| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Abstürze ~ found.005\file000chkWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
21.03.2011, 18:29
| #16 |
| /// Winkelfunktion /// TB-Süch-Tiger™   |  Abstürze ~ found.005\file000chk Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen. Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst. Downloade Dir danach bitte MBRCheck (by a_d_13) und speichere die Datei auf dem Desktop.
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
21.03.2011, 20:12
| #17 |
 | Abstürze ~ found.005\file000chk GERM:
__________________Code:
ATTFilter GMER 1.0.15.15570 - hxxp://www.gmer.net
Rootkit scan 2011-03-21 19:56:26
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 Hitachi_ rev.BKFO
Running: 77fvwhd8.exe; Driver: C:\Users\******\AppData\Local\Temp\ugddrpoc.sys
---- System - GMER 1.0.15 ----
INT 0x62 ? 87A18F00
INT 0x72 ? 87A18F00
INT 0x82 ? 87A18F00
INT 0x82 ? 87A18F00
INT 0xA2 ? 8612EC88
INT 0xA2 ? 87A18F00
INT 0xA2 ? 87A18F00
INT 0xA2 ? 8612EC88
INT 0xA3 ? 87A18F00
INT 0xB1 ? 85797C88
INT 0xB1 ? 85797C88
---- Kernel code sections - GMER 1.0.15 ----
? System32\Drivers\spfk.sys Das System kann den angegebenen Pfad nicht finden. !
.text USBPORT.SYS!DllUnload 8ECE741B 5 Bytes JMP 87A18450
.text an6s76n6.SYS 901A5000 47 Bytes [82, 23, 1D, 83, 6C, 22, 1D, ...]
.text an6s76n6.SYS 901A5031 147 Bytes [68, E5, 82, 55, 80, E3, 82, ...]
.text an6s76n6.SYS 901A50C6 17 Bytes [00, 00, 00, 00, 00, 00, 00, ...] {ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL; DEC EBP; SUB AL, 0x7c}
.text an6s76n6.SYS 901A50D8 14 Bytes [00, 00, 00, 00, 02, 00, 00, ...]
.text an6s76n6.SYS 901A50E7 31 Bytes [00, F0, 0E, 00, 00, 00, 00, ...]
.text ...
.text a9vp902v.SYS 8ED92000 47 Bytes [82, 23, 1D, 83, 6C, 22, 1D, ...]
.text a9vp902v.SYS 8ED92031 147 Bytes [68, E5, 82, 55, 80, E3, 82, ...]
.text a9vp902v.SYS 8ED920C6 17 Bytes [00, 00, 00, 00, 00, 00, 00, ...] {ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL; LEAVE ; HLT ; POP ESP}
.text a9vp902v.SYS 8ED920D8 14 Bytes [00, 00, 00, 00, 02, 00, 00, ...]
.text a9vp902v.SYS 8ED920E7 31 Bytes [00, F0, 0E, 00, 00, 00, 00, ...]
.text ...
.vmp2 C:\Windows\system32\drivers\acedrv11.sys entry point in ".vmp2" section [0xA1F3869D]
.text C:\Windows\system32\DRIVERS\atksgt.sys section is writeable [0xA1F3D300, 0x3B6D8, 0xE8000020]
.text C:\Windows\system32\DRIVERS\lirsgt.sys section is writeable [0xA1F83300, 0x1BEE, 0xE8000020]
---- Kernel IAT/EAT - GMER 1.0.15 ----
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortUchar] [80693F9C] \SystemRoot\System32\Drivers\spfk.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortUlong] [806933E6] \SystemRoot\System32\Drivers\spfk.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUchar] [8069390E] \SystemRoot\System32\Drivers\spfk.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortBufferUshort] [80694178] \SystemRoot\System32\Drivers\spfk.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUshort] [80693116] \SystemRoot\System32\Drivers\spfk.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortBufferUshort] [806931D4] \SystemRoot\System32\Drivers\spfk.sys
IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [806A4976] \SystemRoot\System32\Drivers\spfk.sys
IAT \SystemRoot\System32\Drivers\an6s76n6.SYS[HAL.dll!KfAcquireSpinLock] 00F90000
IAT \SystemRoot\System32\Drivers\an6s76n6.SYS[HAL.dll!KfReleaseSpinLock] 00500000
IAT \SystemRoot\System32\Drivers\an6s76n6.SYS[storport.sys!StorPortPauseDevice] 009F0000
IAT \SystemRoot\System32\Drivers\an6s76n6.SYS[storport.sys!StorPortResumeDevice] 00A80000
IAT \SystemRoot\System32\Drivers\an6s76n6.SYS[storport.sys!StorPortInitialize] 00510000
IAT \SystemRoot\System32\Drivers\an6s76n6.SYS[storport.sys!StorPortNotification] 00A30000
IAT \SystemRoot\System32\Drivers\an6s76n6.SYS[TDI.SYS!TdiDeregisterPnPHandlers] 00920000
IAT \SystemRoot\System32\Drivers\an6s76n6.SYS[TDI.SYS!TdiRegisterPnPHandlers] 009D0000
IAT \SystemRoot\System32\Drivers\an6s76n6.SYS[NETIO.SYS!WskDeregister] 00F50000
IAT \SystemRoot\System32\Drivers\an6s76n6.SYS[NETIO.SYS!WskReleaseProviderNPI] 00BC0000
IAT \SystemRoot\System32\Drivers\an6s76n6.SYS[NETIO.SYS!WskRegister] 00B60000
IAT \SystemRoot\System32\Drivers\an6s76n6.SYS[NETIO.SYS!WskCaptureProviderNPI] 00DA0000
IAT \SystemRoot\System32\Drivers\a9vp902v.SYS[HAL.dll!KfAcquireSpinLock] 00005500
IAT \SystemRoot\System32\Drivers\a9vp902v.SYS[HAL.dll!KfReleaseSpinLock] 00008C00
IAT \SystemRoot\System32\Drivers\a9vp902v.SYS[storport.sys!StorPortPauseDevice] 00008900
IAT \SystemRoot\System32\Drivers\a9vp902v.SYS[storport.sys!StorPortResumeDevice] 00000D00
IAT \SystemRoot\System32\Drivers\a9vp902v.SYS[storport.sys!StorPortInitialize] 0000BF00
IAT \SystemRoot\System32\Drivers\a9vp902v.SYS[storport.sys!StorPortNotification] 0000E600
IAT \SystemRoot\System32\Drivers\a9vp902v.SYS[TDI.SYS!TdiDeregisterPnPHandlers] 00004100
IAT \SystemRoot\System32\Drivers\a9vp902v.SYS[TDI.SYS!TdiRegisterPnPHandlers] 00009900
IAT \SystemRoot\System32\Drivers\a9vp902v.SYS[NETIO.SYS!WskDeregister] 00000F00
IAT \SystemRoot\System32\Drivers\a9vp902v.SYS[NETIO.SYS!WskReleaseProviderNPI] 0000B000
IAT \SystemRoot\System32\Drivers\a9vp902v.SYS[NETIO.SYS!WskRegister] 00005400
IAT \SystemRoot\System32\Drivers\a9vp902v.SYS[NETIO.SYS!WskCaptureProviderNPI] 0000BB00
---- User IAT/EAT - GMER 1.0.15 ----
IAT C:\Windows\Explorer.EXE[3936] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [74957817] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3936] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [749AA86D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3936] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [7495BB22] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3936] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [7494F695] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3936] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [749575E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3936] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [7494E7CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3936] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM] [74988395] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3936] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream] [7495DA60] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3936] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [7494FFFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3936] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [7494FF61] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3936] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [749471CF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3936] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM] [749DCAE2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3936] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile] [7497C8D8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3936] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [7494D968] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3936] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [74946853] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3936] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [7494687E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3936] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [74952AD1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
---- Devices - GMER 1.0.15 ----
Device \FileSystem\Ntfs \Ntfs 861321F8
Device \FileSystem\fastfat \FatCdrom 8ABDB1F8
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
Device \Driver\volmgr \Device\VolMgrControl 8579A1F8
Device \Driver\usbuhci \Device\USBPDO-0 879F71F8
Device \Driver\usbuhci \Device\USBPDO-1 879F71F8
Device \Driver\usbuhci \Device\USBPDO-2 879F71F8
Device \Driver\usbehci \Device\USBPDO-3 879F91F8
Device \Driver\usbuhci \Device\USBPDO-4 879F71F8
Device \Driver\PCI_PNP6025 \Device\00000055 spfk.sys
Device \Driver\usbuhci \Device\USBPDO-5 879F71F8
Device \Driver\PCI_PNP6025 \Device\00000056 spfk.sys
Device \Driver\usbuhci \Device\USBPDO-6 879F71F8
Device \Driver\volmgr \Device\HarddiskVolume1 8579A1F8
Device \Driver\usbehci \Device\USBPDO-7 879F91F8
Device \Driver\volmgr \Device\HarddiskVolume2 8579A1F8
Device \Driver\cdrom \Device\CdRom0 87C221F8
Device \Driver\volmgr \Device\HarddiskVolume3 8579A1F8
Device \Driver\cdrom \Device\CdRom1 87C221F8
Device \Driver\sptd \Device\3880142041 spfk.sys
Device \Driver\netbt \Device\NetBt_Wins_Export 895541F8
Device \Driver\Smb \Device\NetbiosSmb 8956A398
Device \Driver\netbt \Device\NetBT_Tcpip_{45E75BEF-57A4-4901-9DB3-E4AE1503AE2D} 895541F8
Device \Driver\iScsiPrt \Device\RaidPort0 87CA61F8
Device \Driver\usbuhci \Device\USBFDO-0 879F71F8
Device \Driver\usbuhci \Device\USBFDO-1 879F71F8
Device \Driver\usbuhci \Device\USBFDO-2 879F71F8
Device \Driver\usbehci \Device\USBFDO-3 879F91F8
Device \Driver\usbuhci \Device\USBFDO-4 879F71F8
Device \Driver\usbuhci \Device\USBFDO-5 879F71F8
Device \Driver\sptd \Device\3880298042 spfk.sys
Device \Driver\usbuhci \Device\USBFDO-6 879F71F8
Device \Driver\usbehci \Device\USBFDO-7 879F91F8
Device \Driver\a9vp902v \Device\Scsi\a9vp902v1Port3Path0Target0Lun0 87CB3470
Device \Driver\a9vp902v \Device\Scsi\a9vp902v1 87CB3470
Device \Driver\an6s76n6 \Device\Scsi\an6s76n61 87C5D470
Device \FileSystem\fastfat \Fat 8ABDB1F8
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Dateisystem-Filter-Manager/Microsoft Corporation)
Device \FileSystem\cdfs \Cdfs 92F841F8
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\ControlSet001\Services\BTHPORT\Parameters\Keys\002243c7c22a (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\BTHPORT\Parameters\Keys\002243c7c22a@40a6d933de76 0x22 0xFA 0x90 0x3D ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 1
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x27 0x95 0x36 0x53 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x7F 0x1F 0xC1 0xAB ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x55 0xD9 0x2E 0xA3 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xEE 0xD6 0x34 0xD1 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0x22 0x1B 0x1A 0x69 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\002243c7c22a
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\002243c7c22a@40a6d933de76 0x22 0xFA 0x90 0x3D ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 2
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x27 0x95 0x36 0x53 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x13 0xFC 0x39 0x9C ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x55 0xD9 0x2E 0xA3 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xDD 0x7E 0x52 0x02 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0x22 0x1B 0x1A 0x69 ...
Reg HKLM\SYSTEM\ControlSet004\Services\BTHPORT\Parameters\Keys\002243c7c22a (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\BTHPORT\Parameters\Keys\002243c7c22a@40a6d933de76 0x22 0xFA 0x90 0x3D ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 1
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x27 0x95 0x36 0x53 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x82 0x6F 0xCF 0xD5 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x55 0xD9 0x2E 0xA3 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xDD 0x7E 0x52 0x02 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0x22 0x1B 0x1A 0x69 ...
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\CompatibilityAdapter\Signatures@User_Feed_Synchronization-{CA64AF00-3FA6-4A84-83EA-9D622EE2C500}.job.fp 1971410001
---- EOF - GMER 1.0.15 ----
OSAM: Code:
ATTFilter Report of OSAM: Autorun Manager v5.0.11926.0 hxxp://www.online-solutions.ru/en/ Saved at 20:07:25 on 21.03.2011 OS: Windows Vista Home Premium Edition Service Pack 2 (Build 6002), 32-bit Default Browser: Mozilla Corporation Firefox 3.6.15 Scanner Settings [x] Rootkits detection (hidden registry) [x] Rootkits detection (hidden files) [x] Retrieve files information [x] Check Microsoft signatures Filters [ ] Trusted entries [ ] Empty entries [x] Hidden registry entries (rootkit activity) [x] Exclusively opened files [x] Not found files [x] Files without detailed information [x] Existing files [ ] Non-startable services [ ] Non-startable drivers [x] Active entries [x] Disabled entries [Control Panel Objects] -----( %SystemRoot%\system32 )----- "ISUSPM.cpl" - "InstallShield Software Corporation" - C:\Windows\system32\ISUSPM.cpl "nvcpl.cpl" - "NVIDIA Corporation" - C:\Windows\system32\nvcpl.cpl -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )----- "Nero BurnRights" - "Nero AG" - C:\Program Files\Nero\Nero 7\Nero Toolkit\NeroBurnRights.cpl "Pando" - "Pando Networks" - C:\Program Files\Pando Networks\Media Booster\PMB.cpl "QuickTime" - "Apple Inc." - C:\Program Files\QuickTime\QTSystem\QuickTime.cpl [Drivers] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "a9vp902v" (a9vp902v) - "Microsoft Corporation" - C:\Windows\system32\drivers\a9vp902v.sys (Hidden registry entry, rootkit activity | File signed by Microsoft) "acedrv11" (acedrv11) - "Protect Software GmbH" - C:\Windows\system32\drivers\acedrv11.sys "an6s76n6" (an6s76n6) - "Microsoft Corporation" - C:\Windows\system32\drivers\an6s76n6.sys (Hidden registry entry, rootkit activity | File signed by Microsoft) "ASMMAP" (ASMMAP) - ? - C:\Program Files\ATKGFNEX\ASMMAP.sys "atksgt" (atksgt) - ? - C:\Windows\System32\DRIVERS\atksgt.sys (File found, but it contains no detailed information) "AVerMedia A815" (AVerAF15) - "AVerMedia TECHNOLOGIES, Inc." - C:\Windows\System32\Drivers\AVerAF15.sys "avgntflt" (avgntflt) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avgntflt.sys "avipbb" (avipbb) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avipbb.sys "catchme" (catchme) - ? - C:\Users\******\AppData\Local\Temp\catchme.sys (File not found) "EagleNT" (EagleNT) - ? - C:\Windows\system32\drivers\EagleNT.sys (File not found) "ghaio" (ghaio) - ? - C:\Program Files\ASUS\NB Probe\SPM\ghaio.sys (File found, but it contains no detailed information) "IP in IP Tunnel Driver" (IpInIp) - ? - C:\Windows\System32\DRIVERS\ipinip.sys (File not found) "IPX Traffic Filter Driver" (NwlnkFlt) - ? - C:\Windows\System32\DRIVERS\nwlnkflt.sys (File not found) "IPX Traffic Forwarder Driver" (NwlnkFwd) - ? - C:\Windows\System32\DRIVERS\nwlnkfwd.sys (File not found) "lirsgt" (lirsgt) - ? - C:\Windows\System32\DRIVERS\lirsgt.sys (File found, but it contains no detailed information) "oUltraf" (oUltraf) - ? - C:\Users\*******\AppData\Local\Temp\oUltraf.sys (File not found) "Philips SA60xx Recovery Device" (VtcDrv) - "Windows (R) Codename Longhorn DDK provider" - C:\Windows\System32\Drivers\vtcdrv.sys "REVOLTEC FightBoard" (systormflb) - ? - C:\Windows\System32\DRIVERS\systormflb.sys (File not found) "sptd" (sptd) - "Duplex Secure Ltd." - C:\Windows\System32\Drivers\sptd.sys (File is exclusively opened, access blocked) "Spyware Terminator Driver 2" (sp_rsdrv2) - ? - C:\Windows\system32\drivers\sp_rsdrv2.sys "ssmdrv" (ssmdrv) - "Avira GmbH" - C:\Windows\System32\DRIVERS\ssmdrv.sys "Syntek STK1150" (StkAMini) - "Syntek America Inc." - C:\Windows\System32\Drivers\StkAMini.sys "Syntek STK1150 Filter Driver" (StkScan) - "Syntek America Inc." - C:\Windows\System32\Drivers\StkScan.sys "ugddrpoc" (ugddrpoc) - ? - C:\Users\******\AppData\Local\Temp\ugddrpoc.sys (Hidden registry entry, rootkit activity | File not found) "XDva327" (XDva327) - ? - C:\Windows\system32\XDva327.sys (File not found) [Explorer] -----( HKLM\Software\Classes\Protocols\Filter )----- {807573E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL -----( HKLM\Software\Classes\Protocols\Handler )----- {314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )----- {911051fa-c21c-4246-b470-070cd8df6dc4} ".cab or .zip files" - ? - (File not found | COM-object registry key not found) {23170F69-40C1-278A-1000-000100020000} "7-Zip Shell Extension" - "Igor Pavlov" - C:\Program Files\7-Zip\7-zip.dll {1b24a030-9b20-49bc-97ac-1be4426f9e59} "ActiveDirectory Folder" - ? - (File not found | COM-object registry key not found) {34449847-FD14-4fc8-A75A-7432F5181EFB} "ActiveDirectory Folder" - ? - (File not found | COM-object registry key not found) {0F8604A5-4ECE-4DE1-BA7D-CF10F8AA4F48} "Contacts folder" - ? - (File not found | COM-object registry key not found) {A70C977A-BF00-412C-90B7-034C51DA2439} "DesktopContext Class" - "NVIDIA Corporation" - C:\Program Files\NVIDIA Corporation\Display\nvui.dll {2C2577C2-63A7-40e3-9B7F-586602617ECB} "Explorer Query Band" - ? - (File not found | COM-object registry key not found) {FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} "IE User Assist" - ? - (File not found | COM-object registry key not found) {B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} "iTunes" - "Apple Inc." - C:\Program Files\iTunes\iTunesMiniPlayer.dll {00020d75-0000-0000-c000-000000000046} "lnkfile" - ? - (File not found | COM-object registry key not found) {42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office14\msohevi.dll {993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\msoshext.dll {C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\msoshext.dll {0875DCB6-C686-4243-9432-ADCCF0B9F2D7} "Microsoft OneNote Namespace Extension for Windows Desktop Search" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office14\ONFILTER.DLL {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} "NVIDIA CPL Context Menu Extension" - "NVIDIA Corporation" - C:\Windows\system32\nvshext.dll {F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} "RealOne Player Context Menu Class" - "RealNetworks, Inc." - C:\Program Files\Real\RealPlayer\rpshell.dll {C8494E42-ACDD-4739-B0FB-217361E4894F} "Sam Account Folder" - ? - (File not found | COM-object registry key not found) {E29F9716-5C08-4FCD-955A-119FDB5A522D} "Sam Account Folder" - ? - (File not found | COM-object registry key not found) {45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\shlext.dll {BD88A479-9623-4897-8546-BC62B9628F44} "SPTHandler" - "Crawler.com" - C:\Program Files\Spyware Terminator\sptcontmenu.dll {DDE4BEEB-DDE6-48fd-8EB5-035C09923F83} "UnlockerShellExtension" - ? - C:\Program Files\Unlocker\UnlockerCOM.dll (File found, but it contains no detailed information) {DBD8E168-244D-448C-9922-25508950D1DC} "USIShellExt Class" - "Ulead Systems, Inc." - C:\Program Files\Common Files\Ulead Systems\DVD\USIShex.dll {da67b8ad-e81b-4c70-9b91b417b5e33527} "Windows Search Shell Service" - ? - (File not found | COM-object registry key not found) [Internet Explorer] -----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )----- ITBar7Height "ITBar7Height" - ? - (File not found | COM-object registry key not found) <binary data> "ITBar7Layout" - ? - (File not found | COM-object registry key not found) <binary data> "{D4027C7F-154A-4066-A1AD-4243D8127440}" - ? - (File not found | COM-object registry key not found) -----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )----- {8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_23" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} "Java Plug-in 1.6.0_23" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_23" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_23.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )----- {48E73304-E1D6-4330-914C-F5F514E3486C} "An OneNote senden" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll "FlashGet" - "FlashGet.com" - C:\Program Files\FlashGet\FlashGet.exe "ICQ7.2" - "ICQ, LLC." - C:\Program Files\ICQ7.2\ICQ.exe {FFFDC614-B694-4AE6-AB38-5D6374584B52} "Verknüpfte &OneNote-Notizen" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )----- {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} "FGCatchUrl" - "www.flashget.com" - C:\Program Files\FlashGet\jccatch.dll {F156768E-81EF-470C-9057-481BA8380DBA} "FlashGet GetFlash Class" - "www.flashget.com" - C:\Program Files\FlashGet\getflash.dll {DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2ssv.dll {B4F3A835-0E21-4959-BA22-42B3008E02FF} "Office Document Cache Handler" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office14\URLREDIR.DLL {3049C3E9-B461-4BC5-8870-4C09146192CA} "RealPlayer Download and Record Plugin for Internet Explorer" - "RealPlayer" - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll {9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live ID Sign-in Helper" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [Logon] -----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )----- "desktop.ini" - ? - C:\Users\******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini -----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )----- "desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini -----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )----- "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}" - "Nero AG" - "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" "DAEMON Tools Lite" - "DT Soft Ltd" - "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun "ISUSPM Startup" - "InstallShield Software Corporation" - C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup -----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )----- "StartupPrograms" - ? - rdpclip (File not found) -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )----- "ATKMEDIA" - "ASUS" - C:\Program Files\ASUS\ATK Media\DMedia.exe "ATKOSD2" - "ASUS" - C:\Program Files\ASUS\ATKOSD2\ATKOSD2.exe "avgnt" - "Avira GmbH" - "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min "HControlUser" - ? - C:\Program Files\ASUS\ATK Hotkey\HControlUser.exe "ISUSScheduler" - "InstallShield Software Corporation" - "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start "iTunesHelper" - "Apple Inc." - "C:\Program Files\iTunes\iTunesHelper.exe" "SwitchBoard" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe "TkBellExe" - "RealNetworks, Inc." - "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot "UnlockerAssistant" - ? - "C:\Program Files\Unlocker\UnlockerAssistant.exe" (File found, but it contains no detailed information) [Print Monitors] -----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )----- "PCL hpz3l5ha" - "Hewlett-Packard Company" - C:\Windows\system32\hpz3l5ha.dll [Services] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "@C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100" (WPFFontCache_v0400) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe "Apple Mobile Device" (Apple Mobile Device) - "Apple Inc." - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe "ASLDR Service" (ASLDRService) - ? - C:\Program Files\ASUS\ATK Hotkey\ASLDRSrv.exe "ATKGFNEX Service" (ATKGFNEXSrv) - ? - C:\Program Files\ATKGFNEX\GFNEXSrv.exe "Avira AntiVir Guard" (AntiVirService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\avguard.exe "Avira AntiVir Planer" (AntiVirSchedulerService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\sched.exe "Bluetooth Service" (btwdins) - "Broadcom Corporation." - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe "Dienst "Bonjour"" (Bonjour Service) - "Apple Inc." - C:\Program Files\Bonjour\mDNSResponder.exe "FLEXnet Licensing Service" (FLEXnet Licensing Service) - "Macrovision Europe Ltd." - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe "HP CUE DeviceDiscovery Service" (hpqddsvc) - ? - C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll (File not found) "hpqcxs08" (hpqcxs08) - ? - C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll (File not found) "InstallDriver Table Manager" (IDriverT) - "Macrovision Corporation" - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe "iPod-Dienst" (iPod Service) - "Apple Inc." - C:\Program Files\iPod\bin\iPodService.exe "Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe "Net Driver HPZ12" (Net Driver HPZ12) - "Hewlett-Packard" - C:\Windows\system32\HPZinw12.dll "NMIndexingService" (NMIndexingService) - "Nero AG" - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe "nProtect GameGuard Service" (npggsvc) - "INCA Internet Co., Ltd." - C:\Windows\system32\GameMon.des "NVIDIA Driver Helper Service" (NVSvc) - "NVIDIA Corporation" - C:\Windows\system32\nvvsvc.exe "NVIDIA Stereoscopic 3D Driver Service" (Stereo Service) - "NVIDIA Corporation" - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe "Office Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE "Office Software Protection Platform" (osppsvc) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE "Pml Driver HPZ12" (Pml Driver HPZ12) - "Hewlett-Packard" - C:\Windows\system32\HPZipm12.dll "PnkBstrA" (PnkBstrA) - ? - C:\Windows\system32\PnkBstrA.exe (File found, but it contains no detailed information) "spmgr" (spmgr) - ? - C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe "Spyware Terminator Realtime Shield Service" (sp_rssrv) - "Crawler.com" - C:\Program Files\Spyware Terminator\sp_rsser.exe "Steam Client Service" (Steam Client Service) - "Valve Corporation" - C:\Program Files\Common Files\Steam\SteamService.exe "SwitchBoard" (SwitchBoard) - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe "Syntek AVStream USB2.0 ATV Service" (StkSSrv) - ? - C:\Windows\System32\StkCSrv.exe (File not found) "Syntek STK1150 Service" (StkASSrv) - "Syntek America Inc." - C:\Windows\System32\StkASv2K.exe "TeamViewer 6" (TeamViewer6) - "TeamViewer GmbH" - C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe "Ulead Burning Helper" (UleadBurningHelper) - "Ulead Systems, Inc." - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe "Windows Live ID Sign-in Assistant" (wlidsvc) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [Winsock Providers] -----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )----- "mdnsNSP" - "Apple Inc." - C:\Program Files\Bonjour\mdnsNSP.dll ===[ Logfile end ]=========================================[ Logfile end ]=== If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru Code:
ATTFilter MBRCheck, version 1.2.3
(c) 2010, AD
Command-line:
Windows Version: Windows Vista Home Premium Edition
Windows Information: Service Pack 2 (build 6002), 32-bit
Base Board Manufacturer: ASUSTeK Computer Inc.
BIOS Manufacturer: American Megatrends Inc.
System Manufacturer: ASUSTeK Computer Inc.
System Product Name: M50Vn
Logical Drives Mask: 0x0000003c
Kernel Drivers (total 172):
0x82E11000 \SystemRoot\system32\ntkrnlpa.exe
0x831CB000 \SystemRoot\system32\hal.dll
0x8040D000 \SystemRoot\system32\kdcom.dll
0x80414000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x80484000 \SystemRoot\system32\PSHED.dll
0x80495000 \SystemRoot\system32\BOOTVID.dll
0x8049D000 \SystemRoot\system32\CLFS.SYS
0x804DE000 \SystemRoot\system32\CI.dll
0x80608000 \SystemRoot\system32\drivers\Wdf01000.sys
0x80684000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x80691000 \SystemRoot\System32\Drivers\spfk.sys
0x8078A000 \SystemRoot\System32\Drivers\WMILIB.SYS
0x80793000 \SystemRoot\System32\Drivers\SCSIPORT.SYS
0x807B9000 \SystemRoot\system32\drivers\acpi.sys
0x80600000 \SystemRoot\system32\drivers\msisadrv.sys
0x805BE000 \SystemRoot\system32\drivers\pci.sys
0x805E5000 \SystemRoot\System32\drivers\partmgr.sys
0x805F4000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x80400000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x8AE02000 \SystemRoot\system32\drivers\volmgr.sys
0x8AE11000 \SystemRoot\System32\drivers\volmgrx.sys
0x8AE5B000 \SystemRoot\System32\drivers\mountmgr.sys
0x8AE6B000 \SystemRoot\system32\DRIVERS\iaStor.sys
0x8AF44000 \SystemRoot\system32\drivers\atapi.sys
0x8AF4C000 \SystemRoot\system32\drivers\ataport.SYS
0x8AF6A000 \SystemRoot\system32\drivers\msahci.sys
0x8AF74000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0x8AF82000 \SystemRoot\system32\drivers\fltmgr.sys
0x8AFB4000 \SystemRoot\system32\drivers\fileinfo.sys
0x8B008000 \SystemRoot\System32\Drivers\ksecdd.sys
0x8B079000 \SystemRoot\system32\drivers\ndis.sys
0x8B184000 \SystemRoot\system32\drivers\msrpc.sys
0x8B1AF000 \SystemRoot\system32\drivers\NETIO.SYS
0x8B205000 \SystemRoot\System32\drivers\tcpip.sys
0x8B2EF000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x8B40D000 \SystemRoot\System32\Drivers\Ntfs.sys
0x8B51D000 \SystemRoot\system32\drivers\volsnap.sys
0x8B556000 \SystemRoot\System32\Drivers\spldr.sys
0x8B55E000 \SystemRoot\System32\Drivers\mup.sys
0x8B56D000 \SystemRoot\System32\drivers\ecache.sys
0x8B594000 \SystemRoot\system32\drivers\disk.sys
0x8B5A5000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x8B5C6000 \SystemRoot\system32\drivers\crcdisk.sys
0x8B5DC000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x8B5E7000 \SystemRoot\system32\DRIVERS\tunmp.sys
0x8B5F0000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x8EE0F000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
0x8F7AC000 \SystemRoot\system32\DRIVERS\nvBridge.kmd
0x8EC00000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x8ECA0000 \SystemRoot\System32\drivers\watchdog.sys
0x8ECAC000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x8ECB7000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x8ECF5000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x8ED04000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x8FC09000 \SystemRoot\system32\DRIVERS\NETw5v32.sys
0x9001C000 \SystemRoot\system32\DRIVERS\ohci1394.sys
0x9002C000 \SystemRoot\system32\DRIVERS\1394BUS.SYS
0x9003A000 \SystemRoot\system32\DRIVERS\sdbus.sys
0x90054000 \SystemRoot\system32\DRIVERS\rimmptsk.sys
0x90065000 \SystemRoot\system32\DRIVERS\rimsptsk.sys
0x90079000 \SystemRoot\system32\DRIVERS\rixdptsk.sys
0x900CB000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x900DE000 \SystemRoot\system32\DRIVERS\kbfiltr.sys
0x900E6000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x900F1000 \SystemRoot\system32\DRIVERS\SynTP.sys
0x90121000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x90123000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x9012E000 \SystemRoot\system32\DRIVERS\itecir.sys
0x90186000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x9019E000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0x901A4000 \SystemRoot\System32\Drivers\an6s76n6.SYS
0x8ED91000 \SystemRoot\System32\Drivers\a9vp902v.SYS
0x901DB000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x901DF000 \SystemRoot\system32\DRIVERS\ATKACPI.sys
0x8EDCA000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0x8F7AE000 \SystemRoot\system32\DRIVERS\storport.sys
0x901E7000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x901F2000 \SystemRoot\system32\DRIVERS\ManyCam.sys
0x8F7EF000 \SystemRoot\system32\DRIVERS\STREAM.SYS
0x8AFC4000 \SystemRoot\system32\DRIVERS\ks.sys
0x8B3E3000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x8EE00000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x9020D000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x90230000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x9023F000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x90253000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x90268000 \SystemRoot\system32\DRIVERS\termdd.sys
0x90278000 \SystemRoot\system32\DRIVERS\swenum.sys
0x9027A000 \SystemRoot\system32\DRIVERS\circlass.sys
0x90288000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x90292000 \SystemRoot\system32\DRIVERS\umbus.sys
0x9029F000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x902D4000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x9080D000 \SystemRoot\system32\drivers\RTKVHDA.sys
0x90A1A000 \SystemRoot\system32\drivers\portcls.sys
0x90A47000 \SystemRoot\system32\drivers\drmk.sys
0x90A6C000 \SystemRoot\system32\DRIVERS\AGRSM.sys
0x90B92000 \SystemRoot\system32\drivers\modem.sys
0x90B9F000 \SystemRoot\system32\drivers\nvhda32v.sys
0x90BC0000 \SystemRoot\system32\DRIVERS\hidir.sys
0x90BCB000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x90BDB000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x90BE2000 \SystemRoot\system32\drivers\MODEMCSA.sys
0x90BEC000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0x90BF5000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x90800000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x902E5000 \SystemRoot\System32\Drivers\Null.SYS
0x902EC000 \SystemRoot\System32\Drivers\Beep.SYS
0x902F3000 \SystemRoot\System32\drivers\vga.sys
0x902FF000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x90320000 \SystemRoot\system32\DRIVERS\ATSwpDrv.sys
0x90343000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x9034B000 \SystemRoot\system32\drivers\rdpencdd.sys
0x90353000 \SystemRoot\System32\Drivers\Msfs.SYS
0x9035E000 \SystemRoot\System32\Drivers\Npfs.SYS
0x9036C000 \SystemRoot\System32\DRIVERS\rasacd.sys
0x90375000 \SystemRoot\system32\DRIVERS\tdx.sys
0x9038B000 \SystemRoot\system32\DRIVERS\smb.sys
0x9039F000 \SystemRoot\system32\drivers\afd.sys
0x90C06000 \SystemRoot\System32\DRIVERS\netbt.sys
0x90C38000 \SystemRoot\system32\DRIVERS\pacer.sys
0x90C4E000 \SystemRoot\system32\DRIVERS\netbios.sys
0x90C5C000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x90C6F000 \SystemRoot\system32\DRIVERS\ssmdrv.sys
0x90C75000 \??\C:\Windows\system32\drivers\sp_rsdrv2.sys
0x90C98000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x90CD4000 \SystemRoot\system32\drivers\nsiproxy.sys
0x90CDE000 \SystemRoot\System32\Drivers\dfsc.sys
0x90CF5000 \SystemRoot\system32\DRIVERS\avipbb.sys
0x90D1B000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x90D32000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x90D3B000 \SystemRoot\system32\DRIVERS\etFilter.sys
0x90D6E000 \SystemRoot\system32\DRIVERS\etDevice.sys
0x90DE2000 \SystemRoot\system32\DRIVERS\etScan.sys
0x90DE4000 \SystemRoot\System32\Drivers\crashdmp.sys
0x8B30A000 \SystemRoot\System32\Drivers\dump_iaStor.sys
0x9AE30000 \SystemRoot\System32\win32k.sys
0x90DF1000 \SystemRoot\System32\drivers\Dxapi.sys
0x903E7000 \SystemRoot\system32\DRIVERS\monitor.sys
0x9B050000 \SystemRoot\System32\TSDDD.dll
0x9B080000 \SystemRoot\System32\ATMFD.DLL
0xA0003000 \SystemRoot\system32\drivers\luafv.sys
0xA001E000 \SystemRoot\system32\DRIVERS\avgntflt.sys
0xA0033000 \SystemRoot\system32\drivers\spsys.sys
0xA00E3000 \SystemRoot\system32\DRIVERS\lltdio.sys
0xA00F3000 \SystemRoot\system32\DRIVERS\nwifi.sys
0xA011D000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xA0127000 \SystemRoot\system32\DRIVERS\rspndr.sys
0xA013A000 \??\C:\Program Files\ATKGFNEX\ASMMAP.sys
0xA0141000 \SystemRoot\system32\drivers\HTTP.sys
0xA01AE000 \SystemRoot\System32\DRIVERS\srvnet.sys
0xA01CB000 \SystemRoot\system32\DRIVERS\bowser.sys
0xA01E4000 \SystemRoot\System32\drivers\mpsdrv.sys
0xA1E0A000 \SystemRoot\system32\drivers\mrxdav.sys
0xA1E2B000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xA1E4A000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0xA1E83000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0xA1E9B000 \SystemRoot\System32\DRIVERS\srv2.sys
0xA1EC3000 \SystemRoot\System32\DRIVERS\srv.sys
0xA1F11000 \??\C:\Windows\system32\drivers\acedrv11.sys
0xA1F3D000 \SystemRoot\system32\DRIVERS\atksgt.sys
0xA1F80000 \??\C:\Program Files\ASUS\NB Probe\SPM\ghaio.sys
0xA1F83000 \SystemRoot\system32\DRIVERS\lirsgt.sys
0xA3E02000 \SystemRoot\system32\drivers\peauth.sys
0xA3EE0000 \SystemRoot\System32\Drivers\fastfat.SYS
0xA3F08000 \SystemRoot\System32\Drivers\secdrv.SYS
0xA3F12000 \SystemRoot\System32\drivers\tcpipreg.sys
0xA3F1E000 \SystemRoot\system32\DRIVERS\cdfs.sys
0x9B0E0000 \SystemRoot\System32\cdd.dll
0xA3F46000 \??\C:\Users\*****\AppData\Local\Temp\ugddrpoc.sys
0x77D80000 \Windows\System32\ntdll.dll
0x10000000 \Program Files\Alcohol Soft\Alcohol 120\Alcoholx.dll
Processes (total 91):
0 System Idle Process
4 System
504 C:\Windows\System32\smss.exe
580 csrss.exe
632 C:\Windows\System32\wininit.exe
676 C:\Windows\System32\services.exe
712 C:\Windows\System32\lsass.exe
724 C:\Windows\System32\lsm.exe
860 C:\Windows\System32\svchost.exe
964 C:\Windows\System32\nvvsvc.exe
992 C:\Windows\System32\svchost.exe
1096 C:\Windows\System32\svchost.exe
1120 C:\Windows\System32\svchost.exe
1136 C:\Windows\System32\svchost.exe
1212 C:\Windows\System32\audiodg.exe
1232 C:\Windows\System32\svchost.exe
1248 C:\Windows\System32\SLsvc.exe
1288 C:\Windows\System32\svchost.exe
1404 C:\Windows\System32\svchost.exe
1516 C:\Program Files\ASUS\ATK Hotkey\AsLdrSrv.exe
1528 C:\Program Files\ATKGFNEX\GFNEXSrv.exe
1592 C:\Windows\System32\taskeng.exe
1636 C:\Windows\System32\spoolsv.exe
1660 C:\Program Files\Avira\AntiVir Desktop\sched.exe
1688 C:\Windows\System32\svchost.exe
2024 C:\Windows\System32\agrsmsvc.exe
2040 C:\Program Files\Avira\AntiVir Desktop\avguard.exe
352 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
520 C:\Program Files\Bonjour\mDNSResponder.exe
588 C:\Windows\System32\svchost.exe
572 C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
696 C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
1204 C:\Windows\System32\svchost.exe
1928 C:\Windows\System32\svchost.exe
2068 C:\Windows\System32\PnkBstrA.exe
2144 C:\Windows\System32\svchost.exe
2160 C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
2176 C:\Program Files\Spyware Terminator\sp_rsser.exe
2216 C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
2296 C:\Windows\System32\svchost.exe
2308 C:\Windows\System32\StkASv2K.exe
2368 C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe
2416 C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
2456 C:\Windows\System32\svchost.exe
2580 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
2600 C:\Windows\System32\SearchIndexer.exe
2892 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
1428 C:\Windows\System32\svchost.exe
3176 csrss.exe
3360 C:\Windows\System32\winlogon.exe
4036 C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
3548 C:\Windows\System32\nvvsvc.exe
1092 C:\Program Files\ASUS\ATK Hotkey\MsgTranAgt.exe
1032 C:\Program Files\ASUS\ATK Hotkey\HControl.exe
2720 C:\Program Files\Wireless Console 2\wcourier.exe
3496 C:\Program Files\P4G\BatteryLife.exe
364 C:\Windows\System32\dwm.exe
248 C:\Windows\System32\taskeng.exe
4068 C:\Program Files\TeamViewer\Version6\TeamViewer.exe
3936 C:\Windows\explorer.exe
2208 C:\Program Files\ASUS\ATK Hotkey\ATKOSD.exe
3772 C:\Program Files\ASUS\ATK Hotkey\KBFiltr.exe
3232 C:\Program Files\ASUS\SmartLogon\sensorsrv.exe
2084 C:\Program Files\ASUS\ATK Hotkey\WDC.exe
3748 C:\Program Files\TeamViewer\Version6\tv_w32.exe
3376 C:\Program Files\ASUS\ATK Hotkey\HControlUser.exe
2676 C:\Program Files\ASUS\ATKOSD2\ATKOSD2.exe
3152 C:\Windows\RtHDVCpl.exe
832 C:\Program Files\ASUS\ATK Media\DMedia.exe
2464 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
2408 C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
1924 C:\Program Files\Common Files\Real\Update_OB\realsched.exe
2256 C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
2272 C:\Program Files\iTunes\iTunesHelper.exe
2688 C:\Program Files\Windows Sidebar\sidebar.exe
880 C:\Program Files\Windows Media Player\wmpnscfg.exe
892 C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
1036 C:\Program Files\Windows Media Player\wmpnetwk.exe
816 C:\Program Files\Windows Sidebar\sidebar.exe
4172 C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
4228 C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
4328 C:\Program Files\iPod\bin\iPodService.exe
4508 C:\Windows\System32\wuauclt.exe
4596 C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
6112 C:\Program Files\Windows NT\Accessories\wordpad.exe
4124 C:\Program Files\Mozilla Firefox\firefox.exe
5712 C:\Program Files\Mozilla Firefox\plugin-container.exe
5320 C:\Windows\System32\SearchProtocolHost.exe
3836 C:\Windows\System32\SearchFilterHost.exe
4840 C:\Users\*****\Desktop\MBRCheck.exe
5520 C:\Windows\System32\conime.exe
\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000002`71200000 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000046`d7600000 (NTFS)
PhysicalDrive0 Model Number: HitachiHTS545050KTA300, Rev: BKFOC60G
Size Device Name MBR Status
--------------------------------------------
465 GB \\.\PhysicalDrive0 Unknown MBR code
SHA1: 16FACB29D75458833E397367B1DA17929157C2B3
Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:
Done!
|
|
21.03.2011, 20:23
| #18 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Abstürze ~ found.005\file000chkZitat:
Probier danach CF mit einer neuen cofi.exe nochmal aus. nach Anleitung!
__________________ |
|
21.03.2011, 21:39
| #20 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Abstürze ~ found.005\file000chk Hm, probier cofi bitte im abgesicherten Modus aus.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
21.03.2011, 22:21
| #21 |
| | Abstürze ~ found.005\file000chk Diesmal hat es geklappt, Log: Code:
ATTFilter ComboFix 11-03-21.01 - ***** 21.03.2011 21:50:12.4.2 - x86 MINIMAL
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.49.1031.18.3070.2602 [GMT 1:00]
ausgeführt von:: c:\users\*****\Desktop\cofi.exe
AV: AntiVir Desktop *Enabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Enabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\ntuser.dat
.
.
((((((((((((((((((((((((((((((((((((((( Treiber/Dienste )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_OULTRAF
.
.
((((((((((((((((((((((( Dateien erstellt von 2011-02-21 bis 2011-03-21 ))))))))))))))))))))))))))))))
.
.
2011-03-21 20:59 . 2011-03-21 21:02 -------- d-----w- c:\users\*****\AppData\Local\temp
2011-03-21 20:59 . 2011-03-21 20:59 -------- d-----w- c:\users\*****\AppData\Local\temp
2011-03-20 12:13 . 2011-03-20 12:13 -------- d-----w- C:\_OTL
2011-03-16 13:38 . 2011-03-16 14:05 -------- d-----w- c:\users\*****\AppData\Roaming\TeamViewer
2011-03-10 21:40 . 2011-03-10 21:40 -------- d-----w- c:\program files\iPod
2011-03-10 21:40 . 2011-03-10 21:41 -------- d-----w- c:\program files\iTunes
2011-03-08 14:20 . 2011-03-08 14:20 -------- d-----w- c:\program files\Microsoft XNA
2011-03-08 11:42 . 2011-03-21 21:01 -------- d-----w- c:\programdata\NVIDIA
2011-03-08 11:40 . 2011-03-08 11:40 -------- d-----w- c:\programdata\NVIDIA Corporation
2011-03-08 11:37 . 2011-03-08 11:43 -------- d-----w- c:\program files\NVIDIA Corporation
2011-03-08 10:57 . 2011-02-11 06:54 5943120 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{9A79B15C-7798-41D4-8136-CD2BE96F46D5}\mpengine.dll
2011-02-23 23:00 . 2009-10-09 21:56 2048 ----a-w- c:\windows\system32\winrsmgr.dll
2011-02-20 17:16 . 2011-02-20 17:16 -------- d-----w- c:\users\*****\AppData\Local\AirMouse
2011-02-20 17:16 . 2011-02-20 17:16 -------- d-----w- c:\program files\Air Mouse
2011-02-20 17:14 . 2011-02-20 17:14 -------- d-----w- c:\users\*****\AppData\Local\Downloaded Installations
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-20 15:58 . 2010-08-30 11:03 137656 ----a-w- c:\windows\system32\drivers\avipbb.sys
2011-03-08 15:38 . 2010-07-20 14:40 30520 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2011-03-08 15:37 . 2010-07-20 14:39 107832 ----a-w- c:\windows\system32\PnkBstrB.exe
2011-03-08 13:36 . 2010-07-20 14:40 22328 ----a-w- c:\users\*****\AppData\Roaming\PnkBstrK.sys
2011-03-08 13:36 . 2010-07-20 14:39 66872 ----a-w- c:\windows\system32\PnkBstrA.exe
2011-03-08 13:36 . 2010-07-20 14:39 2250024 ----a-w- c:\windows\system32\pbsvc.exe
2011-03-07 15:48 . 2010-02-21 11:30 45056 ----a-w- c:\windows\system32\acovcnt.exe
2011-02-18 15:36 . 2011-02-18 15:36 41984 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2011-02-18 15:36 . 2011-02-18 15:36 4184352 ----a-w- c:\windows\system32\usbaaplrc.dll
2011-02-10 11:14 . 2010-05-11 19:03 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2011-02-02 16:11 . 2010-02-21 11:59 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-01-20 16:37 . 2011-02-10 05:49 638336 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2011-01-20 16:08 . 2011-02-10 05:49 478720 ----a-w- c:\windows\system32\dxgi.dll
2011-01-20 16:08 . 2011-02-10 05:49 219648 ----a-w- c:\windows\system32\d3d10_1core.dll
2011-01-20 16:08 . 2011-02-10 05:49 189952 ----a-w- c:\windows\system32\d3d10core.dll
2011-01-20 16:08 . 2011-02-10 05:49 160768 ----a-w- c:\windows\system32\d3d10_1.dll
2011-01-20 16:08 . 2011-02-10 05:49 1029120 ----a-w- c:\windows\system32\d3d10.dll
2011-01-20 16:07 . 2011-02-10 05:49 37376 ----a-w- c:\windows\system32\cdd.dll
2011-01-20 16:07 . 2011-02-10 05:49 258048 ----a-w- c:\windows\system32\winspool.drv
2011-01-20 16:07 . 2011-02-10 05:49 586240 ----a-w- c:\windows\system32\stobject.dll
2011-01-20 16:06 . 2011-02-10 05:49 2873344 ----a-w- c:\windows\system32\mf.dll
2011-01-20 16:06 . 2011-02-10 05:49 26112 ----a-w- c:\windows\system32\printfilterpipelineprxy.dll
2011-01-20 16:04 . 2011-02-10 05:49 209920 ----a-w- c:\windows\system32\mfplat.dll
2011-01-20 16:04 . 2011-02-10 05:49 98816 ----a-w- c:\windows\system32\mfps.dll
2011-01-20 14:28 . 2011-02-10 05:49 1554432 ----a-w- c:\windows\system32\xpsservices.dll
2011-01-20 14:27 . 2011-02-10 05:49 876032 ----a-w- c:\windows\system32\XpsPrint.dll
2011-01-20 14:26 . 2011-02-10 05:49 667648 ----a-w- c:\windows\system32\printfilterpipelinesvc.exe
2011-01-20 14:25 . 2011-02-10 05:49 847360 ----a-w- c:\windows\system32\OpcServices.dll
2011-01-20 14:24 . 2011-02-10 05:49 288768 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-01-20 14:24 . 2011-02-10 05:49 135680 ----a-w- c:\windows\system32\XpsRasterService.dll
2011-01-20 14:15 . 2011-02-10 05:49 979456 ----a-w- c:\windows\system32\MFH264Dec.dll
2011-01-20 14:14 . 2011-02-10 05:49 357376 ----a-w- c:\windows\system32\MFHEAACdec.dll
2011-01-20 14:14 . 2011-02-10 05:49 302592 ----a-w- c:\windows\system32\mfmp4src.dll
2011-01-20 14:14 . 2011-02-10 05:49 261632 ----a-w- c:\windows\system32\mfreadwrite.dll
2011-01-20 14:12 . 2011-02-10 05:49 1172480 ----a-w- c:\windows\system32\d3d10warp.dll
2011-01-20 14:11 . 2011-02-10 05:49 486400 ----a-w- c:\windows\system32\d3d10level9.dll
2011-01-20 13:47 . 2011-02-10 05:49 683008 ----a-w- c:\windows\system32\d2d1.dll
2011-01-20 13:44 . 2011-02-10 05:49 1068544 ----a-w- c:\windows\system32\DWrite.dll
2011-01-20 13:44 . 2011-02-10 05:49 797184 ----a-w- c:\windows\system32\FntCache.dll
2011-01-08 08:47 . 2011-02-10 05:48 34304 ----a-w- c:\windows\system32\atmlib.dll
2011-01-08 06:28 . 2011-02-10 05:48 292352 ----a-w- c:\windows\system32\atmfd.dll
2011-01-05 09:38 . 2009-08-18 10:30 564632 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\wlidui.dll
2011-01-05 09:38 . 2009-08-18 10:24 17816 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-01-02 19:47 . 2011-01-02 19:47 142592 ----a-w- c:\windows\system32\drivers\sp_rsdrv2.sys
2011-01-02 11:09 . 2010-03-05 13:15 281760 ----a-w- c:\windows\system32\drivers\atksgt.sys
2011-01-02 11:09 . 2010-03-05 13:15 25888 ----a-w- c:\windows\system32\drivers\lirsgt.sys
2010-12-31 13:57 . 2011-02-10 05:49 2039808 ----a-w- c:\windows\system32\win32k.sys
2010-12-28 15:55 . 2011-01-12 08:54 413696 ----a-w- c:\windows\system32\odbc32.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2005-02-16 221184]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-01-15 147456]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HControlUser"="c:\program files\ASUS\ATK Hotkey\HControlUser.exe" [2008-01-11 98304]
"ATKOSD2"="c:\program files\ASUS\ATKOSD2\ATKOSD2.exe" [2008-07-15 7651328]
"RtHDVCpl"="RtHDVCpl.exe" [2008-06-13 6183456]
"ATKMEDIA"="c:\program files\ASUS\ATK Media\DMedia.exe" [2008-08-19 159744]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-07-03 1328424]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-02-16 81920]
"UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2010-03-09 15872]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-08-03 202256]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-11-12 281768]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-03-07 421160]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Air Mouse.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Air Mouse.lnk
backup=c:\windows\pss\Air Mouse.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^BTTray.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\BTTray.lnk
backup=c:\windows\pss\BTTray.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^*****^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk]
path=c:\users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk
backup=c:\windows\pss\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0]
2010-03-06 01:44 500208 ------w- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS5ServiceManager]
2010-02-22 02:57 406992 ----a-w- c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcoholAutomount]
2009-11-15 09:42 33120 ----a-w- c:\program files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUS Screen Saver Protector]
2010-02-20 21:55 3054136 ----a-w- c:\windows\AsScrPro.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA]
2010-05-23 21:07 323392 ----a-w- c:\program files\DNA\btdna.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-03-07 14:33 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2006-01-12 14:40 155648 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pando Media Booster]
2010-10-25 17:41 2969496 ----a-w- c:\program files\Pando Networks\Media Booster\PMB.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-29 16:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
2006-10-25 08:03 210472 ----a-w- c:\program files\Common Files\ScanSoft Shared\SSBkgdUpdate\SSBkgdUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-05-14 09:44 248552 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UVS10 Preload]
2006-08-09 13:27 36864 ------w- c:\program files\Ulead Systems\Ulead VideoStudio SE DVD\uvPL.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2008-01-21 02:25 202240 ----a-w- c:\program files\Windows Media Player\wmpnscfg.exe
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 StkSSrv;Syntek AVStream USB2.0 ATV Service;c:\windows\System32\StkCSrv.exe [x]
R3 AVerAF15;AVerMedia A815;c:\windows\system32\Drivers\AVerAF15.sys [2008-10-24 280576]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2008-01-29 29736]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [2009-07-15 3223416]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]
R3 StkCMini;Syntek AVStream USB2.0 ATV;c:\windows\system32\Drivers\StkCMini.sys [2007-06-28 577152]
R3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 systormflb;REVOLTEC FightBoard;c:\windows\system32\DRIVERS\systormflb.sys [x]
R3 VtcDrv;Philips SA60xx Recovery Device;c:\windows\system32\Drivers\vtcdrv.sys [2008-01-16 18944]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-07-26 697328]
S1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [2011-01-02 142592]
S2 acedrv11;acedrv11;c:\windows\system32\drivers\acedrv11.sys [2010-02-24 185472]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2010-11-12 135336]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-10-16 369256]
S2 TeamViewer6;TeamViewer 6;c:\program files\TeamViewer\Version6\TeamViewer_Service.exe [2010-12-07 2228008]
S3 DCamUSBET;USB2.0 1.3M UVC WebCam;c:\windows\system32\DRIVERS\etDevice.sys [2007-09-06 474624]
S3 FiltUSBET;ET USB Device Lower Filter;c:\windows\system32\DRIVERS\etFilter.sys [2007-10-15 206336]
S3 itecir;ITECIR Infrared Receiver;c:\windows\system32\DRIVERS\itecir.sys [2007-12-18 54784]
S3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\DRIVERS\ManyCam.sys [2008-01-14 21632]
S3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\NETw5v32.sys [2009-05-28 4233728]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2010-09-07 123496]
S3 ScanUSBET;ET USB Still Image Capture Device;c:\windows\system32\DRIVERS\etScan.sys [2007-09-06 6656]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Inhalt des "geplante Tasks" Ordners
.
2011-03-21 c:\windows\Tasks\User_Feed_Synchronization-{AD49E4E1-27B7-4CEC-81D1-44E3D120B31B}.job
- c:\windows\system32\msfeedssync.exe [2011-02-10 04:47]
.
.
------- Zusätzlicher Suchlauf -------
.
IE: &Alles mit FlashGet laden - c:\program files\FlashGet\jc_all.htm
IE: &Mit FlashGet laden - c:\program files\FlashGet\jc_link.htm
IE: An OneNote s&enden - c:\progra~1\MICROS~3\Office14\ONBttnIE.dll/105
IE: Free YouTube to MP3 Converter - c:\users\*****\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Nach Microsoft E&xcel exportieren - c:\progra~1\MICROS~3\Office14\EXCEL.EXE/3000
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
FF - ProfilePath - c:\users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\prmt64dh.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.groupon.de/deals/bochum|hxxp://www.onlinetvrecorder.com/|hxxp://www.facebook.com/
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\programdata\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Ext: All-in-One Gestures: {8b86149f-01fb-4842-9dd8-4d7eb02fd055} - %profile%\extensions\{8b86149f-01fb-4842-9dd8-4d7eb02fd055}
FF - Ext: FlashGot: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34} - %profile%\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}
FF - Ext: UltraSurf Firefox Tool: {5B52016C-D097-4aec-BE61-9F129D8FDDBA} - %profile%\extensions\{5B52016C-D097-4aec-BE61-9F129D8FDDBA}
FF - Ext: YouTube to MP3: youtube2mp3@mondayx.de - %profile%\extensions\youtube2mp3@mondayx.de
FF - Ext: vShare Plugin: vshare@toolbar - %profile%\extensions\vshare@toolbar
FF - Ext: Redirect Remover: {fe0258ab-4f74-43a1-8781-bcdf340f9ee9} - %profile%\extensions\{fe0258ab-4f74-43a1-8781-bcdf340f9ee9}
FF - Ext: German Dictionary: de-DE@dictionaries.addons.mozilla.org - %profile%\extensions\de-DE@dictionaries.addons.mozilla.org
FF - Ext: DownThemAll!: {DDC359D1-844A-42a7-9AA1-88A850A938A8} - %profile%\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
FF - Ext: PDF Download: {37E4D8EA-8BDA-4831-8EA1-89053939A250} - %profile%\extensions\{37E4D8EA-8BDA-4831-8EA1-89053939A250}
FF - Ext: DVDVideoSoft Menu: {ACAA314B-EEBA-48e4-AD47-84E31C44796C} - %profile%\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKCU-Run-AdobeBridge - (no file)
MSConfigStartUp-hpqSRMon - c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe
MSConfigStartUp-OpAgent - OpAgent.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2011-03-21 22:02
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
.
c:\windows\WindowsUpdate.log 479 bytes
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 1
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-2281967408-4252342673-164111705-1000\Software\SecuROM\License information*]
"datasecu"=hex:02,4d,50,38,bb,07,f8,ac,30,69,9c,32,30,94,6f,b6,e4,2f,85,c9,46,
0a,36,d1,a6,29,a5,e4,12,94,76,9e,5f,b1,f3,42,b8,0f,4c,85,60,b1,c8,53,6c,e3,\
"rkeysecu"=hex:49,00,12,ee,18,8e,bf,24,ff,7e,3d,fb,c1,9b,00,a8
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'Explorer.exe'(5628)
c:\program files\Unlocker\UnlockerHook.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\program files\ASUS\ATK Hotkey\ASLDRSrv.exe
c:\program files\ATKGFNEX\GFNEXSrv.exe
c:\program files\NVIDIA Corporation\Display\NvXDSync.exe
c:\windows\system32\nvvsvc.exe
c:\windows\system32\agrsmsvc.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\ASUS\NB Probe\SPM\spmgr.exe
c:\program files\Spyware Terminator\sp_rsser.exe
c:\windows\System32\StkASv2K.exe
c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\servicing\TrustedInstaller.exe
c:\program files\TeamViewer\Version6\TeamViewer.exe
c:\program files\ASUS\SmartLogon\sensorsrv.exe
c:\program files\ASUS\ATK Hotkey\MsgTranAgt.exe
c:\program files\ASUS\ATK Hotkey\HControl.exe
c:\program files\P4G\BatteryLife.exe
c:\windows\system32\conime.exe
c:\program files\TeamViewer\Version6\tv_w32.exe
c:\windows\RtHDVCpl.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\Synaptics\SynTP\SynTPHelper.exe
c:\program files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Common Files\Ahead\Lib\NMIndexingService.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2011-03-21 22:10:56 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2011-03-21 21:10
.
Vor Suchlauf: 11 Verzeichnis(se), 54.565.830.656 Bytes frei
Nach Suchlauf: 17 Verzeichnis(se), 50.910.953.472 Bytes frei
.
- - End Of File - - EC8A01D8B36410283F8CB0B34F8E1C84
cofi hat übrings angezeigt Antivir wäre an, ich hab im Taskmanager unter Dienste geschaut, da stand beendet, auch antivir selber hat angezeigt das der Guard aus ist, unten in der Leiste wurde er auch nicht angezeigt, habe deshalb einfach auf weiter geklickt Geändert von Amerilion (21.03.2011 um 22:34 Uhr) |
|
22.03.2011, 10:04
| #22 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Abstürze ~ found.005\file000chk Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs. Denk dran beide Tools zu updaten vor dem Scan!!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
23.03.2011, 11:40
| #23 |
| | Abstürze ~ found.005\file000chk Hui das hat gedauert, hier Malwarebytes: Code:
ATTFilter Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org
Datenbank Version: 6133
Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.19019
22.03.2011 22:54:18
mbam-log-2011-03-22 (22-54-18).txt
Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 468933
Laufzeit: 2 Stunde(n), 33 Minute(n), 50 Sekunde(n)
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0
Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)
Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)
Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
Code:
ATTFilter SUPERAntiSpyware Scann-Protokoll
hxxp://www.superantispyware.com
Generiert 03/23/2011 bei 11:01 AM
Version der Applikation : 4.50.1002
Version der Kern-Datenbank : 6656
Version der Spur-Datenbank : 4468
Scan Art : kompletter Scann
Totale Scann-Zeit : 03:15:27
Gescannte Speicherelemente : 684
Erfasste Speicher-Bedrohungen : 0
Gescannte Register-Elemente : 11262
Erfasste Register-Bedrohungen : 0
Gescannte Datei-Elemente : 294419
Erfasste Datei-Elemente : 0
Sieht ja ganz gut aus, was ist mit Antivir, soll ich das einfach ignorieren das der nicht durchläuft? |
|
23.03.2011, 12:25
| #24 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Abstürze ~ found.005\file000chkZitat:
Abgesehen davon; läuft der Rechner wieder normal?
__________________ Logfiles bitte immer in CODE-Tags posten |
|
24.03.2011, 12:30
| #25 |
| | Abstürze ~ found.005\file000chk Der Rechner ist in letzter Zeit nur noch bei Antivir abgestürzt. Hab grade eben noch zweimal getestet, beim ersten Versuch ist kam er die Meldung der Antivir-Notification Service muss beendet werden, dann startete der Rechner einige Minuten später mit chdsk durchlauf bei dem auch einige verwaiste Dateien wiederhergestellt wurden neu, beim zweiten Versuch hing sich der Rechner wieder nach ca. 24% auf, auch hier wieder chdsk Durchlauf, diesmal ohne Meldung über defekte Dateinen |
|
24.03.2011, 13:56
| #26 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Abstürze ~ found.005\file000chk Hoffentlich hat die PLatte nichts. Teste mal hiermit => http://www.chip.de/downloads/Western..._29715653.html Mach einen QUICKSCAN, wenn der fehlerfrei ist einen EXTENDED SCAN.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
25.03.2011, 07:10
| #27 |
| | Abstürze ~ found.005\file000chk Der Quickscan hat sich beim ersten mal aufgehängt, beim zweiten Versuch lief er problemlos durch. Der Vollscan hat sich in der Nacht aufgehängt, da ich den Rechner tagsüber brauche kann ich es erst wieder nächste Nacht versuchen, sieht aber irgedwie nicht ganz so vielversprechend aus, die Symptome deuten ja schon auf n Festplattenschaden hin  Naja, mal schauen was die nächste Nacht ergibt |
|
25.03.2011, 11:12
| #28 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Abstürze ~ found.005\file000chk Hmhmhm... Ich würd so schnell wie möglich ne neue Platte kaufen. Je nach Wichtigkeit/Dringlichkeit. Dann könntest du nämlich dann schnell von der jetzigen wahrscheinlich defekten Platte die Partitionen auf die neue spiegeln.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
26.03.2011, 07:28
| #29 |
| | Abstürze ~ found.005\file000chk Vollscan hängt sich wieder am gleichen Cluster auf, ich denk ich werd mir ne neue Platte besorgen, die wichtigsten Daten hab ich erstmal auf eine externe Festplatte ausgelagert... Ich danke dir vielmals für die kompetente und schnelle Hilfe, vielen Dank! |
|
| Themen zu Abstürze ~ found.005\file000chk |
| 32 bit, 7-zip, adblock, akamai, alternate, antivir, avgntflt.sys, avira, bho, bonjour, c:\windows\system32\rundll32.exe, converter, counter-strike source, document, error, excel, firefox, flash player, gfnexsrv.exe, home, hängt, install.exe, jdownloader, location, locker, logfile, microsoft office word, monkey island, mp3, nvlddmkm.sys, oldtimer, opera.exe, otl.exe, plug-in, problem, programdata, realtek, registry, saver, sched.exe, searchplugins, security, sekunden, senden, shell32.dll, skype.exe, software, sptd.sys, spyware, spyware terminator, start menu, teamspeak, vista, windows |
Linear-Darstellung
