Bluescreen nach Windows Anmeldung. Häufig hohe Auslastung und Trojaner endeckt.

md-heretic · 04.06.2009, 11:24

Hi.
Kannst du mir nochmal sagen was ich den System Look schreiben soll.
Weil wenn ich das eingebe was du meintest sagter er nur "No Context: c:/dokumente und einstellungen/ich roque/windows \s"

und bei auch bei "dir:" was auch immer das heissen mag.

Also wäre gut wenn du mir nochma sagst ob ich da was falsch gemacht habe oder wie es funktioniert.

myrtille · 04.06.2009, 22:54

Hi,

sorry der text hätte heißen müssen:

Zitat:

:dir
c:\dokumente und einstellungen\Ich Roque\WINDOWS /s

Du musst beide zeilen in das fenster kopieren.

Das Log listet dir dann alle darin befindlichen ordner, dateien und unterordner.

lg myrtille

md-heretic · 05.06.2009, 17:30

Ok dann kommt jetzt alles was du verlangt hast.

Der System Look :

SystemLook v1.0 by jpshortstuff (22.05.09)
Log created at 18:27 on 05/06/2009 by Ich Roque (Administrator - Elevation successful)

========== dir ==========

c:\dokumente und einstellungen\Ich Roque\WINDOWS - Parameters: "/s"

---Files---
None found.

c:\dokumente und einstellungen\Ich Roque\WINDOWS\system d----- [12:44 30/05/2009]

-=End Of File=-

kann das so sein das er nichts findet ??!

---------------------------------------

der file-upload link

http://www.file-upload.net/download-1680961/4321f456.bat.html

---------------------------------------

Der HijackThis Log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:30:12, on 05.06.2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\acs.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Programme\QuickTime\QTTask.exe
C:\Programme\iTunes\iTunesHelper.exe
C:\Programme\RK Launcher\RKLauncher.exe
C:\Programme\Windows Live\Messenger\msnmsgr.exe
C:\Dokumente und Einstellungen\Ich Roque\Lokale Einstellungen\Anwendungsdaten\Google\Update\GoogleUpdate.exe
C:\WINDOWS\9129837.exe
C:\Programme\NETGEAR\WPN311\wlancfg5.exe
C:\Programme\RK Launcher\RKLauncher.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programme\Bonjour\mDNSResponder.exe
C:\Programme\Gemeinsame Dateien\InterVideo\DeviceService\DevSvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\iPod\bin\iPodService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Dokumente und Einstellungen\Ich Roque\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\Application\chrome.exe
C:\Dokumente und Einstellungen\Ich Roque\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\Application\chrome.exe
C:\Dokumente und Einstellungen\Ich Roque\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\Application\chrome.exe
C:\Programme\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\osk.exe
C:\WINDOWS\system32\MSSWCHX.EXE
C:\WINDOWS\notepad.exe
C:\Programme\Trend Micro\HijackThis\prüfung.com.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.esl-europe.net/de/player/687217/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:7171
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQToolbar\toolbaru.dll
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\sdra64.exe,
O1 - Hosts: 213.180.204.8 google.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Winamp Toolbar BHO - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Programme\Winamp Toolbar\winamptb.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Programme\Winamp Toolbar\winamptb.dll
O4 - HKLM\..\Run: [ATIPTA] "C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [System Files Updater] C:\WINDOWS\FlyakiteOSX\System Files Updater.exe /S
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programme\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [RK Launcher] C:\Programme\RK Launcher\RKLauncher.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Programme\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Google Update] "C:\Dokumente und Einstellungen\Ich Roque\Lokale Einstellungen\Anwendungsdaten\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [ttool] C:\WINDOWS\9129837.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: imiupd32.exe
O4 - Startup: RK Launcher.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: NETGEAR WPN311 Wireless Assistant.lnk = C:\Programme\NETGEAR\WPN311\wlancfg5.exe
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Programme\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: &Winamp Toolbar Search - C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O9 - Extra button: Battlefield Poker - {B736E0DC-CCE3-4e3c-B14F-403FC1569583} - C:\Microgaming\Poker\BattleFieldPokerMPP\MPPoker.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programme\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programme\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe (file missing)
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://mdunze36.spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/DE-DE/a-UNO1/GAME_UNO1.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab47946.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://register3.valueactive.com/mpp_649/webolr/OCX/FlashAX.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab31267.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour-Dienst (Bonjour Service) - Apple Inc. - C:\Programme\Bonjour\mDNSResponder.exe
O23 - Service: Capture Device Service - InterVideo Inc. - C:\Programme\Gemeinsame Dateien\InterVideo\DeviceService\DevSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Programme\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 9414 bytes

md-heretic · 05.06.2009, 17:34

Also momentan fallen mir nicht so schwer wiegende Probleme auf.
Mein Internet funktionierte plötzlich wieder. Wohl durch das fixen bei HighjackThis.

Es ist halt ab und zu noch zu langsam...

Und die Auslastung ist zwar oft zwischen 0-5%, aber geht zu schnell in die Höhe wenn ein Program mal arbeitet.

Ich habe inmoment 537MB zugesichtern Speicher. Kommt mir irgendwie viel vor und ich habe nur 1GB Arbeitspeicher.

Also falls das mit dem SystemLook Log nicht stimmt sag nochmal bescheid.

myrtille · 06.06.2009, 14:27

Hi,

systemlook ist ok, der Ordner ist leer bis auf einen weiteren Unterordner. Wenn der Ordner leer ist, dann kann der auch einfach gelöscht werden.

Was hast du denn gemacht seitdem du wieder internet hast? Du bist bereits mit etwas neuem infiziert.

Lass bitte nochmal Combofix laufen, lass das Programm ins Internet, falls es versuchen sollte scih zu aktualisieren.
Ansonsten bitte so wenig wir irgend möglich ins Internet gehen und keine Dateien mit zweifelhafter Herkunft ausführen.

lg myrtille

lg myrtille

md-heretic · 08.06.2009, 15:35

Hmm aber gerade sowas habe ich ja auch eigentlich nicht gemacht.
Nichts runtergeladen oder geöffnet ! :S

Ich habe nun übrigens einen Fehler gefunden. Mein Internet hat Probleme bei Java Applicationen. Das heisst zu erst dachte ich es liegt am Browser. Bei Mozilla ist oben Links neben den "Schliessen - X" ein Wahndreieck von Java, allerdings ohne aussage was das zu bedeuten hat.

Jedenfalls hatte ich dann Mozilla und Safari gleichzeitig laufen und bei einer Java Application von Safari sind beide Browser zugegangen. Also das komplette Internet stürzt irgendwie ab?!

Was kann das nun wieder sein.

myrtille · 09.06.2009, 00:59

Hi,

das klingt als würde Java oder einer deiner Browser abstürzen. Das heißt nicht das dein Internet weg ist.

Wahrscheinlich wird das durch die Malware verursacht, oder möglicherweise durch einen Fehler im Programm.
Ich würd erstmal versuchen die neue Malware zu entfernen, bevor du dich auf Fehlersuche begibst.

lg myrtille

md-heretic · 26.06.2009, 09:55

Hey,
Ich würde ja gerne eventuelle Malware beseitigen, allerdings
lassen sich weder Anti-Malware noch ComboFix starten.
Was kann passiert sein ?!

Gibt es einen Weg, die Programme wieder in Gang zu bekommen.
Hab ComboFix auch neu runtergeladen ging aber trotzdem nicht.
Es wird einmal geladen bei Doppelklick, öffnet sich aber nicht.

Also wie kann ich das wieder hinbekommen?!

myrtille · 26.06.2009, 12:39

Hi,

wenn Combofix und Malwarebytes nicht starten, dann versuch bitte GMER herunterzuladen und ein Log zu erstellen.
Schließe vor dem Scan bitte alle offenen Fenster.
Gmer scannen lassen

Lade dir Gmer von dieser Seite runter und entpacke es auf deinen Desktop.

Starte gmer.exe und gehe zum Tab Rootkit. Alle anderen Programme sollen geschlossen sein.

Stelle sicher, daß in der Leiste rechts alles von "System" bis "ADS" angehakt ist
(Wichtig: "Show all" darf nicht angehakt sein)

Starte den Durchlauf mit "Scan".

Mache nichts am Computer während der Scan läuft.

Wenn der Scan fertig ist klicke auf "Copy" um das Log in die Zwischenablage zu kopieren. Mit "Ok" wird GMER beendet.

Füge das Log aus der Zwischenablage in deine Antwort hier ein.

sowie ein neues RSIT log.

Wir werden dann versuchen die Einträge manuell zu löschen.

lg myrtille

md-heretic · 01.07.2009, 17:05

Code:

ATTFilter

GMER 1.0.15.14972 - hxxp://www.gmer.net
Rootkit scan 2009-06-28 08:42:50
Windows 5.1.2600 Service Pack 2
 
 
---- System - GMER 1.0.15 ----
 
Code 8604A1D0 ZwEnumerateKey
Code 864F30B0 ZwFlushInstructionCache
Code 8604A216 IofCallDriver
Code 865DEFD6 IofCompleteRequest
 
---- Kernel code sections - GMER 1.0.15 ----
 
.text OSXBOOT.EXE!IofCallDriver 804E37C5 5 Bytes JMP 8604A21B 
.text OSXBOOT.EXE!IofCompleteRequest 804E3BF6 5 Bytes JMP 865DEFDB 
PAGE OSXBOOT.EXE!ZwEnumerateKey 8056EEB0 4 Bytes JMP 8604A1D4 
PAGE OSXBOOT.EXE!ZwFlushInstructionCache 805769EA 5 Bytes JMP 864F30B4 
? C:\WINDOWS\system32\drivers\sptd.sys Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird.
.text USBPORT.SYS!DllUnload F62D962C 5 Bytes JMP 865BE5B0 
? System32\Drivers\aqp04gk9.SYS Das System kann den angegebenen Pfad nicht finden. !
 
---- User code sections - GMER 1.0.15 ----
 
.text C:\Programme\Gemeinsame Dateien\InterVideo\DeviceService\DevSvc.exe[280] ntdll.dll!LdrLoadDll 7C925CBB 5 Bytes JMP 0070000A 
.text C:\Programme\Gemeinsame Dateien\InterVideo\DeviceService\DevSvc.exe[280] ntdll.dll!LdrUnloadDll 7C926C83 5 Bytes JMP 0071000A 
.text C:\Programme\Java\jre6\bin\jqs.exe[424] ntdll.dll!LdrLoadDll 7C925CBB 5 Bytes JMP 0070000A 
.text C:\Programme\Java\jre6\bin\jqs.exe[424] ntdll.dll!LdrUnloadDll 7C926C83 5 Bytes JMP 0071000A 
.text C:\WINDOWS\system32\nvsvc32.exe[616] ntdll.dll!LdrLoadDll 7C925CBB 5 Bytes JMP 006E000A 
.text C:\WINDOWS\system32\nvsvc32.exe[616] ntdll.dll!LdrUnloadDll 7C926C83 5 Bytes JMP 006F000A 
.text C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe[748] ntdll.dll!LdrLoadDll 7C925CBB 5 Bytes JMP 0095000A 
.text C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe[748] ntdll.dll!LdrUnloadDll 7C926C83 5 Bytes JMP 0096000A 
.text C:\WINDOWS\system32\RUNDLL32.EXE[768] ntdll.dll!LdrLoadDll 7C925CBB 5 Bytes JMP 00A7000A 
.text C:\WINDOWS\system32\RUNDLL32.EXE[768] ntdll.dll!LdrUnloadDll 7C926C83 5 Bytes JMP 00A8000A 
.text C:\WINDOWS\system32\winlogon.exe[800] ntdll.dll!LdrLoadDll 7C925CBB 5 Bytes JMP 008A000A 
.text C:\WINDOWS\system32\winlogon.exe[800] ntdll.dll!LdrUnloadDll 7C926C83 5 Bytes JMP 008B000A 
.text C:\Programme\QuickTime\QTTask.exe[820] ntdll.dll!LdrLoadDll 7C925CBB 5 Bytes JMP 0244000A 
.text C:\Programme\QuickTime\QTTask.exe[820] ntdll.dll!LdrUnloadDll 7C926C83 5 Bytes JMP 0245000A 
.text C:\WINDOWS\system32\services.exe[844] ntdll.dll!LdrLoadDll 7C925CBB 5 Bytes JMP 006F000A 
.text C:\WINDOWS\system32\services.exe[844] ntdll.dll!LdrUnloadDll 7C926C83 5 Bytes JMP 0071000A 
.text C:\WINDOWS\system32\lsass.exe[856] ntdll.dll!LdrLoadDll 7C925CBB 5 Bytes JMP 006F000A 
.text C:\WINDOWS\system32\lsass.exe[856] ntdll.dll!LdrUnloadDll 7C926C83 5 Bytes JMP 0072000A 
.text C:\Programme\iTunes\iTunesHelper.exe[960] ntdll.dll!LdrLoadDll 7C925CBB 5 Bytes JMP 0099000A 
.text C:\Programme\iTunes\iTunesHelper.exe[960] ntdll.dll!LdrUnloadDll 7C926C83 5 Bytes JMP 009A000A 
.text C:\Programme\Java\jre6\bin\jusched.exe[1012] ntdll.dll!LdrLoadDll 7C925CBB 5 Bytes JMP 0242000A 
.text C:\Programme\Java\jre6\bin\jusched.exe[1012] ntdll.dll!LdrUnloadDll 7C926C83 5 Bytes JMP 0243000A 
.text C:\Programme\RK Launcher\RKLauncher.exe[1036] ntdll.dll!LdrLoadDll 7C925CBB 5 Bytes JMP 0251000A 
.text C:\Programme\RK Launcher\RKLauncher.exe[1036] ntdll.dll!LdrUnloadDll 7C926C83 5 Bytes JMP 0252000A 
.text C:\Programme\NETGEAR\WPN311\wlancfg5.exe[1108] ntdll.dll!LdrLoadDll 7C925CBB 5 Bytes JMP 02A2000A 
.text C:\Programme\NETGEAR\WPN311\wlancfg5.exe[1108] ntdll.dll!LdrUnloadDll 7C926C83 5 Bytes JMP 02A5000A 
.text C:\WINDOWS\system32\acs.exe[1276] ntdll.dll!LdrLoadDll 7C925CBB 5 Bytes JMP 0085000A 
.text C:\WINDOWS\system32\acs.exe[1276] ntdll.dll!LdrUnloadDll 7C926C83 5 Bytes JMP 0086000A 
.text C:\WINDOWS\system32\spoolsv.exe[1628] ntdll.dll!LdrLoadDll 7C925CBB 5 Bytes JMP 0097000A 
.text C:\WINDOWS\system32\spoolsv.exe[1628] ntdll.dll!LdrUnloadDll 7C926C83 5 Bytes JMP 0098000A 
.text C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1760] ntdll.dll!LdrLoadDll 7C925CBB 5 Bytes JMP 006E000A 
.text C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1760] ntdll.dll!LdrUnloadDll 7C926C83 5 Bytes JMP 006F000A 
.text C:\Programme\Bonjour\mDNSResponder.exe[1960] ntdll.dll!LdrLoadDll 7C925CBB 5 Bytes JMP 0073000A 
.text C:\Programme\Bonjour\mDNSResponder.exe[1960] ntdll.dll!LdrUnloadDll 7C926C83 5 Bytes JMP 0074000A 
.text C:\WINDOWS\Explorer.EXE[2008] ntdll.dll!LdrLoadDll 7C925CBB 5 Bytes JMP 00E0000A 
.text C:\WINDOWS\Explorer.EXE[2008] ntdll.dll!LdrUnloadDll 7C926C83 5 Bytes JMP 00E1000A 
.text C:\Programme\iPod\bin\iPodService.exe[2628] ntdll.dll!LdrLoadDll 7C925CBB 5 Bytes JMP 0074000A 
.text C:\Programme\iPod\bin\iPodService.exe[2628] ntdll.dll!LdrUnloadDll 7C926C83 5 Bytes JMP 0075000A 
.text C:\WINDOWS\system32\wuauclt.exe[2788] ntdll.dll!LdrLoadDll 7C925CBB 5 Bytes JMP 0241000A 
.text C:\WINDOWS\system32\wuauclt.exe[2788] ntdll.dll!LdrUnloadDll 7C926C83 5 Bytes JMP 0242000A 
.text C:\Dokumente und Einstellungen\Ich Roque\Eigene Dateien\To\e2kd7sc6.exe[2920] ntdll.dll!LdrLoadDll 7C925CBB 5 Bytes JMP 009E000A 
.text C:\Dokumente und Einstellungen\Ich Roque\Eigene Dateien\To\e2kd7sc6.exe[2920] ntdll.dll!LdrUnloadDll 7C926C83 5 Bytes JMP 009F000A 
.text C:\Programme\Windows Live\Messenger\usnsvc.exe[3524] ntdll.dll!LdrLoadDll 7C925CBB 5 Bytes JMP 0061000A 
.text C:\Programme\Windows Live\Messenger\usnsvc.exe[3524] ntdll.dll!LdrUnloadDll 7C926C83 5 Bytes JMP 0062000A
 
---- Kernel IAT/EAT - GMER 1.0.15 ----
 
IAT \SystemRoot\System32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [F774BA9A] sptd.sys
 
---- User IAT/EAT - GMER 1.0.15 ----
 
IAT C:\Programme\Gemeinsame Dateien\InterVideo\DeviceService\DevSvc.exe[280] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00135196
IAT C:\Programme\Gemeinsame Dateien\InterVideo\DeviceService\DevSvc.exe[280] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 001350E2
IAT C:\Programme\Gemeinsame Dateien\InterVideo\DeviceService\DevSvc.exe[280] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 0013507D
IAT C:\Programme\Gemeinsame Dateien\InterVideo\DeviceService\DevSvc.exe[280] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 0013504B
IAT C:\Programme\Gemeinsame Dateien\InterVideo\DeviceService\DevSvc.exe[280] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 0013544F
IAT C:\Programme\Gemeinsame Dateien\InterVideo\DeviceService\DevSvc.exe[280] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 00135701
IAT C:\Programme\Gemeinsame Dateien\InterVideo\DeviceService\DevSvc.exe[280] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 00135701
IAT C:\Programme\Gemeinsame Dateien\InterVideo\DeviceService\DevSvc.exe[280] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00135196
IAT C:\Programme\Gemeinsame Dateien\InterVideo\DeviceService\DevSvc.exe[280] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!TranslateMessage] 00135701
IAT C:\Programme\Gemeinsame Dateien\InterVideo\DeviceService\DevSvc.exe[280] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!GetClipboardData] 0013544F
IAT C:\Programme\Java\jre6\bin\jqs.exe[424] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00135196
IAT C:\Programme\Java\jre6\bin\jqs.exe[424] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 001350E2
IAT C:\Programme\Java\jre6\bin\jqs.exe[424] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 0013507D
IAT C:\Programme\Java\jre6\bin\jqs.exe[424] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 0013504B
IAT C:\Programme\Java\jre6\bin\jqs.exe[424] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00135196
IAT C:\Programme\Java\jre6\bin\jqs.exe[424] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 0013544F
IAT C:\Programme\Java\jre6\bin\jqs.exe[424] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 00135701
IAT C:\Programme\Java\jre6\bin\jqs.exe[424] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 00135701
IAT C:\Programme\Java\jre6\bin\jqs.exe[424] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!TranslateMessage] 00135701
IAT C:\Programme\Java\jre6\bin\jqs.exe[424] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!GetClipboardData] 0013544F
IAT C:\WINDOWS\system32\nvsvc32.exe[616] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00135196
IAT C:\WINDOWS\system32\nvsvc32.exe[616] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 001350E2
IAT C:\WINDOWS\system32\nvsvc32.exe[616] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 0013507D
IAT C:\WINDOWS\system32\nvsvc32.exe[616] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 0013504B
IAT C:\WINDOWS\system32\nvsvc32.exe[616] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 00135701
IAT C:\WINDOWS\system32\nvsvc32.exe[616] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 0013544F
IAT C:\WINDOWS\system32\nvsvc32.exe[616] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 00135701
IAT C:\WINDOWS\system32\nvsvc32.exe[616] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00135196
IAT C:\WINDOWS\system32\nvsvc32.exe[616] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!TranslateMessage] 00135701
IAT C:\WINDOWS\system32\nvsvc32.exe[616] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!GetClipboardData] 0013544F
IAT C:\WINDOWS\system32\services.exe[844] @ C:\WINDOWS\system32\services.exe [ntdll.dll!NtQueryDirectoryFile] 00DF5196
IAT C:\WINDOWS\system32\services.exe[844] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00DF5196
IAT C:\WINDOWS\system32\services.exe[844] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00DF50E2
IAT C:\WINDOWS\system32\services.exe[844] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 00DF507D
IAT C:\WINDOWS\system32\services.exe[844] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 00DF504B
IAT C:\WINDOWS\system32\services.exe[844] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 00DF544F
IAT C:\WINDOWS\system32\services.exe[844] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 00DF5701
IAT C:\WINDOWS\system32\services.exe[844] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TranslateMessage] 00DF5701
IAT C:\WINDOWS\system32\services.exe[844] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetClipboardData] 00DF544F
IAT C:\WINDOWS\system32\services.exe[844] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 00DF5701
IAT C:\WINDOWS\system32\services.exe[844] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00DF5196
IAT C:\WINDOWS\system32\lsass.exe[856] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00FE5196
IAT C:\WINDOWS\system32\lsass.exe[856] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00FE50E2
IAT C:\WINDOWS\system32\lsass.exe[856] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 00FE507D
IAT C:\WINDOWS\system32\lsass.exe[856] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 00FE504B
IAT C:\WINDOWS\system32\lsass.exe[856] @ C:\WINDOWS\system32\LSASRV.dll [ntdll.dll!LdrLoadDll] 00FE50E2
IAT C:\WINDOWS\system32\lsass.exe[856] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00FE5196
IAT C:\WINDOWS\system32\lsass.exe[856] @ C:\WINDOWS\system32\SAMSRV.dll [ntdll.dll!LdrLoadDll] 00FE50E2
IAT C:\WINDOWS\system32\lsass.exe[856] @ C:\WINDOWS\system32\SAMSRV.dll [ntdll.dll!LdrGetProcedureAddress] 00FE507D
IAT C:\WINDOWS\system32\lsass.exe[856] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 00FE544F
IAT C:\WINDOWS\system32\lsass.exe[856] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 00FE5701
IAT C:\WINDOWS\system32\lsass.exe[856] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TranslateMessage] 00FE5701
IAT C:\WINDOWS\system32\lsass.exe[856] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetClipboardData] 00FE544F
IAT C:\WINDOWS\system32\lsass.exe[856] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 00FE5701
 
IAT C:\WINDOWS\system32\svchost.exe[1004] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 00FA51B8
IAT C:\WINDOWS\system32\svchost.exe[1172] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00E45196
IAT C:\WINDOWS\system32\svchost.exe[1172] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00E450E2
IAT C:\WINDOWS\system32\svchost.exe[1172] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 00E4507D
IAT C:\WINDOWS\system32\svchost.exe[1172] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 00E4504B
IAT C:\WINDOWS\system32\svchost.exe[1172] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 00E45701
IAT C:\WINDOWS\system32\svchost.exe[1172] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 00E4544F
IAT C:\WINDOWS\system32\svchost.exe[1172] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 00E45701
IAT C:\WINDOWS\system32\svchost.exe[1172] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00E45196
IAT C:\WINDOWS\system32\svchost.exe[1172] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!TranslateMessage] 00E45701
IAT C:\WINDOWS\system32\svchost.exe[1172] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!GetClipboardData] 00E4544F
IAT C:\WINDOWS\System32\svchost.exe[1216] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 037F5196
IAT C:\WINDOWS\System32\svchost.exe[1216] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 037F50E2
IAT C:\WINDOWS\System32\svchost.exe[1216] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 037F507D
IAT C:\WINDOWS\System32\svchost.exe[1216] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 037F504B
IAT C:\WINDOWS\System32\svchost.exe[1216] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 037F5701
IAT C:\WINDOWS\System32\svchost.exe[1216] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 037F544F
IAT C:\WINDOWS\System32\svchost.exe[1216] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 037F5701
IAT C:\WINDOWS\System32\svchost.exe[1216] @ C:\WINDOWS\System32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 037F5196
IAT C:\WINDOWS\System32\svchost.exe[1216] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!TranslateMessage] 037F5701
IAT C:\WINDOWS\System32\svchost.exe[1216] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!GetClipboardData] 037F544F
IAT C:\WINDOWS\System32\svchost.exe[1324] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00405196
IAT C:\WINDOWS\System32\svchost.exe[1324] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 004050E2
IAT C:\WINDOWS\System32\svchost.exe[1324] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 0040507D
IAT C:\WINDOWS\System32\svchost.exe[1324] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 0040504B
IAT C:\WINDOWS\System32\svchost.exe[1324] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 00405701
IAT C:\WINDOWS\System32\svchost.exe[1324] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 0040544F
IAT C:\WINDOWS\System32\svchost.exe[1324] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 00405701
IAT C:\WINDOWS\System32\svchost.exe[1324] @ C:\WINDOWS\System32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00405196
IAT C:\WINDOWS\System32\svchost.exe[1324] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!TranslateMessage] 00405701
IAT C:\WINDOWS\System32\svchost.exe[1324] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!GetClipboardData] 0040544F
IAT C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1760] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00135196
IAT C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1760] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 001350E2
IAT C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1760] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 0013507D
IAT C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1760] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 0013504B
IAT C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1760] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00135196
IAT C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1760] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 00135701
IAT C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1760] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 0013544F
IAT C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1760] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 00135701
IAT C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1760] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!TranslateMessage] 00135701
IAT C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1760] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!GetClipboardData] 0013544F
IAT C:\WINDOWS\System32\svchost.exe[1896] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00405196
IAT C:\WINDOWS\System32\svchost.exe[1896] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 004050E2
IAT C:\WINDOWS\System32\svchost.exe[1896] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 0040507D
IAT C:\WINDOWS\System32\svchost.exe[1896] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 0040504B
IAT C:\WINDOWS\System32\svchost.exe[1896] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 00405701
IAT C:\WINDOWS\System32\svchost.exe[1896] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 0040544F
IAT C:\WINDOWS\System32\svchost.exe[1896] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 00405701
IAT C:\WINDOWS\System32\svchost.exe[1896] @ C:\WINDOWS\System32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00405196
IAT C:\WINDOWS\System32\svchost.exe[1896] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!TranslateMessage] 00405701
IAT C:\WINDOWS\System32\svchost.exe[1896] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!GetClipboardData] 0040544F
 
IAT C:\Programme\Bonjour\mDNSResponder.exe[1960] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00135196
IAT C:\Programme\Bonjour\mDNSResponder.exe[1960] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 001350E2
IAT C:\Programme\Bonjour\mDNSResponder.exe[1960] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 0013507D
IAT C:\Programme\Bonjour\mDNSResponder.exe[1960] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 0013504B
IAT C:\Programme\Bonjour\mDNSResponder.exe[1960] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00135196
IAT C:\Programme\Bonjour\mDNSResponder.exe[1960] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 0013544F
IAT C:\Programme\Bonjour\mDNSResponder.exe[1960] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 00135701
IAT C:\Programme\Bonjour\mDNSResponder.exe[1960] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 00135701
IAT C:\Programme\Bonjour\mDNSResponder.exe[1960] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!TranslateMessage] 00135701
IAT C:\Programme\Bonjour\mDNSResponder.exe[1960] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!GetClipboardData] 0013544F
IAT C:\Programme\iPod\bin\iPodService.exe[2628] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00135196
IAT C:\Programme\iPod\bin\iPodService.exe[2628] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 001350E2
IAT C:\Programme\iPod\bin\iPodService.exe[2628] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 0013507D
IAT C:\Programme\iPod\bin\iPodService.exe[2628] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 0013504B
IAT C:\Programme\iPod\bin\iPodService.exe[2628] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 0013544F
IAT C:\Programme\iPod\bin\iPodService.exe[2628] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 00135701
IAT C:\Programme\iPod\bin\iPodService.exe[2628] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 00135701
IAT C:\Programme\iPod\bin\iPodService.exe[2628] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00135196
IAT C:\Programme\iPod\bin\iPodService.exe[2628] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!TranslateMessage] 00135701
IAT C:\Programme\iPod\bin\iPodService.exe[2628] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!GetClipboardData] 0013544F
IAT C:\WINDOWS\system32\wuauclt.exe[2788] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00085196
IAT C:\WINDOWS\system32\wuauclt.exe[2788] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 000850E2
IAT C:\WINDOWS\system32\wuauclt.exe[2788] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 0008507D
IAT C:\WINDOWS\system32\wuauclt.exe[2788] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 0008504B
IAT C:\WINDOWS\system32\wuauclt.exe[2788] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 0008544F
IAT C:\WINDOWS\system32\wuauclt.exe[2788] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 00085701
IAT C:\WINDOWS\system32\wuauclt.exe[2788] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 00085701
IAT C:\WINDOWS\system32\wuauclt.exe[2788] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TranslateMessage] 00085701
IAT C:\WINDOWS\system32\wuauclt.exe[2788] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetClipboardData] 0008544F
IAT C:\WINDOWS\system32\wuauclt.exe[2788] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00085196
IAT C:\Programme\Windows Live\Messenger\usnsvc.exe[3524] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00075196
IAT C:\Programme\Windows Live\Messenger\usnsvc.exe[3524] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 000750E2
IAT C:\Programme\Windows Live\Messenger\usnsvc.exe[3524] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 0007507D
IAT C:\Programme\Windows Live\Messenger\usnsvc.exe[3524] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 0007504B
IAT C:\Programme\Windows Live\Messenger\usnsvc.exe[3524] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 0007544F
IAT C:\Programme\Windows Live\Messenger\usnsvc.exe[3524] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 00075701
IAT C:\Programme\Windows Live\Messenger\usnsvc.exe[3524] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 00075701
IAT C:\Programme\Windows Live\Messenger\usnsvc.exe[3524] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00075196
IAT C:\Programme\Windows Live\Messenger\usnsvc.exe[3524] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!TranslateMessage] 00075701
IAT C:\Programme\Windows Live\Messenger\usnsvc.exe[3524] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!GetClipboardData] 0007544F
 
---- Devices - GMER 1.0.15 ----
 
Device \FileSystem\Ntfs \Ntfs 867D01D8
Device \Driver\usbuhci \Device\USBPDO-0 865BD1D8
Device \Driver\dmio \Device\DmControl\DmIoDaemon 867D21D8
Device \Driver\dmio \Device\DmControl\DmConfig 867D21D8
Device \Driver\dmio \Device\DmControl\DmPnP 867D21D8
Device \Driver\dmio \Device\DmControl\DmInfo 867D21D8
Device \Driver\usbuhci \Device\USBPDO-1 865BD1D8
Device \Driver\usbuhci \Device\USBPDO-2 865BD1D8
Device \Driver\usbuhci \Device\USBPDO-3 865BD1D8
Device \Driver\00000035 \Device\00000047 sptd.sys
Device \Driver\usbehci \Device\USBPDO-4 865901D8
Device \Driver\Ftdisk \Device\HarddiskVolume1 867671D8
Device \Driver\Ftdisk \Device\HarddiskVolume2 867671D8
Device \Driver\Cdrom \Device\CdRom0 865439A0
Device \FileSystem\Rdbss \Device\FsWrap 864D5798
Device \Driver\atapi \Device\Ide\IdePort0 865BDF00
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 865BDF00
Device \Driver\atapi \Device\Ide\IdePort1 865BDF00
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c 865BDF00
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-17 865BDF00
Device \Driver\NetBT \Device\NetBT_Tcpip_{AB91A2BA-26E1-46B3-8D9E-8AA3FC3CD5F4} 85A2B5E0
Device \Driver\NetBT \Device\NetBt_Wins_Export 85A2B5E0
Device \Driver\NetBT \Device\NetBT_Tcpip_{B6FDC0F9-BBE7-411E-8C7C-62D98E98AB54} 85A2B5E0
Device \Driver\NetBT \Device\NetbiosSmb 85A2B5E0
Device \FileSystem\Srv \Device\LanmanServer 85946D98
Device \Driver\usbuhci \Device\USBFDO-0 865BD1D8
Device \Driver\usbuhci \Device\USBFDO-1 865BD1D8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 86451788
Device \Driver\usbuhci \Device\USBFDO-2 865BD1D8
Device \FileSystem\MRxSmb \Device\LanmanRedirector 86451788
Device \Driver\usbuhci \Device\USBFDO-3 865BD1D8
Device \FileSystem\Npfs \Device\NamedPipe 862123C0
Device \Driver\usbehci \Device\USBFDO-4 865901D8
Device \Driver\Ftdisk \Device\FtControl 867671D8
Device \FileSystem\Msfs \Device\Mailslot 861FAEA8
Device \Driver\aqp04gk9 \Device\Scsi\aqp04gk91 8636C450
Device \Driver\a347scsi \Device\Scsi\a347scsi1 867D11D8
Device \Driver\aqp04gk9 \Device\Scsi\aqp04gk91Port2Path0Target0Lun0 8636C450
Device \FileSystem\Fastfat \Fat 857671D8
Device \FileSystem\Fastfat \Fat 85ACAF48
Device \FileSystem\Fastfat \Fat B8B921F9
Device \FileSystem\Fs_Rec \FileSystem\UdfsCdRomRecognizer 861B8D10
Device \FileSystem\Fs_Rec \FileSystem\FatCdRomRecognizer 861B8D10
Device \FileSystem\Fs_Rec \FileSystem\CdfsRecognizer 861B8D10
Device \FileSystem\Fs_Rec \FileSystem\FatDiskRecognizer 861B8D10
Device \FileSystem\Fs_Rec \FileSystem\UdfsDiskRecognizer 861B8D10
Device \FileSystem\Cdfs \Cdfs 859A71D8
Device \FileSystem\Cdfs \Cdfs 864CE7A0
 
---- Modules - GMER 1.0.15 ----
 
Module _________ F765A000-F7672000 (98304 bytes)
---- Processes - GMER 1.0.15 ----
 
Library \\?\globalroot\systemroot\system32\UACqynkbmflytirtjg.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [1004] 0x038D0000 
Library \\?\globalroot\systemroot\system32\UACqynkbmflytirtjg.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [1172] 0x00790000 
Library \\?\globalroot\systemroot\system32\UACxucpqrqxvyeoaok.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [1172] 0x00850000 
Library \\?\globalroot\systemroot\system32\UACqynkbmflytirtjg.dll (*** hidden *** ) @ C:\WINDOWS\System32\svchost.exe [1216] 0x00790000 
Library \\?\globalroot\systemroot\system32\UACxucpqrqxvyeoaok.dll (*** hidden *** ) @ C:\WINDOWS\System32\svchost.exe [1216] 0x00850000 
Library \\?\globalroot\systemroot\system32\UACqynkbmflytirtjg.dll (*** hidden *** ) @ C:\WINDOWS\System32\svchost.exe [1324] 0x007B0000 
Library \\?\globalroot\systemroot\system32\UACxucpqrqxvyeoaok.dll (*** hidden *** ) @ C:\WINDOWS\System32\svchost.exe [1324] 0x00870000 
Library \\?\globalroot\systemroot\system32\UACqynkbmflytirtjg.dll (*** hidden *** ) @ C:\WINDOWS\System32\svchost.exe [1372] 0x00790000 
Library \\?\globalroot\systemroot\system32\UACxucpqrqxvyeoaok.dll (*** hidden *** ) @ C:\WINDOWS\System32\svchost.exe [1372] 0x00850000 
Library \\?\globalroot\systemroot\system32\UACqynkbmflytirtjg.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [1428] 0x00790000 
Library \\?\globalroot\systemroot\system32\UACxucpqrqxvyeoaok.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [1428] 0x00850000 
Library \\?\globalroot\systemroot\system32\UACqynkbmflytirtjg.dll (*** hidden *** ) @ C:\WINDOWS\System32\svchost.exe [1896] 0x007B0000 
Library \\?\globalroot\systemroot\system32\UACxucpqrqxvyeoaok.dll (*** hidden *** ) @ C:\WINDOWS\System32\svchost.exe [1896] 0x00870000 
Library \\?\globalroot\systemroot\system32\UACqynkbmflytirtjg.dll (*** hidden *** ) @ C:\WINDOWS\Explorer.EXE [2008] 0x00F80000 
Library \\?\globalroot\systemroot\system32\UACqynkbmflytirtjg.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [3660] 0x00A20000 
Library \\?\globalroot\systemroot\system32\UACxucpqrqxvyeoaok.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [3660] 0x00AE0000 
 
---- Services - GMER 1.0.15 ----
 
Service C:\WINDOWS\system32\drivers\UACutpynkdskkyfdnd.sys (*** hidden *** ) [SYSTEM] UACd.sys <-- ROOTKIT !!!
 
---- Registry - GMER 1.0.15 ----
 
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x57 0x6A 0xD6 0x3F ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Programme\DAEMON Tools\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xD0 0x0A 0x30 0x9E ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xE8 0xFA 0x7E 0x0D ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys 
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys@start 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys@type 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys@imagepath \systemroot\system32\drivers\UACutpynkdskkyfdnd.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys@group file system
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules 
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@UACd \\?\globalroot\systemroot\system32\drivers\UACutpynkdskkyfdnd.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@UACc \\?\globalroot\systemroot\system32\UACdmrvekxjerlirsh.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@uacsr \\?\globalroot\systemroot\system32\UACyxoxsgntjlaboco.dat
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@UACerrors \\?\globalroot\systemroot\system32\UACejbacwtakaiysyw.log
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@uaclog \\?\globalroot\systemroot\system32\UACxtlrkbmdxvnoywr.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@uacmask \\?\globalroot\systemroot\system32\UACbxtvgtmpirgompj.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@uacserf \\?\globalroot\systemroot\system32\UAChdjuajutpsnaayc.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@uacmal \\?\globalroot\systemroot\system32\UACabyokxgvefrtlio.db
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@uacrem \\?\globalroot\systemroot\system32\UACqynkbmflytirtjg.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@uacbbr \\?\globalroot\systemroot\system32\UACxucpqrqxvyeoaok.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@UACproc \\?\globalroot\systemroot\system32\UACsecowjlqbcnxmes.log
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@uacurls \\?\globalroot\systemroot\system32\UACxwqhnljunxljxyo.log
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x57 0x6A 0xD6 0x3F ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Programme\DAEMON Tools\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xD0 0x0A 0x30 0x9E ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xE8 0xFA 0x7E 0x0D ...
Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys 
Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys@start 1
Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys@type 1
Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys@imagepath \systemroot\system32\drivers\UACutpynkdskkyfdnd.sys
Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys@group file system
Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys\modules 
Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys\modules@UACd \\?\globalroot\systemroot\system32\drivers\UACutpynkdskkyfdnd.sys
Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys\modules@UACc \\?\globalroot\systemroot\system32\UACdmrvekxjerlirsh.dll
Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys\modules@uacsr \\?\globalroot\systemroot\system32\UACyxoxsgntjlaboco.dat
Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys\modules@UACerrors \\?\globalroot\systemroot\system32\UACejbacwtakaiysyw.log
Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys\modules@uaclog \\?\globalroot\systemroot\system32\UACxtlrkbmdxvnoywr.dll
Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys\modules@uacmask \\?\globalroot\systemroot\system32\UACbxtvgtmpirgompj.dll
Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys\modules@uacserf \\?\globalroot\systemroot\system32\UAChdjuajutpsnaayc.dll
Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys\modules@uacmal \\?\globalroot\systemroot\system32\UACabyokxgvefrtlio.db
Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys\modules@uacrem \\?\globalroot\systemroot\system32\UACqynkbmflytirtjg.dll
Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys\modules@uacbbr \\?\globalroot\systemroot\system32\UACxucpqrqxvyeoaok.dll
Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys\modules@UACproc \\?\globalroot\systemroot\system32\UACsecowjlqbcnxmes.log
Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys\modules@uacurls \\?\globalroot\systemroot\system32\UACxwqhnljunxljxyo.log
 
---- Files - GMER 1.0.15 ----
 
File C:\Dokumente und Einstellungen\Ich Roque\Eigene Dateien\Eigene Musik\Rock\Ulead VideoStudio v11.0 Plus GERMAN\Ulead VideoStudio v11.0 Plus GERMAN\package\Ulead_VideoStudio_v11.0_Plus_GERMAN-CYGNUS\ISSetupPrerequisites\Neuer Ordner\Ulead_VideoStudio_v11.0_Plus_GERMAN-CYGNUS\ISSetupPrerequisites 0 bytes
File C:\Dokumente und Einstellungen\Ich Roque\Eigene Dateien\Eigene Musik\Rock\Ulead VideoStudio v11.0 Plus GERMAN\Ulead VideoStudio v11.0 Plus GERMAN\package\Ulead_VideoStudio_v11.0_Plus_GERMAN-CYGNUS\ISSetupPrerequisites\Neuer Ordner\Ulead_VideoStudio_v11.0_Plus_GERMAN-CYGNUS\ISSetupPrerequisites\{1DC2FD11-3F2A-4E53-A32C-7CD67ECCB396} 0 bytes
File C:\Dokumente und Einstellungen\Ich Roque\Eigene Dateien\Eigene Musik\Rock\Ulead VideoStudio v11.0 Plus GERMAN\Ulead VideoStudio v11.0 Plus GERMAN\package\Ulead_VideoStudio_v11.0_Plus_GERMAN-CYGNUS\ISSetupPrerequisites\Neuer Ordner\Ulead_VideoStudio_v11.0_Plus_GERMAN-CYGNUS\ISSetupPrerequisites\{1DC2FD11-3F2A-4E53-A32C-7CD67ECCB396}\vcredis1.cab 252968 bytes
File C:\Dokumente und Einstellungen\Ich Roque\Eigene Dateien\Eigene Musik\Rock\Ulead VideoStudio v11.0 Plus GERMAN\Ulead VideoStudio v11.0 Plus GERMAN\package\Ulead_VideoStudio_v11.0_Plus_GERMAN-CYGNUS\ISSetupPrerequisites\Neuer Ordner\Ulead_VideoStudio_v11.0_Plus_GERMAN-CYGNUS\ISSetupPrerequisites\{1DC2FD11-3F2A-4E53-A32C-7CD67ECCB396}\vcredist.msi 2634752 bytes
File C:\Dokumente und Einstellungen\Ich Roque\Eigene Dateien\Eigene Musik\Rock\Ulead VideoStudio v11.0 Plus GERMAN\Ulead VideoStudio v11.0 Plus GERMAN\package\Ulead_VideoStudio_v11.0_Plus_GERMAN-CYGNUS\ISSetupPrerequisites\{B0237259-E5E2-4381-BD14-9D0C\Ulead_VideoStudio_v11.0_Plus_GERMAN-CYGNUS\ISSetupPrerequisites 0 bytes
File C:\Dokumente und Einstellungen\Ich Roque\Eigene Dateien\Eigene Musik\Rock\Ulead VideoStudio v11.0 Plus GERMAN\Ulead VideoStudio v11.0 Plus GERMAN\package\Ulead_VideoStudio_v11.0_Plus_GERMAN-CYGNUS\ISSetupPrerequisites\{B0237259-E5E2-4381-BD14-9D0C\Ulead_VideoStudio_v11.0_Plus_GERMAN-CYGNUS\ISSetupPrerequisites\{B0237259-E5E2-4381-BD14-9D0C62BDB4B1} 0 bytes
File C:\Dokumente und Einstellungen\Ich Roque\Eigene Dateien\Eigene Musik\Rock\Ulead VideoStudio v11.0 Plus GERMAN\Ulead VideoStudio v11.0 Plus GERMAN\package\Ulead_VideoStudio_v11.0_Plus_GERMAN-CYGNUS\ISSetupPrerequisites\{B0237259-E5E2-4381-BD14-9D0C\Ulead_VideoStudio_v11.0_Plus_GERMAN-CYGNUS\ISSetupPrerequisites\{B0237259-E5E2-4381-BD14-9D0C62BDB4B1}\WindowsInstaller-KB893803-x86.exe 2584848 bytes executable
File C:\Dokumente und Einstellungen\Ich Roque\Lokale Einstellungen\temp\UAC9cbf.tmp 343040 bytes executable
File C:\WINDOWS\temp\UAC72d9.tmp 66560 bytes
File C:\WINDOWS\system32\drivers\UACutpynkdskkyfdnd.sys 54272 bytes executable <-- ROOTKIT !!!
File C:\WINDOWS\system32\UACabyokxgvefrtlio.db 1110399 bytes
File C:\WINDOWS\system32\UACbxtvgtmpirgompj.dll 17408 bytes executable
File C:\WINDOWS\system32\UACdmrvekxjerlirsh.dll 26624 bytes executable
File C:\WINDOWS\system32\UACejbacwtakaiysyw.log 141 bytes
File C:\WINDOWS\system32\UAChdjuajutpsnaayc.dll 19456 bytes executable
File C:\WINDOWS\system32\uacinit.dll 6566 bytes
File C:\WINDOWS\system32\UACqynkbmflytirtjg.dll 30208 bytes executable
File C:\WINDOWS\system32\UACsecowjlqbcnxmes.log 26248 bytes
File C:\WINDOWS\system32\uactmp.db 3976714 bytes
File C:\WINDOWS\system32\UACxtlrkbmdxvnoywr.dll 19968 bytes executable
File C:\WINDOWS\system32\UACxucpqrqxvyeoaok.dll 66560 bytes
File C:\WINDOWS\system32\UACyxoxsgntjlaboco.dat 310 bytes
 
---- EOF - GMER 1.0.15 ----

md-heretic · 01.07.2009, 17:16

Das war der GMER Report und jetzt kommt die RSIT Log :

RSIT Logfile:

Code:

ATTFilter

Logfile of random's system information tool 1.06 (written by random/random)
Run by Ich Roque at 2009-07-01 17:58:24
Microsoft Windows XP Professional Service Pack 2
System drive C: has 26 GB (-9223372036854775807%) free of 114 GB
Total RAM: 1023 MB (39% free)
 
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:58:30, on 01.07.2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
 
Running processes:
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\acs.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programme\Bonjour\mDNSResponder.exe
C:\Programme\Gemeinsame Dateien\InterVideo\DeviceService\DevSvc.exe
C:\Programme\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Programme\QuickTime\QTTask.exe
C:\Programme\iTunes\iTunesHelper.exe
C:\Programme\Java\jre6\bin\jusched.exe
C:\Programme\RK Launcher\RKLauncher.exe
C:\Programme\Windows Live\Messenger\msnmsgr.exe
C:\Programme\NETGEAR\WPN311\wlancfg5.exe
C:\WINDOWS\system32\svchost.exe
C:\Programme\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Dokumente und Einstellungen\Ich Roque\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\Application\chrome.exe
C:\Dokumente und Einstellungen\Ich Roque\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\Application\chrome.exe
C:\Dokumente und Einstellungen\Ich Roque\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\Application\chrome.exe
C:\Programme\Mozilla Firefox\firefox.exe
C:\Dokumente und Einstellungen\Ich Roque\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\Application\chrome.exe
C:\Dokumente und Einstellungen\Ich Roque\Eigene Dateien\To\RSIT.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Programme\Trend Micro\HijackThis\Ich Roque.exe
 
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.esl-europe.net/de/player/687217/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:7171
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQToolbar\toolbaru.dll
F2 - REG:system.ini: UserInit=c:\windows\system32\userinit.exe,C:\WINDOWS\system32\twext.exe,C:\WINDOWS\system32\win32avs.exe,
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Winamp Toolbar BHO - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Programme\Winamp Toolbar\winamptb.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Programme\Winamp Toolbar\winamptb.dll
O4 - HKLM\..\Run: [ATIPTA] "C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [System Files Updater] C:\WINDOWS\FlyakiteOSX\System Files Updater.exe /S
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programme\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [net] "C:\WINDOWS\system32\net.net"
O4 - HKCU\..\Run: [RK Launcher] C:\Programme\RK Launcher\RKLauncher.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Programme\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Google Update] "C:\Dokumente und Einstellungen\Ich Roque\Lokale Einstellungen\Anwendungsdaten\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [net] "C:\WINDOWS\system32\net.net"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: imiupd32.exe
O4 - Startup: RK Launcher.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: NETGEAR WPN311 Wireless Assistant.lnk = C:\Programme\NETGEAR\WPN311\wlancfg5.exe
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Programme\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: &Winamp Toolbar Search - C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O9 - Extra button: Battlefield Poker - {B736E0DC-CCE3-4e3c-B14F-403FC1569583} - C:\Microgaming\Poker\BattleFieldPokerMPP\MPPoker.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programme\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programme\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe (file missing)
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://mdunze36.spaces.msn.com//Phot...d/MsnPUpld.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/DE-DE/.../GAME_UNO1.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/ms...downloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary...o.cab47946.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://register3.valueactive.com/mp...CX/FlashAX.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab31267.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary...n.cab31267.cab
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour-Dienst (Bonjour Service) - Apple Inc. - C:\Programme\Bonjour\mDNSResponder.exe
O23 - Service: Capture Device Service - InterVideo Inc. - C:\Programme\Gemeinsame Dateien\InterVideo\DeviceService\DevSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Programme\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programme\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
 
--
End of file - 9722 bytes
 
======Scheduled tasks folder======
 
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-343818398-287218729-682003330-1003.job
 
======Registry dump======
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2004-12-14 63136]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{25CEE8EC-5730-41bc-8B58-22DDC8AB8C20}]
Winamp Toolbar BHO - C:\Programme\Winamp Toolbar\winamptb.dll [2007-10-04 1135968]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Anmelde-Hilfsprogramm - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-02-17 408440]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Programme\Java\jre6\bin\jp2ssv.dll [2009-05-21 41368]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-05-21 73728]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - Winamp Toolbar - C:\Programme\Winamp Toolbar\winamptb.dll [2007-10-04 1135968]
 
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"=C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe [2005-08-30 344064]
"UpdReg"=C:\WINDOWS\UpdReg.EXE [2000-05-11 90112]
"TkBellExe"=C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe [2005-07-02 180269]
"nwiz"=nwiz.exe /install []
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2007-10-04 380928]
"System Files Updater"=C:\WINDOWS\FlyakiteOSX\System Files Updater.exe [2006-01-15 153233]
"QuickTime Task"=C:\Programme\QuickTime\QTTask.exe [2008-02-01 385024]
"iTunesHelper"=C:\Programme\iTunes\iTunesHelper.exe [2008-02-19 267048]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2007-10-04 8491008]
"SunJavaUpdateSched"=C:\Programme\Java\jre6\bin\jusched.exe [2009-05-21 148888]
"net"=C:\WINDOWS\system32\net.net [2009-06-13 110592]
 
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"RK Launcher"=C:\Programme\RK Launcher\RKLauncher.exe [2005-10-19 393216]
"msnmsgr"=C:\Programme\Windows Live\Messenger\msnmsgr.exe [2007-10-18 5724184]
"Google Update"=C:\Dokumente und Einstellungen\Ich Roque\Lokale Einstellungen\Anwendungsdaten\Google\Update\GoogleUpdate.exe [2009-05-24 133104]
"net"=C:\WINDOWS\system32\net.net [2009-06-13 110592]
 
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
C:\Programme\DAEMON Tools\daemon.exe [2006-11-12 157592]
 
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
C:\Programme\Windows Live\Messenger\msnmsgr.exe [2007-10-18 5724184]
 
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]
C:\WINDOWS\system32\NeroCheck.exe [2003-07-13 155648]
 
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
C:\WINDOWS\system32\NvCpl.dll [2007-10-04 8491008]
 
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
C:\Programme\Winamp\winampa.exe [2007-10-10 36352]
 
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Adobe Reader - Schnellstart.lnk]
C:\PROGRA~1\Adobe\ACROBA~1.0\Reader\READER~1.EXE [2004-12-14 29696]
 
C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart
Microsoft Office.lnk - C:\Programme\Microsoft Office\Office\OSA9.EXE
NETGEAR WPN311 Wireless Assistant.lnk - C:\Programme\NETGEAR\WPN311\wlancfg5.exe
 
C:\Dokumente und Einstellungen\Ich Roque\Startmenü\Programme\Autostart
Adobe Gamma.lnk - C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe
imiupd32.exe
RK Launcher.lnk - C:\Programme\RK Launcher\RKLauncher.exe
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 265096]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]
 
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"EnableProfileQuota"=1
 
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
 
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0
 
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=
"HonorAutoRunSetting"=
"NoDriveAutoRun"=
"NoDrives"=
 
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Programme\Messenger\msmsgs.exe"="C:\Programme\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Programme\SmartFTP Client 2.0\SmartFTP.exe"="C:\Programme\SmartFTP Client 2.0\SmartFTP.exe:*:Enabled:SmartFTP Client 2.0"
"C:\Programme\Winamp Remote\bin\Orb.exe"="C:\Programme\Winamp Remote\bin\Orb.exe:*:Enabled:Orb"
"C:\Programme\Winamp Remote\bin\OrbTray.exe"="C:\Programme\Winamp Remote\bin\OrbTray.exe:*:Enabled:OrbTray"
"C:\Programme\Winamp Remote\bin\OrbStreamerClient.exe"="C:\Programme\Winamp Remote\bin\OrbStreamerClient.exe:*:Enabled:Orb Stream Client"
"C:\WINDOWS\PCHealth\HelpCtr\Binaries\helpctr.exe"="C:\WINDOWS\PCHealth\HelpCtr\Binaries\helpctr.exe:*:Enabled:Remoteunterstützung - Windows Messenger und Voice"
"C:\Programme\Bonjour\mDNSResponder.exe"="C:\Programme\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Programme\iTunes\iTunes.exe"="C:\Programme\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Programme\ICQ6\ICQ.exe"="C:\Programme\ICQ6\ICQ.exe:*:Enabled:ICQ6"
"C:\Programme\Safari\Safari.exe"="C:\Programme\Safari\Safari.exe:*:Enabled:Safari"
"C:\Programme\uusee\UUSeePlayer.exe"="C:\Programme\uusee\UUSeePlayer.exe:*:Enabled:UUPlayer"
"C:\Dokumente und Einstellungen\Ich Roque\Eigene Dateien\To\UUSee2007 English-3.0.1.3\UUSee2007\UUSeePlayer.exe"="C:\Dokumente und Einstellungen\Ich Roque\Eigene Dateien\To\UUSee2007 English-3.0.1.3\UUSee2007\UUSeePlayer.exe:*:Enabled:UUPlayer"
"C:\Programme\Windows Live\Messenger\msnmsgr.exe"="C:\Programme\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Programme\Windows Live\Messenger\livecall.exe"="C:\Programme\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe"="C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe:*:Enabled:ENABLE"
"C:\Programme\Java\jre1.6.0_01\bin\jusched.exe"="C:\Programme\Java\jre1.6.0_01\bin\jusched.exe:*:Enabled:ENABLE"
 
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Programme\Windows Live\Messenger\msnmsgr.exe"="C:\Programme\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Programme\Windows Live\Messenger\livecall.exe"="C:\Programme\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
 
======File associations======
 
.js - edit - "C:\Programme\Macromedia\Dreamweaver 8\dreamweaver.exe" "%1"
 
======List of files/folders created in the last 1 months======
 
2009-06-30 23:39:26 ----SHD---- C:\WINDOWS\system32\twain_32
2009-06-26 10:42:48 ----SHD---- C:\RECYCLER
2009-06-18 11:07:34 ----SHD---- C:\Dokumente und Einstellungen\Ich Roque\Anwendungsdaten\twain_32
2009-06-13 08:13:18 ----SHD---- C:\WINDOWS\system32\xerox32
2009-06-12 16:37:42 ----A---- C:\WINDOWS\system32\javaws.exe
2009-06-12 16:37:42 ----A---- C:\WINDOWS\system32\javaw.exe
2009-06-12 16:37:42 ----A---- C:\WINDOWS\system32\java.exe
2009-06-12 16:36:43 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\McAfee
2009-06-11 11:28:52 ----HDC---- C:\WINDOWS\$NtUninstallKB961501$
2009-06-11 11:28:29 ----HDC---- C:\WINDOWS\$NtUninstallKB969897$
2009-06-11 11:28:12 ----HDC---- C:\WINDOWS\$NtUninstallKB969898$
2009-06-11 11:28:02 ----HDC---- C:\WINDOWS\$NtUninstallKB970238$
2009-06-11 11:27:27 ----HDC---- C:\WINDOWS\$NtUninstallKB968537$
2009-06-08 18:19:53 ----A---- C:\ComboFix.txt
2009-06-05 00:27:11 ----A---- C:\WINDOWS\system32\deploytk.dll
 
======List of files/folders modified in the last 1 months======
 
2009-07-01 17:50:04 ----D---- C:\WINDOWS\temp
2009-07-01 12:53:51 ----A---- C:\WINDOWS\win.ini
2009-07-01 12:40:56 ----D---- C:\WINDOWS\Prefetch
2009-07-01 11:06:06 ----HD---- C:\WINDOWS\FlyakiteOSX
2009-07-01 11:05:06 ----D---- C:\WINDOWS\system32
2009-07-01 00:54:43 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-06-28 02:10:04 ----D---- C:\Programme\Mozilla Firefox
2009-06-28 01:31:28 ----D---- C:\WINDOWS
2009-06-26 18:27:22 ----SD---- C:\WINDOWS\Tasks
2009-06-26 18:25:29 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-06-26 18:25:00 ----HD---- C:\WINDOWS\inf
2009-06-26 18:24:55 ----D---- C:\WINDOWS\system32\CatRoot2
2009-06-26 18:24:28 ----D---- C:\WINDOWS\system32\drivers
2009-06-26 00:43:05 ----D---- C:\Programme\Full Tilt Poker
2009-06-12 16:38:07 ----SHD---- C:\WINDOWS\Installer
2009-06-12 16:37:41 ----D---- C:\Programme\Java
2009-06-11 11:28:41 ----D---- C:\Programme\Internet Explorer
2009-06-11 11:28:11 ----HD---- C:\WINDOWS\$hf_mig$
2009-06-09 14:46:29 ----D---- C:\WINDOWS\system32\wbem
2009-06-08 18:17:49 ----D---- C:\Qoobox
2009-06-08 18:10:21 ----A---- C:\WINDOWS\system.ini
2009-06-08 18:04:48 ----D---- C:\WINDOWS\AppPatch
2009-06-08 18:04:39 ----D---- C:\Programme\Gemeinsame Dateien
2009-06-08 16:31:09 ----D---- C:\Programme\Safari
2009-06-08 08:10:10 ----A---- C:\WINDOWS\PEV.exe
 
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
 
R1 intelppm;Intel-Prozessortreiber; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2004-08-04 40192]
R1 OMCI;OMCI; C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS [2001-08-22 13632]
R2 ACEDRV05;ACEDRV05; \??\C:\WINDOWS\system32\drivers\ACEDRV05.sys []
R2 Aspi32;Aspi32; C:\WINDOWS\system32\drivers\Aspi32.sys [1997-12-23 23936]
R2 MDC8021X;AEGIS Protocol (IEEE 802.1x) v2.3.1.10; C:\WINDOWS\system32\DRIVERS\mdc8021x.sys [2005-08-25 15890]
R2 PfModNT;PfModNT; \??\C:\WINDOWS\System32\PfModNT.sys []
R3 Afc;PPdus ASPI Shell; C:\WINDOWS\system32\drivers\Afc.sys [2005-02-23 11776]
R3 AR5211;NETGEAR WPN311 V1H3 Wireless Adapter Service; C:\WINDOWS\system32\DRIVERS\WPN311.sys [2005-01-27 400288]
R3 ctsfm2k;Creative SoundFont Management Device Driver; C:\WINDOWS\system32\DRIVERS\ctsfm2k.sys [2003-09-22 130192]
R3 E100B;Intel(R) PRO Adapter Driver; C:\WINDOWS\System32\DRIVERS\e100b325.sys [2003-03-04 145408]
R3 GEARAspiWDM;GEAR CDRom Filter; C:\WINDOWS\SYSTEM32\DRIVERS\GEARAspiWDM.sys [2006-09-19 15664]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2007-10-04 6854464]
R3 ossrv;Creative OS Services Driver; C:\WINDOWS\system32\DRIVERS\ctoss2k.sys [2003-09-22 178672]
R3 P16X;Creative SB Live! Series (WDM); C:\WINDOWS\system32\drivers\P16X.sys [2003-09-22 1330048]
R3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2004-04-01 10368]
R3 usbehci;Miniporttreiber für erweiterten Microsoft USB 2.0-Hostcontroller; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2004-08-04 26624]
R3 usbhub;USB2-aktivierter Hub; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2004-08-04 57600]
R3 usbuhci;Miniporttreiber für universellen Microsoft USB-Hostcontroller; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2004-08-04 20480]
S3 aoazfphv;aoazfphv; C:\WINDOWS\system32\drivers\aoazfphv.sys []
S3 CCDECODE;Untertiteldecoder; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [2004-08-04 17024]
S3 dtscsi;dtscsi; C:\WINDOWS\system32\drivers\dtscsi.sys []
S3 k750bus;Sony Ericsson 750 driver (WDM); C:\WINDOWS\system32\DRIVERS\k750bus.sys [2005-02-11 55216]
S3 k750mdfl;Sony Ericsson 750 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\k750mdfl.sys [2005-02-11 6576]
S3 k750mdm;Sony Ericsson 750 USB WMC Modem Drivers; C:\WINDOWS\system32\DRIVERS\k750mdm.sys [2005-02-11 89872]
S3 k750mgmt;Sony Ericsson 750 USB WMC Device Management Drivers; C:\WINDOWS\system32\DRIVERS\k750mgmt.sys [2005-02-11 81728]
S3 k750obex;Sony Ericsson 750 USB WMC OBEX Interface Drivers; C:\WINDOWS\system32\DRIVERS\k750obex.sys [2005-02-11 79488]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink-Konvertierung; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-04 5504]
S3 NABTSFEC;NABTS/FEC VBI-Codec; C:\WINDOWS\System32\DRIVERS\NABTSFEC.sys [2004-08-04 85376]
S3 NdisIP;Microsoft TV-/Videoverbindung; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [2004-08-04 10880]
S3 ovt530;Webcam Classic; C:\WINDOWS\System32\Drivers\ov530vid.sys [2005-03-15 161792]
S3 Pemc11esq;Pemc11esq; C:\WINDOWS\system32\drivers\Pemc11esq.sys []
S3 QCDonner;Logitech QuickCam Express; C:\WINDOWS\System32\DRIVERS\OVCD.sys [2001-08-17 28032]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\System32\DRIVERS\SLIP.sys [2004-08-04 11136]
S3 streamip;BDA-IPSink; C:\WINDOWS\System32\DRIVERS\StreamIP.sys [2004-08-04 15360]
S3 usbscan;USB-Scannertreiber; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-04 15104]
S3 USBSTOR;USB-Massenspeichertreiber; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2004-08-04 26496]
S3 WSTCODEC;World Standard Teletext-Codec; C:\WINDOWS\System32\DRIVERS\WSTCODEC.SYS [2004-08-04 19328]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
S4 WS2IFSL;Windows Socket 2.0 Non-IFS-Dienstanbieter-Unterstützungsumgebung; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2002-09-11 12032]
 
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
 
R2 ACS;Atheros Configuration Service; C:\WINDOWS\system32\acs.exe [2004-10-25 36864]
R2 Apple Mobile Device;Apple Mobile Device; C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-02-18 110592]
R2 Bonjour Service;Bonjour-Dienst; C:\Programme\Bonjour\mDNSResponder.exe [2007-07-24 229376]
R2 Capture Device Service;Capture Device Service; C:\Programme\Gemeinsame Dateien\InterVideo\DeviceService\DevSvc.exe [2007-03-06 198168]
R2 JavaQuickStarterService;Java Quick Starter; C:\Programme\Java\jre6\bin\jqs.exe [2009-05-21 152984]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2007-10-04 155716]
R3 iPod Service;iPod-Dienst; C:\Programme\iPod\bin\iPodService.exe [2008-02-19 504104]
S3 Adobe LM Service;Adobe LM Service; C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe [2007-02-21 72704]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 IDriverT;InstallDriver Table Manager; C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 usnjsvc;Messenger USN Journal Reader-Service für freigegebene Ordner; C:\Programme\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
S3 WLSetupSvc;Windows Live Setup Service; C:\Programme\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]
S3 WMPNetworkSvc;Windows Media Player-Netzwerkfreigabedienst; C:\Programme\Windows Media Player\WMPNetwk.exe [2006-11-03 920576]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336]
 
-----------------EOF-----------------

--- --- ---

Hoffe du kannst mir weiterhin helfen.
Danke!

myrtille · 02.07.2009, 00:04

Hi,

Bitte für diese Anweisungen schnellstmöglich aus, damit keine weitere Malware nachgeladen wird! Sonst kriegen wir deinen Rechner nie sauber!

Schritt 1

Anleitung Avenger (by swandog46)

1.) Lade dir das Tool Avenger und speichere es auf dem Desktop:

2.) Das Programm so einstellen wie es auf dem Bild zu sehen ist.

Kopiere nun folgenden Text in das weiße Feld: (bei -> "input script here")

Code:

ATTFilter

files to delete:
C:\WINDOWS\system32\drivers\UACutpynkdskkyfdnd.sys 
C:\WINDOWS\system32\UACdmrvekxjerlirsh.dll
C:\WINDOWS\system32\UACyxoxsgntjlaboco.dat
C:\WINDOWS\system32\UACejbacwtakaiysyw.log
C:\WINDOWS\system32\UACxtlrkbmdxvnoywr.dll
C:\WINDOWS\system32\UACbxtvgtmpirgompj.dll
C:\WINDOWS\system32\UAChdjuajutpsnaayc.dll
C:\WINDOWS\system32\UACabyokxgvefrtlio.db
C:\WINDOWS\system32\UACsecowjlqbcnxmes.log
C:\WINDOWS\system32\UACxwqhnljunxljxyo.log 
C:\WINDOWS\system32\UACqynkbmflytirtjg.dll 
C:\WINDOWS\system32\UACxucpqrqxvyeoaok.dll 
C:\WINDOWS\system32\twext.exe
C:\WINDOWS\system32\win32avs.exe,
C:\WINDOWS\system32\drivers\aoazfphv.sys 
C:\Dokumente und Einstellungen\Ich Roque\Startmenü\Programme\Autostart\imiupd32.exe
C:\WINDOWS\system32\net.net

drivers to delete:
UACd.sys
aoazfphv

folders to delete:
C:\WINDOWS\system32\twain_32
C:\Dokumente und Einstellungen\Ich Roque\Anwendungsdaten\twain_32
C:\WINDOWS\system32\xerox32

registry values to delete:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run|net

3.) Schliesse nun alle Programme (vorher notfalls abspeichern!) und Browser-Fenster, nach dem ausführen des Avengers wird das System neu gestartet.

4.) Um den Avenger zu starten klicke auf -> Execute
Dann bestätigen mit "Yes" das der Rechner neu startet!

5.) Nachdem das System neu gestartet ist, findest du hier einen Report vom Avenger -> C:\avenger.txt
Öffne die Datei mit dem Editor und kopiere den gesamten Text in deinen Beitrag hier am Trojaner-Board.

Schritt 2

Fixen/Löschen mit Hijackthis

Hijackthis starten -> Do a system scan only -> einen Haken setzen in folgende weiße Kästchen:

Zitat:

F2 - REG:system.ini: UserInit=c:\windows\system32\userinit.exe,C:\WINDO WS\system32\twext.exe,C:\WINDOWS\system32\win32avs .exe,
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [net] "C:\WINDOWS\system32\net.net"
O4 - HKCU\..\Run: [net] "C:\WINDOWS\system32\net.net"
O4 - Startup: imiupd32.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programme\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programme\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe (file missing)
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://register3.valueactive.com/mp...CX/FlashAX.cab

Wenn alle Einträge angehakt sind (sofern denn vorhanden), klick auf den Button -> "Fix checked"
Der Rechner startet nun neu...

Schritt 3

Danach löschst du die vorhandene Version von Combofix und lädst dir die aktuelle Version herunter und führst diese Anleitung nochmal aus:
ComboFix

Lade dir das Tool hier herunter auf den Desktop -> KLICK

Das Programm jedoch noch nicht starten sondern zuerst folgendes tun:

Schliesse alle Anwendungen und Programme, vor allem deine Antiviren-Software und andere Hintergrundwächter, sowie deinen Internetbrowser.
Vermeide es auch explizit während das Combofix läuft die Maus und Tastatur zu benutzen.

Dann folgende Anleitung durchlesen und abarbeiten -> CCleaner Systembereinigung

Starte nun die combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen und lass dein System durchsuchen.

Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte abkopieren und in deinen Beitrag einfügen. Das log findest du außerdem unter: C:\ComboFix.txt.

Wichtiger Hinweis:

Combofix darf ausschließlich ausgeführt werden wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Hinweis: Combofix verhindert die Autostart Funktion aller CD / DVD und USB - Laufwerken um so eine Verbeitung einzudämmen. Wenn es hierdurch zu Problemen kommt, diese im Thread posten.

(ausführliche Anleitung -> Ein Leitfaden und Tutorium zur Nutzung von ComboFix)

Schritt 4

Aktualisiere Malwarebytes und lasse es nochmal laufen.

Schritt 5

Erstelle ein neues Log mit RSIT und gmer. (Wenn du GMER ausführst, bitte vorher alle anderen offenen Anwendungen schließen)

In der nächsten Antwort bräuchte ich dann:

Das Log von Avenger
Das Log von Combofix
Das Log von Malwarebytes
ein neues Log von RSIT
ein neues Log von gmer.

lg myrtille

md-heretic · 02.07.2009, 17:29

Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.

Hidden driver "ayvw8xfy" found!
Could not open driver ayvw8xfy for rootkit scan. Error:c0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist

Rootkit scan completed.

File "C:\WINDOWS\system32\drivers\UACutpynkdskkyfdnd.sys" deleted successfully.
File "C:\WINDOWS\system32\UACdmrvekxjerlirsh.dll" deleted successfully.
File "C:\WINDOWS\system32\UACyxoxsgntjlaboco.dat" deleted successfully.
File "C:\WINDOWS\system32\UACejbacwtakaiysyw.log" deleted successfully.
File "C:\WINDOWS\system32\UACxtlrkbmdxvnoywr.dll" deleted successfully.
File "C:\WINDOWS\system32\UACbxtvgtmpirgompj.dll" deleted successfully.
File "C:\WINDOWS\system32\UAChdjuajutpsnaayc.dll" deleted successfully.
File "C:\WINDOWS\system32\UACabyokxgvefrtlio.db" deleted successfully.
File "C:\WINDOWS\system32\UACsecowjlqbcnxmes.log" deleted successfully.

Error: file "C:\WINDOWS\system32\UACxwqhnljunxljxyo.log" not found!
Deletion of file "C:\WINDOWS\system32\UACxwqhnljunxljxyo.log" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist

File "C:\WINDOWS\system32\UACqynkbmflytirtjg.dll" deleted successfully.
File "C:\WINDOWS\system32\UACxucpqrqxvyeoaok.dll" deleted successfully.
File "C:\WINDOWS\system32\twext.exe" deleted successfully.

Error: file "C:\WINDOWS\system32\win32avs.exe," not found!
Deletion of file "C:\WINDOWS\system32\win32avs.exe," failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist

Error: file "C:\WINDOWS\system32\drivers\aoazfphv.sys" not found!
Deletion of file "C:\WINDOWS\system32\drivers\aoazfphv.sys" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist

File "C:\Dokumente und Einstellungen\Ich Roque\Startmenü\Programme\Autostart\imiupd32.exe" deleted successfully.
File "C:\WINDOWS\system32\net.net" deleted successfully.
Driver "UACd.sys" deleted successfully.

Error: registry key "\Registry\Machine\System\CurrentControlSet\Services\aoazfphv" not found!
Deletion of driver "aoazfphv" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist

Folder "C:\WINDOWS\system32\twain_32" deleted successfully.
Folder "C:\Dokumente und Einstellungen\Ich Roque\Anwendungsdaten\twain_32" deleted successfully.
Folder "C:\WINDOWS\system32\xerox32" deleted successfully.
Registry value "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run|net" deleted successfully.

Completed script processing.

*******************

Finished! Terminate.

md-heretic · 02.07.2009, 18:17

Code:

ATTFilter

ComboFix 09-07-01.04 - Ich Roque 02.07.2009 18:48.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.49.1031.18.1023.611 [GMT 2:00]
ausgeführt von:: c:\dokumente und einstellungen\Ich Roque\Desktop\ComboFix.exe
* Neuer Wiederherstellungspunkt wurde erstellt
.
 
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
 
c:\dokumente und einstellungen\Ich Roque\Anwendungsdaten\wiaserva.log
c:\dokumente und einstellungen\LocalService\Anwendungsdaten\twain_32
c:\dokumente und einstellungen\LocalService\Anwendungsdaten\twain_32\user.ds
c:\windows\Installer\44eddf.msi
c:\windows\Installer\b26d5bd.msi
c:\windows\Installer\WMEncoder.msi
c:\windows\msacm32.drv
c:\windows\rasqervy.dll
c:\windows\sdfinacs.dll
c:\windows\sdfixwcs.dll
c:\windows\system32\drivers\UACutpynkdskkyfdnd.sys
c:\windows\system32\mlfcache.dat
c:\windows\system32\UACabyokxgvefrtlio.db
c:\windows\system32\UACbxtvgtmpirgompj.dll
c:\windows\system32\UACdmrvekxjerlirsh.dll
c:\windows\system32\UACejbacwtakaiysyw.log
c:\windows\system32\UAChdjuajutpsnaayc.dll
c:\windows\system32\uacinit.dll
c:\windows\system32\UACqynkbmflytirtjg.dll
c:\windows\system32\UACsecowjlqbcnxmes.log
c:\windows\system32\uactmp.db
c:\windows\system32\UACxtlrkbmdxvnoywr.dll
c:\windows\system32\UACxucpqrqxvyeoaok.dll
c:\windows\system32\UACyxoxsgntjlaboco.dat
c:\windows\system32\wbem\proquota.exe
c:\windows\wuasirvy.dll
 
c:\windows\system32\proquota.exe fehlte 
Kopie von - c:\windows\ServicePackFiles\i386\proquota.exe wurde wiederhergestellt
 
.
((((((((((((((((((((((((((((((((((((((( Treiber/Dienste )))))))))))))))))))))))))))))))))))))))))))))))))
.
 
-------\Service_UACd.sys
 
 
((((((((((((((((((((((( Dateien erstellt von 2009-06-02 bis 2009-07-02 ))))))))))))))))))))))))))))))
.
 
2009-07-02 17:01 . 2004-08-04 07:58    50688    ----a-w-    c:\windows\system32\proquota.exe
2009-07-02 16:25 . 2009-07-02 17:05    --------    d-sh--w-    c:\windows\system32\xerox32
2009-07-02 15:16 . 2009-07-02 16:39    3072    ----a-w-    c:\dokumente und einstellungen\LocalService\Anwendungsdaten\Macromedia\Common\dc0bc03819.exe
2009-07-02 06:36 . 2009-07-02 17:06    3072    ----a-w-    c:\dokumente und einstellungen\Ich Roque\Anwendungsdaten\Macromedia\Common\dc0bc03819.exe
2009-07-02 06:36 . 2009-07-02 06:36    58880    ----a-w-    c:\dokumente und einstellungen\Ich Roque\Anwendungsdaten\Macromedia\Common\dc0bc0381.dll
2009-06-12 14:36 . 2009-06-12 14:36    --------    d-----w-    c:\dokumente und einstellungen\All Users\Anwendungsdaten\McAfee
2009-06-12 14:36 . 2009-06-12 14:36    152576    ----a-w-    c:\dokumente und einstellungen\Ich Roque\Anwendungsdaten\Sun\Java\jre1.6.0_14\lzma.dll
2009-06-04 22:27 . 2009-05-21 09:33    410984    ----a-w-    c:\windows\system32\deploytk.dll
2009-06-04 22:26 . 2009-06-04 22:26    152576    ----a-w-    c:\dokumente und einstellungen\Ich Roque\Anwendungsdaten\Sun\Java\jre1.6.0_13\lzma.dll
 
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-25 22:43 . 2007-07-18 18:28    --------    d-----w-    c:\programme\Full Tilt Poker
2009-06-12 14:37 . 2005-07-20 17:52    --------    d-----w-    c:\programme\Java
2009-06-08 14:31 . 2008-04-02 11:31    --------    d-----w-    c:\programme\Safari
2009-06-01 18:35 . 2009-05-20 12:23    --------    d-----w-    c:\programme\PC Tools AntiVirus
2009-06-01 18:22 . 2007-03-20 01:06    --------    d---a-w-    c:\dokumente und einstellungen\All Users\Anwendungsdaten\TEMP
2009-05-30 12:28 . 2009-05-30 12:24    --------    d-----w-    c:\programme\Catan
2009-05-27 21:18 . 2009-05-20 00:27    --------    d-----w-    c:\programme\You Don't Know Jack 4
2009-05-24 18:25 . 2009-05-24 18:25    --------    d-----w-    c:\dokumente und einstellungen\Ich Roque\Anwendungsdaten\Malwarebytes
2009-05-24 18:25 . 2009-05-24 18:25    --------    d-----w-    c:\programme\Malwarebytes' Anti-Malware
2009-05-24 18:25 . 2009-05-24 18:25    --------    d-----w-    c:\dokumente und einstellungen\All Users\Anwendungsdaten\Malwarebytes
2009-05-22 20:04 . 2009-05-22 20:04    2    ---h--w-    c:\windows\sto453148.dat
2009-05-22 20:04 . 2009-05-22 20:04    2    ---h--w-    c:\windows\sto452688.dat
2009-05-21 12:43 . 2009-05-21 12:43    146    ----a-w-    C:\4321f456.bat
2009-05-20 23:07 . 2007-09-20 17:38    --------    d-----w-    c:\programme\PokerAce Hud
2009-05-20 20:35 . 2005-07-25 17:13    --------    d-----w-    c:\programme\HLSW
2009-05-20 20:02 . 2005-12-30 16:48    --------    d-----w-    c:\dokumente und einstellungen\Ich Roque\Anwendungsdaten\Azureus
2009-05-20 19:54 . 2005-06-22 12:34    32704    ----a-w-    c:\dokumente und einstellungen\Ich Roque\Lokale Einstellungen\Anwendungsdaten\GDIPFONTCACHEV1.DAT
2009-05-20 19:49 . 2009-05-20 19:49    --------    d-----w-    c:\programme\CCleaner
2009-05-20 19:35 . 2009-05-20 19:35    --------    d-----w-    c:\programme\Trend Micro
2009-05-20 15:15 . 2009-05-20 15:15    2    ---h--w-    c:\windows\sto452739.dat
2009-05-20 15:15 . 2009-05-20 15:15    2    ---h--w-    c:\windows\sto452712.dat
2009-05-20 14:10 . 2005-06-22 22:42    --------    d-----w-    c:\programme\Gamers.IRC
2009-05-20 14:05 . 2005-06-23 19:00    --------    d-----w-    c:\programme\Gemeinsame Dateien\Adobe
2009-05-20 14:03 . 2006-01-21 00:09    --------    d-----w-    c:\programme\FileZilla
2009-05-20 14:02 . 2005-11-05 16:04    --------    d-----w-    c:\dokumente und einstellungen\All Users\Anwendungsdaten\Skype
2009-05-20 14:01 . 2009-04-05 15:01    --------    d-----w-    c:\programme\Gemeinsame Dateien\DVDVideoSoft
2009-05-20 14:00 . 2005-12-25 23:25    --------    d-----w-    c:\programme\Samsung
2009-05-20 14:00 . 2005-06-20 14:53    --------    d--h--w-    c:\programme\InstallShield Installation Information
2009-05-20 13:36 . 2007-11-20 23:41    --------    d-----w-    c:\programme\Tiger Gaming
2009-05-20 13:34 . 2007-02-21 20:37    --------    d-----w-    c:\programme\PokerStars
2009-05-20 13:31 . 2007-01-21 14:04    --------    d-----w-    c:\programme\PartyGaming
2009-05-20 12:48 . 2009-05-20 12:48    2    ---h--w-    c:\windows\sto452730.dat
2009-05-20 12:04 . 2009-05-20 12:04    2    ---h--w-    c:\windows\sto452738.dat
2009-05-20 00:27 . 2009-05-20 00:27    --------    d-----w-    c:\programme\Gemeinsame Dateien\SWF Studio
2009-05-19 21:18 . 2009-05-19 21:17    --------    d-----w-    c:\programme\CDRWIN
2009-05-19 18:57 . 2009-05-19 18:57    2    ---h--w-    c:\windows\sto453251.dat
2009-05-19 18:57 . 2009-05-19 18:57    2    ---h--w-    c:\windows\sto453224.dat
2009-05-19 16:57 . 2009-05-19 16:57    2    ---h--w-    c:\windows\sto453250.dat
2009-05-19 16:57 . 2009-05-19 16:57    32    --s-a-w-    c:\windows\system32\2756433137.dat
2009-05-19 16:57 . 2009-05-19 16:57    53248    ----a-w-    c:\windows\system32\accwizs.exe.ren
2009-05-07 15:42 . 2002-09-11 15:05    346624    ----a-w-    c:\windows\system32\localspl.dll
2009-05-06 19:52 . 2009-03-03 22:51    --------    d-----w-    c:\dokumente und einstellungen\Ich Roque\Anwendungsdaten\dvdcss
2009-04-29 04:51 . 2005-04-27 14:41    686080    ----a-w-    c:\windows\system32\wininet.dll
2009-04-29 04:51 . 2004-08-04 07:57    81920    ------w-    c:\windows\system32\ieencode.dll
2009-04-19 20:06 . 2002-09-11 15:22    1846784    ----a-w-    c:\windows\system32\win32k.sys
2009-04-18 09:45 . 2002-09-11 15:13    421966    ----a-w-    c:\windows\system32\perfh007.dat
2009-04-18 09:45 . 2002-09-11 15:12    77026    ----a-w-    c:\windows\system32\perfc007.dat
2009-04-16 21:45 . 2009-04-16 21:45    1915520    ----a-w-    c:\dokumente und einstellungen\Ich Roque\Anwendungsdaten\Macromedia\Flash Player\www.macromedia.com\bin\fpupdateax\fpupdateax.exe
2009-04-15 15:11 . 2004-03-06 02:16    584192    ----a-w-    c:\windows\system32\rpcrt4.dll
2009-04-06 13:32 . 2009-05-24 18:25    38496    ----a-w-    c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-06 13:32 . 2009-05-24 18:25    15504    ----a-w-    c:\windows\system32\drivers\mbam.sys
2005-05-11 17:36 . 2005-06-20 16:32    41578    ----a-w-    c:\programme\mozilla firefox\components\jar50.dll
2005-05-11 17:36 . 2005-06-20 16:32    48228    ----a-w-    c:\programme\mozilla firefox\components\jsd3250.dll
2005-05-11 17:36 . 2005-06-20 16:32    159340    ----a-w-    c:\programme\mozilla firefox\components\xpinstal.dll
 
((((((((((((((((((((((((((((( SnapShot@2009-06-01_18.42.44 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-01 15:50 . 2009-07-02 16:46    32768 c:\windows\temp\Verlauf\History.IE5\index.dat
+ 2009-07-01 15:50 . 2009-07-02 16:46    49152 c:\windows\temp\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-02 17:04 . 2009-07-02 17:04    16384 c:\windows\temp\Perflib_Perfdata_78c.dat
+ 2009-07-01 15:50 . 2009-07-02 16:46    16384 c:\windows\temp\Cookies\index.dat
+ 2002-09-11 14:58 . 2004-08-04 07:57    49905 c:\windows\system32\wkoypl.exe
- 2006-12-17 20:49 . 2007-11-30 12:39    18808 c:\windows\system32\spmsg.dll
+ 2006-12-17 20:49 . 2008-07-09 07:37    18808 c:\windows\system32\spmsg.dll
+ 2002-09-11 15:13 . 2009-04-29 04:51    39424 c:\windows\system32\pngfilt.dll
- 2002-09-11 15:13 . 2009-02-20 08:29    39424 c:\windows\system32\pngfilt.dll
- 2002-09-11 15:03 . 2009-02-20 08:29    16384 c:\windows\system32\jsproxy.dll
+ 2002-09-11 15:03 . 2009-04-29 04:51    16384 c:\windows\system32\jsproxy.dll
+ 2002-09-11 15:03 . 2009-04-29 04:51    96768 c:\windows\system32\inseng.dll
- 2002-09-11 15:03 . 2009-02-20 08:29    96768 c:\windows\system32\inseng.dll
+ 2002-09-11 14:58 . 2004-08-04 07:57    49905 c:\windows\system32\fuclr.exe
+ 2004-08-04 07:57 . 2009-04-29 04:51    55808 c:\windows\system32\extmgr.dll
- 2004-08-04 07:57 . 2009-02-20 08:29    55808 c:\windows\system32\extmgr.dll
+ 2006-05-10 05:22 . 2009-04-29 04:51    39424 c:\windows\system32\dllcache\pngfilt.dll
- 2006-05-10 05:22 . 2009-02-20 08:29    39424 c:\windows\system32\dllcache\pngfilt.dll
+ 2006-05-10 05:22 . 2009-04-29 04:51    16384 c:\windows\system32\dllcache\jsproxy.dll
- 2006-05-10 05:22 . 2009-02-20 08:29    16384 c:\windows\system32\dllcache\jsproxy.dll
- 2006-05-10 05:22 . 2009-02-20 08:29    96768 c:\windows\system32\dllcache\inseng.dll
+ 2006-05-10 05:22 . 2009-04-29 04:51    96768 c:\windows\system32\dllcache\inseng.dll
- 2009-02-20 08:29 . 2009-02-20 08:29    81920 c:\windows\system32\dllcache\ieencode.dll
+ 2009-02-20 08:29 . 2009-04-29 04:51    81920 c:\windows\system32\dllcache\ieencode.dll
- 2006-05-09 11:00 . 2009-02-19 09:58    18432 c:\windows\system32\dllcache\iedw.exe
+ 2006-05-09 11:00 . 2009-04-27 09:17    18432 c:\windows\system32\dllcache\iedw.exe
+ 2006-05-10 05:22 . 2009-04-29 04:51    55808 c:\windows\system32\dllcache\extmgr.dll
- 2006-05-10 05:22 . 2009-02-20 08:29    55808 c:\windows\system32\dllcache\extmgr.dll
- 2005-06-20 14:41 . 2005-06-22 12:33    32768 c:\windows\system32\config\systemprofile\Lokale Einstellungen\Verlauf\History.IE5\index.dat
+ 2005-06-20 14:41 . 2009-07-02 17:05    32768 c:\windows\system32\config\systemprofile\Lokale Einstellungen\Verlauf\History.IE5\index.dat
+ 2009-06-09 12:46 . 2009-07-02 17:05    32768 c:\windows\system32\config\systemprofile\Lokale Einstellungen\Temporary Internet Files\Content.IE5\index.dat
- 2005-06-20 14:41 . 2005-06-22 12:33    16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2005-06-20 14:41 . 2009-07-02 17:05    16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2008-04-13 01:03 . 2008-04-13 01:03    86528 c:\windows\Installer\f6cf023.msi
+ 2005-05-17 00:43 . 2009-04-27 09:48    374272 c:\windows\system32\xpsp3res.dll
- 2005-05-17 00:43 . 2009-02-19 23:50    374272 c:\windows\system32\xpsp3res.dll
+ 2002-09-11 15:11 . 2009-02-09 10:18    196608 c:\windows\system32\win32avs.exe
+ 2009-03-10 20:18 . 2009-03-10 20:18    970632 c:\windows\system32\WgaTray.exe
+ 2009-03-10 20:18 . 2009-03-10 20:18    265096 c:\windows\system32\WgaLogon.dll
- 2004-12-07 18:16 . 2009-02-20 08:29    629248 c:\windows\system32\urlmon.dll
+ 2004-12-07 18:16 . 2009-04-29 04:51    629248 c:\windows\system32\urlmon.dll
+ 2004-12-07 18:16 . 2009-04-29 04:51    474624 c:\windows\system32\shlwapi.dll
- 2004-12-07 18:16 . 2009-02-20 08:29    474624 c:\windows\system32\shlwapi.dll
+ 2002-09-11 15:09 . 2009-04-29 04:51    532480 c:\windows\system32\mstime.dll
- 2002-09-11 15:09 . 2009-02-20 08:29    532480 c:\windows\system32\mstime.dll
- 2002-09-11 15:09 . 2009-02-20 08:29    146432 c:\windows\system32\msrating.dll
+ 2002-09-11 15:09 . 2009-04-29 04:51    146432 c:\windows\system32\msrating.dll
- 2002-09-11 15:08 . 2009-02-20 08:29    449024 c:\windows\system32\mshtmled.dll
+ 2002-09-11 15:08 . 2009-04-29 04:51    449024 c:\windows\system32\mshtmled.dll
+ 2009-06-12 14:37 . 2009-05-21 09:34    284056 c:\windows\system32\javaws.exe
+ 2009-06-12 14:37 . 2009-05-21 09:34    144792 c:\windows\system32\javaw.exe
+ 2009-06-12 14:37 . 2009-05-21 09:34    144792 c:\windows\system32\java.exe
- 2005-02-18 16:35 . 2009-02-20 08:29    251392 c:\windows\system32\iepeers.dll
+ 2005-02-18 16:35 . 2009-04-29 04:51    251392 c:\windows\system32\iepeers.dll
- 2005-06-20 15:28 . 2009-05-20 20:03    146808 c:\windows\system32\FNTCACHE.DAT
+ 2005-06-20 15:28 . 2009-06-11 10:15    146808 c:\windows\system32\FNTCACHE.DAT
+ 2002-09-11 15:00 . 2009-04-29 04:51    205312 c:\windows\system32\dxtrans.dll
- 2002-09-11 15:00 . 2009-02-20 08:29    205312 c:\windows\system32\dxtrans.dll
- 2002-09-11 15:00 . 2009-02-20 08:29    357888 c:\windows\system32\dxtmsft.dll
+ 2002-09-11 15:00 . 2009-04-29 04:51    357888 c:\windows\system32\dxtmsft.dll
- 2006-05-10 05:23 . 2009-02-20 08:29    686080 c:\windows\system32\dllcache\wininet.dll
+ 2006-05-10 05:23 . 2009-04-29 04:51    686080 c:\windows\system32\dllcache\wininet.dll
+ 2009-03-10 20:18 . 2009-03-10 20:18    970632 c:\windows\system32\dllcache\WgaTray.exe
+ 2009-03-10 20:18 . 2009-03-10 20:18    265096 c:\windows\system32\dllcache\wgaLogon.dll
- 2006-05-10 05:22 . 2009-02-20 08:29    629248 c:\windows\system32\dllcache\urlmon.dll
+ 2006-05-10 05:22 . 2009-04-29 04:51    629248 c:\windows\system32\dllcache\urlmon.dll
+ 2006-05-10 05:22 . 2009-04-29 04:51    474624 c:\windows\system32\dllcache\shlwapi.dll
- 2006-05-10 05:22 . 2009-02-20 08:29    474624 c:\windows\system32\dllcache\shlwapi.dll
- 2007-10-10 13:33 . 2007-07-09 13:11    584192 c:\windows\system32\dllcache\rpcrt4.dll
+ 2007-10-10 13:33 . 2009-04-15 15:11    584192 c:\windows\system32\dllcache\rpcrt4.dll
- 2006-05-10 05:22 . 2009-02-20 08:29    532480 c:\windows\system32\dllcache\mstime.dll
+ 2006-05-10 05:22 . 2009-04-29 04:51    532480 c:\windows\system32\dllcache\mstime.dll
- 2006-05-10 05:22 . 2009-02-20 08:29    146432 c:\windows\system32\dllcache\msrating.dll
+ 2006-05-10 05:22 . 2009-04-29 04:51    146432 c:\windows\system32\dllcache\msrating.dll
- 2006-05-10 05:22 . 2009-02-20 08:29    449024 c:\windows\system32\dllcache\mshtmled.dll
+ 2006-05-10 05:22 . 2009-04-29 04:51    449024 c:\windows\system32\dllcache\mshtmled.dll
+ 2009-05-07 15:42 . 2009-05-07 15:42    346624 c:\windows\system32\dllcache\localspl.dll
- 2006-05-10 05:22 . 2009-02-20 08:29    251392 c:\windows\system32\dllcache\iepeers.dll
+ 2006-05-10 05:22 . 2009-04-29 04:51    251392 c:\windows\system32\dllcache\iepeers.dll
+ 2006-05-10 05:22 . 2009-04-29 04:51    205312 c:\windows\system32\dllcache\dxtrans.dll
- 2006-05-10 05:22 . 2009-02-20 08:29    205312 c:\windows\system32\dllcache\dxtrans.dll
- 2006-05-10 05:22 . 2009-02-20 08:29    357888 c:\windows\system32\dllcache\dxtmsft.dll
+ 2006-05-10 05:22 . 2009-04-29 04:51    357888 c:\windows\system32\dllcache\dxtmsft.dll
- 2006-05-10 05:22 . 2009-02-20 08:29    152064 c:\windows\system32\dllcache\cdfview.dll
+ 2006-05-10 05:22 . 2009-04-29 04:51    152064 c:\windows\system32\dllcache\cdfview.dll
+ 2002-09-11 14:57 . 2009-04-29 04:51    152064 c:\windows\system32\cdfview.dll
- 2002-09-11 14:57 . 2009-02-20 08:29    152064 c:\windows\system32\cdfview.dll
+ 2004-08-04 07:57 . 2009-04-29 04:51    686080 c:\windows\ServicePackFiles\i386\wininet.dll
- 2004-08-04 07:57 . 2009-02-20 08:29    686080 c:\windows\ServicePackFiles\i386\wininet.dll
- 2004-08-04 07:57 . 2009-02-20 08:29    629248 c:\windows\ServicePackFiles\i386\urlmon.dll
+ 2004-08-04 07:57 . 2009-04-29 04:51    629248 c:\windows\ServicePackFiles\i386\urlmon.dll
+ 2007-11-07 13:07 . 2007-11-07 13:07    999936 c:\windows\Installer\f6cf02c.msp
+ 2007-11-07 12:56 . 2007-11-07 12:56    553472 c:\windows\Installer\f6cf029.msp
+ 2007-11-07 12:58 . 2007-11-07 12:58    908800 c:\windows\Installer\f6cf025.msp
+ 2007-11-07 12:54 . 2007-11-07 12:54    507392 c:\windows\Installer\f6cf024.msp
+ 2007-06-22 00:21 . 2007-06-22 00:21    268800 c:\windows\Installer\e9163f.msi
+ 2009-02-03 20:06 . 2009-02-03 20:06    152576 c:\windows\Installer\c9a877.msi
+ 2007-02-21 18:42 . 2007-02-21 18:42    537600 c:\windows\Installer\a710036.msi
+ 2006-03-31 11:43 . 2006-03-31 11:43    285696 c:\windows\Installer\8f3a3fc.msi
+ 2005-06-20 14:51 . 2005-06-20 14:51    264704 c:\windows\Installer\8e81b.msi
+ 2008-05-20 23:14 . 2008-05-20 23:14    163840 c:\windows\Installer\73b3980.msi
+ 2008-05-20 23:10 . 2008-05-20 23:10    332288 c:\windows\Installer\73b3977.msi
+ 2007-11-13 14:44 . 2007-11-13 14:44    510464 c:\windows\Installer\6edee2.msi
+ 2009-03-17 02:33 . 2009-03-17 02:33    202752 c:\windows\Installer\6d62f.msi
+ 2009-03-17 02:33 . 2009-03-17 02:33    301056 c:\windows\Installer\6d616.msi
+ 2009-06-04 22:27 . 2009-06-04 22:27    598016 c:\windows\Installer\4db50.msi
+ 2008-12-20 04:45 . 2008-12-20 04:45    432640 c:\windows\Installer\44094.msi
+ 2007-08-15 21:10 . 2007-08-15 21:10    431104 c:\windows\Installer\3669624.msi
+ 2009-03-09 18:32 . 2009-03-09 18:32    140288 c:\windows\Installer\2a1b2.msi
+ 2008-03-05 19:02 . 2008-03-05 19:02    470528 c:\windows\Installer\275a7.msi
+ 2006-03-05 22:22 . 2006-03-05 22:22    531456 c:\windows\Installer\26cf920.msi
+ 2005-07-18 21:51 . 2005-07-18 21:51    958464 c:\windows\Installer\25789a.msi
+ 2006-11-17 02:01 . 2006-11-17 02:01    428544 c:\windows\Installer\238172e.msi
+ 2008-03-04 14:36 . 2008-03-04 14:36    891904 c:\windows\Installer\1e9fc.msi
+ 2005-07-20 17:52 . 2005-07-20 17:52    178176 c:\windows\Installer\163a7.msi
+ 2009-03-22 15:06 . 2009-03-22 15:06    805376 c:\windows\Installer\1469fa.msi
+ 2009-03-22 15:03 . 2009-03-22 15:03    467968 c:\windows\Installer\1469f2.msi
+ 2008-03-25 23:28 . 2008-03-25 23:28    116224 c:\windows\Installer\12a8b70.msi
+ 2006-07-17 23:18 . 2006-07-17 23:18    500736 c:\windows\Installer\10a5028.msi
+ 2008-03-06 14:29 . 2009-04-29 04:51    665088 c:\windows\FlyakiteOSX\Backup\wininet.dll
- 2008-03-06 14:29 . 2009-02-20 08:29    665088 c:\windows\FlyakiteOSX\Backup\wininet.dll
+ 2008-03-06 14:29 . 2009-04-29 04:51    618496 c:\windows\FlyakiteOSX\Backup\urlmon.dll
- 2008-03-06 14:29 . 2009-02-20 08:29    618496 c:\windows\FlyakiteOSX\Backup\urlmon.dll
+ 2008-03-06 14:30 . 2009-05-21 09:34    148888 c:\windows\FlyakiteOSX\Backup\javaws.exe
+ 2002-09-11 15:22 . 2004-07-17 18:35    1356288 c:\windows\system32\webfldrs.msi
+ 2008-11-06 16:37 . 2008-11-06 16:37    1585664 c:\windows\system32\VC80CRTRedist.msi
+ 2005-04-27 13:35 . 2009-04-29 04:51    3149824 c:\windows\system32\shdocvw.dll
- 2005-04-27 13:35 . 2009-03-02 23:49    3149824 c:\windows\system32\shdocvw.dll
+ 2005-04-27 14:41 . 2009-04-29 04:51    3593728 c:\windows\system32\mshtml.dll
+ 2009-03-10 20:18 . 2009-03-10 20:18    1482112 c:\windows\system32\LegitCheckControl.dll
+ 2007-03-08 15:32 . 2009-04-19 20:06    1846784 c:\windows\system32\dllcache\win32k.sys
- 2006-05-29 15:30 . 2009-03-02 23:49    3149824 c:\windows\system32\dllcache\shdocvw.dll
+ 2006-05-29 15:30 . 2009-04-29 04:51    3149824 c:\windows\system32\dllcache\shdocvw.dll
+ 2006-05-19 15:09 . 2009-04-29 04:51    3593728 c:\windows\system32\dllcache\mshtml.dll
- 2006-05-10 05:22 . 2009-02-20 08:29    1056256 c:\windows\system32\dllcache\danim.dll
+ 2006-05-10 05:22 . 2009-04-29 04:51    1056256 c:\windows\system32\dllcache\danim.dll
+ 2006-05-10 05:22 . 2009-04-29 04:51    1160192 c:\windows\system32\dllcache\browseui.dll
- 2006-05-10 05:22 . 2009-02-20 08:29    1160192 c:\windows\system32\dllcache\browseui.dll
+ 2002-09-11 14:59 . 2009-04-29 04:51    1056256 c:\windows\system32\danim.dll
- 2002-09-11 14:59 . 2009-02-20 08:29    1056256 c:\windows\system32\danim.dll
+ 2005-02-18 16:35 . 2009-04-29 04:51    1160192 c:\windows\system32\browseui.dll
- 2005-02-18 16:35 . 2009-02-20 08:29    1160192 c:\windows\system32\browseui.dll
+ 2004-07-17 18:35 . 2004-07-17 18:35    1356288 c:\windows\ServicePackFiles\i386\webfldrs.msi
+ 2004-08-04 07:57 . 2009-04-29 04:51    3149824 c:\windows\ServicePackFiles\i386\shdocvw.dll
- 2004-08-04 07:57 . 2009-03-02 23:49    3149824 c:\windows\ServicePackFiles\i386\shdocvw.dll
+ 2004-08-04 07:57 . 2009-04-29 04:51    3593728 c:\windows\ServicePackFiles\i386\mshtml.dll
- 2004-08-04 07:57 . 2009-02-20 08:29    1160192 c:\windows\ServicePackFiles\i386\browseui.dll
+ 2004-08-04 07:57 . 2009-04-29 04:51    1160192 c:\windows\ServicePackFiles\i386\browseui.dll
+ 2007-05-25 10:08 . 2007-05-25 10:08    9609728 c:\windows\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp
+ 2007-11-07 12:50 . 2007-11-07 12:50    6055936 c:\windows\Installer\f6cf02b.msp
+ 2007-11-07 13:00 . 2007-11-07 13:00    3407360 c:\windows\Installer\f6cf02a.msp
+ 2007-11-07 12:46 . 2007-11-07 12:46    3010560 c:\windows\Installer\f6cf028.msp
+ 2007-11-07 13:02 . 2007-11-07 13:02    6473216 c:\windows\Installer\f6cf027.msp
+ 2007-11-07 13:12 . 2007-11-07 13:12    2533376 c:\windows\Installer\f6cf026.msp
+ 2007-02-27 18:58 . 2007-02-27 18:58    4337664 c:\windows\Installer\db4224.msi
+ 2005-09-27 18:38 . 2005-09-27 18:38    2754560 c:\windows\Installer\b13113.msi
+ 2007-02-21 18:44 . 2007-02-21 18:44    1453568 c:\windows\Installer\a710040.msi
+ 2007-02-21 18:43 . 2007-02-21 18:43    1868800 c:\windows\Installer\a71003b.msi
+ 2007-02-21 18:39 . 2007-02-21 18:39    5091840 c:\windows\Installer\a710019.msi
+ 2008-04-02 11:31 . 2008-04-02 11:31    2306560 c:\windows\Installer\814ff.msi
+ 2008-03-06 16:22 . 2008-03-06 16:22    3279872 c:\windows\Installer\5af2d4.msi
+ 2008-03-06 16:20 . 2008-03-06 16:20    1635328 c:\windows\Installer\5af2b0.msi
+ 2008-03-06 16:20 . 2008-03-06 16:20    8984576 c:\windows\Installer\5af2ab.msi
+ 2008-03-06 16:18 . 2008-03-06 16:18    2793984 c:\windows\Installer\5af0c7.msi
+ 2007-03-20 01:57 . 2007-03-20 01:57    1479168 c:\windows\Installer\46834.msi
+ 2007-06-04 12:56 . 2007-06-04 12:56    9278976 c:\windows\Installer\372b01.msi
+ 2008-01-13 21:22 . 2008-01-13 21:22    1994240 c:\windows\Installer\3501c.msi
+ 2007-03-20 01:40 . 2007-03-20 01:40    3443712 c:\windows\Installer\2c061d9.msi
+ 2007-03-21 02:00 . 2007-03-21 02:00    5864960 c:\windows\Installer\2730bb4.msp
+ 2005-10-30 16:59 . 2005-10-30 16:59    2344960 c:\windows\Installer\1540984.msi
+ 2008-12-20 17:12 . 2008-12-20 17:12    1549312 c:\windows\Installer\11b784.msi
- 2008-03-06 14:29 . 2009-03-02 23:49    1495552 c:\windows\FlyakiteOSX\Backup\shdocvw.dll
+ 2008-03-06 14:29 . 2009-04-29 04:51    1495552 c:\windows\FlyakiteOSX\Backup\shdocvw.dll
+ 2008-03-06 14:28 . 2009-04-29 04:51    3081728 c:\windows\FlyakiteOSX\Backup\mshtml.dll
- 2008-03-06 14:28 . 2009-02-20 08:29    1023488 c:\windows\FlyakiteOSX\Backup\browseui.dll
+ 2008-03-06 14:28 . 2009-04-29 04:51    1023488 c:\windows\FlyakiteOSX\Backup\browseui.dll
+ 2006-03-31 11:42 . 2006-03-31 11:42    1635840 c:\windows\Downloaded Installations\{62B3D569-6B1E-4FE0-B27C-9AD90B00F14F}\XDCC Catcher Basic.msi
+ 2005-08-25 13:19 . 2008-01-13 21:21    4421632 c:\windows\Downloaded Installations\{389BF4FC-C288-46C8-BBC2-A4AEE21A8868}\NETGEAR Wireless Adapter WPN311.msi
+ 2005-06-22 12:13 . 2002-09-11 15:22    1355776 c:\windows\$NtServicePackUninstall$\webfldrs.msi
+ 2007-03-29 21:44 . 2007-01-19 11:21    16747520 c:\windows\Installer\MSN Messenger 8.1.0178\MsnMsgs.Msi
+ 2006-08-22 15:02 . 2006-07-29 18:39    15645696 c:\windows\Installer\MSN Messenger 8.0.0812\MsnMsgs.Msi
+ 2007-02-27 19:00 . 2007-02-27 19:00    12388864 c:\windows\Installer\db4227.msi
+ 2006-09-15 16:14 . 2006-09-15 16:14    11162112 c:\windows\Installer\aa170b.msi
+ 2007-03-20 01:56 . 2007-03-20 01:56    13326848 c:\windows\Installer\4682f.msi
+ 2007-12-18 00:14 . 2007-12-18 00:14    10110464 c:\windows\Installer\30caa2c.msi
+ 2007-03-20 01:41 . 2007-03-20 01:41    19210240 c:\windows\Installer\2c06222.msp
+ 2007-06-04 12:41 . 2007-06-04 12:41    10725376 c:\windows\Installer\297d5d.msi
+ 2007-07-12 19:03 . 2007-07-12 19:03    15256576 c:\windows\Installer\102b0d1.msp
+ 2005-08-30 15:18 . 2005-08-30 15:18    68164096 c:\windows\Downloaded Installations\Macromedia Dreamweaver 8\Macromedia_Dreamweaver_8.msi
+ 2006-01-31 22:06 . 2006-01-31 22:06    58676736 c:\windows\Downloaded Installations\{66D8C376-87FE-4A10-A39A-2D775C361BDC}\Sony Ericsson PC Suite.msi
+ 2005-07-09 15:40 . 2005-07-09 15:40    20932608 c:\windows\Downloaded Installations\{4047B242-1233-451B-AC91-A318DE01F288}\iTunes.msi
+ 2006-09-15 16:13 . 2006-09-15 16:13    31057920 c:\windows\Downloaded Installations\{35C2718C-FF5F-493C-BAB7-9366A3D34245}\Adobe Audition 1.5.msi
.
-- Snapshot auf jetziges Datum zurückgesetzt --
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RK Launcher"="c:\programme\RK Launcher\RKLauncher.exe" [2005-10-19 393216]
"msnmsgr"="c:\programme\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]
"Google Update"="c:\dokumente und einstellungen\Ich Roque\Lokale Einstellungen\Anwendungsdaten\Google\Update\GoogleUpdate.exe" [2009-05-24 133104]
"WAB"="c:\dokumente und einstellungen\Ich Roque\Anwendungsdaten\Macromedia\Common\dc0bc03819.exe" [2009-07-02 3072]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="c:\programme\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-30 344064]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-10 90112]
"TkBellExe"="c:\programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" [2005-07-02 180269]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-10-04 380928]
"System Files Updater"="c:\windows\FlyakiteOSX\System Files Updater.exe" [2006-01-15 153233]
"QuickTime Task"="c:\programme\QuickTime\QTTask.exe" [2008-01-31 385024]
"iTunesHelper"="c:\programme\iTunes\iTunesHelper.exe" [2008-02-19 267048]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-10-04 8491008]
"SunJavaUpdateSched"="c:\programme\Java\jre6\bin\jusched.exe" [2009-05-21 148888]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2007-10-04 1626112]
 
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-04 15360]
"WAB"="c:\dokumente und einstellungen\NetworkService\Anwendungsdaten\Macromedia\Common\dc0bc03819.exe" [2009-07-02 3072]
 
c:\dokumente und einstellungen\Ich Roque\Startmen\Programme\Autostart\
Adobe Gamma.lnk - c:\programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe [2006-4-24 113664]
RK Launcher.lnk - c:\programme\RK Launcher\RKLauncher.exe [2005-10-19 393216]
 
c:\dokumente und einstellungen\All Users\Startmen\Programme\Autostart\
Microsoft Office.lnk - c:\programme\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]
NETGEAR WPN311 Wireless Assistant.lnk - c:\programme\NETGEAR\WPN311\wlancfg5.exe [2005-2-21 4517888]
 
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="c:\windows\system32\userinit.exe,c:\windows\system32\win32avs.exe,"
 
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"midi2"=c:\dokume~1\ICHROQ~1\ANWEND~1\MACROM~1\Common\dc0bc0381.dll
"wave1"=c:\dokume~1\ICHROQ~1\ANWEND~1\MACROM~1\Common\dc0bc0381.dll
"aux2"=c:\dokume~1\ICHROQ~1\ANWEND~1\MACROM~1\Common\dc0bc0381.dll
"mixer2"=c:\dokume~1\ICHROQ~1\ANWEND~1\MACROM~1\Common\dc0bc0381.dll
"midi1"=c:\dokume~1\ICHROQ~1\ANWEND~1\MACROM~1\Common\dc0bc0381.dll
"mixer1"=c:\dokume~1\ICHROQ~1\ANWEND~1\MACROM~1\Common\dc0bc0381.dll
"aux1"=c:\dokume~1\ICHROQ~1\ANWEND~1\MACROM~1\Common\dc0bc0381.dll
"wave2"=c:\dokume~1\ICHROQ~1\ANWEND~1\MACROM~1\Common\dc0bc0381.dll
 
[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Adobe Reader - Schnellstart.lnk]
path=c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\Adobe Reader - Schnellstart.lnk
backup=c:\windows\pss\Adobe Reader - Schnellstart.lnkCommon Startup
 
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
 
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
 
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programme\\Messenger\\msmsgs.exe"=
"c:\\Programme\\SmartFTP Client 2.0\\SmartFTP.exe"=
"c:\\Programme\\Winamp Remote\\bin\\Orb.exe"=
"c:\\Programme\\Winamp Remote\\bin\\OrbTray.exe"=
"c:\\Programme\\Winamp Remote\\bin\\OrbStreamerClient.exe"=
"c:\\WINDOWS\\PCHealth\\HelpCtr\\Binaries\\helpctr.exe"=
"c:\\Programme\\Bonjour\\mDNSResponder.exe"=
"c:\\Programme\\iTunes\\iTunes.exe"=
"c:\\Programme\\ICQ6\\ICQ.exe"=
"c:\\Programme\\Safari\\Safari.exe"=
"c:\\Programme\\uusee\\UUSeePlayer.exe"=
"c:\\Dokumente und Einstellungen\\Ich Roque\\Eigene Dateien\\To\\UUSee2007 English-3.0.1.3\\UUSee2007\\UUSeePlayer.exe"=
"c:\\Programme\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programme\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Programme\\Gemeinsame Dateien\\Real\\Update_OB\\realsched.exe"=
"c:\\Programme\\Java\\jre1.6.0_01\\bin\\jusched.exe"=
 
S2 HidServ Service;Eingabegerätezugang HidServ Service; [x]
S3 ovt530;Webcam Classic;c:\windows\system32\drivers\ov530vid.sys [21.12.2006 18:25 161792]
S3 Pemc11esq;Pemc11esq; [x]
.
Inhalt des "geplante Tasks" Ordners
 
2009-07-01 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programme\Apple Software Update\SoftwareUpdate.exe [2007-08-29 11:34]
 
2009-07-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-343818398-287218729-682003330-1003.job
- c:\dokumente und einstellungen\Ich Roque\Lokale Einstellungen\Anwendungsdaten\Google\Update\GoogleUpdate.exe [2009-05-24 21:38]
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
 
HKCU-Run-rundll32.exe - (no file)
 
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.esl-europe.net/de/player/687217/
uInternet Settings,ProxyOverride = *.local;<local>
uInternet Settings,ProxyServer = http=localhost:7171
IE: &ICQ Toolbar Search - c:\programme\ICQToolbar\toolbaru.dll/SEARCH.HTML
IE: &Winamp Toolbar Search - c:\dokumente und einstellungen\All Users\Anwendungsdaten\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
IE: {{B736E0DC-CCE3-4e3c-B14F-403FC1569583} - c:\microgaming\Poker\BattleFieldPokerMPP\MPPoker.exe
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\dokumente und einstellungen\Ich Roque\Anwendungsdaten\Mozilla\Firefox\Profiles\knquimvs.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://www.lyrix.at/pro/heretic_is_oldsql
FF - HiddenExtension: Java Console: No Registry Reference - c:\programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
 
---- FIREFOX Richtlinien ----
c:\programme\Mozilla Firefox\greprefs\all.js - pref("backups.number_of_prefs_copies", 1);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("browser.link.open_newwindow.ui", 3); // prefs UI version
c:\programme\Mozilla Firefox\greprefs\all.js - pref("capability.policy.default.Window.closed", "allAccess");
c:\programme\Mozilla Firefox\greprefs\all.js - pref("capability.policy.default.Window.document", "allAccess");
c:\programme\Mozilla Firefox\greprefs\all.js - pref("capability.policy.default.Window.frames", "allAccess");
c:\programme\Mozilla Firefox\greprefs\all.js - pref("capability.policy.default.Window.history", "allAccess");
c:\programme\Mozilla Firefox\greprefs\all.js - pref("capability.policy.default.Window.length", "allAccess");
c:\programme\Mozilla Firefox\greprefs\all.js - pref("capability.policy.default.Window.opener", "allAccess");
c:\programme\Mozilla Firefox\greprefs\all.js - pref("capability.policy.default.Window.parent", "allAccess");
c:\programme\Mozilla Firefox\greprefs\all.js - pref("capability.policy.default.Window.self", "allAccess");
c:\programme\Mozilla Firefox\greprefs\all.js - pref("capability.policy.default.Window.top", "allAccess");
c:\programme\Mozilla Firefox\greprefs\all.js - pref("capability.policy.default.Window.window", "allAccess");
c:\programme\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.DOMParser,parseFromString", "noAccess");
c:\programme\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.DOMParser,parseFromStream", "noAccess");
c:\programme\Mozilla Firefox\greprefs\all.js - pref("dom.disable_window_open_feature.status", false);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("advanced.always_load_images", true);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.protocol-handler.external.help", false);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.http.connect.timeout", 30);    // in seconds
c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.http.request.timeout", 120);    // in seconds
c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.IDN_show_punycode", true);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.image.imageBehavior", 0); // 0-Accept, 1-dontAcceptForeign, 2-dontUse
c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.cookie.cookieBehavior", 3); // 0-Accept, 1-dontAcceptForeign, 2-dontUse, 3-p3p
c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.cookie.p3plevel", 1); // 0=low, 1=medium, 2=high, 3=custom
c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.enablePad", false); // Allow client to do proxy autodiscovery
c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("app.id", "{ec8030f7-c20a-464f-9b0e-13a3a9e97384}");
c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("app.version", 
c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("app.extensions.version", "1.0");
c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("app.build_id", 
c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("app.update.autoUpdateEnabled", true); // Whether or not background app updates 
c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("app.update.url", "chrome://mozapps/locale/update/update.properties");
c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("app.update.updatesAvailable", false);
c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("app.update.lastUpdateDate", 0); // UTC offset when last App update was 
c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("app.update.performed", false); // Whether or not an update has been 
c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.update.autoUpdateEnabled", true);
c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.update.autoUpdate", false); // Automatically download and install 
c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.update.interval", 604800000); // Check for updates to Extensions and 
c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.update.lastUpdateDate", 0); // UTC offset when last Extension/Theme 
c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.update.severity.threshold", 5);// The number of pending Extension/Theme
c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.update.count", 0); // The number of extension/theme/etc 
c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("update.interval", 3600000); // Check each of the above intervals 
c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("update.showSlidingNotification", true); // Windows-only slide-up taskbar 
c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("update.severity", 0); 
c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("general.useragent.vendor", "Firefox");
c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("general.useragent.vendorSub", 
c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.update.resetHomepage", false);
c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.startup.homepage_override.1", false);
c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.turbo.enabled", false);
c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.default", "chrome://browser/content/searchconfig.properties");
c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.custom", "chrome://browser/content/searchconfig.properties");
c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("update_notifications.enabled", true);
c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("update_notifications.provider.0.frequency", 7); // number of days
c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.xul.error_pages.enabled", false);
c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("pfs.datasource.url", "chrome://mozapps/locale/plugins/plugins.properties");
c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("network.protocol-handler.warn-external.veoh", false);
.
 
**************************************************************************
 
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2009-07-02 19:05
Windows 5.1.2600 Service Pack 2 NTFS
 
Scanne versteckte Prozesse... 
 
Scanne versteckte Autostarteinträge... 
 
Scanne versteckte Dateien... 
 
 
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
 
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Reinstall\XP*]
"DisplayName"="?\13?\13"
"DeviceDesc"="?\13?\13"
"ProviderName"=""
"MFG"="???\\"
"ReinstallString"="c:\\WINDOWS\\System32\\ReinstallBackups\\?\13\\DriverFiles\\.INF"
"DeviceInstanceIds"=multi:"xp_inf\\cx_08883.inf\00"
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
 
- - - - - - - > 'winlogon.exe'(796)
c:\windows\system32\SETUPAPI.dll
c:\windows\system32\COMRes.dll
c:\windows\system32\cscui.dll
 
- - - - - - - > 'lsass.exe'(852)
c:\windows\system32\setupapi.dll
 
- - - - - - - > 'explorer.exe'(3088)
c:\windows\system32\SHDOCVW.dll
c:\programme\RK Launcher\RKLauncher.dll
c:\windows\system32\COMRes.dll
c:\windows\System32\cscui.dll
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\SETUPAPI.dll
c:\windows\system32\WPDShServiceObj.dll
c:\programme\Hercules\WebCam Station\PhotoImpression\share\pihook.dll
c:\programme\SmartFTP Client 2.0\smarthook.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\NETSHELL.dll
c:\windows\system32\credui.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\system32\acs.exe
c:\programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\programme\Bonjour\mDNSResponder.exe
c:\programme\Gemeinsame Dateien\InterVideo\DeviceService\DevSvc.exe
c:\programme\Java\jre6\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\rundll32.exe
c:\programme\iPod\bin\iPodService.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2009-07-02 19:13 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2009-07-02 17:11
ComboFix2.txt 2009-06-08 16:19
ComboFix3.txt 2009-06-01 18:50
 
Vor Suchlauf: 18 Verzeichnis(se), 27.000.111.104 Bytes frei
Nach Suchlauf: 18 Verzeichnis(se), 26.962.759.680 Bytes frei
 
515    --- E O F ---    2009-06-11 09:29

md-heretic · 02.07.2009, 20:21

Malwarebytes' Anti-Malware 1.38
Datenbank Version: 2363
Windows 5.1.2600 Service Pack 2

02.07.2009 21:19:00
mbam-log-2009-07-02 (21-19-00).txt

Scan-Methode: Vollständiger Scan (C:\|)
Durchsuchte Objekte: 248973
Laufzeit: 1 hour(s), 50 minute(s), 22 second(s)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 3
Infizierte Registrierungswerte: 2
Infizierte Dateiobjekte der Registrierung: 22
Infizierte Verzeichnisse: 0
Infizierte Dateien: 39

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43BF8CD1-C5D5-2230-7BB2-98F22C2B7DC6} (Spyware.Zbot) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\rundll32.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Network\UID (Malware.Trace) -> Quarantined and deleted successfully.

Infizierte Dateiobjekte der Registrierung:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.Downloader) -> Data: c:\windows\system32\win32avs.exe -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32\wave1 (Hijack.Sound) -> Bad: (C:\DOKUME~1\ICHROQ~1\ANWEND~1\MACROM~1\Common\dc0bc0381.dll) Good: (wdmaud.drv) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32\midi1 (Hijack.Sound) -> Bad: (C:\DOKUME~1\ICHROQ~1\ANWEND~1\MACROM~1\Common\dc0bc0381.dll) Good: (wdmaud.drv) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32\mixer1 (Hijack.Sound) -> Bad: (C:\DOKUME~1\ICHROQ~1\ANWEND~1\MACROM~1\Common\dc0bc0381.dll) Good: (wdmaud.drv) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32\aux1 (Hijack.Sound) -> Bad: (C:\DOKUME~1\ICHROQ~1\ANWEND~1\MACROM~1\Common\dc0bc0381.dll) Good: (wdmaud.drv) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32\midi2 (Hijack.Sound) -> Bad: (C:\DOKUME~1\ICHROQ~1\ANWEND~1\MACROM~1\Common\dc0bc0381.dll) Good: (wdmaud.drv) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32\wave2 (Hijack.Sound) -> Bad: (C:\DOKUME~1\ICHROQ~1\ANWEND~1\MACROM~1\Common\dc0bc0381.dll) Good: (wdmaud.drv) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32\aux2 (Hijack.Sound) -> Bad: (C:\DOKUME~1\ICHROQ~1\ANWEND~1\MACROM~1\Common\dc0bc0381.dll) Good: (wdmaud.drv) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32\mixer2 (Hijack.Sound) -> Bad: (C:\DOKUME~1\ICHROQ~1\ANWEND~1\MACROM~1\Common\dc0bc0381.dll) Good: (wdmaud.drv) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Hijack.Userinit) -> Bad: (C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\win32avs.exe,) Good: (Userinit.exe) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{1aa45ec7-e75f-489a-9ee2-8cdeacb65efa}\DhcpNameServer (Trojan.DNSChanger) -> Data: 213.174.139.72 255.255.255.255 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{363f9f27-4d55-4070-b9d4-836de0d87dd3}\DhcpNameServer (Trojan.DNSChanger) -> Data: 213.174.139.72 255.255.255.255 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{e9a75eb1-0f7b-4f8c-8964-54812c3f4b84}\DhcpNameServer (Trojan.DNSChanger) -> Data: 213.174.139.72 255.255.255.255 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{ff1feabc-3fa1-42bd-baa1-77f145ddc228}\DhcpNameServer (Trojan.DNSChanger) -> Data: 213.174.139.72 255.255.255.255 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{1aa45ec7-e75f-489a-9ee2-8cdeacb65efa}\DhcpNameServer (Trojan.DNSChanger) -> Data: 213.174.139.72 255.255.255.255 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{363f9f27-4d55-4070-b9d4-836de0d87dd3}\DhcpNameServer (Trojan.DNSChanger) -> Data: 213.174.139.72 255.255.255.255 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{e9a75eb1-0f7b-4f8c-8964-54812c3f4b84}\DhcpNameServer (Trojan.DNSChanger) -> Data: 213.174.139.72 255.255.255.255 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{ff1feabc-3fa1-42bd-baa1-77f145ddc228}\DhcpNameServer (Trojan.DNSChanger) -> Data: 213.174.139.72 255.255.255.255 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{1aa45ec7-e75f-489a-9ee2-8cdeacb65efa}\DhcpNameServer (Trojan.DNSChanger) -> Data: 213.174.139.72 255.255.255.255 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{363f9f27-4d55-4070-b9d4-836de0d87dd3}\DhcpNameServer (Trojan.DNSChanger) -> Data: 213.174.139.72 255.255.255.255 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{e9a75eb1-0f7b-4f8c-8964-54812c3f4b84}\DhcpNameServer (Trojan.DNSChanger) -> Data: 213.174.139.72 255.255.255.255 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{ff1feabc-3fa1-42bd-baa1-77f145ddc228}\DhcpNameServer (Trojan.DNSChanger) -> Data: 213.174.139.72 255.255.255.255 -> Quarantined and deleted successfully.

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
c:\system volume information\_restore{cece59d8-226b-43e7-b0f3-5bca112d9163}\RP949\A0808480.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\system volume information\_restore{cece59d8-226b-43e7-b0f3-5bca112d9163}\RP950\A0813501.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
c:\system volume information\_restore{cece59d8-226b-43e7-b0f3-5bca112d9163}\RP950\A0815522.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
c:\system volume information\_restore{cece59d8-226b-43e7-b0f3-5bca112d9163}\RP950\A0816518.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
c:\system volume information\_restore{cece59d8-226b-43e7-b0f3-5bca112d9163}\RP951\A0818550.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
c:\system volume information\_restore{cece59d8-226b-43e7-b0f3-5bca112d9163}\RP952\A0819555.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
c:\system volume information\_restore{cece59d8-226b-43e7-b0f3-5bca112d9163}\RP967\A0826038.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\system volume information\_restore{cece59d8-226b-43e7-b0f3-5bca112d9163}\RP967\A0826039.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\system volume information\_restore{cece59d8-226b-43e7-b0f3-5bca112d9163}\RP972\A0827429.sys (Trojan.TDSS) -> Quarantined and deleted successfully.
c:\system volume information\_restore{cece59d8-226b-43e7-b0f3-5bca112d9163}\RP972\A0827430.dll (Trojan.TDSS) -> Quarantined and deleted successfully.
c:\system volume information\_restore{cece59d8-226b-43e7-b0f3-5bca112d9163}\RP972\A0827431.dll (Trojan.TDSS) -> Quarantined and deleted successfully.
c:\system volume information\_restore{cece59d8-226b-43e7-b0f3-5bca112d9163}\RP972\A0827432.dll (Trojan.TDSS) -> Quarantined and deleted successfully.
c:\system volume information\_restore{cece59d8-226b-43e7-b0f3-5bca112d9163}\RP972\A0827434.dll (Trojan.TDSS) -> Quarantined and deleted successfully.
c:\system volume information\_restore{cece59d8-226b-43e7-b0f3-5bca112d9163}\RP972\A0827435.dll (Trojan.TDSS) -> Quarantined and deleted successfully.
c:\system volume information\_restore{cece59d8-226b-43e7-b0f3-5bca112d9163}\RP972\A0827436.dll (Trojan.TDSS) -> Quarantined and deleted successfully.
c:\system volume information\_restore{cece59d8-226b-43e7-b0f3-5bca112d9163}\RP972\A0827437.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\accwizs.exe.ren (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Qoobox\quarantine\C\WINDOWS\9129837.exe.vir (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\Qoobox\quarantine\C\WINDOWS\system32\UACbxtvgtmpirgompj.dll.vir (Trojan.TDSS) -> Quarantined and deleted successfully.
c:\Qoobox\quarantine\C\WINDOWS\system32\UACdmrvekxjerlirsh.dll.vir (Trojan.TDSS) -> Quarantined and deleted successfully.
c:\Qoobox\quarantine\C\WINDOWS\system32\UAChdjuajutpsnaayc.dll.vir (Trojan.TDSS) -> Quarantined and deleted successfully.
c:\Qoobox\quarantine\C\WINDOWS\system32\UACqynkbmflytirtjg.dll.vir (Trojan.TDSS) -> Quarantined and deleted successfully.
c:\Qoobox\quarantine\C\WINDOWS\system32\UACxtlrkbmdxvnoywr.dll.vir (Trojan.TDSS) -> Quarantined and deleted successfully.
c:\Qoobox\quarantine\C\WINDOWS\system32\UACxucpqrqxvyeoaok.dll.vir (Trojan.TDSS) -> Quarantined and deleted successfully.
c:\Qoobox\quarantine\C\WINDOWS\system32\drivers\UACutpynkdskkyfdnd.sys.vir (Trojan.TDSS) -> Quarantined and deleted successfully.
c:\Qoobox\quarantine\C\WINDOWS\system32\wbem\proquota.exe.vir (Trojan.Agent) -> Quarantined and deleted successfully.
c:\dokumente und einstellungen\ich roque\anwendungsdaten\macromedia\Common\dc0bc0381.dll (Hijack.Sound) -> Quarantined and deleted successfully.
C:\WINDOWS\sto452730.dat (Worm.KoobFace) -> Quarantined and deleted successfully.
c:\WINDOWS\sto452688.dat (Worm.KoobFace) -> Quarantined and deleted successfully.
c:\WINDOWS\sto452712.dat (Worm.KoobFace) -> Quarantined and deleted successfully.
c:\WINDOWS\sto452738.dat (Worm.KoobFace) -> Quarantined and deleted successfully.
c:\WINDOWS\sto452739.dat (Worm.KoobFace) -> Quarantined and deleted successfully.
c:\WINDOWS\sto453148.dat (Worm.KoobFace) -> Quarantined and deleted successfully.
c:\WINDOWS\sto453224.dat (Worm.KoobFace) -> Quarantined and deleted successfully.
c:\WINDOWS\sto453250.dat (Worm.KoobFace) -> Quarantined and deleted successfully.
c:\WINDOWS\sto453251.dat (Worm.KoobFace) -> Quarantined and deleted successfully.
c:\dokumente und einstellungen\Ich Roque\oashdihasidhasuidhiasdhiashdiuasdhasd (Trace.Pandex) -> Quarantined and deleted successfully.
C:\4321f456.bat (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\win32avs.exe (Trojan.Downloader) -> Delete on reboot.