Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung
TR/Crypt.ZPACK.Gen in C:\Windows\Temp\rmwc.tmp\svchost.exe

TR/Crypt.ZPACK.Gen in C:\Windows\Temp\rmwc.tmp\svchost.exe


Plagegeister aller Art und deren Bekämpfung: TR/Crypt.ZPACK.Gen in C:\Windows\Temp\rmwc.tmp\svchost.exe

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Seite 1 von 4 1 23 Letzte »
Alt 10.04.2010, 13:17   #1
Dev
 
TR/Crypt.ZPACK.Gen in C:\Windows\Temp\rmwc.tmp\svchost.exe - Standard

TR/Crypt.ZPACK.Gen in C:\Windows\Temp\rmwc.tmp\svchost.exe


Hi, seit einigen Tagen hab ich mir wohl bisschen was eingefangen. Vielleicht war es als ich bei einem bekannten im Netzwerk unterwegs war, dort kam Antivir das erste Mal mit der Meldung. Hab schon einiges entfernt, vor allem mit Antivir u.ä..
Der Trojaner TR/Crypt.ZPACK.Gen in C:\Windows\Temp\rmwc.tmp\svchost.exe weigert sich allerdings auch bei mir, wie es anscheinend bei vielen anderen auch der Fall ist (wenn man sich die anderen Threads so durchliest). Alle x Minuten kommen die Warnungen von Antivir wieder (immer gleich 2 zu dem oben genannten Trojaner)
Der Trojaner wird allerdings nur von Antivir erkannt, Malwarebytes findet ihn nicht, dafür aber folgendes: C:\Windows\system32\Drivers\soccx.sys (Rootkit.Agent). Im Log steht zwar. dass er entfernt wurde, beim nächsten Scan wird er allerdings wieder erkannt.

Hier erstmal Antivir und Malwarebytes Log:

Zitat:
Avira AntiVir Personal
Erstellungsdatum der Reportdatei: Samstag, 10. April 2010 12:08

Es wird nach 1986969 Virenstämmen gesucht.

Lizenznehmer : Avira AntiVir Personal - FREE Antivirus
Seriennummer : 0000149996-ADJIE-0000001
Plattform : Windows Vista
Windowsversion : (plain) [6.1.7600]
Boot Modus : Normal gebootet
Benutzername : SYSTEM
Computername : BAYER04

Versionsinformationen:
BUILD.DAT : 9.0.0.422 21701 Bytes 09.03.2010 10:23:00
AVSCAN.EXE : 9.0.3.10 466689 Bytes 19.11.2009 19:09:23
AVSCAN.DLL : 9.0.3.0 49409 Bytes 13.02.2009 12:04:10
LUKE.DLL : 9.0.3.2 209665 Bytes 20.02.2009 11:35:44
LUKERES.DLL : 9.0.2.0 13569 Bytes 26.01.2009 10:41:59
VBASE000.VDF : 7.10.0.0 19875328 Bytes 06.11.2009 19:09:23
VBASE001.VDF : 7.10.1.0 1372672 Bytes 19.11.2009 19:09:23
VBASE002.VDF : 7.10.3.1 3143680 Bytes 20.01.2010 10:37:38
VBASE003.VDF : 7.10.3.75 996864 Bytes 26.01.2010 10:59:23
VBASE004.VDF : 7.10.4.203 1579008 Bytes 05.03.2010 15:53:10
VBASE005.VDF : 7.10.4.204 2048 Bytes 05.03.2010 15:53:10
VBASE006.VDF : 7.10.4.205 2048 Bytes 05.03.2010 15:53:10
VBASE007.VDF : 7.10.4.206 2048 Bytes 05.03.2010 15:53:10
VBASE008.VDF : 7.10.4.207 2048 Bytes 05.03.2010 15:53:10
VBASE009.VDF : 7.10.4.208 2048 Bytes 05.03.2010 15:53:10
VBASE010.VDF : 7.10.4.209 2048 Bytes 05.03.2010 15:53:10
VBASE011.VDF : 7.10.4.210 2048 Bytes 05.03.2010 15:53:10
VBASE012.VDF : 7.10.4.211 2048 Bytes 05.03.2010 15:53:10
VBASE013.VDF : 7.10.4.242 153088 Bytes 08.03.2010 15:25:08
VBASE014.VDF : 7.10.5.17 99328 Bytes 10.03.2010 17:30:49
VBASE015.VDF : 7.10.5.44 107008 Bytes 11.03.2010 17:30:49
VBASE016.VDF : 7.10.5.69 92672 Bytes 12.03.2010 17:30:57
VBASE017.VDF : 7.10.5.91 119808 Bytes 15.03.2010 17:30:58
VBASE018.VDF : 7.10.5.121 112640 Bytes 18.03.2010 17:33:23
VBASE019.VDF : 7.10.5.138 139776 Bytes 18.03.2010 17:31:13
VBASE020.VDF : 7.10.5.164 113152 Bytes 22.03.2010 17:31:28
VBASE021.VDF : 7.10.5.182 108032 Bytes 23.03.2010 17:31:33
VBASE022.VDF : 7.10.5.199 123904 Bytes 24.03.2010 17:31:33
VBASE023.VDF : 7.10.5.217 279552 Bytes 25.03.2010 17:31:37
VBASE024.VDF : 7.10.5.234 202240 Bytes 26.03.2010 17:31:38
VBASE025.VDF : 7.10.5.254 187904 Bytes 30.03.2010 17:20:35
VBASE026.VDF : 7.10.6.18 130560 Bytes 01.04.2010 11:07:10
VBASE027.VDF : 7.10.6.34 136192 Bytes 06.04.2010 19:21:05
VBASE028.VDF : 7.10.6.44 232448 Bytes 07.04.2010 19:21:05
VBASE029.VDF : 7.10.6.45 2048 Bytes 07.04.2010 19:21:05
VBASE030.VDF : 7.10.6.46 2048 Bytes 07.04.2010 19:21:05
VBASE031.VDF : 7.10.6.54 96256 Bytes 09.04.2010 14:19:00
Engineversion : 8.2.1.210
AEVDF.DLL : 8.1.1.3 106868 Bytes 23.01.2010 09:52:43
AESCRIPT.DLL : 8.1.3.24 1282425 Bytes 03.04.2010 11:07:14
AESCN.DLL : 8.1.5.0 127347 Bytes 26.02.2010 10:37:39
AESBX.DLL : 8.1.2.1 254323 Bytes 17.03.2010 18:03:47
AERDL.DLL : 8.1.4.3 541043 Bytes 17.03.2010 18:03:38
AEPACK.DLL : 8.2.1.1 426358 Bytes 19.03.2010 17:31:32
AEOFFICE.DLL : 8.1.0.41 201083 Bytes 17.03.2010 18:03:32
AEHEUR.DLL : 8.1.1.16 2503031 Bytes 27.03.2010 17:31:43
AEHELP.DLL : 8.1.11.3 242039 Bytes 03.04.2010 11:07:13
AEGEN.DLL : 8.1.3.6 373108 Bytes 03.04.2010 11:07:13
AEEMU.DLL : 8.1.1.0 393587 Bytes 10.11.2009 17:59:12
AECORE.DLL : 8.1.13.1 188790 Bytes 03.04.2010 11:07:12
AEBB.DLL : 8.1.0.3 53618 Bytes 09.10.2008 14:32:40
AVWINLL.DLL : 9.0.0.3 18177 Bytes 12.12.2008 08:47:56
AVPREF.DLL : 9.0.3.0 44289 Bytes 11.11.2009 17:31:14
AVREP.DLL : 8.0.0.7 159784 Bytes 17.02.2010 20:10:18
AVREG.DLL : 9.0.0.0 36609 Bytes 07.11.2008 15:25:04
AVARKT.DLL : 9.0.0.3 292609 Bytes 24.03.2009 15:05:37
AVEVTLOG.DLL : 9.0.0.7 167169 Bytes 30.01.2009 10:37:04
SQLITE3.DLL : 3.6.1.0 326401 Bytes 28.01.2009 15:03:49
SMTPLIB.DLL : 9.2.0.25 28417 Bytes 02.02.2009 08:21:28
NETNT.DLL : 9.0.0.0 11521 Bytes 07.11.2008 15:41:21
RCIMAGE.DLL : 9.0.0.25 2438913 Bytes 15.05.2009 15:35:17
RCTEXT.DLL : 9.0.73.0 87297 Bytes 19.11.2009 19:09:22

Konfiguration für den aktuellen Suchlauf:
Job Name..............................: Vollständige Systemprüfung
Konfigurationsdatei...................: c:\program files\avira\antivir desktop\sysscan.avp
Protokollierung.......................: niedrig
Primäre Aktion........................: interaktiv
Sekundäre Aktion......................: ignorieren
Durchsuche Masterbootsektoren.........: ein
Durchsuche Bootsektoren...............: ein
Bootsektoren..........................: C:, D:, E:, F:, I:,
Durchsuche aktive Programme...........: ein
Durchsuche Registrierung..............: ein
Suche nach Rootkits...................: ein
Integritätsprüfung von Systemdateien..: aus
Datei Suchmodus.......................: Alle Dateien
Durchsuche Archive....................: ein
Rekursionstiefe einschränken..........: 20
Archiv Smart Extensions...............: ein
Makrovirenheuristik...................: ein
Dateiheuristik........................: mittel

Beginn des Suchlaufs: Samstag, 10. April 2010 12:08

Der Suchlauf nach versteckten Objekten wird begonnen.
HKEY_LOCAL_MACHINE\System\ControlSet001\Services\soccx\type
[INFO] Der Registrierungseintrag ist nicht sichtbar.
HKEY_LOCAL_MACHINE\System\ControlSet001\Services\soccx\start
[INFO] Der Registrierungseintrag ist nicht sichtbar.
HKEY_LOCAL_MACHINE\System\ControlSet001\Services\soccx\errorcontrol
[INFO] Der Registrierungseintrag ist nicht sichtbar.
HKEY_LOCAL_MACHINE\System\ControlSet001\Services\soccx\group
[INFO] Der Registrierungseintrag ist nicht sichtbar.
HKEY_LOCAL_MACHINE\System\ControlSet001\Services\soccx\jd6c2nsr0
[INFO] Der Registrierungseintrag ist nicht sichtbar.
HKEY_LOCAL_MACHINE\System\ControlSet001\Services\soccx\lk0q8eclb
[INFO] Der Registrierungseintrag ist nicht sichtbar.
HKEY_LOCAL_MACHINE\System\ControlSet001\Services\soccx\jw0vt3infm6
[INFO] Der Registrierungseintrag ist nicht sichtbar.
OrbIR.exe
[INFO] Der Prozess ist nicht sichtbar.
Es wurden '23352' Objekte überprüft, '8' versteckte Objekte wurden gefunden.

Der Suchlauf über gestartete Prozesse wird begonnen:
Durchsuche Prozess 'avscan.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'avscan.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'avcenter.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'audiodg.exe' - '0' Modul(e) wurden durchsucht
Durchsuche Prozess 'ICQ.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'skypePM.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'Orb.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'wmpnetwk.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'WmiPrvSE.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'SearchIndexer.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'KHALMNPR.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'quickset.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'SetPoint.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'PPAP.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'BTTray.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'conhost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'ApntEx.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'OctoshapeClient.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'hidfind.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'Skype.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'ApMsgFwd.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'AdobeARM.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'avgnt.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'jusched.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'WLTRAY.EXE' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'Apoint.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'sttray.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'explorer.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'OrbTray.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'dwm.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'taskeng.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'taskhost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'StarWindServiceAE.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'NBService.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'btwdins.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'mDNSResponder.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'AppleMobileDeviceService.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'avguard.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'AEstSrv.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'sched.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'spoolsv.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'BCMWLTRY.EXE' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'WLTRYSVC.EXE' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'atieclxx.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'stacsv.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'atiesrxx.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'winlogon.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'lsm.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'lsass.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'services.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'csrss.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'wininit.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'csrss.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'smss.exe' - '1' Modul(e) wurden durchsucht
Es wurden '66' Prozesse mit '66' Modulen durchsucht

Der Suchlauf über die Masterbootsektoren wird begonnen:
Masterbootsektor HD0
[INFO] Es wurde kein Virus gefunden!
Masterbootsektor HD1
[INFO] Es wurde kein Virus gefunden!
[INFO] Bitte starten Sie den Suchlauf erneut mit Administratorrechten

Der Suchlauf über die Bootsektoren wird begonnen:
Bootsektor 'C:\'
[INFO] Es wurde kein Virus gefunden!
Bootsektor 'D:\'
[INFO] Es wurde kein Virus gefunden!
Bootsektor 'E:\'
[INFO] Es wurde kein Virus gefunden!
Bootsektor 'F:\'
[INFO] Es wurde kein Virus gefunden!
Bootsektor 'I:\'
[INFO] Es wurde kein Virus gefunden!
[INFO] Bitte starten Sie den Suchlauf erneut mit Administratorrechten

Der Suchlauf auf Verweise zu ausführbaren Dateien (Registry) wird begonnen:
Die Registry wurde durchsucht ( '42' Dateien ).


Der Suchlauf über die ausgewählten Dateien wird begonnen:

Beginne mit der Suche in 'C:\'
C:\hiberfil.sys
[WARNUNG] Die Datei konnte nicht geöffnet werden!
[HINWEIS] Bei dieser Datei handelt es sich um eine Windows Systemdatei.
[HINWEIS] Es ist in Ordnung, dass diese Datei für die Suche nicht geöffnet werden kann.
C:\pagefile.sys
[WARNUNG] Die Datei konnte nicht geöffnet werden!
[HINWEIS] Bei dieser Datei handelt es sich um eine Windows Systemdatei.
[HINWEIS] Es ist in Ordnung, dass diese Datei für die Suche nicht geöffnet werden kann.
C:\Windows\System32\drivers\soccx.sys
[FUND] Ist das Trojanische Pferd TR/Rootkit.Gen
[WARNUNG] Die Datei konnte nicht geöffnet werden!
C:\Windows\System32\drivers\sptd.sys
[WARNUNG] Die Datei konnte nicht geöffnet werden!
Beginne mit der Suche in 'D:\' <Musik>
Beginne mit der Suche in 'E:\' <Downloads>
Beginne mit der Suche in 'F:\' <RECOVERY>
F:\zonealarm8en.exe
[0] Archivtyp: ZIP SFX (self extracting)
--> WINDOWS6.0-KB929547-V2-X64.MSU
[1] Archivtyp: CAB (Microsoft)
--> Windows6.0-KB929547-v2-x64.cab
[WARNUNG] Aus diesem Archiv können keine weiteren Dateien ausgepackt werden. Das Archiv wird geschlossen.
Beginne mit der Suche in 'I:\' <Elements>
I:\$RECYCLE.BIN\S-1-5-21-1981820849-1269703919-3846408820-1001\$REJ4925\HiddenTarget.exe
[FUND] Ist das Trojanische Pferd TR/Crypt.XPACK.Gen
I:\Images\Batman Arkham Asylum\BatmanArkhamAsylum.Data.001
[WARNUNG] Die Datei konnte nicht gelesen werden!

Beginne mit der Desinfektion:
C:\Windows\System32\drivers\soccx.sys
[FUND] Ist das Trojanische Pferd TR/Rootkit.Gen
[WARNUNG] Beim Versuch eine Sicherungskopie der Datei anzulegen ist ein Fehler aufgetreten und die Datei wurde nicht gelöscht. Fehlernummer: 26004
[WARNUNG] Die Quelldatei konnte nicht gefunden werden.
[HINWEIS] Es wird versucht die Aktion mit Hilfe der ARK Library durchzuführen.
[WARNUNG] Fehler in der ARK Library
[WARNUNG] Die Datei konnte nicht zum Löschen nach dem Neustart markiert werden.Mögliche Ursache: Ein an das System angeschlossenes Gerät funktioniert nicht.

I:\$RECYCLE.BIN\S-1-5-21-1981820849-1269703919-3846408820-1001\$REJ4925\HiddenTarget.exe
[FUND] Ist das Trojanische Pferd TR/Crypt.XPACK.Gen
[HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '4c2460ee.qua' verschoben!


Ende des Suchlaufs: Samstag, 10. April 2010 13:27
Benötigte Zeit: 1:17:44 Stunde(n)

Der Suchlauf wurde vollständig durchgeführt.

23663 Verzeichnisse wurden überprüft
452351 Dateien wurden geprüft
2 Viren bzw. unerwünschte Programme wurden gefunden
0 Dateien wurden als verdächtig eingestuft
0 Dateien wurden gelöscht
0 Viren bzw. unerwünschte Programme wurden repariert
1 Dateien wurden in die Quarantäne verschoben
0 Dateien wurden umbenannt
4 Dateien konnten nicht durchsucht werden
452345 Dateien ohne Befall
3543 Archive wurden durchsucht
6 Warnungen
4 Hinweise
23352 Objekte wurden beim Rootkitscan durchsucht
8 Versteckte Objekte wurden gefunden
Malwarebytes (Quickscan):

Zitat:
Datenbank Version: 3973

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

10.04.2010 13:51:21
mbam-log-2010-04-10 (13-51-21).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 104801
Laufzeit: 6 Minute(n), 7 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 1

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
C:\Windows\system32\Drivers\soccx.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
CCleaner wurde auch ausgeführt, konnte alles problemlos beheben. Nur der Fehler durch Antivir wird noch angezeigt.

Bei RSIT hab ich allerdings ein Problem. Nach dem Start gibt es bei "Listing services and drivers" den selben Error:

Liegt es an irgendwelchen Programmen, die noch laufen?

Schonmal danke für die Hilfe

Alt 10.04.2010, 21:08   #2
StLB
/// Helfer-Team
 
TR/Crypt.ZPACK.Gen in C:\Windows\Temp\rmwc.tmp\svchost.exe - Standard

TR/Crypt.ZPACK.Gen in C:\Windows\Temp\rmwc.tmp\svchost.exe


Hi und !

Zitat:
Bei RSIT hab ich allerdings ein Problem. Nach dem Start gibt es bei "Listing services and drivers" den selben Error:
Unter Vista läuft RSIT komischerweise nicht.
Nimm stattdessen OTL:

Systemscan mit mit OTL von Oldtimer:
  • Lade Dir OTL.exe herunter und speichere sie auf dem Desktop.
  • Führe OTL.exe mit einem Doppelklick aus (Vista User: Rechtsklick -> "Als Administrator ausführen")
  • Wähle bitte im Block "Extra Registry" die Möglichkeit "Use SafeList" aus.
  • Nun bitte mit "Run Scan" einen Systemscan durchführen.
  • Nach dem Scan werden zwei Logfiles erstellt (OTL.txt und Extras.txt).
  • Diese dann hier posten. (Sollten sie zu lang sein, kannst Du sie auch als Anhang einfügen.)
__________________

__________________
Geändert von StLB (10.04.2010 um 21:21 Uhr)

Alt 10.04.2010, 22:08   #3
Dev
 
TR/Crypt.ZPACK.Gen in C:\Windows\Temp\rmwc.tmp\svchost.exe - Standard

TR/Crypt.ZPACK.Gen in C:\Windows\Temp\rmwc.tmp\svchost.exe


Hier die OTL.txt (zu groß für Anhang )

Zitat:
OTL logfile created on: 10.04.2010 23:01:13 - Run 1
OTL by OldTimer - Version 3.2.1.1 Folder = C:\Users\Tobi\Desktop
An unknown product (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 50,00% Memory free
6,00 Gb Paging File | 4,00 Gb Available in Paging File | 75,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 123,49 Gb Total Space | 41,18 Gb Free Space | 33,35% Space Free | Partition Type: NTFS
Drive D: | 70,00 Gb Total Space | 11,84 Gb Free Space | 16,92% Space Free | Partition Type: NTFS
Drive E: | 29,25 Gb Total Space | 2,54 Gb Free Space | 8,69% Space Free | Partition Type: NTFS
Drive F: | 10,00 Gb Total Space | 1,73 Gb Free Space | 17,34% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
Drive I: | 1397,26 Gb Total Space | 381,20 Gb Free Space | 27,28% Space Free | Partition Type: NTFS

Computer Name: BAYER04
Current User Name: Tobi
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010.04.10 23:00:39 | 000,561,664 | ---- | M] (OldTimer Tools) -- C:\Users\Tobi\Desktop\OTL.exe
PRC - [2010.04.06 17:08:51 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\firefox.exe
PRC - [2010.03.28 14:39:17 | 000,133,368 | ---- | M] (ICQ, LLC.) -- C:\Programme\ICQ7.0\ICQ.exe
PRC - [2010.03.02 10:28:23 | 000,282,792 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010.02.26 22:41:08 | 000,471,040 | ---- | M] (Blizzard Entertainment) -- c:\Spiele\Warcraft III\war3.exe
PRC - [2010.02.24 09:28:01 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2010.02.04 07:37:26 | 000,173,512 | ---- | M] (PPLive Corporation) -- C:\Programme\Common Files\PPLiveNetwork\PPAP.exe
PRC - [2009.11.24 11:32:22 | 000,234,792 | ---- | M] (Skype Technologies S.A.) -- C:\Programme\Skype\Toolbars\Shared\SkypeNames2.exe
PRC - [2009.10.31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009.08.18 03:36:36 | 000,348,160 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe
PRC - [2009.08.18 03:36:08 | 000,176,128 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe
PRC - [2009.07.20 13:30:50 | 000,813,584 | ---- | M] (Logitech, Inc.) -- C:\Programme\Logitech\SetPoint\SetPoint.exe
PRC - [2009.07.14 03:14:47 | 001,121,280 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
PRC - [2009.07.14 03:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009.07.10 13:42:32 | 000,055,824 | ---- | M] (Logitech, Inc.) -- C:\Programme\Common Files\Logishrd\KHAL2\KHALMNPR.exe
PRC - [2009.05.15 08:35:52 | 000,935,208 | ---- | M] (Nero AG) -- C:\Programme\Common Files\Nero\Nero BackItUp 4\NBService.exe
PRC - [2009.04.02 03:10:40 | 002,842,624 | ---- | M] () -- C:\Spiele\Warcraft III\wtvClient.exe
PRC - [2009.01.08 15:44:06 | 000,070,936 | ---- | M] (Octoshape ApS) -- C:\Users\Tobi\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe
PRC - [2008.07.09 15:31:46 | 001,616,976 | ---- | M] (Dell Inc.) -- C:\Programme\Dell\QuickSet\quickset.exe
PRC - [2008.06.05 16:26:36 | 000,752,168 | ---- | M] (Broadcom Corporation.) -- C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe
PRC - [2008.05.06 17:03:08 | 000,221,239 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_c8e33401effad09d\stacsv.exe
PRC - [2008.04.01 03:54:06 | 000,507,904 | ---- | M] (Orb Networks) -- C:\Programme\Winamp Remote\bin\OrbTray.exe
PRC - [2008.02.28 17:51:50 | 000,073,728 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_c8e33401effad09d\AEstSrv.exe
PRC - [2008.01.30 04:19:32 | 000,073,728 | ---- | M] (Orb Networks, Inc.) -- C:\Programme\Winamp Remote\bin\Orb.exe
PRC - [2007.05.28 18:57:54 | 000,275,968 | ---- | M] (Rocket Division Software) -- C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe


========== Modules (SafeList) ==========

MOD - [2010.04.10 23:00:39 | 000,561,664 | ---- | M] (OldTimer Tools) -- C:\Users\Tobi\Desktop\OTL.exe
MOD - [2009.07.20 13:29:06 | 000,045,584 | ---- | M] (Logitech, Inc.) -- C:\Programme\Logitech\SetPoint\lgscroll.dll
MOD - [2009.07.20 13:25:22 | 000,064,016 | ---- | M] (Logitech, Inc.) -- C:\Programme\Logitech\SetPoint\GameHook.dll
MOD - [2009.07.14 03:16:15 | 000,099,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sspicli.dll
MOD - [2009.07.14 03:16:13 | 000,092,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sechost.dll
MOD - [2009.07.14 03:16:13 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\samcli.dll
MOD - [2009.07.14 03:16:12 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\profapi.dll
MOD - [2009.07.14 03:16:03 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\netutils.dll
MOD - [2009.07.14 03:15:35 | 000,288,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\KernelBase.dll
MOD - [2009.07.14 03:15:13 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dwmapi.dll
MOD - [2009.07.14 03:15:11 | 000,064,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\devobj.dll
MOD - [2009.07.14 03:15:07 | 000,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cryptbase.dll
MOD - [2009.07.14 03:15:02 | 000,145,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cfgmgr32.dll
MOD - [2009.07.14 03:03:50 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll
MOD - [2009.06.10 23:23:11 | 000,632,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4927_none_d08a205e442db5b5\msvcr80.dll
MOD - [2008.06.05 16:26:00 | 000,208,896 | ---- | M] (Broadcom Corporation.) -- C:\Windows\System32\BtMmHook.dll


========== Win32 Services (SafeList) ==========

SRV - [2010.03.16 15:36:29 | 000,267,432 | ---- | M] (Avira GmbH) [Auto | Stopped] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010.02.24 09:28:01 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010.02.05 23:23:28 | 000,326,792 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2009.08.18 03:36:08 | 000,176,128 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2009.07.20 13:28:10 | 000,121,360 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Programme\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2009.07.14 03:16:21 | 000,185,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wwansvc.dll -- (WwanSvc)
SRV - [2009.07.14 03:16:17 | 000,151,552 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wbiosrvc.dll -- (WbioSrvc)
SRV - [2009.07.14 03:16:17 | 000,119,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\umpo.dll -- (Power)
SRV - [2009.07.14 03:16:16 | 000,037,376 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\themeservice.dll -- (Themes)
SRV - [2009.07.14 03:16:15 | 000,053,760 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sppuinotify.dll -- (sppuinotify)
SRV - [2009.07.14 03:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009.07.14 03:16:13 | 000,043,520 | ---- | M] (Microsoft Corporation) [Unknown | Running] -- C:\Windows\System32\RpcEpMap.dll -- (RpcEptMapper)
SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 03:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009.07.14 03:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\pnrpsvc.dll -- (PNRPsvc)
SRV - [2009.07.14 03:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\pnrpsvc.dll -- (p2pimsvc)
SRV - [2009.07.14 03:16:12 | 000,165,376 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\provsvc.dll -- (HomeGroupProvider)
SRV - [2009.07.14 03:16:12 | 000,020,480 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpauto.dll -- (PNRPAutoReg)
SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009.07.14 03:15:36 | 000,194,560 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\ListSvc.dll -- (HomeGroupListener)
SRV - [2009.07.14 03:15:21 | 000,797,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2009.07.14 03:15:11 | 000,253,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dhcpcore.dll -- (Dhcp)
SRV - [2009.07.14 03:15:10 | 000,218,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\defragsvc.dll -- (defragsvc)
SRV - [2009.07.14 03:14:59 | 000,076,800 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\bdesvc.dll -- (BDESVC)
SRV - [2009.07.14 03:14:58 | 000,088,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\AxInstSv.dll -- (AxInstSV) ActiveX-Installer (AxInstSV)
SRV - [2009.07.14 03:14:53 | 000,027,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\appidsvc.dll -- (AppIDSvc)
SRV - [2009.07.14 03:14:29 | 003,179,520 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\sppsvc.exe -- (sppsvc)
SRV - [2009.05.15 08:35:52 | 000,935,208 | ---- | M] (Nero AG) [Auto | Running] -- C:\Programme\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2008.05.06 17:03:08 | 000,221,239 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_c8e33401effad09d\stacsv.exe -- (STacSV)
SRV - [2008.02.28 17:51:50 | 000,073,728 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_c8e33401effad09d\AEstSrv.exe -- (AESTFilters)
SRV - [2007.05.28 18:57:54 | 000,275,968 | ---- | M] (Rocket Division Software) [Auto | Running] -- C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE)


========== Driver Services (SafeList) ==========

DRV - [2010.03.01 09:05:19 | 000,124,784 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2009.11.09 14:55:33 | 000,721,904 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2009.08.18 04:48:06 | 004,994,560 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2009.07.14 03:26:21 | 000,015,952 | ---- | M] (CMD Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\cmdide.sys -- (cmdide)
DRV - [2009.07.14 03:26:17 | 000,297,552 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adpahci.sys -- (adpahci)
DRV - [2009.07.14 03:26:15 | 000,422,976 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adp94xx.sys -- (adp94xx)
DRV - [2009.07.14 03:26:15 | 000,159,312 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdsbs.sys -- (amdsbs)
DRV - [2009.07.14 03:26:15 | 000,146,512 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adpu320.sys -- (adpu320)
DRV - [2009.07.14 03:26:15 | 000,086,608 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\arcsas.sys -- (arcsas)
DRV - [2009.07.14 03:26:15 | 000,079,952 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdsata.sys -- (amdsata)
DRV - [2009.07.14 03:26:15 | 000,076,368 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\arc.sys -- (arc)
DRV - [2009.07.14 03:26:15 | 000,023,616 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\amdxata.sys -- (amdxata)
DRV - [2009.07.14 03:26:15 | 000,014,400 | ---- | M] (Acer Laboratories Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\aliide.sys -- (aliide)
DRV - [2009.07.14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nvstor.sys -- (nvstor)
DRV - [2009.07.14 03:20:44 | 000,117,312 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nvraid.sys -- (nvraid)
DRV - [2009.07.14 03:20:44 | 000,044,624 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nfrd960.sys -- (nfrd960)
DRV - [2009.07.14 03:20:37 | 000,089,168 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_sas.sys -- (LSI_SAS)
DRV - [2009.07.14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\iaStorV.sys -- (iaStorV)
DRV - [2009.07.14 03:20:36 | 000,235,584 | ---- | M] (LSI Corporation, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\MegaSR.sys -- (MegaSR)
DRV - [2009.07.14 03:20:36 | 000,133,200 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\ksecpkg.sys -- (KSecPkg)
DRV - [2009.07.14 03:20:36 | 000,096,848 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2009.07.14 03:20:36 | 000,095,824 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_fc.sys -- (LSI_FC)
DRV - [2009.07.14 03:20:36 | 000,054,864 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_sas2.sys -- (LSI_SAS2)
DRV - [2009.07.14 03:20:36 | 000,041,040 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\iirsp.sys -- (iirsp)
DRV - [2009.07.14 03:20:36 | 000,030,800 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\megasas.sys -- (megasas)
DRV - [2009.07.14 03:20:36 | 000,013,904 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\hwpolicy.sys -- (hwpolicy)
DRV - [2009.07.14 03:20:28 | 000,453,712 | ---- | M] (Emulex) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\elxstor.sys -- (elxstor)
DRV - [2009.07.14 03:20:28 | 000,070,720 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\djsvs.sys -- (aic78xx)
DRV - [2009.07.14 03:20:28 | 000,067,152 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\HpSAMD.sys -- (HpSAMD)
DRV - [2009.07.14 03:20:28 | 000,046,160 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\fsdepends.sys -- (FsDepends)
DRV - [2009.07.14 03:19:11 | 000,141,904 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vsmraid.sys -- (vsmraid)
DRV - [2009.07.14 03:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vmbus.sys -- (vmbus)
DRV - [2009.07.14 03:19:10 | 000,159,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vhdmp.sys -- (vhdmp)
DRV - [2009.07.14 03:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vmstorfl.sys -- (storflt)
DRV - [2009.07.14 03:19:10 | 000,032,832 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vdrvroot.sys -- (vdrvroot)
DRV - [2009.07.14 03:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\storvsc.sys -- (storvsc)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\wimmount.sys -- (WIMMount)
DRV - [2009.07.14 03:19:10 | 000,016,976 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\viaide.sys -- (viaide)
DRV - [2009.07.14 03:19:04 | 001,383,488 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\ql2300.sys -- (ql2300)
DRV - [2009.07.14 03:19:04 | 000,173,648 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\rdyboost.sys -- (rdyboost)
DRV - [2009.07.14 03:19:04 | 000,106,064 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\ql40xx.sys -- (ql40xx)
DRV - [2009.07.14 03:19:04 | 000,077,888 | ---- | M] (Silicon Integrated Systems) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\sisraid4.sys -- (SiSRaid4)
DRV - [2009.07.14 03:19:04 | 000,043,088 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\pcw.sys -- (pcw)
DRV - [2009.07.14 03:19:04 | 000,040,016 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\SiSRaid2.sys -- (SiSRaid2)
DRV - [2009.07.14 03:19:04 | 000,021,072 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\stexstor.sys -- (stexstor)
DRV - [2009.07.14 03:17:54 | 000,369,568 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\cng.sys -- (CNG)
DRV - [2009.07.14 02:57:25 | 000,272,128 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\Brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2009.07.14 02:02:41 | 000,018,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rdpbus.sys -- (rdpbus)
DRV - [2009.07.14 02:01:41 | 000,007,168 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\RDPREFMP.sys -- (RDPREFMP)
DRV - [2009.07.14 01:55:00 | 000,049,152 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\agilevpn.sys -- (RasAgileVpn) WAN Miniport (IKEv2)
DRV - [2009.07.14 01:53:51 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\wfplwf.sys -- (WfpLwf)
DRV - [2009.07.14 01:52:44 | 000,027,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ndiscap.sys -- (NdisCap)
DRV - [2009.07.14 01:52:04 | 000,048,128 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\vwififlt.sys -- (vwififlt)
DRV - [2009.07.14 01:52:02 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vwifibus.sys -- (vwifibus)
DRV - [2009.07.14 01:52:00 | 000,163,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\1394ohci.sys -- (1394ohci)
DRV - [2009.07.14 01:51:35 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\umpass.sys -- (UmPass)
DRV - [2009.07.14 01:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2009.07.14 01:51:08 | 000,004,096 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mshidkmdf.sys -- (mshidkmdf)
DRV - [2009.07.14 01:46:55 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\MTConfig.sys -- (MTConfig)
DRV - [2009.07.14 01:45:26 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CompositeBus.sys -- (CompositeBus)
DRV - [2009.07.14 01:36:52 | 000,050,176 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\appid.sys -- (AppID)
DRV - [2009.07.14 01:33:50 | 000,026,624 | ---- | M] (Microsoft Corporation) [Kernel | Unknown | Stopped] -- C:\Windows\System32\drivers\scfilter.sys -- (scfilter)
DRV - [2009.07.14 01:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vms3cap.sys -- (s3cap)
DRV - [2009.07.14 01:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\VMBusHID.sys -- (VMBusHID)
DRV - [2009.07.14 01:24:05 | 000,032,256 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\discache.sys -- (discache)
DRV - [2009.07.14 01:19:21 | 000,021,504 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\HidBatt.sys -- (HidBatt)
DRV - [2009.07.14 01:16:36 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\acpipmi.sys -- (AcpiPmi)
DRV - [2009.07.14 01:11:04 | 000,052,736 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdppm.sys -- (AmdPPM)
DRV - [2009.07.14 00:54:14 | 000,026,624 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009.07.14 00:53:33 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbMdm.sys -- (BrUsbMdm)
DRV - [2009.07.14 00:53:33 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbSer.sys -- (BrUsbSer)
DRV - [2009.07.14 00:53:32 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrSerWdm.sys -- (BrSerWdm)
DRV - [2009.07.14 00:53:28 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltLo.sys -- (BrFiltLo)
DRV - [2009.07.14 00:53:28 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltUp.sys -- (BrFiltUp)
DRV - [2009.07.14 00:02:49 | 000,229,888 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\b57nd60x.sys -- (b57nd60x)
DRV - [2009.07.14 00:02:48 | 003,100,160 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\evbdx.sys -- (ebdrv)
DRV - [2009.07.14 00:02:48 | 000,430,080 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\bxvbdx.sys -- (b06bdrv)
DRV - [2009.06.17 18:56:16 | 000,037,392 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2009.06.17 18:56:06 | 000,035,472 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2009.05.11 09:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2008.06.03 18:30:22 | 000,144,672 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OA001Ufd.sys -- (OA001Ufd)
DRV - [2008.06.02 12:44:12 | 001,207,288 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\BCMWL6.SYS -- (BCM43XX)
DRV - [2008.06.02 12:44:02 | 000,018,424 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\bcm42rly.sys -- (BCM42RLY)
DRV - [2008.05.13 02:01:00 | 000,277,504 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OA001Vid.sys -- (OA001Vid)
DRV - [2008.05.06 17:04:42 | 000,379,904 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2008.04.18 23:43:40 | 000,170,032 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2008.02.15 19:01:18 | 000,046,592 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2008.01.29 21:08:46 | 000,203,264 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\k57nd60x.sys -- (k57nd60x) Broadcom NetLink (TM)
DRV - [2008.01.29 19:46:58 | 000,029,736 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btwl2cap.sys -- (btwl2cap)
DRV - [2008.01.29 18:54:02 | 000,081,960 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btwaudio.sys -- (btwaudio)
DRV - [2008.01.29 18:54:02 | 000,017,448 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btwrchid.sys -- (btwrchid)
DRV - [2008.01.29 18:54:00 | 000,100,392 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btwavdt.sys -- (btwavdt)
DRV - [2007.12.18 18:12:12 | 000,054,784 | ---- | M] (ITE Tech. Inc. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\itecir.sys -- (itecir)
DRV - [2007.07.30 12:54:02 | 000,038,400 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2007.07.30 11:42:58 | 000,043,008 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 82 97 38 FA B8 D5 CA 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "www.t-online.de"
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.071303000004
FF - prefs.js..extensions.enabledItems: firefox@tvunetworks.com:2
FF - prefs.js..extensions.enabledItems: 5
FF - prefs.js..extensions.enabledItems: 2
FF - prefs.js..extensions.enabledItems: 2
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198
FF - prefs.js..network.proxy.backup.ftp: ""
FF - prefs.js..network.proxy.backup.ftp_port: 0
FF - prefs.js..network.proxy.backup.gopher: ""
FF - prefs.js..network.proxy.backup.gopher_port: 0
FF - prefs.js..network.proxy.backup.socks: "localhost"
FF - prefs.js..network.proxy.backup.socks_port: 9050
FF - prefs.js..network.proxy.backup.ssl: "localhost"
FF - prefs.js..network.proxy.backup.ssl_port: 9666
FF - prefs.js..network.proxy.ftp: "proxy.fh-flensburg.de"
FF - prefs.js..network.proxy.ftp_port: 80
FF - prefs.js..network.proxy.gopher: "proxy.fh-flensburg.de"
FF - prefs.js..network.proxy.gopher_port: 80
FF - prefs.js..network.proxy.http: "proxy.fh-flensburg.de"
FF - prefs.js..network.proxy.http_port: 80
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.socks: "proxy.fh-flensburg.de"
FF - prefs.js..network.proxy.socks_port: 80
FF - prefs.js..network.proxy.socks_remote_dns: true
FF - prefs.js..network.proxy.ssl: "proxy.fh-flensburg.de"
FF - prefs.js..network.proxy.ssl_port: 80

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.04.06 17:09:07 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.04.06 17:09:03 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.24\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2010.03.18 13:09:56 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.24\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2010.02.11 11:58:58 | 000,000,000 | ---D | M]

[2009.11.01 16:00:32 | 000,000,000 | ---D | M] -- C:\Users\Tobi\AppData\Roaming\mozilla\Extensions
[2010.04.10 17:32:51 | 000,000,000 | ---D | M] -- C:\Users\Tobi\AppData\Roaming\mozilla\Firefox\Profiles\ker0n89o.default\extensions
[2010.02.26 21:33:36 | 000,000,000 | ---D | M] -- C:\Users\Tobi\AppData\Roaming\mozilla\Firefox\Profiles\ker0n89o.default\extensions\firefox@tvunetworks.com
[2009.11.10 11:40:38 | 000,000,000 | ---D | M] -- C:\Users\Tobi\AppData\Roaming\mozilla\Firefox\Profiles\ker0n89o.default\extensions\moveplayer@movenetworks.com
[2010.04.10 17:32:51 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions
[2010.03.30 17:31:13 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Programme\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2010.04.06 17:08:55 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.04.06 17:08:55 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.04.06 17:08:55 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.04.06 17:08:55 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.04.06 17:08:55 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml

O1 HOSTS File: ([2010.02.05 23:22:47 | 000,000,988 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 serial.alcohol-soft.com
O1 - Hosts: 127.0.0.1 www.alcohol-soft.com
O1 - Hosts: 127.0.0.1 images.alcohol-soft.com
O1 - Hosts: 127.0.0.1 trial.alcohol-soft.com
O1 - Hosts: 127.0.0.1 alcohol-soft.com
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe File not found
O4 - HKCU..\Run: [AlcoholAutomount] C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe (Alcohol Soft Development Team)
O4 - HKCU..\Run: [AlSrvN] C:\Users\Tobi\Desktop\Alcohol 120% v.1.9.8.7612 Retail\patch\Plugins\Helper\AlSrvN.exe File not found
O4 - HKCU..\Run: [Octoshape Streaming Services] C:\Users\Tobi\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe (Octoshape ApS)
O4 - HKCU..\Run: [PPAP] C:\Program Files\Common Files\PPLiveNetwork\PPAP.exe (PPLive Corporation)
O4 - HKCU..\Run: [Steam] C:\Spiele\Steam\Steam.exe (Valve Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Programme\PokerStars\PokerStarsUpdate.exe (PokerStars)
O9 - Extra Button: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Programme\ICQ7.0\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Programme\ICQ7.0\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: PPLive - {95B3F550-91C4-4627-BCC4-521288C52977} - C:\Programme\PPLive\PPTV\PPLive.exe (PPLive Corporation)
O9 - Extra 'Tools' menuitem : PPLive - {95B3F550-91C4-4627-BCC4-521288C52977} - C:\Programme\PPLive\PPTV\PPLive.exe (PPLive Corporation)
O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe File not found
O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe File not found
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - Winlogon\Notify\LBTWlgn: DllName - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll - c:\Programme\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2009.11.10 02:53:39 | 000,000,000 | RH-D | M] - I:\autorun -- [ NTFS ]
O32 - AutoRun File - [2002.10.17 04:56:50 | 000,000,036 | RH-- | M] () - I:\autorun.inf -- [ NTFS ]
O33 - MountPoints2\{6d5d6313-c6e6-11de-a723-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{6d5d6313-c6e6-11de-a723-806e6f6e6963}\Shell\AutoRun\command - "" = G:\_AUTORUN\AUTORUN.EXE -- File not found
O33 - MountPoints2\{6d5d6313-c6e6-11de-a723-806e6f6e6963}\Shell\instDX\command - "" = G:\directX\dxsetup.exe -- File not found
O33 - MountPoints2\{6d5d6313-c6e6-11de-a723-806e6f6e6963}\Shell\readme\command - "" = notepad readme.txt
O33 - MountPoints2\{745f67fd-cd2f-11de-b7fd-0021708675b8}\Shell - "" = AutoRun
O33 - MountPoints2\{745f67fd-cd2f-11de-b7fd-0021708675b8}\Shell\AutoRun\command - "" = H:\SETUP.EXE -- File not found
O33 - MountPoints2\{745f67fd-cd2f-11de-b7fd-0021708675b8}\Shell\configure\command - "" = H:\SETUP.EXE -- File not found
O33 - MountPoints2\{745f67fd-cd2f-11de-b7fd-0021708675b8}\Shell\install\command - "" = H:\SETUP.EXE -- File not found
O33 - MountPoints2\{c7fc25c1-1237-11df-85ce-0021708675b8}\Shell - "" = AutoRun
O33 - MountPoints2\{c7fc25c1-1237-11df-85ce-0021708675b8}\Shell\AutoRun\command - "" = H:\autorun.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010.04.10 23:00:38 | 000,561,664 | ---- | C] (OldTimer Tools) -- C:\Users\Tobi\Desktop\OTL.exe
[2010.04.10 22:27:12 | 000,000,000 | ---D | C] -- C:\avrescue
[2010.04.10 19:21:43 | 000,000,000 | ---D | C] -- C:\Users\Tobi\AppData\Roaming\Avira
[2010.04.10 18:18:03 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys
[2010.04.10 18:18:02 | 000,124,784 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2010.04.10 18:18:02 | 000,051,992 | ---- | C] (AVIRA GmbH) -- C:\Windows\System32\drivers\avgntdd.sys
[2010.04.10 18:18:02 | 000,017,016 | ---- | C] (AVIRA GmbH) -- C:\Windows\System32\drivers\avgntmgr.sys
[2010.04.10 18:18:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2010.04.10 17:51:23 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010.04.10 17:51:20 | 000,020,824 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010.04.10 17:50:39 | 005,918,776 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Tobi\Desktop\mbam-setup-1.45.exe
[2010.04.10 13:53:06 | 000,000,000 | ---D | C] -- C:\Programme\trend micro
[2010.04.10 13:53:06 | 000,000,000 | ---D | C] -- C:\rsit
[2010.04.09 10:52:17 | 000,000,000 | ---D | C] -- C:\Users\Tobi\AppData\Roaming\Malwarebytes
[2010.04.09 10:52:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010.04.09 10:52:04 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2010.04.09 10:51:35 | 000,000,000 | ---D | C] -- C:\Programme\CCleaner
[2010.04.08 21:18:27 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2010.04.08 15:18:52 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2010.03.31 15:17:08 | 000,606,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2010.03.31 15:17:08 | 000,381,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2010.03.31 15:17:08 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2010.03.30 17:30:51 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Skype
[2010.03.26 19:59:10 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\3DO Shared
[2010.03.26 19:59:10 | 000,000,000 | ---D | C] -- C:\Programme\3DO
[2010.03.26 19:58:05 | 000,306,688 | ---- | C] (InstallShield Software Corporation) -- C:\Windows\IsUninst.exe
[2010.03.21 13:11:15 | 000,000,000 | ---D | C] -- C:\Users\Tobi\AppData\Local\Zattoo
[2010.03.21 13:09:44 | 000,000,000 | ---D | C] -- C:\Programme\Zattoo4
[2010.03.17 17:59:03 | 000,000,000 | ---D | C] -- C:\Users\Tobi\AppData\Local\AOL
[2010.03.17 17:58:52 | 000,000,000 | ---D | C] -- C:\Programme\ICQ7.0
[2010.03.13 15:11:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Jlcm
[2010.03.13 15:11:50 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\PPLiveNetwork
[2010.03.12 23:28:46 | 000,000,000 | ---D | C] -- C:\ProgramData\PPLiveVA
[2010.03.12 19:11:33 | 000,000,000 | ---D | C] -- C:\pfsvoddata
[2010.03.12 19:11:32 | 000,000,000 | ---D | C] -- C:\ProgramData\PPLive
[2010.03.12 19:04:55 | 000,000,000 | ---D | C] -- C:\Users\Tobi\AppData\Roaming\PPLive
[2010.03.12 19:04:27 | 000,000,000 | ---D | C] -- C:\Programme\PPLive
[2010.03.12 18:31:23 | 000,000,000 | ---D | C] -- C:\Programme\TVAnts

========== Files - Modified Within 30 Days ==========

[2010.04.10 23:03:19 | 002,097,152 | -HS- | M] () -- C:\Users\Tobi\NTUSER.DAT
[2010.04.10 23:03:07 | 000,823,808 | ---- | M] () -- C:\Windows\System32\drivers\soccx.sys
[2010.04.10 23:00:39 | 000,561,664 | ---- | M] (OldTimer Tools) -- C:\Users\Tobi\Desktop\OTL.exe
[2010.04.10 23:00:00 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\At48.job
[2010.04.10 22:49:00 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At23.job
[2010.04.10 22:24:01 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010.04.10 22:00:00 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\At47.job
[2010.04.10 21:49:00 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At22.job
[2010.04.10 21:08:13 | 000,013,248 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010.04.10 21:08:13 | 000,013,248 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010.04.10 21:01:06 | 000,001,088 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010.04.10 21:00:53 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010.04.10 21:00:36 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.04.10 21:00:27 | 2411,872,256 | -HS- | M] () -- C:\hiberfil.sys
[2010.04.10 20:59:09 | 001,888,175 | -H-- | M] () -- C:\Users\Tobi\AppData\Local\IconCache.db
[2010.04.10 20:49:01 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At21.job
[2010.04.10 20:00:01 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\At45.job
[2010.04.10 19:49:01 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At20.job
[2010.04.10 19:00:00 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\At44.job
[2010.04.10 18:49:00 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At19.job
[2010.04.10 18:18:24 | 000,002,016 | ---- | M] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk
[2010.04.10 18:16:51 | 000,000,112 | ---- | M] () -- C:\ProgramData\5XAtt3xo2.dat
[2010.04.10 18:13:57 | 042,341,360 | ---- | M] () -- C:\Users\Tobi\Desktop\avira_antivir_personal10_de.exe
[2010.04.10 17:51:26 | 000,000,983 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.04.10 17:51:02 | 005,918,776 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Tobi\Desktop\mbam-setup-1.45.exe
[2010.04.10 17:49:00 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At18.job
[2010.04.10 17:40:36 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At9.job
[2010.04.10 17:40:36 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At8.job
[2010.04.10 17:40:36 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At7.job
[2010.04.10 17:40:36 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At6.job
[2010.04.10 17:40:36 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At5.job
[2010.04.10 17:40:36 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At4.job
[2010.04.10 17:40:36 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At3.job
[2010.04.10 17:40:36 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At24.job
[2010.04.10 17:40:36 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At2.job
[2010.04.10 17:40:36 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At15.job
[2010.04.10 17:40:36 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At14.job
[2010.04.10 17:40:36 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At13.job
[2010.04.10 17:40:36 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At12.job
[2010.04.10 17:40:36 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At11.job
[2010.04.10 17:40:36 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At10.job
[2010.04.10 17:40:36 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\At46.job
[2010.04.10 17:40:36 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\At43.job
[2010.04.10 17:40:36 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\At40.job
[2010.04.10 17:40:36 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\At39.job
[2010.04.10 17:40:36 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\At38.job
[2010.04.10 17:40:36 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\At37.job
[2010.04.10 17:40:36 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\At36.job
[2010.04.10 17:40:36 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\At35.job
[2010.04.10 17:40:36 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\At34.job
[2010.04.10 17:40:36 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\At33.job
[2010.04.10 17:40:36 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\At32.job
[2010.04.10 17:40:36 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\At31.job
[2010.04.10 17:40:36 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\At30.job
[2010.04.10 17:40:36 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\At29.job
[2010.04.10 17:40:36 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\At28.job
[2010.04.10 17:40:36 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\At27.job
[2010.04.10 17:40:36 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\At26.job
[2010.04.10 17:40:36 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\At25.job
[2010.04.10 17:40:35 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At1.job
[2010.04.10 17:36:53 | 000,781,909 | ---- | M] () -- C:\Users\Tobi\Desktop\RSIT.exe
[2010.04.10 17:00:00 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\At42.job
[2010.04.10 16:49:00 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At17.job
[2010.04.10 16:00:00 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\At41.job
[2010.04.10 15:49:01 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At16.job
[2010.04.10 13:54:12 | 000,002,043 | ---- | M] () -- C:\Users\Tobi\Desktop\HijackThis.lnk
[2010.04.10 10:16:38 | 001,472,002 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010.04.10 10:16:38 | 000,643,866 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2010.04.10 10:16:38 | 000,607,190 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010.04.10 10:16:38 | 000,126,394 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2010.04.10 10:16:38 | 000,103,568 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010.04.09 12:47:31 | 097,132,904 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010.04.09 10:51:38 | 000,001,835 | ---- | M] () -- C:\Users\Tobi\Desktop\CCleaner.lnk
[2010.03.30 00:46:30 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010.03.30 00:45:52 | 000,020,824 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010.03.28 21:58:51 | 000,001,153 | ---- | M] () -- C:\Users\Tobi\Desktop\Frozen Throne - Verknüpfung.lnk
[2010.03.26 20:02:08 | 000,001,564 | ---- | M] () -- C:\Users\Public\Desktop\Heroes of Might and Magic III Complete.lnk
[2010.03.24 20:02:46 | 000,014,476 | ---- | M] () -- C:\Users\Tobi\Desktop\OT4749926968902302117398232.pdf
[2010.03.22 17:57:43 | 000,119,506 | ---- | M] () -- C:\Windows\War3Unin.dat
[2010.03.21 13:14:44 | 000,017,408 | ---- | M] () -- C:\Users\Tobi\AppData\Local\WebpageIcons.db
[2010.03.21 13:09:46 | 000,001,818 | ---- | M] () -- C:\Users\Tobi\Desktop\Zattoo.lnk
[2010.03.18 18:00:32 | 003,163,136 | ---- | M] () -- C:\Users\Tobi\Desktop\Elektrotechnik WS 2009.doc
[2010.03.17 23:33:16 | 000,001,792 | ---- | M] () -- C:\Users\Tobi\Desktop\ICQ7.lnk
[2010.03.13 15:31:19 | 000,000,000 | ---- | M] () -- C:\OrbPVR.db
[2010.03.13 15:11:57 | 000,001,250 | ---- | M] () -- C:\Users\Public\Desktop\PPTV Online Video.lnk

========== Files Created - No Company Name ==========

[2010.04.10 18:18:24 | 000,002,016 | ---- | C] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk
[2010.04.10 18:13:41 | 042,341,360 | ---- | C] () -- C:\Users\Tobi\Desktop\avira_antivir_personal10_de.exe
[2010.04.10 17:51:26 | 000,000,983 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.04.10 15:48:55 | 000,000,344 | ---- | C] () -- C:\Windows\tasks\At48.job
[2010.04.10 15:48:54 | 000,000,344 | ---- | C] () -- C:\Windows\tasks\At47.job
[2010.04.10 15:48:53 | 000,000,344 | ---- | C] () -- C:\Windows\tasks\At46.job
[2010.04.10 15:48:53 | 000,000,344 | ---- | C] () -- C:\Windows\tasks\At45.job
[2010.04.10 15:48:52 | 000,000,344 | ---- | C] () -- C:\Windows\tasks\At44.job
[2010.04.10 15:48:51 | 000,000,344 | ---- | C] () -- C:\Windows\tasks\At43.job
[2010.04.10 15:48:50 | 000,000,344 | ---- | C] () -- C:\Windows\tasks\At42.job
[2010.04.10 15:48:50 | 000,000,344 | ---- | C] () -- C:\Windows\tasks\At41.job
[2010.04.10 15:48:49 | 000,000,344 | ---- | C] () -- C:\Windows\tasks\At40.job
[2010.04.10 15:48:48 | 000,000,344 | ---- | C] () -- C:\Windows\tasks\At39.job
[2010.04.10 15:48:47 | 000,000,344 | ---- | C] () -- C:\Windows\tasks\At38.job
[2010.04.10 15:48:47 | 000,000,344 | ---- | C] () -- C:\Windows\tasks\At37.job
[2010.04.10 15:48:46 | 000,000,344 | ---- | C] () -- C:\Windows\tasks\At36.job
[2010.04.10 15:48:45 | 000,000,344 | ---- | C] () -- C:\Windows\tasks\At35.job
[2010.04.10 15:48:45 | 000,000,344 | ---- | C] () -- C:\Windows\tasks\At34.job
[2010.04.10 15:48:44 | 000,000,344 | ---- | C] () -- C:\Windows\tasks\At33.job
[2010.04.10 15:48:43 | 000,000,344 | ---- | C] () -- C:\Windows\tasks\At32.job
[2010.04.10 15:48:43 | 000,000,112 | ---- | C] () -- C:\ProgramData\5XAtt3xo2.dat
[2010.04.10 15:48:42 | 000,000,344 | ---- | C] () -- C:\Windows\tasks\At31.job
[2010.04.10 15:48:42 | 000,000,344 | ---- | C] () -- C:\Windows\tasks\At30.job
[2010.04.10 15:48:41 | 000,000,344 | ---- | C] () -- C:\Windows\tasks\At29.job
[2010.04.10 15:48:40 | 000,000,344 | ---- | C] () -- C:\Windows\tasks\At28.job
[2010.04.10 15:48:40 | 000,000,344 | ---- | C] () -- C:\Windows\tasks\At27.job
[2010.04.10 15:48:39 | 000,000,344 | ---- | C] () -- C:\Windows\tasks\At26.job
[2010.04.10 15:48:38 | 000,000,344 | ---- | C] () -- C:\Windows\tasks\At25.job
[2010.04.10 15:44:18 | 000,000,346 | ---- | C] () -- C:\Windows\tasks\At24.job
[2010.04.10 15:44:18 | 000,000,346 | ---- | C] () -- C:\Windows\tasks\At23.job
[2010.04.10 15:44:17 | 000,000,346 | ---- | C] () -- C:\Windows\tasks\At22.job
[2010.04.10 15:44:16 | 000,000,346 | ---- | C] () -- C:\Windows\tasks\At21.job
[2010.04.10 15:44:15 | 000,000,346 | ---- | C] () -- C:\Windows\tasks\At20.job
[2010.04.10 15:44:15 | 000,000,346 | ---- | C] () -- C:\Windows\tasks\At19.job
[2010.04.10 15:44:14 | 000,000,346 | ---- | C] () -- C:\Windows\tasks\At18.job
[2010.04.10 15:44:13 | 000,000,346 | ---- | C] () -- C:\Windows\tasks\At17.job
[2010.04.10 15:44:12 | 000,000,346 | ---- | C] () -- C:\Windows\tasks\At16.job
[2010.04.10 15:44:11 | 000,000,346 | ---- | C] () -- C:\Windows\tasks\At15.job
[2010.04.10 15:44:10 | 000,000,346 | ---- | C] () -- C:\Windows\tasks\At14.job
[2010.04.10 15:44:09 | 000,000,346 | ---- | C] () -- C:\Windows\tasks\At13.job
[2010.04.10 15:44:08 | 000,000,346 | ---- | C] () -- C:\Windows\tasks\At12.job
[2010.04.10 15:44:07 | 000,000,346 | ---- | C] () -- C:\Windows\tasks\At11.job
[2010.04.10 15:44:07 | 000,000,346 | ---- | C] () -- C:\Windows\tasks\At10.job
[2010.04.10 15:44:06 | 000,000,346 | ---- | C] () -- C:\Windows\tasks\At9.job
[2010.04.10 15:44:05 | 000,000,346 | ---- | C] () -- C:\Windows\tasks\At8.job
[2010.04.10 15:44:04 | 000,000,346 | ---- | C] () -- C:\Windows\tasks\At7.job
[2010.04.10 15:44:03 | 000,000,346 | ---- | C] () -- C:\Windows\tasks\At6.job
[2010.04.10 15:44:03 | 000,000,346 | ---- | C] () -- C:\Windows\tasks\At5.job
[2010.04.10 15:44:02 | 000,000,346 | ---- | C] () -- C:\Windows\tasks\At4.job
[2010.04.10 15:44:01 | 000,000,346 | ---- | C] () -- C:\Windows\tasks\At3.job
[2010.04.10 15:44:00 | 000,000,346 | ---- | C] () -- C:\Windows\tasks\At2.job
[2010.04.10 15:43:59 | 000,000,346 | ---- | C] () -- C:\Windows\tasks\At1.job
[2010.04.10 13:54:37 | 000,781,909 | ---- | C] () -- C:\Users\Tobi\Desktop\RSIT.exe
[2010.04.10 13:54:12 | 000,002,043 | ---- | C] () -- C:\Users\Tobi\Desktop\HijackThis.lnk
[2010.04.09 12:47:31 | 097,132,904 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2010.04.09 10:51:38 | 000,001,835 | ---- | C] () -- C:\Users\Tobi\Desktop\CCleaner.lnk
[2010.04.06 21:00:15 | 000,823,808 | ---- | C] () -- C:\Windows\System32\drivers\soccx.sys
[2010.03.26 20:02:08 | 000,001,564 | ---- | C] () -- C:\Users\Public\Desktop\Heroes of Might and Magic III Complete.lnk
[2010.03.24 20:02:46 | 000,014,476 | ---- | C] () -- C:\Users\Tobi\Desktop\OT4749926968902302117398232.pdf
[2010.03.21 13:11:15 | 000,017,408 | ---- | C] () -- C:\Users\Tobi\AppData\Local\WebpageIcons.db
[2010.03.21 13:09:46 | 000,001,818 | ---- | C] () -- C:\Users\Tobi\Desktop\Zattoo.lnk
[2010.03.18 18:00:15 | 003,163,136 | ---- | C] () -- C:\Users\Tobi\Desktop\Elektrotechnik WS 2009.doc
[2010.03.17 23:33:16 | 000,001,792 | ---- | C] () -- C:\Users\Tobi\Desktop\ICQ7.lnk
[2010.03.13 15:31:19 | 000,000,000 | ---- | C] () -- C:\OrbPVR.db
[2010.03.13 15:11:57 | 000,001,250 | ---- | C] () -- C:\Users\Public\Desktop\PPTV Online Video.lnk
[2009.12.17 19:26:30 | 000,000,055 | ---- | C] () -- C:\Windows\wininit.ini
[2009.12.10 23:22:10 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2009.12.10 15:20:29 | 000,000,842 | ---- | C] () -- C:\Users\Tobi\.recently-used.xbel
[2009.11.09 15:09:34 | 000,000,125 | -HS- | C] () -- C:\ProgramData\.zreglib
[2009.11.09 14:55:33 | 000,721,904 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys
[2009.11.01 23:38:13 | 000,057,344 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2009.11.01 23:09:50 | 000,011,776 | ---- | C] () -- C:\Users\Tobi\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.11.01 15:28:52 | 000,055,808 | ---- | C] () -- C:\Windows\System32\bcmwlrmt.dll
[2009.11.01 15:10:05 | 002,097,152 | -HS- | C] () -- C:\Users\Tobi\NTUSER.DAT
[2009.11.01 15:10:05 | 000,524,288 | -HS- | C] () -- C:\Users\Tobi\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000002.regtrans-ms
[2009.11.01 15:10:05 | 000,524,288 | -HS- | C] () -- C:\Users\Tobi\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000001.regtrans-ms
[2009.11.01 15:10:05 | 000,262,144 | -HS- | C] () -- C:\Users\Tobi\ntuser.dat.LOG1
[2009.11.01 15:10:05 | 000,065,536 | -HS- | C] () -- C:\Users\Tobi\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TM.blf
[2009.11.01 15:10:05 | 000,000,020 | -HS- | C] () -- C:\Users\Tobi\ntuser.ini
[2009.11.01 15:10:05 | 000,000,000 | -HS- | C] () -- C:\Users\Tobi\ntuser.dat.LOG2
[2009.07.14 01:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2008.12.10 11:11:04 | 000,002,045 | -H-- | C] () -- C:\Windows\System32\whlpda32e.dll
[2001.11.14 14:56:00 | 001,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 72 bytes -> C:\Windows:0529E5670D446312
< End of report >

Extras.txt im Anhang.

Was ich oben geschrieben habe, dass Malwarebytes den Trojaner nicht gefunden hat ist Quatsch. Ist der gleiche, wurde nur von Antivir bei den Ereignissen anders genannt.
__________________
Alt 10.04.2010, 23:24   #4
StLB
/// Helfer-Team
 
TR/Crypt.ZPACK.Gen in C:\Windows\Temp\rmwc.tmp\svchost.exe - Standard

TR/Crypt.ZPACK.Gen in C:\Windows\Temp\rmwc.tmp\svchost.exe


Die folgenden At...job waren dafür da, um Malware nachzuladen, falls sie entfernt wird.
So geschehen z.B. heute Nachmittag.
Die werden wir jetzt mal entfernen, dann wird da nichts mehr geladen:
  • Öffne OTL.
  • Kopiere folgendes in die "Custom Scans/Fixes" Box:
    Code:
    ATTFilter
    :OTL
[2010.04.10 15:48:55 | 000,000,344 | ---- | C] () -- C:\Windows\tasks\At48.job
[2010.04.10 15:48:54 | 000,000,344 | ---- | C] () -- C:\Windows\tasks\At47.job
[2010.04.10 15:48:53 | 000,000,344 | ---- | C] () -- C:\Windows\tasks\At46.job
[2010.04.10 15:48:53 | 000,000,344 | ---- | C] () -- C:\Windows\tasks\At45.job
[2010.04.10 15:48:52 | 000,000,344 | ---- | C] () -- C:\Windows\tasks\At44.job
[2010.04.10 15:48:51 | 000,000,344 | ---- | C] () -- C:\Windows\tasks\At43.job
[2010.04.10 15:48:50 | 000,000,344 | ---- | C] () -- C:\Windows\tasks\At42.job
[2010.04.10 15:48:50 | 000,000,344 | ---- | C] () -- C:\Windows\tasks\At41.job
[2010.04.10 15:48:49 | 000,000,344 | ---- | C] () -- C:\Windows\tasks\At40.job
[2010.04.10 15:48:48 | 000,000,344 | ---- | C] () -- C:\Windows\tasks\At39.job
[2010.04.10 15:48:47 | 000,000,344 | ---- | C] () -- C:\Windows\tasks\At38.job
[2010.04.10 15:48:47 | 000,000,344 | ---- | C] () -- C:\Windows\tasks\At37.job
[2010.04.10 15:48:46 | 000,000,344 | ---- | C] () -- C:\Windows\tasks\At36.job
[2010.04.10 15:48:45 | 000,000,344 | ---- | C] () -- C:\Windows\tasks\At35.job
[2010.04.10 15:48:45 | 000,000,344 | ---- | C] () -- C:\Windows\tasks\At34.job
[2010.04.10 15:48:44 | 000,000,344 | ---- | C] () -- C:\Windows\tasks\At33.job
[2010.04.10 15:48:43 | 000,000,344 | ---- | C] () -- C:\Windows\tasks\At32.job
[2010.04.10 15:48:42 | 000,000,344 | ---- | C] () -- C:\Windows\tasks\At31.job
[2010.04.10 15:48:42 | 000,000,344 | ---- | C] () -- C:\Windows\tasks\At30.job
[2010.04.10 15:48:41 | 000,000,344 | ---- | C] () -- C:\Windows\tasks\At29.job
[2010.04.10 15:48:40 | 000,000,344 | ---- | C] () -- C:\Windows\tasks\At28.job
[2010.04.10 15:48:40 | 000,000,344 | ---- | C] () -- C:\Windows\tasks\At27.job
[2010.04.10 15:48:39 | 000,000,344 | ---- | C] () -- C:\Windows\tasks\At26.job
[2010.04.10 15:48:38 | 000,000,344 | ---- | C] () -- C:\Windows\tasks\At25.job
[2010.04.10 15:44:18 | 000,000,346 | ---- | C] () -- C:\Windows\tasks\At24.job
[2010.04.10 15:44:18 | 000,000,346 | ---- | C] () -- C:\Windows\tasks\At23.job
[2010.04.10 15:44:17 | 000,000,346 | ---- | C] () -- C:\Windows\tasks\At22.job
[2010.04.10 15:44:16 | 000,000,346 | ---- | C] () -- C:\Windows\tasks\At21.job
[2010.04.10 15:44:15 | 000,000,346 | ---- | C] () -- C:\Windows\tasks\At20.job
[2010.04.10 15:44:15 | 000,000,346 | ---- | C] () -- C:\Windows\tasks\At19.job
[2010.04.10 15:44:14 | 000,000,346 | ---- | C] () -- C:\Windows\tasks\At18.job
[2010.04.10 15:44:13 | 000,000,346 | ---- | C] () -- C:\Windows\tasks\At17.job
[2010.04.10 15:44:12 | 000,000,346 | ---- | C] () -- C:\Windows\tasks\At16.job
[2010.04.10 15:44:11 | 000,000,346 | ---- | C] () -- C:\Windows\tasks\At15.job
[2010.04.10 15:44:10 | 000,000,346 | ---- | C] () -- C:\Windows\tasks\At14.job
[2010.04.10 15:44:09 | 000,000,346 | ---- | C] () -- C:\Windows\tasks\At13.job
[2010.04.10 15:44:08 | 000,000,346 | ---- | C] () -- C:\Windows\tasks\At12.job
[2010.04.10 15:44:07 | 000,000,346 | ---- | C] () -- C:\Windows\tasks\At11.job
[2010.04.10 15:44:07 | 000,000,346 | ---- | C] () -- C:\Windows\tasks\At10.job
[2010.04.10 15:44:06 | 000,000,346 | ---- | C] () -- C:\Windows\tasks\At9.job
[2010.04.10 15:44:05 | 000,000,346 | ---- | C] () -- C:\Windows\tasks\At8.job
[2010.04.10 15:44:04 | 000,000,346 | ---- | C] () -- C:\Windows\tasks\At7.job
[2010.04.10 15:44:03 | 000,000,346 | ---- | C] () -- C:\Windows\tasks\At6.job
[2010.04.10 15:44:03 | 000,000,346 | ---- | C] () -- C:\Windows\tasks\At5.job
[2010.04.10 15:44:02 | 000,000,346 | ---- | C] () -- C:\Windows\tasks\At4.job
[2010.04.10 15:44:01 | 000,000,346 | ---- | C] () -- C:\Windows\tasks\At3.job
[2010.04.10 15:44:00 | 000,000,346 | ---- | C] () -- C:\Windows\tasks\At2.job
[2010.04.10 15:43:59 | 000,000,346 | ---- | C] () -- C:\Windows\tasks\At1.job

:commands
[emptytemp]
[purity]
  • Klicke dann auf den "Run Fix!" Button.
  • Ein Logfile wird nach C:\_OTL erstellt. Dieses bitte posten.
  • Öffne nun Malwarebytes, aktualisiere die Datenbanken und mache dann einen VollScan - Logfile dann ebenfalls posten.


BTW:
Will Dir nichts unterstellen, aber hast Du eine legale Alcohol-Version?
Diese Einträge deuten nicht darauf hin. Oder ist das eine Trial?

Zitat:
O1 - Hosts: 127.0.0.1 serial.alcohol-soft.com
O1 - Hosts: 127.0.0.1 www.alcohol-soft.com
O1 - Hosts: 127.0.0.1 images.alcohol-soft.com
O1 - Hosts: 127.0.0.1 trial.alcohol-soft.com
O1 - Hosts: 127.0.0.1 alcohol-soft.com
__________________
Gruß, Julian

Kein Support per PM!
Spendemöglichkeit: Make a Donation

Alt 11.04.2010, 02:09   #5
Dev
 
TR/Crypt.ZPACK.Gen in C:\Windows\Temp\rmwc.tmp\svchost.exe - Standard

TR/Crypt.ZPACK.Gen in C:\Windows\Temp\rmwc.tmp\svchost.exe


Ist ne Trial Version, dazu noch abgelaufen, wie ich gerade bemerkt habe....

OTL:
Zitat:
All processes killed
========== OTL ==========
C:\Windows\Tasks\At48.job moved successfully.
C:\Windows\Tasks\At47.job moved successfully.
C:\Windows\Tasks\At46.job moved successfully.
C:\Windows\Tasks\At45.job moved successfully.
C:\Windows\Tasks\At44.job moved successfully.
C:\Windows\Tasks\At43.job moved successfully.
C:\Windows\Tasks\At42.job moved successfully.
C:\Windows\Tasks\At41.job moved successfully.
C:\Windows\Tasks\At40.job moved successfully.
C:\Windows\Tasks\At39.job moved successfully.
C:\Windows\Tasks\At38.job moved successfully.
C:\Windows\Tasks\At37.job moved successfully.
C:\Windows\Tasks\At36.job moved successfully.
C:\Windows\Tasks\At35.job moved successfully.
C:\Windows\Tasks\At34.job moved successfully.
C:\Windows\Tasks\At33.job moved successfully.
C:\Windows\Tasks\At32.job moved successfully.
C:\Windows\Tasks\At31.job moved successfully.
C:\Windows\Tasks\At30.job moved successfully.
C:\Windows\Tasks\At29.job moved successfully.
C:\Windows\Tasks\At28.job moved successfully.
C:\Windows\Tasks\At27.job moved successfully.
C:\Windows\Tasks\At26.job moved successfully.
C:\Windows\Tasks\At25.job moved successfully.
C:\Windows\Tasks\At24.job moved successfully.
C:\Windows\Tasks\At23.job moved successfully.
C:\Windows\Tasks\At22.job moved successfully.
C:\Windows\Tasks\At21.job moved successfully.
C:\Windows\Tasks\At20.job moved successfully.
C:\Windows\Tasks\At19.job moved successfully.
C:\Windows\Tasks\At18.job moved successfully.
C:\Windows\Tasks\At17.job moved successfully.
C:\Windows\Tasks\At16.job moved successfully.
C:\Windows\Tasks\At15.job moved successfully.
C:\Windows\Tasks\At14.job moved successfully.
C:\Windows\Tasks\At13.job moved successfully.
C:\Windows\Tasks\At12.job moved successfully.
C:\Windows\Tasks\At11.job moved successfully.
C:\Windows\Tasks\At10.job moved successfully.
C:\Windows\Tasks\At9.job moved successfully.
C:\Windows\Tasks\At8.job moved successfully.
C:\Windows\Tasks\At7.job moved successfully.
C:\Windows\Tasks\At6.job moved successfully.
C:\Windows\Tasks\At5.job moved successfully.
C:\Windows\Tasks\At4.job moved successfully.
C:\Windows\Tasks\At3.job moved successfully.
C:\Windows\Tasks\At2.job moved successfully.
C:\Windows\Tasks\At1.job moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public

User: Tobi
->Temp folder emptied: 3281980 bytes
->Temporary Internet Files folder emptied: 12955226 bytes
->Java cache emptied: 53060304 bytes
->FireFox cache emptied: 83776040 bytes
->Flash cache emptied: 4779 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 2415042 bytes
RecycleBin emptied: 1979422121 bytes

Total Files Cleaned = 2.036,00 mb


OTL by OldTimer - Version 3.2.1.1 log created on 04112010_010811

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...



Malwarebytes Vollscan:
Zitat:
Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org

Datenbank Version: 3976

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

11.04.2010 03:06:46
mbam-log-2010-04-11 (03-06-46).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|F:\|)
Durchsuchte Objekte: 284159
Laufzeit: 1 Stunde(n), 27 Minute(n), 36 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 1

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
C:\Windows\System32\drivers\soccx.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
Und damit erstmal Goodnight


Alt 11.04.2010, 10:54   #6
StLB
/// Helfer-Team
 
TR/Crypt.ZPACK.Gen in C:\Windows\Temp\rmwc.tmp\svchost.exe - Standard

TR/Crypt.ZPACK.Gen in C:\Windows\Temp\rmwc.tmp\svchost.exe


Zitat:
Ist ne Trial Version, dazu noch abgelaufen, wie ich gerade bemerkt habe....
Ok, dann passts ja


C:\Windows\System32\drivers\soccx.sys sollte jetzt das letzte mal aufgetaucht sein, denn jetzt wird er nicht mehr nach geladen.
Die Meldungen von AntiVir über den TR/Crypt.ZPACK.Gen kommen immer noch?
Mit HitmanPro habe ich damit recht gute Erfahrungen gemacht:

Systemscan mit HitmanPro
__________________
--> TR/Crypt.ZPACK.Gen in C:\Windows\Temp\rmwc.tmp\svchost.exe

Alt 11.04.2010, 11:57   #7
Dev
 
TR/Crypt.ZPACK.Gen in C:\Windows\Temp\rmwc.tmp\svchost.exe - Standard

TR/Crypt.ZPACK.Gen in C:\Windows\Temp\rmwc.tmp\svchost.exe


Antivir meckert nun nicht mehr. Das Pop-Up mit der Warnung blieb bisher aus. Die Datei wird zwar noch gefunden von Malwarebytes und Hitman, aber nicht entfernt werden. (ist das überhaupt nötig, oder ist das nun weitesgehend unschädlich gemacht?).
Seitdem ich OTL mit den Custom Scans durchlaufen lassen habe, hat Windows Schwierigkeiten mit dem starten. Will mich jedesmal durch die Windows Starthilfe schleußen, die das Problem nicht beheben kann. Wenn ich Windows normal starten auswähle, funktioniert allerdings alles einwandfrei

Alt 11.04.2010, 12:27   #8
StLB
/// Helfer-Team
 
TR/Crypt.ZPACK.Gen in C:\Windows\Temp\rmwc.tmp\svchost.exe - Standard

TR/Crypt.ZPACK.Gen in C:\Windows\Temp\rmwc.tmp\svchost.exe


Bitte ein neues OTL-Log posten:

Systemscan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop ( falls noch nicht vorhanden)
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles hier in den Thread.

Danach bitte einen Rootkitscan mit GMER durchführen und das Logfile posten.
__________________
Gruß, Julian

Kein Support per PM!
Spendemöglichkeit: Make a Donation

Alt 11.04.2010, 12:50   #9
Dev
 
TR/Crypt.ZPACK.Gen in C:\Windows\Temp\rmwc.tmp\svchost.exe - Standard

TR/Crypt.ZPACK.Gen in C:\Windows\Temp\rmwc.tmp\svchost.exe


GMER:
Zitat:
GMER 1.0.15.15281 - hxxp://www.gmer.net
Rootkit scan 2010-04-11 13:49:03
Windows 6.1.7600
Running: rryfs3dy.exe; Driver: C:\Users\Tobi\AppData\Local\Temp\kxddqpow.sys


---- System - GMER 1.0.15 ----

INT 0x1F \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 83241AF8
INT 0x37 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 83241104
INT 0xC1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 832413F4
INT 0xD1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 8322A2D8
INT 0xD2 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 83229898
INT 0xDF \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 832411DC
INT 0xE1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 83241958
INT 0xE3 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 832416F8
INT 0xFD \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 83241F2C
INT 0xFE \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 832421A8

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwSaveKeyEx + 13BD 82E5A5C9 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82E7F052 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
? System32\Drivers\spjp.sys Das System kann den angegebenen Pfad nicht finden. !
? System32\Drivers\soccx.sys Ein an das System angeschlossenes Gerät funktioniert nicht. !
.text C:\Windows\system32\DRIVERS\atikmdag.sys section is writeable [0x91001000, 0x2D5378, 0xE8000020]
.text USBPORT.SYS!DllUnload 9053ACA0 5 Bytes JMP 86C691D8
.text peauth.sys 9B56BC9D 28 Bytes [5E, ED, F3, EF, 9E, 29, BC, ...]
.text peauth.sys 9B56BCC1 28 Bytes [5E, ED, F3, EF, 9E, 29, BC, ...]
PAGE peauth.sys 9B571B9B 1 Byte [27]
PAGE peauth.sys 9B571B9B 72 Bytes [27, E4, 7B, AC, AD, 99, C3, ...]
PAGE peauth.sys 9B571BEC 111 Bytes [10, 89, 45, D3, 50, 2E, 59, ...]
PAGE ...

---- User code sections - GMER 1.0.15 ----

.text C:\Windows\system32\svchost.exe[1084] ntdll.dll!NtProtectVirtualMemory 77825360 5 Bytes JMP 002C000A
.text C:\Windows\system32\svchost.exe[1084] ntdll.dll!NtWriteVirtualMemory 77825EE0 5 Bytes JMP 002D000A
.text C:\Windows\system32\svchost.exe[1084] ntdll.dll!KiUserExceptionDispatcher 77826448 5 Bytes JMP 002B000A
.text C:\Windows\system32\svchost.exe[1084] ole32.dll!CoCreateInstance 773357FC 5 Bytes JMP 006C000A
.text C:\Windows\system32\svchost.exe[1084] USER32.dll!GetCursorPos 7794C198 5 Bytes JMP 006D000A
.text C:\Windows\explorer.exe[2428] ntdll.dll!NtProtectVirtualMemory 77825360 5 Bytes JMP 001A000A
.text C:\Windows\explorer.exe[2428] ntdll.dll!NtWriteVirtualMemory 77825EE0 5 Bytes JMP 001B000A
.text C:\Windows\explorer.exe[2428] ntdll.dll!KiUserExceptionDispatcher 77826448 5 Bytes JMP 0019000A
.text C:\Program Files\Common Files\PPLiveNetwork\PPAP.exe[3084] kernel32.dll!CreateFileW 775B0B7D 5 Bytes JMP 018A2930 C:\Program Files\Common Files\PPLiveNetwork\TipsClient.dll
.text C:\Program Files\Common Files\PPLiveNetwork\PPAP.exe[3084] kernel32.dll!CreateFileA 775B291C 5 Bytes JMP 018A28D0 C:\Program Files\Common Files\PPLiveNetwork\TipsClient.dll
.text C:\Program Files\Common Files\PPLiveNetwork\PPAP.exe[3084] USER32.dll!ShowWindow 7795147A 2 Bytes JMP 018A2750 C:\Program Files\Common Files\PPLiveNetwork\TipsClient.dll
.text C:\Program Files\Common Files\PPLiveNetwork\PPAP.exe[3084] USER32.dll!ShowWindow + 3 7795147D 2 Bytes [F5, 89]

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT \SystemRoot\system32\DRIVERS\atapi.sys[ataport.SYS!AtaPortReadPortUchar] [8B6BE042] \SystemRoot\System32\Drivers\spjp.sys
IAT \SystemRoot\system32\DRIVERS\atapi.sys[ataport.SYS!AtaPortWritePortUchar] [8B6BE6D6] \SystemRoot\System32\Drivers\spjp.sys
IAT \SystemRoot\system32\DRIVERS\atapi.sys[ataport.SYS!AtaPortWritePortBufferUshort] [8B6BE800] \SystemRoot\System32\Drivers\spjp.sys
IAT \SystemRoot\system32\DRIVERS\atapi.sys[ataport.SYS!AtaPortReadPortBufferUshort] [8B6BE13E] \SystemRoot\System32\Drivers\spjp.sys

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Windows\explorer.exe[2428] @ C:\Windows\explorer.exe [gdiplus.dll!GdipAlloc] [74252494] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[2428] @ C:\Windows\explorer.exe [gdiplus.dll!GdiplusStartup] [74235624] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[2428] @ C:\Windows\explorer.exe [gdiplus.dll!GdiplusShutdown] [742356E2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[2428] @ C:\Windows\explorer.exe [gdiplus.dll!GdipFree] [7425250F] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[2428] @ C:\Windows\explorer.exe [gdiplus.dll!GdipDeleteGraphics] [74248573] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[2428] @ C:\Windows\explorer.exe [gdiplus.dll!GdipDisposeImage] [74244D27] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[2428] @ C:\Windows\explorer.exe [gdiplus.dll!GdipGetImageWidth] [742450CE] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[2428] @ C:\Windows\explorer.exe [gdiplus.dll!GdipGetImageHeight] [742451A3] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[2428] @ C:\Windows\explorer.exe [gdiplus.dll!GdipCreateBitmapFromHBITMAP] [742466D0] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[2428] @ C:\Windows\explorer.exe [gdiplus.dll!GdipCreateFromHDC] [742482CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[2428] @ C:\Windows\explorer.exe [gdiplus.dll!GdipSetCompositingMode] [74248819] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[2428] @ C:\Windows\explorer.exe [gdiplus.dll!GdipSetInterpolationMode] [7424907A] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[2428] @ C:\Windows\explorer.exe [gdiplus.dll!GdipDrawImageRectI] [7424E21D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[2428] @ C:\Windows\explorer.exe [gdiplus.dll!GdipCloneImage] [74244C59] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 868BDE70
Device \FileSystem\Ntfs \Ntfs 8599F1F8
Device \FileSystem\fastfat \FatCdrom A21FB1F8
Device \Driver\NetBT \Device\NetBT_Tcpip_{0BDAE879-918A-4987-AFF8-D7A4D8E89C52} 86B861F8
Device \Driver\NetBT \Device\NetBT_Tcpip_{46940357-F9F4-4905-9F36-57EACC30D035} 86B861F8
Device \Driver\volmgr \Device\VolMgrControl 8599A1F8
Device \Driver\usbuhci \Device\USBPDO-0 86C6B1F8
Device \Driver\usbuhci \Device\USBPDO-1 86C6B1F8
Device \Driver\usbuhci \Device\USBPDO-2 86C6B1F8
Device \Driver\usbehci \Device\USBPDO-3 86C33500
Device \Driver\usbuhci \Device\USBPDO-4 86C6B1F8
Device \Driver\usbuhci \Device\USBPDO-5 86C6B1F8
Device \Driver\usbuhci \Device\USBPDO-6 86C6B1F8
Device \Driver\volmgr \Device\HarddiskVolume1 8599A1F8

AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)

Device \Driver\usbehci \Device\USBPDO-7 86C33500
Device \Driver\volmgr \Device\HarddiskVolume2 8599A1F8

AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)

Device \Driver\cdrom \Device\CdRom0 86A08470
Device \Driver\volmgr \Device\HarddiskVolume3 8599A1F8

AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)

Device \Driver\atapi \Device\Ide\IdePort0 8599C1F8
Device \Driver\atapi \Device\Ide\IdePort1 8599C1F8
Device \Driver\atapi \Device\Ide\IdePort2 8599C1F8
Device \Driver\atapi \Device\Ide\IdePort3 8599C1F8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-1 8599C1F8
Device \Driver\msahci \Device\Ide\PciIde0Channel0 8599D1F8
Device \Driver\msahci \Device\Ide\PciIde0Channel1 8599D1F8
Device \Driver\msahci \Device\Ide\PciIde0Channel4 8599D1F8
Device \Driver\msahci \Device\Ide\PciIde0Channel5 8599D1F8
Device \Driver\volmgr \Device\HarddiskVolume4 8599A1F8

AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)

Device \Driver\volmgr \Device\HarddiskVolume5 8599A1F8

AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)

Device \Driver\NetBT \Device\NetBt_Wins_Export 86B861F8
Device \Driver\ACPI_HAL \Device\0000004c halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)
Device \Driver\usbuhci \Device\USBFDO-0 86C6B1F8
Device \Driver\usbuhci \Device\USBFDO-1 86C6B1F8
Device \Driver\usbuhci \Device\USBFDO-2 86C6B1F8
Device \Driver\usbehci \Device\USBFDO-3 86C33500
Device \Driver\usbuhci \Device\USBFDO-4 86C6B1F8
Device \Driver\usbuhci \Device\USBFDO-5 86C6B1F8
Device \Driver\usbuhci \Device\USBFDO-6 86C6B1F8
Device \Driver\usbehci \Device\USBFDO-7 86C33500
Device \FileSystem\fastfat \Fat A21FB1F8

AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Dateisystem-Filter-Manager/Microsoft Corporation)

Device \FileSystem\cdfs \Cdfs 859CF500
Device -> \Driver\atapi \Device\Harddisk0\DR0 86B8CAC8

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\00225f0cf667
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\00225f0cf667@0021fb0c295f 0x12 0xEC 0xF5 0x88 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\soccx@Type 1
Reg HKLM\SYSTEM\CurrentControlSet\services\soccx@Start 0
Reg HKLM\SYSTEM\CurrentControlSet\services\soccx@ErrorControl 0
Reg HKLM\SYSTEM\CurrentControlSet\services\soccx@Group Boot Bus Extender
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xE7 0x3E 0xC9 0x8D ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\00225f0cf667 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\00225f0cf667@0021fb0c295f 0x12 0xEC 0xF5 0x88 ...
Reg HKLM\SYSTEM\ControlSet002\services\soccx@Type 1
Reg HKLM\SYSTEM\ControlSet002\services\soccx@Start 0
Reg HKLM\SYSTEM\ControlSet002\services\soccx@ErrorControl 0
Reg HKLM\SYSTEM\ControlSet002\services\soccx@Group Boot Bus Extender
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xE7 0x3E 0xC9 0x8D ...

---- Files - GMER 1.0.15 ----

File C:\Windows\system32\drivers\atapi.sys suspicious modification

---- EOF - GMER 1.0.15 ----

OTL:
Zitat:
OTL logfile created on: 11.04.2010 13:31:02 - Run 2
OTL by OldTimer - Version 3.2.1.1 Folder = C:\Users\Tobi\Desktop
An unknown product (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 69,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 82,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 123,49 Gb Total Space | 40,88 Gb Free Space | 33,11% Space Free | Partition Type: NTFS
Drive D: | 70,00 Gb Total Space | 11,84 Gb Free Space | 16,92% Space Free | Partition Type: NTFS
Drive E: | 29,25 Gb Total Space | 2,54 Gb Free Space | 8,69% Space Free | Partition Type: NTFS
Drive F: | 10,00 Gb Total Space | 1,73 Gb Free Space | 17,34% Space Free | Partition Type: NTFS
Drive G: | 524,67 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: BAYER04
Current User Name: Tobi
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Users\Tobi\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Programme\ICQ7.0\ICQ.exe (ICQ, LLC.)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Programme\Common Files\PPLiveNetwork\PPAP.exe (PPLive Corporation)
PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH)
PRC - C:\Programme\Skype\Toolbars\Shared\SkypeNames2.exe (Skype Technologies S.A.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\System32\atieclxx.exe (AMD)
PRC - C:\Windows\System32\atiesrxx.exe (AMD)
PRC - C:\Programme\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation)
PRC - C:\Programme\Common Files\Logishrd\KHAL2\KHALMNPR.exe (Logitech, Inc.)
PRC - C:\Programme\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG)
PRC - C:\Users\Tobi\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe (Octoshape ApS)
PRC - C:\Programme\Dell\QuickSet\quickset.exe (Dell Inc.)
PRC - C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
PRC - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_c8e33401effad09d\stacsv.exe (IDT, Inc.)
PRC - C:\Programme\Winamp Remote\bin\OrbTray.exe (Orb Networks)
PRC - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_c8e33401effad09d\AEstSrv.exe (Andrea Electronics Corporation)
PRC - C:\Programme\Winamp Remote\bin\Orb.exe (Orb Networks, Inc.)


========== Modules (SafeList) ==========

MOD - C:\Users\Tobi\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Programme\Logitech\SetPoint\lgscroll.dll (Logitech, Inc.)
MOD - C:\Programme\Logitech\SetPoint\GameHook.dll (Logitech, Inc.)
MOD - C:\Windows\System32\sspicli.dll (Microsoft Corporation)
MOD - C:\Windows\System32\sechost.dll (Microsoft Corporation)
MOD - C:\Windows\System32\samcli.dll (Microsoft Corporation)
MOD - C:\Windows\System32\profapi.dll (Microsoft Corporation)
MOD - C:\Windows\System32\netutils.dll (Microsoft Corporation)
MOD - C:\Windows\System32\KernelBase.dll (Microsoft Corporation)
MOD - C:\Windows\System32\dwmapi.dll (Microsoft Corporation)
MOD - C:\Windows\System32\devobj.dll (Microsoft Corporation)
MOD - C:\Windows\System32\cryptbase.dll (Microsoft Corporation)
MOD - C:\Windows\System32\cfgmgr32.dll (Microsoft Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll (Microsoft Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4927_none_d08a205e442db5b5\msvcr80.dll (Microsoft Corporation)
MOD - C:\Windows\System32\BtMmHook.dll (Broadcom Corporation.)


========== Win32 Services (SafeList) ==========

SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (AMD External Events Utility) -- C:\Windows\System32\atiesrxx.exe (AMD)
SRV - (LBTServ) -- C:\Programme\Common Files\Logishrd\Bluetooth\LBTServ.exe (Logitech, Inc.)
SRV - (WwanSvc) -- C:\Windows\System32\wwansvc.dll (Microsoft Corporation)
SRV - (WbioSrvc) -- C:\Windows\System32\wbiosrvc.dll (Microsoft Corporation)
SRV - (Power) -- C:\Windows\System32\umpo.dll (Microsoft Corporation)
SRV - (Themes) -- C:\Windows\System32\themeservice.dll (Microsoft Corporation)
SRV - (sppuinotify) -- C:\Windows\System32\sppuinotify.dll (Microsoft Corporation)
SRV - (StorSvc) -- C:\Windows\System32\StorSvc.dll (Microsoft Corporation)
SRV - (RpcEptMapper) -- C:\Windows\System32\RpcEpMap.dll (Microsoft Corporation)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)
SRV - (PNRPsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation)
SRV - (p2pimsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation)
SRV - (HomeGroupProvider) -- C:\Windows\System32\provsvc.dll (Microsoft Corporation)
SRV - (PNRPAutoReg) -- C:\Windows\System32\pnrpauto.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (HomeGroupListener) -- C:\Windows\System32\ListSvc.dll (Microsoft Corporation)
SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation)
SRV - (Dhcp) -- C:\Windows\System32\dhcpcore.dll (Microsoft Corporation)
SRV - (defragsvc) -- C:\Windows\System32\defragsvc.dll (Microsoft Corporation)
SRV - (BDESVC) -- C:\Windows\System32\bdesvc.dll (Microsoft Corporation)
SRV - (AxInstSV) ActiveX-Installer (AxInstSV) -- C:\Windows\System32\AxInstSv.dll (Microsoft Corporation)
SRV - (AppIDSvc) -- C:\Windows\System32\appidsvc.dll (Microsoft Corporation)
SRV - (sppsvc) -- C:\Windows\System32\sppsvc.exe (Microsoft Corporation)
SRV - (Nero BackItUp Scheduler 4.0) -- C:\Programme\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG)
SRV - (STacSV) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_c8e33401effad09d\stacsv.exe (IDT, Inc.)
SRV - (AESTFilters) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_c8e33401effad09d\AEstSrv.exe (Andrea Electronics Corporation)


========== Driver Services (SafeList) ==========

DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys ()
DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (cmdide) -- C:\Windows\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.)
DRV - (adpahci) -- C:\Windows\system32\DRIVERS\adpahci.sys (Adaptec, Inc.)
DRV - (adp94xx) -- C:\Windows\system32\DRIVERS\adp94xx.sys (Adaptec, Inc.)
DRV - (amdsbs) -- C:\Windows\system32\DRIVERS\amdsbs.sys (AMD Technologies Inc.)
DRV - (adpu320) -- C:\Windows\system32\DRIVERS\adpu320.sys (Adaptec, Inc.)
DRV - (arcsas) -- C:\Windows\system32\DRIVERS\arcsas.sys (Adaptec, Inc.)
DRV - (amdsata) -- C:\Windows\system32\DRIVERS\amdsata.sys (Advanced Micro Devices)
DRV - (arc) -- C:\Windows\system32\DRIVERS\arc.sys (Adaptec, Inc.)
DRV - (amdxata) -- C:\Windows\system32\DRIVERS\amdxata.sys (Advanced Micro Devices)
DRV - (aliide) -- C:\Windows\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)
DRV - (nvstor) -- C:\Windows\system32\DRIVERS\nvstor.sys (NVIDIA Corporation)
DRV - (nvraid) -- C:\Windows\system32\DRIVERS\nvraid.sys (NVIDIA Corporation)
DRV - (nfrd960) -- C:\Windows\system32\DRIVERS\nfrd960.sys (IBM Corporation)
DRV - (LSI_SAS) -- C:\Windows\system32\DRIVERS\lsi_sas.sys (LSI Corporation)
DRV - (iaStorV) -- C:\Windows\system32\DRIVERS\iaStorV.sys (Intel Corporation)
DRV - (MegaSR) -- C:\Windows\system32\DRIVERS\MegaSR.sys (LSI Corporation, Inc.)
DRV - (KSecPkg) -- C:\Windows\System32\Drivers\ksecpkg.sys (Microsoft Corporation)
DRV - (LSI_SCSI) -- C:\Windows\system32\DRIVERS\lsi_scsi.sys (LSI Corporation)
DRV - (LSI_FC) -- C:\Windows\system32\DRIVERS\lsi_fc.sys (LSI Corporation)
DRV - (LSI_SAS2) -- C:\Windows\system32\DRIVERS\lsi_sas2.sys (LSI Corporation)
DRV - (iirsp) -- C:\Windows\system32\DRIVERS\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (megasas) -- C:\Windows\system32\DRIVERS\megasas.sys (LSI Corporation)
DRV - (hwpolicy) -- C:\Windows\System32\drivers\hwpolicy.sys (Microsoft Corporation)
DRV - (elxstor) -- C:\Windows\system32\DRIVERS\elxstor.sys (Emulex)
DRV - (aic78xx) -- C:\Windows\system32\DRIVERS\djsvs.sys (Adaptec, Inc.)
DRV - (HpSAMD) -- C:\Windows\system32\DRIVERS\HpSAMD.sys (Hewlett-Packard Company)
DRV - (FsDepends) -- C:\Windows\System32\drivers\fsdepends.sys (Microsoft Corporation)
DRV - (vsmraid) -- C:\Windows\system32\DRIVERS\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (vmbus) -- C:\Windows\system32\DRIVERS\vmbus.sys (Microsoft Corporation)
DRV - (vhdmp) -- C:\Windows\system32\DRIVERS\vhdmp.sys (Microsoft Corporation)
DRV - (storflt) -- C:\Windows\system32\DRIVERS\vmstorfl.sys (Microsoft Corporation)
DRV - (vdrvroot) -- C:\Windows\system32\DRIVERS\vdrvroot.sys (Microsoft Corporation)
DRV - (storvsc) -- C:\Windows\system32\DRIVERS\storvsc.sys (Microsoft Corporation)
DRV - (WIMMount) -- C:\Windows\System32\drivers\wimmount.sys (Microsoft Corporation)
DRV - (viaide) -- C:\Windows\system32\DRIVERS\viaide.sys (VIA Technologies, Inc.)
DRV - (ql2300) -- C:\Windows\system32\DRIVERS\ql2300.sys (QLogic Corporation)
DRV - (rdyboost) -- C:\Windows\System32\drivers\rdyboost.sys (Microsoft Corporation)
DRV - (ql40xx) -- C:\Windows\system32\DRIVERS\ql40xx.sys (QLogic Corporation)
DRV - (SiSRaid4) -- C:\Windows\system32\DRIVERS\sisraid4.sys (Silicon Integrated Systems)
DRV - (pcw) -- C:\Windows\System32\drivers\pcw.sys (Microsoft Corporation)
DRV - (SiSRaid2) -- C:\Windows\system32\DRIVERS\SiSRaid2.sys (Silicon Integrated Systems Corp.)
DRV - (stexstor) -- C:\Windows\system32\DRIVERS\stexstor.sys (Promise Technology)
DRV - (CNG) -- C:\Windows\System32\Drivers\cng.sys (Microsoft Corporation)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\System32\Drivers\Brserid.sys (Brother Industries Ltd.)
DRV - (rdpbus) -- C:\Windows\System32\drivers\rdpbus.sys (Microsoft Corporation)
DRV - (RDPREFMP) -- C:\Windows\System32\drivers\RDPREFMP.sys (Microsoft Corporation)
DRV - (RasAgileVpn) WAN Miniport (IKEv2) -- C:\Windows\System32\drivers\agilevpn.sys (Microsoft Corporation)
DRV - (WfpLwf) -- C:\Windows\System32\drivers\wfplwf.sys (Microsoft Corporation)
DRV - (NdisCap) -- C:\Windows\System32\drivers\ndiscap.sys (Microsoft Corporation)
DRV - (vwififlt) -- C:\Windows\System32\drivers\vwififlt.sys (Microsoft Corporation)
DRV - (vwifibus) -- C:\Windows\System32\drivers\vwifibus.sys (Microsoft Corporation)
DRV - (1394ohci) -- C:\Windows\System32\drivers\1394ohci.sys (Microsoft Corporation)
DRV - (UmPass) -- C:\Windows\system32\DRIVERS\umpass.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (mshidkmdf) -- C:\Windows\System32\drivers\mshidkmdf.sys (Microsoft Corporation)
DRV - (MTConfig) -- C:\Windows\system32\DRIVERS\MTConfig.sys (Microsoft Corporation)
DRV - (CompositeBus) -- C:\Windows\System32\drivers\CompositeBus.sys (Microsoft Corporation)
DRV - (AppID) -- C:\Windows\system32\drivers\appid.sys (Microsoft Corporation)
DRV - (scfilter) -- C:\Windows\System32\drivers\scfilter.sys (Microsoft Corporation)
DRV - (s3cap) -- C:\Windows\system32\DRIVERS\vms3cap.sys (Microsoft Corporation)
DRV - (VMBusHID) -- C:\Windows\system32\DRIVERS\VMBusHID.sys (Microsoft Corporation)
DRV - (discache) -- C:\Windows\System32\drivers\discache.sys (Microsoft Corporation)
DRV - (HidBatt) -- C:\Windows\system32\DRIVERS\HidBatt.sys (Microsoft Corporation)
DRV - (AcpiPmi) -- C:\Windows\system32\DRIVERS\acpipmi.sys (Microsoft Corporation)
DRV - (AmdPPM) -- C:\Windows\system32\DRIVERS\amdppm.sys (Microsoft Corporation)
DRV - (hcw85cir) -- C:\Windows\system32\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV - (BrUsbMdm) -- C:\Windows\System32\Drivers\BrUsbMdm.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\System32\Drivers\BrUsbSer.sys (Brother Industries Ltd.)
DRV - (BrSerWdm) -- C:\Windows\System32\Drivers\BrSerWdm.sys (Brother Industries Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\DRIVERS\BrFiltLo.sys (Brother Industries, Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\DRIVERS\BrFiltUp.sys (Brother Industries, Ltd.)
DRV - (b57nd60x) -- C:\Windows\System32\drivers\b57nd60x.sys (Broadcom Corporation)
DRV - (ebdrv) -- C:\Windows\system32\DRIVERS\evbdx.sys (Broadcom Corporation)
DRV - (b06bdrv) -- C:\Windows\system32\DRIVERS\bxvbdx.sys (Broadcom Corporation)
DRV - (LMouFilt) -- C:\Windows\System32\drivers\LMouFilt.Sys (Logitech, Inc.)
DRV - (LHidFilt) -- C:\Windows\System32\drivers\LHidFilt.Sys (Logitech, Inc.)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (OA001Ufd) -- C:\Windows\System32\drivers\OA001Ufd.sys (Creative Technology Ltd.)
DRV - (BCM43XX) -- C:\Windows\System32\drivers\BCMWL6.SYS (Broadcom Corporation)
DRV - (BCM42RLY) -- C:\Windows\System32\drivers\bcm42rly.sys (Broadcom Corporation)
DRV - (OA001Vid) -- C:\Windows\System32\drivers\OA001Vid.sys (Creative Technology Ltd.)
DRV - (STHDA) -- C:\Windows\System32\drivers\stwrt.sys (IDT, Inc.)
DRV - (ApfiltrService) -- C:\Windows\System32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV - (rimmptsk) -- C:\Windows\System32\drivers\rimmptsk.sys (REDC)
DRV - (k57nd60x) Broadcom NetLink (TM) -- C:\Windows\System32\drivers\k57nd60x.sys (Broadcom Corporation)
DRV - (btwl2cap) -- C:\Windows\System32\drivers\btwl2cap.sys (Broadcom Corporation.)
DRV - (btwaudio) -- C:\Windows\System32\drivers\btwaudio.sys (Broadcom Corporation.)
DRV - (btwrchid) -- C:\Windows\System32\drivers\btwrchid.sys (Broadcom Corporation.)
DRV - (btwavdt) -- C:\Windows\System32\drivers\btwavdt.sys (Broadcom Corporation.)
DRV - (itecir) -- C:\Windows\System32\drivers\itecir.sys (ITE Tech. Inc. )
DRV - (rismxdp) -- C:\Windows\System32\drivers\rixdptsk.sys (REDC)
DRV - (rimsptsk) -- C:\Windows\System32\drivers\rimsptsk.sys (REDC)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 82 97 38 FA B8 D5 CA 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "www.t-online.de"
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.071303000004
FF - prefs.js..extensions.enabledItems: firefox@tvunetworks.com:2
FF - prefs.js..extensions.enabledItems: 5
FF - prefs.js..extensions.enabledItems: 2
FF - prefs.js..extensions.enabledItems: 2
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198
FF - prefs.js..network.proxy.backup.ftp: ""
FF - prefs.js..network.proxy.backup.ftp_port: 0
FF - prefs.js..network.proxy.backup.gopher: ""
FF - prefs.js..network.proxy.backup.gopher_port: 0
FF - prefs.js..network.proxy.backup.socks: "localhost"
FF - prefs.js..network.proxy.backup.socks_port: 9050
FF - prefs.js..network.proxy.backup.ssl: "localhost"
FF - prefs.js..network.proxy.backup.ssl_port: 9666
FF - prefs.js..network.proxy.ftp: "proxy.fh-flensburg.de"
FF - prefs.js..network.proxy.ftp_port: 80
FF - prefs.js..network.proxy.gopher: "proxy.fh-flensburg.de"
FF - prefs.js..network.proxy.gopher_port: 80
FF - prefs.js..network.proxy.http: "proxy.fh-flensburg.de"
FF - prefs.js..network.proxy.http_port: 80
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.socks: "proxy.fh-flensburg.de"
FF - prefs.js..network.proxy.socks_port: 80
FF - prefs.js..network.proxy.socks_remote_dns: true
FF - prefs.js..network.proxy.ssl: "proxy.fh-flensburg.de"
FF - prefs.js..network.proxy.ssl_port: 80

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.04.06 17:09:07 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.04.06 17:09:03 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.24\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2010.03.18 13:09:56 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.24\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2010.02.11 11:58:58 | 000,000,000 | ---D | M]

[2009.11.01 16:00:32 | 000,000,000 | ---D | M] -- C:\Users\Tobi\AppData\Roaming\mozilla\Extensions
[2010.04.10 17:32:51 | 000,000,000 | ---D | M] -- C:\Users\Tobi\AppData\Roaming\mozilla\Firefox\Profiles\ker0n89o.default\extensions
[2010.02.26 21:33:36 | 000,000,000 | ---D | M] -- C:\Users\Tobi\AppData\Roaming\mozilla\Firefox\Profiles\ker0n89o.default\extensions\firefox@tvunetworks.com
[2009.11.10 11:40:38 | 000,000,000 | ---D | M] -- C:\Users\Tobi\AppData\Roaming\mozilla\Firefox\Profiles\ker0n89o.default\extensions\moveplayer@movenetworks.com
[2010.04.10 17:32:51 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions
[2010.03.30 17:31:13 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Programme\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2010.04.06 17:08:55 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.04.06 17:08:55 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.04.06 17:08:55 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.04.06 17:08:55 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.04.06 17:08:55 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml

O1 HOSTS File: ([2010.04.11 01:05:43 | 000,000,988 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 serial.alcohol-soft.com
O1 - Hosts: 127.0.0.1 www.alcohol-soft.com
O1 - Hosts: 127.0.0.1 images.alcohol-soft.com
O1 - Hosts: 127.0.0.1 trial.alcohol-soft.com
O1 - Hosts: 127.0.0.1 alcohol-soft.com
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe File not found
O4 - HKCU..\Run: [AlSrvN] C:\Users\Tobi\Desktop\Alcohol 120% v.1.9.8.7612 Retail\patch\Plugins\Helper\AlSrvN.exe File not found
O4 - HKCU..\Run: [Octoshape Streaming Services] C:\Users\Tobi\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe (Octoshape ApS)
O4 - HKCU..\Run: [PPAP] C:\Program Files\Common Files\PPLiveNetwork\PPAP.exe (PPLive Corporation)
O4 - HKCU..\Run: [Steam] C:\Spiele\Steam\Steam.exe (Valve Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Programme\PokerStars\PokerStarsUpdate.exe (PokerStars)
O9 - Extra Button: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Programme\ICQ7.0\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Programme\ICQ7.0\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: PPLive - {95B3F550-91C4-4627-BCC4-521288C52977} - C:\Programme\PPLive\PPTV\PPLive.exe (PPLive Corporation)
O9 - Extra 'Tools' menuitem : PPLive - {95B3F550-91C4-4627-BCC4-521288C52977} - C:\Programme\PPLive\PPTV\PPLive.exe (PPLive Corporation)
O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe File not found
O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe File not found
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - Winlogon\Notify\LBTWlgn: DllName - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll - c:\Programme\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2002.05.07 21:36:14 | 000,000,212 | R--- | M] () - G:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{6d5d6313-c6e6-11de-a723-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{6d5d6313-c6e6-11de-a723-806e6f6e6963}\Shell\AutoRun\command - "" = G:\_autorun\Autorun.exe -- [2000.02.07 23:20:10 | 000,036,864 | R--- | M] (New World Computing)
O33 - MountPoints2\{6d5d6313-c6e6-11de-a723-806e6f6e6963}\Shell\instDX\command - "" = G:\DirectX\dxsetup.exe -- [2000.10.21 14:39:38 | 000,147,456 | R--- | M] (Microsoft Corporation)
O33 - MountPoints2\{6d5d6313-c6e6-11de-a723-806e6f6e6963}\Shell\readme\command - "" = notepad readme.txt
O33 - MountPoints2\{745f67fd-cd2f-11de-b7fd-0021708675b8}\Shell - "" = AutoRun
O33 - MountPoints2\{745f67fd-cd2f-11de-b7fd-0021708675b8}\Shell\AutoRun\command - "" = H:\SETUP.EXE -- File not found
O33 - MountPoints2\{745f67fd-cd2f-11de-b7fd-0021708675b8}\Shell\configure\command - "" = H:\SETUP.EXE -- File not found
O33 - MountPoints2\{745f67fd-cd2f-11de-b7fd-0021708675b8}\Shell\install\command - "" = H:\SETUP.EXE -- File not found
O33 - MountPoints2\{c7fc25c1-1237-11df-85ce-0021708675b8}\Shell - "" = AutoRun
O33 - MountPoints2\{c7fc25c1-1237-11df-85ce-0021708675b8}\Shell\AutoRun\command - "" = H:\autorun.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010.04.11 12:26:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Hitman Pro
[2010.04.11 12:26:07 | 000,000,000 | ---D | C] -- C:\Programme\Hitman Pro 3.5
[2010.04.11 12:25:36 | 005,650,240 | ---- | C] (SurfRight B.V.) -- C:\Users\Tobi\Desktop\HitmanPro35.exe
[2010.04.11 01:08:11 | 000,000,000 | ---D | C] -- C:\_OTL
[2010.04.10 23:00:38 | 000,561,664 | ---- | C] (OldTimer Tools) -- C:\Users\Tobi\Desktop\OTL.exe
[2010.04.10 19:21:43 | 000,000,000 | ---D | C] -- C:\Users\Tobi\AppData\Roaming\Avira
[2010.04.10 18:18:03 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys
[2010.04.10 18:18:02 | 000,124,784 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2010.04.10 18:18:02 | 000,051,992 | ---- | C] (AVIRA GmbH) -- C:\Windows\System32\drivers\avgntdd.sys
[2010.04.10 18:18:02 | 000,017,016 | ---- | C] (AVIRA GmbH) -- C:\Windows\System32\drivers\avgntmgr.sys
[2010.04.10 18:18:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2010.04.10 17:51:23 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010.04.10 17:51:20 | 000,020,824 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010.04.10 17:50:39 | 005,918,776 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Tobi\Desktop\mbam-setup-1.45.exe
[2010.04.10 13:53:06 | 000,000,000 | ---D | C] -- C:\Programme\trend micro
[2010.04.10 13:53:06 | 000,000,000 | ---D | C] -- C:\rsit
[2010.04.09 10:52:17 | 000,000,000 | ---D | C] -- C:\Users\Tobi\AppData\Roaming\Malwarebytes
[2010.04.09 10:52:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010.04.09 10:52:04 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2010.04.09 10:51:35 | 000,000,000 | ---D | C] -- C:\Programme\CCleaner
[2010.04.08 21:18:27 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2010.04.08 15:18:52 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2010.03.31 15:17:08 | 000,606,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2010.03.31 15:17:08 | 000,381,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2010.03.31 15:17:08 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2010.03.30 17:30:51 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Skype
[2010.03.26 19:59:10 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\3DO Shared
[2010.03.26 19:59:10 | 000,000,000 | ---D | C] -- C:\Programme\3DO
[2010.03.26 19:58:05 | 000,306,688 | ---- | C] (InstallShield Software Corporation) -- C:\Windows\IsUninst.exe
[2010.03.21 13:11:15 | 000,000,000 | ---D | C] -- C:\Users\Tobi\AppData\Local\Zattoo
[2010.03.21 13:09:44 | 000,000,000 | ---D | C] -- C:\Programme\Zattoo4
[2010.03.17 17:59:03 | 000,000,000 | ---D | C] -- C:\Users\Tobi\AppData\Local\AOL
[2010.03.17 17:58:52 | 000,000,000 | ---D | C] -- C:\Programme\ICQ7.0
[2010.03.13 15:11:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Jlcm
[2010.03.13 15:11:50 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\PPLiveNetwork
[2010.03.12 23:28:46 | 000,000,000 | ---D | C] -- C:\ProgramData\PPLiveVA
[2010.03.12 19:11:33 | 000,000,000 | ---D | C] -- C:\pfsvoddata
[2010.03.12 19:11:32 | 000,000,000 | ---D | C] -- C:\ProgramData\PPLive
[2010.03.12 19:04:55 | 000,000,000 | ---D | C] -- C:\Users\Tobi\AppData\Roaming\PPLive
[2010.03.12 19:04:27 | 000,000,000 | ---D | C] -- C:\Programme\PPLive
[2010.03.12 18:31:23 | 000,000,000 | ---D | C] -- C:\Programme\TVAnts

========== Files - Modified Within 30 Days ==========

[2010.04.11 13:33:05 | 002,097,152 | -HS- | M] () -- C:\Users\Tobi\NTUSER.DAT
[2010.04.11 13:32:41 | 000,823,808 | ---- | M] () -- C:\Windows\System32\drivers\soccx.sys
[2010.04.11 13:24:00 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010.04.11 12:55:07 | 000,013,248 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010.04.11 12:55:07 | 000,013,248 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010.04.11 12:48:29 | 000,015,944 | ---- | M] () -- C:\Windows\System32\drivers\hitmanpro35.sys
[2010.04.11 12:47:55 | 000,001,088 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010.04.11 12:47:51 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010.04.11 12:47:42 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.04.11 12:47:39 | 2411,872,256 | -HS- | M] () -- C:\hiberfil.sys
[2010.04.11 12:47:39 | 114,834,916 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010.04.11 12:45:43 | 001,292,401 | -H-- | M] () -- C:\Users\Tobi\AppData\Local\IconCache.db
[2010.04.11 12:45:19 | 000,000,234 | ---- | M] () -- C:\Windows\System32\.crusader
[2010.04.11 12:26:07 | 000,001,950 | ---- | M] () -- C:\Users\Public\Desktop\Hitman Pro 3.5.lnk
[2010.04.11 12:26:01 | 005,650,240 | ---- | M] (SurfRight B.V.) -- C:\Users\Tobi\Desktop\HitmanPro35.exe
[2010.04.11 12:14:00 | 042,341,360 | ---- | M] () -- C:\Users\Tobi\Desktop\avira_antivir_personal10_de.exe
[2010.04.10 23:00:39 | 000,561,664 | ---- | M] (OldTimer Tools) -- C:\Users\Tobi\Desktop\OTL.exe
[2010.04.10 18:18:24 | 000,002,016 | ---- | M] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk
[2010.04.10 18:16:51 | 000,000,112 | ---- | M] () -- C:\ProgramData\5XAtt3xo2.dat
[2010.04.10 17:51:26 | 000,000,983 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.04.10 17:51:02 | 005,918,776 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Tobi\Desktop\mbam-setup-1.45.exe
[2010.04.10 17:36:53 | 000,781,909 | ---- | M] () -- C:\Users\Tobi\Desktop\RSIT.exe
[2010.04.10 13:54:12 | 000,002,043 | ---- | M] () -- C:\Users\Tobi\Desktop\HijackThis.lnk
[2010.04.10 10:16:38 | 001,472,002 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010.04.10 10:16:38 | 000,643,866 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2010.04.10 10:16:38 | 000,607,190 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010.04.10 10:16:38 | 000,126,394 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2010.04.10 10:16:38 | 000,103,568 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010.04.09 10:51:38 | 000,001,835 | ---- | M] () -- C:\Users\Tobi\Desktop\CCleaner.lnk
[2010.03.30 00:46:30 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010.03.30 00:45:52 | 000,020,824 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010.03.28 21:58:51 | 000,001,153 | ---- | M] () -- C:\Users\Tobi\Desktop\Frozen Throne - Verknüpfung.lnk
[2010.03.26 20:02:08 | 000,001,564 | ---- | M] () -- C:\Users\Public\Desktop\Heroes of Might and Magic III Complete.lnk
[2010.03.24 20:02:46 | 000,014,476 | ---- | M] () -- C:\Users\Tobi\Desktop\OT4749926968902302117398232.pdf
[2010.03.22 17:57:43 | 000,119,506 | ---- | M] () -- C:\Windows\War3Unin.dat
[2010.03.21 13:14:44 | 000,017,408 | ---- | M] () -- C:\Users\Tobi\AppData\Local\WebpageIcons.db
[2010.03.21 13:09:46 | 000,001,818 | ---- | M] () -- C:\Users\Tobi\Desktop\Zattoo.lnk
[2010.03.18 18:00:32 | 003,163,136 | ---- | M] () -- C:\Users\Tobi\Desktop\Elektrotechnik WS 2009.doc
[2010.03.17 23:33:16 | 000,001,792 | ---- | M] () -- C:\Users\Tobi\Desktop\ICQ7.lnk
[2010.03.13 15:31:19 | 000,000,000 | ---- | M] () -- C:\OrbPVR.db
[2010.03.13 15:11:57 | 000,001,250 | ---- | M] () -- C:\Users\Public\Desktop\PPTV Online Video.lnk

========== Files Created - No Company Name ==========

[2010.04.11 12:45:19 | 000,000,234 | ---- | C] () -- C:\Windows\System32\.crusader
[2010.04.11 12:26:22 | 000,015,944 | ---- | C] () -- C:\Windows\System32\drivers\hitmanpro35.sys
[2010.04.11 12:26:07 | 000,001,950 | ---- | C] () -- C:\Users\Public\Desktop\Hitman Pro 3.5.lnk
[2010.04.10 18:18:24 | 000,002,016 | ---- | C] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk
[2010.04.10 18:13:41 | 042,341,360 | ---- | C] () -- C:\Users\Tobi\Desktop\avira_antivir_personal10_de.exe
[2010.04.10 17:51:26 | 000,000,983 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.04.10 15:48:43 | 000,000,112 | ---- | C] () -- C:\ProgramData\5XAtt3xo2.dat
[2010.04.10 13:54:37 | 000,781,909 | ---- | C] () -- C:\Users\Tobi\Desktop\RSIT.exe
[2010.04.10 13:54:12 | 000,002,043 | ---- | C] () -- C:\Users\Tobi\Desktop\HijackThis.lnk
[2010.04.09 12:47:31 | 114,834,916 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2010.04.09 10:51:38 | 000,001,835 | ---- | C] () -- C:\Users\Tobi\Desktop\CCleaner.lnk
[2010.04.06 21:00:15 | 000,823,808 | ---- | C] () -- C:\Windows\System32\drivers\soccx.sys
[2010.03.26 20:02:08 | 000,001,564 | ---- | C] () -- C:\Users\Public\Desktop\Heroes of Might and Magic III Complete.lnk
[2010.03.24 20:02:46 | 000,014,476 | ---- | C] () -- C:\Users\Tobi\Desktop\OT4749926968902302117398232.pdf
[2010.03.21 13:11:15 | 000,017,408 | ---- | C] () -- C:\Users\Tobi\AppData\Local\WebpageIcons.db
[2010.03.21 13:09:46 | 000,001,818 | ---- | C] () -- C:\Users\Tobi\Desktop\Zattoo.lnk
[2010.03.18 18:00:15 | 003,163,136 | ---- | C] () -- C:\Users\Tobi\Desktop\Elektrotechnik WS 2009.doc
[2010.03.17 23:33:16 | 000,001,792 | ---- | C] () -- C:\Users\Tobi\Desktop\ICQ7.lnk
[2010.03.13 15:31:19 | 000,000,000 | ---- | C] () -- C:\OrbPVR.db
[2010.03.13 15:11:57 | 000,001,250 | ---- | C] () -- C:\Users\Public\Desktop\PPTV Online Video.lnk
[2009.12.17 19:26:30 | 000,000,055 | ---- | C] () -- C:\Windows\wininit.ini
[2009.12.10 23:22:10 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2009.12.10 15:20:29 | 000,000,842 | ---- | C] () -- C:\Users\Tobi\.recently-used.xbel
[2009.11.09 15:09:34 | 000,000,125 | -HS- | C] () -- C:\ProgramData\.zreglib
[2009.11.09 14:55:33 | 000,721,904 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys
[2009.11.01 23:38:13 | 000,057,344 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2009.11.01 23:09:50 | 000,011,776 | ---- | C] () -- C:\Users\Tobi\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.11.01 15:28:52 | 000,055,808 | ---- | C] () -- C:\Windows\System32\bcmwlrmt.dll
[2009.11.01 15:10:05 | 002,097,152 | -HS- | C] () -- C:\Users\Tobi\NTUSER.DAT
[2009.11.01 15:10:05 | 000,524,288 | -HS- | C] () -- C:\Users\Tobi\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000002.regtrans-ms
[2009.11.01 15:10:05 | 000,524,288 | -HS- | C] () -- C:\Users\Tobi\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000001.regtrans-ms
[2009.11.01 15:10:05 | 000,262,144 | -HS- | C] () -- C:\Users\Tobi\ntuser.dat.LOG1
[2009.11.01 15:10:05 | 000,065,536 | -HS- | C] () -- C:\Users\Tobi\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TM.blf
[2009.11.01 15:10:05 | 000,000,020 | -HS- | C] () -- C:\Users\Tobi\ntuser.ini
[2009.11.01 15:10:05 | 000,000,000 | -HS- | C] () -- C:\Users\Tobi\ntuser.dat.LOG2
[2009.07.14 01:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2008.12.10 11:11:04 | 000,002,045 | -H-- | C] () -- C:\Windows\System32\whlpda32e.dll
[2001.11.14 14:56:00 | 001,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 72 bytes -> C:\Windows:0529E5670D446312
< End of report >

Extras:
Zitat:
OTL Extras logfile created on: 11.04.2010 13:31:02 - Run 2
OTL by OldTimer - Version 3.2.1.1 Folder = C:\Users\Tobi\Desktop
An unknown product (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 69,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 82,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 123,49 Gb Total Space | 40,88 Gb Free Space | 33,11% Space Free | Partition Type: NTFS
Drive D: | 70,00 Gb Total Space | 11,84 Gb Free Space | 16,92% Space Free | Partition Type: NTFS
Drive E: | 29,25 Gb Total Space | 2,54 Gb Free Space | 8,69% Space Free | Partition Type: NTFS
Drive F: | 10,00 Gb Total Space | 1,73 Gb Free Space | 17,34% Space Free | Partition Type: NTFS
Drive G: | 524,67 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: BAYER04
Current User Name: Tobi
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{03D1988F-469F-4843-8E6E-E5FE9D17889D}" = WIDCOMM Bluetooth Software 6.1.0.4402
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam(TM)
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216015FF}" = Java(TM) 6 Update 15
"{2EAF7E61-068E-11DF-953C-005056806466}" = Google Earth
"{3101CB58-3482-4D21-AF1A-7057FC935355}" = KhalInstallWrapper
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5
"{359cfc0a-beb1-440d-95ba-cf63a86da34f}" = Nero Recode
"{368ba326-73ad-4351-84ed-3c0a7a52cc53}" = Nero Rescue Agent
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{42929F0F-CE14-47AF-9FC7-FF297A603021}" = Dell Resource CD
"{43e39830-1826-415d-8bae-86845787b54b}" = Nero Vision
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{595a3116-40bb-4e0f-a2e8-d7951da56270}" = NeroExpress
"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.54.05
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{62ac81f6-bdd3-4110-9d36-3e9eaab40999}" = Nero CoverDesigner
"{669C7BD8-DAA2-49B6-966C-F1E2AAE6B17E}" = Cisco PEAP Module
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6CDC748B-47B0-45EB-B740-681E8429F7F9}" = Opera 10.01
"{6D3963B0-E13B-4FC3-B0FF-506A304BB043}" = Cisco EAP-FAST Module
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7748ac8c-18e3-43bb-959b-088faea16fb2}" = Nero StartSmart
"{7829db6f-a066-4e40-8912-cb07887c20bb}" = Nero BurnRights
"{83770D14-21B9-44B3-8689-F7B523F94560}" = Cisco LEAP Module
"{88EB38EF-4D2C-436D-ABD3-56B232674062}" = ICQ7
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{2AB528A5-BB1B-4EBE-8E51-AD0C4CD33CA9}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{3EC77D26-799B-4CD8-914F-C1565E796173}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{430971B1-C31E-45DA-81E0-72C095BAB72C}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{58FC5E37-DD28-4D4A-A549-125744C6763C}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{BEE75E01-DD3F-4D5F-B96C-609E6538D419}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{888B9AC7-8F5C-456B-A27A-157A6C310E52}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9AF0B106-56F1-461B-A270-95BC1682E282}" = Broadcom Gigabit NetLink Controller
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
"{a209525b-3377-43f4-b886-32f6b6e7356f}" = Nero WaveEditor
"{A498D9EB-927B-459B-85D6-DD6EF8C2C564}" = erLT
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AC76BA86-7AD7-1031-7B44-A93000000001}" = Adobe Reader 9.3 - Deutsch
"{b1adf008-e898-4fe2-8a1f-690d9a06acaf}" = DolbyFiles
"{b2ec4a38-b545-4a00-8214-13fe0e915e6d}" = Advertising Center
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Plus Web Player
"{b78120a0-cf84-4366-a393-4d0a59bc546c}" = Menu Templates - Starter Kit
"{bd5ca0da-71ad-43da-b19e-6eee0c9adc9a}" = Nero ControlCenter
"{C4972073-2BFE-475D-8441-564EA97DA161}" = QuickSet
"{c5a7cb6c-e76d-408f-ba0e-85605420fe9d}" = SoundTrax
"{d025a639-b9c9-417d-8531-208859000af8}" = NeroBurningROM
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D45EC259-4A19-4656-B588-C2C360DD18EA}" = Half-Life(R) 2
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{e498385e-1c51-459a-b45f-1721e37aa1a0}" = Movie Templates - Starter Kit
"{e8a80433-302b-4ff1-815d-fcc8eac482ff}" = Nero Installer
"{EF36A836-BF89-4A4F-B079-057B0C68C1E0}" = Sid Meier's Civilization IV Colonization
"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
"{FCED9B62-34FF-4C15-8A23-F65221F7874D}" = ITECIR Driver
"{fde130ac-53d8-44bb-bbab-ede73108e1f2}" = Nero 9 Trial
"1A5A977E511ED61600002E176F048ED6FCBD8560" = Windows-Treiberpaket - ITE Tech.Inc. (itecir) HIDClass (12/18/2007 5.0.0004.6)
"AC3Filter" = AC3Filter (remove only)
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Broadcom 802.11b Network Adapter" = Dienstprogramm für Dell Wireless WLAN Karte
"CCleaner" = CCleaner
"Creative OA001" = Integrated Webcam Driver (1.02.02.0603)
"ENTERPRISE" = Microsoft Office Enterprise 2007
"EPSON Scanner" = EPSON Scan
"ffdshow_is1" = ffdshow [rev 2527] [2008-12-19]
"Garena" = Garena
"GEN_LYRICS_IE.DLL" = Winamp Lyrics (Explorer Version) v1.22
"GTR Evolution_1.1.1.2_is1" = GTR Evolution
"Heroes of Might and Magic® III" = Heroes of Might and Magic® III Complete
"HijackThis" = HijackThis 2.0.2
"HitmanPro35" = Hitman Pro 3.5
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
"Mozilla Thunderbird (2.0.0.24)" = Mozilla Thunderbird (2.0.0.24)
"Orb" = Winamp Remote
"PokerStars" = PokerStars
"PPLive" = PPTV V2.4.1.0014
"SopCast" = SopCast 3.2.4
"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2
"Tournament Manager Pro V.3_is1" = Tournament Manager Pro V.3.1.0
"TVAnts 1.0" = TVAnts 1.0
"TVUPlayer" = TVUPlayer 2.5.2.2
"USB STEERING WHEEL" = USB STEERING WHEEL
"VLC media player" = VLC media player 1.0.3
"Warcraft III" = Warcraft III
"Winamp" = Winamp
"WinRAR archiver" = WinRAR
"Zattoo4" = Zattoo4 4.0.4

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"309a46b1dc89b774" = Dell Driver Download Manager
"Octoshape Streaming Services" = Octoshape Streaming Services
"Warcraft III" = Warcraft III: All Products

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >

Alt 11.04.2010, 13:47   #10
StLB
/// Helfer-Team
 
TR/Crypt.ZPACK.Gen in C:\Windows\Temp\rmwc.tmp\svchost.exe - Standard

TR/Crypt.ZPACK.Gen in C:\Windows\Temp\rmwc.tmp\svchost.exe


(erlaubnis von Larusso)
Lade ComboFix von einem der unten aufgeführten Links herunter. Du musst diese umbenennen, bevor Du es auf den Desktop speicherst. Speichere ComboFix auf deinen Desktop.**NB: Es ist wichtig, das ComboFix.exe auf dem Desktop gespeichert wird**



  • Deaktivere Deine Anti-Virus- und Anti-Spyware-Programme. Normalerweise kannst Du dies über einen Rechtsklick auf das Systemtray-Icon tun. Die Programme könnten sonst eventuell unsere Programme bei deren Arbeit stören.
  • Doppel-klicke auf ComboFix.exe und folge den Aufforderungen.
    • Wenn ComboFix fertig ist, wird es ein Log für dich erstellen.
    • Bitte poste mir den Inhalt von C:\ComboFix.txt hier in den Thread.
__________________
Gruß, Julian

Kein Support per PM!
Spendemöglichkeit: Make a Donation

Alt 11.04.2010, 17:30   #11
Dev
 
TR/Crypt.ZPACK.Gen in C:\Windows\Temp\rmwc.tmp\svchost.exe - Standard

TR/Crypt.ZPACK.Gen in C:\Windows\Temp\rmwc.tmp\svchost.exe


So hier der Combo-Fix Log


Zitat:
ComboFix 10-04-10.02 - Tobi 11.04.2010 18:16:57.1.2 - x86
Microsoft Windows 7 Professional 6.1.7600.0.1252.49.1031.18.3067.2209 [GMT 2:00]
ausgeführt von:: c:\users\Tobi\Desktop\Combo-Fix.exe
* Neuer Wiederherstellungspunkt wurde erstellt
.
ADS - Windows: deleted 72 bytes in 1 streams.

((((((((((((((((((((((( Dateien erstellt von 2010-03-11 bis 2010-04-11 ))))))))))))))))))))))))))))))
.

2010-04-11 10:26 . 2010-04-11 16:15 15944 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2010-04-11 10:26 . 2010-04-11 10:45 -------- d-----w- c:\programdata\Hitman Pro
2010-04-11 10:26 . 2010-04-11 10:26 -------- d-----w- c:\program files\Hitman Pro 3.5
2010-04-10 23:08 . 2010-04-10 23:08 -------- d-----w- C:\_OTL
2010-04-10 17:21 . 2010-04-10 17:21 -------- d-----w- c:\users\Tobi\AppData\Roaming\Avira
2010-04-10 16:18 . 2010-04-10 16:18 -------- d-----w- c:\programdata\Avira
2010-04-10 16:18 . 2010-03-01 07:05 124784 ----a-w- c:\windows\system32\drivers\avipbb.sys
2010-04-10 16:18 . 2009-05-11 09:49 51992 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2010-04-10 16:18 . 2009-05-11 09:49 17016 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2010-04-10 15:51 . 2010-03-29 22:46 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-10 15:51 . 2010-03-29 22:45 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-10 11:53 . 2010-04-10 11:54 -------- d-----w- c:\program files\trend micro
2010-04-10 11:53 . 2010-04-10 11:53 -------- d-----w- C:\rsit
2010-04-09 08:52 . 2010-04-09 08:52 -------- d-----w- c:\users\Tobi\AppData\Roaming\Malwarebytes
2010-04-09 08:52 . 2010-04-09 08:52 -------- d-----w- c:\programdata\Malwarebytes
2010-04-09 08:52 . 2010-04-10 15:51 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-04-09 08:51 . 2010-04-09 08:51 -------- d-----w- c:\program files\CCleaner
2010-03-31 13:17 . 2010-02-23 07:56 977920 ----a-w- c:\windows\system32\wininet.dll
2010-03-30 15:30 . 2010-03-30 15:30 -------- d-----w- c:\program files\Common Files\Skype
2010-03-26 17:59 . 2010-03-26 18:02 -------- d-----w- c:\program files\Common Files\3DO Shared
2010-03-26 17:59 . 2010-03-26 18:02 -------- d-----w- c:\program files\3DO
2010-03-26 17:58 . 1998-10-29 15:45 306688 ----a-w- c:\windows\IsUninst.exe
2010-03-23 18:42 . 2010-03-22 09:25 780288 ----a-w- c:\users\Tobi\AppData\Roaming\Octoshape\Octoshape Streaming Services\pmv306a-1003220-0-libOctoshapeClient.dll
2010-03-21 11:11 . 2010-03-21 11:11 -------- d-----w- c:\users\Tobi\AppData\Local\Zattoo
2010-03-21 11:09 . 2010-03-21 11:09 -------- d-----w- c:\program files\Zattoo4
2010-03-17 15:59 . 2010-03-17 15:59 -------- d-----w- c:\users\Tobi\AppData\Local\AOL
2010-03-17 15:58 . 2010-04-03 11:21 -------- d-----w- c:\program files\ICQ7.0
2010-03-13 13:11 . 2010-03-13 13:11 -------- d-----w- c:\programdata\Jlcm
2010-03-13 13:11 . 2010-03-13 13:11 -------- d-----w- c:\program files\Common Files\PPLiveNetwork
2010-03-12 21:29 . 2010-03-12 21:30 12204184 ----a-w- c:\programdata\PPLive\cache\ppva\pptvsetup_2.4.1.0014_s2_hasppva.exe
2010-03-12 21:28 . 2010-03-16 12:48 -------- d-----w- c:\programdata\PPLiveVA
2010-03-12 17:19 . 2010-03-12 17:20 468480 ----a-w- c:\programdata\PPLive\test_vod1.dll
2010-03-12 17:13 . 2010-03-12 21:30 12204184 ----a-w- c:\users\Tobi\AppData\Roaming\PPLive\Update\Update.exe
2010-03-12 17:11 . 2010-03-12 17:11 -------- d-----w- C:\pfsvoddata
2010-03-12 17:11 . 2010-03-16 15:40 -------- d-----w- c:\programdata\PPLive
2010-03-12 17:04 . 2010-03-16 12:48 -------- d-----w- c:\users\Tobi\AppData\Roaming\PPLive
2010-03-12 17:04 . 2010-03-16 12:48 -------- d-----w- c:\program files\PPLive
2010-03-12 16:31 . 2010-03-12 16:32 -------- d-----w- c:\program files\TVAnts

.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-11 16:13 . 2009-11-01 15:07 -------- d-----w- c:\users\Tobi\AppData\Roaming\Skype
2010-04-11 16:06 . 2009-11-01 15:08 -------- d-----w- c:\users\Tobi\AppData\Roaming\skypePM
2010-04-11 11:38 . 2009-11-18 18:34 -------- d-----w- c:\users\Tobi\AppData\Roaming\ICQ
2010-04-10 16:20 . 2009-11-01 13:24 -------- d-----w- c:\program files\DellTPad
2010-04-10 16:16 . 2010-04-10 13:48 112 ----a-w- c:\programdata\5XAtt3xo2.dat
2010-04-10 08:16 . 2009-07-14 08:47 643866 ----a-w- c:\windows\system32\perfh007.dat
2010-04-10 08:16 . 2009-07-14 08:47 126394 ----a-w- c:\windows\system32\perfc007.dat
2010-04-08 13:20 . 2009-11-01 14:04 -------- d-----w- c:\program files\Winamp Remote
2010-03-26 17:20 . 2009-11-10 18:38 -------- d-----w- c:\program files\Garena
2010-03-22 15:57 . 2009-11-01 15:39 119506 ----a-w- c:\windows\War3Unin.dat
2010-03-18 11:09 . 2009-11-01 13:59 -------- d-----w- c:\program files\Mozilla Thunderbird
2010-03-17 15:59 . 2009-11-01 13:15 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-02-27 21:54 . 2009-11-01 21:03 -------- d-----w- c:\users\Tobi\AppData\Roaming\vlc
2010-02-26 19:33 . 2010-02-26 19:33 -------- d-----w- c:\programdata\TVU Networks
2010-02-26 19:33 . 2010-02-26 19:32 -------- d-----w- c:\program files\TVUPlayer
2010-02-26 19:30 . 2010-02-26 19:29 4519389 ----a-w- c:\users\Tobi\AppData\Roaming\TVU Networks\AutoUpgrade\TVUPlayer2.5.2.2.exe
2010-02-26 19:29 . 2010-02-26 19:29 -------- d-----w- c:\users\Tobi\AppData\Roaming\TVU Networks
2010-02-26 06:06 . 2010-02-26 06:06 2626360 ----a-w- c:\users\Tobi\AppData\Roaming\Mozilla\Firefox\Profiles\ker0n89o.default\extensions\firefox@tvunetworks.com\plugins\npTVUAx.dll
2010-02-24 09:16 . 2009-11-01 13:37 181632 ------w- c:\windows\system32\MpSigStub.exe
2010-02-16 11:24 . 2009-11-10 17:22 60936 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-02-11 12:09 . 2010-02-11 12:08 -------- d-----w- c:\program files\Google
2010-02-11 09:59 . 2010-02-11 09:58 -------- d-----w- c:\program files\DivX
2010-02-11 09:58 . 2010-02-11 09:58 -------- d-----w- c:\program files\Common Files\DivX Shared
2010-02-11 07:10 . 2010-03-06 22:23 293376 ----a-w- c:\windows\system32\browserchoice.exe
2010-02-08 21:31 . 2009-11-03 19:35 71960 ----a-w- c:\users\Tobi\AppData\Roaming\Mozilla\Plugins\npoctoshape.dll
2010-02-05 12:38 . 2010-02-05 12:38 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2010-02-02 07:45 . 2010-02-24 09:54 2048 ----a-w- c:\windows\system32\tzres.dll
2010-02-01 12:24 . 2010-02-08 15:25 71960 ----a-w- c:\users\Tobi\AppData\Roaming\Octoshape\Octoshape Streaming Services\sua-1002010-0-npoctoshape.dll
2010-02-01 12:24 . 2010-02-08 15:25 417280 ----a-w- c:\users\Tobi\AppData\Roaming\Octoshape\Octoshape Streaming Services\sua-1002010-0-libOctoshapeClient.dll
2010-02-01 12:24 . 2010-02-08 15:25 124184 ----a-w- c:\users\Tobi\AppData\Roaming\Octoshape\Octoshape Streaming Services\sua-1002010-0-apoctoshape.dll
2010-01-18 23:29 . 2010-02-10 10:21 85504 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
2010-01-18 23:29 . 2010-02-10 10:21 85504 ----a-w- c:\windows\system32\secproc_ssp.dll
2010-01-18 23:29 . 2010-02-10 10:21 365568 ----a-w- c:\windows\system32\secproc_isv.dll
2010-01-18 23:29 . 2010-02-10 10:21 369152 ----a-w- c:\windows\system32\secproc.dll
2010-01-18 23:28 . 2010-02-10 10:21 324608 ----a-w- c:\windows\system32\RMActivate_isv.exe
2010-01-18 23:28 . 2010-02-10 10:21 277504 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
2010-01-18 23:28 . 2010-02-10 10:21 320512 ----a-w- c:\windows\system32\RMActivate.exe
2010-01-18 23:28 . 2010-02-10 10:21 280064 ----a-w- c:\windows\system32\RMActivate_ssp.exe
2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sha-r- c:\windows\Fonts\StaticCache.dat
2009-07-14 01:14 . 2009-07-13 23:42 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe
.
Code:
ATTFilter
<pre>
c:\program files\Adobe\Reader 9.0\Reader\Reader_sl .exe
c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM .exe
c:\program files\DellTPad\Apoint .exe
c:\program files\IDT\WDM\sttray .exe
c:\program files\Java\jre6\bin\jusched .exe
c:\program files\Malwarebytes' Anti-Malware\mbam .exe
</pre>
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-03-09 26100520]
"Octoshape Streaming Services"="c:\users\Tobi\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe" [2009-01-08 70936]
"AlSrvN"="c:\users\Tobi\Desktop\Alcohol 120% v.1.9.8.7612 Retail\patch\Plugins\Helper\AlSrvN.exe" [N/A]
"Steam"="c:\spiele\Steam\\Steam.exe" [2010-02-22 1217872]
"PPAP"="c:\program files\Common Files\PPLiveNetwork\PPAP.exe" [2010-02-04 173512]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2008-06-02 3563520]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [N/A]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 55824]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-03-02 282792]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"="c:\windows\system32\Macromed\Flash\FlashUtil10a.exe" [2008-10-05 235936]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-6-5 752168]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2009-11-1 813584]
QuickSet.lnk - c:\program files\Dell\QuickSet\quickset.exe [2008-7-9 1616976]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2009-07-20 11:28 72208 ----a-w- c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer4"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

R0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2009-11-09 721904]
R0 taslt;taslt;c:\windows\System32\drivers\yyxxb.sys [x]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-11 135664]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2008-01-29 29736]
R3 GarenaPEngine;GarenaPEngine;c:\users\Tobi\AppData\Local\Temp\RZNF628.tmp [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_c8e33401effad09d\aestsrv.exe [2008-02-28 73728]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-08-18 176128]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2010-02-24 135336]
S3 itecir;ITECIR Infrared Receiver;c:\windows\system32\DRIVERS\itecir.sys [2007-12-18 54784]
S3 k57nd60x;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60x.sys [2008-01-29 203264]
S3 OA001Ufd;Creative Camera OA001 Upper Filter Driver;c:\windows\system32\DRIVERS\OA001Ufd.sys [2008-06-03 144672]
S3 OA001Vid;Creative Camera OA001 Function Driver;c:\windows\system32\DRIVERS\OA001Vid.sys [2008-05-13 277504]


--- Andere Dienste/Treiber im Speicher ---

*Deregistered* - hitmanpro35
*Deregistered* - soccx
.
Inhalt des "geplante Tasks" Ordners

2010-04-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-11 12:08]

2010-04-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-11 12:08]
.
.
------- Zusätzlicher Suchlauf -------
.
uInternet Settings,ProxyOverride = *.local
IE: Bild an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
IE: Seite an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {{88EB38EF-4D2C-436D-ABD3-56B232674062} - c:\program files\ICQ7.0\ICQ.exe
FF - ProfilePath - c:\users\Tobi\AppData\Roaming\Mozilla\Firefox\Profiles\ker0n89o.default\
FF - prefs.js: browser.startup.homepage - www.t-online.de
FF - component: c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\components\SkypeFfComponent.dll
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\users\Tobi\AppData\Roaming\Mozilla\Firefox\Profiles\ker0n89o.default\extensions\firefox@tvunetworks.com\plugins\npTVUAx.dll
FF - plugin: c:\users\Tobi\AppData\Roaming\Mozilla\Firefox\Profiles\ker0n89o.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp071303000004.dll
FF - plugin: c:\users\Tobi\AppData\Roaming\Mozilla\plugins\npoctoshape.dll

---- FIREFOX Richtlinien ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "hxxp://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, hxxp://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x86B37AC8]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
IoDeviceObjectType -> DumpProcedure -> 0xd46a624f
SecurityProcedure -> 0x859c9e88
QueryNameProcedure -> 0x859c9018
user & kernel MBR OK

**************************************************************************

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\GarenaPEngine]
"ImagePath"="\??\c:\users\Tobi\AppData\Local\Temp\RZNF628.tmp"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\soccx]

.
--------------------- Gesperrte Registrierungsschluessel ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------

- - - - - - - > 'Explorer.exe'(3248)
c:\program files\Logitech\SetPoint\GameHook.dll
c:\program files\Logitech\SetPoint\lgscroll.dll
c:\windows\system32\btmmhook.dll
c:\windows\system32\btncopy.dll
.
Zeit der Fertigstellung: 2010-04-11 18:29:02
ComboFix-quarantined-files.txt 2010-04-11 16:29

Vor Suchlauf: 23 Verzeichnis(se), 43.682.238.464 Bytes frei
Nach Suchlauf: 29 Verzeichnis(se), 43.358.883.840 Bytes frei

- - End Of File - - A50D461611B2CDC3632F900E328BED07

Alt 11.04.2010, 18:14   #12
Larusso
/// Selecta Jahrusso
 
TR/Crypt.ZPACK.Gen in C:\Windows\Temp\rmwc.tmp\svchost.exe - Standard

TR/Crypt.ZPACK.Gen in C:\Windows\Temp\rmwc.tmp\svchost.exe


Hy, hier muss ich mal einschreiten

schritt 1

Downloade Dir bitte defogger von jpshortstuff auf Deinem Desktop.
  • Starte das Tool mit Doppelklick.
    Vista User: Bitte mit Rechtsklick "als Administrator starten".
  • Klicke nun auf den Disable Button um die Treiber gewisser Emulatoren zu deaktivieren.
  • Wenn der Scan beendet wurde ( Finished ), klicke auf OK.
  • Defogger fordert nun zum Neustart auf. Bestätige dies mit OK.
  • DeFogger erstellt nun ein Logfile auf dem Desktop (defogger_disable).
Poste bitte den Inhalt der Logfile in Deiner nächsten Antwort.


schritt 2

Vorbereitung

Lösche die vorhandene Version von Combofix und lade das Programm von einem der folgenden Download-Spiegel neu herunter:
BleepingComputer.com - ForoSpyware.com
und speichere es auf dem Desktop (nicht woanders hin, das ist wichtig)!
Wenn Du ComboFix bereits vorher auf dem Rechner hattest, lösche die alte Version, da ComboFix laufend aktualisiert wird.
  • Denke daran, während des Laufs von Combofix Dein Antiviren-Programm temporär abzustellen.
    Danach wieder anstellen nicht vergessen!
  • Wichtig: Bewege nicht die Maus über das ComboFix-Fenster oder klicke in dieses hinein.
    Dies kann dazu führen, dass ComboFix sich aufhängt.
Anwendung
  1. Öffne notepad (Start => Ausführen => notepad (reinschreiben) => ok) oder einen Editor Deiner Wahl und kopiere alles aus der nachfolgenden Codebox in ein leeres Dokument:
    Code:
    ATTFilter
    KillAll::

RenV::
c:\program files\Adobe\Reader 9.0\Reader\Reader_sl .exe
c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM .exe
c:\program files\DellTPad\Apoint .exe
c:\program files\IDT\WDM\sttray .exe
c:\program files\Java\jre6\bin\jusched .exe
c:\program files\Malwarebytes' Anti-Malware\mbam .exe

Driver::
taslt
soccx

Rootkit::
C:\Windows\System32\drivers\soccx.sys
  2. Speichere dies als CFScript.txt auf Deinem Desktop
    .

    .
  3. In Bezug auf obiges Bild, ziehe CFScript.txt in die ComboFix.exe
  4. Wenn ComboFix fertig ist, wird es ein Log erstellen, C:\ComboFix.txt. Bitte füge es hier als Antwort ein.
Hinweis für Mitleser: Obiges Combofix-Script ist ausschließlich für diesen User in dieser Situtation erstellt worden.
Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen!

Falls im Skript die Anweisung Suspect:: oder Collect:: enthalten ist, wird eine Message-Box erscheinen, nachdem Combofix fertig ist. Klicke OK und folge den Aufforderungen/Anweisungen, um die Dateien hochzuladen.


schritt 3

Lass bitte GMER erneut laufen.


schritt 4

CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Starte bitte die OTL.exe.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Kopiere nun den Inhalt in die Textbox.
Code:
ATTFilter
netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
nvrd32.sys
symmpi.sys
adp3132.sys
mv61xx.sys
/md5stop
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
  • Schliesse bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Quick Scan Button.
  • Klick auf .
  • Kopiere nun den Inhalt aus OTL.txt und Extra.txt hier in Deinen Thread


Bitte poste in Deiner nächsten Antwort
Defogger_disable.txt
Combofix.txt
Gmer.txt
OTL.txt
__________________
mfg, Daniel

ASAP & UNITE Member
Alliance of Security Analysis Professionals
Unified Network of Instructors and Trusted Eliminators

Lerne, zurück zu schlagen und unterstütze uns!
TB Akademie
Alt 11.04.2010, 20:06   #13
Dev
 
TR/Crypt.ZPACK.Gen in C:\Windows\Temp\rmwc.tmp\svchost.exe - Standard

TR/Crypt.ZPACK.Gen in C:\Windows\Temp\rmwc.tmp\svchost.exe


defogger_disable:
Zitat:
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 19:18 on 11/04/2010 (Tobi)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...
Unable to read soccx.sys
Unable to read sptd.sys
SPTD -> Disabled (Service running -> reboot required)


-=E.O.F=-
Combofix:
Zitat:
ComboFix 10-04-10.02 - Tobi 11.04.2010 19:56:19.3.2 - x86
Microsoft Windows 7 Professional 6.1.7600.0.1252.49.1031.18.3067.2119 [GMT 2:00]
ausgeführt von:: c:\users\Tobi\Desktop\Combo-Fix.exe
Benutzte Befehlsschalter :: c:\users\Tobi\Desktop\CFScript.txt.txt
* Neuer Wiederherstellungspunkt wurde erstellt
.

(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.

.
((((((((((((((((((((((((((((((((((((((( Treiber/Dienste )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_SOCCX
-------\Service_soccx
-------\Service_taslt


((((((((((((((((((((((( Dateien erstellt von 2010-03-11 bis 2010-04-11 ))))))))))))))))))))))))))))))
.

2010-04-11 18:03 . 2010-04-11 18:03 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-04-11 18:03 . 2010-04-11 18:03 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-04-11 16:26 . 2010-04-11 18:21 -------- d-----w- c:\users\Tobi\AppData\Local\temp
2010-04-11 10:26 . 2010-04-11 17:21 15944 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2010-04-11 10:26 . 2010-04-11 10:45 -------- d-----w- c:\programdata\Hitman Pro
2010-04-11 10:26 . 2010-04-11 10:26 -------- d-----w- c:\program files\Hitman Pro 3.5
2010-04-10 23:08 . 2010-04-10 23:08 -------- d-----w- C:\_OTL
2010-04-10 17:21 . 2010-04-10 17:21 -------- d-----w- c:\users\Tobi\AppData\Roaming\Avira
2010-04-10 16:18 . 2010-04-10 16:18 -------- d-----w- c:\programdata\Avira
2010-04-10 16:18 . 2010-03-01 07:05 124784 ----a-w- c:\windows\system32\drivers\avipbb.sys
2010-04-10 16:18 . 2009-05-11 09:49 51992 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2010-04-10 16:18 . 2009-05-11 09:49 17016 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2010-04-10 15:51 . 2010-03-29 22:46 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-10 15:51 . 2010-03-29 22:45 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-10 11:53 . 2010-04-10 11:54 -------- d-----w- c:\program files\trend micro
2010-04-10 11:53 . 2010-04-10 11:53 -------- d-----w- C:\rsit
2010-04-09 08:52 . 2010-04-09 08:52 -------- d-----w- c:\users\Tobi\AppData\Roaming\Malwarebytes
2010-04-09 08:52 . 2010-04-09 08:52 -------- d-----w- c:\programdata\Malwarebytes
2010-04-09 08:52 . 2010-04-11 17:55 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-04-09 08:51 . 2010-04-09 08:51 -------- d-----w- c:\program files\CCleaner
2010-04-06 19:00 . 2010-04-11 18:03 823808 ----a-w- c:\windows\system32\drivers\soccx.sys
2010-03-31 13:17 . 2010-02-23 07:56 977920 ----a-w- c:\windows\system32\wininet.dll
2010-03-30 15:30 . 2010-03-30 15:30 -------- d-----w- c:\program files\Common Files\Skype
2010-03-26 17:59 . 2010-03-26 18:02 -------- d-----w- c:\program files\Common Files\3DO Shared
2010-03-26 17:59 . 2010-03-26 18:02 -------- d-----w- c:\program files\3DO
2010-03-26 17:58 . 1998-10-29 15:45 306688 ----a-w- c:\windows\IsUninst.exe
2010-03-23 18:42 . 2010-03-22 09:25 780288 ----a-w- c:\users\Tobi\AppData\Roaming\Octoshape\Octoshape Streaming Services\pmv306a-1003220-0-libOctoshapeClient.dll
2010-03-21 11:11 . 2010-03-21 11:11 -------- d-----w- c:\users\Tobi\AppData\Local\Zattoo
2010-03-21 11:09 . 2010-03-21 11:09 -------- d-----w- c:\program files\Zattoo4
2010-03-17 15:59 . 2010-03-17 15:59 -------- d-----w- c:\users\Tobi\AppData\Local\AOL
2010-03-17 15:58 . 2010-04-03 11:21 -------- d-----w- c:\program files\ICQ7.0
2010-03-13 13:11 . 2010-03-13 13:11 -------- d-----w- c:\programdata\Jlcm
2010-03-13 13:11 . 2010-03-13 13:11 -------- d-----w- c:\program files\Common Files\PPLiveNetwork
2010-03-12 21:29 . 2010-03-12 21:30 12204184 ----a-w- c:\programdata\PPLive\cache\ppva\pptvsetup_2.4.1.0014_s2_hasppva.exe
2010-03-12 21:28 . 2010-03-16 12:48 -------- d-----w- c:\programdata\PPLiveVA

.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-11 18:21 . 2009-11-01 15:07 -------- d-----w- c:\users\Tobi\AppData\Roaming\Skype
2010-04-11 17:55 . 2009-11-01 13:24 -------- d-----w- c:\program files\DellTPad
2010-04-11 17:19 . 2009-11-18 18:34 -------- d-----w- c:\users\Tobi\AppData\Roaming\ICQ
2010-04-11 16:06 . 2009-11-01 15:08 -------- d-----w- c:\users\Tobi\AppData\Roaming\skypePM
2010-04-10 16:16 . 2010-04-10 13:48 112 ----a-w- c:\programdata\5XAtt3xo2.dat
2010-04-10 08:16 . 2009-07-14 08:47 643866 ----a-w- c:\windows\system32\perfh007.dat
2010-04-10 08:16 . 2009-07-14 08:47 126394 ----a-w- c:\windows\system32\perfc007.dat
2010-04-08 13:20 . 2009-11-01 14:04 -------- d-----w- c:\program files\Winamp Remote
2010-03-26 17:20 . 2009-11-10 18:38 -------- d-----w- c:\program files\Garena
2010-03-22 15:57 . 2009-11-01 15:39 119506 ----a-w- c:\windows\War3Unin.dat
2010-03-18 11:09 . 2009-11-01 13:59 -------- d-----w- c:\program files\Mozilla Thunderbird
2010-03-17 15:59 . 2009-11-01 13:15 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-03-16 15:40 . 2010-03-12 17:11 -------- d-----w- c:\programdata\PPLive
2010-03-16 12:48 . 2010-03-12 17:04 -------- d-----w- c:\users\Tobi\AppData\Roaming\PPLive
2010-03-16 12:48 . 2010-03-12 17:04 -------- d-----w- c:\program files\PPLive
2010-03-12 21:30 . 2010-03-12 17:13 12204184 ----a-w- c:\users\Tobi\AppData\Roaming\PPLive\Update\Update.exe
2010-03-12 17:20 . 2010-03-12 17:19 468480 ----a-w- c:\programdata\PPLive\test_vod1.dll
2010-03-12 16:32 . 2010-03-12 16:31 -------- d-----w- c:\program files\TVAnts
2010-02-27 21:54 . 2009-11-01 21:03 -------- d-----w- c:\users\Tobi\AppData\Roaming\vlc
2010-02-26 19:33 . 2010-02-26 19:33 -------- d-----w- c:\programdata\TVU Networks
2010-02-26 19:33 . 2010-02-26 19:32 -------- d-----w- c:\program files\TVUPlayer
2010-02-26 19:30 . 2010-02-26 19:29 4519389 ----a-w- c:\users\Tobi\AppData\Roaming\TVU Networks\AutoUpgrade\TVUPlayer2.5.2.2.exe
2010-02-26 19:29 . 2010-02-26 19:29 -------- d-----w- c:\users\Tobi\AppData\Roaming\TVU Networks
2010-02-26 06:06 . 2010-02-26 06:06 2626360 ----a-w- c:\users\Tobi\AppData\Roaming\Mozilla\Firefox\Profiles\ker0n89o.default\extensions\firefox@tvunetworks.com\plugins\npTVUAx.dll
2010-02-24 09:16 . 2009-11-01 13:37 181632 ------w- c:\windows\system32\MpSigStub.exe
2010-02-16 11:24 . 2009-11-10 17:22 60936 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-02-11 12:09 . 2010-02-11 12:08 -------- d-----w- c:\program files\Google
2010-02-11 09:59 . 2010-02-11 09:58 -------- d-----w- c:\program files\DivX
2010-02-11 09:58 . 2010-02-11 09:58 -------- d-----w- c:\program files\Common Files\DivX Shared
2010-02-11 07:10 . 2010-03-06 22:23 293376 ----a-w- c:\windows\system32\browserchoice.exe
2010-02-08 21:31 . 2009-11-03 19:35 71960 ----a-w- c:\users\Tobi\AppData\Roaming\Mozilla\Plugins\npoctoshape.dll
2010-02-05 12:38 . 2010-02-05 12:38 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2010-02-02 07:45 . 2010-02-24 09:54 2048 ----a-w- c:\windows\system32\tzres.dll
2010-02-01 12:24 . 2010-02-08 15:25 71960 ----a-w- c:\users\Tobi\AppData\Roaming\Octoshape\Octoshape Streaming Services\sua-1002010-0-npoctoshape.dll
2010-02-01 12:24 . 2010-02-08 15:25 417280 ----a-w- c:\users\Tobi\AppData\Roaming\Octoshape\Octoshape Streaming Services\sua-1002010-0-libOctoshapeClient.dll
2010-02-01 12:24 . 2010-02-08 15:25 124184 ----a-w- c:\users\Tobi\AppData\Roaming\Octoshape\Octoshape Streaming Services\sua-1002010-0-apoctoshape.dll
2010-01-18 23:29 . 2010-02-10 10:21 85504 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
2010-01-18 23:29 . 2010-02-10 10:21 85504 ----a-w- c:\windows\system32\secproc_ssp.dll
2010-01-18 23:29 . 2010-02-10 10:21 365568 ----a-w- c:\windows\system32\secproc_isv.dll
2010-01-18 23:29 . 2010-02-10 10:21 369152 ----a-w- c:\windows\system32\secproc.dll
2010-01-18 23:28 . 2010-02-10 10:21 324608 ----a-w- c:\windows\system32\RMActivate_isv.exe
2010-01-18 23:28 . 2010-02-10 10:21 277504 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
2010-01-18 23:28 . 2010-02-10 10:21 320512 ----a-w- c:\windows\system32\RMActivate.exe
2010-01-18 23:28 . 2010-02-10 10:21 280064 ----a-w- c:\windows\system32\RMActivate_ssp.exe
2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sha-r- c:\windows\Fonts\StaticCache.dat
2009-07-14 01:14 . 2009-07-13 23:42 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe
.

((((((((((((((((((((((((((((( SnapShot@2010-04-11_16.26.28 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-11-01 13:44 . 2010-04-11 17:22 42802 c:\windows\System32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 04:55 . 2010-04-11 18:22 46952 c:\windows\System32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2009-11-01 13:06 . 2010-04-11 18:04 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-11-01 13:06 . 2010-04-11 16:14 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:41 . 2010-04-11 16:14 49152 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:41 . 2010-04-11 18:04 49152 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-11-01 13:11 . 2010-04-11 18:07 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-11-01 13:11 . 2010-04-11 16:17 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-11-01 13:11 . 2010-04-11 16:17 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-11-01 13:11 . 2010-04-11 18:07 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-11-01 13:11 . 2010-04-11 16:17 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-11-01 13:11 . 2010-04-11 18:07 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-11-01 13:20 . 2010-04-11 18:04 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-11-01 13:20 . 2010-04-11 16:14 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-11-03 18:04 . 2010-04-11 16:13 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Temp\Temporary Internet Files\Content.IE5\index.dat
+ 2009-11-03 18:04 . 2010-04-11 18:03 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Temp\Temporary Internet Files\Content.IE5\index.dat
+ 2009-11-03 18:04 . 2010-04-11 18:03 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Temp\History\History.IE5\index.dat
- 2009-11-03 18:04 . 2010-04-11 16:13 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Temp\History\History.IE5\index.dat
- 2009-11-03 18:04 . 2010-04-11 16:13 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Temp\Cookies\index.dat
+ 2009-11-03 18:04 . 2010-04-11 18:03 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Temp\Cookies\index.dat
- 2009-11-01 13:20 . 2010-04-11 16:14 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-11-01 13:20 . 2010-04-11 18:04 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-11-01 13:20 . 2010-04-11 18:04 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-11-01 13:20 . 2010-04-11 16:14 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-11-01 13:20 . 2010-04-11 17:50 9792 c:\windows\System32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1981820849-1269703919-3846408820-1001_UserData.bin
- 2010-04-11 16:14 . 2010-04-11 16:14 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2010-04-11 17:20 . 2010-04-11 18:04 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2010-04-11 17:20 . 2010-04-11 18:04 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2010-04-11 16:14 . 2010-04-11 16:14 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-11-01 13:12 . 2010-04-11 18:04 245760 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
- 2009-11-01 13:12 . 2010-04-11 16:14 245760 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2009-11-01 13:06 . 2010-04-11 18:04 622592 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-11-01 13:06 . 2010-04-11 16:14 622592 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-03-09 26100520]
"Octoshape Streaming Services"="c:\users\Tobi\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe" [2009-01-08 70936]
"Steam"="c:\spiele\Steam\\Steam.exe" [2010-02-22 1217872]
"PPAP"="c:\program files\Common Files\PPLiveNetwork\PPAP.exe" [2010-02-04 173512]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2008-06-02 3563520]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-11-01 149280]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 55824]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-03-02 282792]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"="c:\windows\system32\Macromed\Flash\FlashUtil10a.exe" [2008-10-05 235936]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-6-5 752168]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2009-11-1 813584]
QuickSet.lnk - c:\program files\Dell\QuickSet\quickset.exe [2008-7-9 1616976]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2009-07-20 11:28 72208 ----a-w- c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer4"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-11 135664]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2008-01-29 29736]
R3 GarenaPEngine;GarenaPEngine;c:\users\Tobi\AppData\Local\Temp\RZNF628.tmp [x]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_c8e33401effad09d\aestsrv.exe [2008-02-28 73728]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-08-18 176128]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2010-02-24 135336]
S3 itecir;ITECIR Infrared Receiver;c:\windows\system32\DRIVERS\itecir.sys [2007-12-18 54784]
S3 k57nd60x;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60x.sys [2008-01-29 203264]
S3 OA001Ufd;Creative Camera OA001 Upper Filter Driver;c:\windows\system32\DRIVERS\OA001Ufd.sys [2008-06-03 144672]
S3 OA001Vid;Creative Camera OA001 Function Driver;c:\windows\system32\DRIVERS\OA001Vid.sys [2008-05-13 277504]

.
Inhalt des "geplante Tasks" Ordners

2010-04-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-11 12:08]

2010-04-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-11 12:08]
.
.
------- Zusätzlicher Suchlauf -------
.
uInternet Settings,ProxyOverride = *.local
IE: Bild an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
IE: Seite an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {{88EB38EF-4D2C-436D-ABD3-56B232674062} - c:\program files\ICQ7.0\ICQ.exe
FF - ProfilePath - c:\users\Tobi\AppData\Roaming\Mozilla\Firefox\Profiles\ker0n89o.default\
FF - prefs.js: browser.startup.homepage - www.t-online.de
FF - component: c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\components\SkypeFfComponent.dll
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\users\Tobi\AppData\Roaming\Mozilla\Firefox\Profiles\ker0n89o.default\extensions\firefox@tvunetworks.com\plugins\npTVUAx.dll
FF - plugin: c:\users\Tobi\AppData\Roaming\Mozilla\Firefox\Profiles\ker0n89o.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp071303000004.dll
FF - plugin: c:\users\Tobi\AppData\Roaming\Mozilla\plugins\npoctoshape.dll

---- FIREFOX Richtlinien ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "hxxp://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -

HKCU-Run-AlSrvN - c:\users\Tobi\Desktop\Alcohol 120% v.1.9.8.7612 Retail\patch\Plugins\Helper\AlSrvN.exe



**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, hxxp://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x86A9CAC8]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
IoDeviceObjectType -> DumpProcedure -> 0xd46a624f
SecurityProcedure -> 0x859c9e88
QueryNameProcedure -> 0x859c9018
user & kernel MBR OK

**************************************************************************

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\GarenaPEngine]
"ImagePath"="\??\c:\users\Tobi\AppData\Local\Temp\RZNF628.tmp"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------

- - - - - - - > 'Explorer.exe'(5824)
c:\program files\Logitech\SetPoint\GameHook.dll
c:\program files\Logitech\SetPoint\lgscroll.dll
c:\windows\system32\btmmhook.dll
c:\windows\system32\btncopy.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_c8e33401effad09d\STacSV.exe
c:\windows\system32\atieclxx.exe
c:\windows\System32\WLTRYSVC.EXE
c:\windows\System32\bcmwltry.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\program files\Common Files\Nero\Nero BackItUp 4\NBService.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\windows\system32\conhost.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\taskhost.exe
c:\program files\Winamp Remote\bin\OrbTray.exe
c:\windows\system32\conhost.exe
c:\program files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
c:\program files\Skype\Plugin Manager\skypePM.exe
c:\program files\Winamp Remote\bin\Orb.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2010-04-11 20:25:05 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2010-04-11 18:25
ComboFix2.txt 2010-04-11 16:29

Vor Suchlauf: 28 Verzeichnis(se), 43.227.287.552 Bytes frei
Nach Suchlauf: 28 Verzeichnis(se), 42.893.877.248 Bytes frei

- - End Of File - - 3B443BED912BEA44A1597EF7EEFB18F2
GMER:
Zitat:
GMER 1.0.15.15281 - hxxp://www.gmer.net
Rootkit scan 2010-04-11 20:59:27
Windows 6.1.7600
Running: rryfs3dy.exe; Driver: C:\Users\Tobi\AppData\Local\Temp\kxddqpow.sys


---- System - GMER 1.0.15 ----

INT 0x1F \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82E37AF8
INT 0x37 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82E37104
INT 0xC1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82E373F4
INT 0xD1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82E202D8
INT 0xD2 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82E1F898
INT 0xDF \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82E371DC
INT 0xE1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82E37958
INT 0xE3 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82E376F8
INT 0xFD \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82E37F2C
INT 0xFE \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82E381A8

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwSaveKeyEx + 13BD 82E975C9 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82EBC052 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text C:\Windows\system32\DRIVERS\atikmdag.sys section is writeable [0x91210000, 0x2D5378, 0xE8000020]
.text peauth.sys 9B83FC9D 28 Bytes [8F, AD, 73, F8, B0, 75, 04, ...]
.text peauth.sys 9B83FCC1 28 Bytes [8F, AD, 73, F8, B0, 75, 04, ...]
PAGE peauth.sys 9B845B9B 72 Bytes [A0, 6B, CC, 35, 36, 58, E8, ...]
PAGE peauth.sys 9B845BEC 111 Bytes [2E, 3A, D4, 58, B1, 45, 8F, ...]
PAGE peauth.sys 9B845E20 101 Bytes [64, BD, ED, 2C, F8, C2, AD, ...]
PAGE ...
? C:\Windows\system32\Drivers\PROCEXP113.SYS Das System kann die angegebene Datei nicht finden. !

---- User code sections - GMER 1.0.15 ----

.text C:\Windows\system32\svchost.exe[1000] ntdll.dll!NtProtectVirtualMemory 76ED5360 5 Bytes JMP 001C000A
.text C:\Windows\system32\svchost.exe[1000] ntdll.dll!NtWriteVirtualMemory 76ED5EE0 5 Bytes JMP 001D000A
.text C:\Windows\system32\svchost.exe[1000] ntdll.dll!KiUserExceptionDispatcher 76ED6448 5 Bytes JMP 001B000A
.text C:\Windows\system32\svchost.exe[1000] ole32.dll!CoCreateInstance 753C57FC 5 Bytes JMP 0032000A
.text C:\Windows\system32\svchost.exe[1000] USER32.dll!GetCursorPos 7693C198 5 Bytes JMP 0033000A
.text C:\Program Files\Winamp Remote\bin\Orb.exe[2776] kernel32.dll!SetUnhandledExceptionFilter 765A3162 5 Bytes JMP 00402CD0 C:\Program Files\Winamp Remote\bin\Orb.exe (Orb Application/Orb Networks, Inc.)
.text C:\Program Files\Winamp Remote\bin\OrbTray.exe[3376] kernel32.dll!SetUnhandledExceptionFilter 765A3162 5 Bytes JMP 00413C70 C:\Program Files\Winamp Remote\bin\OrbTray.exe (Orb/Orb Networks)
.text C:\Program Files\Common Files\PPLiveNetwork\PPAP.exe[3924] kernel32.dll!CreateFileW 765A0B7D 5 Bytes JMP 024E2930 C:\Program Files\Common Files\PPLiveNetwork\TipsClient.dll
.text C:\Program Files\Common Files\PPLiveNetwork\PPAP.exe[3924] kernel32.dll!CreateFileA 765A291C 5 Bytes JMP 024E28D0 C:\Program Files\Common Files\PPLiveNetwork\TipsClient.dll
.text C:\Program Files\Common Files\PPLiveNetwork\PPAP.exe[3924] USER32.dll!ShowWindow 7694147A 2 Bytes JMP 024E2750 C:\Program Files\Common Files\PPLiveNetwork\TipsClient.dll
.text C:\Program Files\Common Files\PPLiveNetwork\PPAP.exe[3924] USER32.dll!ShowWindow + 3 7694147D 2 Bytes [BA, 8B]
.text C:\Windows\Explorer.exe[5824] ntdll.dll!NtProtectVirtualMemory 76ED5360 5 Bytes JMP 007A000A
.text C:\Windows\Explorer.exe[5824] ntdll.dll!NtWriteVirtualMemory 76ED5EE0 5 Bytes JMP 007B000A
.text C:\Windows\Explorer.exe[5824] ntdll.dll!KiUserExceptionDispatcher 76ED6448 5 Bytes JMP 0079000A

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Windows\Explorer.exe[5824] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipAlloc] [73D72494] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.exe[5824] @ C:\Windows\Explorer.exe [gdiplus.dll!GdiplusStartup] [73D55624] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.exe[5824] @ C:\Windows\Explorer.exe [gdiplus.dll!GdiplusShutdown] [73D556E2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.exe[5824] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipFree] [73D7250F] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.exe[5824] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipDeleteGraphics] [73D68573] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.exe[5824] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipDisposeImage] [73D64D27] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.exe[5824] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipGetImageWidth] [73D650CE] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.exe[5824] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipGetImageHeight] [73D651A3] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.exe[5824] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipCreateBitmapFromHBITMAP] [73D666D0] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.exe[5824] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipCreateFromHDC] [73D682CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.exe[5824] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipSetCompositingMode] [73D68819] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.exe[5824] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipSetInterpolationMode] [73D6907A] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.exe[5824] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipDrawImageRectI] [73D6E21D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.exe[5824] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipCloneImage] [73D64C59] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

Device \Driver\ACPI_HAL \Device\0000004e halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Dateisystem-Filter-Manager/Microsoft Corporation)

Device -> \Driver\atapi \Device\Harddisk0\DR0 86A9CAC8

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\00225f0cf667
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\00225f0cf667@0021fb0c295f 0x12 0xEC 0xF5 0x88 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xE7 0x3E 0xC9 0x8D ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\00225f0cf667 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\00225f0cf667@0021fb0c295f 0x12 0xEC 0xF5 0x88 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xE7 0x3E 0xC9 0x8D ...

---- Files - GMER 1.0.15 ----

File C:\Windows\system32\drivers\atapi.sys suspicious modification

---- EOF - GMER 1.0.15 ----
OTL:
Zitat:
Error: Unable to interpret <netsvcs> in the current context!
Error: Unable to interpret <%SYSTEMDRIVE%\*.exe> in the current context!
Error: Unable to interpret </md5start> in the current context!
Error: Unable to interpret <eventlog.dll> in the current context!
Error: Unable to interpret <scecli.dll> in the current context!
Error: Unable to interpret <netlogon.dll> in the current context!
Error: Unable to interpret <cngaudit.dll> in the current context!
Error: Unable to interpret <sceclt.dll> in the current context!
Error: Unable to interpret <ntelogon.dll> in the current context!
Error: Unable to interpret <logevent.dll> in the current context!
Error: Unable to interpret <iaStor.sys> in the current context!
Error: Unable to interpret <nvstor.sys> in the current context!
Error: Unable to interpret <atapi.sys> in the current context!
Error: Unable to interpret <IdeChnDr.sys> in the current context!
Error: Unable to interpret <viasraid.sys> in the current context!
Error: Unable to interpret <AGP440.sys> in the current context!
Error: Unable to interpret <vaxscsi.sys> in the current context!
Error: Unable to interpret <nvatabus.sys> in the current context!
Error: Unable to interpret <viamraid.sys> in the current context!
Error: Unable to interpret <nvata.sys> in the current context!
Error: Unable to interpret <nvgts.sys> in the current context!
Error: Unable to interpret <iastorv.sys> in the current context!
Error: Unable to interpret <ViPrt.sys> in the current context!
Error: Unable to interpret <eNetHook.dll> in the current context!
Error: Unable to interpret <ahcix86.sys> in the current context!
Error: Unable to interpret <KR10N.sys> in the current context!
Error: Unable to interpret <nvstor32.sys> in the current context!
Error: Unable to interpret <ahcix86s.sys> in the current context!
Error: Unable to interpret <nvrd32.sys> in the current context!
Error: Unable to interpret <symmpi.sys> in the current context!
Error: Unable to interpret <adp3132.sys> in the current context!
Error: Unable to interpret <mv61xx.sys> in the current context!
Error: Unable to interpret </md5stop> in the current context!
Error: Unable to interpret <%systemroot%\*. /mp /s> in the current context!
Error: Unable to interpret <CREATERESTOREPOINT> in the current context!
Error: Unable to interpret <%systemroot%\system32\*.dll /lockedfiles> in the current context!
Error: Unable to interpret <%systemroot%\Tasks\*.job /lockedfiles> in the current context!
Error: Unable to interpret <%systemroot%\system32\drivers\*.sys /lockedfiles> in the current context!
Error: Unable to interpret <%systemroot%\System32\config\*.sav> in the current context!

OTL by OldTimer - Version 3.2.1.1 log created on 04112010_210241
(so viele Errors?)

Alt 11.04.2010, 20:26   #14
Larusso
/// Selecta Jahrusso
 
TR/Crypt.ZPACK.Gen in C:\Windows\Temp\rmwc.tmp\svchost.exe - Standard

TR/Crypt.ZPACK.Gen in C:\Windows\Temp\rmwc.tmp\svchost.exe


Du hast bei OTL auf Run Fix gedrückt, nicht Quick Scan .

Bitte erneut ausführen.
__________________
mfg, Daniel

ASAP & UNITE Member
Alliance of Security Analysis Professionals
Unified Network of Instructors and Trusted Eliminators

Lerne, zurück zu schlagen und unterstütze uns!
TB Akademie
Alt 11.04.2010, 20:41   #15
Dev
 
TR/Crypt.ZPACK.Gen in C:\Windows\Temp\rmwc.tmp\svchost.exe - Standard

TR/Crypt.ZPACK.Gen in C:\Windows\Temp\rmwc.tmp\svchost.exe


So jetzt hoffentlich richtig:
Otl.txt

Zitat:
OTL logfile created on: 11.04.2010 21:33:44 - Run 3
OTL by OldTimer - Version 3.2.1.1 Folder = C:\Users\Tobi\Desktop
An unknown product (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 76,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 86,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 123,49 Gb Total Space | 39,90 Gb Free Space | 32,31% Space Free | Partition Type: NTFS
Drive D: | 70,00 Gb Total Space | 13,08 Gb Free Space | 18,69% Space Free | Partition Type: NTFS
Drive E: | 29,25 Gb Total Space | 3,82 Gb Free Space | 13,07% Space Free | Partition Type: NTFS
Drive F: | 10,00 Gb Total Space | 1,85 Gb Free Space | 18,49% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: BAYER04
Current User Name: Tobi
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Minimal
Quick Scan

========== Processes (SafeList) ==========

PRC - C:\Users\Tobi\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Programme\Common Files\PPLiveNetwork\PPAP.exe (PPLive Corporation)
PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\System32\atieclxx.exe (AMD)
PRC - C:\Windows\System32\atiesrxx.exe (AMD)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation)
PRC - C:\Programme\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG)
PRC - C:\Programme\Dell\QuickSet\quickset.exe (Dell Inc.)
PRC - C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
PRC - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_c8e33401effad09d\stacsv.exe (IDT, Inc.)
PRC - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_c8e33401effad09d\AEstSrv.exe (Andrea Electronics Corporation)


========== Modules (SafeList) ==========

MOD - C:\Users\Tobi\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\System32\sspicli.dll (Microsoft Corporation)
MOD - C:\Windows\System32\sechost.dll (Microsoft Corporation)
MOD - C:\Windows\System32\samcli.dll (Microsoft Corporation)
MOD - C:\Windows\System32\profapi.dll (Microsoft Corporation)
MOD - C:\Windows\System32\netutils.dll (Microsoft Corporation)
MOD - C:\Windows\System32\KernelBase.dll (Microsoft Corporation)
MOD - C:\Windows\System32\dwmapi.dll (Microsoft Corporation)
MOD - C:\Windows\System32\devobj.dll (Microsoft Corporation)
MOD - C:\Windows\System32\cryptbase.dll (Microsoft Corporation)
MOD - C:\Windows\System32\cfgmgr32.dll (Microsoft Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll (Microsoft Corporation)
MOD - C:\Programme\Dell\QuickSet\dadkeyb.dll (Dell Inc.)
MOD - C:\Windows\System32\BtMmHook.dll (Broadcom Corporation.)


========== Win32 Services (SafeList) ==========

SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (AMD External Events Utility) -- C:\Windows\System32\atiesrxx.exe (AMD)
SRV - (LBTServ) -- C:\Programme\Common Files\Logishrd\Bluetooth\LBTServ.exe (Logitech, Inc.)
SRV - (WwanSvc) -- C:\Windows\System32\wwansvc.dll (Microsoft Corporation)
SRV - (WbioSrvc) -- C:\Windows\System32\wbiosrvc.dll (Microsoft Corporation)
SRV - (Power) -- C:\Windows\System32\umpo.dll (Microsoft Corporation)
SRV - (Themes) -- C:\Windows\System32\themeservice.dll (Microsoft Corporation)
SRV - (sppuinotify) -- C:\Windows\System32\sppuinotify.dll (Microsoft Corporation)
SRV - (StorSvc) -- C:\Windows\System32\StorSvc.dll (Microsoft Corporation)
SRV - (RpcEptMapper) -- C:\Windows\System32\RpcEpMap.dll (Microsoft Corporation)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)
SRV - (PNRPsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation)
SRV - (p2pimsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation)
SRV - (HomeGroupProvider) -- C:\Windows\System32\provsvc.dll (Microsoft Corporation)
SRV - (PNRPAutoReg) -- C:\Windows\System32\pnrpauto.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (HomeGroupListener) -- C:\Windows\System32\ListSvc.dll (Microsoft Corporation)
SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation)
SRV - (Dhcp) -- C:\Windows\System32\dhcpcore.dll (Microsoft Corporation)
SRV - (defragsvc) -- C:\Windows\System32\defragsvc.dll (Microsoft Corporation)
SRV - (BDESVC) -- C:\Windows\System32\bdesvc.dll (Microsoft Corporation)
SRV - (AxInstSV) ActiveX-Installer (AxInstSV) -- C:\Windows\System32\AxInstSv.dll (Microsoft Corporation)
SRV - (AppIDSvc) -- C:\Windows\System32\appidsvc.dll (Microsoft Corporation)
SRV - (sppsvc) -- C:\Windows\System32\sppsvc.exe (Microsoft Corporation)
SRV - (Nero BackItUp Scheduler 4.0) -- C:\Programme\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG)
SRV - (STacSV) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_c8e33401effad09d\stacsv.exe (IDT, Inc.)
SRV - (AESTFilters) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_c8e33401effad09d\AEstSrv.exe (Andrea Electronics Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 82 97 38 FA B8 D5 CA 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "www.t-online.de"
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.071303000004
FF - prefs.js..extensions.enabledItems: firefox@tvunetworks.com:2
FF - prefs.js..extensions.enabledItems: 5
FF - prefs.js..extensions.enabledItems: 2
FF - prefs.js..extensions.enabledItems: 2
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198
FF - prefs.js..network.proxy.backup.ftp: ""
FF - prefs.js..network.proxy.backup.ftp_port: 0
FF - prefs.js..network.proxy.backup.gopher: ""
FF - prefs.js..network.proxy.backup.gopher_port: 0
FF - prefs.js..network.proxy.backup.socks: "localhost"
FF - prefs.js..network.proxy.backup.socks_port: 9050
FF - prefs.js..network.proxy.backup.ssl: "localhost"
FF - prefs.js..network.proxy.backup.ssl_port: 9666
FF - prefs.js..network.proxy.ftp: "proxy.fh-flensburg.de"
FF - prefs.js..network.proxy.ftp_port: 80
FF - prefs.js..network.proxy.gopher: "proxy.fh-flensburg.de"
FF - prefs.js..network.proxy.gopher_port: 80
FF - prefs.js..network.proxy.http: "proxy.fh-flensburg.de"
FF - prefs.js..network.proxy.http_port: 80
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.socks: "proxy.fh-flensburg.de"
FF - prefs.js..network.proxy.socks_port: 80
FF - prefs.js..network.proxy.socks_remote_dns: true
FF - prefs.js..network.proxy.ssl: "proxy.fh-flensburg.de"
FF - prefs.js..network.proxy.ssl_port: 80

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.04.06 17:09:07 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.04.06 17:09:03 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.24\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2010.03.18 13:09:56 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.24\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2010.02.11 11:58:58 | 000,000,000 | ---D | M]

[2009.11.01 16:00:32 | 000,000,000 | ---D | M] -- C:\Users\Tobi\AppData\Roaming\mozilla\Extensions
[2010.04.11 18:40:03 | 000,000,000 | ---D | M] -- C:\Users\Tobi\AppData\Roaming\mozilla\Firefox\Profiles\ker0n89o.default\extensions
[2010.02.26 21:33:36 | 000,000,000 | ---D | M] -- C:\Users\Tobi\AppData\Roaming\mozilla\Firefox\Profiles\ker0n89o.default\extensions\firefox@tvunetworks.com
[2009.11.10 11:40:38 | 000,000,000 | ---D | M] -- C:\Users\Tobi\AppData\Roaming\mozilla\Firefox\Profiles\ker0n89o.default\extensions\moveplayer@movenetworks.com
[2010.04.11 18:40:03 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions
[2010.03.30 17:31:13 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Programme\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2010.04.06 17:08:55 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.04.06 17:08:55 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.04.06 17:08:55 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.04.06 17:08:55 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.04.06 17:08:55 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml

O1 HOSTS File: ([2010.04.11 20:21:14 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKCU..\Run: [Octoshape Streaming Services] C:\Users\Tobi\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe (Octoshape ApS)
O4 - HKCU..\Run: [PPAP] C:\Program Files\Common Files\PPLiveNetwork\PPAP.exe (PPLive Corporation)
O4 - HKCU..\Run: [Steam] C:\Spiele\Steam\Steam.exe (Valve Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Programme\PokerStars\PokerStarsUpdate.exe (PokerStars)
O9 - Extra Button: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Programme\ICQ7.0\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Programme\ICQ7.0\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: PPLive - {95B3F550-91C4-4627-BCC4-521288C52977} - C:\Programme\PPLive\PPTV\PPLive.exe (PPLive Corporation)
O9 - Extra 'Tools' menuitem : PPLive - {95B3F550-91C4-4627-BCC4-521288C52977} - C:\Programme\PPLive\PPTV\PPLive.exe (PPLive Corporation)
O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe File not found
O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe File not found
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - Winlogon\Notify\LBTWlgn: DllName - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll - c:\Programme\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias [2009.07.14 04:37:08 | 000,000,000 | ---D | M]
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found
NetSvcs: Themes - C:\Windows\System32\themeservice.dll (Microsoft Corporation)
NetSvcs: BDESVC - C:\Windows\System32\bdesvc.dll (Microsoft Corporation)

========== Files/Folders - Created Within 14 Days ==========

[2010.04.11 20:25:09 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2010.04.11 20:24:03 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2010.04.11 19:51:05 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2010.04.11 18:26:07 | 000,000,000 | ---D | C] -- C:\Users\Tobi\AppData\Local\temp
[2010.04.11 18:15:23 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2010.04.11 18:15:23 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2010.04.11 18:15:23 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2010.04.11 18:15:07 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010.04.11 18:13:19 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010.04.11 12:26:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Hitman Pro
[2010.04.11 12:26:07 | 000,000,000 | ---D | C] -- C:\Programme\Hitman Pro 3.5
[2010.04.11 12:25:36 | 005,650,240 | ---- | C] (SurfRight B.V.) -- C:\Users\Tobi\Desktop\HitmanPro35.exe
[2010.04.11 01:08:11 | 000,000,000 | ---D | C] -- C:\_OTL
[2010.04.10 23:00:38 | 000,561,664 | ---- | C] (OldTimer Tools) -- C:\Users\Tobi\Desktop\OTL.exe
[2010.04.10 19:21:43 | 000,000,000 | ---D | C] -- C:\Users\Tobi\AppData\Roaming\Avira
[2010.04.10 18:18:03 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys
[2010.04.10 18:18:02 | 000,124,784 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2010.04.10 18:18:02 | 000,051,992 | ---- | C] (AVIRA GmbH) -- C:\Windows\System32\drivers\avgntdd.sys
[2010.04.10 18:18:02 | 000,017,016 | ---- | C] (AVIRA GmbH) -- C:\Windows\System32\drivers\avgntmgr.sys
[2010.04.10 18:18:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2010.04.10 17:51:23 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010.04.10 17:51:20 | 000,020,824 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010.04.10 17:50:39 | 005,918,776 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Tobi\Desktop\mbam-setup-1.45.exe
[2010.04.10 13:53:06 | 000,000,000 | ---D | C] -- C:\Programme\trend micro
[2010.04.10 13:53:06 | 000,000,000 | ---D | C] -- C:\rsit
[2010.04.09 10:52:17 | 000,000,000 | ---D | C] -- C:\Users\Tobi\AppData\Roaming\Malwarebytes
[2010.04.09 10:52:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010.04.09 10:52:04 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2010.04.09 10:51:35 | 000,000,000 | ---D | C] -- C:\Programme\CCleaner
[2010.04.08 21:18:27 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2010.04.08 15:18:52 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2010.03.30 17:30:51 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Skype

========== Files - Modified Within 14 Days ==========

[2010.04.11 21:35:05 | 002,097,152 | -HS- | M] () -- C:\Users\Tobi\NTUSER.DAT
[2010.04.11 21:24:00 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010.04.11 21:15:43 | 000,013,248 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010.04.11 21:15:43 | 000,013,248 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010.04.11 21:08:35 | 000,001,088 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010.04.11 21:08:24 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010.04.11 21:08:17 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.04.11 21:08:12 | 2411,872,256 | -HS- | M] () -- C:\hiberfil.sys
[2010.04.11 21:07:23 | 001,339,637 | -H-- | M] () -- C:\Users\Tobi\AppData\Local\IconCache.db
[2010.04.11 20:21:46 | 000,000,215 | ---- | M] () -- C:\Windows\system.ini
[2010.04.11 20:21:14 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2010.04.11 20:03:53 | 000,823,808 | ---- | M] () -- C:\Windows\System32\drivers\soccx.sys
[2010.04.11 19:38:16 | 377,442,582 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010.04.11 19:23:32 | 003,911,676 | R--- | M] () -- C:\Users\Tobi\Desktop\Combo-Fix.exe
[2010.04.11 19:21:02 | 000,015,944 | ---- | M] () -- C:\Windows\System32\drivers\hitmanpro35.sys
[2010.04.11 19:19:12 | 000,000,020 | ---- | M] () -- C:\Users\Tobi\defogger_reenable
[2010.04.11 19:18:33 | 000,050,477 | ---- | M] () -- C:\Users\Tobi\Desktop\Defogger.exe
[2010.04.11 13:37:05 | 000,293,376 | ---- | M] () -- C:\Users\Tobi\Desktop\rryfs3dy.exe
[2010.04.11 12:45:19 | 000,000,234 | ---- | M] () -- C:\Windows\System32\.crusader
[2010.04.11 12:26:01 | 005,650,240 | ---- | M] (SurfRight B.V.) -- C:\Users\Tobi\Desktop\HitmanPro35.exe
[2010.04.11 12:14:00 | 042,341,360 | ---- | M] () -- C:\Users\Tobi\Desktop\avira_antivir_personal10_de.exe
[2010.04.10 23:00:39 | 000,561,664 | ---- | M] (OldTimer Tools) -- C:\Users\Tobi\Desktop\OTL.exe
[2010.04.10 18:18:24 | 000,002,016 | ---- | M] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk
[2010.04.10 18:16:51 | 000,000,112 | ---- | M] () -- C:\ProgramData\5XAtt3xo2.dat
[2010.04.10 17:51:26 | 000,000,983 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.04.10 17:51:02 | 005,918,776 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Tobi\Desktop\mbam-setup-1.45.exe
[2010.04.10 17:36:53 | 000,781,909 | ---- | M] () -- C:\Users\Tobi\Desktop\RSIT.exe
[2010.04.10 13:54:12 | 000,002,043 | ---- | M] () -- C:\Users\Tobi\Desktop\HijackThis.lnk
[2010.04.10 10:16:38 | 001,472,002 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010.04.10 10:16:38 | 000,643,866 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2010.04.10 10:16:38 | 000,607,190 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010.04.10 10:16:38 | 000,126,394 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2010.04.10 10:16:38 | 000,103,568 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010.04.09 10:51:38 | 000,001,835 | ---- | M] () -- C:\Users\Tobi\Desktop\CCleaner.lnk
[2010.03.30 00:46:30 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010.03.30 00:45:52 | 000,020,824 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010.03.28 21:58:51 | 000,001,153 | ---- | M] () -- C:\Users\Tobi\Desktop\Frozen Throne - Verknüpfung.lnk

========== Files Created - No Company Name ==========

[2010.04.11 19:23:31 | 003,911,676 | R--- | C] () -- C:\Users\Tobi\Desktop\Combo-Fix.exe
[2010.04.11 19:18:52 | 000,000,020 | ---- | C] () -- C:\Users\Tobi\defogger_reenable
[2010.04.11 19:18:33 | 000,050,477 | ---- | C] () -- C:\Users\Tobi\Desktop\Defogger.exe
[2010.04.11 18:15:23 | 000,261,632 | ---- | C] () -- C:\Windows\PEV.exe
[2010.04.11 18:15:23 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2010.04.11 18:15:23 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2010.04.11 18:15:23 | 000,077,312 | ---- | C] () -- C:\Windows\MBR.exe
[2010.04.11 18:15:23 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2010.04.11 13:37:04 | 000,293,376 | ---- | C] () -- C:\Users\Tobi\Desktop\rryfs3dy.exe
[2010.04.11 12:45:19 | 000,000,234 | ---- | C] () -- C:\Windows\System32\.crusader
[2010.04.11 12:26:22 | 000,015,944 | ---- | C] () -- C:\Windows\System32\drivers\hitmanpro35.sys
[2010.04.10 18:18:24 | 000,002,016 | ---- | C] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk
[2010.04.10 18:13:41 | 042,341,360 | ---- | C] () -- C:\Users\Tobi\Desktop\avira_antivir_personal10_de.exe
[2010.04.10 17:51:26 | 000,000,983 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.04.10 15:48:43 | 000,000,112 | ---- | C] () -- C:\ProgramData\5XAtt3xo2.dat
[2010.04.10 13:54:37 | 000,781,909 | ---- | C] () -- C:\Users\Tobi\Desktop\RSIT.exe
[2010.04.10 13:54:12 | 000,002,043 | ---- | C] () -- C:\Users\Tobi\Desktop\HijackThis.lnk
[2010.04.09 12:47:31 | 377,442,582 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2010.04.09 10:51:38 | 000,001,835 | ---- | C] () -- C:\Users\Tobi\Desktop\CCleaner.lnk
[2010.04.06 21:00:15 | 000,823,808 | ---- | C] () -- C:\Windows\System32\drivers\soccx.sys
[2010.03.21 13:11:15 | 000,017,408 | ---- | C] () -- C:\Users\Tobi\AppData\Local\WebpageIcons.db
[2009.12.17 19:26:30 | 000,000,055 | ---- | C] () -- C:\Windows\wininit.ini
[2009.12.10 23:22:10 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2009.12.10 15:20:29 | 000,000,842 | ---- | C] () -- C:\Users\Tobi\.recently-used.xbel
[2009.11.09 15:09:34 | 000,000,125 | -HS- | C] () -- C:\ProgramData\.zreglib
[2009.11.01 23:38:13 | 000,057,344 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2009.11.01 23:09:50 | 000,011,776 | ---- | C] () -- C:\Users\Tobi\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.11.01 15:28:52 | 000,055,808 | ---- | C] () -- C:\Windows\System32\bcmwlrmt.dll
[2009.11.01 15:10:05 | 002,097,152 | -HS- | C] () -- C:\Users\Tobi\NTUSER.DAT
[2009.11.01 15:10:05 | 000,524,288 | -HS- | C] () -- C:\Users\Tobi\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000002.regtrans-ms
[2009.11.01 15:10:05 | 000,524,288 | -HS- | C] () -- C:\Users\Tobi\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000001.regtrans-ms
[2009.11.01 15:10:05 | 000,262,144 | -HS- | C] () -- C:\Users\Tobi\ntuser.dat.LOG1
[2009.11.01 15:10:05 | 000,065,536 | -HS- | C] () -- C:\Users\Tobi\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TM.blf
[2009.11.01 15:10:05 | 000,000,020 | -HS- | C] () -- C:\Users\Tobi\ntuser.ini
[2009.11.01 15:10:05 | 000,000,000 | -HS- | C] () -- C:\Users\Tobi\ntuser.dat.LOG2
[2009.07.14 01:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2008.12.10 11:11:04 | 000,002,045 | -H-- | C] () -- C:\Windows\System32\whlpda32e.dll
[2001.11.14 14:56:00 | 001,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll

========== LOP Check ==========

[2009.12.09 22:09:18 | 000,000,000 | ---D | M] -- C:\Users\Tobi\AppData\Roaming\EPSON
[2009.12.10 15:20:39 | 000,000,000 | ---D | M] -- C:\Users\Tobi\AppData\Roaming\gtk-2.0
[2010.04.11 19:19:20 | 000,000,000 | ---D | M] -- C:\Users\Tobi\AppData\Roaming\ICQ
[2009.11.01 15:56:46 | 000,000,000 | ---D | M] -- C:\Users\Tobi\AppData\Roaming\Leadertech
[2009.12.06 16:29:34 | 000,000,000 | ---D | M] -- C:\Users\Tobi\AppData\Roaming\Microgaming
[2009.11.03 21:35:17 | 000,000,000 | ---D | M] -- C:\Users\Tobi\AppData\Roaming\Octoshape
[2009.11.20 23:01:02 | 000,000,000 | ---D | M] -- C:\Users\Tobi\AppData\Roaming\Opera
[2009.12.09 00:45:03 | 000,000,000 | ---D | M] -- C:\Users\Tobi\AppData\Roaming\Pegasys Inc
[2010.03.16 14:48:08 | 000,000,000 | ---D | M] -- C:\Users\Tobi\AppData\Roaming\PPLive
[2009.11.01 16:00:01 | 000,000,000 | ---D | M] -- C:\Users\Tobi\AppData\Roaming\Thunderbird
[2009.12.10 20:23:04 | 000,000,000 | ---D | M] -- C:\Users\Tobi\AppData\Roaming\Video DVD Maker FREE
[2010.04.11 19:12:26 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: AGP440.SYS >
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\ERDNT\cache\AGP440.sys
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_65848c2d7375a720\AGP440.sys
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys

< MD5 for: ATAPI.SYS >
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\ERDNT\cache\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_f64b9c35a3a5be81\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys

< MD5 for: CNGAUDIT.DLL >
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\ERDNT\cache\cngaudit.dll
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll

< MD5 for: IASTORV.SYS >
[2009.07.14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\System32\drivers\iaStorV.sys
[2009.07.14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_18cccb83b34e1453\iaStorV.sys
[2009.07.14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys

< MD5 for: NETLOGON.DLL >
[2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\ERDNT\cache\netlogon.dll
[2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\System32\netlogon.dll
[2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll

< MD5 for: NVSTOR.SYS >
[2009.07.14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\System32\drivers\nvstor.sys
[2009.07.14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_5bde3fe2945bce9e\nvstor.sys
[2009.07.14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys

< MD5 for: SCECLI.DLL >
[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\ERDNT\cache\scecli.dll
[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\System32\scecli.dll
[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2008.06.02 12:44:06 | 000,055,808 | ---- | M] () Unable to obtain MD5 -- C:\Windows\System32\bcmwlrmt.dll

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >

< End of report >

Antwort
Seite 1 von 4 1 23 Letzte »

Themen zu TR/Crypt.ZPACK.Gen in C:\Windows\Temp\rmwc.tmp\svchost.exe
.dll, 0 bytes, administratorrechte, antivir, audiodg.exe, avg, conhost.exe, desktop, dwm.exe, erste mal, fehler, jusched.exe, log, löschen, modul, musik, netzwerk, neustart, nicht gefunden, nt.dll, prozess, prozesse, quelldatei, recycle.bin, registry, scan, services.exe, skype.exe, starten, sttray.exe, suchlauf, svchost.exe, system, taskhost.exe, temp, tr/crypt.xpack.ge, trojaner, versteckte objekte, verweise, virus gefunden, windows, winlogon.exe


« Backdoor Trojaner Hilfe!!! | ICQ Virus/Spammer - Spammt downloadlink seiner datei in icq »


Ähnliche Themen: TR/Crypt.ZPACK.Gen in C:\Windows\Temp\rmwc.tmp\svchost.exe


  1. tr crypt.zpack.gen im Temp Ordner
    Plagegeister aller Art und deren Bekämpfung - 18.11.2010 (20)
  2. TR/Crypt.ZPACK.Gen in C:\Users\***\AppData\Local\Temp\eapp32hst.dl
    Plagegeister aller Art und deren Bekämpfung - 18.10.2010 (18)
  3. Antivir meldet C:\Windows\temp\xxxx.tmp (TR/Crypt.ZPACK.Gen) alle paar Minuten
    Plagegeister aller Art und deren Bekämpfung - 10.10.2010 (4)
  4. TR\Crypt.ZPACK.Gen in C:\Windows\Temp\gsxm.tmp\svchost.exe
    Plagegeister aller Art und deren Bekämpfung - 01.05.2010 (1)
  5. Datensicherung bei TR/Crypt.ZPack.Gen Temp Ordner
    Plagegeister aller Art und deren Bekämpfung - 01.05.2010 (1)
  6. TR/Crypt.ZPACK.Gen C:\WINDOWS\Temp\uagx.tmp\svchost.exe
    Plagegeister aller Art und deren Bekämpfung - 01.05.2010 (1)
  7. Trojaner TR/Crypt.ZPACK.gen in C:/WINDOWS/TEMP/xxxx.temp/svchost.exe
    Plagegeister aller Art und deren Bekämpfung - 30.04.2010 (33)
  8. Antivir meldet TR/Crypt.ZPACK.Gen in C/Windows/Temp/xxxx.tmp/svchost.exe
    Plagegeister aller Art und deren Bekämpfung - 26.04.2010 (2)
  9. Avira meldet TR/Crypt.ZPACK.Gen in C:\Windows\Temp\xxxx.tmp\svchost.exe
    Plagegeister aller Art und deren Bekämpfung - 24.04.2010 (1)
  10. Antivir meldet TR/Crypt.ZPACK.Gen in C/Windows/Temp/xxxx.tmp/svchost.exe
    Plagegeister aller Art und deren Bekämpfung - 24.04.2010 (4)
  11. TR/Crypt.ZPACK.Gen in C:\Temp\bcot.tmp\svchost.exe , C:\Temp\qmub.tmp\svchost.exe usw
    Plagegeister aller Art und deren Bekämpfung - 12.04.2010 (1)
  12. TR/Crypt.ZPACK.Gen in SVCHOST.exe
    Plagegeister aller Art und deren Bekämpfung - 09.04.2010 (1)
  13. AntiVir: C:\Windows\Tem\dtnp.tmp\svchost.exe Is the TR/Crypt.ZPACK.Gen Trojan
    Plagegeister aller Art und deren Bekämpfung - 06.04.2010 (45)
  14. Antivir meldet C:\Windows\temp\xxxx.tmp (TR/Crypt.ZPACK.Gen) alle 10 Minuten
    Plagegeister aller Art und deren Bekämpfung - 04.11.2009 (6)
  15. 'TR/Crypt.ZPACK.Gen' in 'C:\WINDOWS\Temp\akjo.tmp'
    Log-Analyse und Auswertung - 03.11.2009 (5)
  16. TR/Crypt.ZPACK.Gen in C:\WINDOWS\Temp\
    Plagegeister aller Art und deren Bekämpfung - 31.10.2009 (11)
  17. TR/Crypt.ZPACK.Gen in C:\WINDOWS\Temp\b2.exe
    Plagegeister aller Art und deren Bekämpfung - 27.07.2009 (1)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema TR/Crypt.ZPACK.Gen in C:\Windows\Temp\rmwc.tmp\svchost.exe - Hi, seit einigen Tagen hab ich mir wohl bisschen was eingefangen. Vielleicht war es als ich bei einem bekannten im Netzwerk unterwegs war, dort kam Antivir das erste Mal mit - TR/Crypt.ZPACK.Gen in C:\Windows\Temp\rmwc.tmp\svchost.exe...
Archiv
Du betrachtest: TR/Crypt.ZPACK.Gen in C:\Windows\Temp\rmwc.tmp\svchost.exe auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131