Trojaner-Board - Virus oder unerwünschtes Programm 'TR/Crypt.XPACK.Gen3' [trojan]

Trojaner-Board (https://www.trojaner-board.de/)

- Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)

- - Virus oder unerwünschtes Programm 'TR/Crypt.XPACK.Gen3' [trojan] (https://www.trojaner-board.de/92791-virus-unerwuenschtes-programm-tr-crypt-xpack-gen3-trojan.html)

Virus oder unerwünschtes Programm 'TR/Crypt.XPACK.Gen3' [trojan]

Schönen Abend!
Seit gestern meldet mir Avira immer wieder mal einen Fund:

SCANNER: MALWARE GEFUNDEN
Die Datei 'C:\System Volume Information\_restore{374568D5-8437-4422-AF68-45F11D68AEA4}\RP511\A0068690.exe'
enthielt einen Virus oder unerwünschtes Programm 'TR/Crypt.XPACK.Gen3' [trojan].
Durchgeführte Aktion(en):
Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '4f8e111b.qua' verschoben!

Schritt 1 bis 6 nach der Anleitung von Larusso habe ich bereits ausgeführt, hier die Logfiles:
Wäre super wenn mir jemand helfen könnte!
Die von MBAM vorgeschlagenen Dateien sind bereits gelöscht.

scan.txt

netsvcs
msconfig
drivers32 /all
%SYSTEMDRIVE%\*.*
%systemroot%\system32\*.wt
%systemroot%\system32\*.ruy
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\user32.dll /md5
%systemroot%\system32\ws2_32.dll /md5
%systemroot%\system32\ws2help.dll /md5
/md5start
explorer.exe
winlogon.exe
wininit.exe
/md5stop
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs

OTL.txtOTL Logfile:

Code:

OTL logfile created on: 12.11.2010 22:33:58 - Run 1

OTL by OldTimer - Version 3.2.17.3 Folder = C:\Dokumente und Einstellungen\All Users\Desktop\MFtools

Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 6.0.2900.5512)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 82,00% Memory free

5,00 Gb Paging File | 4,00 Gb Available in Paging File | 92,00% Paging File free

Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme

Drive C: | 195,31 Gb Total Space | 165,01 Gb Free Space | 84,49% Space Free | Partition Type: NTFS

Drive E: | 270,44 Gb Total Space | 231,29 Gb Free Space | 85,52% Space Free | Partition Type: NTFS

Drive F: | 74,49 Gb Total Space | 12,91 Gb Free Space | 17,33% Space Free | Partition Type: FAT32

 

Computer Name: KIRK | User Name: *** | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Processes (SafeList) ==========

 

PRC - [2010.11.12 20:26:04 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\All Users\Desktop\MFtools\OTL.exe

PRC - [2010.11.02 13:17:47 | 000,403,624 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe

PRC - [2010.11.02 13:17:47 | 000,339,624 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avmailc.exe

PRC - [2010.11.02 13:17:47 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe

PRC - [2010.11.02 13:17:47 | 000,267,944 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe

PRC - [2010.11.02 13:17:47 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\sched.exe

PRC - [2010.10.31 15:11:27 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\firefox.exe

PRC - [2010.05.14 10:44:46 | 000,248,552 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe

PRC - [2010.03.25 14:24:14 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe

PRC - [2009.05.13 17:35:24 | 000,126,976 | ---- | M] (phonostar) -- C:\Programme\phonostar\ps_timer.exe

PRC - [2008.04.14 03:22:45 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

PRC - [2007.12.14 05:27:34 | 000,212,992 | ---- | M] (IDT, Inc.) -- c:\Programme\IDT\ECSXPV_5762_010208\WDM\stacsv.exe

PRC - [2007.12.14 05:26:40 | 000,413,696 | ---- | M] (IDT, Inc.) -- C:\Programme\IDT\WDM\sttray.exe

PRC - [2003.12.22 08:38:40 | 000,135,168 | ---- | M] (Hewlett-Packard Company) -- C:\Programme\HP\hpcoretech\comp\hptskmgr.exe

 

 
 ========== Modules (SafeList) ==========

 

MOD - [2010.11.12 20:26:04 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\All Users\Desktop\MFtools\OTL.exe

MOD - [2010.08.23 17:11:46 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll

MOD - [2008.06.12 02:24:08 | 000,311,296 | ---- | M] (Adobe Systems, Inc.) -- C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\pdfshell.DEU

MOD - [2008.04.14 03:22:07 | 000,060,416 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\cabinet.dll

MOD - [2006.05.03 21:53:54 | 000,174,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\framedyn.dll

 

 
 ========== Win32 Services (SafeList) ==========

 

SRV - File not found [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\AVM\de_serv.exe -- (de_serv)

SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt)

SRV - [2010.11.02 13:17:47 | 000,403,624 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\AVWEBGRD.EXE -- (AntiVirWebService)

SRV - [2010.11.02 13:17:47 | 000,339,624 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avmailc.exe -- (AntiVirMailService)

SRV - [2010.11.02 13:17:47 | 000,267,944 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)

SRV - [2010.11.02 13:17:47 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)

SRV - [2007.12.14 05:27:34 | 000,212,992 | ---- | M] (IDT, Inc.) [Auto | Running] -- c:\Programme\IDT\ECSXPV_5762_010208\WDM\stacsv.exe -- (STacSV)

SRV - [2005.11.14 01:06:04 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT)

 

 
 ========== Driver Services (SafeList) ==========

 

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOKUME~1\***\LOKALE~1\Temp\cpuz_x32.sys -- (cpuz129)

DRV - [2010.11.02 13:17:47 | 000,126,856 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)

DRV - [2010.11.02 13:17:47 | 000,060,936 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)

DRV - [2009.12.04 11:33:50 | 000,025,704 | ---- | M] (Wondershare) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WsAudio_DeviceS(5).sys -- (WsAudio_DeviceS(5)) WsAudio_DeviceS(5)

DRV - [2009.12.04 11:33:50 | 000,025,704 | ---- | M] (Wondershare) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WsAudio_DeviceS(4).sys -- (WsAudio_DeviceS(4)) WsAudio_DeviceS(4)

DRV - [2009.12.04 11:33:50 | 000,025,704 | ---- | M] (Wondershare) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WsAudio_DeviceS(3).sys -- (WsAudio_DeviceS(3)) WsAudio_DeviceS(3)

DRV - [2009.12.04 11:33:50 | 000,025,704 | ---- | M] (Wondershare) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WsAudio_DeviceS(2).sys -- (WsAudio_DeviceS(2)) WsAudio_DeviceS(2)

DRV - [2009.12.04 11:33:50 | 000,025,704 | ---- | M] (Wondershare) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WsAudio_DeviceS(1).sys -- (WsAudio_DeviceS(1)) WsAudio_DeviceS(1)

DRV - [2009.06.09 17:25:37 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)

DRV - [2009.04.09 07:18:49 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Programme\Avira\AntiVir Desktop\avgio.sys -- (avgio)

DRV - [2008.04.13 17:36:05 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)

DRV - [2008.03.19 10:04:00 | 007,086,240 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)

DRV - [2008.01.29 05:37:48 | 000,022,016 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)

DRV - [2008.01.29 05:37:46 | 000,054,016 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)

DRV - [2007.12.14 05:28:20 | 001,270,872 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)

DRV - [2007.10.12 09:53:10 | 000,013,312 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvsmu.sys -- (nvsmu)

DRV - [2007.09.25 15:59:46 | 000,015,152 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Programme\MediaCoder\SysInfo.sys -- (CrystalSysInfo)

DRV - [2007.05.02 10:11:18 | 000,109,704 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ss_mdm.sys -- (ss_mdm)

DRV - [2007.05.02 10:11:18 | 000,015,112 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ss_mdfl.sys -- (ss_mdfl)

DRV - [2007.05.02 10:11:16 | 000,083,592 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ss_bus.sys -- (ss_bus) SAMSUNG Mobile USB Device 1.0 driver (WDM)

DRV - [2006.07.24 15:05:00 | 000,005,632 | ---- | M] () [File_System | System | Running] -- C:\WINDOWS\System32\drivers\StarOpen.sys -- (StarOpen)

 

 
 ========== Standard Registry (SafeList) ==========

 

 
 ========== Internet Explorer ==========

 

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

 

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:50370

 
 ========== FireFox ==========

 

FF - prefs.js..browser.search.update: false

FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"

FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0

FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.071302000004

FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22

FF - prefs.js..extensions.enabledItems: nasanightlaunch@example.com:0.6.20101009

FF - prefs.js..network.proxy.type: 0

 

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Programme\Mozilla Firefox\components [2010.10.31 15:11:31 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2010.10.31 15:11:31 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.6\extensions\\Components: C:\Programme\Mozilla Thunderbird\components [2010.10.31 10:47:34 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.6\extensions\\Plugins: C:\Programme\Mozilla Thunderbird\plugins [2009.03.01 18:37:20 | 000,000,000 | ---D | M]

 

[2009.10.31 21:31:33 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Extensions

[2010.09.19 17:37:01 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}

[2009.11.01 11:45:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Extensions\MediaCoder

[2009.10.31 21:31:33 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Extensions\MediaCoder-Setup-Wizard

[2010.11.11 23:25:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\04kujowg.default\extensions

[2010.04.28 18:30:13 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\04kujowg.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

[2009.01.28 22:52:08 | 000,000,000 | ---D | M] (Abstract Zune) -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\04kujowg.default\extensions\{7ef7f4d6-947d-11dc-8314-0800200c9a66}

[2010.08.15 22:14:55 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\04kujowg.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}

[2009.02.15 22:20:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\04kujowg.default\extensions\moveplayer@movenetworks.com

[2010.10.24 10:00:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\04kujowg.default\extensions\nasanightlaunch@example.com

[2010.11.11 23:25:26 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions

[2010.09.20 20:51:38 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

[2010.10.29 14:35:46 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}

[2010.09.15 03:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll

[2008.12.18 23:30:20 | 000,106,128 | ---- | M] ( ) -- C:\Programme\Mozilla Firefox\plugins\npstrlnk.dll

[2010.06.26 09:03:55 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml

[2010.06.26 09:03:55 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml

[2010.06.26 09:03:55 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml

[2010.06.26 09:03:55 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml

[2010.06.26 09:03:55 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml

 

O1 HOSTS File: ([2004.08.04 13:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)

O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)

O4 - HKLM..\Run: [BluetoothAuthenticationAgent] C:\WINDOWS\System32\bthprops.cpl (Microsoft Corporation)

O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)

O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)

O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()

O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)

O4 - HKLM..\Run: [SysTrayApp] C:\Programme\IDT\WDM\sttray.exe (IDT, Inc.)

O4 - HKCU..\Run: [PhonostarTimer] C:\Programme\phonostar\ps_timer.exe (phonostar)

O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\phase-6 Reminder.lnk = C:\Programme\phase-6\phase-6\reminder\reminder.exe (phase-6)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O8 - Extra context menu item: Free YouTube Download - C:\Dokumente und Einstellungen\***\Anwendungsdaten\DVDVideoSoftIEHelpers\youtubedownload.htm ()

O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Dokumente und Einstellungen\***\Anwendungsdaten\DVDVideoSoftIEHelpers\youtubetomp3.htm ()

O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Programme\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)

O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Programme\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)

O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Programme\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)

O15 - HKCU\..Trusted Domains: fritz.box ([]* in Lokales Intranet)

O15 - HKCU\..Trusted Ranges: Range1 ([*] in Lokales Intranet)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)

O16 - DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0-windows-i586.cab (Reg Error: Key error.)

O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Reg Error: Key error.)

O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.220.1

O18 - Protocol\Handler\cetihpz {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Programme\HP\hpcoretech\comp\hpuiprot.dll (Hewlett-Packard Company)

O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - HKCU Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home

O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp

O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2009.01.27 17:59:33 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

 

NetSvcs: 6to4 - File not found

NetSvcs: AppMgmt - C:\WINDOWS\System32\appmgmts.dll File not found

NetSvcs: Ias - File not found

NetSvcs: Iprip - File not found

NetSvcs: NWCWorkstation - File not found

NetSvcs: Nwsapagent - File not found

NetSvcs: WmdmPmSp - File not found

 

 

Drivers32: midi - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)

Drivers32: midimapper - C:\WINDOWS\System32\midimap.dll (Microsoft Corporation)

Drivers32: mixer - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)

Drivers32: mixer1 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)

Drivers32: mixer2 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)

Drivers32: mixer3 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)

Drivers32: mixer4 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)

Drivers32: mixer5 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)

Drivers32: msacm.imaadpcm - C:\WINDOWS\System32\imaadp32.acm (Microsoft Corporation)

Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)

Drivers32: msacm.msadpcm - C:\WINDOWS\System32\msadp32.acm (Microsoft Corporation)

Drivers32: msacm.msaudio1 - C:\WINDOWS\System32\msaud32.acm (Microsoft Corporation)

Drivers32: msacm.msg711 - C:\WINDOWS\System32\msg711.acm (Microsoft Corporation)

Drivers32: msacm.msg723 - C:\WINDOWS\System32\msg723.acm (Microsoft Corporation)

Drivers32: msacm.msgsm610 - C:\WINDOWS\System32\msgsm32.acm (Microsoft Corporation)

Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)

Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)

Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)

Drivers32: VIDC.FFDS - C:\WINDOWS\System32\ff_vfw.dll ()

Drivers32: vidc.I420 - C:\WINDOWS\System32\msh263.drv (Microsoft Corporation)

Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()

Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()

Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)

Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)

Drivers32: vidc.iyuv - C:\WINDOWS\System32\iyuv_32.dll (Microsoft Corporation)

Drivers32: vidc.M261 - C:\WINDOWS\System32\msh261.drv (Microsoft Corporation)

Drivers32: vidc.M263 - C:\WINDOWS\System32\msh263.drv (Microsoft Corporation)

Drivers32: vidc.mrle - C:\WINDOWS\System32\msrle32.dll (Microsoft Corporation)

Drivers32: vidc.msvc - C:\WINDOWS\System32\msvidc32.dll (Microsoft Corporation)

Drivers32: vidc.uyvy - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)

Drivers32: vidc.yuy2 - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)

Drivers32: vidc.yvu9 - C:\WINDOWS\System32\tsbyuv.dll (Microsoft Corporation)

Drivers32: vidc.yvyu - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)

Drivers32: wave - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)

Drivers32: wave1 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)

Drivers32: wave2 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)

Drivers32: wave3 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)

Drivers32: wave4 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)

Drivers32: wave5 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)

Drivers32: wavemapper - C:\WINDOWS\System32\msacm32.drv (Microsoft Corporation)

 

CREATERESTOREPOINT

Restore point Set: OTL Restore Point (16902109354000384)

 
 ========== Files/Folders - Created Within 30 Days ==========

 

[2010.11.12 20:43:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT

[2010.11.12 20:40:18 | 000,000,000 | ---D | C] -- C:\Programme\ERUNT

[2010.11.12 20:30:27 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Malwarebytes

[2010.11.12 20:30:19 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys

[2010.11.12 20:30:17 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[2010.11.12 20:30:17 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware

[2010.11.12 20:30:17 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes

[2010.11.12 20:23:37 | 000,000,000 | ---D | C] -- C:\Programme\7-Zip

[2010.11.12 20:22:26 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Desktop\MFtools

[2010.11.10 23:39:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData

[2010.10.23 11:55:03 | 000,000,000 | ---D | C] -- C:\Programme\AVIConverter

[2010.10.16 19:01:27 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PferdeHof

[2002.08.16 14:57:26 | 000,056,956 | ---- | C] (Macromedia, Inc.) -- C:\Programme\Zahlenzauber 3.exe

 
 ========== Files - Modified Within 30 Days ==========

 

[2010.11.12 22:14:00 | 000,001,088 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

[2010.11.12 21:44:09 | 000,458,822 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat

[2010.11.12 21:44:09 | 000,441,124 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat

[2010.11.12 21:44:09 | 000,084,326 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat

[2010.11.12 21:44:09 | 000,071,060 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

[2010.11.12 21:40:12 | 000,160,914 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml

[2010.11.12 21:40:11 | 000,001,084 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job

[2010.11.12 21:39:53 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2010.11.12 20:40:18 | 000,000,591 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Desktop\NTREGOPT.lnk

[2010.11.12 20:40:18 | 000,000,572 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Desktop\ERUNT.lnk

[2010.11.12 20:30:21 | 000,000,676 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk

[2010.11.12 20:21:40 | 000,471,642 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Desktop\Load.exe

[2010.11.04 23:41:25 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn

[2010.11.03 23:00:50 | 000,028,265 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Desktop\0982.PDF

[2010.11.02 22:25:22 | 000,029,184 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2010.11.02 13:17:47 | 000,126,856 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys

[2010.11.02 13:17:47 | 000,060,936 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys

[2010.10.31 13:21:03 | 000,000,906 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Desktop\DVDVideoSoft Free Studio.lnk

[2010.10.30 09:50:11 | 000,000,615 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Desktop\Verknüpfung mit 101029_Pellets.xls.lnk

[2010.10.28 16:58:21 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2010.10.23 11:55:03 | 000,000,525 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Desktop\AVIConverter.lnk

[2010.10.14 11:37:22 | 000,119,744 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2010.10.14 00:33:04 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK

 
 ========== Files Created - No Company Name ==========

 

[2010.11.12 20:40:18 | 000,000,591 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Desktop\NTREGOPT.lnk

[2010.11.12 20:40:18 | 000,000,572 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Desktop\ERUNT.lnk

[2010.11.12 20:30:21 | 000,000,676 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk

[2010.11.12 20:21:40 | 000,471,642 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Desktop\Load.exe

[2010.11.03 23:00:49 | 000,028,265 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Desktop\0982.PDF

[2010.10.30 09:50:11 | 000,000,615 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Desktop\Verknüpfung mit 101029_Pellets.xls.lnk

[2010.10.23 11:55:03 | 000,000,525 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Desktop\AVIConverter.lnk

[2010.09.22 21:31:55 | 000,000,062 | ---- | C] () -- C:\WINDOWS\pcvcdbr.INI

[2010.09.22 21:31:52 | 000,000,000 | ---- | C] () -- C:\WINDOWS\pcvcdvw.INI

[2010.07.18 19:46:06 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\LauncherAccess.dt

[2010.07.18 19:45:17 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys

[2009.10.10 22:52:05 | 000,413,696 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\filesync.metadata

[2009.04.17 13:55:04 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll

[2009.02.22 17:33:21 | 000,029,184 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2009.01.28 19:58:19 | 000,000,720 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\hpzinstall.log

[2009.01.28 19:57:10 | 000,565,248 | R--- | C] () -- C:\WINDOWS\System32\hpotscl.dll

[2009.01.28 00:44:29 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI

[2009.01.27 18:01:47 | 000,001,082 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI

[2008.03.19 10:04:00 | 001,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll

[2008.03.19 10:04:00 | 001,486,848 | ---- | C] () -- C:\WINDOWS\System32\nview.dll

[2008.03.19 10:04:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll

[2008.03.19 10:04:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll

[2008.03.19 10:04:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll

[2002.12.10 09:13:12 | 000,000,032 | ---- | C] () -- C:\Programme\Zahlenzauber 3.ini

 
 ========== LOP Check ==========

 

[2009.01.28 16:42:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Napster

[2009.09.09 21:15:05 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\NCH Swift Sound

[2010.10.16 19:23:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PferdeHof

[2009.10.19 17:35:33 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Phase6

[2010.03.16 22:58:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\xml_param

[2009.10.31 21:20:01 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Broad Intelligence

[2010.08.15 22:14:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\DVDVideoSoftIEHelpers

[2010.10.23 12:01:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\foobar2000

[2009.06.18 22:36:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\FRITZ!

[2009.04.10 16:48:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\NCH Swift Sound

[2009.01.28 20:33:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\OpenOffice.org

[2010.09.04 21:16:27 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\phonostar-Player

[2010.07.18 19:46:50 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Samsung

[2010.09.19 17:36:57 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Thunderbird

 
 ========== Purity Check ==========

 

 

 
 ========== Custom Scans ==========

 

 
 < %SYSTEMDRIVE%\*.* >

[2009.01.27 17:59:33 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT

[2009.01.27 17:55:52 | 000,000,211 | -HS- | M] () -- C:\boot.ini

[2004.08.04 13:00:00 | 000,004,952 | RHS- | M] () -- C:\bootfont.bin

[2009.01.27 17:59:33 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS

[2009.01.27 19:25:31 | 000,000,162 | ---- | M] () -- C:\IDT.log

[2009.09.01 08:26:52 | 000,000,307 | ---- | M] () -- C:\INSTALL.LOG

[2009.01.27 17:59:33 | 000,000,000 | RHS- | M] () -- C:\IO.SYS

[2009.01.27 17:59:33 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS

[2004.08.04 13:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM

[2009.02.17 20:51:00 | 000,251,712 | RHS- | M] () -- C:\ntldr

[2010.11.12 21:39:49 | 2145,386,496 | -HS- | M] () -- C:\pagefile.sys

 
 < %systemroot%\system32\*.wt >

 
 < %systemroot%\system32\*.ruy >

 
 < %systemroot%\Fonts\*.com >

[2006.04.18 15:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont

[2006.06.29 14:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont

[2006.04.18 15:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont

[2006.06.29 14:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont

 
 < %systemroot%\Fonts\*.dll >

 
 < %systemroot%\Fonts\*.ini >

[2009.01.27 17:59:17 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini

 
 < %systemroot%\Fonts\*.ini2 >

 
 < %systemroot%\system32\spool\prtprocs\w32x86\*.* >

[2008.07.06 13:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll

[2008.07.06 11:50:03 | 000,597,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe

 
 < %systemroot%\REPAIR\*.bak1 >

 
 < %systemroot%\REPAIR\*.ini >

 
 < %systemroot%\system32\*.jpg >

 
 < %systemroot%\*.scr >

 
 < %systemroot%\*._sy >

 
 < %APPDATA%\Adobe\Update\*.* >

 
 < %ALLUSERSPROFILE%\Favorites\*.* >

 
 < %APPDATA%\Microsoft\*.* >

 
 < %PROGRAMFILES%\*.* >

[2002.08.16 14:57:26 | 000,056,956 | ---- | M] (Macromedia, Inc.) -- C:\Programme\Zahlenzauber 3.exe

[2002.12.10 09:13:12 | 000,000,032 | ---- | M] () -- C:\Programme\Zahlenzauber 3.ini

 
 < %APPDATA%\Update\*.* >

 
 < %systemroot%\*. /mp /s >

 
 < %systemroot%\system32\*.dll /lockedfiles >

 
 < %systemroot%\Tasks\*.job /lockedfiles >

 
 < %systemroot%\System32\config\*.sav >

[2009.01.28 01:41:14 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav

[2009.01.28 01:41:14 | 000,638,976 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav

[2009.01.28 01:41:14 | 000,434,176 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

 
 < %systemroot%\system32\user32.dll /md5 >

[2008.04.14 03:22:31 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\system32\user32.dll

 
 < %systemroot%\system32\ws2_32.dll /md5 >

[2008.04.14 03:22:32 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=6A35E2D6F5F052C84EC2CEB296389439 -- C:\WINDOWS\system32\ws2_32.dll

 
 < %systemroot%\system32\ws2help.dll /md5 >

[2008.04.14 03:22:32 | 000,019,968 | ---- | M] (Microsoft Corporation) MD5=C7D8A0517CBF16B84F657DE87EBE9D4B -- C:\WINDOWS\system32\ws2help.dll

 

 
 < MD5 for: EXPLORER.EXE >

[2004.08.04 13:00:00 | 001,035,264 | ---- | M] (Microsoft Corporation) MD5=22FE1BE02EADDE1632E478E4125639E0 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe

[2008.04.14 03:22:45 | 001,036,800 | ---- | M] (Microsoft Corporation) MD5=418045A93CD87A352098AB7DABE1B53E -- C:\WINDOWS\explorer.exe

[2008.04.14 03:22:45 | 001,036,800 | ---- | M] (Microsoft Corporation) MD5=418045A93CD87A352098AB7DABE1B53E -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe

 
 < MD5 for: WINLOGON.EXE >

[2004.08.04 13:00:00 | 000,507,392 | ---- | M] (Microsoft Corporation) MD5=2B6A0BAF33A9918F09442D873848FF72 -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe

[2008.04.14 03:23:05 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe

[2008.04.14 03:23:05 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\system32\winlogon.exe

 
 < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

 
 < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2010-11-10 18:25:42

 

< End of report >

--- --- ---

Extras.txtOTL Logfile:

Code:

OTL Extras logfile created on: 12.11.2010 22:33:58 - Run 1

OTL by OldTimer - Version 3.2.17.3 Folder = C:\Dokumente und Einstellungen\All Users\Desktop\MFtools

Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 6.0.2900.5512)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 82,00% Memory free

5,00 Gb Paging File | 4,00 Gb Available in Paging File | 92,00% Paging File free

Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme

Drive C: | 195,31 Gb Total Space | 165,01 Gb Free Space | 84,49% Space Free | Partition Type: NTFS

Drive E: | 270,44 Gb Total Space | 231,29 Gb Free Space | 85,52% Space Free | Partition Type: NTFS

Drive F: | 74,49 Gb Total Space | 12,91 Gb Free Space | 17,33% Space Free | Partition Type: FAT32

 

Computer Name: KIRK | User Name: *** | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Extra Registry (SafeList) ==========

 

 
 ========== File Associations ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

 

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)

 
 ========== Shell Spawning ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

htmlfile [edit] -- Reg Error: Key error.

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [AddToPlaylistVLC] -- C:\Programme\VideoLAN\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" ()

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [PlayWithVLC] -- C:\Programme\VideoLAN\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" ()

Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

 
 ========== Security Center Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"FirstRunDisabled" = 1

"AntiVirusDisableNotify" = 0

"FirewallDisableNotify" = 0

"UpdatesDisableNotify" = 0

"AntiVirusOverride" = 0

"FirewallOverride" = 0

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

 
 ========== System Restore Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]

"DisableSR" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]

"Start" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]

"Start" = 2

 
 ========== Firewall Settings ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 1

"DoNotAllowExceptions" = 0

"DisableNotifications" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

 
 ========== Authorized Applications List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"C:\Programme\FRITZ!DSL\FBOXUPD.EXE" = C:\Programme\FRITZ!DSL\FBOXUPD.EXE:*:Enabled:AVM FRITZ!Box Firmware-Update -- File not found

"C:\Programme\Google\Google Earth\client\googleearth.exe" = C:\Programme\Google\Google Earth\client\googleearth.exe:*:Enabled:Google Earth -- (Google)

 

 
 ========== HKEY_LOCAL_MACHINE Uninstall List ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{03CAB33F-D1C2-48C6-8766-DAE84DFC25FE}" = Microsoft Sync Framework Services v1.0 (x86)

"{04830D0F-F980-4EC0-89F1-594F2FD2A1B5}" = ElsterFormular 2008/2009

"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu

"{0FABD3D7-3036-4e78-B29D-58957ADB0A12}" = HP PSC & OfficeJet 3.5

"{192A107E-C6B9-41B9-BDBF-38E3AA226054}" = OpenOffice.org 3.2

"{24C8FBF7-26C6-48ca-834B-A4E5C09E362F}" = AiO_Scan

"{257EC58E-03FD-472B-A9B6-93F23A3C4CB0}" = Scan

"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java(TM) 6 Update 22

"{26A24AE4-039D-4CA4-87B4-2F83216018F0}" = Java(TM) 6 Update 18

"{300D9EF4-2721-4cb4-A6C3-FB2337CFEA2D}" = AIOMinimal

"{3248F0A8-6813-11D6-A77B-00B0D0150000}" = J2SE Runtime Environment 5.0

"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP

"{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth

"{43602F34-1AA3-44FB-AEB2-D08C2C73743F}" = Paint.NET v3.36

"{45837193-03FA-47D5-B7C8-A8C05383D5DA}" = Geograficus

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{4B948C70-904C-42E6-9C73-56054F5092AB}" = On-line Help Console

"{5BA43E5C-66FD-48D2-AB40-B807D457EF83}" = ElsterFormular 2007/2008

"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin

"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable

"{7E20EFE6-E604-48C6-8B39-BA4742F2CDB4}" = Zune Desktop Theme

"{8777AC6D-89F9-4793-8266-DE406F343E89}" = QFolder

"{8DCE550C-CA43-4E82-92DF-FFC4A48F5BE1}" = Napster Burn Engine

"{9600B88C-BE14-4BEA-A529-F5F312900BA3}" = Samsung PC Studio 3

"{98736A65-3C79-49EC-B7E9-A3C77774B0E6}" = Google SketchUp 6

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2

"{A8BD5A60-E843-46DC-8271-ABF20756BE0F}" = Microsoft Sync Framework Runtime v1.0 (x86)

"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

"{AB67580-257C-45FF-B8F4-C8C30682091A}_is1" = SIW version 2008-10-28

"{AC76BA86-7AD7-1031-7B44-A90000000001}" = Adobe Reader 9 - Deutsch

"{AC76BA86-7AD7-2447-0000-900000000003}" = Chinese Simplified Fonts Support For Adobe Reader 9

"{AFDFC350-C142-4790-BE12-8357AECD028F}" = SyncToy 2.0 (x86)

"{B3D8B2F8-3C2C-45BC-933E-8B60E78F6684}" = Google SketchUp 6

"{BBBCAE4B-B416-4182-A6F2-438180894A81}" = Napster

"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2

"{C2C284D2-6BD7-3B34-B0C5-B2CAED168DF7}" = Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - DEU

"{C314CE45-3392-3B73-B4E1-139CD41CA933}" = Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - DEU

"{C4A4722E-79F9-417C-BD72-8D359A090C97}" = Samsung PC Studio 3

"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{D186329B-1B4D-408D-ABEC-EA5CE1F182C9}" = Overland

"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio

"{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack

"{EBA29752-DDD2-4B62-B2E3-9841F92A3E3A}" = Samsung PC Studio 3 USB Driver Installer

"6194C28A8F62DD817EA1B918E6E46E806A21B452" = Windows-Treiberpaket - MobileTop (sshpmdm) Modem (02/23/2007 2.5.0.0)

"65B6FE5418CE28F4D72543FB2D964C3CEC83F161" = Windows-Treiberpaket - MobileTop (sshpusb) USB (02/23/2007 2.5.0.0)

"7-Zip" = 7-Zip 4.65

"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin

"Adobe Shockwave Player" = Adobe Shockwave Player 11

"Avira AntiVir Desktop" = Avira AntiVir Premium

"AviSynth" = AviSynth 2.5

"DVD Flick_is1" = DVD Flick 1.3.0.7

"ERUNT_is1" = ERUNT 1.1j

"ffdshow_is1" = ffdshow [rev 2527] [2008-12-19]

"Freddy Mathematik 4" = Freddy Mathematik 4

"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4

"Free Studio_is1" = Free Studio version 4.8

"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.9

"InstallShield_{4B948C70-904C-42E6-9C73-56054F5092AB}" = On-line Help Console

"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware

"MediaCoder" = MediaCoder 0.7.2.4500

"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1

"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU

"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

"Mozilla Firefox (3.6.12)" = Mozilla Firefox (3.6.12)

"Mozilla Thunderbird (3.1.6)" = Mozilla Thunderbird (3.1.6)

"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP

"Nano AVIConverter" = Nano AVIConverter 1.1.7

"NVIDIA Drivers" = NVIDIA Drivers

"PercussionStudio3" = PercussionStudio3

"phase-6" = phase-6 2.1.1.3-beta-1

"phonostarRadioPlayer_is1" = phonostar-Player Version 2.00.0

"QuickTime" = QuickTime

"SAMSUNG Mobile Composite Device" = SAMSUNG Mobile Composite Device Software

"SAMSUNG Mobile Modem" = SAMSUNG Mobile Modem Driver Set

"Samsung Mobile phone USB driver" = Samsung Mobile phone USB driver Software

"SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software

"SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software

"Switch" = Switch Sound File Converter

"Uninstall_is1" = Uninstall 1.0.0.1

"VLC media player" = VLC media player 0.9.8a

"Windows Media Format Runtime" = Windows Media Format 11 runtime

"Windows Media Player" = Windows Media Player 11

"Windows XP Service Pack" = Windows XP Service Pack 3

"WMFDist11" = Windows Media Format 11 runtime

"wmp11" = Windows Media Player 11

"Wondershare Music Converter_is1" = Wondershare Music Converter(Build 1.2.2.0)

"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

"XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0

"Zahlenzauber3" = Zahlenzauber 3

"Zahlenzauber4" = Zahlenzauber 4

 
 ========== HKEY_CURRENT_USER Uninstall List ==========

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"foobar2000" = foobar2000 v0.9.4

 
 ========== Last 10 Event Log Errors ==========

 

[ Application Events ]

Error - 11.07.2010 04:07:26 | Computer Name = KIRK | Source = crypt32 | ID = 131083

Description = Die Extrahierung der Drittanbieterstammlisten aus der automatischen

Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>

ist fehlgeschlagen mit dem Fehler: Ein erforderliches Zertifikat befindet sich 

nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel

in der signierten Datei. .

 

Error - 11.07.2010 04:07:26 | Computer Name = KIRK | Source = crypt32 | ID = 131083

Description = Die Extrahierung der Drittanbieterstammlisten aus der automatischen

Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>

ist fehlgeschlagen mit dem Fehler: Ein erforderliches Zertifikat befindet sich 

nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel

in der signierten Datei. .

 

Error - 30.07.2010 17:07:08 | Computer Name = KIRK | Source = Application Hang | ID = 1002

Description = Stillstehende Anwendung vlc.exe, Version 0.9.8.1, Stillstandmodul 

hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.

 

Error - 18.08.2010 14:44:45 | Computer Name = KIRK | Source = Application Hang | ID = 1002

Description = Stillstehende Anwendung FreeYouTubeToMP3Converter.exe, Version 3.8.20.190,

Stillstandmodul hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.

 

Error - 18.09.2010 10:16:47 | Computer Name = KIRK | Source = Application Error | ID = 1000

Description = Fehlgeschlagene Anwendung googleearth.exe, Version 5.2.1.1588, fehlgeschlagenes

Modul kernel32.dll, Version 5.1.2600.5781, Fehleradresse 0x00012afb.

 

Error - 29.09.2010 10:08:14 | Computer Name = KIRK | Source = Application Error | ID = 1000

Description = Fehlgeschlagene Anwendung quicktimeplayer.exe, Version 6.5.2.10, fehlgeschlagenes

Modul quicktime.qts, Version 6.5.2.10, Fehleradresse 0x003736d5.

 

Error - 29.09.2010 10:08:58 | Computer Name = KIRK | Source = Application Error | ID = 1000

Description = Fehlgeschlagene Anwendung quicktimeplayer.exe, Version 6.5.2.10, fehlgeschlagenes

Modul quicktime.qts, Version 6.5.2.10, Fehleradresse 0x003736d5.

 

Error - 29.09.2010 10:09:01 | Computer Name = KIRK | Source = Application Error | ID = 1001

Description = Fehlerhafter Speicherbereich 145924197.

 

Error - 23.10.2010 07:27:55 | Computer Name = KIRK | Source = Application Hang | ID = 1002

Description = Stillstehende Anwendung FreeYouTubeToMP3Converter.exe, Version 3.8.20.190,

Stillstandmodul hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.

 

Error - 09.11.2010 02:03:29 | Computer Name = KIRK | Source = Application Error | ID = 1000

Description = Fehlgeschlagene Anwendung explorer.exe, Version 6.0.2900.5512, fehlgeschlagenes

Modul shell32.dll, Version 6.0.2900.6018, Fehleradresse 0x0002b274.

 

[ System Events ]

Error - 12.11.2010 12:14:05 | Computer Name = KIRK | Source = nv | ID = 11141134

Description = Unknown error on CMDre 00000000 00000868 04000500 00000002 00000000

 

Error - 12.11.2010 12:14:05 | Computer Name = KIRK | Source = nv | ID = 11141134

Description = Unknown error on CMDre 00000000 00000080 00000000 00000002 00000000

 

Error - 12.11.2010 15:31:36 | Computer Name = KIRK | Source = Service Control Manager | ID = 7034

Description = Dienst "NVIDIA Display Driver Service" wurde unerwartet beendet. Dies

ist bereits 1 Mal passiert.

 

Error - 12.11.2010 15:31:36 | Computer Name = KIRK | Source = Service Control Manager | ID = 7034

Description = Dienst "Audio Service" wurde unerwartet beendet. Dies ist bereits 

1 Mal passiert.

 

Error - 12.11.2010 15:31:36 | Computer Name = KIRK | Source = Service Control Manager | ID = 7034

Description = Dienst "Java Quick Starter" wurde unerwartet beendet. Dies ist bereits

1 Mal passiert.

 

Error - 12.11.2010 15:36:48 | Computer Name = KIRK | Source = nv | ID = 11141134

Description = Unknown error on CMDre 00000000 00000868 04000500 00000002 00000000

 

Error - 12.11.2010 15:36:48 | Computer Name = KIRK | Source = nv | ID = 11141134

Description = Unknown error on CMDre 00000000 00000080 00000000 00000002 00000000

 

Error - 12.11.2010 16:40:07 | Computer Name = KIRK | Source = sr | ID = 1

Description = Beim Verarbeiten der Datei "" auf Volume "HarddiskVolume1" ist im 

Wiederherstellungsfilter der unerwartete Fehler "0xC0000001" aufgetreten. Die Volumeüberwachung

wurde angehalten.

 

Error - 12.11.2010 16:40:07 | Computer Name = KIRK | Source = nv | ID = 11141134

Description = Unknown error on CMDre 00000000 00000868 04000500 00000002 00000000

 

Error - 12.11.2010 16:40:07 | Computer Name = KIRK | Source = nv | ID = 11141134

Description = Unknown error on CMDre 00000000 00000080 00000000 00000002 00000000

 

 

< End of report >

--- --- ---

Zitat:

Die von MBAM vorgeschlagenen Dateien sind bereits gelöscht.

ja, die Logs von MBAM musst du auch posten!

Hallo
O. k., hier noch das Logfile von MBAM:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 5102

Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512

12.11.2010 21:37:33
mbam-log-2010-11-12 (21-37-33).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 165429
Laufzeit: 4 Minute(n), 35 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 1
Infizierte Verzeichnisse: 0
Infizierte Dateien: 1

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell (Hijack.Shell) -> Bad: (explorer.exe,C:\Dokumente und Einstellungen\Thorsten\Anwendungsdaten\Microsoft\Windows\shell.exe) Good: (Explorer.exe) -> Quarantined and deleted successfully.

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
C:\Dokumente und Einstellungen\Thorsten\Anwendungsdaten\Microsoft\stor.cfg (Malware.Trace) -> Quarantined and deleted successfully.

Zitat:

Art des Suchlaufs: Quick-Scan

Bitte routinemäßig einen Vollscan mit malwarebytes machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Hallo Arne
Sieht gut aus soweit ich das beurteilen kann. Soll ich noch was unternehmen?

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 5120

Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512

15.11.2010 19:27:32
mbam-log-2010-11-15 (19-27-32).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|E:\|F:\|)
Durchsuchte Objekte: 237574
Laufzeit: 52 Minute(n), 42 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)

Gruß Thorsten

Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix

Lade dir ComboFix hier herunter auf deinen Desktop. Benenne es beim Runterladen um in cofi.exe.

http://saved.im/mtm0nzyzmzd5/cofi.jpg

Dann folgende Anleitung durchlesen und abarbeiten -> CCleaner Systembereinigung

Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.

Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.

Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.

Wichtiger Hinweis:

Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

O. k. Combofix ist durchgelaufen:
Combofix Logfile:

Code:

ComboFix 10-11-15.05 - Thorsten 15.11.2010  23:57:27.1.2 - x86

Microsoft Windows XP Home Edition  5.1.2600.3.1252.49.1031.18.2815.2213 [GMT 1:00]

ausgeführt von:: c:\dokumente und einstellungen\Thorsten\Desktop\cofi.exe

AV: AntiVir Desktop *On-access scanning disabled* (Updated) {C19476D9-52BC-4E93-8AF3-CCF59F7AE8FE}

.
 

(((((((((((((((((((((((   Dateien erstellt von 2010-10-15 bis 2010-11-15  ))))))))))))))))))))))))))))))

.
 

2010-11-15 22:54 . 2010-11-15 22:55        --------        d-----w-        C:\32788R22FWJFW

2010-11-12 19:40 . 2010-11-12 19:40        --------        d-----w-        c:\programme\ERUNT

2010-11-12 19:30 . 2010-11-12 19:30        --------        d-----w-        c:\dokumente und einstellungen\Thorsten\Anwendungsdaten\Malwarebytes

2010-11-12 19:30 . 2010-04-29 14:39        38224        ----a-w-        c:\windows\system32\drivers\mbamswissarmy.sys

2010-11-12 19:30 . 2010-11-12 19:30        --------        d-----w-        c:\programme\Malwarebytes' Anti-Malware

2010-11-12 19:30 . 2010-11-12 19:30        --------        d-----w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\Malwarebytes

2010-11-12 19:30 . 2010-04-29 14:39        20952        ----a-w-        c:\windows\system32\drivers\mbam.sys

2010-11-12 19:23 . 2010-11-12 19:23        --------        d-----w-        c:\programme\7-Zip

2010-11-10 22:39 . 2010-11-12 19:32        --------        d-----w-        c:\windows\system32\NtmsData

2010-10-27 13:50 . 2010-10-27 13:50        --------        d-----w-        c:\dokumente und einstellungen\Jonas\Anwendungsdaten\dvdcss

2010-10-23 10:55 . 2010-10-23 10:55        --------        d-----w-        c:\programme\AVIConverter
 

.

((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-11-02 12:17 . 2009-04-09 06:23        60936        ----a-w-        c:\windows\system32\drivers\avgntflt.sys

2010-11-02 12:17 . 2009-04-09 06:23        126856        ----a-w-        c:\windows\system32\drivers\avipbb.sys

2010-09-20 18:11 . 2009-09-15 15:51        6688        ----a-w-        c:\windows\movexe.exe

2010-09-18 10:22 . 2004-08-04 12:00        974848        ----a-w-        c:\windows\system32\mfc42u.dll

2010-09-18 06:52 . 2004-08-04 12:00        974848        ----a-w-        c:\windows\system32\mfc42.dll

2010-09-18 06:52 . 2004-08-04 12:00        954368        ----a-w-        c:\windows\system32\mfc40.dll

2010-09-18 06:52 . 2004-08-04 12:00        953856        ----a-w-        c:\windows\system32\mfc40u.dll

2010-09-15 02:50 . 2010-09-20 19:51        472808        ----a-w-        c:\windows\system32\deployJava1.dll

2010-09-15 00:29 . 2009-06-20 10:52        73728        ----a-w-        c:\windows\system32\javacpl.cpl

2010-09-09 14:17 . 2004-09-29 18:47        672768        ----a-w-        c:\windows\system32\wininet.dll

2010-09-09 14:17 . 2004-08-04 12:00        61952        ----a-w-        c:\windows\system32\tdc.ocx

2010-09-09 14:17 . 2004-08-04 12:00        81920        ----a-w-        c:\windows\system32\ieencode.dll

2010-09-09 14:13 . 2004-08-04 12:00        371200        ----a-w-        c:\windows\system32\html.iec

2010-09-01 11:50 . 2004-08-04 12:00        285824        ----a-w-        c:\windows\system32\atmfd.dll

2010-09-01 07:54 . 2004-08-04 12:00        1852928        ----a-w-        c:\windows\system32\win32k.sys

2010-08-27 08:01 . 2004-08-04 12:00        119808        ----a-w-        c:\windows\system32\t2embed.dll

2010-08-27 05:57 . 2004-08-04 12:00        99840        ----a-w-        c:\windows\system32\srvsvc.dll

2010-08-27 01:43 . 2008-05-05 05:25        5632        ----a-w-        c:\windows\system32\xpsp4res.dll

2010-08-26 13:39 . 2004-08-04 12:00        357248        ----a-w-        c:\windows\system32\drivers\srv.sys

2010-08-23 16:11 . 2004-08-04 12:00        617472        ----a-w-        c:\windows\system32\comctl32.dll

2002-08-16 13:57 . 2002-08-16 13:57        56956        ----a-w-        c:\programme\Zahlenzauber 3.exe

.
 

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))

.

.

*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 

REGEDIT4
 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"PhonostarTimer"="c:\programme\phonostar\ps_timer.exe" [2009-05-13 126976]
 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-03-19 13508608]

"nwiz"="nwiz.exe" [2008-03-19 1630208]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-03-19 86016]

"Adobe Reader Speed Launcher"="c:\programme\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]

"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]

"QuickTime Task"="c:\programme\QuickTime\qttask.exe" [2009-03-01 98304]

"avgnt"="c:\programme\Avira\AntiVir Desktop\avgnt.exe" [2010-11-02 281768]

"HP Component Manager"="c:\programme\HP\hpcoretech\hpcmpmgr.exe" [2003-12-22 241664]

"SunJavaUpdateSched"="c:\programme\Gemeinsame Dateien\Java\Java Update\jusched.exe" [2010-05-14 248552]
 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
 

c:\dokumente und einstellungen\Antonia\Startmen\Programme\Autostart\

OpenOffice.org 3.1.lnk - c:\programme\OpenOffice.org 3\program\quickstart.exe [2009-12-15 384000]
 

c:\dokumente und einstellungen\Jonas\Startmen\Programme\Autostart\

OpenOffice.org 3.0.lnk - c:\programme\OpenOffice.org 3\program\quickstart.exe [2009-12-15 384000]
 

c:\dokumente und einstellungen\Monika\Startmen\Programme\Autostart\

OpenOffice.org 3.1.lnk - c:\programme\OpenOffice.org 3\program\quickstart.exe [2009-12-15 384000]
 

c:\dokumente und einstellungen\All Users\Startmen\Programme\Autostart\

phase-6 Reminder.lnk - c:\programme\phase-6\phase-6\reminder\reminder.exe [2009-7-13 1032192]
 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Programme\\Google\\Google Earth\\client\\googleearth.exe"=
 

R2 AntiVirMailService;Avira AntiVir MailGuard;c:\programme\Avira\AntiVir Desktop\avmailc.exe [09.04.2009 07:23 339624]

R2 AntiVirSchedulerService;Avira AntiVir Planer;c:\programme\Avira\AntiVir Desktop\sched.exe [09.04.2009 07:23 135336]

R2 AntiVirWebService;Avira AntiVir WebGuard;c:\programme\Avira\AntiVir Desktop\avwebgrd.exe [09.04.2009 07:23 403624]

R3 WsAudio_DeviceS(1);WsAudio_DeviceS(1);c:\windows\system32\drivers\WsAudio_DeviceS(1).sys [15.03.2010 23:15 25704]

R3 WsAudio_DeviceS(2);WsAudio_DeviceS(2);c:\windows\system32\drivers\WsAudio_DeviceS(2).sys [15.03.2010 23:15 25704]

R3 WsAudio_DeviceS(3);WsAudio_DeviceS(3);c:\windows\system32\drivers\WsAudio_DeviceS(3).sys [15.03.2010 23:15 25704]

R3 WsAudio_DeviceS(4);WsAudio_DeviceS(4);c:\windows\system32\drivers\WsAudio_DeviceS(4).sys [15.03.2010 23:16 25704]

R3 WsAudio_DeviceS(5);WsAudio_DeviceS(5);c:\windows\system32\drivers\WsAudio_DeviceS(5).sys [15.03.2010 23:16 25704]

S2 gupdate1c9d6d7bfc56b0e;Google Update Service (gupdate1c9d6d7bfc56b0e);c:\programme\Google\Update\GoogleUpdate.exe [17.05.2009 11:10 133104]

S3 cpuz129;cpuz129;\??\c:\dokume~1\Thorsten\LOKALE~1\Temp\cpuz_x32.sys --> c:\dokume~1\Thorsten\LOKALE~1\Temp\cpuz_x32.sys [?]

.

Inhalt des "geplante Tasks" Ordners
 

2010-11-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\programme\Google\Update\GoogleUpdate.exe [2009-05-17 10:10]
 

2010-11-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\programme\Google\Update\GoogleUpdate.exe [2009-05-17 10:10]

.

.

------- Zusätzlicher Suchlauf -------

.

uInternet Settings,ProxyServer = http=127.0.0.1:50370

IE: Free YouTube Download - c:\dokumente und einstellungen\Thorsten\Anwendungsdaten\DVDVideoSoftIEHelpers\youtubedownload.htm

IE: Free YouTube to Mp3 Converter - c:\dokumente und einstellungen\Thorsten\Anwendungsdaten\DVDVideoSoftIEHelpers\youtubetomp3.htm

LSP: c:\programme\Avira\AntiVir Desktop\avsda.dll

FF - ProfilePath - c:\dokumente und einstellungen\Thorsten\Anwendungsdaten\Mozilla\Firefox\Profiles\04kujowg.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/

FF - prefs.js: network.proxy.type - 0

FF - plugin: c:\dokumente und einstellungen\Thorsten\Anwendungsdaten\Mozilla\Firefox\Profiles\04kujowg.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp071302000004.dll

FF - plugin: c:\programme\Google\Google Earth\plugin\npgeplugin.dll

FF - plugin: c:\programme\Google\Update\1.2.183.39\npGoogleOneClick8.dll

FF - plugin: c:\programme\Java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\programme\Mozilla Firefox\plugins\np-mswmp.dll

FF - plugin: c:\programme\Mozilla Firefox\plugins\npstrlnk.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
 

---- FIREFOX Richtlinien ----

c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true); 

c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional

c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified

c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);

c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); 

c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);

c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);

c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);

c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true);  // Traditional

c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true);  // Simplified

c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);

.

- - - - Entfernte verwaiste Registrierungseinträge - - - -
 

HKLM-Run-SysTrayApp - %ProgramFiles%\IDT\WDM\sttray.exe
 
 
 

**************************************************************************
 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover

Rootkit scan 2010-11-15 23:59

Windows 5.1.2600 Service Pack 3 NTFS
 

Scanne versteckte Prozesse... 
 

Scanne versteckte Autostarteinträge... 
 

Scanne versteckte Dateien... 
 

Scan erfolgreich abgeschlossen

versteckte Dateien: 0
 

**************************************************************************

.

--------------------- Gesperrte Registrierungsschluessel ---------------------
 

[HKEY_USERS\S-1-5-21-1935655697-1326574676-725345543-1005\Software\SecuROM\License information*]

"datasecu"=hex:c8,8c,12,75,d6,ff,45,4e,01,06,15,39,10,e2,36,cc,88,27,80,22,b7,

   45,c5,2b,05,3d,ae,ce,c5,2f,bf,29,9e,2c,74,56,64,18,28,eb,d6,59,e3,8e,f1,af,\

"rkeysecu"=hex:ef,ab,bc,6b,aa,3e,fb,06,12,94,8a,e5,11,03,38,2a

.

--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
 

- - - - - - - > 'lsass.exe'(696)

c:\programme\Avira\AntiVir Desktop\avsda.dll
 

- - - - - - - > 'explorer.exe'(4040)

c:\programme\Windows Media Player\wmpband.dll

c:\windows\system32\msi.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

Zeit der Fertigstellung: 2010-11-16  00:01:08

ComboFix-quarantined-files.txt  2010-11-15 23:01
 

Vor Suchlauf: 8 Verzeichnis(se), 176.975.859.712 Bytes frei

Nach Suchlauf: 9 Verzeichnis(se), 177.055.531.008 Bytes frei
 

WindowsXP-KB310994-SP2-Home-BootDisk-DEU.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

UnsupportedDebug="do not select this" /debug

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
 

- - End Of File - - A179102F4E9F107178295307BE6BE9C0

--- --- ---

Gruß Thorsten

CCleaner hat seinen Dienst auch getan, gab ja einiges zu räumen..
Noch was zu tun - oder bin ich jetzt clean?
Gruß Thorsten

Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.

Downloade Dir danach bitte MBRCheck (by a_d_13) und speichere die Datei auf dem Desktop.

Doppelklick auf die MBRCheck.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Das Tool braucht nur eine Sekunde.
Danach solltest du eine MBRCheck_<Datum>_<Uhrzeit>.txt auf dem Desktop finden.

Poste mir bitte den Inhalt des .txt Dokumentes

Log von GMER:

GMER Logfile:

Code:

GMER 1.0.15.15530 - hxxp://www.gmer.net

Rootkit scan 2010-11-16 19:48:33

Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-e Hitachi_HDP725050GLA360 rev.GM4OA5CA

Running: lnx86m4d.exe; Driver: C:\DOKUME~1\Thorsten\LOKALE~1\Temp\pxtdqpoc.sys
 
 

---- System - GMER 1.0.15 ----
 

SSDT            BA7D2706                                                                                         ZwCreateKey

SSDT            BA7D26FC                                                                                         ZwCreateThread

SSDT            BA7D270B                                                                                         ZwDeleteKey

SSDT            BA7D2715                                                                                         ZwDeleteValueKey

SSDT            BA7D2733                                                                                         ZwLoadDriver

SSDT            BA7D271A                                                                                         ZwLoadKey

SSDT            BA7D26E8                                                                                         ZwOpenProcess

SSDT            BA7D26ED                                                                                         ZwOpenThread

SSDT            BA7D2724                                                                                         ZwReplaceKey

SSDT            BA7D271F                                                                                         ZwRestoreKey

SSDT            BA7D2738                                                                                         ZwSetSystemInformation

SSDT            BA7D2710                                                                                         ZwSetValueKey

SSDT            BA7D26F7                                                                                         ZwTerminateProcess

SSDT            BA7D26F2                                                                                         ZwWriteVirtualMemory
 

---- Kernel code sections - GMER 1.0.15 ----
 

.text           ntkrnlpa.exe!ZwCallbackReturn + 2DCC                                                             80504668 4 Bytes  CALL 870AC393 

.text           C:\WINDOWS\system32\DRIVERS\nv4_mini.sys                                                         section is writeable [0xB958A380, 0x360E6D, 0xE8000020]
 

---- Devices - GMER 1.0.15 ----
 

AttachedDevice  \FileSystem\Fastfat \Fat                                                                         fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
 

---- Registry - GMER 1.0.15 ----
 

Reg             HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0009dd5018c9                      

Reg             HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0009dd5018c9@00233902d0cc         0xCB 0x25 0x84 0xF7 ...

Reg             HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\0009dd5018c9 (not active ControlSet)  

Reg             HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\0009dd5018c9@00233902d0cc             0xCB 0x25 0x84 0xF7 ...
 

---- EOF - GMER 1.0.15 ----

--- --- ---

...und das von OSAM:
OSAM Logfile:

Code:

Report of OSAM: Autorun Manager v5.0.11926.0

Online Solutions. Complex Protection for Information Systems

Saved at 20:01:24 on 16.11.2010
 

OS: Windows XP Home Edition Service Pack 3 (Build 2600)

Default Browser: Mozilla Corporation Firefox 3.6.12
 

Scanner Settings

[x] Rootkits detection (hidden registry)

[x] Rootkits detection (hidden files)

[x] Retrieve files information

[x] Check Microsoft signatures
 

Filters

[ ] Trusted entries

[ ] Empty entries

[x] Hidden registry entries (rootkit activity)

[x] Exclusively opened files

[x] Not found files

[x] Files without detailed information

[x] Existing files

[ ] Non-startable services

[ ] Non-startable drivers

[x] Active entries

[x] Disabled entries
 
 

[Common]

-----( %SystemRoot%\Tasks )-----

"GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Programme\Google\Update\GoogleUpdate.exe

"GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Programme\Google\Update\GoogleUpdate.exe
 

[Control Panel Objects]

-----( %SystemRoot%\system32 )-----

"infocardcpl.cpl" - "Microsoft Corporation" - C:\WINDOWS\system32\infocardcpl.cpl

"javacpl.cpl" - "Sun Microsystems, Inc." - C:\WINDOWS\system32\javacpl.cpl

"nvcpl.cpl" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvcpl.cpl

"nvtuicpl.cpl" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvtuicpl.cpl

"QuickTime.cpl" - "Apple Computer, Inc." - C:\WINDOWS\system32\QuickTime.cpl

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----

"Avira AntiVir Premium " - "Avira GmbH" - C:\PROGRA~1\Avira\ANTIVI~1\avconfig.cpl
 

[Drivers]

-----( HKLM\SYSTEM\CurrentControlSet\Services )-----

"avgio" (avgio) - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\avgio.sys

"avgntflt" (avgntflt) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\avgntflt.sys

"avipbb" (avipbb) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\avipbb.sys

"catchme" (catchme) - ? - C:\DOKUME~1\Thorsten\LOKALE~1\Temp\catchme.sys  (File not found)

"Changer" (Changer) - ? - C:\WINDOWS\system32\drivers\Changer.sys  (File not found)

"cpuz129" (cpuz129) - ? - C:\DOKUME~1\Thorsten\LOKALE~1\Temp\cpuz_x32.sys  (File not found)

"CrystalSysInfo" (CrystalSysInfo) - ? - C:\Programme\MediaCoder\SysInfo.sys  (File found, but it contains no detailed information)

"i2omgmt" (i2omgmt) - ? - C:\WINDOWS\system32\drivers\i2omgmt.sys  (File not found)

"kbdqjmv" (kbdqjmv) - ? - C:\WINDOWS\system32\drivers\kbdqjmv.sys  (File not found)

"lbrtfdc" (lbrtfdc) - ? - C:\WINDOWS\system32\drivers\lbrtfdc.sys  (File not found)

"PCIDump" (PCIDump) - ? - C:\WINDOWS\system32\drivers\PCIDump.sys  (File not found)

"PDCOMP" (PDCOMP) - ? - C:\WINDOWS\system32\drivers\PDCOMP.sys  (File not found)

"PDFRAME" (PDFRAME) - ? - C:\WINDOWS\system32\drivers\PDFRAME.sys  (File not found)

"PDRELI" (PDRELI) - ? - C:\WINDOWS\system32\drivers\PDRELI.sys  (File not found)

"PDRFRAME" (PDRFRAME) - ? - C:\WINDOWS\system32\drivers\PDRFRAME.sys  (File not found)

"PxHelp20" (PxHelp20) - "Sonic Solutions" - C:\WINDOWS\System32\Drivers\PxHelp20.sys

"pxtdqpoc" (pxtdqpoc) - ? - C:\DOKUME~1\Thorsten\LOKALE~1\Temp\pxtdqpoc.sys  (Hidden registry entry, rootkit activity | File not found)

"ssmdrv" (ssmdrv) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\ssmdrv.sys

"StarOpen" (StarOpen) - ? - C:\WINDOWS\system32\drivers\StarOpen.sys  (File found, but it contains no detailed information)

"WDICA" (WDICA) - ? - C:\WINDOWS\system32\drivers\WDICA.sys  (File not found)

"WsAudio_DeviceS(1)" (WsAudio_DeviceS(1)) - "Wondershare" - C:\WINDOWS\System32\drivers\WsAudio_DeviceS(1).sys

"WsAudio_DeviceS(2)" (WsAudio_DeviceS(2)) - "Wondershare" - C:\WINDOWS\System32\drivers\WsAudio_DeviceS(2).sys

"WsAudio_DeviceS(3)" (WsAudio_DeviceS(3)) - "Wondershare" - C:\WINDOWS\System32\drivers\WsAudio_DeviceS(3).sys

"WsAudio_DeviceS(4)" (WsAudio_DeviceS(4)) - "Wondershare" - C:\WINDOWS\System32\drivers\WsAudio_DeviceS(4).sys

"WsAudio_DeviceS(5)" (WsAudio_DeviceS(5)) - "Wondershare" - C:\WINDOWS\System32\drivers\WsAudio_DeviceS(5).sys
 

[Explorer]

-----( HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components )-----

{89B4C1CD-B018-4511-B0A1-5476DBF70820} "StubPath" - "Microsoft Corporation" - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install

-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----

{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.dll

{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" - ? - C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll

-----( HKLM\Software\Classes\Protocols\Filter )-----

{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll

{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll

{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll

-----( HKLM\Software\Classes\Protocols\Handler )-----

{CF184AD3-CDCB-4168-A3F7-8E447D129300} "CZipHandler Object" - "Hewlett-Packard Company" - C:\Programme\HP\hpcoretech\comp\hpuiprot.dll

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----

{23170F69-40C1-278A-1000-000100020000} "7-Zip Shell Extension" - "Igor Pavlov" - C:\Programme\7-Zip\7-zip.dll

{42071714-76d4-11d1-8b24-00a0c9068ff3} "CPL-Erweiterung für Anzeigeverschiebung" - ? - deskpan.dll  (File not found)

{1CDB2949-8F65-4355-8456-263E7C208A5D} "Desktop Explorer" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvshell.dll

{1E9B04FB-F9E5-4718-997B-B8DA88302A47} "Desktop Explorer Menu" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvshell.dll

{1D2680C9-0E2A-469d-B787-065558BC7D43} "Fusion Cache" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll

{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} "Kontextmenü für die Verschlüsselung" - ? -   (File not found | COM-object registry key not found)

{1E9B04FB-F9E5-4718-997B-B8DA88302A48} "nView Desktop Context Menu" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvshell.dll

{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "OpenOffice.org Column Handler" - ? - C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll

{087B3AE3-E237-4467-B8DB-5A38AB959AC9} "OpenOffice.org Infotip Handler" - ? - C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll

{63542C48-9552-494A-84F7-73AA6A7C99C1} "OpenOffice.org Property Sheet Handler" - ? - C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll

{3B092F0C-7696-40E3-A80F-68D74DA84210} "OpenOffice.org Thumbnail Viewer" - ? - C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll

{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\shlext.dll

{E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} "Shell Icon Handler for Application References" - "Microsoft Corporation" - C:\WINDOWS\system32\dfshim.dll

{764BF0E1-F219-11ce-972D-00AA00A14F56} "Shellerweiterungen für die Dateikomprimierung" - ? -   (File not found | COM-object registry key not found)

{e82a2d71-5b2f-43a0-97b8-81be15854de8} "ShellLink for Application References" - "Microsoft Corporation" - C:\WINDOWS\system32\dfshim.dll
 

[Internet Explorer]

-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----

<binary data> "ITBarLayout" - ? -   (File not found | COM-object registry key not found)

-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----

{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_22" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_22.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} "Java Plug-in 1.6.0_22" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_22.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_22" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_22.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

{CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} "{CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA}" - ? -   (File not found | COM-object registry key not found) / hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0-windows-i586.cab

{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} "{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}" - ? -   (File not found | COM-object registry key not found) / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----

{18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jp2ssv.dll

{E7E6F031-17CE-4C07-BC86-EABFE594F69C} "JQSIEStartDetectorImpl Class" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
 

[Logon]

-----( %AllUsersProfile%\Startmenü\Programme\Autostart )-----

"desktop.ini" - ? - C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\desktop.ini

"phase-6 Reminder.lnk" - "phase-6" - C:\Programme\phase-6\phase-6\reminder\reminder.exe  (Shortcut exists | File exists)

-----( %UserProfile%\Startmenü\Programme\Autostart )-----

"desktop.ini" - ? - C:\Dokumente und Einstellungen\Thorsten\Startmenü\Programme\Autostart\desktop.ini

-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----

"PhonostarTimer" - ? - C:\Programme\phonostar\ps_timer.exe

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----

"Adobe Reader Speed Launcher" - "Adobe Systems Incorporated" - "C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe"

"avgnt" - "Avira GmbH" - "C:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min

"HP Component Manager" - "Hewlett-Packard Company" - "C:\Programme\HP\hpcoretech\hpcmpmgr.exe"

"nwiz" - "NVIDIA Corporation" - nwiz.exe /install

"QuickTime Task" - "Apple Computer, Inc." - "C:\Programme\QuickTime\qttask.exe" -atboottime

"SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe"
 

[Services]

-----( HKLM\SYSTEM\CurrentControlSet\Services )-----

".NET Runtime Optimization Service v2.0.50727_X86" (clr_optimization_v2.0.50727_32) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

"Anwendungsverwaltung" (AppMgmt) - ? - C:\WINDOWS\System32\appmgmts.dll  (File not found)

"ASP.NET-Zustandsdienst" (aspnet_state) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe

"Avira AntiVir Guard" (AntiVirService) - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\avguard.exe

"Avira AntiVir MailGuard" (AntiVirMailService) - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\avmailc.exe

"Avira AntiVir Planer" (AntiVirSchedulerService) - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\sched.exe

"Avira AntiVir WebGuard" (AntiVirWebService) - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\AVWEBGRD.EXE

"AVM FRITZ!web Routing Service" (de_serv) - ? - C:\Programme\Gemeinsame Dateien\AVM\de_serv.exe  (File not found)

"Google Update Service (gupdate1c9d6d7bfc56b0e)" (gupdate1c9d6d7bfc56b0e) - "Google Inc." - C:\Programme\Google\Update\GoogleUpdate.exe

"InstallDriver Table Manager" (IDriverT) - "Macrovision Corporation" - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1150\Intel 32\IDriverT.exe

"Java Quick Starter" (JavaQuickStarterService) - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jqs.exe

"Windows CardSpace" (idsvc) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe

"Windows Presentation Foundation Font Cache 3.0.0.0" (FontCache3.0.0.0) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
 

[Winlogon]

-----( HKCU\Control Panel\IOProcs )-----

"MVB" - ? - mvfs32.dll  (File not found)

-----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions )-----

{c6dc5466-785a-11d2-84d0-00c04fb169f7} "Softwareinstallation" - ? - appmgmts.dll  (File not found)
 

[Winsock Providers]

-----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries )-----

"AVSDA" - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\avsda.dll
 

===[ Logfile end ]=========================================[ Logfile end ]===

--- --- ---
If You have questions or want to get some help, You can visit Online Solutions :: Index

...und das von OSAM:

OSAM Logfile:

Code:

Report of OSAM: Autorun Manager v5.0.11926.0

Online Solutions. Complex Protection for Information Systems

Saved at 20:01:24 on 16.11.2010
 

OS: Windows XP Home Edition Service Pack 3 (Build 2600)

Default Browser: Mozilla Corporation Firefox 3.6.12
 

Scanner Settings

[x] Rootkits detection (hidden registry)

[x] Rootkits detection (hidden files)

[x] Retrieve files information

[x] Check Microsoft signatures
 

Filters

[ ] Trusted entries

[ ] Empty entries

[x] Hidden registry entries (rootkit activity)

[x] Exclusively opened files

[x] Not found files

[x] Files without detailed information

[x] Existing files

[ ] Non-startable services

[ ] Non-startable drivers

[x] Active entries

[x] Disabled entries
 
 

[Common]

-----( %SystemRoot%\Tasks )-----

"GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Programme\Google\Update\GoogleUpdate.exe

"GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Programme\Google\Update\GoogleUpdate.exe
 

[Control Panel Objects]

-----( %SystemRoot%\system32 )-----

"infocardcpl.cpl" - "Microsoft Corporation" - C:\WINDOWS\system32\infocardcpl.cpl

"javacpl.cpl" - "Sun Microsystems, Inc." - C:\WINDOWS\system32\javacpl.cpl

"nvcpl.cpl" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvcpl.cpl

"nvtuicpl.cpl" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvtuicpl.cpl

"QuickTime.cpl" - "Apple Computer, Inc." - C:\WINDOWS\system32\QuickTime.cpl

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----

"Avira AntiVir Premium " - "Avira GmbH" - C:\PROGRA~1\Avira\ANTIVI~1\avconfig.cpl
 

[Drivers]

-----( HKLM\SYSTEM\CurrentControlSet\Services )-----

"avgio" (avgio) - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\avgio.sys

"avgntflt" (avgntflt) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\avgntflt.sys

"avipbb" (avipbb) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\avipbb.sys

"catchme" (catchme) - ? - C:\DOKUME~1\Thorsten\LOKALE~1\Temp\catchme.sys  (File not found)

"Changer" (Changer) - ? - C:\WINDOWS\system32\drivers\Changer.sys  (File not found)

"cpuz129" (cpuz129) - ? - C:\DOKUME~1\Thorsten\LOKALE~1\Temp\cpuz_x32.sys  (File not found)

"CrystalSysInfo" (CrystalSysInfo) - ? - C:\Programme\MediaCoder\SysInfo.sys  (File found, but it contains no detailed information)

"i2omgmt" (i2omgmt) - ? - C:\WINDOWS\system32\drivers\i2omgmt.sys  (File not found)

"kbdqjmv" (kbdqjmv) - ? - C:\WINDOWS\system32\drivers\kbdqjmv.sys  (File not found)

"lbrtfdc" (lbrtfdc) - ? - C:\WINDOWS\system32\drivers\lbrtfdc.sys  (File not found)

"PCIDump" (PCIDump) - ? - C:\WINDOWS\system32\drivers\PCIDump.sys  (File not found)

"PDCOMP" (PDCOMP) - ? - C:\WINDOWS\system32\drivers\PDCOMP.sys  (File not found)

"PDFRAME" (PDFRAME) - ? - C:\WINDOWS\system32\drivers\PDFRAME.sys  (File not found)

"PDRELI" (PDRELI) - ? - C:\WINDOWS\system32\drivers\PDRELI.sys  (File not found)

"PDRFRAME" (PDRFRAME) - ? - C:\WINDOWS\system32\drivers\PDRFRAME.sys  (File not found)

"PxHelp20" (PxHelp20) - "Sonic Solutions" - C:\WINDOWS\System32\Drivers\PxHelp20.sys

"pxtdqpoc" (pxtdqpoc) - ? - C:\DOKUME~1\Thorsten\LOKALE~1\Temp\pxtdqpoc.sys  (Hidden registry entry, rootkit activity | File not found)

"ssmdrv" (ssmdrv) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\ssmdrv.sys

"StarOpen" (StarOpen) - ? - C:\WINDOWS\system32\drivers\StarOpen.sys  (File found, but it contains no detailed information)

"WDICA" (WDICA) - ? - C:\WINDOWS\system32\drivers\WDICA.sys  (File not found)

"WsAudio_DeviceS(1)" (WsAudio_DeviceS(1)) - "Wondershare" - C:\WINDOWS\System32\drivers\WsAudio_DeviceS(1).sys

"WsAudio_DeviceS(2)" (WsAudio_DeviceS(2)) - "Wondershare" - C:\WINDOWS\System32\drivers\WsAudio_DeviceS(2).sys

"WsAudio_DeviceS(3)" (WsAudio_DeviceS(3)) - "Wondershare" - C:\WINDOWS\System32\drivers\WsAudio_DeviceS(3).sys

"WsAudio_DeviceS(4)" (WsAudio_DeviceS(4)) - "Wondershare" - C:\WINDOWS\System32\drivers\WsAudio_DeviceS(4).sys

"WsAudio_DeviceS(5)" (WsAudio_DeviceS(5)) - "Wondershare" - C:\WINDOWS\System32\drivers\WsAudio_DeviceS(5).sys
 

[Explorer]

-----( HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components )-----

{89B4C1CD-B018-4511-B0A1-5476DBF70820} "StubPath" - "Microsoft Corporation" - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install

-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----

{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.dll

{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" - ? - C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll

-----( HKLM\Software\Classes\Protocols\Filter )-----

{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll

{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll

{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll

-----( HKLM\Software\Classes\Protocols\Handler )-----

{CF184AD3-CDCB-4168-A3F7-8E447D129300} "CZipHandler Object" - "Hewlett-Packard Company" - C:\Programme\HP\hpcoretech\comp\hpuiprot.dll

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----

{23170F69-40C1-278A-1000-000100020000} "7-Zip Shell Extension" - "Igor Pavlov" - C:\Programme\7-Zip\7-zip.dll

{42071714-76d4-11d1-8b24-00a0c9068ff3} "CPL-Erweiterung für Anzeigeverschiebung" - ? - deskpan.dll  (File not found)

{1CDB2949-8F65-4355-8456-263E7C208A5D} "Desktop Explorer" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvshell.dll

{1E9B04FB-F9E5-4718-997B-B8DA88302A47} "Desktop Explorer Menu" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvshell.dll

{1D2680C9-0E2A-469d-B787-065558BC7D43} "Fusion Cache" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll

{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} "Kontextmenü für die Verschlüsselung" - ? -   (File not found | COM-object registry key not found)

{1E9B04FB-F9E5-4718-997B-B8DA88302A48} "nView Desktop Context Menu" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvshell.dll

{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "OpenOffice.org Column Handler" - ? - C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll

{087B3AE3-E237-4467-B8DB-5A38AB959AC9} "OpenOffice.org Infotip Handler" - ? - C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll

{63542C48-9552-494A-84F7-73AA6A7C99C1} "OpenOffice.org Property Sheet Handler" - ? - C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll

{3B092F0C-7696-40E3-A80F-68D74DA84210} "OpenOffice.org Thumbnail Viewer" - ? - C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll

{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\shlext.dll

{E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} "Shell Icon Handler for Application References" - "Microsoft Corporation" - C:\WINDOWS\system32\dfshim.dll

{764BF0E1-F219-11ce-972D-00AA00A14F56} "Shellerweiterungen für die Dateikomprimierung" - ? -   (File not found | COM-object registry key not found)

{e82a2d71-5b2f-43a0-97b8-81be15854de8} "ShellLink for Application References" - "Microsoft Corporation" - C:\WINDOWS\system32\dfshim.dll
 

[Internet Explorer]

-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----

<binary data> "ITBarLayout" - ? -   (File not found | COM-object registry key not found)

-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----

{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_22" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_22.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} "Java Plug-in 1.6.0_22" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_22.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_22" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_22.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

{CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} "{CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA}" - ? -   (File not found | COM-object registry key not found) / hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0-windows-i586.cab

{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} "{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}" - ? -   (File not found | COM-object registry key not found) / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----

{18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jp2ssv.dll

{E7E6F031-17CE-4C07-BC86-EABFE594F69C} "JQSIEStartDetectorImpl Class" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
 

[Logon]

-----( %AllUsersProfile%\Startmenü\Programme\Autostart )-----

"desktop.ini" - ? - C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\desktop.ini

"phase-6 Reminder.lnk" - "phase-6" - C:\Programme\phase-6\phase-6\reminder\reminder.exe  (Shortcut exists | File exists)

-----( %UserProfile%\Startmenü\Programme\Autostart )-----

"desktop.ini" - ? - C:\Dokumente und Einstellungen\Thorsten\Startmenü\Programme\Autostart\desktop.ini

-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----

"PhonostarTimer" - ? - C:\Programme\phonostar\ps_timer.exe

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----

"Adobe Reader Speed Launcher" - "Adobe Systems Incorporated" - "C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe"

"avgnt" - "Avira GmbH" - "C:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min

"HP Component Manager" - "Hewlett-Packard Company" - "C:\Programme\HP\hpcoretech\hpcmpmgr.exe"

"nwiz" - "NVIDIA Corporation" - nwiz.exe /install

"QuickTime Task" - "Apple Computer, Inc." - "C:\Programme\QuickTime\qttask.exe" -atboottime

"SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe"
 

[Services]

-----( HKLM\SYSTEM\CurrentControlSet\Services )-----

".NET Runtime Optimization Service v2.0.50727_X86" (clr_optimization_v2.0.50727_32) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

"Anwendungsverwaltung" (AppMgmt) - ? - C:\WINDOWS\System32\appmgmts.dll  (File not found)

"ASP.NET-Zustandsdienst" (aspnet_state) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe

"Avira AntiVir Guard" (AntiVirService) - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\avguard.exe

"Avira AntiVir MailGuard" (AntiVirMailService) - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\avmailc.exe

"Avira AntiVir Planer" (AntiVirSchedulerService) - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\sched.exe

"Avira AntiVir WebGuard" (AntiVirWebService) - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\AVWEBGRD.EXE

"AVM FRITZ!web Routing Service" (de_serv) - ? - C:\Programme\Gemeinsame Dateien\AVM\de_serv.exe  (File not found)

"Google Update Service (gupdate1c9d6d7bfc56b0e)" (gupdate1c9d6d7bfc56b0e) - "Google Inc." - C:\Programme\Google\Update\GoogleUpdate.exe

"InstallDriver Table Manager" (IDriverT) - "Macrovision Corporation" - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1150\Intel 32\IDriverT.exe

"Java Quick Starter" (JavaQuickStarterService) - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jqs.exe

"Windows CardSpace" (idsvc) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe

"Windows Presentation Foundation Font Cache 3.0.0.0" (FontCache3.0.0.0) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
 

[Winlogon]

-----( HKCU\Control Panel\IOProcs )-----

"MVB" - ? - mvfs32.dll  (File not found)

-----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions )-----

{c6dc5466-785a-11d2-84d0-00c04fb169f7} "Softwareinstallation" - ? - appmgmts.dll  (File not found)
 

[Winsock Providers]

-----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries )-----

"AVSDA" - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\avsda.dll
 

===[ Logfile end ]=========================================[ Logfile end ]===

--- --- ---

If You have questions or want to get some help, You can visit Online Solutions :: Index

und das MBR Log:

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows XP Home Edition
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x0000003d

Kernel Drivers (total 129):
0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
0x806E5000 \WINDOWS\system32\hal.dll
0xBA5A8000 \WINDOWS\system32\KDCOM.DLL
0xBA4B8000 \WINDOWS\system32\BOOTVID.dll
0xB9F78000 ACPI.sys
0xBA5AA000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xB9F67000 pci.sys
0xBA0A8000 isapnp.sys
0xBA670000 pciide.sys
0xBA328000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xBA0B8000 MountMgr.sys
0xB9F48000 ftdisk.sys
0xBA330000 PartMgr.sys
0xBA0C8000 VolSnap.sys
0xB9F30000 atapi.sys
0xBA0D8000 disk.sys
0xBA0E8000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xB9F10000 fltmgr.sys
0xB9EFE000 sr.sys
0xBA0F8000 PxHelp20.sys
0xB9EE7000 KSecDD.sys
0xB9ED4000 WudfPf.sys
0xB9E47000 Ntfs.sys
0xB9E1A000 NDIS.sys
0xB9E00000 Mup.sys
0xBA2E8000 \SystemRoot\system32\DRIVERS\processr.sys
0xBA420000 \SystemRoot\system32\DRIVERS\fdc.sys
0xB9DA4000 \SystemRoot\system32\DRIVERS\parport.sys
0xBA428000 \SystemRoot\system32\DRIVERS\nvsmu.sys
0xBA430000 \SystemRoot\system32\DRIVERS\usbohci.sys
0xB9D80000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xBA438000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xBA2F8000 \SystemRoot\system32\DRIVERS\imapi.sys
0xBA308000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xBA318000 \SystemRoot\system32\DRIVERS\redbook.sys
0xB9D5D000 \SystemRoot\system32\DRIVERS\ks.sys
0xB9D35000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0xBA138000 \SystemRoot\system32\DRIVERS\nvnetbus.sys
0xB9C4D000 \SystemRoot\system32\DRIVERS\NVNRM.SYS
0xB958A000 \SystemRoot\system32\DRIVERS\nv4_mini.sys
0xB9576000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xBA560000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0xBA148000 \SystemRoot\system32\drivers\WsAudio_DeviceS(1).sys
0xB9552000 \SystemRoot\system32\drivers\portcls.sys
0xBA158000 \SystemRoot\system32\drivers\drmk.sys
0xBA168000 \SystemRoot\system32\drivers\WsAudio_DeviceS(2).sys
0xBA178000 \SystemRoot\system32\drivers\WsAudio_DeviceS(3).sys
0xBA188000 \SystemRoot\system32\drivers\WsAudio_DeviceS(4).sys
0xBA198000 \SystemRoot\system32\drivers\WsAudio_DeviceS(5).sys
0xBA6F7000 \SystemRoot\system32\DRIVERS\audstub.sys
0xBA1A8000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xBA564000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xB949B000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xBA1B8000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xBA1C8000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xBA440000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xB948A000 \SystemRoot\system32\DRIVERS\psched.sys
0xBA1D8000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xBA448000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xBA450000 \SystemRoot\system32\DRIVERS\raspti.sys
0xBA1E8000 \SystemRoot\system32\DRIVERS\termdd.sys
0xBA458000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xBA460000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xBA5CC000 \SystemRoot\system32\DRIVERS\swenum.sys
0xB942C000 \SystemRoot\system32\DRIVERS\update.sys
0xBA570000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xBA1F8000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xBA208000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xBA5CE000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xBA218000 \SystemRoot\system32\DRIVERS\NVENETFD.sys
0xB6E06000 \SystemRoot\system32\drivers\sthda.sys
0xBA478000 \SystemRoot\system32\DRIVERS\flpydisk.sys
0xBA5D2000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xBA7EA000 \SystemRoot\System32\Drivers\Null.SYS
0xBA5D4000 \SystemRoot\System32\Drivers\Beep.SYS
0xBA488000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0xBA490000 \SystemRoot\System32\drivers\vga.sys
0xBA5D6000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xBA5D8000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xBA498000 \SystemRoot\System32\Drivers\Msfs.SYS
0xBA4A0000 \SystemRoot\System32\Drivers\Npfs.SYS
0xBA5A4000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xB6CEE000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xB6C95000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xB6C45000 \SystemRoot\system32\DRIVERS\netbt.sys
0xB6C1F000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xB9DD0000 \SystemRoot\System32\drivers\ws2ifsl.sys
0xB6BFD000 \SystemRoot\System32\drivers\afd.sys
0xBA278000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xBA288000 \SystemRoot\system32\DRIVERS\netbios.sys
0xBA4A8000 \SystemRoot\System32\Drivers\StarOpen.SYS
0xBA4B0000 \SystemRoot\system32\DRIVERS\ssmdrv.sys
0xB6BD2000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xB6B62000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xBA298000 \SystemRoot\System32\Drivers\Fips.SYS
0xBA340000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0xB9DBC000 \SystemRoot\system32\DRIVERS\hidusb.sys
0xBA2B8000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0xBA54C000 \SystemRoot\system32\DRIVERS\usbscan.sys
0xBA368000 \SystemRoot\system32\DRIVERS\usbprint.sys
0xBA370000 \SystemRoot\system32\DRIVERS\HPZius12.sys
0xB6B17000 \SystemRoot\system32\DRIVERS\avipbb.sys
0xB704A000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0xBA5E2000 \??\C:\Programme\Avira\AntiVir Desktop\avgio.sys
0xB9542000 \SystemRoot\system32\DRIVERS\HPZid412.sys
0xB703E000 \SystemRoot\system32\DRIVERS\HPZipr12.sys
0xBA378000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0xB703A000 \SystemRoot\system32\DRIVERS\mouhid.sys
0xB94B2000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xB6AD7000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xBA5F6000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xB6C6D000 \SystemRoot\System32\drivers\Dxapi.sys
0xBA3A0000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xBA738000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF012000 \SystemRoot\System32\nv4_disp.dll
0xB6813000 \SystemRoot\System32\Drivers\Fastfat.SYS
0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
0xB6786000 \SystemRoot\system32\DRIVERS\avgntflt.sys
0xB675A000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xB6439000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0xB63FC000 \SystemRoot\system32\drivers\wdmaud.sys
0xBA248000 \SystemRoot\system32\drivers\sysaudio.sys
0xBA620000 \SystemRoot\System32\Drivers\ParVdm.SYS
0xB5FE6000 \SystemRoot\system32\DRIVERS\srv.sys
0xB5A7D000 \SystemRoot\System32\Drivers\HTTP.sys
0xB599D000 \??\C:\DOKUME~1\Thorsten\LOKALE~1\Temp\pxtdqpoc.sys
0x7C910000 \WINDOWS\system32\ntdll.dll

Processes (total 38):
0 System Idle Process
4 System
568 C:\WINDOWS\system32\smss.exe
624 csrss.exe
648 C:\WINDOWS\system32\winlogon.exe
692 C:\WINDOWS\system32\services.exe
704 C:\WINDOWS\system32\lsass.exe
896 C:\WINDOWS\system32\svchost.exe
980 svchost.exe
1076 C:\WINDOWS\system32\svchost.exe
1148 C:\WINDOWS\system32\svchost.exe
1236 svchost.exe
1340 svchost.exe
1448 C:\WINDOWS\system32\spoolsv.exe
1496 C:\Programme\Avira\AntiVir Desktop\sched.exe
1568 svchost.exe
1788 C:\WINDOWS\explorer.exe
1968 C:\WINDOWS\system32\rundll32.exe
1992 C:\WINDOWS\system32\rundll32.exe
2008 C:\Programme\Avira\AntiVir Desktop\avgnt.exe
2016 C:\Programme\HP\hpcoretech\hpcmpmgr.exe
2024 C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe
2032 C:\Programme\phonostar\ps_timer.exe
308 C:\Programme\Avira\AntiVir Desktop\avguard.exe
348 svchost.exe
420 C:\Programme\Java\jre6\bin\jqs.exe
252 C:\WINDOWS\system32\nvsvc32.exe
752 C:\Programme\IDT\ECSXPV_5762_010208\WDM\stacsv.exe
1048 C:\Programme\Avira\AntiVir Desktop\avshadow.exe
1716 C:\WINDOWS\system32\svchost.exe
2552 C:\Programme\Avira\AntiVir Desktop\avmailc.exe
2672 C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe
3936 alg.exe
964 C:\Programme\Mozilla Firefox\firefox.exe
3812 C:\Programme\7-Zip\7zFM.exe
3424 C:\Dokumente und Einstellungen\Thorsten\Desktop\osam_autorun_manager_5_0_portable\osam.exe
812 C:\WINDOWS\system32\notepad.exe
232 C:\Dokumente und Einstellungen\Thorsten\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)
\\.\E: --> \\.\PhysicalDrive0 at offset 0x00000030`d3cbae00 (NTFS)
\\.\F: --> \\.\PhysicalDrive1 at offset 0x00000000`00007e00 (FAT32)

PhysicalDrive0 Model Number: HitachiHDP725050GLA360, Rev: GM4OA5CA
PhysicalDrive1 Model Number: TOSHIBA MK8032GA, Rev: AD00

Size Device Name MBR Status
--------------------------------------------
465 GB \\.\PhysicalDrive0 Windows XP MBR code detected
SHA1: ADFE55CD0C6ED2E00B22375835E4C2736CE9AD11
74 GB \\.\PhysicalDrive1 Unknown MBR code
SHA1: 639AC5CDF8A5CF3245975932C6A4215450A7B98F

Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:

Done!

Zitat:

"kbdqjmv" (kbdqjmv) - ? - C:\WINDOWS\system32\drivers\kbdqjmv.sys (File not found)

Bitte mit osam deaktivieren und löschen

Hallo Arne

Hier das Log nach dem Deaktivieren u. Löschen des angegebenen Eintrags:
OSAM Logfile:

Code:

Report of OSAM: Autorun Manager v5.0.11926.0

Online Solutions. Complex Protection for Information Systems

Saved at 22:55:35 on 16.11.2010
 

OS: Windows XP Home Edition Service Pack 3 (Build 2600)

Default Browser: Mozilla Corporation Firefox 3.6.12
 

Scanner Settings

[x] Rootkits detection (hidden registry)

[x] Rootkits detection (hidden files)

[x] Retrieve files information

[x] Check Microsoft signatures
 

Filters

[ ] Trusted entries

[ ] Empty entries

[x] Hidden registry entries (rootkit activity)

[x] Exclusively opened files

[x] Not found files

[x] Files without detailed information

[x] Existing files

[ ] Non-startable services

[ ] Non-startable drivers

[x] Active entries

[x] Disabled entries
 
 

[Common]

-----( %SystemRoot%\Tasks )-----

"GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Programme\Google\Update\GoogleUpdate.exe

"GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Programme\Google\Update\GoogleUpdate.exe
 

[Control Panel Objects]

-----( %SystemRoot%\system32 )-----

"infocardcpl.cpl" - "Microsoft Corporation" - C:\WINDOWS\system32\infocardcpl.cpl

"javacpl.cpl" - "Sun Microsystems, Inc." - C:\WINDOWS\system32\javacpl.cpl

"nvcpl.cpl" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvcpl.cpl

"nvtuicpl.cpl" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvtuicpl.cpl

"QuickTime.cpl" - "Apple Computer, Inc." - C:\WINDOWS\system32\QuickTime.cpl

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----

"Avira AntiVir Premium " - "Avira GmbH" - C:\PROGRA~1\Avira\ANTIVI~1\avconfig.cpl
 

[Drivers]

-----( HKLM\SYSTEM\CurrentControlSet\Services )-----

"avgio" (avgio) - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\avgio.sys

"avgntflt" (avgntflt) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\avgntflt.sys

"avipbb" (avipbb) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\avipbb.sys

"catchme" (catchme) - ? - C:\DOKUME~1\Thorsten\LOKALE~1\Temp\catchme.sys  (File not found)

"Changer" (Changer) - ? - C:\WINDOWS\system32\drivers\Changer.sys  (File not found)

"cpuz129" (cpuz129) - ? - C:\DOKUME~1\Thorsten\LOKALE~1\Temp\cpuz_x32.sys  (File not found)

"CrystalSysInfo" (CrystalSysInfo) - ? - C:\Programme\MediaCoder\SysInfo.sys  (File found, but it contains no detailed information)

"i2omgmt" (i2omgmt) - ? - C:\WINDOWS\system32\drivers\i2omgmt.sys  (File not found)

"lbrtfdc" (lbrtfdc) - ? - C:\WINDOWS\system32\drivers\lbrtfdc.sys  (File not found)

"PCIDump" (PCIDump) - ? - C:\WINDOWS\system32\drivers\PCIDump.sys  (File not found)

"PDCOMP" (PDCOMP) - ? - C:\WINDOWS\system32\drivers\PDCOMP.sys  (File not found)

"PDFRAME" (PDFRAME) - ? - C:\WINDOWS\system32\drivers\PDFRAME.sys  (File not found)

"PDRELI" (PDRELI) - ? - C:\WINDOWS\system32\drivers\PDRELI.sys  (File not found)

"PDRFRAME" (PDRFRAME) - ? - C:\WINDOWS\system32\drivers\PDRFRAME.sys  (File not found)

"PxHelp20" (PxHelp20) - "Sonic Solutions" - C:\WINDOWS\System32\Drivers\PxHelp20.sys

"ssmdrv" (ssmdrv) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\ssmdrv.sys

"StarOpen" (StarOpen) - ? - C:\WINDOWS\system32\drivers\StarOpen.sys  (File found, but it contains no detailed information)

"WDICA" (WDICA) - ? - C:\WINDOWS\system32\drivers\WDICA.sys  (File not found)

"WsAudio_DeviceS(1)" (WsAudio_DeviceS(1)) - "Wondershare" - C:\WINDOWS\System32\drivers\WsAudio_DeviceS(1).sys

"WsAudio_DeviceS(2)" (WsAudio_DeviceS(2)) - "Wondershare" - C:\WINDOWS\System32\drivers\WsAudio_DeviceS(2).sys

"WsAudio_DeviceS(3)" (WsAudio_DeviceS(3)) - "Wondershare" - C:\WINDOWS\System32\drivers\WsAudio_DeviceS(3).sys

"WsAudio_DeviceS(4)" (WsAudio_DeviceS(4)) - "Wondershare" - C:\WINDOWS\System32\drivers\WsAudio_DeviceS(4).sys

"WsAudio_DeviceS(5)" (WsAudio_DeviceS(5)) - "Wondershare" - C:\WINDOWS\System32\drivers\WsAudio_DeviceS(5).sys
 

[Explorer]

-----( HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components )-----

{89B4C1CD-B018-4511-B0A1-5476DBF70820} "StubPath" - "Microsoft Corporation" - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install

-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----

{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.dll

{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" - ? - C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll

-----( HKLM\Software\Classes\Protocols\Filter )-----

{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll

{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll

{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll

-----( HKLM\Software\Classes\Protocols\Handler )-----

{CF184AD3-CDCB-4168-A3F7-8E447D129300} "CZipHandler Object" - "Hewlett-Packard Company" - C:\Programme\HP\hpcoretech\comp\hpuiprot.dll

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----

{23170F69-40C1-278A-1000-000100020000} "7-Zip Shell Extension" - "Igor Pavlov" - C:\Programme\7-Zip\7-zip.dll

{42071714-76d4-11d1-8b24-00a0c9068ff3} "CPL-Erweiterung für Anzeigeverschiebung" - ? - deskpan.dll  (File not found)

{1CDB2949-8F65-4355-8456-263E7C208A5D} "Desktop Explorer" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvshell.dll

{1E9B04FB-F9E5-4718-997B-B8DA88302A47} "Desktop Explorer Menu" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvshell.dll

{1D2680C9-0E2A-469d-B787-065558BC7D43} "Fusion Cache" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll

{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} "Kontextmenü für die Verschlüsselung" - ? -   (File not found | COM-object registry key not found)

{1E9B04FB-F9E5-4718-997B-B8DA88302A48} "nView Desktop Context Menu" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvshell.dll

{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "OpenOffice.org Column Handler" - ? - C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll

{087B3AE3-E237-4467-B8DB-5A38AB959AC9} "OpenOffice.org Infotip Handler" - ? - C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll

{63542C48-9552-494A-84F7-73AA6A7C99C1} "OpenOffice.org Property Sheet Handler" - ? - C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll

{3B092F0C-7696-40E3-A80F-68D74DA84210} "OpenOffice.org Thumbnail Viewer" - ? - C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll

{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\shlext.dll

{E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} "Shell Icon Handler for Application References" - "Microsoft Corporation" - C:\WINDOWS\system32\dfshim.dll

{764BF0E1-F219-11ce-972D-00AA00A14F56} "Shellerweiterungen für die Dateikomprimierung" - ? -   (File not found | COM-object registry key not found)

{e82a2d71-5b2f-43a0-97b8-81be15854de8} "ShellLink for Application References" - "Microsoft Corporation" - C:\WINDOWS\system32\dfshim.dll
 

[Internet Explorer]

-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----

<binary data> "ITBarLayout" - ? -   (File not found | COM-object registry key not found)

-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----

{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_22" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_22.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} "Java Plug-in 1.6.0_22" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_22.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_22" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_22.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

{CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} "{CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA}" - ? -   (File not found | COM-object registry key not found) / hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0-windows-i586.cab

{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} "{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}" - ? -   (File not found | COM-object registry key not found) / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----

{18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jp2ssv.dll

{E7E6F031-17CE-4C07-BC86-EABFE594F69C} "JQSIEStartDetectorImpl Class" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
 

[Logon]

-----( %AllUsersProfile%\Startmenü\Programme\Autostart )-----

"desktop.ini" - ? - C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\desktop.ini

"phase-6 Reminder.lnk" - "phase-6" - C:\Programme\phase-6\phase-6\reminder\reminder.exe  (Shortcut exists | File exists)

-----( %UserProfile%\Startmenü\Programme\Autostart )-----

"desktop.ini" - ? - C:\Dokumente und Einstellungen\Thorsten\Startmenü\Programme\Autostart\desktop.ini

-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----

"PhonostarTimer" - ? - C:\Programme\phonostar\ps_timer.exe

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----

"Adobe Reader Speed Launcher" - "Adobe Systems Incorporated" - "C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe"

"avgnt" - "Avira GmbH" - "C:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min

"HP Component Manager" - "Hewlett-Packard Company" - "C:\Programme\HP\hpcoretech\hpcmpmgr.exe"

"nwiz" - "NVIDIA Corporation" - nwiz.exe /install

"QuickTime Task" - "Apple Computer, Inc." - "C:\Programme\QuickTime\qttask.exe" -atboottime

"SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe"
 

[Services]

-----( HKLM\SYSTEM\CurrentControlSet\Services )-----

".NET Runtime Optimization Service v2.0.50727_X86" (clr_optimization_v2.0.50727_32) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

"Anwendungsverwaltung" (AppMgmt) - ? - C:\WINDOWS\System32\appmgmts.dll  (File not found)

"ASP.NET-Zustandsdienst" (aspnet_state) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe

"Avira AntiVir Guard" (AntiVirService) - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\avguard.exe

"Avira AntiVir MailGuard" (AntiVirMailService) - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\avmailc.exe

"Avira AntiVir Planer" (AntiVirSchedulerService) - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\sched.exe

"Avira AntiVir WebGuard" (AntiVirWebService) - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\AVWEBGRD.EXE

"AVM FRITZ!web Routing Service" (de_serv) - ? - C:\Programme\Gemeinsame Dateien\AVM\de_serv.exe  (File not found)

"Google Update Service (gupdate1c9d6d7bfc56b0e)" (gupdate1c9d6d7bfc56b0e) - "Google Inc." - C:\Programme\Google\Update\GoogleUpdate.exe

"InstallDriver Table Manager" (IDriverT) - "Macrovision Corporation" - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1150\Intel 32\IDriverT.exe

"Java Quick Starter" (JavaQuickStarterService) - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jqs.exe

"Windows CardSpace" (idsvc) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe

"Windows Presentation Foundation Font Cache 3.0.0.0" (FontCache3.0.0.0) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
 

[Winlogon]

-----( HKCU\Control Panel\IOProcs )-----

"MVB" - ? - mvfs32.dll  (File not found)

-----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions )-----

{c6dc5466-785a-11d2-84d0-00c04fb169f7} "Softwareinstallation" - ? - appmgmts.dll  (File not found)
 

[Winsock Providers]

-----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries )-----

"AVSDA" - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\avsda.dll
 

===[ Logfile end ]=========================================[ Logfile end ]===

--- --- ---
If You have questions or want to get some help, You can visit Online Solutions :: Index

Gruß Thorsten

Hallo Arne

Hier das Log nach dem Deaktivieren u. Löschen des angegebenen Eintrags:

OSAM Logfile:

Code:

Report of OSAM: Autorun Manager v5.0.11926.0

Online Solutions. Complex Protection for Information Systems

Saved at 22:55:35 on 16.11.2010
 

OS: Windows XP Home Edition Service Pack 3 (Build 2600)

Default Browser: Mozilla Corporation Firefox 3.6.12
 

Scanner Settings

[x] Rootkits detection (hidden registry)

[x] Rootkits detection (hidden files)

[x] Retrieve files information

[x] Check Microsoft signatures
 

Filters

[ ] Trusted entries

[ ] Empty entries

[x] Hidden registry entries (rootkit activity)

[x] Exclusively opened files

[x] Not found files

[x] Files without detailed information

[x] Existing files

[ ] Non-startable services

[ ] Non-startable drivers

[x] Active entries

[x] Disabled entries
 
 

[Common]

-----( %SystemRoot%\Tasks )-----

"GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Programme\Google\Update\GoogleUpdate.exe

"GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Programme\Google\Update\GoogleUpdate.exe
 

[Control Panel Objects]

-----( %SystemRoot%\system32 )-----

"infocardcpl.cpl" - "Microsoft Corporation" - C:\WINDOWS\system32\infocardcpl.cpl

"javacpl.cpl" - "Sun Microsystems, Inc." - C:\WINDOWS\system32\javacpl.cpl

"nvcpl.cpl" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvcpl.cpl

"nvtuicpl.cpl" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvtuicpl.cpl

"QuickTime.cpl" - "Apple Computer, Inc." - C:\WINDOWS\system32\QuickTime.cpl

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----

"Avira AntiVir Premium " - "Avira GmbH" - C:\PROGRA~1\Avira\ANTIVI~1\avconfig.cpl
 

[Drivers]

-----( HKLM\SYSTEM\CurrentControlSet\Services )-----

"avgio" (avgio) - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\avgio.sys

"avgntflt" (avgntflt) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\avgntflt.sys

"avipbb" (avipbb) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\avipbb.sys

"catchme" (catchme) - ? - C:\DOKUME~1\Thorsten\LOKALE~1\Temp\catchme.sys  (File not found)

"Changer" (Changer) - ? - C:\WINDOWS\system32\drivers\Changer.sys  (File not found)

"cpuz129" (cpuz129) - ? - C:\DOKUME~1\Thorsten\LOKALE~1\Temp\cpuz_x32.sys  (File not found)

"CrystalSysInfo" (CrystalSysInfo) - ? - C:\Programme\MediaCoder\SysInfo.sys  (File found, but it contains no detailed information)

"i2omgmt" (i2omgmt) - ? - C:\WINDOWS\system32\drivers\i2omgmt.sys  (File not found)

"lbrtfdc" (lbrtfdc) - ? - C:\WINDOWS\system32\drivers\lbrtfdc.sys  (File not found)

"PCIDump" (PCIDump) - ? - C:\WINDOWS\system32\drivers\PCIDump.sys  (File not found)

"PDCOMP" (PDCOMP) - ? - C:\WINDOWS\system32\drivers\PDCOMP.sys  (File not found)

"PDFRAME" (PDFRAME) - ? - C:\WINDOWS\system32\drivers\PDFRAME.sys  (File not found)

"PDRELI" (PDRELI) - ? - C:\WINDOWS\system32\drivers\PDRELI.sys  (File not found)

"PDRFRAME" (PDRFRAME) - ? - C:\WINDOWS\system32\drivers\PDRFRAME.sys  (File not found)

"PxHelp20" (PxHelp20) - "Sonic Solutions" - C:\WINDOWS\System32\Drivers\PxHelp20.sys

"ssmdrv" (ssmdrv) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\ssmdrv.sys

"StarOpen" (StarOpen) - ? - C:\WINDOWS\system32\drivers\StarOpen.sys  (File found, but it contains no detailed information)

"WDICA" (WDICA) - ? - C:\WINDOWS\system32\drivers\WDICA.sys  (File not found)

"WsAudio_DeviceS(1)" (WsAudio_DeviceS(1)) - "Wondershare" - C:\WINDOWS\System32\drivers\WsAudio_DeviceS(1).sys

"WsAudio_DeviceS(2)" (WsAudio_DeviceS(2)) - "Wondershare" - C:\WINDOWS\System32\drivers\WsAudio_DeviceS(2).sys

"WsAudio_DeviceS(3)" (WsAudio_DeviceS(3)) - "Wondershare" - C:\WINDOWS\System32\drivers\WsAudio_DeviceS(3).sys

"WsAudio_DeviceS(4)" (WsAudio_DeviceS(4)) - "Wondershare" - C:\WINDOWS\System32\drivers\WsAudio_DeviceS(4).sys

"WsAudio_DeviceS(5)" (WsAudio_DeviceS(5)) - "Wondershare" - C:\WINDOWS\System32\drivers\WsAudio_DeviceS(5).sys
 

[Explorer]

-----( HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components )-----

{89B4C1CD-B018-4511-B0A1-5476DBF70820} "StubPath" - "Microsoft Corporation" - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install

-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----

{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.dll

{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" - ? - C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll

-----( HKLM\Software\Classes\Protocols\Filter )-----

{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll

{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll

{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll

-----( HKLM\Software\Classes\Protocols\Handler )-----

{CF184AD3-CDCB-4168-A3F7-8E447D129300} "CZipHandler Object" - "Hewlett-Packard Company" - C:\Programme\HP\hpcoretech\comp\hpuiprot.dll

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----

{23170F69-40C1-278A-1000-000100020000} "7-Zip Shell Extension" - "Igor Pavlov" - C:\Programme\7-Zip\7-zip.dll

{42071714-76d4-11d1-8b24-00a0c9068ff3} "CPL-Erweiterung für Anzeigeverschiebung" - ? - deskpan.dll  (File not found)

{1CDB2949-8F65-4355-8456-263E7C208A5D} "Desktop Explorer" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvshell.dll

{1E9B04FB-F9E5-4718-997B-B8DA88302A47} "Desktop Explorer Menu" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvshell.dll

{1D2680C9-0E2A-469d-B787-065558BC7D43} "Fusion Cache" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll

{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} "Kontextmenü für die Verschlüsselung" - ? -   (File not found | COM-object registry key not found)

{1E9B04FB-F9E5-4718-997B-B8DA88302A48} "nView Desktop Context Menu" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvshell.dll

{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "OpenOffice.org Column Handler" - ? - C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll

{087B3AE3-E237-4467-B8DB-5A38AB959AC9} "OpenOffice.org Infotip Handler" - ? - C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll

{63542C48-9552-494A-84F7-73AA6A7C99C1} "OpenOffice.org Property Sheet Handler" - ? - C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll

{3B092F0C-7696-40E3-A80F-68D74DA84210} "OpenOffice.org Thumbnail Viewer" - ? - C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll

{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\shlext.dll

{E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} "Shell Icon Handler for Application References" - "Microsoft Corporation" - C:\WINDOWS\system32\dfshim.dll

{764BF0E1-F219-11ce-972D-00AA00A14F56} "Shellerweiterungen für die Dateikomprimierung" - ? -   (File not found | COM-object registry key not found)

{e82a2d71-5b2f-43a0-97b8-81be15854de8} "ShellLink for Application References" - "Microsoft Corporation" - C:\WINDOWS\system32\dfshim.dll
 

[Internet Explorer]

-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----

<binary data> "ITBarLayout" - ? -   (File not found | COM-object registry key not found)

-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----

{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_22" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_22.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} "Java Plug-in 1.6.0_22" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_22.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_22" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_22.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

{CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} "{CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA}" - ? -   (File not found | COM-object registry key not found) / hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0-windows-i586.cab

{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} "{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}" - ? -   (File not found | COM-object registry key not found) / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----

{18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jp2ssv.dll

{E7E6F031-17CE-4C07-BC86-EABFE594F69C} "JQSIEStartDetectorImpl Class" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
 

[Logon]

-----( %AllUsersProfile%\Startmenü\Programme\Autostart )-----

"desktop.ini" - ? - C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\desktop.ini

"phase-6 Reminder.lnk" - "phase-6" - C:\Programme\phase-6\phase-6\reminder\reminder.exe  (Shortcut exists | File exists)

-----( %UserProfile%\Startmenü\Programme\Autostart )-----

"desktop.ini" - ? - C:\Dokumente und Einstellungen\Thorsten\Startmenü\Programme\Autostart\desktop.ini

-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----

"PhonostarTimer" - ? - C:\Programme\phonostar\ps_timer.exe

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----

"Adobe Reader Speed Launcher" - "Adobe Systems Incorporated" - "C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe"

"avgnt" - "Avira GmbH" - "C:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min

"HP Component Manager" - "Hewlett-Packard Company" - "C:\Programme\HP\hpcoretech\hpcmpmgr.exe"

"nwiz" - "NVIDIA Corporation" - nwiz.exe /install

"QuickTime Task" - "Apple Computer, Inc." - "C:\Programme\QuickTime\qttask.exe" -atboottime

"SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe"
 

[Services]

-----( HKLM\SYSTEM\CurrentControlSet\Services )-----

".NET Runtime Optimization Service v2.0.50727_X86" (clr_optimization_v2.0.50727_32) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

"Anwendungsverwaltung" (AppMgmt) - ? - C:\WINDOWS\System32\appmgmts.dll  (File not found)

"ASP.NET-Zustandsdienst" (aspnet_state) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe

"Avira AntiVir Guard" (AntiVirService) - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\avguard.exe

"Avira AntiVir MailGuard" (AntiVirMailService) - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\avmailc.exe

"Avira AntiVir Planer" (AntiVirSchedulerService) - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\sched.exe

"Avira AntiVir WebGuard" (AntiVirWebService) - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\AVWEBGRD.EXE

"AVM FRITZ!web Routing Service" (de_serv) - ? - C:\Programme\Gemeinsame Dateien\AVM\de_serv.exe  (File not found)

"Google Update Service (gupdate1c9d6d7bfc56b0e)" (gupdate1c9d6d7bfc56b0e) - "Google Inc." - C:\Programme\Google\Update\GoogleUpdate.exe

"InstallDriver Table Manager" (IDriverT) - "Macrovision Corporation" - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1150\Intel 32\IDriverT.exe

"Java Quick Starter" (JavaQuickStarterService) - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jqs.exe

"Windows CardSpace" (idsvc) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe

"Windows Presentation Foundation Font Cache 3.0.0.0" (FontCache3.0.0.0) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
 

[Winlogon]

-----( HKCU\Control Panel\IOProcs )-----

"MVB" - ? - mvfs32.dll  (File not found)

-----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions )-----

{c6dc5466-785a-11d2-84d0-00c04fb169f7} "Softwareinstallation" - ? - appmgmts.dll  (File not found)
 

[Winsock Providers]

-----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries )-----

"AVSDA" - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\avsda.dll
 

===[ Logfile end ]=========================================[ Logfile end ]===

--- --- ---

If You have questions or want to get some help, You can visit Online Solutions :: Index

Gruß Thorsten

Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SASW und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!

So, hier noch mal das Log von Malwarebytes:

Malwarebytes' Anti-Malware 1.46
Malwarebytes

Datenbank Version: 5140

Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512

18.11.2010 00:00:22
mbam-log-2010-11-18 (00-00-22).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|E:\|F:\|)
Durchsuchte Objekte: 238200
Laufzeit: 55 Minute(n), 58 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)

und das von SUPERAntiSpyware:

SUPERAntiSpyware Scann-Protokoll
SUPERAntiSpyware.com | Remove Malware | Remove Spyware - AntiMalware, AntiSpyware, AntiAdware!

Generiert 11/18/2010 bei 01:35 AM

Version der Applikation : 4.45.1000

Version der Kern-Datenbank : 5877
Version der Spur-Datenbank : 3689

Scan Art : kompletter Scann
Totale Scann-Zeit : 01:22:35

Gescannte Speicherelemente : 498
Erfasste Speicher-Bedrohungen : 0
Gescannte Register-Elemente : 5708
Erfasste Register-Bedrohungen : 0
Gescannte Datei-Elemente : 76735
Erfasste Datei-Elemente : 0

Nichts mehr gefunden - You did a good job!!!

Gruß
Thorsten

Noch Probleme offen?

Nein, nichts mehr!

Ganz vielen Dank für Deine Hilfe!

Nette Grüße
Thorsten

Dann wären wir durch! :abklatsch:

Bitte abschließend die Updates prüfen, unten mein Leitfaden dazu.
Für noch mehr Sicherheit solltest Du nach der beseitigten Infektion auch möglichst alle Passwörter ändern.

Microsoftupdate

Windows XP: Besuch mit dem IE die MS-Updateseite und lass Dir alle wichtigen Updates installieren.

Windows Vista/7: Anleitung Windows-Update

PDF-Reader aktualisieren
Dein Adobe Reader ist nicht aktuell, was ein großes Sicherheitsrisiko darstellt. Du solltest daher besser die alte Version über Systemsteuerung => Software deinstallieren, indem Du dort auf "Adobe Reader x.0" klickst und das Programm entfernst.

Ich empfehle einen alternativen PDF-Reader wie SumatraPDF oder Foxit PDF Reader, beide sind sehr viel schlanker und flotter als der AdobeReader.

Bitte überprüf bei der Gelegenheit auch die Aktualität des Flashplayers, hier der direkte Downloadlink => http://filepony.de/?q=Flash+Player

Java-Update
Veraltete Java-Installationen sind ein Sicherheitsrisiko, daher solltest Du die alten Versionen löschen (falls vorhanden, am besten mit JavaRa) und auf die neuste aktualisieren. Beende dazu alle Programme (v.a. die Browser), klick danach auf Start, Systemsteuerung, Software und deinstalliere darüber alle aufgelisteten Java-Versionen. Lad Dir danach von hier das aktuelle Java SE Runtime Environment (JRE) herunter und installiere es.