NTOSKRNL-HOOK Hilfe

KrypToni · 20.09.2009, 17:04

Hallo,

ich bin neu hier und habe ein großes Problem, den Befall von NTOSKRNL-HOOK bzw. "Generic Rootkid.d!rootkid" (laut McAffee) und ich weiß nicht wie ich vorgehen soll.

Ich habe bereits folgenden link gelesen und was ich dort gelesen habe hat mich mehr schockiert als alles andere: http://www.trojaner-board.de/73860-n...l-hook-ii.html

Ich habe noch keine der genannten Schritte vorgenommen da ich mir sehr unsicher bin, wie ich vorgehen soll.

Das Problem ist vor etwa zwei Stunden aufgetreten. Mein Computer hat sich automatisch heruntergefahren und ist nur noch im abgesicherten Modus hochzufahren (sonst: Bluescreen).

Der Trojaner wurde von McAffee erkannt und gelöscht, tritt aber immer wieder auf. Des Weiteren liefert mein McAffee nur eingeschränkt Schutz, da einige Dinge (z.B. Echtzeit-Scan) deaktiviert sind und sich "aufgrund eines Fehlers" auch nicht wieder aktivieren lassen.

Bitte helft mir, ich verzweifle!

Angel21 · 20.09.2009, 17:16

Hallo,

lass mal bitte GMER durchlaufen und poste das Log von Gmer.

Danach würde ich Dich zusätzlich bitten ein Log mit RSIT anzufertigen, erstmal brauche ich nur die Log.txt.

KrypToni · 20.09.2009, 17:54

Erst einmal VIELEN DANK, dass du so schnell bereit bist mir zu helfen!

GMER:
GMER 1.0.15.15087 - http://www.gmer.net
Rootkit scan 2009-09-20 18:35:12
Windows 6.0.6002 Service Pack 2
Running: 75xnd2y3.exe; Driver: C:\Users\Kevin\AppData\Local\Temp\pgldqpod.sys

---- System - GMER 1.0.15 ----

Code 8A32B208 ZwEnumerateKey
Code 85731AF0 ZwFlushInstructionCache
Code 8A2CC0B6 ZwSaveKey
Code 8571616E ZwSaveKeyEx
Code 8A0BC2BD IofCallDriver
Code 8A1C540E IofCompleteRequest

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!IofCallDriver 8248D912 5 Bytes JMP 8A0BC2C2
.text ntkrnlpa.exe!IofCompleteRequest 8248D97F 5 Bytes JMP 8A1C5413
PAGE ntkrnlpa.exe!ZwFlushInstructionCache 825F8EF5 5 Bytes JMP 85731AF4
PAGE ntkrnlpa.exe!ZwEnumerateKey 826460BA 5 Bytes JMP 8A32B20C
PAGE ntkrnlpa.exe!ZwSaveKey 8269B969 5 Bytes JMP 8A2CC0BA
PAGE ntkrnlpa.exe!ZwSaveKeyEx 8269BB07 5 Bytes JMP 85716172

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice \Driver\tdx \Device\Tcp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\tdx \Device\Udp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\tdx \Device\RawIp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Dateisystem-Filter-Manager/Microsoft Corporation)
---- Processes - GMER 1.0.15 ----

Library \\?\globalroot\systemroot\system32\gasfkyevsppheq.dll (*** hidden *** ) @ C:\Windows\Explorer.EXE [1836] 0x10000000

---- Services - GMER 1.0.15 ----

Service C:\Windows\system32\drivers\gasfkyfjraiaqf.sys (*** hidden *** ) [SYSTEM] gasfkydihwssnj <-- ROOTKIT !!!
Service C:\Windows\system32\drivers\gasfkyjpteybxp.sys (*** hidden *** ) [SYSTEM] gasfkygiewipoc <-- ROOTKIT !!!

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0015affda7a0
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0015affda7a0@00219e62f4ce 0xAC 0xA3 0xCF 0x15 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\gasfkydihwssnj
Reg HKLM\SYSTEM\CurrentControlSet\Services\gasfkydihwssnj@start 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\gasfkydihwssnj@type 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\gasfkydihwssnj@group file system
Reg HKLM\SYSTEM\CurrentControlSet\Services\gasfkydihwssnj@imagepath \systemroot\system32\drivers\gasfkyfjraiaqf.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\gasfkydihwssnj\main
Reg HKLM\SYSTEM\CurrentControlSet\Services\gasfkydihwssnj\main@aid 20136
Reg HKLM\SYSTEM\CurrentControlSet\Services\gasfkydihwssnj\main@sid 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\gasfkydihwssnj\main@cmddelay 14400
Reg HKLM\SYSTEM\CurrentControlSet\Services\gasfkydihwssnj\main\delete
Reg HKLM\SYSTEM\CurrentControlSet\Services\gasfkydihwssnj\main\injector
Reg HKLM\SYSTEM\CurrentControlSet\Services\gasfkydihwssnj\main\injector@* gasfkywsp8.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\gasfkydihwssnj\main\tasks
Reg HKLM\SYSTEM\CurrentControlSet\Services\gasfkydihwssnj\modules
Reg HKLM\SYSTEM\CurrentControlSet\Services\gasfkydihwssnj\modules@gasfkyrk.sys \systemroot\system32\drivers\gasfkyfjraiaqf.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\gasfkydihwssnj\modules@gasfkycmd.dll \systemroot\system32\gasfkybntrvric.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\gasfkydihwssnj\modules@gasfkylog.dat \systemroot\system32\gasfkycisrpksx.dat
Reg HKLM\SYSTEM\CurrentControlSet\Services\gasfkydihwssnj\modules@gasfkywsp.dll \systemroot\system32\gasfkyenpqpirv.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\gasfkydihwssnj\modules@gasfky.dat \systemroot\system32\gasfkyqvswbmoa.dat
Reg HKLM\SYSTEM\CurrentControlSet\Services\gasfkydihwssnj\modules@gasfkywsp8.dll \systemroot\system32\gasfkyevsppheq.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\gasfkygiewipoc
Reg HKLM\SYSTEM\CurrentControlSet\Services\gasfkygiewipoc@start 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\gasfkygiewipoc@type 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\gasfkygiewipoc@group file system
Reg HKLM\SYSTEM\CurrentControlSet\Services\gasfkygiewipoc@imagepath \systemroot\system32\drivers\gasfkyjpteybxp.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\gasfkygiewipoc\main
Reg HKLM\SYSTEM\CurrentControlSet\Services\gasfkygiewipoc\main\injector
Reg HKLM\SYSTEM\CurrentControlSet\Services\gasfkygiewipoc\modules
Reg HKLM\SYSTEM\CurrentControlSet\Services\gasfkygiewipoc\modules@gasfkyrk.sys \systemroot\system32\drivers\gasfkyjpteybxp.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\gasfkygiewipoc\modules@gasfkycmd.dll \systemroot\system32\gasfkyrvwqxtxq.dll
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\0015affda7a0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\0015affda7a0@00219e62f4ce 0xAC 0xA3 0xCF 0x15 ...

---- Files - GMER 1.0.15 ----

File C:\Windows\System32\catroot2\dberr.txt 176848 bytes
File C:\Windows\System32\catroot2\edb.chk 8192 bytes
File C:\Windows\System32\catroot2\edb.log 65536 bytes
File C:\Windows\System32\catroot2\edb0023F.log 65536 bytes
File C:\Windows\System32\catroot2\edb00240.log 65536 bytes
File C:\Windows\System32\catroot2\edb00241.log 65536 bytes
File C:\Windows\System32\catroot2\edb00242.log 65536 bytes
File C:\Windows\System32\catroot2\edbres00001.jrs 65536 bytes
File C:\Windows\System32\catroot2\edbres00002.jrs 65536 bytes
File C:\Windows\System32\catroot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE} 0 bytes
File C:\Windows\System32\catroot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb 1056768 bytes
File C:\Windows\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE} 0 bytes
File C:\Windows\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb 18882560 bytes
File C:\Windows\System32\drivers\gasfkyfjraiaqf.sys 69632 bytes executable <-- ROOTKIT !!!
File C:\Windows\System32\drivers\gasfkyjpteybxp.sys 69632 bytes <-- ROOTKIT !!!
File C:\Windows\System32\gasfkybntrvric.dll 43008 bytes executable
File C:\Windows\System32\gasfkycisrpksx.dat 4866 bytes
File C:\Windows\System32\gasfkyenpqpirv.dll 19456 bytes executable
File C:\Windows\System32\gasfkyevsppheq.dll 19968 bytes executable
File C:\Windows\System32\gasfkyqvswbmoa.dat 68 bytes
File C:\Windows\System32\gasfkyrvwqxtxq.dll 43008 bytes executable

---- EOF - GMER 1.0.15 ----

KrypToni · 20.09.2009, 17:57

RSIT (log):
Logfile of random's system information tool 1.06 (written by random/random)
Run by Kevin at 2009-09-20 18:45:49
Microsoft® Windows Vista™ Home Premium Service Pack 2
System drive C: has 106 GB (69%) free of 153 GB
Total RAM: 3070 MB (86% free)

HijackThis download failed

======Scheduled tasks folder======

C:\Windows\tasks\McDefragTask.job
C:\Windows\tasks\McQcTask.job
C:\Windows\tasks\User_Feed_Synchronization-{24D10B2E-46CC-4C74-AEEF-90A3925AAE3A}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{27B4851A-3207-45A2-B947-BE8AFE6163AB}]
McAfee Phishing Filter - c:\PROGRA~1\mcafee\msk\mskapbho.dll [2009-07-08 246800]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7DB2D5A0-7241-4E79-B68D-6309F01C5231}]
scriptproxy - c:\PROGRA~1\mcafee\VIRUSS~1\scriptsn.dll [2009-07-08 62784]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2009-07-19 259696]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll [2009-07-21 669168]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B164E929-A1B6-4A06-B104-2CD0E90A88FF}]
McAfee SiteAdvisor BHO - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll [2009-08-26 204048]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}]
Google Dictionary Compression sdch - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll [2009-07-19 470512]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DF21F1DB-80C6-11D3-9483-B03D0EC10000}]
ASUS Security Protect Manager - C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\ItIEAddIn.dll [2006-11-21 70928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}
{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - McAfee SiteAdvisor Toolbar - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll [2009-08-26 204048]
{855F3B16-6D32-4fe6-8A56-BBB695989046} - ICQToolBar - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll [2009-06-01 962808]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2009-07-19 259696]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-21 1008184]
"HControlUser"=C:\Program Files\ATK Hotkey\HcontrolUser.exe [2008-01-12 98304]
"ATKOSD2"=C:\Program Files\ATKOSD2\ATKOSD2.exe [2008-01-24 7766016]
"NvCplDaemon"=C:\Windows\system32\NvCpl.dll [2008-06-09 13543968]
"NvMediaCenter"=C:\Windows\system32\NvMcTray.dll [2008-06-09 92704]
"RtHDVCpl"=C:\Windows\RtHDVCpl.exe [2008-08-12 6265376]
"CognizanceTS"=C:\PROGRA~1\ASUSSE~1\ASUSSE~1\Bin\ASTSVCC.dll [2003-12-21 17920]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2007-11-16 1029416]
"ATKMEDIA"=C:\Program Files\ASUS\ATK Media\DMedia.exe [2008-06-25 159744]
"ASUS Screen Saver Protector"=C:\Windows\AsScrPro.exe [2008-07-29 3054136]
"ASUS Camera ScreenSaver"=C:\Windows\AsScrProlog.exe [2008-07-29 47672]
"mcagent_exe"=C:\Program Files\McAfee.com\Agent\mcagent.exe [2009-07-10 645328]
"McENUI"=C:\PROGRA~1\McAfee\MHN\McENUI.exe [2009-07-07 1176808]
"Krait"=E:\Programme\Razer\Krait\razerhid.exe [2007-02-16 126976]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2009-04-11 1233920]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2009-07-19 39408]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-21 202240]
"ICQ"=E:\Programme\ICQ6\ICQ.exe silent []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
E:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-27 35696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MobileConnect]
C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe [2008-07-04 2072576]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe [2007-03-01 153136]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDFPrint]
E:\Programme\pdf24\PDFBackend.exe [2008-01-31 134144]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PhonostarTimer]
E:\Programme\phonostar\ps_timer.exe [2009-05-13 126976]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
E:\Programme\QuickTime\QTTask.exe [2007-10-19 286720]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]
E:\Programme\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe [2008-07-02 397312]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
E:\Games\Valve\Steam\\Steam.exe [2008-10-16 1410296]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2009-07-19 39408]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="APSHook.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"notification packages"=scecli
ASWLNPkg

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mcmscsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MpfService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"EnableLUA"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"BindDirectlyToPropertySetStorage"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{49764daf-a06b-11de-b4e5-0015affda7a0}]
shell\AutoRun\command - H:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6d122e33-5d0e-11dd-8b21-806e6f6e6963}]
shell\AutoRun\command - D:\Installer.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a95d5045-491f-11de-a7d1-0015affda7a0}]
shell\AutoRun\command - G:\setup_vmc_lite.exe /checkApplicationPresence

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 months======

2009-09-20 18:45:50 ----D---- C:\Program Files\trend micro
2009-09-20 18:45:49 ----D---- C:\rsit
2009-09-20 18:22:48 ----A---- C:\Windows\system32\MPFServiceFailureCount.txt
2009-09-20 16:08:12 ----A---- C:\Windows\ntbtlog.txt
2009-09-18 18:39:56 ----A---- C:\Windows\system32\usbctl.exe
2009-09-13 21:22:52 ----D---- C:\Users\Kevin\AppData\Roaming\U3
2009-09-09 13:18:52 ----A---- C:\Windows\system32\jscript.dll
2009-09-09 13:18:48 ----A---- C:\Windows\system32\NETSTAT.EXE
2009-09-09 13:18:48 ----A---- C:\Windows\system32\netiohlp.dll
2009-09-09 13:18:48 ----A---- C:\Windows\system32\ARP.EXE
2009-09-09 13:18:47 ----A---- C:\Windows\system32\TCPSVCS.EXE
2009-09-09 13:18:47 ----A---- C:\Windows\system32\MRINFO.EXE
2009-09-09 13:18:47 ----A---- C:\Windows\system32\HOSTNAME.EXE
2009-09-09 13:18:47 ----A---- C:\Windows\system32\finger.exe
2009-09-09 13:18:46 ----A---- C:\Windows\system32\ROUTE.EXE
2009-09-09 13:18:46 ----A---- C:\Windows\system32\netevent.dll
2009-09-09 13:18:17 ----A---- C:\Windows\system32\wlansec.dll
2009-09-09 13:18:17 ----A---- C:\Windows\system32\wlanmsm.dll
2009-09-09 13:18:17 ----A---- C:\Windows\system32\L2SecHC.dll
2009-09-09 13:18:16 ----A---- C:\Windows\system32\wlansvc.dll
2009-09-09 13:18:16 ----A---- C:\Windows\system32\wlanapi.dll
2009-09-09 13:18:12 ----A---- C:\Windows\system32\WMVCORE.DLL
2009-09-09 13:18:12 ----A---- C:\Windows\system32\mf.dll
2009-09-04 14:48:56 ----A---- C:\Windows\system32\GameUXLegacyGDFs.dll
2009-09-04 14:48:56 ----A---- C:\Windows\system32\Apphlpdm.dll
2009-08-27 18:45:40 ----A---- C:\Windows\SkyTel.exe
2009-08-27 18:45:40 ----A---- C:\Windows\RtlUpd.exe
2009-08-27 18:45:39 ----A---- C:\Windows\system32\RtkPgExt.dll
2009-08-27 18:45:39 ----A---- C:\Windows\system32\RtkApoApi.dll
2009-08-27 18:45:39 ----A---- C:\Windows\RtHDVCpl.exe
2009-08-27 12:40:44 ----A---- C:\Windows\system32\tzres.dll
2009-08-23 16:09:18 ----A---- C:\Windows\system32\wdigest.dll
2009-08-23 16:09:18 ----A---- C:\Windows\system32\msv1_0.dll
2009-08-23 16:09:18 ----A---- C:\Windows\system32\kerberos.dll
2009-08-23 16:09:17 ----A---- C:\Windows\system32\secur32.dll
2009-08-23 16:09:17 ----A---- C:\Windows\system32\schannel.dll
2009-08-23 16:09:17 ----A---- C:\Windows\system32\lsass.exe
2009-08-23 16:09:17 ----A---- C:\Windows\system32\lsasrv.dll

======List of files/folders modified in the last 1 months======

2009-09-20 18:45:50 ----RD---- C:\Program Files
2009-09-20 18:44:08 ----D---- C:\Windows\Temp
2009-09-20 18:44:08 ----D---- C:\Windows\System32
2009-09-20 18:43:23 ----D---- C:\Windows\inf
2009-09-20 18:43:23 ----A---- C:\Windows\system32\PerfStringBackup.INI
2009-09-20 18:38:54 ----D---- C:\Windows\Minidump
2009-09-20 18:38:46 ----D---- C:\Windows
2009-09-20 17:58:58 ----D---- C:\Windows\system32\drivers
2009-09-20 15:34:50 ----D---- C:\Windows\Prefetch
2009-09-19 19:03:49 ----SHD---- C:\System Volume Information
2009-09-18 18:44:34 ----D---- C:\Windows\system32\catroot
2009-09-18 18:44:00 ----HD---- C:\Program Files\InstallShield Installation Information
2009-09-15 14:54:20 ----A---- C:\Windows\cdplayer.ini
2009-09-15 13:28:07 ----D---- C:\Program Files\McAfee
2009-09-14 18:51:03 ----D---- C:\ProgramData\McAfee
2009-09-10 16:06:26 ----D---- C:\Windows\rescache
2009-09-10 16:00:46 ----D---- C:\Windows\winsxs
2009-09-10 15:49:14 ----D---- C:\Program Files\Microsoft Silverlight
2009-09-10 15:48:16 ----D---- C:\Windows\system32\de-DE
2009-09-10 13:51:43 ----D---- C:\Program Files\Windows Mail
2009-09-10 13:51:31 ----SHD---- C:\Windows\Installer
2009-09-10 13:51:17 ----D---- C:\Windows\ehome
2009-09-09 13:18:04 ----D---- C:\Windows\system32\catroot2
2009-09-09 13:10:55 ----A---- C:\Windows\system32\acovcnt.exe
2009-09-05 03:06:20 ----D---- C:\Windows\AppPatch
2009-09-04 17:06:53 ----D---- C:\Users\Kevin\AppData\Roaming\phonostar-Player
2009-09-01 19:27:15 ----D---- C:\Users\Kevin\AppData\Roaming\gtk-2.0
2009-08-28 23:38:20 ----A---- C:\Windows\system32\mrt.exe
2009-08-27 18:47:37 ----RSD---- C:\Windows\assembly
2009-08-27 18:46:42 ----D---- C:\Windows\system32\RTCOM
2009-08-27 18:45:47 ----A---- C:\Windows\DIFxAPI.dll
2009-08-27 18:45:38 ----A---- C:\Windows\HideWin.exe
2009-08-27 12:40:03 ----D---- C:\Program Files\Internet Explorer
2009-08-21 14:09:14 ----D---- C:\Windows\Microsoft.NET
2009-08-21 13:56:26 ----D---- C:\ProgramData\NVIDIA
2009-08-21 13:50:50 ----SHD---- C:\Boot

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 MPFP;MPFP; C:\Windows\System32\Drivers\Mpfp.sys [2009-07-16 130424]
R2 rimmptsk;rimmptsk; C:\Windows\system32\DRIVERS\rimmptsk.sys [2008-02-16 46592]
R2 rimsptsk;rimsptsk; C:\Windows\system32\DRIVERS\rimsptsk.sys [2007-07-30 43008]
R2 rismxdp;Ricoh xD-Picture Card Driver; C:\Windows\system32\DRIVERS\rixdptsk.sys [2007-07-30 38400]
R3 itecir;ITECIR Infrared Receiver; C:\Windows\system32\DRIVERS\itecir.sys [2007-12-19 54784]
R3 kbfiltr;Keyboard Filter; C:\Windows\system32\DRIVERS\kbfiltr.sys [2008-06-03 15928]
R3 krait03;Razer krait USB Filter Driver; C:\Windows\System32\Drivers\krait.sys [2005-12-07 13324]
R3 MTsensor;ATK0100 ACPI UTILITY; C:\Windows\system32\DRIVERS\ATKACPI.sys [2006-12-14 7680]
R3 NETw5v32;Intel(R) Wireless WiFi Link Adapter Driver for Windows Vista 32 Bit ; C:\Windows\system32\DRIVERS\NETw5v32.sys [2008-05-20 3663360]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2007-11-16 195760]
S1 mfehidk;McAfee Inc. mfehidk; C:\Windows\system32\drivers\mfehidk.sys [2009-07-08 214024]
S2 ASMMAP;ASMMAP; \??\C:\Program Files\ATKGFNEX\ASMMAP.sys [2007-07-24 13880]
S2 atksgt;atksgt; C:\Windows\system32\DRIVERS\atksgt.sys [2009-07-23 271360]
S2 ghaio;ghaio; \??\C:\Program Files\ASUS\NB Probe\SPM\ghaio.sys [2007-08-03 20936]
S2 ghaio;ghaio; \??\C:\Program Files\ASUS\NB Probe\SPM\ghaio.sys [2007-08-03 20936]
S2 ghaio;ghaio; \??\C:\Program Files\ASUS\NB Probe\SPM\ghaio.sys [2007-08-03 20936]
S2 lirsgt;lirsgt; C:\Windows\system32\DRIVERS\lirsgt.sys [2009-07-23 18048]
S2 regi;regi; C:\Windows\system32\drivers\regi.sys [2007-04-17 11032]
S3 AgereSoftModem;Agere Systems Soft Modem; C:\Windows\system32\DRIVERS\AGRSM.sys [2008-03-21 1203776]
S3 ATSWPDRV;AuthenTec TruePrint USB Driver (SwipeSensor); C:\Windows\system32\DRIVERS\ATSwpDrv.sys [2007-06-17 146824]
S3 BthEnum;Bluetooth-Auflistungsdienst; C:\Windows\system32\DRIVERS\BthEnum.sys [2009-04-11 22528]
S3 BthPan;Bluetooth Device (Personal Area Network); C:\Windows\system32\DRIVERS\bthpan.sys [2008-01-21 92160]
S3 BTHPORT;Bluetooth-Porttreiber; C:\Windows\System32\Drivers\BTHport.sys [2009-04-11 507904]
S3 BTHUSB;USB-Treiber für Bluetooth-Sender; C:\Windows\System32\Drivers\BTHUSB.sys [2009-04-11 29696]
S3 btwaudio;Bluetooth-Audiogerät; C:\Windows\system32\drivers\btwaudio.sys [2008-03-17 81960]
S3 btwavdt;Bluetooth AVDT; C:\Windows\system32\drivers\btwavdt.sys [2008-03-17 100392]
S3 btwl2cap;Bluetooth L2CAP Service; C:\Windows\system32\DRIVERS\btwl2cap.sys [2008-01-29 29736]
S3 btwrchid;btwrchid; C:\Windows\system32\DRIVERS\btwrchid.sys [2008-03-17 17320]
S3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\Windows\system32\DRIVERS\CmBatt.sys [2008-01-21 14208]
S3 DCamUSBET;USB2.0 1.3M UVC WebCam; C:\Windows\system32\DRIVERS\etDevice.sys [2007-09-06 474624]
S3 dot4;MS IEEE-1284.4-Treiber; C:\Windows\system32\DRIVERS\Dot4.sys [2008-01-21 131584]
S3 Dot4Print;Druckerklassentreiber für IEEE-1284.4; C:\Windows\system32\DRIVERS\Dot4Prt.sys [2008-01-21 16384]
S3 Dot4Scan;Scannerklassentreiber für IEEE-1284.4; C:\Windows\system32\DRIVERS\Dot4Scan.sys [2008-01-21 10752]
S3 dot4usb;Dot4USB-Filter Dot4USB Filter; C:\Windows\system32\DRIVERS\dot4usb.sys [2008-01-21 36864]
S3 drmkaud;Microsoft Kernel-DRM-Audioentschlüsselung; C:\Windows\system32\drivers\drmkaud.sys [2008-01-21 5632]
S3 FiltUSBET;ET USB Device Lower Filter; C:\Windows\system32\DRIVERS\etFilter.sys [2008-02-05 206464]
S3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
S3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2008-08-12 2159384]
S3 mfeavfk;McAfee Inc. mfeavfk; C:\Windows\system32\drivers\mfeavfk.sys [2009-07-08 79816]
S3 mfebopk;McAfee Inc. mfebopk; C:\Windows\system32\drivers\mfebopk.sys [2009-07-08 35272]
S3 mferkdk;McAfee Inc. mferkdk; C:\Windows\system32\drivers\mferkdk.sys [2009-07-08 34248]
S3 mfesmfk;McAfee Inc. mfesmfk; C:\Windows\system32\drivers\mfesmfk.sys [2009-07-08 40552]
S3 MODEMCSA;Unimodem-Datenstromfiltergerät; C:\Windows\system32\drivers\MODEMCSA.sys [2008-01-21 18432]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-21 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-21 5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-21 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-21 6016]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver; C:\Windows\system32\drivers\nvhda32v.sys [2008-06-09 43040]
S3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2008-06-09 7522624]
S3 RFCOMM;Bluetooth-Gerät (RFCOMM-Protokoll-TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-04-11 148992]
S3 RTL8169;Realtek 8169 NT Driver; C:\Windows\system32\DRIVERS\Rtlh86.sys [2008-05-02 122368]
S3 s116bus;Sony Ericsson Device 116 driver (WDM); C:\Windows\system32\DRIVERS\s116bus.sys [2007-04-03 83336]
S3 ScanUSBET;ET USB Still Image Capture Device; C:\Windows\system32\DRIVERS\etScan.sys [2008-01-31 6528]
S3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2009-04-11 89088]
S3 smserial;smserial; C:\Windows\system32\DRIVERS\smserial.sys [2006-11-02 1010560]
S3 SymIM;Symantec Network Security Intermediate Filter Service; C:\Windows\system32\DRIVERS\SymIM.sys []
S3 SymIMMP;SymIMMP; C:\Windows\system32\DRIVERS\SymIM.sys []
S3 usbvideo;USB Video Device (WDM); C:\Windows\System32\Drivers\usbvideo.sys [2008-01-21 134016]
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2008-01-21 39936]
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-21 83328]
S3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller; C:\Windows\system32\DRIVERS\yk60x86.sys [2006-11-02 194048]
S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys [2008-01-21 6656]
S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys [2008-01-21 386616]
S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\DRIVERS\wmiacpi.sys [2008-01-21 11264]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

S2 AgereModemAudio;Agere Modem Call Progress Audio; C:\Windows\system32\agrsmsvc.exe [2008-03-18 13312]
S2 ASBroker;Logon Session Broker; C:\Windows\System32\svchost.exe [2008-01-21 21504]
S2 ASChannel;Local Communication Channel; C:\Windows\System32\svchost.exe [2008-01-21 21504]
S2 ASLDRService;ASLDR Service; C:\Program Files\ATK Hotkey\ASLDRSrv.exe [2007-10-03 94208]
S2 ATKGFNEXSrv;ATKGFNEX Service; C:\Program Files\ATKGFNEX\GFNEXSrv.exe [2007-08-08 94208]
S2 BthServ;@%SystemRoot%\System32\bthserv.dll,-101; C:\Windows\system32\svchost.exe [2008-01-21 21504]
S2 btwdins;Bluetooth Service; C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe [2008-04-10 518696]
S2 ICQ Service;ICQ Service; C:\Program Files\ICQ6Toolbar\ICQ Service.exe [2009-06-01 222968]
S2 IviRegMgr;IviRegMgr; C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe [2007-01-04 112152]
S2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2007-10-18 79136]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service; C:\Program Files\McAfee\SiteAdvisor\McSACore.exe [2009-08-26 92296]
S2 mcmscsvc;McAfee Services; C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe [2009-07-10 865832]
S2 McNASvc;McAfee Network Agent; c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe [2009-07-07 2482848]
S2 McProxy;McAfee Proxy Service; c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe [2009-07-08 359952]
S2 McShield;McAfee Real-time Scanner; C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe [2009-07-08 144704]
S2 MpfService;McAfee Personal Firewall Service; C:\Program Files\McAfee\MPF\MPFSrv.exe [2009-07-10 894136]
S2 MSK80Service;McAfee Anti-Spam Service; C:\Program Files\McAfee\MSK\MskSrver.exe [2009-07-08 26640]
S2 NMSAccessU;NMSAccessU; E:\Programme\CDBurnerXP\NMSAccessU.exe [2008-10-20 71096]
S2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2008-06-09 196608]
S2 PnkBstrA;PnkBstrA; C:\Windows\system32\PnkBstrA.exe [2008-08-17 66872]
S2 spmgr;spmgr; C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe [2007-08-03 125496]
S2 usbctl;Microsoft USB Bus Controller; C:\Windows\system32\usbctl.exe [2009-09-18 64000]
S2 VMCService;Vodafone Mobile Connect Service; C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe [2008-07-04 14336]
S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-07-19 182768]
S3 McODS;McAfee Scanner; C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe [2009-07-08 365072]
S3 McSysmon;McAfee SystemGuards; C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe [2009-07-08 606736]
S3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe [2007-11-15 382248]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 Steam Client Service;Steam Client Service; C:\Program Files\Common Files\Steam\SteamService.exe [2008-10-16 87288]

-----------------EOF-----------------

was ich noch vergessen hatte:
Bei GMER ist während des Scans ein Fehler unten in der Taskleiste aufgetreten, der sagte: ...System32/catroot2 beschädigt und nicht lesbar

Angel21 · 20.09.2009, 19:11

Anleitung Avenger (by swandog46)

Lade dir das Tool Hopsassa und speichere es auf dem Desktop:

Doppelklick auf das Avenger-Symbol

Kopiere nun folgenden Text in das weiße Feld bei -> "input script here"

Code:

ATTFilter

files to delete: 
C:\Windows\System32\gasfkybntrvric.dll
C:\Windows\System32\gasfkycisrpksx.dat
C:\Windows\System32\gasfkyenpqpirv.dll
C:\Windows\System32\gasfkyevsppheq.dll
C:\Windows\System32\gasfkyqvswbmoa.dat
C:\Windows\System32\gasfkyrvwqxtxq.dll
C:\Windows\system32\drivers\gasfkyfjraiaqf.sys
C:\Windows\system32\drivers\gasfkyjpteybxp.sys

drivers to delete:
gasfkydihwssnj
gasfkygiewipoc

Schliesse nun alle Programme und Browser-Fenster

Um den Avenger zu starten klicke auf -> Execute
Dann bestätigen mit "Yes" das der Rechner neu startet

Nachdem das System neu gestartet ist, findest du einen Report vom Avenger unter -> C:\avenger.txt

Öffne die Datei mit dem Editor und kopiere den gesamten Text in deinen Beitrag hier am Trojaner-Board.

KrypToni · 20.09.2009, 19:24

Logfile of The Avenger Version 2.0, (c) by Swandog46
Swandog46's Public Anti-Malware Tools

Platform: Windows Vista

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!

Error: could not delete file "C:\Windows\System32\gasfkybntrvric.dll"
Deletion of file "C:\Windows\System32\gasfkybntrvric.dll" failed!
Status: 0xc0000156

Error: could not delete file "C:\Windows\System32\gasfkycisrpksx.dat"
Deletion of file "C:\Windows\System32\gasfkycisrpksx.dat" failed!
Status: 0xc0000156

Error: could not delete file "C:\Windows\System32\gasfkyenpqpirv.dll"
Deletion of file "C:\Windows\System32\gasfkyenpqpirv.dll" failed!
Status: 0xc0000156

Error: could not delete file "C:\Windows\System32\gasfkyevsppheq.dll"
Deletion of file "C:\Windows\System32\gasfkyevsppheq.dll" failed!
Status: 0xc0000156

Error: could not delete file "C:\Windows\System32\gasfkyqvswbmoa.dat"
Deletion of file "C:\Windows\System32\gasfkyqvswbmoa.dat" failed!
Status: 0xc0000156

Error: could not delete file "C:\Windows\System32\gasfkyrvwqxtxq.dll"
Deletion of file "C:\Windows\System32\gasfkyrvwqxtxq.dll" failed!
Status: 0xc0000156

Error: could not delete file "C:\Windows\system32\drivers\gasfkyfjraiaqf.sys"
Deletion of file "C:\Windows\system32\drivers\gasfkyfjraiaqf.sys" failed!
Status: 0xc0000156

Error: could not delete file "C:\Windows\system32\drivers\gasfkyjpteybxp.sys"
Deletion of file "C:\Windows\system32\drivers\gasfkyjpteybxp.sys" failed!
Status: 0xc0000156

Driver "gasfkydihwssnj" deleted successfully.
Driver "gasfkygiewipoc" deleted successfully.

Completed script processing.

*******************

Finished! Terminate.

Angel21 · 20.09.2009, 19:37

Halloo,

Solltest du noch irgendetwas mit dem Computer verbinden, wie Memorysticks, Speicherkarten, Digitalkameras, Handy, externe Laufwerke, ... dann stecke vor dem Scan alles an.

WICHTIG:!!!: Bennene die COMBOFIX.exe bitte VOR dem Download um indem du auf den untenstehenden Link einen Rechtsklick machst -> Ziel speichern unter -> combo-fix.exe es umbenennst.

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix

Lade dir das Tool hier herunter auf den Desktop -> KLICK

Das Programm jedoch noch nicht starten sondern zuerst folgendes tun:

Schliesse alle Anwendungen und Programme, vor allem deine Antiviren-Software und andere Hintergrundwächter, sowie deinen Internetbrowser.
Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.

Dann folgende Anleitung durchlesen und abarbeiten -> CCleaner Systembereinigung

Starte nun die combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen und lass dein System durchsuchen.

Sollte sich ComboFix nicht starten lassen, dann benenne es um in cofi.exe und versuche es nocheinmal.

Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte abkopieren und in deinen Beitrag einfügen. Das log findest du außerdem unter: C:\ComboFix.txt.

Wichtiger Hinweis:

Combofix darf ausschließlich ausgeführt werden wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Hinweis: Combofix verhindert die Autostart Funktion aller CD / DVD und USB - Laufwerken um so eine Verbeitung einzudämmen. Wenn es hierdurch zu Problemen kommt, diese im Thread posten.

KrypToni · 20.09.2009, 21:15

Malwarebytes' Anti-Malware 1.41
Datenbank Version: 2831
Windows 6.0.6002 Service Pack 2 (Safe Mode)

20.09.2009 21:43:40
mbam-log-2009-09-20 (21-43-40).txt

Scan-Methode: Vollständiger Scan (C:\|E:\|F:\|R:\|)
Durchsuchte Objekte: 274337
Laufzeit: 38 minute(s), 23 second(s)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 1
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 1

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
\\?\globalroot\systemroot\System32\gasfkywsiinumy.dll (Rootkit.TDSS) -> Delete on reboot.

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
\\?\globalroot\systemroot\System32\gasfkywsiinumy.dll (Rootkit.TDSS) -> Quarantined and deleted successfully.

Angel21 · 20.09.2009, 21:16

Bitte nochmal Combofix umbenannt laufen laseen

Angel21 · 20.09.2009, 21:18

Lasse Combofix laufen, da ist noch einiges im Argen - Bitte wie in der Anleitung bevor die Datei auf dem Desktop gelangt umbenennen zu Combo-fix.exe

KrypToni · 20.09.2009, 21:17

Logfile of random's system information tool 1.06 (written by random/random)
Run by Kevin at 2009-09-20 22:08:31
Microsoft® Windows Vista™ Home Premium Service Pack 2
System drive C: has 106 GB (69%) free of 153 GB
Total RAM: 3070 MB (86% free)

HijackThis download failed

======Scheduled tasks folder======

C:\Windows\tasks\McDefragTask.job
C:\Windows\tasks\McQcTask.job
C:\Windows\tasks\User_Feed_Synchronization-{24D10B2E-46CC-4C74-AEEF-90A3925AAE3A}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{27B4851A-3207-45A2-B947-BE8AFE6163AB}]
McAfee Phishing Filter - c:\PROGRA~1\mcafee\msk\mskapbho.dll [2009-07-08 246800]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7DB2D5A0-7241-4E79-B68D-6309F01C5231}]
scriptproxy - c:\PROGRA~1\mcafee\VIRUSS~1\scriptsn.dll [2009-07-08 62784]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2009-07-19 259696]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll [2009-07-21 669168]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B164E929-A1B6-4A06-B104-2CD0E90A88FF}]
McAfee SiteAdvisor BHO - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll [2009-08-26 204048]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}]
Google Dictionary Compression sdch - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll [2009-07-19 470512]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DF21F1DB-80C6-11D3-9483-B03D0EC10000}]
ASUS Security Protect Manager - C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\ItIEAddIn.dll [2006-11-21 70928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}
{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - McAfee SiteAdvisor Toolbar - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll [2009-08-26 204048]
{855F3B16-6D32-4fe6-8A56-BBB695989046} - ICQToolBar - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll [2009-06-01 962808]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2009-07-19 259696]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-21 1008184]
"HControlUser"=C:\Program Files\ATK Hotkey\HcontrolUser.exe [2008-01-12 98304]
"ATKOSD2"=C:\Program Files\ATKOSD2\ATKOSD2.exe [2008-01-24 7766016]
"NvCplDaemon"=C:\Windows\system32\NvCpl.dll [2008-06-09 13543968]
"NvMediaCenter"=C:\Windows\system32\NvMcTray.dll [2008-06-09 92704]
"RtHDVCpl"=C:\Windows\RtHDVCpl.exe [2008-08-12 6265376]
"CognizanceTS"=C:\PROGRA~1\ASUSSE~1\ASUSSE~1\Bin\ASTSVCC.dll [2003-12-21 17920]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2007-11-16 1029416]
"ATKMEDIA"=C:\Program Files\ASUS\ATK Media\DMedia.exe [2008-06-25 159744]
"ASUS Screen Saver Protector"=C:\Windows\AsScrPro.exe [2008-07-29 3054136]
"ASUS Camera ScreenSaver"=C:\Windows\AsScrProlog.exe [2008-07-29 47672]
"mcagent_exe"=C:\Program Files\McAfee.com\Agent\mcagent.exe [2009-07-10 645328]
"McENUI"=C:\PROGRA~1\McAfee\MHN\McENUI.exe [2009-07-07 1176808]
"Krait"=E:\Programme\Razer\Krait\razerhid.exe [2007-02-16 126976]
" Malwarebytes Anti-Malware (reboot)"=E:\Programme\Malwarebytes' Anti-Malware\mbam.exe [2009-09-10 1312080]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Malwarebytes' Anti-Malware"=E:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe [2009-09-10 420176]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2009-04-11 1233920]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2009-07-19 39408]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-21 202240]
"ICQ"=E:\Programme\ICQ6\ICQ.exe silent []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
E:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-27 35696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MobileConnect]
C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe [2008-07-04 2072576]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe [2007-03-01 153136]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDFPrint]
E:\Programme\pdf24\PDFBackend.exe [2008-01-31 134144]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PhonostarTimer]
E:\Programme\phonostar\ps_timer.exe [2009-05-13 126976]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
E:\Programme\QuickTime\QTTask.exe [2007-10-19 286720]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]
E:\Programme\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe [2008-07-02 397312]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
E:\Games\Valve\Steam\\Steam.exe [2008-10-16 1410296]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2009-07-19 39408]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="APSHook.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"notification packages"=scecli
ASWLNPkg

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mcmscsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MpfService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"EnableLUA"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"BindDirectlyToPropertySetStorage"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{49764daf-a06b-11de-b4e5-0015affda7a0}]
shell\AutoRun\command - H:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6d122e33-5d0e-11dd-8b21-806e6f6e6963}]
shell\AutoRun\command - D:\Installer.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a95d5045-491f-11de-a7d1-0015affda7a0}]
shell\AutoRun\command - G:\setup_vmc_lite.exe /checkApplicationPresence

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 months======

2009-09-20 22:08:31 ----D---- C:\rsit
2009-09-20 20:58:39 ----D---- C:\Users\Kevin\AppData\Roaming\Malwarebytes
2009-09-20 20:58:34 ----D---- C:\ProgramData\Malwarebytes
2009-09-20 20:19:35 ----D---- C:\Avenger
2009-09-20 20:19:35 ----A---- C:\avenger.txt
2009-09-20 18:45:50 ----D---- C:\Program Files\trend micro
2009-09-20 18:22:48 ----A---- C:\Windows\system32\MPFServiceFailureCount.txt
2009-09-20 16:08:12 ----A---- C:\Windows\ntbtlog.txt
2009-09-18 18:39:56 ----A---- C:\Windows\system32\usbctl.exe
2009-09-13 21:22:52 ----D---- C:\Users\Kevin\AppData\Roaming\U3
2009-09-09 13:18:52 ----A---- C:\Windows\system32\jscript.dll
2009-09-09 13:18:48 ----A---- C:\Windows\system32\NETSTAT.EXE
2009-09-09 13:18:48 ----A---- C:\Windows\system32\netiohlp.dll
2009-09-09 13:18:48 ----A---- C:\Windows\system32\ARP.EXE
2009-09-09 13:18:47 ----A---- C:\Windows\system32\TCPSVCS.EXE
2009-09-09 13:18:47 ----A---- C:\Windows\system32\MRINFO.EXE
2009-09-09 13:18:47 ----A---- C:\Windows\system32\HOSTNAME.EXE
2009-09-09 13:18:47 ----A---- C:\Windows\system32\finger.exe
2009-09-09 13:18:46 ----A---- C:\Windows\system32\ROUTE.EXE
2009-09-09 13:18:46 ----A---- C:\Windows\system32\netevent.dll
2009-09-09 13:18:17 ----A---- C:\Windows\system32\wlansec.dll
2009-09-09 13:18:17 ----A---- C:\Windows\system32\wlanmsm.dll
2009-09-09 13:18:17 ----A---- C:\Windows\system32\L2SecHC.dll
2009-09-09 13:18:16 ----A---- C:\Windows\system32\wlansvc.dll
2009-09-09 13:18:16 ----A---- C:\Windows\system32\wlanapi.dll
2009-09-09 13:18:12 ----A---- C:\Windows\system32\WMVCORE.DLL
2009-09-09 13:18:12 ----A---- C:\Windows\system32\mf.dll
2009-09-04 14:48:56 ----A---- C:\Windows\system32\GameUXLegacyGDFs.dll
2009-09-04 14:48:56 ----A---- C:\Windows\system32\Apphlpdm.dll
2009-08-27 18:45:40 ----A---- C:\Windows\SkyTel.exe
2009-08-27 18:45:40 ----A---- C:\Windows\RtlUpd.exe
2009-08-27 18:45:39 ----A---- C:\Windows\system32\RtkPgExt.dll
2009-08-27 18:45:39 ----A---- C:\Windows\system32\RtkApoApi.dll
2009-08-27 18:45:39 ----A---- C:\Windows\RtHDVCpl.exe
2009-08-27 12:40:44 ----A---- C:\Windows\system32\tzres.dll
2009-08-23 16:09:18 ----A---- C:\Windows\system32\wdigest.dll
2009-08-23 16:09:18 ----A---- C:\Windows\system32\msv1_0.dll
2009-08-23 16:09:18 ----A---- C:\Windows\system32\kerberos.dll
2009-08-23 16:09:17 ----A---- C:\Windows\system32\secur32.dll
2009-08-23 16:09:17 ----A---- C:\Windows\system32\schannel.dll
2009-08-23 16:09:17 ----A---- C:\Windows\system32\lsass.exe
2009-08-23 16:09:17 ----A---- C:\Windows\system32\lsasrv.dll

======List of files/folders modified in the last 1 months======

2009-09-20 22:07:30 ----D---- C:\Windows\Temp
2009-09-20 22:07:13 ----D---- C:\Windows\Minidump
2009-09-20 22:07:04 ----D---- C:\Windows
2009-09-20 20:58:35 ----D---- C:\Windows\system32\drivers
2009-09-20 20:58:34 ----HD---- C:\ProgramData
2009-09-20 20:27:05 ----D---- C:\Windows\System32
2009-09-20 20:26:21 ----D---- C:\Windows\inf
2009-09-20 20:26:21 ----A---- C:\Windows\system32\PerfStringBackup.INI
2009-09-20 20:20:20 ----D---- C:\Windows\Prefetch
2009-09-20 18:45:50 ----RD---- C:\Program Files
2009-09-19 19:03:49 ----SHD---- C:\System Volume Information
2009-09-18 18:44:34 ----D---- C:\Windows\system32\catroot
2009-09-18 18:44:00 ----HD---- C:\Program Files\InstallShield Installation Information
2009-09-15 14:54:20 ----A---- C:\Windows\cdplayer.ini
2009-09-15 13:28:07 ----D---- C:\Program Files\McAfee
2009-09-14 18:51:03 ----D---- C:\ProgramData\McAfee
2009-09-10 16:06:26 ----D---- C:\Windows\rescache
2009-09-10 16:00:46 ----D---- C:\Windows\winsxs
2009-09-10 15:49:14 ----D---- C:\Program Files\Microsoft Silverlight
2009-09-10 15:48:16 ----D---- C:\Windows\system32\de-DE
2009-09-10 13:51:43 ----D---- C:\Program Files\Windows Mail
2009-09-10 13:51:31 ----SHD---- C:\Windows\Installer
2009-09-10 13:51:17 ----D---- C:\Windows\ehome
2009-09-09 13:18:04 ----D---- C:\Windows\system32\catroot2
2009-09-09 13:10:55 ----A---- C:\Windows\system32\acovcnt.exe
2009-09-05 03:06:20 ----D---- C:\Windows\AppPatch
2009-09-04 17:06:53 ----D---- C:\Users\Kevin\AppData\Roaming\phonostar-Player
2009-09-01 19:27:15 ----D---- C:\Users\Kevin\AppData\Roaming\gtk-2.0
2009-08-28 23:38:20 ----A---- C:\Windows\system32\mrt.exe
2009-08-27 18:47:37 ----RSD---- C:\Windows\assembly
2009-08-27 18:46:42 ----D---- C:\Windows\system32\RTCOM
2009-08-27 18:45:47 ----A---- C:\Windows\DIFxAPI.dll
2009-08-27 18:45:38 ----A---- C:\Windows\HideWin.exe
2009-08-27 12:40:03 ----D---- C:\Program Files\Internet Explorer
2009-08-21 14:09:14 ----D---- C:\Windows\Microsoft.NET
2009-08-21 13:56:26 ----D---- C:\ProgramData\NVIDIA
2009-08-21 13:50:50 ----SHD---- C:\Boot

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 MPFP;MPFP; C:\Windows\System32\Drivers\Mpfp.sys [2009-07-16 130424]
R2 rimmptsk;rimmptsk; C:\Windows\system32\DRIVERS\rimmptsk.sys [2008-02-16 46592]
R2 rimsptsk;rimsptsk; C:\Windows\system32\DRIVERS\rimsptsk.sys [2007-07-30 43008]
R2 rismxdp;Ricoh xD-Picture Card Driver; C:\Windows\system32\DRIVERS\rixdptsk.sys [2007-07-30 38400]
R3 itecir;ITECIR Infrared Receiver; C:\Windows\system32\DRIVERS\itecir.sys [2007-12-19 54784]
R3 kbfiltr;Keyboard Filter; C:\Windows\system32\DRIVERS\kbfiltr.sys [2008-06-03 15928]
R3 krait03;Razer krait USB Filter Driver; C:\Windows\System32\Drivers\krait.sys [2005-12-07 13324]
R3 MTsensor;ATK0100 ACPI UTILITY; C:\Windows\system32\DRIVERS\ATKACPI.sys [2006-12-14 7680]
R3 NETw5v32;Intel(R) Wireless WiFi Link Adapter Driver for Windows Vista 32 Bit ; C:\Windows\system32\DRIVERS\NETw5v32.sys [2008-05-20 3663360]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2007-11-16 195760]
S1 mfehidk;McAfee Inc. mfehidk; C:\Windows\system32\drivers\mfehidk.sys [2009-07-08 214024]
S2 ASMMAP;ASMMAP; \??\C:\Program Files\ATKGFNEX\ASMMAP.sys [2007-07-24 13880]
S2 atksgt;atksgt; C:\Windows\system32\DRIVERS\atksgt.sys [2009-07-23 271360]
S2 ghaio;ghaio; \??\C:\Program Files\ASUS\NB Probe\SPM\ghaio.sys [2007-08-03 20936]
S2 ghaio;ghaio; \??\C:\Program Files\ASUS\NB Probe\SPM\ghaio.sys [2007-08-03 20936]
S2 lirsgt;lirsgt; C:\Windows\system32\DRIVERS\lirsgt.sys [2009-07-23 18048]
S2 regi;regi; C:\Windows\system32\drivers\regi.sys [2007-04-17 11032]
S3 AgereSoftModem;Agere Systems Soft Modem; C:\Windows\system32\DRIVERS\AGRSM.sys [2008-03-21 1203776]
S3 ATSWPDRV;AuthenTec TruePrint USB Driver (SwipeSensor); C:\Windows\system32\DRIVERS\ATSwpDrv.sys [2007-06-17 146824]
S3 BthEnum;Bluetooth-Auflistungsdienst; C:\Windows\system32\DRIVERS\BthEnum.sys [2009-04-11 22528]
S3 BthPan;Bluetooth Device (Personal Area Network); C:\Windows\system32\DRIVERS\bthpan.sys [2008-01-21 92160]
S3 BTHPORT;Bluetooth-Porttreiber; C:\Windows\System32\Drivers\BTHport.sys [2009-04-11 507904]
S3 BTHUSB;USB-Treiber für Bluetooth-Sender; C:\Windows\System32\Drivers\BTHUSB.sys [2009-04-11 29696]
S3 btwaudio;Bluetooth-Audiogerät; C:\Windows\system32\drivers\btwaudio.sys [2008-03-17 81960]
S3 btwavdt;Bluetooth AVDT; C:\Windows\system32\drivers\btwavdt.sys [2008-03-17 100392]
S3 btwl2cap;Bluetooth L2CAP Service; C:\Windows\system32\DRIVERS\btwl2cap.sys [2008-01-29 29736]
S3 btwrchid;btwrchid; C:\Windows\system32\DRIVERS\btwrchid.sys [2008-03-17 17320]
S3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\Windows\system32\DRIVERS\CmBatt.sys [2008-01-21 14208]
S3 DCamUSBET;USB2.0 1.3M UVC WebCam; C:\Windows\system32\DRIVERS\etDevice.sys [2007-09-06 474624]
S3 dot4;MS IEEE-1284.4-Treiber; C:\Windows\system32\DRIVERS\Dot4.sys [2008-01-21 131584]
S3 Dot4Print;Druckerklassentreiber für IEEE-1284.4; C:\Windows\system32\DRIVERS\Dot4Prt.sys [2008-01-21 16384]
S3 Dot4Scan;Scannerklassentreiber für IEEE-1284.4; C:\Windows\system32\DRIVERS\Dot4Scan.sys [2008-01-21 10752]
S3 dot4usb;Dot4USB-Filter Dot4USB Filter; C:\Windows\system32\DRIVERS\dot4usb.sys [2008-01-21 36864]
S3 drmkaud;Microsoft Kernel-DRM-Audioentschlüsselung; C:\Windows\system32\drivers\drmkaud.sys [2008-01-21 5632]
S3 FiltUSBET;ET USB Device Lower Filter; C:\Windows\system32\DRIVERS\etFilter.sys [2008-02-05 206464]
S3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
S3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2008-08-12 2159384]
S3 mfeavfk;McAfee Inc. mfeavfk; C:\Windows\system32\drivers\mfeavfk.sys [2009-07-08 79816]
S3 mfebopk;McAfee Inc. mfebopk; C:\Windows\system32\drivers\mfebopk.sys [2009-07-08 35272]
S3 mferkdk;McAfee Inc. mferkdk; C:\Windows\system32\drivers\mferkdk.sys [2009-07-08 34248]
S3 mfesmfk;McAfee Inc. mfesmfk; C:\Windows\system32\drivers\mfesmfk.sys [2009-07-08 40552]
S3 MODEMCSA;Unimodem-Datenstromfiltergerät; C:\Windows\system32\drivers\MODEMCSA.sys [2008-01-21 18432]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-21 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-21 5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-21 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-21 6016]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver; C:\Windows\system32\drivers\nvhda32v.sys [2008-06-09 43040]
S3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2008-06-09 7522624]
S3 RFCOMM;Bluetooth-Gerät (RFCOMM-Protokoll-TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-04-11 148992]
S3 RTL8169;Realtek 8169 NT Driver; C:\Windows\system32\DRIVERS\Rtlh86.sys [2008-05-02 122368]
S3 s116bus;Sony Ericsson Device 116 driver (WDM); C:\Windows\system32\DRIVERS\s116bus.sys [2007-04-03 83336]
S3 ScanUSBET;ET USB Still Image Capture Device; C:\Windows\system32\DRIVERS\etScan.sys [2008-01-31 6528]
S3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2009-04-11 89088]
S3 smserial;smserial; C:\Windows\system32\DRIVERS\smserial.sys [2006-11-02 1010560]
S3 SymIM;Symantec Network Security Intermediate Filter Service; C:\Windows\system32\DRIVERS\SymIM.sys []
S3 SymIMMP;SymIMMP; C:\Windows\system32\DRIVERS\SymIM.sys []
S3 usbvideo;USB Video Device (WDM); C:\Windows\System32\Drivers\usbvideo.sys [2008-01-21 134016]
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2008-01-21 39936]
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-21 83328]
S3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller; C:\Windows\system32\DRIVERS\yk60x86.sys [2006-11-02 194048]
S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys [2008-01-21 6656]
S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys [2008-01-21 386616]
S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\DRIVERS\wmiacpi.sys [2008-01-21 11264]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 MpfService;McAfee Personal Firewall Service; C:\Program Files\McAfee\MPF\MPFSrv.exe [2009-07-10 894136]
S2 AgereModemAudio;Agere Modem Call Progress Audio; C:\Windows\system32\agrsmsvc.exe [2008-03-18 13312]
S2 ASBroker;Logon Session Broker; C:\Windows\System32\svchost.exe [2008-01-21 21504]
S2 ASChannel;Local Communication Channel; C:\Windows\System32\svchost.exe [2008-01-21 21504]
S2 ASLDRService;ASLDR Service; C:\Program Files\ATK Hotkey\ASLDRSrv.exe [2007-10-03 94208]
S2 ATKGFNEXSrv;ATKGFNEX Service; C:\Program Files\ATKGFNEX\GFNEXSrv.exe [2007-08-08 94208]
S2 BthServ;@%SystemRoot%\System32\bthserv.dll,-101; C:\Windows\system32\svchost.exe [2008-01-21 21504]
S2 btwdins;Bluetooth Service; C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe [2008-04-10 518696]
S2 ICQ Service;ICQ Service; C:\Program Files\ICQ6Toolbar\ICQ Service.exe [2009-06-01 222968]
S2 IviRegMgr;IviRegMgr; C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe [2007-01-04 112152]
S2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2007-10-18 79136]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service; C:\Program Files\McAfee\SiteAdvisor\McSACore.exe [2009-08-26 92296]
S2 mcmscsvc;McAfee Services; C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe [2009-07-10 865832]
S2 McNASvc;McAfee Network Agent; c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe [2009-07-07 2482848]
S2 McProxy;McAfee Proxy Service; c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe [2009-07-08 359952]
S2 McShield;McAfee Real-time Scanner; C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe [2009-07-08 144704]
S2 MSK80Service;McAfee Anti-Spam Service; C:\Program Files\McAfee\MSK\MskSrver.exe [2009-07-08 26640]
S2 NMSAccessU;NMSAccessU; E:\Programme\CDBurnerXP\NMSAccessU.exe [2008-10-20 71096]
S2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2008-06-09 196608]
S2 PnkBstrA;PnkBstrA; C:\Windows\system32\PnkBstrA.exe [2008-08-17 66872]
S2 spmgr;spmgr; C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe [2007-08-03 125496]
S2 usbctl;Microsoft USB Bus Controller; C:\Windows\system32\usbctl.exe [2009-09-18 64000]
S2 VMCService;Vodafone Mobile Connect Service; C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe [2008-07-04 14336]
S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-07-19 182768]
S3 McODS;McAfee Scanner; C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe [2009-07-08 365072]
S3 McSysmon;McAfee SystemGuards; C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe [2009-07-08 606736]
S3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe [2007-11-15 382248]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 Steam Client Service;Steam Client Service; C:\Program Files\Common Files\Steam\SteamService.exe [2008-10-16 87288]

-----------------EOF-----------------

KrypToni · 20.09.2009, 21:19

info.txt logfile of random's system information tool 1.06 2009-09-20 22:08:36

======Uninstall list======

-->E:\Programme\Nero\Nero8\\nero\uninstall\UNNERO.exe /UNINSTALL
7-Zip 4.42-->"E:\Programme\7-Zip\Uninstall.exe"
Adobe Flash Player 10 ActiveX-->C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 9.1 - Deutsch-->MsiExec.exe /I{AC76BA86-7AD7-1031-7B44-A91000000001}
Agere Systems HDA Modem-->agrsmdel
Apple Software Update-->MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
ASUS CopyProtect-->MsiExec.exe /I{6B77A7F6-DD63-4F13-A6FF-83137A5AC354}
ASUS LifeFrame3-->MsiExec.exe /I{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}
ASUS Live Update-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E657B243-9AD4-4ECC-BE81-4CCF8D667FD0}\Setup.exe" -l0x9
ASUS Power4Gear eXtreme-->MsiExec.exe /I{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}
ASUS Security Protect Manager-->rundll32.exe "C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\SetupHelper.dll",ExecMain /Uninstall {D8D4AF9A-6ADE-4B14-A7F5-BA858792729E}
ASUS SmartLogon-->MsiExec.exe /I{64452561-169F-4A36-A2FF-B5E118EC65F5}
ASUS Splendid Video Enhancement Technology-->MsiExec.exe /I{0969AF05-4FF6-4C00-9406-43599238DE0D}
ASUS Virtual Camera-->MsiExec.exe /I{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}
Asus_Camera_ScreenSaver-->"C:\Windows\ASUS Camera ScreenSaver Uninstaller.exe"
ATK Generic Function Service-->C:\Program Files\InstallShield Installation Information\{D3D54F3E-C5C3-443D-978F-87A72E5616E8}\Setup.exe -runfromtemp -l0x0009 -removeonly
ATK Hotkey-->C:\Program Files\InstallShield Installation Information\{3912D529-02BC-4CA8-B5ED-0D0C20EB6003}\setup.exe -runfromtemp -l0x0009 -removeonly
ATK Media-->MsiExec.exe /I{D1E5870E-E3E5-4475-98A6-ADD614524ADF}
ATKOSD2-->C:\Program Files\InstallShield Installation Information\{5C1DB4ED-E9B4-402D-BB14-D75D97D6C1A6}\Setup.exe -runfromtemp -l0x0009 -removeonly
AuthenTec Fingerprint Sensor Minimum Install-->MsiExec.exe /I{EB4DF30B-102B-4F0C-927A-D50E037A325D}
Avanquest update-->C:\Program Files\InstallShield Installation Information\{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}\Setup.exe -runfromtemp -l0x0009 -removeonly
Call of Duty(R) - World at War(TM)-->C:\Program Files\InstallShield Installation Information\{D80A6A73-E58A-4673-AFF5-F12D7110661F}\setup.exe -runfromtemp -l0x0407
CCleaner (remove only)-->"E:\Programme\CCleaner\uninst.exe"
CDBurnerXP-->"E:\Programme\CDBurnerXP\unins000.exe"
Command & Conquer 3-->MsiExec.exe /I{B0C30E93-D3D9-4F04-A2AC-54749B573275}
Crysis(R)-->MsiExec.exe /I{000E79B7-E725-4F01-870A-C12942B7F8E4}
CyberLink LabelPrint-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C59C179C-668D-49A9-B6EA-0121CCFC1243}\setup.exe" -uninstall
Dolby Control Center-->MsiExec.exe /I{A23E5590-6799-437B-9723-2627BA800B6F}
Dolby Control Center-->MsiExec.exe /I{DE66EFAD-B9CC-4FD4-9157-6C18E5100161}
Empire Earth III-->C:\Program Files\InstallShield Installation Information\{B17E235C-7A3B-4482-B650-21FFDE1D452E}\setup.exe -runfromtemp -l0x0007 -removeonly
Express Gate-->MsiExec.exe /I{8448D435-7543-411F-A0CC-7AA40D815E8F}
Free M4a to MP3 Converter 6.0-->"E:\Programme\Free M4a to MP3 Converter\unins000.exe"
FreeRIP v3.05-->"E:\Programme\FreeRIP3\unins000.exe"
GIMP 2.4.6-->"E:\Programme\GIMP-2.0\setup\unins000.exe"
Google Toolbar for Internet Explorer-->"C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarManager_9DE96A29E721D90A.exe" /uninstall
Google Toolbar for Internet Explorer-->MsiExec.exe /I{18455581-E099-4BA8-BC6B-F34B2F06600C}
Gothic III-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{02B244A2-7F6A-42E8-A36F-8C385D7A1625}\setup.exe" -l0x7 -removeonly
GRID-->"C:\Program Files\InstallShield Installation Information\{5A0B7BA5-4682-4273-81C2-69B17E649103}\setup.exe" -runfromtemp -l0x0007 -removeonly
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
ICQ Toolbar-->C:\Program Files\ICQ6Toolbar\ICQUnToolbar.exe
ICQ6.5-->"C:\Program Files\InstallShield Installation Information\{60DE4033-9503-48D1-A483-7846BD217CA9}\setup.exe" -runfromtemp -l0x0009 -removeonly
InterVideo WinDVD 8-->C:\Program Files\InstallShield Installation Information\{20471B27-D702-4FE8-8DEC-0702CC8C0A85}\setup.exe -runfromtemp
ITECIR-->C:\Program Files\InstallShield Installation Information\{40580068-9B10-40B5-9548-536CE88AB23C}\SETUP.exe -runfromtemp -l0x0009 -removeonly
Keycraft (remove only)-->"E:\Programme\Keycraft\uninstall.exe"
LightScribe System Software 1.10.19.1-->MsiExec.exe /X{59046D29-2E6B-4224-BF0D-64F3E7A93F7B}
Malwarebytes' Anti-Malware-->"E:\Programme\Malwarebytes' Anti-Malware\unins000.exe"
McAfee SecurityCenter-->C:\Program Files\McAfee\MSC\mcuninst.exe
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU-->C:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 Language Pack SP1 - deu\setup.exe
Microsoft .NET Framework 3.5 Language Pack SP1 - deu-->MsiExec.exe /I{052FDD78-A6EA-3187-8386-C82F4CA3A929}
Microsoft .NET Framework 3.5 SP1-->C:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Halo-->"E:\Games\Microsoft Games\Halo\UNINSTAL.EXE" /runtemp /addremove
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0016-0407-0000-0000000FF1CE} /uninstall {9BD40163-B95D-4B07-8991-0AB775B6D88B}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0018-0407-0000-0000000FF1CE} /uninstall {9BD40163-B95D-4B07-8991-0AB775B6D88B}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001B-0407-0000-0000000FF1CE} /uninstall {9BD40163-B95D-4B07-8991-0AB775B6D88B}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-006E-0407-0000-0000000FF1CE} /uninstall {26454C26-D259-4543-AA60-3189E09C5F76}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-00A1-0407-0000-0000000FF1CE} /uninstall {9BD40163-B95D-4B07-8991-0AB775B6D88B}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}
Microsoft Office Excel MUI (German) 2007-->MsiExec.exe /X{90120000-0016-0407-0000-0000000FF1CE}
Microsoft Office Home and Student 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall HOMESTUDENTR /dll OSETUP.DLL
Microsoft Office Home and Student 2007-->MsiExec.exe /X{91120000-002F-0000-0000-0000000FF1CE}
Microsoft Office OneNote MUI (German) 2007-->MsiExec.exe /X{90120000-00A1-0407-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (German) 2007-->MsiExec.exe /X{90120000-0018-0407-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (German) 2007-->MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE}
Microsoft Office Proof (Italian) 2007-->MsiExec.exe /X{90120000-001F-0410-0000-0000000FF1CE}
Microsoft Office Proofing (German) 2007-->MsiExec.exe /X{90120000-002C-0407-0000-0000000FF1CE}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0407-0000-0000000FF1CE} /uninstall {A0516415-ED61-419A-981D-93596DA74165}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {ABDDE972-355B-4AF1-89A8-DA50B7B5C045}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {F580DDD5-8D37-4998-968E-EBB76BB86787}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0410-0000-0000000FF1CE} /uninstall {322296D4-1EAE-4030-9FBC-D2787EB25FA2}
Microsoft Office Shared MUI (German) 2007-->MsiExec.exe /X{90120000-006E-0407-0000-0000000FF1CE}
Microsoft Office Word MUI (German) 2007-->MsiExec.exe /X{90120000-001B-0407-0000-0000000FF1CE}
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Mozilla Firefox (3.5.3)-->E:\Programme\Mozilla Firefox\uninstall\helper.exe
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB941833)-->MsiExec.exe /I{C523D256-313D-4866-B36A-F3DE528246EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 Parser and SDK-->MsiExec.exe /I{716E0306-8318-4364-8B8F-0CC4E9376BAC}
NB Probe-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6324A1EF-CEF4-43E3-8BCD-9EF3F67317FD}\Setup.exe" -l0x9
Need for Speed Underground 2-->E:\Games\EA GAMES\Need for Speed Underground 2\EAUninstall.exe
Need for Speed™ Undercover-->MsiExec.exe /X{E6D22FE1-AB5F-42CA-9480-6F70B96DDD88}
Nero 8 Essentials-->MsiExec.exe /X{2CC667CD-2234-4774-A536-2757606A1031}
neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
NVIDIA Drivers-->C:\Windows\system32\nvuninst.exe UninstallGUI
OpenAL-->"C:\Program Files\OpenAL\OalinstGridRelease.exe" /U
OpenOffice.org 3.0-->MsiExec.exe /I{04B45310-A5FE-4425-BFCA-1A6D8920DE74}
pdf24-->"E:\Programme\pdf24\unins000.exe"
phonostar-Player Version 2.01.5-->"E:\Programme\phonostar\unins000.exe"
QuickTime-->MsiExec.exe /I{5B09BD67-4C99-46A1-8161-B7208CE18121}
Razer Krait-->C:\Program Files\InstallShield Installation Information\{E6DA58C0-4EC5-4F5E-B73E-2F22ED30ACFC}\~setup.exe -runfromtemp -l0x0009 -removeonly
Realtek 8169 8168 8101E 8102E Ethernet Driver-->C:\Program Files\InstallShield Installation Information\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}\setup.exe -runfromtemp -l0x0009 -removeonly
Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -removeonly
RICOH R5C83x/84x Flash Media Controller Driver Ver.3.55.01-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{59F6A514-9813-47A3-948C-8A155460CC2A}\setup.exe" -l0x9 anything
Security Update for 2007 Microsoft Office System (KB969559)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {69F52148-9BF6-4CDC-BF76-103DEAF3DD08}
Security Update for 2007 Microsoft Office System (KB969679)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {C66E4A6C-6E07-4C63-8CCD-2493B5087C73}
Security Update for Microsoft Office Excel 2007 (KB969682)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {C03803BD-745A-46F8-8557-817DED578780}
Security Update for Microsoft Office PowerPoint 2007 (KB957789)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {7559E742-FF9F-4FAE-B279-008ED296CB4D}
Security Update for Microsoft Office system 2007 (KB969613)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {5ECEB317-CBE9-4E08-AB10-756CB6F0FB6C}
Security Update for Microsoft Office Word 2007 (KB969604)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {CF3D6499-709C-43D0-8908-BC5652656050}
Sony Ericsson Media Manager 1.0-->MsiExec.exe /X{5C72622B-643D-4296-B57D-5D53D0C68509}
Sony Ericsson PC Suite 4.010.00-->C:\Program Files\InstallShield Installation Information\{2FFE93F0-BB72-4E52-8761-354D1AAA9387}\setup.exe -runfromtemp -l0x0007 -removeonly
Spelling Dictionaries Support For Adobe Reader 9-->MsiExec.exe /I{AC76BA86-7AD7-5464-3428-900000000004}
Steam(TM)-->MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3}
Stronghold Legends-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{66A405D2-BA14-4594-BF36-B3B544F0754E}\setup.exe" -l0x7 -removeonly
Synaptics Pointing Device Driver-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
TI Connect(TM) 1.3-->E:\PROGRA~1\TIEDUC~1\TICONN~1\UNWISE.EXE E:\PROGRA~1\TIEDUC~1\TICONN~1\INSTALL.LOG
Unreal Tournament G.O.T.Y. Edition-->E:\Games\UnrealTournament\System\Setup.exe uninstall "UnrealTournament"
Update for 2007 Microsoft Office System (KB967642)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D}
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
Update für Microsoft Office Excel 2007 Help (KB963678)-->msiexec /package {90120000-0016-0407-0000-0000000FF1CE} /uninstall {BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}
Update für Microsoft Office Powerpoint 2007 Help (KB963669)-->msiexec /package {90120000-0018-0407-0000-0000000FF1CE} /uninstall {EA160DA3-E9B5-4D03-A518-21D306665B96}
Update für Microsoft Office Word 2007 Help (KB963665)-->msiexec /package {90120000-001B-0407-0000-0000000FF1CE} /uninstall {38472199-D7B6-4833-A949-10E4EE6365A1}
USB2.0 1.3M UVC WebCam-->C:\Windows\Uninstall.exe
VCRedistSetup-->MsiExec.exe /I{3921A67A-5AB1-4E48-9444-C71814CF3027}
Vodafone Mobile Connect Lite-->MsiExec.exe /X{C656142F-EFE1-44CD-BFAD-6CBC6DCB9860}
Warcraft III-->C:\Program Files\Common Files\Blizzard Entertainment\Warcraft III (2)\Uninstall.exe
Warkeys 1.10.0.0b-->E:\Programme\Warkeys\uninst.exe
WIDCOMM Bluetooth Software-->MsiExec.exe /X{03D1988F-469F-4843-8E6E-E5FE9D17889D}
Winamp-->"E:\Programme\Winamp\UninstWA.exe"
WinFlash-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DE10AB76-4756-4913-BE25-55D1C1051F9A}\Setup.exe" -l0x9
WinRAR-->E:\Programme\WinRAR\uninstall.exe
WinZip 11.1-->MsiExec.exe /X{CD95F661-A5C4-44F5-A6AA-ECDD91C240B5}
Wireless Console 2-->C:\Program Files\InstallShield Installation Information\{83F73CB1-7705-49D1-9852-84D839CA2A45}\Setup.exe -runfromtemp -l0x0009 -removeonly

======Security center information======

AS: Windows Defender

======System event log======

Computer Name: Kevin
Event Code: 4383
Message: Windows-Wartung hat das Update 967632-91_neutral_GDR aus Paket KB967632 (Update) in den Status Installiert(Installed) gesetzt.
Record Number: 92583
Source Name: Microsoft-Windows-Servicing
Time Written: 20090614124723.000000-000
Event Type: Informationen
User: NT-AUTORITÄT\SYSTEM

Computer Name: Kevin
Event Code: 4383
Message: Windows-Wartung hat das Update 967632-89_neutral_GDR aus Paket KB967632 (Update) in den Status Installiert(Installed) gesetzt.
Record Number: 92582
Source Name: Microsoft-Windows-Servicing
Time Written: 20090614124723.000000-000
Event Type: Informationen
User: NT-AUTORITÄT\SYSTEM

Computer Name: Kevin
Event Code: 4383
Message: Windows-Wartung hat das Update 967632-87_neutral_GDR aus Paket KB967632 (Update) in den Status Installiert(Installed) gesetzt.
Record Number: 92581
Source Name: Microsoft-Windows-Servicing
Time Written: 20090614124723.000000-000
Event Type: Informationen
User: NT-AUTORITÄT\SYSTEM

Computer Name: Kevin
Event Code: 4373
Message: Windows-Wartung hat das Paket KB967632(Update) erfolgreich in den Status Installiert(Installed) gesetzt.
Record Number: 92580
Source Name: Microsoft-Windows-Servicing
Time Written: 20090614124723.000000-000
Event Type: Informationen
User: NT-AUTORITÄT\SYSTEM

Computer Name: Kevin
Event Code: 4383
Message: Windows-Wartung hat das Update 967632-123_neutral_PACKAGE aus Paket KB967632 (Update) in den Status Installiert(Installed) gesetzt.
Record Number: 92579
Source Name: Microsoft-Windows-Servicing
Time Written: 20090614124723.000000-000
Event Type: Informationen
User: NT-AUTORITÄT\SYSTEM

=====Application event log=====

Computer Name: WIN-UY2IP6KYFKB
Event Code: 36
Message:
Record Number: 892
Source Name: ccSvcHst
Time Written: 20080728112142.000000-000
Event Type: Informationen
User: NT-AUTORITÄT\SYSTEM

Computer Name: WIN-UY2IP6KYFKB
Event Code: 36
Message:
Record Number: 891
Source Name: ccSvcHst
Time Written: 20080728112142.000000-000
Event Type: Informationen
User: NT-AUTORITÄT\SYSTEM

Computer Name: WIN-UY2IP6KYFKB
Event Code: 36
Message:
Record Number: 890
Source Name: ccSvcHst
Time Written: 20080728112142.000000-000
Event Type: Informationen
User: NT-AUTORITÄT\SYSTEM

Computer Name: WIN-UY2IP6KYFKB
Event Code: 1013
Message: Der Windows-Suchdienst wurde normal beendet.

Record Number: 889
Source Name: Microsoft-Windows-Search
Time Written: 20080728111937.000000-000
Event Type: Informationen
User:

Computer Name: WIN-UY2IP6KYFKB
Event Code: 1
Message: Der Windows-Sicherheitscenterdienst wurde gestartet.
Record Number: 888
Source Name: SecurityCenter
Time Written: 20080728111934.000000-000
Event Type: Informationen
User:

=====Security event log=====

Computer Name: Kevin
Event Code: 4648
Message: Anmeldeversuch mit expliziten Anmeldeinformationen.

Antragsteller:
Sicherheits-ID: S-1-5-18
Kontoname: KEVIN$
Kontodomäne: MSHEIMNETZ
Anmelde-ID: 0x3e7
Anmelde-GUID: {00000000-0000-0000-0000-000000000000}

Konto, dessen Anmeldeinformationen verwendet wurden:
Kontoname: SYSTEM
Kontodomäne: NT-AUTORITÄT
Anmelde-GUID: {00000000-0000-0000-0000-000000000000}

Zielserver:
Zielservername: localhost
Weitere Informationen: localhost

Prozessinformationen:
Prozess-ID: 0x30c
Prozessname: C:\Windows\System32\services.exe

Netzwerkinformationen:
Netzwerkadresse: -
Port: -

Dieses Ereignis wird bei einem Anmeldeversuch durch einen Prozess generiert, wenn ausdrücklich die Anmeldeinformationen des Kontos angegeben werden. Dies ist normalerweise der Fall in Batch-Konfigurationen, z. B. bei geplanten Aufgaben oder wenn der Befehl "runas" verwendet wird.
Record Number: 7630
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20081016202927.028388-000
Event Type: Überwachung erfolgreich
User:

Computer Name: Kevin
Event Code: 4902
Message: Eine Benutzerrichtlinien-Überwachungstabelle wurde erstellt.

Anzahl von Elementen: 0
Richtlinienkennung: 0x13e54
Record Number: 7629
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20081016202924.532372-000
Event Type: Überwachung erfolgreich
User:

Computer Name: Kevin
Event Code: 4624
Message: Ein Konto wurde erfolgreich angemeldet.

Antragsteller:
Sicherheits-ID: S-1-0-0
Kontoname: -
Kontodomäne: -
Anmelde-ID: 0x0

Anmeldetyp: 0

Neue Anmeldung:
Sicherheits-ID: S-1-5-18
Kontoname: SYSTEM
Kontodomäne: NT-AUTORITÄT
Anmelde-ID: 0x3e7
Anmelde-GUID: {00000000-0000-0000-0000-000000000000}

Prozessinformationen:
Prozess-ID: 0x4
Prozessname:

Netzwerkinformationen:
Arbeitsstationsname: -
Quellnetzwerkadresse: -
Quellport: -

Detaillierte Authentifizierungsinformationen:
Anmeldeprozess: -
Authentifizierungspaket: -
Übertragene Dienste: -
Paketname (nur NTLM): -
Schlüssellänge: 0

Dieses Ereignis wird beim Erstellen einer Anmeldesitzung generiert. Es wird auf dem Computer generiert, auf den zugegriffen wurde.

Die Antragstellerfelder geben das Konto auf dem lokalen System an, von dem die Anmeldung angefordert wurde. Dies ist meistens ein Dienst wie der Serverdienst oder ein lokaler Prozess wie "Winlogon.exe" oder "Services.exe".

Das Anmeldetypfeld gibt den jeweiligen Anmeldetyp an. Die häufigsten Typen sind 2 (interaktiv) und 3 (Netzwerk).

Die Felder für die neue Anmeldung geben das Konto an, für das die Anmeldung erstellt wurde, d. h. das angemeldete Konto.

Die Netzwerkfelder geben die Quelle einer Remoteanmeldeanforderung an. der Arbeitsstationsname ist nicht immer verfügbar und kann in manchen Fällen leer bleiben.

Die Felder für die Authentifizierungsinformationen enthalten detaillierte Informationen zu dieser speziellen Anmeldeanforderung.
- Die Anmelde-GUID ist ein eindeutiger Bezeichner, der verwendet werden kann, um dieses Ereignis mit einem KDC-Ereignis zu korrelieren.
- Die übertragenen Dienste geben an, welche Zwischendienste an der Anmeldeanforderung beteiligt waren.
- Der Paketname gibt das in den NTLM-Protokollen verwendete Unterprotokoll an.
- Die Schlüssellänge gibt die Länge des generierten Sitzungsschlüssels an. Wenn kein Sitzungsschlüssel angefordert wurde, ist dieser Wert 0.
Record Number: 7628
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20081016202924.033168-000
Event Type: Überwachung erfolgreich
User:

Computer Name: Kevin
Event Code: 4608
Message: Windows wird gestartet.

Dieses Ereignis wird protokolliert, wenn LSASS.EXE gestartet und das Überwachungssubsystem initialisiert wird.
Record Number: 7627
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20081016202924.033168-000
Event Type: Überwachung erfolgreich
User:

Computer Name: Kevin
Event Code: 1101
Message: Überwachungsereignisse wurden vom Transport gelöscht. Die Echtzeit-Sicherungsdatei war beschädigt, da das System nicht ordnungsgemäß heruntergefahren wurde.
Record Number: 7626
Source Name: Microsoft-Windows-Eventlog
Time Written: 20081016202929.462003-000
Event Type: Überwachung erfolgreich
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\bin;E:\Programme\QuickTime\QTSystem\;C:\Windows\system32
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=x86
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 23 Stepping 6, GenuineIntel
"PROCESSOR_REVISION"=1706
"NUMBER_OF_PROCESSORS"=2
"TRACE_FORMAT_SEARCH_PATH"=\\NTREL202.ntdev.corp.microsoft.com\4F18C3A5-CA09-4DBD-B6FC-219FDD4C6BE0\TraceFormat
"DFSTRACINGON"=FALSE
"configsetroot"=%SystemRoot%\ConfigSetRoot
"CLASSPATH"=.;E:\Programme\QuickTime\QTSystem\QTJava.zip
"QTJAVA"=E:\Programme\QuickTime\QTSystem\QTJava.zip
"SAFEBOOT_OPTION"=NETWORK

-----------------EOF-----------------

der GMER funktioniert leider nicht mehr, auch nach mehreren Versuchen und neuem Download "muss das Programm beendet werden" bei "Device\HarddiskVolumeShadowCopy1"

Angel21 · 20.09.2009, 21:23

Wie gesagt Combofix wie in der Anleitung beschrieben herunterladen und starten.

KrypToni · 20.09.2009, 21:23

Ich habe gesehen der Beitrag von dir hat sich geändert, soll ich jetzt doch Combofix starten?

NTOSKRNL-HOOK Hilfe

Plagegeister aller Art und deren Bekämpfung: NTOSKRNL-HOOK Hilfe