Trojaner-Board
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   TR/Kazy.mekml.1 ? (https://www.trojaner-board.de/98497-tr-kazy-mekml-1-a.html)

Parkentiner1 29.04.2011 21:16
TR/Kazy.mekml.1 ?
 
Also ich habe ein ähnliches problem wie einige meiner vorgänger.
ich hatte auf einmal kaum noch icons auf meinem deskop.
habe dann systemwiederherstellung gemacht, die icons waren wieder da, aber der inhalt (dateien) eben nicht.
ich bekam immer die nachricht das nicht auf meinen RAM speicher zugegriffen werden kann.

habe mir durch belesen auch schon malwarebytes - anti-malware gedownloadet und den quickscann gemacht und alles infizierte gelöscht.

folgendes steht im log

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Datenbank Version: 6474

Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.11

29.04.2011 21:57:36
mbam-log-2011-04-29 (21-57-36).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 174250
Laufzeit: 5 Minute(n), 4 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 21
Infizierte Registrierungswerte: 2
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 4

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Installer\Features\9EE2330AE5F4470CAC801BAAC83818C9 (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Installer\Products\568267ACFC5644DAB06F058006DDBAE3 (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{060BB0AB-4B09-4C51-9ECB-9580A6D08D7F} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{060BB0AB-4B09-4C51-9ECB-9580A6D08D7F} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1F158A1E-A687-4A11-9679-B3AC64B86A1C} (Adware.Seekmo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6FD31ED6-7C94-4BBC-8E95-F927F4D3A949} (Adware.180Solutions) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\InstIE.HbInstObj (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Toolbar.HtmlMenuUI (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\NetPumper (Adware.NetPumper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\MS Juan (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Purchased Products (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\dslcnnct (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\jkwslist (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Juan (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Word\Addins\HostOL.MailAnim (Adware.Hotbar) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{060BB0AB-4B09-4C51-9ECB-9580A6D08D7F} (Trojan.Vundo) -> Value: {060BB0AB-4B09-4C51-9ECB-9580A6D08D7F} -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{060BB0AB-4B09-4C51-9ECB-9580A6D08D7F} (Trojan.Vundo) -> Value: {060BB0AB-4B09-4C51-9ECB-9580A6D08D7F} -> Quarantined and deleted successfully.

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:





kann mir bitte jemand weiter helfen??
danke schonmal

habe mittlerweile auch OTL durchlaufen lassen.OTL Logfile:
Code:
OTL logfile created on: 30.04.2011 00:03:13 - Run 1
OTL by OldTimer - Version 3.2.22.3    Folder = C:\Dokumente und Einstellungen\Köhny\Eigene Dateien\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1.023,00 Mb Total Physical Memory | 582,00 Mb Available Physical Memory | 57,00% Memory free
2,00 Gb Paging File | 1,00 Gb Available in Paging File | 82,00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 74,52 Gb Total Space | 5,26 Gb Free Space | 7,05% Space Free | Partition Type: NTFS
 
Computer Name: CHRISTOPHER | User Name: Köhny | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Dokumente und Einstellungen\Köhny\Eigene Dateien\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
PRC - C:\Programme\ICQ6Toolbar\ICQ Service.exe ()
PRC - C:\Programme\Pando Networks\Media Booster\PMB.exe ()
PRC - C:\Programme\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.)
PRC - C:\Programme\Belkin\F6D4050\v1\Belkinwcui.exe (Belkin International, Inc.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Olivetti\ANY_WAY\olDvcStatus.exe (Olivetti)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Dokumente und Einstellungen\Köhny\Eigene Dateien\Downloads\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation)
MOD - C:\Programme\SweetIM\Messenger\mgAdaptersProxy.dll (SweetIM Technologies Ltd.)
MOD - C:\WINDOWS\system32\mlang.dll (Microsoft Corporation)
MOD - C:\Programme\SweetIM\Messenger\msvcr71.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (HidServ) --  File not found
SRV - (AppMgmt) --  File not found
SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (ICQ Service) -- C:\Programme\ICQ6Toolbar\ICQ Service.exe ()
SRV - (npggsvc) -- C:\WINDOWS\System32\GameMon.des (INCA Internet Co., Ltd.)
SRV - (TuneUp.Defrag) -- C:\WINDOWS\system32\TuneUpDefragService.exe (TuneUp Software GmbH)
SRV - (UxTuneUp) -- C:\WINDOWS\system32\uxtuneup.dll (TuneUp Software GmbH)
SRV - (InCDsrv) -- C:\Programme\Nero\Nero 7\InCD\InCDsrv.exe (Nero AG)
SRV - (NMIndexingService) -- C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMIndexingService.exe (Nero AG)
SRV - (olMntrService) -- C:\Programme\Olivetti\ANY_WAY\olMntrService.exe (Olivetti)
SRV - (IDriverT) -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe (Macrovision Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH)
DRV - (tmnsusbser) -- C:\WINDOWS\system32\drivers\tmnsusbser.sys (Wireless Device)
DRV - (tmusbnet) -- C:\WINDOWS\system32\drivers\tmusbnet.sys (QUALCOMM Incorporated)
DRV - (fssfltr) -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys (Microsoft Corporation)
DRV - (ewusbnet) -- C:\WINDOWS\system32\drivers\ewusbnet.sys (Huawei Technologies Co., Ltd.)
DRV - (hwusbfake) -- C:\WINDOWS\system32\drivers\ewusbfake.sys (Huawei Technologies Co., Ltd.)
DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (hwdatacard) -- C:\WINDOWS\system32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
DRV - (rt2870) -- C:\WINDOWS\system32\drivers\rt2870.sys (Ralink Technology, Corp.)
DRV - (gameenum) -- C:\WINDOWS\system32\drivers\gameenum.sys (Microsoft Corporation)
DRV - (InCDfs) -- C:\WINDOWS\system32\drivers\InCDfs.sys (Nero AG)
DRV - (incdrm) -- C:\WINDOWS\system32\drivers\InCDRm.sys (Nero AG)
DRV - (InCDPass) -- C:\WINDOWS\system32\drivers\InCDPass.sys (Nero AG)
DRV - (sptd) -- C:\WINDOWS\System32\Drivers\sptd.sys ()
DRV - (hamachi) -- C:\WINDOWS\system32\drivers\hamachi.sys (Applied Networking Inc.)
DRV - (PDNMp50) -- C:\WINDOWS\system32\drivers\PDNMp50.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (PDNSp50) -- C:\WINDOWS\system32\drivers\PDNSp50.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (ACEDRV05) -- C:\WINDOWS\system32\drivers\ACEDRV05.sys (Protect Software GmbH)
DRV - (sfvfs02) StarForce Protection VFS Driver (version 2.x) -- C:\WINDOWS\System32\drivers\sfvfs02.sys (Protection Technology)
DRV - (PDDSLADP) -- C:\WINDOWS\system32\drivers\PDDSLADP.SYS (ProDyne)
DRV - (PDDSLHND) -- C:\WINDOWS\System32\drivers\PDDSLHND.SYS (ProDyne)
DRV - (ALCXWDM) Service for Realtek AC97 Audio (WDM) -- C:\WINDOWS\system32\drivers\alcxwdm.sys (Realtek Semiconductor Corp.)
DRV - (sfdrv01) StarForce Protection Environment Driver (version 1.x) -- C:\WINDOWS\System32\drivers\sfdrv01.sys (Protection Technology)
DRV - (nvnetbus) -- C:\WINDOWS\system32\drivers\nvnetbus.sys (NVIDIA Corporation)
DRV - (NVENETFD) -- C:\WINDOWS\system32\drivers\NVENETFD.sys (NVIDIA Corporation)
DRV - (sfhlp02) StarForce Protection Helper Driver (version 2.x) -- C:\WINDOWS\System32\drivers\sfhlp02.sys (Protection Technology)
DRV - (NPPTNT2) -- C:\WINDOWS\system32\npptNT2.sys (INCA Internet Co., Ltd.)
DRV - (EIO) -- C:\WINDOWS\system32\drivers\EIO.sys (ASUSTeK Computer Inc.)
DRV - (prohlp02) -- C:\WINDOWS\System32\drivers\prohlp02.sys (Protection Technology)
DRV - (prodrv06) -- C:\WINDOWS\System32\drivers\prodrv06.sys (Protection Technology)
DRV - (sfhlp01) -- C:\WINDOWS\System32\drivers\sfhlp01.sys (Protection Technology)
DRV - (prosync1) -- C:\WINDOWS\System32\drivers\prosync1.sys (Protection Technology)
DRV - (ms_mpu401) -- C:\WINDOWS\system32\drivers\msmpu401.sys (Microsoft Corporation)
DRV - (irsir) -- C:\WINDOWS\system32\drivers\irsir.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://alice.aol.de
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://alice.aol.de
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Prev Search Page = hxxp://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie
IE - HKCU\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKCU\..\URLSearchHook: {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Programme\SweetIM\Toolbars\Internet Explorer\mgHelper.dll (SweetIM Technologies Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.defaultthis.engineName: "DVDVideoSoftTB Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.order.1: "Ask"
FF - prefs.js..browser.search.selectedEngine: "DVDVideoSoftTB Customized Web Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://search.conduit.com/?ctid=CT2269050&SearchSource=13"
FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:1.1.8
FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.3.3.2
FF - prefs.js..extensions.enabledItems: {872b5b88-9db5-4310-bdd0-ac189557e5f5}:3.3.3.2
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..keyword.URL: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=2&q="
FF - prefs.js..sweetim.toolbar.previous.keyword.URL: "hxxp://www.bing.com/search?FORM=IEFM1&q="
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.18\extensions\\Components: C:\Programme\Mozilla Firefox\components [2011.03.26 23:33:03 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.18\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2011.03.26 23:33:03 | 000,000,000 | ---D | M]
 
[2009.01.18 15:32:50 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Köhny\Anwendungsdaten\Mozilla\Extensions
[2011.04.29 21:08:17 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Köhny\Anwendungsdaten\Mozilla\Firefox\Profiles\bc46lh50.default\extensions
[2009.10.12 22:50:36 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Dokumente und Einstellungen\Köhny\Anwendungsdaten\Mozilla\Firefox\Profiles\bc46lh50.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.10.30 16:46:18 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Dokumente und Einstellungen\Köhny\Anwendungsdaten\Mozilla\Firefox\Profiles\bc46lh50.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2011.04.12 20:00:14 | 000,000,000 | ---D | M] (DVDVideoSoftTB Community Toolbar) -- C:\Dokumente und Einstellungen\Köhny\Anwendungsdaten\Mozilla\Firefox\Profiles\bc46lh50.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
[2011.04.12 19:59:45 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Dokumente und Einstellungen\Köhny\Anwendungsdaten\Mozilla\Firefox\Profiles\bc46lh50.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2010.02.16 18:56:40 | 000,000,000 | ---D | M] (DownThemAll!) -- C:\Dokumente und Einstellungen\Köhny\Anwendungsdaten\Mozilla\Firefox\Profiles\bc46lh50.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
[2011.04.12 20:00:14 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Dokumente und Einstellungen\Köhny\Anwendungsdaten\Mozilla\Firefox\Profiles\bc46lh50.default\extensions\engine@conduit.com
[2008.02.17 23:39:15 | 000,001,878 | -H-- | M] () -- C:\Dokumente und Einstellungen\Köhny\Anwendungsdaten\Mozilla\Firefox\Profiles\bc46lh50.default\searchplugins\aolsearch.xml
[2009.02.09 18:56:09 | 000,000,681 | -H-- | M] () -- C:\Dokumente und Einstellungen\Köhny\Anwendungsdaten\Mozilla\Firefox\Profiles\bc46lh50.default\searchplugins\ask.xml
[2009.10.10 17:37:59 | 000,002,163 | -H-- | M] () -- C:\Dokumente und Einstellungen\Köhny\Anwendungsdaten\Mozilla\Firefox\Profiles\bc46lh50.default\searchplugins\bing.xml
[2011.04.06 10:55:46 | 000,000,931 | -H-- | M] () -- C:\Dokumente und Einstellungen\Köhny\Anwendungsdaten\Mozilla\Firefox\Profiles\bc46lh50.default\searchplugins\conduit.xml
[2011.04.24 23:44:44 | 000,000,961 | -H-- | M] () -- C:\Dokumente und Einstellungen\Köhny\Anwendungsdaten\Mozilla\Firefox\Profiles\bc46lh50.default\searchplugins\icqplugin-1.xml
[2009.10.10 20:20:32 | 000,000,950 | -H-- | M] () -- C:\Dokumente und Einstellungen\Köhny\Anwendungsdaten\Mozilla\Firefox\Profiles\bc46lh50.default\searchplugins\icqplugin-10.xml
[2009.10.30 00:20:36 | 000,000,950 | -H-- | M] () -- C:\Dokumente und Einstellungen\Köhny\Anwendungsdaten\Mozilla\Firefox\Profiles\bc46lh50.default\searchplugins\icqplugin-11.xml
[2009.12.17 20:24:15 | 000,000,950 | -H-- | M] () -- C:\Dokumente und Einstellungen\Köhny\Anwendungsdaten\Mozilla\Firefox\Profiles\bc46lh50.default\searchplugins\icqplugin-12.xml
[2010.01.21 19:04:23 | 000,000,950 | -H-- | M] () -- C:\Dokumente und Einstellungen\Köhny\Anwendungsdaten\Mozilla\Firefox\Profiles\bc46lh50.default\searchplugins\icqplugin-13.xml
[2010.02.19 15:08:28 | 000,000,961 | -H-- | M] () -- C:\Dokumente und Einstellungen\Köhny\Anwendungsdaten\Mozilla\Firefox\Profiles\bc46lh50.default\searchplugins\icqplugin-14.xml
[2010.04.06 19:24:05 | 000,000,961 | -H-- | M] () -- C:\Dokumente und Einstellungen\Köhny\Anwendungsdaten\Mozilla\Firefox\Profiles\bc46lh50.default\searchplugins\icqplugin-15.xml
[2010.07.04 20:16:22 | 000,000,961 | -H-- | M] () -- C:\Dokumente und Einstellungen\Köhny\Anwendungsdaten\Mozilla\Firefox\Profiles\bc46lh50.default\searchplugins\icqplugin-16.xml
[2010.12.14 21:39:29 | 000,000,961 | -H-- | M] () -- C:\Dokumente und Einstellungen\Köhny\Anwendungsdaten\Mozilla\Firefox\Profiles\bc46lh50.default\searchplugins\icqplugin-17.xml
[2008.09.03 01:12:41 | 000,000,950 | -H-- | M] () -- C:\Dokumente und Einstellungen\Köhny\Anwendungsdaten\Mozilla\Firefox\Profiles\bc46lh50.default\searchplugins\icqplugin-2.xml
[2008.10.25 22:18:41 | 000,000,950 | -H-- | M] () -- C:\Dokumente und Einstellungen\Köhny\Anwendungsdaten\Mozilla\Firefox\Profiles\bc46lh50.default\searchplugins\icqplugin-3.xml
[2008.12.12 00:47:41 | 000,000,950 | -H-- | M] () -- C:\Dokumente und Einstellungen\Köhny\Anwendungsdaten\Mozilla\Firefox\Profiles\bc46lh50.default\searchplugins\icqplugin-4.xml
[2009.01.18 15:26:32 | 000,000,950 | -H-- | M] () -- C:\Dokumente und Einstellungen\Köhny\Anwendungsdaten\Mozilla\Firefox\Profiles\bc46lh50.default\searchplugins\icqplugin-5.xml
[2009.07.18 18:50:33 | 000,000,950 | -H-- | M] () -- C:\Dokumente und Einstellungen\Köhny\Anwendungsdaten\Mozilla\Firefox\Profiles\bc46lh50.default\searchplugins\icqplugin-6.xml
[2009.07.19 10:49:38 | 000,000,950 | -H-- | M] () -- C:\Dokumente und Einstellungen\Köhny\Anwendungsdaten\Mozilla\Firefox\Profiles\bc46lh50.default\searchplugins\icqplugin-7.xml
[2009.07.24 17:08:58 | 000,000,950 | -H-- | M] () -- C:\Dokumente und Einstellungen\Köhny\Anwendungsdaten\Mozilla\Firefox\Profiles\bc46lh50.default\searchplugins\icqplugin-8.xml
[2009.08.06 18:15:16 | 000,000,950 | -H-- | M] () -- C:\Dokumente und Einstellungen\Köhny\Anwendungsdaten\Mozilla\Firefox\Profiles\bc46lh50.default\searchplugins\icqplugin-9.xml
[2010.06.21 16:35:24 | 000,001,042 | -H-- | M] () -- C:\Dokumente und Einstellungen\Köhny\Anwendungsdaten\Mozilla\Firefox\Profiles\bc46lh50.default\searchplugins\icqplugin.xml
[2010.02.02 01:13:35 | 000,003,915 | -H-- | M] () -- C:\Dokumente und Einstellungen\Köhny\Anwendungsdaten\Mozilla\Firefox\Profiles\bc46lh50.default\searchplugins\sweetim.xml
[2010.06.26 13:24:23 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2008.03.28 00:42:43 | 000,000,000 | ---D | M] (Google Settings) -- C:\Programme\Mozilla Firefox\extensions\google-gzfb@partners.mozilla.com
File not found (No name found) -- C:\DOKUMENTE UND EINSTELLUNGEN\KöHNY\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\BC46LH50.DEFAULT\EXTENSIONS\{20A82645-C095-46ED-80E3-08825760534B}
File not found (No name found) -- C:\DOKUMENTE UND EINSTELLUNGEN\KöHNY\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\BC46LH50.DEFAULT\EXTENSIONS\{872B5B88-9DB5-4310-BDD0-AC189557E5F5}
File not found (No name found) -- C:\DOKUMENTE UND EINSTELLUNGEN\KöHNY\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\BC46LH50.DEFAULT\EXTENSIONS\{ACAA314B-EEBA-48E4-AD47-84E31C44796C}
File not found (No name found) -- C:\DOKUMENTE UND EINSTELLUNGEN\KöHNY\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\BC46LH50.DEFAULT\EXTENSIONS\{DDC359D1-844A-42A7-9AA1-88A850A938A8}
File not found (No name found) -- C:\DOKUMENTE UND EINSTELLUNGEN\KöHNY\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\BC46LH50.DEFAULT\EXTENSIONS\ENGINE@CONDUIT.COM
[2010.08.25 12:19:48 | 001,459,712 | ---- | M] (1 mal 1 Software GmbH) -- C:\Programme\Mozilla Firefox\plugins\NpFv530.dll
[2009.11.22 21:09:36 | 000,238,776 | ---- | M] (Pando Networks) -- C:\Programme\Mozilla Firefox\plugins\npPandoWebInst.dll
[2011.03.26 23:32:56 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2011.03.26 23:32:56 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2011.03.26 23:32:56 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2011.03.26 23:32:56 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2011.03.26 23:32:56 | 000,000,801 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2008.03.31 13:33:44 | 000,229,080 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1    www.007guard.com
O1 - Hosts: 127.0.0.1    007guard.com
O1 - Hosts: 127.0.0.1    008i.com
O1 - Hosts: 127.0.0.1    www.008k.com
O1 - Hosts: 127.0.0.1    008k.com
O1 - Hosts: 127.0.0.1    www.00hq.com
O1 - Hosts: 127.0.0.1    00hq.com
O1 - Hosts: 127.0.0.1    010402.com
O1 - Hosts: 127.0.0.1    www.032439.com
O1 - Hosts: 127.0.0.1    032439.com
O1 - Hosts: 127.0.0.1    www.1001-search.info
O1 - Hosts: 127.0.0.1    1001-search.info
O1 - Hosts: 127.0.0.1    www.100888290cs.com
O1 - Hosts: 127.0.0.1    100888290cs.com
O1 - Hosts: 127.0.0.1    www.100sexlinks.com
O1 - Hosts: 127.0.0.1    100sexlinks.com
O1 - Hosts: 127.0.0.1    www.10sek.com
O1 - Hosts: 127.0.0.1    10sek.com
O1 - Hosts: 127.0.0.1    www.123topsearch.com
O1 - Hosts: 127.0.0.1    123topsearch.com
O1 - Hosts: 127.0.0.1    www.132.com
O1 - Hosts: 127.0.0.1    132.com
O1 - Hosts: 127.0.0.1    www.136136.net
O1 - Hosts: 127.0.0.1    136136.net
O1 - Hosts: 127.0.0.1    www.139mm.com
O1 - Hosts: 8058 more lines...
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - No CLSID value found.
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.5.0_11\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (no name) - {93959911-3E86-0BF5-66FB-C0A9FD9E227F} - No CLSID value found.
O2 - BHO: (no name) - {B9422987-4FBC-47D0-8A71-C096DD77B16F} - No CLSID value found.
O2 - BHO: (no name) - {c6dc57b4-6606-4754-92b7-6972322be124} - No CLSID value found.
O2 - BHO: (SweetIM Toolbar Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Programme\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKLM\..\Toolbar: (no name) - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - No CLSID value found.
O3 - HKLM\..\Toolbar: (SweetIM Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Programme\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {0E1230F8-EA50-42A9-983C-D22ABC2EED3C} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKCU\..\Toolbar\WebBrowser: (SweetIM Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Programme\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [OlStatusMon] C:\Programme\Olivetti\ANY_WAY\olDvcStatus.exe (Olivetti)
O4 - HKLM..\Run: [SweetIM] C:\Programme\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.)
O4 - HKCU..\Run: [Pando Media Booster] C:\Programme\Pando Networks\Media Booster\PMB.exe ()
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Belkin Dienstprogramm für kabellose Netzwerke.lnk = C:\Programme\Belkin\F6D4050\v1\Belkinwcui.exe (Belkin International, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Dokumente und Einstellungen\Köhny\Anwendungsdaten\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O9 - Extra 'Tools' menuitem : Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_11\bin\NPJPI150_11.dll (Sun Microsystems, Inc.)
O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} -  File not found
O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} -  File not found
O9 - Extra Button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} -  File not found
O9 - Extra 'Tools' menuitem : ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} -  File not found
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O15 - HKCU\..Trusted Domains: alice-dsl.de ([]http in Trusted sites)
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} hxxp://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab (Checkers Class)
O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} https://signup.msn.com/pages/MsnInstC.cab (InstallerBehaviorFactory Class)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} hxxp://gfx1.hotmail.com/mail/w3/resources/MSNPUpld.cab (MSN Photo Upload Tool)
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} hxxp://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab (Solitaire Showdown Class)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1150810486718 (WUWebControl Class)
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} hxxp://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab (System Requirements Lab Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab (Java Plug-in 1.5.0_11)
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} hxxp://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab (MessengerStatsClient Class)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0015-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_07-windows-i586.cab (Java Plug-in 1.5.0_07)
O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab (Java Plug-in 1.5.0_10)
O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab (Java Plug-in 1.5.0_11)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab (Java Plug-in 1.5.0_11)
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} hxxp://gamenextde.oberon-media.com/Gameshell/GameHost/1.0/OberonGameHost.cab (Oberon Flash Game Host)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.123.254
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\awtsRiii: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - CLSID or File not found.
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\Köhny\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\Köhny\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O30 - LSA: Authentication Packages - (C:\WINDOWS\system32\jkkJyYqq.dll) -  File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.06.20 15:02:23 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{2199651e-0954-11e0-8bea-00138f8a1b86}\Shell - "" = AutoRun
O33 - MountPoints2\{2199651e-0954-11e0-8bea-00138f8a1b86}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{2199651e-0954-11e0-8bea-00138f8a1b86}\Shell\AutoRun\command - "" = H:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{3b55c996-0951-11e0-8be9-00138f8a1b86}\Shell - "" = AutoRun
O33 - MountPoints2\{3b55c996-0951-11e0-8be9-00138f8a1b86}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{3b55c996-0951-11e0-8be9-00138f8a1b86}\Shell\AutoRun\command - "" = H:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{a59bbcc0-27f6-11e0-8c0a-00138f8a1b86}\Shell - "" = AutoRun
O33 - MountPoints2\{a59bbcc0-27f6-11e0-8c0a-00138f8a1b86}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{a59bbcc0-27f6-11e0-8c0a-00138f8a1b86}\Shell\AutoRun\command - "" = H:\.\autorun.exe
O33 - MountPoints2\{e01060ec-0954-11e0-8beb-00138f8a1b86}\Shell - "" = AutoRun
O33 - MountPoints2\{e01060ec-0954-11e0-8beb-00138f8a1b86}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{e01060ec-0954-11e0-8beb-00138f8a1b86}\Shell\AutoRun\command - "" = J:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\H\Shell - "" = AutoRun
O33 - MountPoints2\H\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\H\Shell\AutoRun\command - "" = H:\setup_vmc_lite.exe /checkApplicationPresence
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.04.29 21:49:37 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Köhny\Anwendungsdaten\Malwarebytes
[2011.04.29 21:49:31 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011.04.29 21:49:31 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Malwarebytes' Anti-Malware
[2011.04.29 21:49:30 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
[2011.04.29 21:49:27 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2011.04.25 10:20:53 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2011.04.25 10:20:12 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\Köhny\Recent
[2011.04.12 21:13:43 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Köhny\Desktop\Youtube conv
[2011.04.12 19:59:34 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Köhny\Anwendungsdaten\DVDVideoSoftIEHelpers
[2011.04.12 19:59:17 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\Köhny\Eigene Dateien\DVDVideoSoft
[2011.04.12 19:54:47 | 022,229,776 | ---- | C] (DVDVideoSoft Limited.                                      ) -- C:\Dokumente und Einstellungen\Köhny\Desktop\FreeYouTubeToMp3Converter_3.9.35.exe
[7 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[7 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011.04.30 00:00:00 | 000,000,492 | ---- | M] () -- C:\WINDOWS\tasks\1-Klick-Wartung.job
[2011.04.29 23:56:05 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011.04.29 23:56:01 | 000,001,082 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011.04.29 23:53:19 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011.04.29 23:17:02 | 000,001,086 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011.04.29 21:49:31 | 000,000,756 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.04.18 19:04:12 | 000,107,808 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011.04.17 22:54:06 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011.04.17 22:52:13 | 000,459,600 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat
[2011.04.17 22:52:13 | 000,441,884 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011.04.17 22:52:13 | 000,085,120 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat
[2011.04.17 22:52:13 | 000,071,820 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011.04.12 19:59:50 | 000,000,906 | ---- | M] () -- C:\Dokumente und Einstellungen\Köhny\Desktop\DVDVideoSoft Free Studio.lnk
[2011.04.12 19:59:04 | 000,001,023 | ---- | M] () -- C:\Dokumente und Einstellungen\Köhny\Desktop\Free YouTube to MP3 Converter.lnk
[2011.04.12 19:58:11 | 022,229,776 | ---- | M] (DVDVideoSoft Limited.                                      ) -- C:\Dokumente und Einstellungen\Köhny\Desktop\FreeYouTubeToMp3Converter_3.9.35.exe
[2011.04.06 16:51:42 | 000,137,656 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[7 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[7 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011.04.29 21:49:31 | 000,000,756 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.04.12 19:59:19 | 000,000,906 | ---- | C] () -- C:\Dokumente und Einstellungen\Köhny\Desktop\DVDVideoSoft Free Studio.lnk
[2011.04.12 19:59:04 | 000,001,023 | ---- | C] () -- C:\Dokumente und Einstellungen\Köhny\Desktop\Free YouTube to MP3 Converter.lnk
[2011.02.06 16:43:42 | 000,695,578 | ---- | C] () -- C:\WINDOWS\unins000.exe
[2011.02.06 16:43:42 | 000,000,922 | ---- | C] () -- C:\WINDOWS\unins000.dat
[2010.12.14 23:37:18 | 000,028,160 | ---- | C] () -- C:\WINDOWS\System32\usrdpa32.dll
[2010.06.26 13:18:45 | 000,000,264 | ---- | C] () -- C:\WINDOWS\_delis32.ini
[2010.06.26 12:30:42 | 000,015,312 | ---- | C] () -- C:\WINDOWS\System32\RaCoInst.dat
[2010.03.02 17:14:37 | 000,083,968 | ---- | C] () -- C:\WINDOWS\UnGins.exe
[2010.03.02 17:14:06 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\Unlha32.dll
[2010.03.02 17:14:05 | 000,473,600 | ---- | C] () -- C:\WINDOWS\System32\Harmony.dll
[2009.03.21 00:25:02 | 000,041,808 | ---- | C] () -- C:\WINDOWS\System32\xfcodec.dll
[2008.11.03 18:12:20 | 000,000,000 | ---- | C] () -- C:\WINDOWS\pcfriend.INI
[2008.05.19 13:05:25 | 000,001,144 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2008.03.31 14:16:58 | 000,002,043 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2008.03.28 21:55:33 | 000,003,751 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2008.03.27 21:58:13 | 001,583,881 | -HS- | C] () -- C:\WINDOWS\System32\jaltpntr.ini
[2008.03.27 21:54:58 | 000,161,954 | -HS- | C] () -- C:\WINDOWS\System32\qqYyJkkj.ini2
[2008.03.27 21:54:56 | 000,161,954 | -HS- | C] () -- C:\WINDOWS\System32\qqYyJkkj.ini
[2008.03.04 22:35:14 | 000,000,013 | ---- | C] () -- C:\WINDOWS\msgtn.ini
[2008.01.25 18:17:57 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2007.12.24 19:14:15 | 000,000,354 | ---- | C] () -- C:\WINDOWS\lgfwup.ini
[2007.12.24 18:55:04 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2007.12.17 22:01:31 | 000,000,004 | ---- | C] () -- C:\WINDOWS\info147.sys
[2007.07.03 13:00:38 | 000,000,095 | ---- | C] () -- C:\WINDOWS\winamp.ini
[2006.11.19 20:42:00 | 000,157,696 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2006.11.19 20:41:56 | 000,568,850 | ---- | C] () -- C:\WINDOWS\System32\x264vfw.dll
[2006.11.19 20:41:55 | 000,856,064 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2006.11.19 20:41:55 | 000,217,088 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2006.11.19 20:41:54 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2006.11.19 20:41:52 | 000,005,120 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2006.08.10 18:05:48 | 000,000,687 | ---- | C] () -- C:\WINDOWS\eReg.dat
[2006.08.06 14:38:51 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2006.08.01 17:38:58 | 000,000,182 | ---- | C] () -- C:\WINDOWS\System32\EBPPORT.DAT
[2006.07.23 13:45:11 | 000,072,192 | ---- | C] () -- C:\Dokumente und Einstellungen\Köhny\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006.07.07 17:26:54 | 000,192,789 | ---- | C] () -- C:\WINDOWS\War3Unin.dat
[2006.07.06 12:27:40 | 000,008,192 | ---- | C] () -- C:\WINDOWS\suecmdial.dll
[2006.07.06 11:54:33 | 000,042,982 | ---- | C] () -- C:\WINDOWS\System32\PDDSLADP.DLL
[2006.06.21 14:49:58 | 000,000,169 | ---- | C] () -- C:\WINDOWS\RtlRack.ini
[2006.06.21 14:47:09 | 000,000,112 | ---- | C] () -- C:\WINDOWS\ActiveSkin.INI
[2006.06.21 12:41:49 | 000,000,077 | ---- | C] () -- C:\Dokumente und Einstellungen\Köhny\Anwendungsdaten\sversion.ini
[2006.06.21 12:41:48 | 000,000,138 | -H-- | C] () -- C:\Dokumente und Einstellungen\Köhny\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat
[2006.06.20 16:39:57 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006.06.20 15:54:51 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2006.06.20 15:53:51 | 000,107,808 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2006.06.20 15:34:11 | 000,000,305 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\addr_file.html
[2006.06.20 15:27:16 | 000,040,960 | R--- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2006.06.20 15:27:10 | 000,157,184 | R--- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2006.06.20 15:26:59 | 000,000,164 | R--- | C] () -- C:\WINDOWS\avrack.ini
[2006.06.20 15:22:05 | 000,005,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2006.06.20 15:14:42 | 000,069,632 | ---- | C] () -- C:\WINDOWS\uinst001.exe
[2006.06.20 15:04:27 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2006.06.20 14:59:54 | 000,021,740 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2006.03.09 15:29:00 | 001,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2006.03.09 15:29:00 | 001,626,112 | ---- | C] () -- C:\WINDOWS\System32\nwiz.exe
[2006.03.09 15:29:00 | 001,474,560 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2006.03.09 15:29:00 | 001,339,392 | ---- | C] () -- C:\WINDOWS\System32\nvdspsch.exe
[2006.03.09 15:29:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2006.03.09 15:29:00 | 000,573,440 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2006.03.09 15:29:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2006.03.09 15:29:00 | 000,442,368 | ---- | C] () -- C:\WINDOWS\System32\nvappbar.exe
[2006.03.09 15:29:00 | 000,425,984 | ---- | C] () -- C:\WINDOWS\System32\keystone.exe
[2006.03.09 15:29:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2005.08.30 01:00:00 | 000,781,312 | ---- | C] () -- C:\WINDOWS\System32\RGSS102J.dll
[2005.08.30 01:00:00 | 000,778,752 | ---- | C] () -- C:\WINDOWS\System32\RGSS102E.dll
[2005.08.30 01:00:00 | 000,771,584 | ---- | C] () -- C:\WINDOWS\System32\RGSS100J.dll
[2002.12.31 14:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2002.12.31 14:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2002.12.31 14:00:00 | 000,459,600 | ---- | C] () -- C:\WINDOWS\System32\perfh007.dat
[2002.12.31 14:00:00 | 000,441,884 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2002.12.31 14:00:00 | 000,308,736 | ---- | C] () -- C:\WINDOWS\System32\WGET.EXE
[2002.12.31 14:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2002.12.31 14:00:00 | 000,269,480 | ---- | C] () -- C:\WINDOWS\System32\perfi007.dat
[2002.12.31 14:00:00 | 000,249,856 | ---- | C] () -- C:\WINDOWS\System32\CSCZIP.DLL
[2002.12.31 14:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2002.12.31 14:00:00 | 000,176,128 | ---- | C] () -- C:\WINDOWS\System32\CSCZIP.EXE
[2002.12.31 14:00:00 | 000,085,120 | ---- | C] () -- C:\WINDOWS\System32\perfc007.dat
[2002.12.31 14:00:00 | 000,071,820 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2002.12.31 14:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2002.12.31 14:00:00 | 000,034,478 | ---- | C] () -- C:\WINDOWS\System32\perfd007.dat
[2002.12.31 14:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2002.12.31 14:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2002.12.31 14:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2002.12.31 14:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2002.12.31 14:00:00 | 000,001,257 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2002.12.31 14:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[1999.01.27 13:39:06 | 000,065,024 | ---- | C] () -- C:\WINDOWS\System32\indounin.dll
[1998.10.11 01:07:38 | 000,088,576 | ---- | C] () -- C:\WINDOWS\System32\Iticheck.dll
[1997.06.13 07:56:08 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\Iyvu9_32.dll
 
========== LOP Check ==========
 
[2008.11.02 21:27:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Activision
[2007.02.26 21:18:43 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\BOLT SEEK DEAD GREY
[2010.10.30 16:46:17 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ICQ
[2007.10.10 21:20:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\NexonUS
[2008.02.17 23:14:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\OrbNetworks
[2009.11.22 21:10:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PMB Files
[2010.02.02 01:13:53 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SweetIM
[2008.05.05 17:33:53 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP
[2008.05.06 14:23:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TuneUp Software
[2010.12.14 18:38:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Vodafone
[2008.03.28 01:05:45 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Köhny\Anwendungsdaten\1190071992=0
[2008.11.02 21:27:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Köhny\Anwendungsdaten\Activision
[2006.11.26 18:45:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Köhny\Anwendungsdaten\AmenTick
[2009.01.14 00:28:33 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Köhny\Anwendungsdaten\Azureus
[2008.10.17 14:53:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Köhny\Anwendungsdaten\Download Master
[2011.04.12 19:59:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Köhny\Anwendungsdaten\DVDVideoSoftIEHelpers
[2010.01.22 16:35:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Köhny\Anwendungsdaten\FOG Downloader
[2011.03.28 23:05:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Köhny\Anwendungsdaten\ICQ
[2007.03.07 14:32:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Köhny\Anwendungsdaten\ICQ Toolbar
[2006.08.13 17:40:06 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Köhny\Anwendungsdaten\ICQLite
[2008.11.08 20:48:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Köhny\Anwendungsdaten\Leadertech
[2008.08.16 13:42:43 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Köhny\Anwendungsdaten\Meine Die Schlacht um Mittelerde-Dateien
[2006.07.06 13:04:33 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Köhny\Anwendungsdaten\MSNInstaller
[2008.03.04 22:35:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Köhny\Anwendungsdaten\ppstream
[2008.12.16 02:01:41 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Köhny\Anwendungsdaten\Teeworlds
[2008.03.25 23:47:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Köhny\Anwendungsdaten\THIRDBIN
[2010.02.21 21:21:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Köhny\Anwendungsdaten\TS3Client
[2008.05.06 14:24:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Köhny\Anwendungsdaten\TuneUp Software
[2010.12.14 18:39:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Köhny\Anwendungsdaten\Vodafone
[2010.12.15 22:18:39 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Köhny\Anwendungsdaten\Vodafone Mobile Connect
[2008.10.17 14:53:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Köhny\Anwendungsdaten\Yandex
[2011.04.30 00:00:00 | 000,000,492 | ---- | M] () -- C:\WINDOWS\Tasks\1-Klick-Wartung.job
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 98 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:DFC5A2B2
@Alternate Data Stream - 120 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:3866B2EB
 
< End of report >
--- --- ---



bitte bitte helft mir :)

warum schreibt denn keiner waas dazu???

cosinus 05.05.2011 19:42
Gibt es noch weitere Logs von Malwarebytes? Wenn ja bitte alle posten, die in Malwarebytes im Reiter Logdateien sichtbar sind.

Parkentiner1 05.05.2011 20:17
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Datenbank Version: 6474

Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.11

29.04.2011 23:51:48
mbam-log-2011-04-29 (23-51-48).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Durchsuchte Objekte: 302556
Laufzeit: 1 Stunde(n), 13 Minute(n), 58 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 5

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
c:\programme\daemon tools\setupdtsb.exe (Adware.WhenU) -> Quarantined and deleted successfully.
c:\programme\Gamers.IRC\bin\dll\nhtmln_2.95.dll (Trojan.Agent) -> Quarantined and deleted successfully.
c:\programme\gemeinsame dateien\1190071992=0\strpmon.exe (Rogue.SystemErrorFixer) -> Quarantined and deleted successfully.
c:\system volume information\_restore{bb36cb04-f538-4b94-8c92-7574e1c5bdc4}\RP418\A0083986.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\hmswpiex\1.exe (Trojan.Dropper) -> Quarantined and deleted successfully.


das kam beim vollscan raus, habe nur 2 logs in den logdateien,
der erste post, ist halt vom quickscann und der jetztige vom vollscan, wie auch schon zu entnehmen ist

cosinus 06.05.2011 08:15
Die Scans sind schon etwas her. Bitte Malwarebytes updaten und einen neuen Vollscan machen.

Parkentiner1 15.05.2011 15:20
so mein scan von vor 5 minuten
mittlerweile zeigt er kein viren mehr an warum auch immer :(

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Datenbank Version: 6583

Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.11

15.05.2011 16:15:22
mbam-log-2011-05-15 (16-15-22).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Durchsuchte Objekte: 312518
Laufzeit: 1 Stunde(n), 53 Minute(n), 1 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)


und nun=???, also wie gehabt kann ich auf meine dateien nicht zugreifen

cosinus 15.05.2011 15:35
Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:
:OTL
O30 - LSA: Authentication Packages - (C:\WINDOWS\system32\jkkJyYqq.dll) -  File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.06.20 15:02:23 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{2199651e-0954-11e0-8bea-00138f8a1b86}\Shell - "" = AutoRun
O33 - MountPoints2\{2199651e-0954-11e0-8bea-00138f8a1b86}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{2199651e-0954-11e0-8bea-00138f8a1b86}\Shell\AutoRun\command - "" = H:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{3b55c996-0951-11e0-8be9-00138f8a1b86}\Shell - "" = AutoRun
O33 - MountPoints2\{3b55c996-0951-11e0-8be9-00138f8a1b86}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{3b55c996-0951-11e0-8be9-00138f8a1b86}\Shell\AutoRun\command - "" = H:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{a59bbcc0-27f6-11e0-8c0a-00138f8a1b86}\Shell - "" = AutoRun
O33 - MountPoints2\{a59bbcc0-27f6-11e0-8c0a-00138f8a1b86}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{a59bbcc0-27f6-11e0-8c0a-00138f8a1b86}\Shell\AutoRun\command - "" = H:\.\autorun.exe
O33 - MountPoints2\{e01060ec-0954-11e0-8beb-00138f8a1b86}\Shell - "" = AutoRun
O33 - MountPoints2\{e01060ec-0954-11e0-8beb-00138f8a1b86}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{e01060ec-0954-11e0-8beb-00138f8a1b86}\Shell\AutoRun\command - "" = J:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\H\Shell - "" = AutoRun
O33 - MountPoints2\H\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\H\Shell\AutoRun\command - "" = H:\setup_vmc_lite.exe /checkApplicationPresence
[2007.02.26 21:18:43 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\BOLT SEEK DEAD GREY
@Alternate Data Stream - 98 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:DFC5A2B2
@Alternate Data Stream - 120 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:3866B2EB
[2008.10.17 14:53:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Köhny\Anwendungsdaten\Yandex
:Commands
[purity]
[resethosts]
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Parkentiner1 15.05.2011 16:01
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Authentication Packages:C:\WINDOWS\system32\jkkJyYqq.dll deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\AUTOEXEC.BAT moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2199651e-0954-11e0-8bea-00138f8a1b86}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2199651e-0954-11e0-8bea-00138f8a1b86}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2199651e-0954-11e0-8bea-00138f8a1b86}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2199651e-0954-11e0-8bea-00138f8a1b86}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2199651e-0954-11e0-8bea-00138f8a1b86}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2199651e-0954-11e0-8bea-00138f8a1b86}\ not found.
File H:\setup_vmc_lite.exe /checkApplicationPresence not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3b55c996-0951-11e0-8be9-00138f8a1b86}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3b55c996-0951-11e0-8be9-00138f8a1b86}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3b55c996-0951-11e0-8be9-00138f8a1b86}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3b55c996-0951-11e0-8be9-00138f8a1b86}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3b55c996-0951-11e0-8be9-00138f8a1b86}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3b55c996-0951-11e0-8be9-00138f8a1b86}\ not found.
File H:\setup_vmc_lite.exe /checkApplicationPresence not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a59bbcc0-27f6-11e0-8c0a-00138f8a1b86}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a59bbcc0-27f6-11e0-8c0a-00138f8a1b86}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a59bbcc0-27f6-11e0-8c0a-00138f8a1b86}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a59bbcc0-27f6-11e0-8c0a-00138f8a1b86}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a59bbcc0-27f6-11e0-8c0a-00138f8a1b86}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a59bbcc0-27f6-11e0-8c0a-00138f8a1b86}\ not found.
File H:\.\autorun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e01060ec-0954-11e0-8beb-00138f8a1b86}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e01060ec-0954-11e0-8beb-00138f8a1b86}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e01060ec-0954-11e0-8beb-00138f8a1b86}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e01060ec-0954-11e0-8beb-00138f8a1b86}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e01060ec-0954-11e0-8beb-00138f8a1b86}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e01060ec-0954-11e0-8beb-00138f8a1b86}\ not found.
File J:\setup_vmc_lite.exe /checkApplicationPresence not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\H\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\H\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\H\ not found.
File H:\setup_vmc_lite.exe /checkApplicationPresence not found.
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\BOLT SEEK DEAD GREY folder moved successfully.
ADS C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:DFC5A2B2 deleted successfully.
ADS C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:3866B2EB deleted successfully.
C:\Dokumente und Einstellungen\Köhny\Anwendungsdaten\Yandex folder moved successfully.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.22.3 log created on 05152011_170004



wie du gesgat hast habe ich dieses getan, das ist der ergebnis
gruß chrisopher

cosinus 15.05.2011 16:33
Bitte nun dieses Tool von Kaspersky ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

Das Tool so einstellen wie unten im Bild angegeben - also beide Haken setzen, auf Start scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.

http://www.trojaner-board.de/attachm...rnen-start.png


Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, bitte unhide ausführen:
Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop.
Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )
http://www.trojaner-board.de/images/icons/icon4.gif Vista und 7 User müssen das Tool per Rechtsklick als Administrator ausführen! http://www.trojaner-board.de/images/icons/icon4.gif

Parkentiner1 15.05.2011 16:52
alles cool, unhide.exe ausgeführt, dateien auch wieder sichtbar
kaspersky gezogen, aber er öffnet das programm irgendwie nicht

cosinus 15.05.2011 16:53
Dann bitte jetzt CF ausführen, den tdsskiller probieren wir danach nochmal.

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Lade dir ComboFix hier herunter auf deinen Desktop. Benenne es beim Runterladen um in cofi.exe.
http://saved.im/mtm0nzyzmzd5/cofi.jpg
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Parkentiner1 15.05.2011 17:44
Combofix Logfile:
Code:
ComboFix 11-05-14.03 - Köhny 15.05.2011  18:19:29.1.1 - x86
Microsoft Windows XP Home Edition  5.1.2600.3.1252.49.1031.18.1023.659 [GMT 2:00]
ausgeführt von:: c:\dokumente und einstellungen\Köhny\Desktop\ComboFix.exe
AV: AntiVir Desktop *Disabled/Outdated* {AD166499-45F9-482A-A743-FDD3350758C7}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {00000000-0000-0000-0000-000000000000}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {804FD0EC-FFA4-00DA-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {804FD2B8-FFA4-00DA-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {804FD2B8-FFA4-00EB-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {804FD2B8-FFA4-00FB-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {804FD2B8-FFA4-00FC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {804FD2B8-FFA4-00FD-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {804FD2B8-FFA4-010C-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {81F60000-FFA4-00EB-0D24-347CA8A3377C}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\admintxt.txt
c:\windows\system32\jaltpntr.ini
c:\windows\system32\qqYyJkkj.ini
c:\windows\system32\qqYyJkkj.ini2
c:\windows\system32\rnaph.dll
c:\windows\system32\sysprep.exe
.
Infizierte Kopie von c:\windows\system32\drivers\volsnap.sys wurde gefunden und desinfiziert
Kopie von - Kitty had a snack :p wurde wiederhergestellt
.
(((((((((((((((((((((((((((((((((((((((  Treiber/Dienste  )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_OULTRAF
-------\Legacy_WINDOWS_LOG
-------\Service_oUltraf
.
.
(((((((((((((((((((((((  Dateien erstellt von 2011-04-15 bis 2011-05-15  ))))))))))))))))))))))))))))))
.
.
2011-05-15 15:59 . 2011-05-15 16:00        --------        dc----w-        C:\32788R22FWJFW.0.tmp
2011-05-15 15:00 . 2011-05-15 15:00        --------        dc----w-        C:\_OTL
2011-05-08 19:28 . 2011-05-08 19:28        85465960        ----a-w-        c:\programme\Gemeinsame Dateien\Windows Live\.cache\wlc19C.tmp
2011-04-29 19:49 . 2011-04-29 19:49        --------        d-----w-        c:\dokumente und einstellungen\Köhny\Anwendungsdaten\Malwarebytes
2011-04-29 19:49 . 2010-12-20 16:09        38224        ----a-w-        c:\windows\system32\drivers\mbamswissarmy.sys
2011-04-29 19:49 . 2011-04-29 19:49        --------        dc----w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\Malwarebytes
2011-04-29 19:49 . 2011-04-29 19:49        --------        d-----w-        c:\programme\Malwarebytes' Anti-Malware
2011-04-25 08:21 . 2011-04-25 08:21        --------        d-----w-        c:\windows\system32\wbem\Repository
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-04-06 14:51 . 2010-06-26 11:42        137656        ----a-w-        c:\windows\system32\drivers\avipbb.sys
2011-03-07 05:33 . 2006-06-20 13:00        692736        ----a-w-        c:\windows\system32\inetcomm.dll
2011-03-04 06:44 . 2002-12-31 12:00        434176        ----a-w-        c:\windows\system32\vbscript.dll
2011-03-03 13:53 . 2002-12-31 12:00        1858048        ----a-w-        c:\windows\system32\win32k.sys
2011-02-17 18:56 . 2002-12-31 12:00        832512        ----a-w-        c:\windows\system32\wininet.dll
2011-02-17 18:56 . 2002-12-31 12:00        1830912        ----a-w-        c:\windows\system32\inetcpl.cpl
2011-02-17 18:56 . 2002-12-31 12:00        78336        ----a-w-        c:\windows\system32\ieencode.dll
2011-02-17 18:56 . 2002-12-31 12:00        17408        ----a-w-        c:\windows\system32\corpol.dll
2011-02-17 13:18 . 2002-12-31 12:00        455936        ----a-w-        c:\windows\system32\drivers\mrxsmb.sys
2011-02-17 13:18 . 2002-12-31 12:00        357888        ----a-w-        c:\windows\system32\drivers\srv.sys
2011-02-17 12:54 . 2008-05-05 05:25        5632        ----a-w-        c:\windows\system32\xpsp4res.dll
2011-02-17 11:44 . 2002-12-31 12:00        389120        ----a-w-        c:\windows\system32\html.iec
2011-02-15 12:56 . 2002-12-31 12:00        290432        ----a-w-        c:\windows\system32\atmfd.dll
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{EEE6C35D-6118-11DC-9C72-001320C79847}"= "c:\programme\SweetIM\Toolbars\Internet Explorer\mgHelper.dll" [2009-10-19 187192]
.
[HKEY_CLASSES_ROOT\clsid\{eee6c35d-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]
2009-10-19 15:15        1345336        ----a-w-        c:\programme\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\programme\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2009-10-19 1345336]
.
[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\programme\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2009-10-19 1345336]
.
[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Pando Media Booster"="c:\programme\Pando Networks\Media Booster\PMB.exe" [2009-11-22 2923192]
"WMPNSCFG"="c:\programme\Windows Media Player\WMPNSCFG.exe" [2006-11-03 204288]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-12-04 8523776]
"nwiz"="nwiz.exe" [2007-12-04 1626112]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-12-04 81920]
"OlStatusMon"="c:\programme\Olivetti\ANY_WAY\olDvcStatus.exe" [2006-07-26 106496]
"SweetIM"="c:\programme\SweetIM\Messenger\SweetIM.exe" [2009-10-20 111928]
"Adobe Reader Speed Launcher"="c:\programme\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"avgnt"="c:\programme\Avira\AntiVir Desktop\avgnt.exe" [2010-11-04 281768]
.
c:\dokumente und einstellungen\Rdiger\Startmen\Programme\Autostart\
OpenOffice.org 1.1.4.lnk - c:\programme\OpenOffice.org1.1.4\program\quickstart.exe [2004-10-28 61440]
.
c:\dokumente und einstellungen\All Users\Startmen\Programme\Autostart\
Belkin Dienstprogramm fr kabellose Netzwerke.lnk - c:\programme\Belkin\F6D4050\v1\BelkinWCUI.exe [2010-6-26 1077248]
.
c:\dokumente und einstellungen\Default User\Startmen\Programme\Autostart\
OpenOffice.org 1.1.4.lnk - c:\programme\OpenOffice.org1.1.4\program\quickstart.exe [2004-10-28 61440]
.
[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^Administrator^Startmenü^Programme^Autostart^OpenOffice.org 1.1.4.lnk]
path=c:\dokumente und einstellungen\Administrator\Startmenü\Programme\Autostart\OpenOffice.org 1.1.4.lnk
backup=c:\windows\pss\OpenOffice.org 1.1.4.lnkStartup
.
[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Adobe Reader - Schnellstart.lnk]
path=c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\Adobe Reader - Schnellstart.lnk
backup=c:\windows\pss\Adobe Reader - Schnellstart.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Google Updater.lnk]
path=c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\Google Updater.lnk
backup=c:\windows\pss\Google Updater.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^Köhny^Startmenü^Programme^Autostart^OpenOffice.org 1.1.4.lnk]
path=c:\dokumente und einstellungen\Köhny\Startmenü\Programme\Autostart\OpenOffice.org 1.1.4.lnk
backup=c:\windows\pss\OpenOffice.org 1.1.4.lnkStartup
.
[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^Köhny^Startmenü^Programme^Autostart^Xfire.lnk]
path=c:\dokumente und einstellungen\Köhny\Startmenü\Programme\Autostart\Xfire.lnk
backup=c:\windows\pss\Xfire.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 02:22        15360        ----a-w-        c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
2006-11-12 10:48        157592        ----a-w-        c:\programme\DAEMON Tools\daemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
2007-05-15 14:55        1057328        ----a-w-        c:\programme\Nero\Nero 7\InCD\InCD.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]
2006-12-05 21:55        54832        ----a-w-        c:\programme\CyberLink\PowerDVD\Language\Language.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LGODDFU]
2007-12-26 12:26        249856        ----a-w-        c:\programme\lg_fwupdate\fwupdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 02:22        1695232        ----a-w-        c:\programme\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2007-03-01 14:57        153136        ----a-w-        c:\programme\Gemeinsame Dateien\Ahead\Lib\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2007-12-04 23:41        8523776        ----a-w-        c:\windows\system32\nvcpl.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2007-12-04 23:41        81920        ----a-w-        c:\windows\system32\nvmctray.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2007-12-04 23:41        1626112        ----a-w-        c:\windows\system32\nwiz.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OlStatusMon]
2006-07-26 14:20        106496        ----a-w-        c:\programme\Olivetti\ANY_WAY\olDvcStatus.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Orb]
2008-01-07 20:02        495616        ----a-w-        c:\programme\Winamp Remote\bin\OrbTray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2006-11-23 14:10        56928        ----a-w-        c:\programme\CyberLink\PowerDVD\PDVDServ.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SecurDisc]
2007-05-15 14:55        1628208        ----a-w-        c:\programme\Nero\Nero 7\InCD\NBHGui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
2005-09-22 08:42        90112        ----a-r-        c:\windows\soundman.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2010-09-21 14:34        1242448        ----a-w-        c:\programme\Valve\Steam\Steam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2006-12-15 02:23        75520        ----a-w-        c:\programme\Java\jre1.5.0_11\bin\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2008-01-15 22:54        37376        ----a-w-        c:\programme\Winamp\winampa.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2006-11-03 08:56        204288        ----a-w-        c:\programme\Windows Media Player\wmpnscfg.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"sdCoreService"=2 (0x2)
"sdAuxService"=2 (0x2)
"RichVideo"=2 (0x2)
"olMntrService"=2 (0x2)
"NVSvc"=2 (0x2)
"NMIndexingService"=3 (0x3)
"NBService"=3 (0x3)
"InCDsrv"=2 (0x2)
"gusvc"=3 (0x3)
"GoogleDesktopManager"=3 (0x3)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programme\\Warcraft III\\Warcraft III.exe"=
"c:\\Programme\\GameSpy Arcade\\Aphex.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programme\\Gamers.IRC\\mirc.exe"=
"c:\\Programme\\HLSW\\hlsw.exe"=
"c:\\Programme\\Azureus\\Azureus.exe"=
"c:\\WINDOWS\\system32\\rtcshare.exe"=
"c:\\Dokumente und Einstellungen\\All Users\\Anwendungsdaten\\NexonUS\\NGM\\NGM.exe"=
"c:\\Programme\\Messenger\\msmsgs.exe"=
"c:\\Programme\\Valve\\Steam\\Steam.exe"=
"c:\\Programme\\Winamp Remote\\bin\\Orb.exe"=
"c:\\Programme\\Winamp Remote\\bin\\OrbTray.exe"=
"c:\\Programme\\Winamp Remote\\bin\\OrbStreamerClient.exe"=
"c:\\Dokumente und Einstellungen\\All Users\\Anwendungsdaten\\Kaspersky Lab Setup Files\\Kaspersky Anti-Virus 7.0.1.325\\German\\setup.exe"=
"c:\\Programme\\Valve\\Steam\\SteamApps\\koehny\\team fortress 2\\hl2.exe"=
"c:\\Programme\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Programme\\Google\\Google Earth\\plugin\\geplugin.exe"=
"c:\\Programme\\ICQ7.2\\ICQ.exe"=
"c:\\Programme\\ICQ7.2\\aolload.exe"=
"c:\\Programme\\Valve\\Steam\\SteamApps\\koehny\\counter-strike\\hl.exe"=
"c:\\Programme\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Programme\\Mozilla Firefox\\firefox.exe"=
"c:\\Programme\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programme\\Windows Live\\Sync\\WindowsLiveSync.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"58207:TCP"= 58207:TCP:Pando Media Booster
"58207:UDP"= 58207:UDP:Pando Media Booster
.
R0 PDDSLHND;PDDSLHND;c:\windows\system32\drivers\PDDSLHND.SYS [06.07.2006 11:54 15187]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [18.01.2007 17:05 639224]
R2 AntiVirSchedulerService;Avira AntiVir Planer;c:\programme\Avira\AntiVir Desktop\sched.exe [26.06.2010 13:43 136360]
R2 ICQ Service;ICQ Service;c:\programme\ICQ6Toolbar\ICQ Service.exe [02.07.2008 12:15 247096]
R3 PDDSLADP;ProDyne DSL Adapter;c:\windows\system32\drivers\PDDSLADP.SYS [06.07.2006 11:54 15571]
R3 tmnsusbser;Mobile Connector USB Device for Legacy Serial Communication LCTTomato;c:\windows\system32\drivers\tmnsusbser.sys [21.04.2010 16:40 108160]
R3 tmusbnet;Wireless Data Device driver for usb ethernet adapter;c:\windows\system32\drivers\tmusbnet.sys [20.04.2010 08:07 109568]
S2 gupdate;Google Update Service (gupdate);c:\programme\Google\Update\GoogleUpdate.exe [14.10.2010 13:12 136176]
S3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\drivers\ewusbnet.sys [14.12.2010 18:42 112640]
S3 gupdatem;Google Update-Dienst (gupdatem);c:\programme\Google\Update\GoogleUpdate.exe [14.10.2010 13:12 136176]
S3 hwusbfake;Huawei DataCard USB Fake;c:\windows\system32\drivers\ewusbfake.sys [15.12.2010 21:53 102656]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 PDNMp50;PDNMp50 NDIS Protocol Driver;c:\windows\system32\drivers\PDNMp50.sys [28.11.2006 22:46 28224]
S3 PDNSp50;PDNSp50 NDIS Protocol Driver;c:\windows\system32\drivers\PDNSp50.sys [28.11.2006 22:46 27072]
S4 olMntrService;olMntrService;c:\programme\Olivetti\ANY_WAY\olMntrService.exe [24.07.2006 12:02 86016]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
UxTuneUp
.
Inhalt des "geplante Tasks" Ordners
.
2011-05-15 c:\windows\Tasks\1-Klick-Wartung.job
- c:\programme\TuneUp Utilities 2008\OneClickStarter.exe [2008-09-29 07:58]
.
2011-05-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\programme\Google\Update\GoogleUpdate.exe [2010-10-14 11:12]
.
2011-05-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programme\Google\Update\GoogleUpdate.exe [2010-10-14 11:12]
.
.
------- Zusätzlicher Suchlauf -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page = hxxp://start.icq.com/
mStart Page = hxxp://alice.aol.de
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &ICQ Toolbar Search - c:\programme\ICQToolbar\toolbaru.dll/SEARCH.HTML
IE: Free YouTube to MP3 Converter - c:\dokumente und einstellungen\Köhny\Anwendungsdaten\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Çàêà÷àòü ÂÑÅ ïðè ïîìîùè Download Master
IE: Çàêà÷àòü ïðè ïîìîùè Download Master
Trusted Zone: alice-dsl.de
TCP: {FA859454-9066-43AF-B0F2-D35A2B76F3F1} = 213.191.92.84,213.191.92.82
FF - ProfilePath - c:\dokumente und einstellungen\Köhny\Anwendungsdaten\Mozilla\Firefox\Profiles\bc46lh50.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - DVDVideoSoftTB Customized Web Search
FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT2269050&SearchSource=13
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.1.7&q=
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: DownThemAll!: {DDC359D1-844A-42a7-9AA1-88A850A938A8} - %profile%\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
FF - Ext: Conduit Engine : engine@conduit.com - %profile%\extensions\engine@conduit.com
FF - Ext: DVDVideoSoftTB Community Toolbar: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - %profile%\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
FF - Ext: DVDVideoSoft Menu: {ACAA314B-EEBA-48e4-AD47-84E31C44796C} - %profile%\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\programme\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
BHO-{93959911-3E86-0BF5-66FB-C0A9FD9E227F} - (no file)
BHO-{B9422987-4FBC-47D0-8A71-C096DD77B16F} - (no file)
BHO-{c6dc57b4-6606-4754-92b7-6972322be124} - (no file)
HKU-Default-Run-swg - c:\programme\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
Notify-awtsRiii - (no file)
MSConfigStartUp- - c:\windows\system\smss.exe
MSConfigStartUp-1190071992=0 - c:\programme\1190071992=0\SysRep.exe
MSConfigStartUp-84694f55 - c:\windows\system32\rtnptlaj.dll
MSConfigStartUp-Adobe Reader Speed Launcher - c:\programme\Adobe\Reader 8.0\Reader\Reader_sl.exe
MSConfigStartUp-balm list - c:\dokume~1\KHNY~1\ANWEND~1\THIRDBIN\DaleJugs.exe
MSConfigStartUp-BM875a7cc9 - c:\windows\system32\txudpfab.dll
MSConfigStartUp-dead grey balm debug - c:\dokumente und einstellungen\All Users\Anwendungsdaten\BOLT SEEK DEAD GREY\Size Setup.exe
MSConfigStartUp-Google Desktop Search - c:\programme\Google\Google Desktop Search\GoogleDesktop.exe
MSConfigStartUp-ICQ Lite - c:\programme\ICQLite\ICQLite.exe
MSConfigStartUp-ISTray - c:\programme\Spyware Doctor\pctsTray.exe
MSConfigStartUp-LogitechVideoRepair - c:\programme\Logitech\Video\ISStart.exe
MSConfigStartUp-LogitechVideoTray - c:\programme\Logitech\Video\LogiTray.exe
MSConfigStartUp-LVCOMSX - c:\windows\system32\LVCOMSX.EXE
MSConfigStartUp-MSN Messenger - live.messenger.com
MSConfigStartUp-MsnMsgr - ~c:\programme\MSN Messenger\MsnMsgr.Exe
MSConfigStartUp-NetPumper - c:\programme\NetPumper\NetPumperIEProxy.exe
MSConfigStartUp-SeekmoOE - c:\programme\Seekmo\bin\10.0.406.0\OEAddOn.exe
MSConfigStartUp-SeekmoSA - c:\programme\Seekmo\bin\10.0.406.0\SeekmoSA.exe
MSConfigStartUp-Skype - c:\programme\Skype\Phone\Skype.exe
MSConfigStartUp-svchost - c:\windows\system32\hmswpiex\svchost.exe
MSConfigStartUp-SweetIM - c:\programme\Macrogaming\SweetIM\SweetIM.exe
MSConfigStartUp-swg - c:\programme\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
MSConfigStartUp-ucookw - c:\progra~1\119007~1\ucookw.exe
MSConfigStartUp-updateMgr - c:\programme\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe
MSConfigStartUp-Windows Registry Repair Pro - c:\programme\3B Software\Windows Registry Repair Pro\RegistryRepairPro.exe
AddRemove-bird 4 scr - c:\dokume~1\KHNY~1\ANWEND~1\THIRDBIN\DaleJugs.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2011-05-15 18:29
Windows 5.1.2600 Service Pack 3 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'explorer.exe'(1472)
c:\programme\SweetIM\Messenger\mgAdaptersProxy.dll
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\programme\Avira\AntiVir Desktop\avguard.exe
c:\programme\Avira\AntiVir Desktop\avshadow.exe
c:\programme\Windows Media Player\WMPNetwk.exe
c:\windows\system32\RUNDLL32.EXE
.
**************************************************************************
.
Zeit der Fertigstellung: 2011-05-15  18:39:22 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2011-05-15 16:39
.
Vor Suchlauf: 6.262.927.360 Bytes frei
Nach Suchlauf: 7.061.848.064 Bytes frei
.
WindowsXP-KB310994-SP2-Home-BootDisk-DEU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn
.
Current=1 Default=1 Failed=0 LastKnownGood=4 Sets=1,2,3,4
- - End Of File - - 3B3F1C8BE29A780993A6830F814F4C47
--- --- ---


das ist der log von combofix

cosinus 15.05.2011 18:23
Dann jetzt nochmal den TDSS-Killer probieren

Parkentiner1 15.05.2011 18:31
2011/05/15 19:27:05.0625 0768 TDSS rootkit removing tool 2.5.1.0 May 13 2011 13:20:29
2011/05/15 19:27:07.0625 0768 ================================================================================
2011/05/15 19:27:07.0625 0768 SystemInfo:
2011/05/15 19:27:07.0625 0768
2011/05/15 19:27:07.0625 0768 OS Version: 5.1.2600 ServicePack: 3.0
2011/05/15 19:27:07.0625 0768 Product type: Workstation
2011/05/15 19:27:07.0625 0768 ComputerName: CHRISTOPHER
2011/05/15 19:27:07.0625 0768 UserName: Köhny
2011/05/15 19:27:07.0625 0768 Windows directory: C:\WINDOWS
2011/05/15 19:27:07.0625 0768 System windows directory: C:\WINDOWS
2011/05/15 19:27:07.0625 0768 Processor architecture: Intel x86
2011/05/15 19:27:07.0625 0768 Number of processors: 1
2011/05/15 19:27:07.0625 0768 Page size: 0x1000
2011/05/15 19:27:07.0625 0768 Boot type: Normal boot
2011/05/15 19:27:07.0625 0768 ================================================================================
2011/05/15 19:27:07.0890 0768 Initialize success
2011/05/15 19:28:35.0531 2228 ================================================================================
2011/05/15 19:28:35.0531 2228 Scan started
2011/05/15 19:28:35.0531 2228 Mode: Manual;
2011/05/15 19:28:35.0531 2228 ================================================================================
2011/05/15 19:28:37.0906 2228 ACEDRV05 (0a1e97197609f92d2425b67da0bb0a7f) C:\WINDOWS\system32\drivers\ACEDRV05.sys
2011/05/15 19:28:38.0312 2228 ACPI (ac407f1a62c3a300b4f2b5a9f1d55b2c) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/05/15 19:28:38.0453 2228 ACPIEC (9e1ca3160dafb159ca14f83b1e317f75) C:\WINDOWS\system32\drivers\ACPIEC.sys
2011/05/15 19:28:38.0687 2228 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/05/15 19:28:38.0875 2228 AegisP (023867b6606fbabcdd52e089c4a507da) C:\WINDOWS\system32\DRIVERS\AegisP.sys
2011/05/15 19:28:39.0046 2228 AFD (7618d5218f2a614672ec61a80d854a37) C:\WINDOWS\System32\drivers\afd.sys
2011/05/15 19:28:39.0609 2228 ALCXWDM (93f93a8e3e14cbbf1ce9a5af1a70c095) C:\WINDOWS\system32\drivers\ALCXWDM.SYS
2011/05/15 19:28:40.0500 2228 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/05/15 19:28:40.0640 2228 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/05/15 19:28:40.0875 2228 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/05/15 19:28:41.0046 2228 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/05/15 19:28:41.0187 2228 avgio (0b497c79824f8e1bf22fa6aacd3de3a0) C:\Programme\Avira\AntiVir Desktop\avgio.sys
2011/05/15 19:28:41.0343 2228 avgntflt (47b879406246ffdced59e18d331a0e7d) C:\WINDOWS\system32\DRIVERS\avgntflt.sys
2011/05/15 19:28:41.0531 2228 avipbb (5fedef54757b34fb611b9ec8fb399364) C:\WINDOWS\system32\DRIVERS\avipbb.sys
2011/05/15 19:28:41.0734 2228 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/05/15 19:28:41.0953 2228 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/05/15 19:28:42.0171 2228 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2011/05/15 19:28:42.0406 2228 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/05/15 19:28:42.0546 2228 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/05/15 19:28:42.0687 2228 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/05/15 19:28:43.0453 2228 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/05/15 19:28:43.0656 2228 dmboot (0dcfc8395a99fecbb1ef771cec7fe4ea) C:\WINDOWS\system32\drivers\dmboot.sys
2011/05/15 19:28:43.0875 2228 dmio (53720ab12b48719d00e327da470a619a) C:\WINDOWS\system32\drivers\dmio.sys
2011/05/15 19:28:44.0062 2228 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/05/15 19:28:44.0296 2228 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2011/05/15 19:28:44.0546 2228 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/05/15 19:28:44.0781 2228 EIO (59d74c7b787aa3dda0948986403cea55) C:\WINDOWS\system32\drivers\EIO.sys
2011/05/15 19:28:44.0906 2228 ewusbnet (13d0f39d356e70f0a5e80d7771382245) C:\WINDOWS\system32\DRIVERS\ewusbnet.sys
2011/05/15 19:28:45.0093 2228 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/05/15 19:28:45.0343 2228 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2011/05/15 19:28:45.0515 2228 Fips (b0678a548587c5f1967b0d70bacad6c1) C:\WINDOWS\system32\drivers\Fips.sys
2011/05/15 19:28:45.0687 2228 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2011/05/15 19:28:45.0859 2228 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2011/05/15 19:28:46.0062 2228 fssfltr (c6ee3a87fe609d3e1db9dbd072a248de) C:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys
2011/05/15 19:28:46.0265 2228 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/05/15 19:28:46.0437 2228 Ftdisk (8f1955ce42e1484714b542f341647778) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/05/15 19:28:46.0640 2228 gameenum (065639773d8b03f33577f6cdaea21063) C:\WINDOWS\system32\DRIVERS\gameenum.sys
2011/05/15 19:28:46.0796 2228 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/05/15 19:28:46.0953 2228 hamachi (43ae2f414fbccd7287389e7b908a4745) C:\WINDOWS\system32\DRIVERS\hamachi.sys
2011/05/15 19:28:47.0062 2228 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/05/15 19:28:47.0359 2228 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/05/15 19:28:47.0546 2228 hwdatacard (8adf5ef39e896a65beded878494ee2b6) C:\WINDOWS\system32\DRIVERS\ewusbmdm.sys
2011/05/15 19:28:47.0687 2228 hwusbfake (83026e41d9960430491432dbd6af969a) C:\WINDOWS\system32\DRIVERS\ewusbfake.sys
2011/05/15 19:28:48.0015 2228 i8042prt (e283b97cfbeb86c1d86baed5f7846a92) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/05/15 19:28:48.0234 2228 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/05/15 19:28:48.0390 2228 InCDfs (7bfc3eda22190c0fe8c2ca19e5379da5) C:\WINDOWS\system32\drivers\InCDFs.sys
2011/05/15 19:28:48.0578 2228 InCDPass (fc4dbf18a4eb0d2fe3171471a3d0f9a8) C:\WINDOWS\system32\drivers\InCDPass.sys
2011/05/15 19:28:48.0718 2228 InCDrec (f8e7c551def07fdc12ca5cc7ae5d975b) C:\WINDOWS\system32\drivers\InCDrec.sys
2011/05/15 19:28:48.0796 2228 incdrm (31a5a3809249a326eb0ef58d563a9654) C:\WINDOWS\system32\drivers\InCDRm.sys
2011/05/15 19:28:49.0234 2228 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2011/05/15 19:28:49.0406 2228 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/05/15 19:28:49.0500 2228 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/05/15 19:28:49.0640 2228 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/05/15 19:28:49.0796 2228 irda (aca5e7b54409f9cb5eed97ed0c81120e) C:\WINDOWS\system32\DRIVERS\irda.sys
2011/05/15 19:28:49.0953 2228 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/05/15 19:28:50.0109 2228 irsir (0501f0b9ab08425f8c0eacbdcc04aa32) C:\WINDOWS\system32\DRIVERS\irsir.sys
2011/05/15 19:28:50.0312 2228 isapnp (6dfb88f64135c525433e87648bda30de) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/05/15 19:28:50.0500 2228 Kbdclass (1704d8c4c8807b889e43c649b478a452) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/05/15 19:28:50.0671 2228 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/05/15 19:28:50.0859 2228 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/05/15 19:28:51.0343 2228 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/05/15 19:28:51.0515 2228 Modem (6fb74ebd4ec57a6f1781de3852cc3362) C:\WINDOWS\system32\drivers\Modem.sys
2011/05/15 19:28:51.0671 2228 Mouclass (b24ce8005deab254c0251e15cb71d802) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/05/15 19:28:51.0859 2228 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/05/15 19:28:52.0171 2228 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/05/15 19:28:52.0375 2228 MRxSmb (0ea4d8ed179b75f8afa7998ba22285ca) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/05/15 19:28:52.0593 2228 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/05/15 19:28:52.0781 2228 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/05/15 19:28:52.0953 2228 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/05/15 19:28:53.0156 2228 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/05/15 19:28:53.0312 2228 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/05/15 19:28:53.0468 2228 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
2011/05/15 19:28:53.0625 2228 ms_mpu401 (ca3e22598f411199adc2dfee76cd0ae0) C:\WINDOWS\system32\drivers\msmpu401.sys
2011/05/15 19:28:53.0796 2228 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2011/05/15 19:28:53.0984 2228 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2011/05/15 19:28:54.0218 2228 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2011/05/15 19:28:54.0375 2228 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
2011/05/15 19:28:54.0484 2228 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/05/15 19:28:54.0609 2228 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/05/15 19:28:54.0765 2228 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/05/15 19:28:54.0906 2228 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/05/15 19:28:55.0000 2228 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/05/15 19:28:55.0156 2228 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/05/15 19:28:55.0390 2228 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2011/05/15 19:28:55.0546 2228 NPPTNT2 (9131fe60adfab595c8da53ad6a06aa31) C:\WINDOWS\system32\npptNT2.sys
2011/05/15 19:28:55.0703 2228 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/05/15 19:28:55.0890 2228 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/05/15 19:28:56.0296 2228 nv (8c0456001b6900114bbb1c548bd8aaf5) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2011/05/15 19:28:56.0828 2228 NVENETFD (2a7a2c6ab9631028b6e3a4159aa65705) C:\WINDOWS\system32\DRIVERS\NVENETFD.sys
2011/05/15 19:28:57.0015 2228 nvnetbus (20526a8827dc0956b5526aebcb6751a0) C:\WINDOWS\system32\DRIVERS\nvnetbus.sys
2011/05/15 19:28:57.0187 2228 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/05/15 19:28:57.0375 2228 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/05/15 19:28:57.0562 2228 Parport (f84785660305b9b903fb3bca8ba29837) C:\WINDOWS\system32\DRIVERS\parport.sys
2011/05/15 19:28:57.0734 2228 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/05/15 19:28:57.0906 2228 ParVdm (c2bf987829099a3eaa2ca6a0a90ecb4f) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/05/15 19:28:58.0078 2228 PCI (387e8dedc343aa2d1efbc30580273acd) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/05/15 19:28:58.0328 2228 PCIIde (59ba86d9a61cbcf4df8e598c331f5b82) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/05/15 19:28:58.0484 2228 Pcmcia (a2a966b77d61847d61a3051df87c8c97) C:\WINDOWS\system32\drivers\Pcmcia.sys
2011/05/15 19:28:58.0718 2228 PDDSLADP (ab6f9ee08b82a46f2b4f0ab909f1fad9) C:\WINDOWS\system32\DRIVERS\PDDSLADP.SYS
2011/05/15 19:28:58.0875 2228 PDDSLHND (49e3fa74798f192d4a6b299ee0b8e5f3) C:\WINDOWS\system32\drivers\PDDSLHND.sys
2011/05/15 19:28:59.0062 2228 PDNMp50 (1bf91f352d746ad7469fa71783b5fae8) C:\WINDOWS\system32\drivers\PDNMp50.sys
2011/05/15 19:28:59.0234 2228 PDNSp50 (1961590aa191b6b7dcf18a6a693af7b8) C:\WINDOWS\system32\drivers\PDNSp50.sys
2011/05/15 19:29:00.0046 2228 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/05/15 19:29:00.0218 2228 Processor (2cb55427c58679f49ad600fccba76360) C:\WINDOWS\system32\DRIVERS\processr.sys
2011/05/15 19:29:00.0390 2228 prodrv06 (f2e3c8f1eb6ba0733e0a1f6373df7957) C:\WINDOWS\System32\drivers\prodrv06.sys
2011/05/15 19:29:00.0625 2228 prohlp02 (150307b52807d0c493c605ab913038ad) C:\WINDOWS\system32\drivers\prohlp02.sys
2011/05/15 19:29:00.0781 2228 prosync1 (f3471e7971ee62420451d958da635064) C:\WINDOWS\system32\drivers\prosync1.sys
2011/05/15 19:29:00.0953 2228 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/05/15 19:29:01.0078 2228 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/05/15 19:29:01.0234 2228 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2011/05/15 19:29:01.0906 2228 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/05/15 19:29:02.0109 2228 Rasirda (0207d26ddf796a193ccd9f83047bb5fc) C:\WINDOWS\system32\DRIVERS\rasirda.sys
2011/05/15 19:29:02.0296 2228 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/05/15 19:29:02.0468 2228 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/05/15 19:29:02.0640 2228 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/05/15 19:29:02.0812 2228 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/05/15 19:29:02.0984 2228 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/05/15 19:29:03.0125 2228 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/05/15 19:29:03.0312 2228 redbook (ed761d453856f795a7fe056e42c36365) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/05/15 19:29:03.0531 2228 rt2870 (65a31e0eeaacc22871fe97c5ac23156c) C:\WINDOWS\system32\DRIVERS\rt2870.sys
2011/05/15 19:29:03.0781 2228 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/05/15 19:29:03.0953 2228 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2011/05/15 19:29:04.0078 2228 Serial (cf24eb4f0412c82bcd1f4f35a025e31d) C:\WINDOWS\system32\DRIVERS\serial.sys
2011/05/15 19:29:04.0296 2228 sfdrv01 (4c0d673281178cb496011a2e28571fc8) C:\WINDOWS\system32\drivers\sfdrv01.sys
2011/05/15 19:29:04.0468 2228 sfhlp01 (462aee0ea0481ea8bd45cac876a4ccc4) C:\WINDOWS\system32\drivers\sfhlp01.sys
2011/05/15 19:29:04.0625 2228 sfhlp02 (15be2b5e4dc5b8623cf167720682abc9) C:\WINDOWS\system32\drivers\sfhlp02.sys
2011/05/15 19:29:04.0796 2228 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/05/15 19:29:04.0968 2228 sfvfs02 (d5a7e09d2c6a702809e49190d52adc9f) C:\WINDOWS\system32\drivers\sfvfs02.sys
2011/05/15 19:29:05.0203 2228 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
2011/05/15 19:29:05.0500 2228 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2011/05/15 19:29:05.0671 2228 sptd (4e3c4ffcb2c95c2ec1fa04a6f4531533) C:\WINDOWS\system32\Drivers\sptd.sys
2011/05/15 19:29:05.0671 2228 Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: 4e3c4ffcb2c95c2ec1fa04a6f4531533
2011/05/15 19:29:05.0687 2228 sptd - detected LockedFile.Multi.Generic (1)
2011/05/15 19:29:05.0875 2228 sr (50fa898f8c032796d3b1b9951bb5a90f) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/05/15 19:29:06.0078 2228 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/05/15 19:29:06.0281 2228 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
2011/05/15 19:29:06.0421 2228 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
2011/05/15 19:29:06.0578 2228 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/05/15 19:29:06.0718 2228 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2011/05/15 19:29:07.0343 2228 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/05/15 19:29:07.0515 2228 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/05/15 19:29:07.0703 2228 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/05/15 19:29:07.0859 2228 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/05/15 19:29:08.0015 2228 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/05/15 19:29:08.0218 2228 tmnsusbser (744ade3286c0f11ea2b034236f6e3868) C:\WINDOWS\system32\DRIVERS\tmnsusbser.sys
2011/05/15 19:29:08.0390 2228 tmusbnet (d17bfc64a6eead338bab3271af296c6d) C:\WINDOWS\system32\DRIVERS\tmusbnet.sys
2011/05/15 19:29:08.0671 2228 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2011/05/15 19:29:08.0906 2228 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2011/05/15 19:29:09.0109 2228 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
2011/05/15 19:29:09.0281 2228 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/05/15 19:29:09.0437 2228 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/05/15 19:29:09.0656 2228 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/05/15 19:29:09.0828 2228 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
2011/05/15 19:29:10.0000 2228 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2011/05/15 19:29:10.0171 2228 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/05/15 19:29:10.0328 2228 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/05/15 19:29:10.0531 2228 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2011/05/15 19:29:10.0781 2228 VolSnap (a5a712f4e880874a477af790b5186e1d) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/05/15 19:29:10.0953 2228 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/05/15 19:29:11.0203 2228 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/05/15 19:29:11.0453 2228 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
2011/05/15 19:29:11.0625 2228 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
2011/05/15 19:29:11.0828 2228 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2011/05/15 19:29:12.0015 2228 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2011/05/15 19:29:12.0171 2228 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2011/05/15 19:29:12.0406 2228 ================================================================================
2011/05/15 19:29:12.0406 2228 Scan finished
2011/05/15 19:29:12.0406 2228 ================================================================================
2011/05/15 19:29:12.0421 1344 Detected object count: 1
2011/05/15 19:30:31.0125 1344 LockedFile.Multi.Generic(sptd) - User select action: Skip


das der report von kaspersky :)

cosinus 15.05.2011 19:19
Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.


Downloade Dir danach bitte MBRCheck (by a_d_13) und speichere die Datei auf dem Desktop.
  • Doppelklick auf die MBRCheck.exe.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Das Tool braucht nur wenige Sekunden.
  • Danach solltest du eine MBRCheck_<Datum>_<Uhrzeit>.txt auf dem Desktop finden.
Poste mir bitte den Inhalt des .txt Dokumentes

Parkentiner1 15.05.2011 19:55
GMER Logfile:
Code:
GMER 1.0.15.15627 - hxxp://www.gmer.net
Rootkit scan 2011-05-15 20:54:24
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdePort0 WDC_WD800BB-00JHC0 rev.05.01C05
Running: khrbr443.exe; Driver: C:\DOKUME~1\KHNY~1\LOKALE~1\Temp\kgryraod.sys


---- System - GMER 1.0.15 ----

SSDT            F7BE36E6                                                                                                            ZwCreateKey
SSDT            F7BE36DC                                                                                                            ZwCreateThread
SSDT            F7BE36EB                                                                                                            ZwDeleteKey
SSDT            F7BE36F5                                                                                                            ZwDeleteValueKey
SSDT            sptd.sys                                                                                                            ZwEnumerateKey [0xF72F984E]
SSDT            sptd.sys                                                                                                            ZwEnumerateValueKey [0xF72F9BEE]
SSDT            F7BE36FA                                                                                                            ZwLoadKey
SSDT            sptd.sys                                                                                                            ZwOpenKey [0xF72F4090]
SSDT            F7BE36C8                                                                                                            ZwOpenProcess
SSDT            F7BE36CD                                                                                                            ZwOpenThread
SSDT            sptd.sys                                                                                                            ZwQueryKey [0xF72F9CC6]
SSDT            sptd.sys                                                                                                            ZwQueryValueKey [0xF72F9B46]
SSDT            F7BE3704                                                                                                            ZwReplaceKey
SSDT            F7BE36FF                                                                                                            ZwRestoreKey
SSDT            F7BE36F0                                                                                                            ZwSetValueKey

---- Kernel code sections - GMER 1.0.15 ----

?              C:\WINDOWS\system32\drivers\sptd.sys                                                                                Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird.
.text          C:\WINDOWS\system32\DRIVERS\nv4_mini.sys                                                                            section is writeable [0xF6247380, 0x346307, 0xE8000020]
.text          USBPORT.SYS!DllUnload                                                                                                F62138AC 5 Bytes  JMP 86CF61B8
?              System32\Drivers\aag979c8.SYS                                                                                        Das System kann den angegebenen Pfad nicht finden. !
.text          C:\WINDOWS\system32\drivers\ACEDRV05.sys                                                                            section is writeable [0xBA715000, 0x30A4A, 0xE8000020]
.pklstb        C:\WINDOWS\system32\drivers\ACEDRV05.sys                                                                            entry point in ".pklstb" section [0xBA757000]
.relo2          C:\WINDOWS\system32\drivers\ACEDRV05.sys                                                                            unknown last section [0xBA772000, 0x8E, 0x42000040]
?              C:\ComboFix\catchme.sys                                                                                              Das System kann den angegebenen Pfad nicht finden. !
?              C:\WINDOWS\system32\Drivers\PROCEXP113.SYS                                                                          Das System kann die angegebene Datei nicht finden. !

---- User code sections - GMER 1.0.15 ----

.text          C:\Programme\Pando Networks\Media Booster\PMB.exe[2928] kernel32.dll!SetUnhandledExceptionFilter                    7C84495D 5 Bytes  [33, C0, C2, 04, 00] {XOR EAX, EAX; RET 0x4}

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT            atapi.sys[HAL.dll!READ_PORT_UCHAR]                                                                                  [F72F4ABA] sptd.sys
IAT            atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT]                                                                          [F72F4C00] sptd.sys
IAT            atapi.sys[HAL.dll!READ_PORT_USHORT]                                                                                  [F72F4B82] sptd.sys
IAT            atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT]                                                                          [F72F572E] sptd.sys
IAT            atapi.sys[HAL.dll!WRITE_PORT_UCHAR]                                                                                  [F72F5604] sptd.sys
IAT            \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR]                                                  [F7307A9A] sptd.sys
IAT            \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisRequest]                                                      [F78E054E] PDDSLHND.sys (ProDyne DSL Handler/ProDyne)
IAT            \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisCloseAdapter]                                                  [F78E020E] PDDSLHND.sys (ProDyne DSL Handler/ProDyne)
IAT            \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisOpenAdapter]                                                  [F78E0256] PDDSLHND.sys (ProDyne DSL Handler/ProDyne)
IAT            \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisDeregisterProtocol]                                            [F78E052C] PDDSLHND.sys (ProDyne DSL Handler/ProDyne)
IAT            \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisRegisterProtocol]                                              [F78E04FE] PDDSLHND.sys (ProDyne DSL Handler/ProDyne)
IAT            \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisRegisterProtocol]                                            [F78E04FE] PDDSLHND.sys (ProDyne DSL Handler/ProDyne)
IAT            \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisRequest]                                                      [F78E054E] PDDSLHND.sys (ProDyne DSL Handler/ProDyne)
IAT            \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisOpenAdapter]                                                  [F78E0256] PDDSLHND.sys (ProDyne DSL Handler/ProDyne)
IAT            \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisCloseAdapter]                                                [F78E020E] PDDSLHND.sys (ProDyne DSL Handler/ProDyne)
IAT            \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisDeregisterProtocol]                                          [F78E052C] PDDSLHND.sys (ProDyne DSL Handler/ProDyne)
IAT            \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisRequest]                                                        [F78E054E] PDDSLHND.sys (ProDyne DSL Handler/ProDyne)
IAT            \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisDeregisterProtocol]                                            [F78E052C] PDDSLHND.sys (ProDyne DSL Handler/ProDyne)
IAT            \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisRegisterProtocol]                                              [F78E04FE] PDDSLHND.sys (ProDyne DSL Handler/ProDyne)
IAT            \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisOpenAdapter]                                                    [F78E0256] PDDSLHND.sys (ProDyne DSL Handler/ProDyne)
IAT            \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisCloseAdapter]                                                  [F78E020E] PDDSLHND.sys (ProDyne DSL Handler/ProDyne)
IAT            \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisRegisterProtocol]                                              [F78E04FE] PDDSLHND.sys (ProDyne DSL Handler/ProDyne)
IAT            \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisDeregisterProtocol]                                            [F78E052C] PDDSLHND.sys (ProDyne DSL Handler/ProDyne)
IAT            \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisCloseAdapter]                                                  [F78E020E] PDDSLHND.sys (ProDyne DSL Handler/ProDyne)
IAT            \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisRequest]                                                      [F78E054E] PDDSLHND.sys (ProDyne DSL Handler/ProDyne)
IAT            \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisOpenAdapter]                                                  [F78E0256] PDDSLHND.sys (ProDyne DSL Handler/ProDyne)
IAT            \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisCloseAdapter]                                                    [F78E020E] PDDSLHND.sys (ProDyne DSL Handler/ProDyne)
IAT            \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisRequest]                                                        [F78E054E] PDDSLHND.sys (ProDyne DSL Handler/ProDyne)
IAT            \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisOpenAdapter]                                                    [F78E0256] PDDSLHND.sys (ProDyne DSL Handler/ProDyne)
IAT            \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisRegisterProtocol]                                                [F78E04FE] PDDSLHND.sys (ProDyne DSL Handler/ProDyne)
IAT            \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisDeregisterProtocol]                                            [F78E052C] PDDSLHND.sys (ProDyne DSL Handler/ProDyne)
IAT            \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisRegisterProtocol]                                              [F78E04FE] PDDSLHND.sys (ProDyne DSL Handler/ProDyne)
IAT            \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisOpenAdapter]                                                    [F78E0256] PDDSLHND.sys (ProDyne DSL Handler/ProDyne)
IAT            \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisCloseAdapter]                                                  [F78E020E] PDDSLHND.sys (ProDyne DSL Handler/ProDyne)
IAT            \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisRequest]                                                        [F78E054E] PDDSLHND.sys (ProDyne DSL Handler/ProDyne)
IAT            \SystemRoot\system32\DRIVERS\irda.sys[NDIS.SYS!NdisOpenAdapter]                                                      [F78E0256] PDDSLHND.sys (ProDyne DSL Handler/ProDyne)
IAT            \SystemRoot\system32\DRIVERS\irda.sys[NDIS.SYS!NdisRegisterProtocol]                                                [F78E04FE] PDDSLHND.sys (ProDyne DSL Handler/ProDyne)
IAT            \SystemRoot\system32\DRIVERS\irda.sys[NDIS.SYS!NdisCloseAdapter]                                                    [F78E020E] PDDSLHND.sys (ProDyne DSL Handler/ProDyne)
IAT            \SystemRoot\system32\DRIVERS\irda.sys[NDIS.SYS!NdisDeregisterProtocol]                                              [F78E052C] PDDSLHND.sys (ProDyne DSL Handler/ProDyne)
IAT            \SystemRoot\system32\DRIVERS\irda.sys[NDIS.SYS!NdisRequest]                                                          [F78E054E] PDDSLHND.sys (ProDyne DSL Handler/ProDyne)
IAT            \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisRegisterProtocol]                                              [F78E04FE] PDDSLHND.sys (ProDyne DSL Handler/ProDyne)
IAT            \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisDeregisterProtocol]                                            [F78E052C] PDDSLHND.sys (ProDyne DSL Handler/ProDyne)
IAT            \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisRequest]                                                      [F78E054E] PDDSLHND.sys (ProDyne DSL Handler/ProDyne)
IAT            \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisCloseAdapter]                                                  [F78E020E] PDDSLHND.sys (ProDyne DSL Handler/ProDyne)
IAT            \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisOpenAdapter]                                                  [F78E0256] PDDSLHND.sys (ProDyne DSL Handler/ProDyne)

---- Devices - GMER 1.0.15 ----

Device          \FileSystem\Ntfs \Ntfs                                                                                              86F631D8

AttachedDevice  \FileSystem\Ntfs \Ntfs                                                                                              InCDrec.SYS (InCD File System Recognizer/Nero AG)

Device          \Driver\usbohci \Device\USBPDO-0                                                                                    86CF51D8
Device          \Driver\usbehci \Device\USBPDO-1                                                                                    86CE91D8
Device          \Driver\NetBT \Device\NetBT_Tcpip_{D5350F5B-9D0B-4755-8BEB-CC73C7CCD96D}                                            860FF980

AttachedDevice  \Driver\Tcpip \Device\Tcp                                                                                            fssfltr_tdi.sys (Family Safety Filter Driver (TDI)/Microsoft Corporation)

Device          \Driver\prodrv06 \Device\ProDrv06                                                                                    E1C7D828
Device          \Driver\Ftdisk \Device\HarddiskVolume1                                                                              86FD21D8
Device          \Driver\Cdrom \Device\CdRom0                                                                                        86CFA1D8
Device          \Driver\atapi \Device\Ide\IdePort0                                                                                  [F726DB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device          \Driver\atapi \Device\Ide\IdePort0                                                                                  prosync1.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device          \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3                                                                          [F726DB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device          \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3                                                                          prosync1.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device          \Driver\atapi \Device\Ide\IdePort1                                                                                  [F726DB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device          \Driver\atapi \Device\Ide\IdePort1                                                                                  prosync1.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device          \Driver\atapi \Device\Ide\IdePort2                                                                                  [F726DB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device          \Driver\atapi \Device\Ide\IdePort2                                                                                  prosync1.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device          \Driver\atapi \Device\Ide\IdePort3                                                                                  [F726DB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device          \Driver\atapi \Device\Ide\IdePort3                                                                                  prosync1.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device          \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-1b                                                                        [F726DB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device          \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-1b                                                                        prosync1.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device          \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-13                                                                        [F726DB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device          \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-13                                                                        prosync1.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device          \Driver\Cdrom \Device\CdRom1                                                                                        86CFA1D8
Device          \Driver\NetBT \Device\NetBT_Tcpip_{FA859454-9066-43AF-B0F2-D35A2B76F3F1}                                            860FF980
Device          \Driver\Cdrom \Device\CdRom2                                                                                        86CFA1D8
Device          \Driver\Cdrom \Device\CdRom3                                                                                        86CFA1D8
Device          \Driver\prohlp02 \Device\ProHlp02                                                                                    E1777740
Device          \Driver\NetBT \Device\NetBt_Wins_Export                                                                              860FF980
Device          \Driver\NetBT \Device\NetbiosSmb                                                                                    860FF980
Device          \Driver\00000043 \Device\0000005b                                                                                    sptd.sys
Device          \Driver\usbohci \Device\USBFDO-0                                                                                    86CF51D8
Device          \Driver\usbehci \Device\USBFDO-1                                                                                    86CE91D8
Device          \FileSystem\MRxSmb \Device\LanmanDatagramReceiver                                                                    860C71D8
Device                                                                                                                              860C71D8
Device          \Driver\Ftdisk \Device\FtControl                                                                                    86FD21D8
Device          \Driver\aag979c8 \Device\Scsi\aag979c81                                                                              86C16808
Device          \Driver\aag979c8 \Device\Scsi\aag979c81Port4Path0Target1Lun0                                                        86C16808
Device          \Driver\aag979c8 \Device\Scsi\aag979c81Port4Path0Target0Lun0                                                        86C16808
Device          *                                                                                                                    Fs_Rec.SYS (File System Recognizer Driver/Microsoft Corporation)
Device          \FileSystem\Cdfs \Cdfs                                                                                              86D843F0

---- Registry - GMER 1.0.15 ----

Reg            HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1                                                                  -698154437
Reg            HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2                                                                  1117098950
Reg            HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0                                                                  1
Reg            HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4                                   
Reg            HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0                                  C:\Programme\DAEMON Tools\
Reg            HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0                                  0
Reg            HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh                              0xD8 0xE8 0xEA 0xC5 ...
Reg            HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001                           
Reg            HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0                        0x20 0x01 0x00 0x00 ...
Reg            HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh                      0xD0 0x3F 0xD5 0x34 ...
Reg            HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40                     
Reg            HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh                0x8F 0x72 0xC8 0xD5 ...
Reg            HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41                     
Reg            HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh                0xE8 0x0A 0x14 0xF8 ...
Reg            HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42                     
Reg            HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42@khjeh                0xE8 0x0A 0x14 0xF8 ...
Reg            HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43                     
Reg            HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43@khjeh                0xE8 0x0A 0x14 0xF8 ...
Reg            HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)               
Reg            HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0                                      C:\Programme\DAEMON Tools\
Reg            HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0                                      0
Reg            HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh                                  0xD8 0xE8 0xEA 0xC5 ...
Reg            HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)       
Reg            HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0                            0x20 0x01 0x00 0x00 ...
Reg            HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh                          0xD0 0x3F 0xD5 0x34 ...
Reg            HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet) 
Reg            HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh                    0x8F 0x72 0xC8 0xD5 ...
Reg            HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41 (not active ControlSet) 
Reg            HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh                    0xE8 0x0A 0x14 0xF8 ...
Reg            HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42 (not active ControlSet) 
Reg            HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42@khjeh                    0xE8 0x0A 0x14 0xF8 ...
Reg            HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43 (not active ControlSet) 
Reg            HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43@khjeh                    0xE8 0x0A 0x14 0xF8 ...
Reg            HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)               
Reg            HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0                                      C:\Programme\DAEMON Tools\
Reg            HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0                                      0
Reg            HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh                                  0xD8 0xE8 0xEA 0xC5 ...
Reg            HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)       
Reg            HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0                            0x20 0x01 0x00 0x00 ...
Reg            HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh                          0xD0 0x3F 0xD5 0x34 ...
Reg            HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet) 
Reg            HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh                    0x8F 0x72 0xC8 0xD5 ...
Reg            HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41 (not active ControlSet) 
Reg            HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh                    0xE8 0x0A 0x14 0xF8 ...
Reg            HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42 (not active ControlSet) 
Reg            HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42@khjeh                    0xE8 0x0A 0x14 0xF8 ...
Reg            HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43 (not active ControlSet) 
Reg            HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43@khjeh                    0xE8 0x0A 0x14 0xF8 ...
Reg            HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)               
Reg            HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0                                      C:\Programme\DAEMON Tools\
Reg            HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0                                      0
Reg            HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh                                  0xD8 0xE8 0xEA 0xC5 ...
Reg            HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)       
Reg            HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0                            0x20 0x01 0x00 0x00 ...
Reg            HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh                          0xD0 0x3F 0xD5 0x34 ...
Reg            HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet) 
Reg            HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh                    0x8F 0x72 0xC8 0xD5 ...
Reg            HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41 (not active ControlSet) 
Reg            HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh                    0xE8 0x0A 0x14 0xF8 ...
Reg            HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42 (not active ControlSet) 
Reg            HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42@khjeh                    0xE8 0x0A 0x14 0xF8 ...
Reg            HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43 (not active ControlSet) 
Reg            HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43@khjeh                    0xE8 0x0A 0x14 0xF8 ...

---- Disk sectors - GMER 1.0.15 ----

Disk            \Device\Harddisk0\DR0                                                                                                MBR read error
Disk            \Device\Harddisk0\DR0                                                                                                MBR BIOS signature not found 0

---- EOF - GMER 1.0.15 ----
--- --- ---











OSAM Logfile:
Code:
Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 20:51:38 on 15.05.2011

OS: Windows XP Home Edition Service Pack 3 (Build 2600)
Default Browser: Mozilla Corporation Firefox 3.5.19

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Common]
-----( %SystemRoot%\Tasks )-----
"GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Programme\Google\Update\GoogleUpdate.exe
"GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Programme\Google\Update\GoogleUpdate.exe
"1-Klick-Wartung.job" - ? - C:\Programme\TuneUp Utilities 2008\OneClickStarter.exe  (File found, but it contains no detailed information)

[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"alsndmgr.cpl" - ? - C:\WINDOWS\system32\alsndmgr.cpl  (File signed by Microsoft | File found, but it contains no detailed information)
"infocardcpl.cpl" - "Microsoft Corporation" - C:\WINDOWS\system32\infocardcpl.cpl
"jpicpl32.cpl" - "Sun Microsystems, Inc." - C:\WINDOWS\system32\jpicpl32.cpl
"nvcpl.cpl" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvcpl.cpl
"nvtuicpl.cpl" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvtuicpl.cpl
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"Avira AntiVir Personal" - "Avira GmbH" - C:\PROGRA~1\Avira\ANTIVI~1\avconfig.cpl
"Avira AntiVir PersonalEdition Classic Konfiguration" - ? - C:\PROGRA~1\ANTIVI~1\avconfig.cpl  (File not found)
"Nero BurnRights" - "Nero AG" - C:\Programme\Nero\Nero 7\Nero Toolkit\NeroBurnRights.cpl
"Pando" - "Pando Networks" - C:\Programme\Pando Networks\Media Booster\PMB.cpl

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"aag979c8" (aag979c8) - ? - C:\WINDOWS\system32\drivers\aag979c8.sys  (Hidden registry entry, rootkit activity | File not found)
"ACEDRV05" (ACEDRV05) - "Protect Software GmbH" - C:\WINDOWS\system32\drivers\ACEDRV05.sys
"ACEDRV07" (ACEDRV07) - ? - C:\WINDOWS\system32\drivers\ACEDRV07.sys  (File not found)
"AEGIS Protocol (IEEE 802.1x) v3.7.5.0" (AegisP) - "Cisco Systems, Inc." - C:\WINDOWS\System32\DRIVERS\AegisP.sys
"avgio" (avgio) - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\avgio.sys
"avgntflt" (avgntflt) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\avgntflt.sys
"avipbb" (avipbb) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\avipbb.sys
"catchme" (catchme) - ? - C:\ComboFix\catchme.sys  (File not found)
"Changer" (Changer) - ? - C:\WINDOWS\system32\drivers\Changer.sys  (File not found)
"EagleNT" (EagleNT) - ? - C:\WINDOWS\system32\drivers\EagleNT.sys  (File not found)
"EIO" (EIO) - "ASUSTeK Computer Inc." - C:\WINDOWS\system32\drivers\EIO.sys
"FssFltr" (fssfltr) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\fssfltr_tdi.sys
"Hamachi Network Interface" (hamachi) - "Applied Networking Inc." - C:\WINDOWS\System32\DRIVERS\hamachi.sys
"i2omgmt" (i2omgmt) - ? - C:\WINDOWS\system32\drivers\i2omgmt.sys  (File not found)
"InCD File System" (InCDfs) - "Nero AG" - C:\WINDOWS\System32\drivers\InCDFs.sys
"InCD Reader" (incdrm) - "Nero AG" - C:\WINDOWS\System32\drivers\InCDRm.sys
"InCDPass" (InCDPass) - "Nero AG" - C:\WINDOWS\System32\drivers\InCDPass.sys
"InCDrec" (InCDrec) - "Nero AG" - C:\WINDOWS\system32\drivers\InCDrec.sys
"kgryraod" (kgryraod) - ? - C:\DOKUME~1\KHNY~1\LOKALE~1\Temp\kgryraod.sys  (Hidden registry entry, rootkit activity | File not found)
"Labtec WebCam(PID_08A0)" (PID_08A0) - ? - C:\WINDOWS\System32\DRIVERS\LV302AV.SYS  (File not found)
"lbrtfdc" (lbrtfdc) - ? - C:\WINDOWS\system32\drivers\lbrtfdc.sys  (File not found)
"Logitech USB Monitor Filter" (LVUSBSta) - ? - C:\WINDOWS\System32\drivers\lvusbsta.sys  (File not found)
"mbr" (mbr) - ? - C:\DOKUME~1\KHNY~1\LOKALE~1\Temp\mbr.sys  (Hidden registry entry, rootkit activity | File not found)
"NPPTNT2" (NPPTNT2) - "INCA Internet Co., Ltd." - C:\WINDOWS\system32\npptNT2.sys
"PCIDump" (PCIDump) - ? - C:\WINDOWS\system32\drivers\PCIDump.sys  (File not found)
"PDCOMP" (PDCOMP) - ? - C:\WINDOWS\system32\drivers\PDCOMP.sys  (File not found)
"PDDSLHND" (PDDSLHND) - "ProDyne" - C:\WINDOWS\system32\drivers\PDDSLHND.sys
"PDFRAME" (PDFRAME) - ? - C:\WINDOWS\system32\drivers\PDFRAME.sys  (File not found)
"PDNMp50 NDIS Protocol Driver" (PDNMp50) - "Printing Communications Assoc., Inc. (PCAUSA)" - C:\WINDOWS\system32\drivers\PDNMp50.sys
"PDNSp50 NDIS Protocol Driver" (PDNSp50) - "Printing Communications Assoc., Inc. (PCAUSA)" - C:\WINDOWS\system32\drivers\PDNSp50.sys
"PDRELI" (PDRELI) - ? - C:\WINDOWS\system32\drivers\PDRELI.sys  (File not found)
"PDRFRAME" (PDRFRAME) - ? - C:\WINDOWS\system32\drivers\PDRFRAME.sys  (File not found)
"ProDyne DSL Adapter" (PDDSLADP) - "ProDyne" - C:\WINDOWS\System32\DRIVERS\PDDSLADP.SYS
"PxHelp20" (PxHelp20) - "Sonic Solutions" - C:\WINDOWS\System32\Drivers\PxHelp20.sys
"sptd" (sptd) - "Duplex Secure Ltd." - C:\WINDOWS\System32\Drivers\sptd.sys  (File is exclusively opened, access blocked)
"ssmdrv" (ssmdrv) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\ssmdrv.sys
"StarForce Protection Environment Driver (version 1.x)" (sfdrv01) - "Protection Technology" - C:\WINDOWS\System32\drivers\sfdrv01.sys
"StarForce Protection Environment Driver v6" (prodrv06) - "Protection Technology" - C:\WINDOWS\System32\drivers\prodrv06.sys
"StarForce Protection Helper Driver" (sfhlp01) - "Protection Technology" - C:\WINDOWS\System32\drivers\sfhlp01.sys
"StarForce Protection Helper Driver (version 2.x)" (sfhlp02) - "Protection Technology" - C:\WINDOWS\System32\drivers\sfhlp02.sys
"StarForce Protection Helper Driver v2" (prohlp02) - "Protection Technology" - C:\WINDOWS\System32\drivers\prohlp02.sys
"StarForce Protection Synchronization Driver v1" (prosync1) - "Protection Technology" - C:\WINDOWS\System32\drivers\prosync1.sys
"StarForce Protection VFS Driver (version 2.x)" (sfvfs02) - "Protection Technology" - C:\WINDOWS\System32\drivers\sfvfs02.sys
"Volume Adapter" (pepifilter) - ? - C:\WINDOWS\System32\DRIVERS\lv302af.sys  (File not found)
"WDICA" (WDICA) - ? - C:\WINDOWS\system32\drivers\WDICA.sys  (File not found)

[Explorer]
-----( HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components )-----
{89B4C1CD-B018-4511-B0A1-5476DBF70820} "StubPath" - "Microsoft Corporation" - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.dll
-----( HKLM\Software\Classes\Protocols\Filter )-----
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
-----( HKLM\Software\Classes\Protocols\Handler )-----
{828030A1-22C1-4009-854F-8E305202313F} "livecall" - "Microsoft Corporation" - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
{828030A1-22C1-4009-854F-8E305202313F} "msnim" - "Microsoft Corporation" - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
{03C514A3-1EFB-4856-9F99-10D7BE1653C0} "Windows Live Mail HTML Asynchronous Pluggable Protocol Handler" - "Microsoft Corporation" - C:\Programme\Windows Live\Mail\mailcomm.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{32020A01-506E-484D-A2A8-BE3CF17601C3} "AlcoholShellEx" - ? -  (File not found | COM-object registry key not found)
{0563DB41-F538-4B37-A92D-4659049B7766} "CLSID_WLMCMimeFilter" - "Microsoft Corporation" - C:\Programme\Windows Live\Mail\mailcomm.dll
{42071714-76d4-11d1-8b24-00a0c9068ff3} "CPL-Erweiterung für Anzeigeverschiebung" - ? - deskpan.dll  (File not found)
{1CDB2949-8F65-4355-8456-263E7C208A5D} "Desktop Explorer" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvshell.dll
{1E9B04FB-F9E5-4718-997B-B8DA88302A47} "Desktop Explorer Menu" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvshell.dll
{1D2680C9-0E2A-469d-B787-065558BC7D43} "Fusion Cache" - "Microsoft Corporation" - c:\WINDOWS\system32\mscoree.dll
{73B24247-042E-4EF5-ADC2-42F62E6FD654} "ICQ Lite Shell Extension" - ? -  (File not found | COM-object registry key not found)
{CAE3251E-9B15-4810-B268-852AD9792A59} "InCDShellExt Class" - "Nero AG" - C:\Programme\Nero\Nero 7\InCD\InCDshx.dll
{B3D9AEDE-B2C3-406d-A254-6BE07767B08B} "InCDUdfPerm Class" - "Nero AG" - C:\Programme\Nero\Nero 7\InCD\InCDUP.dll
{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} "Kontextmenü für die Verschlüsselung" - ? -  (File not found | COM-object registry key not found)
{97F68CE3-7146-45FF-BE24-D9A7DD7CB8A2} "NeroCoverEdLiveIcons Class" - "Nero AG" - C:\Programme\Nero\Nero 7\Nero CoverDesigner\CoverEdExtension.dll
{1E9B04FB-F9E5-4718-997B-B8DA88302A48} "nView Desktop Context Menu" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvshell.dll
{63542C48-9552-494A-84F7-73AA6A7C99C1} "OpenOffice Property Sheet Handler" - ? - C:\Programme\OpenOffice.org1.1.4\program\shlxthdl.dll
{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\shlext.dll
{E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} "Shell Icon Handler for Application References" - "Microsoft Corporation" - c:\WINDOWS\system32\dfshim.dll
{764BF0E1-F219-11ce-972D-00AA00A14F56} "Shellerweiterungen für die Dateikomprimierung" - ? -  (File not found | COM-object registry key not found)
{e82a2d71-5b2f-43a0-97b8-81be15854de8} "ShellLink for Application References" - "Microsoft Corporation" - c:\WINDOWS\system32\dfshim.dll
{4858E7D9-8E12-45a3-B6A3-1CD128C9D403} "TuneUp Shredder Shell Extension" - "TuneUp Software GmbH" - C:\PROGRA~1\TUNEUP~1\SDShelEx-win32.dll
{44440D00-FF19-4AFC-B765-9A0970567D97} "TuneUp Theme Extension" - "TuneUp Software GmbH" - C:\WINDOWS\System32\uxtuneup.dll
{2BE99FD4-A181-4996-BFA9-58C5FFD11F6C} "Windows Live Photo Gallery Autoplay Drop Target" - "Microsoft Corporation" - C:\Programme\Windows Live\Photo Gallery\WLXPhotoGallery.exe
{00F30F64-AC33-42F5-8FD1-5DC2D3FDE06C} "Windows Live Photo Gallery Editor Drop Target" - "Microsoft Corporation" - C:\Programme\Windows Live\Photo Gallery\WLXPhotoGallery.exe
{00F3712A-CA79-45B4-9E4D-D7891E7F8B9D} "Windows Live Photo Gallery Editor Shim" - "Microsoft Corporation" - C:\Programme\Windows Live\Photo Gallery\PhotoViewerShim.dll
{00F30F90-3E96-453B-AFCD-D71989ECC2C7} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Programme\Windows Live\Photo Gallery\PhotoViewerShim.dll
{00F33137-EE26-412F-8D71-F84E4C2C6625} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Programme\Windows Live\Photo Gallery\PhotoViewerShim.dll
{00F374B7-B390-4884-B372-2FC349F2172B} "Windows Live Photo Gallery Viewer Drop Target" - "Microsoft Corporation" - C:\Programme\Windows Live\Photo Gallery\WLXPhotoGallery.exe
{00F346CB-35A4-465B-8B8F-65A29DBAB1F6} "Windows Live Photo Gallery Viewer Shim" - "Microsoft Corporation" - C:\Programme\Windows Live\Photo Gallery\PhotoViewerShim.dll
{B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - ? - C:\Programme\WinRAR\rarext.dll  (File found, but it contains no detailed information)
{06A2568A-CED6-4187-BB20-400B8C02BE5A} "{06A2568A-CED6-4187-BB20-400B8C02BE5A}" - "Microsoft Corporation" - C:\Programme\Windows Live\Photo Gallery\WLXPhotoAcquireWizard.exe

[Internet Explorer]
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
<binary data> "ICQToolBar" - "ICQ" - C:\Programme\ICQ6Toolbar\ICQToolBar.dll
<binary data> "ITBar7Layout" - ? -  (File not found | COM-object registry key not found)
<binary data> "SweetIM For Internet Explorer" - ? -  (File not found | COM-object registry key not found)
<binary data> "SweetIM Toolbar for Internet Explorer" - "SweetIM Technologies Ltd." - C:\Programme\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
<binary data> "Yahoo! Toolbar mit Pop-Up-Blocker" - ? -  (File not found | COM-object registry key not found)
<binary data> "{0E1230F8-EA50-42A9-983C-D22ABC2EED3C}" - ? -  (File not found | COM-object registry key not found)
-----( HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks )-----
{855F3B16-6D32-4fe6-8A56-BBB695989046} "ICQToolBar" - "ICQ" - C:\Programme\ICQ6Toolbar\ICQToolBar.dll
{BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} "SweetIM For Internet Explorer" - ? -  (File not found | COM-object registry key not found)
{EEE6C35D-6118-11DC-9C72-001320C79847} "SweetIM ToolbarURLSearchHook Class" - "SweetIM Technologies Ltd." - C:\Programme\SweetIM\Toolbars\Internet Explorer\mgHelper.dll
 "{855F3B16-6D32-4fe6-8A56-BBB695989046}" - ? -  (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{00B71CFB-6864-4346-A978-C0A14556272C} "Checkers Class" - "Microsoft Corporation" - C:\WINDOWS\Downloaded Program Files\msgrchkr.dll / hxxp://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
{1754A1BA-A1DF-4F10-B199-AA55AA1A120F} "InstallerBehaviorFactory Class" - "Microsoft Corp." - C:\WINDOWS\Downloaded Program Files\MsnInstC.dll / https://signup.msn.com/pages/MsnInstC.cab
{CAFEEFAC-0015-0000-0007-ABCDEFFEDCBA} "Java Plug-in 1.5.0_07" - "Sun Microsystems, Inc." - C:\Programme\Java\jre1.5.0_07\bin\npjpi150_07.dll / hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_07-windows-i586.cab
{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} "Java Plug-in 1.5.0_10" - "Sun Microsystems, Inc." - C:\Programme\Java\jre1.5.0_10\bin\npjpi150_10.dll / hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.5.0_11" - "Sun Microsystems, Inc." - C:\Programme\Java\jre1.5.0_11\bin\npjpi150_11.dll / hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab
{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} "Java Plug-in 1.5.0_11" - "Sun Microsystems, Inc." - C:\Programme\Java\jre1.5.0_11\bin\npjpi150_11.dll / hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.5.0_11" - "Sun Microsystems, Inc." - C:\Programme\Java\jre1.5.0_11\bin\npjpi150_11.dll / hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab
{8E0D4DE5-3180-4024-A327-4DFAD1796A8D} "MessengerStatsClient Class" - "Microsoft Corporation" - C:\WINDOWS\Downloaded Program Files\messengerstatsclient.dll / hxxp://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
{C3F79A2B-B9B4-4A66-B012-3EE46475B072} "MessengerStatsClient Class" - "Microsoft Corporation" - C:\WINDOWS\Downloaded Program Files\MessengerStatsPAClient.dll / hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
{4F1E5B1A-2A80-42CA-8532-2D05CB959537} "MSN Photo Upload Tool" - "Microsoft® Corporation" - C:\WINDOWS\Downloaded Program Files\MsnPUpld.dll / hxxp://gfx1.hotmail.com/mail/w3/resources/MSNPUpld.cab
{D0C0F75C-683A-4390-A791-1ACFD5599AB8} "Oberon Flash Game Host" - "Oberon Media, Inc." - C:\WINDOWS\Downloaded Program Files\OberonGameHost.dll / hxxp://gamenextde.oberon-media.com/Gameshell/GameHost/1.0/OberonGameHost.cab
{D27CDB6E-AE6D-11CF-96B8-444553540000} "Shockwave Flash Object" - "Adobe Systems, Inc." - C:\WINDOWS\system32\Macromed\Flash\Flash10h.ocx / hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
{5C051655-FCD5-4969-9182-770EA5AA5565} "Solitaire Showdown Class" - "Microsoft Corporation" - C:\WINDOWS\Downloaded Program Files\SolitaireShowdown.dll / hxxp://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
{67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} "System Requirements Lab Class" - "Husdawg, LLC" - C:\WINDOWS\Downloaded Program Files\sysreqlab2.dll / hxxp://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBC} "ClsidExtension" - "Sun Microsystems, Inc." - C:\Programme\Java\jre1.5.0_11\bin\npjpi150_11.dll
{53707962-6F74-2D53-2644-206D7942484F} "ClsidExtension" - "Safer Networking Limited" - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
"ICQ Lite" - ? - C:\Programme\ICQLite\ICQLite.exe  (File not found)
"ICQ7.2" - "ICQ, LLC." - C:\Programme\ICQ7.2\ICQ.exe
{5F7B1267-94A9-47F5-98DB-E99415F33AEC} "In Blog veröffentlichen" - "Microsoft Corporation" - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll
"PartyPoker.com" - ? - C:\Programme\PartyGaming\PartyPoker\RunApp.exe  (File not found)
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )-----
{855F3B16-6D32-4FE6-8A56-BBB695989046} "ICQToolBar" - "ICQ" - C:\Programme\ICQ6Toolbar\ICQToolBar.dll
<binary data> "SweetIM For Internet Explorer" - ? -  (File not found | COM-object registry key not found)
<binary data> "SweetIM Toolbar for Internet Explorer" - "SweetIM Technologies Ltd." - C:\Programme\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
{53707962-6F74-2D53-2644-206D7942484F} "Spybot-S&D IE Protection" - "Safer Networking Limited" - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} "SSVHelper Class" - "Sun Microsystems, Inc." - C:\Programme\Java\jre1.5.0_11\bin\ssv.dll
{EEE6C35C-6118-11DC-9C72-001320C79847} "SweetIM Toolbar Helper" - "SweetIM Technologies Ltd." - C:\Programme\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
{9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live Anmelde-Hilfsprogramm" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
{1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} "{1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A}" - ? -  (File not found | COM-object registry key not found)
{5C255C8A-E604-49b4-9D64-90988571CECB} "{5C255C8A-E604-49b4-9D64-90988571CECB}" - ? -  (File not found | COM-object registry key not found)

[Logon]
-----( %AllUsersProfile%\Startmenü\Programme\Autostart )-----
"Belkin Dienstprogramm für kabellose Netzwerke.lnk" - "Belkin International, Inc." - C:\Programme\Belkin\F6D4050\v1\Belkinwcui.exe  (Shortcut exists | File exists)
"desktop.ini" - ? - C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\desktop.ini
-----( %UserProfile%\Startmenü\Programme\Autostart )-----
"desktop.ini" - ? - C:\Dokumente und Einstellungen\Köhny\Startmenü\Programme\Autostart\desktop.ini
-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----
"Pando Media Booster" - ? - C:\Programme\Pando Networks\Media Booster\PMB.exe
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"Adobe ARM" - "Adobe Systems Incorporated" - "C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe"
"Adobe Reader Speed Launcher" - "Adobe Systems Incorporated" - "C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"avgnt" - "Avira GmbH" - "C:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min
"nwiz" - "NVIDIA Corporation" - nwiz.exe /install
"OlStatusMon" - "Olivetti" - "C:\Programme\Olivetti\ANY_WAY\olDvcStatus.exe" dvcStatusMinimize
"SweetIM" - "SweetIM Technologies Ltd." - C:\Programme\SweetIM\Messenger\SweetIM.exe

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
".NET Runtime Optimization Service v2.0.50727_X86" (clr_optimization_v2.0.50727_32) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
"Anwendungsverwaltung" (AppMgmt) - ? - C:\WINDOWS\System32\appmgmts.dll  (File not found)
"ASP.NET-Zustandsdienst" (aspnet_state) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
"Avira AntiVir Guard" (AntiVirService) - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\avguard.exe
"Avira AntiVir Planer" (AntiVirSchedulerService) - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\sched.exe
"Google Update Service (gupdate)" (gupdate) - "Google Inc." - C:\Programme\Google\Update\GoogleUpdate.exe
"Google Update-Dienst (gupdatem)" (gupdatem) - "Google Inc." - C:\Programme\Google\Update\GoogleUpdate.exe
"ICQ Service" (ICQ Service) - ? - C:\Programme\ICQ6Toolbar\ICQ Service.exe
"InstallDriver Table Manager" (IDriverT) - "Macrovision Corporation" - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
"nProtect GameGuard Service" (npggsvc) - "INCA Internet Co., Ltd." - C:\WINDOWS\system32\GameMon.des
"TuneUp Designerweiterung" (UxTuneUp) - "TuneUp Software GmbH" - C:\WINDOWS\System32\uxtuneup.dll
"TuneUp Drive Defrag-Dienst" (TuneUp.Defrag) - "TuneUp Software GmbH" - C:\WINDOWS\System32\TuneUpDefragService.exe
"Windows CardSpace" (idsvc) - "Microsoft Corporation" - c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
"Windows Live Family Safety-Dienst" (fsssvc) - "Microsoft Corporation" - C:\Programme\Windows Live\Family Safety\fsssvc.exe
"Windows Presentation Foundation Font Cache 3.0.0.0" (FontCache3.0.0.0) - "Microsoft Corporation" - c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe

[Winlogon]
-----( HKCU\Control Panel\IOProcs )-----
"MVB" - ? - mvfs32.dll  (File not found)
-----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions )-----
{c6dc5466-785a-11d2-84d0-00c04fb169f7} "Softwareinstallation" - ? - appmgmts.dll  (File not found)
-----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify )-----
"WgaLogon" - "Microsoft Corporation" - C:\WINDOWS\system32\WgaLogon.dll

===[ Logfile end ]=========================================[ Logfile end ]===
--- --- ---

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru





MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows XP Home Edition
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x0000007d

Kernel Drivers (total 139):
0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
0x806D1000 \WINDOWS\system32\hal.dll
0xF79CB000 \WINDOWS\system32\KDCOM.DLL
0xF78DB000 \WINDOWS\system32\BOOTVID.dll
0xF72F3000 sptd.sys
0xF79CD000 \WINDOWS\System32\Drivers\WMILIB.SYS
0xF72DB000 \WINDOWS\System32\Drivers\SCSIPORT.SYS
0xF72AC000 ACPI.sys
0xF729B000 pci.sys
0xF74CB000 isapnp.sys
0xF7A93000 pciide.sys
0xF774B000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xF74DB000 MountMgr.sys
0xF727C000 ftdisk.sys
0xF7753000 PartMgr.sys
0xF74EB000 VolSnap.sys
0xF7264000 atapi.sys
0xF74FB000 disk.sys
0xF750B000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xF7244000 fltmgr.sys
0xF7232000 sr.sys
0xF751B000 PxHelp20.sys
0xF721B000 KSecDD.sys
0xF7208000 WudfPf.sys
0xF717B000 Ntfs.sys
0xF714E000 NDIS.sys
0xF713B000 sfvfs02.sys
0xF775B000 sfhlp02.sys
0xF79CF000 sfhlp01.sys
0xF7129000 sfdrv01.sys
0xF79D1000 prosync1.sys
0xF710D000 prohlp02.sys
0xF70F3000 Mup.sys
0xF78DF000 PDDSLHND.sys
0xF6247000 \SystemRoot\system32\DRIVERS\nv4_mini.sys
0xF6233000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xF7853000 \SystemRoot\system32\DRIVERS\fdc.sys
0xF621F000 \SystemRoot\system32\DRIVERS\parport.sys
0xF70CB000 \SystemRoot\system32\DRIVERS\gameenum.sys
0xF757B000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0xF785B000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xF7863000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xF758B000 \SystemRoot\system32\DRIVERS\serial.sys
0xF70C7000 \SystemRoot\system32\DRIVERS\serenum.sys
0xF786B000 \SystemRoot\system32\DRIVERS\usbohci.sys
0xF61FB000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xF7873000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xF759B000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xF75AB000 \SystemRoot\system32\DRIVERS\redbook.sys
0xF61D8000 \SystemRoot\system32\DRIVERS\ks.sys
0xF787B000 \SystemRoot\system32\drivers\InCDPass.sys
0xF75BB000 \SystemRoot\system32\drivers\InCDRm.sys
0xF75CB000 \SystemRoot\system32\DRIVERS\imapi.sys
0xF5E49000 \SystemRoot\system32\drivers\ALCXWDM.SYS
0xF5E0A000 \SystemRoot\system32\drivers\portcls.sys
0xF75DB000 \SystemRoot\system32\drivers\drmk.sys
0xF70B3000 \SystemRoot\system32\DRIVERS\nvnetbus.sys
0xF5DC0000 \SystemRoot\system32\DRIVERS\NVNRM.SYS
0xF5D89000 \SystemRoot\system32\DRIVERS\NVSNPU.SYS
0xF5D3F000 \SystemRoot\System32\Drivers\aag979c8.SYS
0xF75EB000 \SystemRoot\system32\DRIVERS\processr.sys
0xF7BF7000 \SystemRoot\system32\DRIVERS\audstub.sys
0xF78CB000 \SystemRoot\system32\DRIVERS\rasirda.sys
0xF78D3000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xF75FB000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xF7087000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xF5D28000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xF760B000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xF761B000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xF5D17000 \SystemRoot\system32\DRIVERS\psched.sys
0xF762B000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xF778B000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xF7793000 \SystemRoot\system32\DRIVERS\raspti.sys
0xF798F000 \SystemRoot\system32\DRIVERS\PDDSLADP.SYS
0xF763B000 \SystemRoot\system32\DRIVERS\termdd.sys
0xF7A07000 \SystemRoot\system32\DRIVERS\swenum.sys
0xF5CB9000 \SystemRoot\system32\DRIVERS\update.sys
0xF7993000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xF765B000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xF766B000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xF7A0B000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xF6A66000 \SystemRoot\system32\DRIVERS\NVENETFD.sys
0xF77A3000 \SystemRoot\system32\DRIVERS\flpydisk.sys
0xF7A0F000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xF7B33000 \SystemRoot\System32\Drivers\Null.SYS
0xF7A11000 \SystemRoot\System32\Drivers\Beep.SYS
0xF77B3000 \SystemRoot\System32\drivers\vga.sys
0xF7A13000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xF7A15000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xF695F000 \SystemRoot\System32\Drivers\InCDrec.SYS
0xF3B44000 \SystemRoot\system32\drivers\InCDFs.sys
0xF77BB000 \SystemRoot\System32\Drivers\Msfs.SYS
0xF77C3000 \SystemRoot\System32\Drivers\Npfs.SYS
0xF79AF000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xF3B09000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xF3AB0000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xF3A88000 \SystemRoot\system32\DRIVERS\netbt.sys
0xF3A66000 \SystemRoot\System32\drivers\afd.sys
0xF6A46000 \SystemRoot\system32\DRIVERS\netbios.sys
0xF77CB000 \SystemRoot\system32\DRIVERS\ssmdrv.sys
0xF3A3B000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xF3A27000 \SystemRoot\System32\drivers\prodrv06.sys
0xF39B7000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xF6A36000 \SystemRoot\System32\Drivers\Fips.SYS
0xF3991000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xF6A26000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xF396B000 \SystemRoot\system32\DRIVERS\avipbb.sys
0xF77DB000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0xF7A1F000 \??\C:\Programme\Avira\AntiVir Desktop\avgio.sys
0xF394C000 \SystemRoot\system32\DRIVERS\tmusbnet.sys
0xF3931000 \SystemRoot\system32\DRIVERS\tmnsusbser.sys
0xF6A06000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xF38F1000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xF7A23000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xF799F000 \SystemRoot\System32\drivers\Dxapi.sys
0xF77E3000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xF7AC8000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF012000 \SystemRoot\System32\nv4_disp.dll
0xBF594000 \SystemRoot\System32\ATMFD.DLL
0xBA773000 \SystemRoot\system32\DRIVERS\avgntflt.sys
0xBA714000 \??\C:\WINDOWS\system32\drivers\ACEDRV05.sys
0xF77F3000 \SystemRoot\system32\DRIVERS\AegisP.sys
0xF35D8000 \SystemRoot\system32\DRIVERS\fssfltr_tdi.sys
0xBA5BE000 \SystemRoot\system32\DRIVERS\irda.sys
0xBA6FC000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xBA3B1000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0xF7A8D000 \SystemRoot\System32\Drivers\ParVdm.SYS
0xBA4B6000 \??\C:\WINDOWS\system32\drivers\EIO.sys
0xBA2F8000 \SystemRoot\System32\Drivers\HTTP.sys
0xF35C8000 \SystemRoot\system32\DRIVERS\secdrv.sys
0xBA188000 \SystemRoot\system32\DRIVERS\srv.sys
0xB9E03000 \SystemRoot\system32\drivers\wdmaud.sys
0xBA6B4000 \SystemRoot\system32\drivers\sysaudio.sys
0xF78BB000 \??\C:\ComboFix\catchme.sys
0xF79D5000 \??\C:\WINDOWS\system32\Drivers\PROCEXP113.SYS
0xB8E4F000 \??\C:\DOKUME~1\KHNY~1\LOKALE~1\Temp\kgryraod.sys
0x7C910000 \WINDOWS\system32\ntdll.dll

Processes (total 39):
0 System Idle Process
4 System
868 C:\WINDOWS\system32\smss.exe
944 csrss.exe
968 C:\WINDOWS\system32\winlogon.exe
1012 C:\WINDOWS\system32\services.exe
1024 C:\WINDOWS\system32\lsass.exe
1192 C:\WINDOWS\system32\svchost.exe
1252 svchost.exe
1396 C:\WINDOWS\system32\svchost.exe
1440 C:\WINDOWS\system32\svchost.exe
1592 svchost.exe
1732 svchost.exe
1916 C:\WINDOWS\system32\spoolsv.exe
1964 C:\Programme\Avira\AntiVir Desktop\sched.exe
2016 svchost.exe
216 C:\Programme\Avira\AntiVir Desktop\avguard.exe
312 C:\WINDOWS\system32\svchost.exe
348 C:\Programme\ICQ6Toolbar\ICQ Service.exe
628 C:\WINDOWS\system32\svchost.exe
724 C:\Programme\Avira\AntiVir Desktop\avshadow.exe
308 wmpnetwk.exe
2288 alg.exe
2420 C:\WINDOWS\system32\rundll32.exe
2456 C:\Programme\Olivetti\ANY_WAY\olDvcStatus.exe
2544 C:\Programme\SweetIM\Messenger\SweetIM.exe
2864 C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe
2912 C:\Programme\Avira\AntiVir Desktop\avgnt.exe
2928 C:\Programme\Pando Networks\Media Booster\PMB.exe
3112 C:\Programme\Windows Media Player\wmpnscfg.exe
3364 C:\Programme\Belkin\F6D4050\v1\Belkinwcui.exe
2940 C:\WINDOWS\system32\wuauclt.exe
1472 C:\WINDOWS\explorer.exe
2604 C:\WINDOWS\system32\ctfmon.exe
2704 C:\Dokumente und Einstellungen\Köhny\Eigene Dateien\Downloads\khrbr443.exe
1372 C:\Programme\Mozilla Firefox\firefox.exe
3540 C:\Programme\WinRAR\WinRAR.exe
4028 C:\DOKUME~1\KHNY~1\LOKALE~1\temp\Rar$EX04.156\osam.exe
3608 C:\Dokumente und Einstellungen\Köhny\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)

PhysicalDrive0 Model Number: WDCWD800BB-00JHC0, Rev: 05.01C05

Size Device Name MBR Status
--------------------------------------------
74 GB \\.\PhysicalDrive0 Windows XP MBR code detected
SHA1: ADFE55CD0C6ED2E00B22375835E4C2736CE9AD11


Done!




so alles wie gehabt wie erwünscht ;)


Alle Zeitangaben in WEZ +1. Es ist jetzt 17:16 Uhr.
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131