C:\Windows\System32\DRIVERS\lirsgt.sys  (File found, but it contains no detailed information)
"MTOnlPktAlyX NDIS Protocol Driver" (MTOnlPktAlyX) - "Deutsche Telekom AG AG, Marmiko IT-Solutions GmbH" - C:\PROGRA~1\T-Online\T-ONLI~1\BASIS-~1\Basis1\MTOnlPktAlyX.SYS
"phmcd" (phmcd) - "Phantombility, Inc" - C:\Windows\System32\DRIVERS\phmcd.sys
"PlayLinc Adapter" (hamachi_oem) - "Applied Networking Inc." - C:\Windows\System32\DRIVERS\gan_adapter.sys
"PxHelp20" (PxHelp20) - "Sonic Solutions" - C:\Windows\System32\Drivers\PxHelp20.sys
"SCDEmu" (SCDEmu) - "PowerISO Computing, Inc." - C:\Windows\system32\drivers\SCDEmu.sys
"sptd" (sptd) - "Duplex Secure Ltd." - C:\Windows\System32\Drivers\sptd.sys  (File is exclusively opened, access blocked)
"ssmdrv" (ssmdrv) - "Avira GmbH" - C:\Windows\System32\DRIVERS\ssmdrv.sys
"TBPanel" (TBPanel) - "Windows (R) 2000 DDK provider" - C:\Windows\system32\drivers\TBPanel.sys
"TuneUpUtilitiesDrv" (TuneUpUtilitiesDrv) - "TuneUp Software" - C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesDriver32.sys
"WinCDEmu Virtual Bus Driver" (BazisVirtualCDBus) - "SysProgs.org" - C:\Windows\System32\DRIVERS\BazisVirtualCDBus.sys

[Explorer]
-----( HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{45C6AFA5-2C13-402f-BC5D-45CC8172EF6B} "Bluetooth" - ? -   (File not found | COM-object registry key not found)
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
-----( HKLM\Software\Classes\Protocols\Filter )-----
{807563E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
-----( HKLM\Software\Classes\Protocols\Handler )-----
{314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
{0A9007C0-4076-11D3-8789-0000F8105754} "Microsoft Infotech Storage Protocol for IE 4.0" - "Microsoft Corporation" - c:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll
{03C514A3-1EFB-4856-9F99-10D7BE1653C0} "Windows Live Mail HTML Asynchronous Pluggable Protocol Handler" - "Microsoft Corporation" - C:\Program Files\Windows Live\Mail\mailcomm.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )-----
{E54729E8-BB3D-4270-9D49-7389EA579090} "EasyBits ShellExecute Hook" - "EasyBits Software Corp." - C:\Windows\system32\EZUPBH~1.DLL
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{911051fa-c21c-4246-b470-070cd8df6dc4} ".cab or .zip files" - ? -   (File not found | COM-object registry key not found)
{1b24a030-9b20-49bc-97ac-1be4426f9e59} "ActiveDirectory Folder" - ? -   (File not found | COM-object registry key not found)
{34449847-FD14-4fc8-A75A-7432F5181EFB} "ActiveDirectory Folder" - ? -   (File not found | COM-object registry key not found)
{5D607245-F832-4faa-9C92-895B7E06CFCF} "ArtRage Painting Thumbnail Handler" - "Ambient Design Ltd" - C:\Program Files\Ambient Design\ArtRage Studio Pro\AR3Thumb.dll
{0563DB41-F538-4B37-A92D-4659049B7766} "CLSID_WLMCMimeFilter" - "Microsoft Corporation" - C:\Program Files\Windows Live\Mail\mailcomm.dll
{0F8604A5-4ECE-4DE1-BA7D-CF10F8AA4F48} "Contacts folder" - ? -   (File not found | COM-object registry key not found)
{84058084-7609-44D1-B3CC-7A9436CB6D92} "Context Menu Shell Extension" - ? - C:\PROGRA~1\PERFEC~1\CONTEX~1.DLL  (File found, but it contains no detailed information)
{A70C977A-BF00-412C-90B7-034C51DA2439} "DesktopContext Class" - "NVIDIA Corporation" - C:\Program Files\NVIDIA Corporation\Display\nvui.dll
{2C2577C2-63A7-40e3-9B7F-586602617ECB} "Explorer Query Band" - ? -   (File not found | COM-object registry key not found)
{FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} "IE User Assist" - ? -   (File not found | COM-object registry key not found)
{00020d75-0000-0000-c000-000000000046} "lnkfile" - ? -   (File not found | COM-object registry key not found)
{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\msohevi.dll
{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C} "Microsoft Office OneNote Namespace Extension for Windows Desktop Search" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\ONFILTER.DLL
{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{97F68CE3-7146-45FF-BE24-D9A7DD7CB8A2} "NeroCoverEdLiveIcons Class" - "Nero AG" - C:\Program Files\Nero\Nero8\Nero CoverDesigner\CoverEdExtension.dll
{3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} "NVIDIA CPL Context Menu Extension" - "NVIDIA Corporation" - C:\Windows\system32\nvshext.dll
{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "OpenOffice.org Column Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{087B3AE3-E237-4467-B8DB-5A38AB959AC9} "OpenOffice.org Infotip Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{63542C48-9552-494A-84F7-73AA6A7C99C1} "OpenOffice.org Property Sheet Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{3B092F0C-7696-40E3-A80F-68D74DA84210} "OpenOffice.org Thumbnail Viewer" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{967B2D40-8B7D-4127-9049-61EA0C2C6DCE} "PowerISO" - ? -   (File not found | COM-object registry key not found)
{C8494E42-ACDD-4739-B0FB-217361E4894F} "Sam Account Folder" - ? -   (File not found | COM-object registry key not found)
{E29F9716-5C08-4FCD-955A-119FDB5A522D} "Sam Account Folder" - ? -   (File not found | COM-object registry key not found)
{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira Operations GmbH & Co. KG" - C:\Program Files\Avira\AntiVir Desktop\shlext.dll
{4838CD50-7E5D-4811-9B17-C47A85539F28} "TuneUp Disk Space Explorer Shell Extension" - "TuneUp Software" - C:\Program Files\TuneUp Utilities 2012\DseShExt-x86.dll
{4858E7D9-8E12-45a3-B6A3-1CD128C9D403} "TuneUp Shredder Shell Extension" - "TuneUp Software" - C:\Program Files\TuneUp Utilities 2012\SDShelEx-win32.dll
{44440D00-FF19-4AFC-B765-9A0970567D97} "TuneUp Theme Extension" - "TuneUp Software" - C:\Windows\System32\uxtuneup.dll
{2BE99FD4-A181-4996-BFA9-58C5FFD11F6C} "Windows Live Photo Gallery Autoplay Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe
{00F30F64-AC33-42F5-8FD1-5DC2D3FDE06C} "Windows Live Photo Gallery Editor Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe
{00F3712A-CA79-45B4-9E4D-D7891E7F8B9D} "Windows Live Photo Gallery Editor Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll
{00F30F90-3E96-453B-AFCD-D71989ECC2C7} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll
{00F33137-EE26-412F-8D71-F84E4C2C6625} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll
{00F374B7-B390-4884-B372-2FC349F2172B} "Windows Live Photo Gallery Viewer Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe
{00F346CB-35A4-465B-8B8F-65A29DBAB1F6} "Windows Live Photo Gallery Viewer Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll
{da67b8ad-e81b-4c70-9b91b417b5e33527} "Windows Search Shell Service" - ? -   (File not found | COM-object registry key not found)
{B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - "Alexander Roshal" - C:\Program Files\WinRAR\rarext.dll
{06A2568A-CED6-4187-BB20-400B8C02BE5A} "{06A2568A-CED6-4187-BB20-400B8C02BE5A}" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoAcquireWizard.exe

[Internet Explorer]
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
<binary data> "Google Toolbar" - "Google Inc." - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
ITBar7Height "ITBar7Height" - ? -   (File not found | COM-object registry key not found)
<binary data> "ITBar7Layout" - ? -   (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} "Java Plug-in 1.6.0_31" - "Oracle Corporation" - C:\Program Files\Java\jre7\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
{CAFEEFAC-0017-0000-0004-ABCDEFFEDCBA} "Java Plug-in 1.7.0_04" - "Oracle Corporation" - C:\Program Files\Java\jre7\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_04-windows-i586.cab
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 10.4.0" - "Oracle Corporation" - C:\Program Files\Java\jre7\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_04-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 10.4.0" - "Oracle Corporation" - C:\Program Files\Java\jre7\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
{48E73304-E1D6-4330-914C-F5F514E3486C} "An OneNote senden" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
"ICQ7.5" - "ICQ, LLC." - C:\Program Files\ICQ7.5\ICQ.exe
"ICQ7.6" - "ICQ, LLC." - C:\Program Files\ICQ7.6\ICQ.exe
{5F7B1267-94A9-47F5-98DB-E99415F33AEC} "In Blog veröffentlichen" - "Microsoft Corporation" - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
{FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Research" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )-----
<binary data> "Google Toolbar" - "Google Inc." - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
{AA58ED58-01DD-4d91-8333-CF10577473F7} "Google Toolbar Helper" - "Google Inc." - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Oracle Corporation" - C:\Program Files\Java\jre7\bin\jp2ssv.dll
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} "Java(tm) Plug-In SSV Helper" - "Oracle Corporation" - C:\Program Files\Java\jre7\bin\ssv.dll
{000123B4-9B42-4900-B3F7-F4B073EFC214} "Octh Class" - "Orbitdownloader.com" - C:\Program Files\Orbitdownloader\orbitcth.dll
{9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live Anmelde-Hilfsprogramm" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

[Logon]
-----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\Users\Boris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----
"swg" - "Google Inc." - "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
-----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )-----
"StartupPrograms" - ? - rdpclip  (File not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"avgnt" - "Avira Operations GmbH & Co. KG" - "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
"ITSecMng" - "TOSHIBA CORPORATION" - C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START

[Print Monitors]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----
"Send To Microsoft OneNote Monitor" - "Microsoft Corporation" - C:\Windows\system32\msonpmon.dll
"Toshiba Bluetooth Monitor" - "TOSHIBA CORPORATION." - C:\Windows\system32\tbtmon.dll

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"@%SystemRoot%\System32\uxtuneup.dll,-4096" (UxTuneUp) - "TuneUp Software" - C:\Windows\System32\uxtuneup.dll
"@c:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100" (WPFFontCache_v0400) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
"Adobe Active File Monitor V6" (AdobeActiveFileMonitor6.0) - ? - C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe  (File found, but it contains no detailed information)
"ASP.NET-Zustandsdienst" (aspnet_state) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
"Autodesk Licensing Service" (Autodesk Licensing Service) - "Autodesk" - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
"Avira Echtzeit Scanner" (AntiVirService) - "Avira Operations GmbH & Co. KG" - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
"Avira Planer" (AntiVirSchedulerService) - "Avira Operations GmbH & Co. KG" - C:\Program Files\Avira\AntiVir Desktop\sched.exe
"CyberGhost VPN Client" (CGVPNCliSrvc) - "mobile concepts GmbH" - C:\Program Files\S.A.D\CyberGhost VPN\CGVPNCliService.exe
"Empowering Technology Service" (ETService) - ? - C:\Program Files\Packard Bell\Packard Bell Recovery Management\Service\ETService.exe
"FLEXnet Licensing Service" (FLEXnet Licensing Service) - "Macrovision Europe Ltd." - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
"Generic Service for HID Keyboard Input Collections" (GenericHidService) - "Packard Bell Services" - C:\Windows\system32\HidService.exe
"Google Software Updater" (gusvc) - "Google" - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
"Google Update Service (gupdate)" (gupdate) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"Google Update-Dienst (gupdatem)" (gupdatem) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"InstallDriver Table Manager" (IDriverT) - "Macrovision Corporation" - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
"LogMeIn Hamachi Tunneling Engine" (Hamachi2Svc) - "LogMeIn Inc." - C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
"mental ray 3.5 Satellite (32-bit)" (mi-raysat_3dsmax9_32) - ? - C:\Windows\system32\drivers\mi-raysat_3dsmax9_32.sys  (File not found)
"Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
"Microsoft Office Diagnostics Service" (odserv) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
"Nero BackItUp Scheduler 3" (Nero BackItUp Scheduler 3) - "Nero AG" - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
"NMIndexingService" (NMIndexingService) - "Nero AG" - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
"nProtect GameGuard Service" (npggsvc) - "INCA Internet Co., Ltd." - C:\Windows\system32\GameMon.des
"NVIDIA Display Driver Service" (nvsvc) - "NVIDIA Corporation" - C:\Windows\system32\nvvsvc.exe
"NVIDIA Stereoscopic 3D Driver Service" (Stereo Service) - "NVIDIA Corporation" - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
"NVIDIA Update Service Daemon" (nvUpdatusService) - "NVIDIA Corporation" - C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
"Office Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
"PLFlash DeviceIoControl Service" (PLFlash DeviceIoControl Service) - "Prolific Technology Inc." - C:\Windows\system32\IoctlSvc.exe
"PnkBstrA" (PnkBstrA) - ? - C:\Windows\system32\PnkBstrA.exe  (File found, but it contains no detailed information)
"SQL Server (SQLEXPRESS)" (MSSQL$SQLEXPRESS) - "Microsoft Corporation" - c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
"SQL Server VSS Writer" (SQLWriter) - "Microsoft Corporation" - c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
"Steam Client Service" (Steam Client Service) - "Valve Corporation" - C:\Program Files\Common Files\Steam\SteamService.exe
"TOSHIBA Bluetooth Service" (TOSHIBA Bluetooth Service) - "TOSHIBA CORPORATION" - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
"TuneUp Utilities Service" (TuneUp.UtilitiesSvc) - "TuneUp Software" - C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe
"TunngleService" (TunngleService) - "Tunngle.net GmbH" - C:\Program Files\Tunngle\TnglCtrl.exe

[Winlogon]
-----( HKCU\Control Panel\Desktop )-----
"SCRNSAVE.EXE" - ? - (None)  (File not found)

===[ Logfile end ]=========================================[ Logfile end ]===

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru

aswMBR stürzt nach einer zeit bei mir ab. habe mehrere male versucht

cosinus · 17.05.2012, 18:27

Zu aswMBR gab es ganz unten extra einen Hinweis

Zitat:

Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes:
Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.

burke · 18.05.2012, 13:22

oh sry hab ich wohl übersehn
hier das log:

Code:

ATTFilter

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-05-18 14:05:27
-----------------------------
14:05:27.930    OS Version: Windows 6.0.6002 Service Pack 2
14:05:27.930    Number of processors: 2 586 0x170A
14:05:27.930    ComputerName: BORIS-PC  UserName: Boris
14:06:17.007    Initialize success
14:06:21.673    AVAST engine defs: 12051700
14:06:45.035    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\0000007a
14:06:45.039    Disk 0 Vendor: ST332041 CC44 Size: 305245MB BusType: 6
14:06:45.076    Disk 0 MBR read successfully
14:06:45.078    Disk 0 MBR scan
14:06:45.108    Disk 0 Windows VISTA default MBR code
14:06:45.143    Disk 0 Partition 1 00     27 Hidden NTFS WinRE NTFS        14336 MB offset 2048
14:06:45.168    Disk 0 Partition 2 80 (A) 07    HPFS/NTFS NTFS       290907 MB offset 29362176
14:06:45.189    Disk 0 scanning sectors +625140400
14:06:45.463    Disk 0 scanning C:\Windows\system32\drivers
14:07:48.796    Service scanning
14:11:33.496    Service sptd C:\Windows\System32\Drivers\sptd.sys **LOCKED** 32
14:12:09.888    Modules scanning
14:12:22.325    Disk 0 trace - called modules:
14:12:22.338    ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll >>UNKNOWN [0x85f2d1f8]<<
14:12:22.338    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86613ac8]
14:12:22.338    3 CLASSPNP.SYS[8b1b28b3] -> nt!IofCallDriver -> [0x85f5ef08]
14:12:22.338    5 acpi.sys[807c26bc] -> nt!IofCallDriver -> \Device\0000007a[0x85fcd378]
14:12:22.338    \Driver\nvstor32[0x85f69560] -> IRP_MJ_CREATE -> 0x85f2d1f8
14:12:22.338    Scan finished successfully
14:20:39.445    Disk 0 MBR has been saved successfully to "C:\Users\Boris\Desktop\MBR.dat"
14:20:39.451    The log file has been saved successfully to "C:\Users\Boris\Desktop\aswMBR.txt"

cosinus · 19.05.2012, 12:05

Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!

19.05.2012, 12:05	#21
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	malewarebytes scan mit vielen funden Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs. Denk dran beide Tools zu updaten vor dem Scan!! __________________ --> malewarebytes scan mit vielen funden

malewarebytes scan mit vielen funden

Log-Analyse und Auswertung: malewarebytes scan mit vielen funden