Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Trojaner TR/ATRAPS.Gen (https://www.trojaner-board.de/95228-trojaner-tr-atraps-gen.html)

Marcel121 30.01.2011 19:47
Trojaner TR/ATRAPS.Gen
 
Hi,
ich bekomme seit gerade ständig von AntiVir o.g. Trojaner angezeigt.

Immer wenn ich eine neue Internetseite aufrufe z.B.


Was soll ich tun? :(


Hoffe auf schnelle Hilfe,

Marcel

Kann mir niemand helfen?
Der Fund wird bestimmt 10 Mal hintereinander angezeigt, geht dann weg, aber sobald ich wieder eine neue Seite aufrufe erscheint er wieder.

Was muss ich machen, um den wieder los zu werden? :(

cosinus 30.01.2011 21:18
Poste alle relevanten Logs von AntiVir.

Marcel121 30.01.2011 21:29
HiJackthis Logfile:
Code:
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 20:56:07, on 30.01.2011
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
D:\Programme\Avira\AntiVir Desktop\sched.exe
D:\Programme\Avira\AntiVir Desktop\avguard.exe
C:\Programme\Bonjour\mDNSResponder.exe
C:\Programme\Google\Update\GoogleUpdate.exe
C:\Programme\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\Mixer.exe
C:\WINDOWS\system32\RUNDLL32.EXE
D:\Programme\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\rundll32.exe
D:\Programme\CursorXP\CursorXP.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Dokumente und Einstellungen\Administrator\Desktop\Downloads\HiJa ckThis204.exe
C:\Programme\Mozilla Firefox\firefox.exe
C:\Programme\Mozilla Firefox\plugin-container.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = QIP.RU: ?????, ?????, ???????, ??????????, ???? ? ???????????
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = QIP: ????? ? ?????????
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = QIP: ????? ? ?????????
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = QIP: ????? ? ?????????
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = QIP: ????? ? ?????????
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local
R3 - URLSearchHook: QIPBHO Class - {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Micros oft\Internet Explorer\qipsearchbar.dll
R3 - URLSearchHook: (no name) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file)
R3 - URLSearchHook: (no name) - - (no file)
F2 - REG:system.ini: Shell=explorer.exe
O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - d:\Programme\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: QIPBHO - {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Micros oft\Internet Explorer\qipsearchbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.1.1309 .3572\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugi n.dll
O3 - Toolbar: (no name) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file)
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [razertra] d:\Programme\Razer\razertra.exe
O4 - HKLM\..\Run: [avgnt] "D:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [userMobileusb] rundll32.exe "C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\CatDBnet90\userMobil eusb.dll",usrGLclass DirectCommonLite
O4 - HKCU\..\Run: [CursorXP] D:\Programme\CursorXP\CursorXP.exe
O4 - HKCU\..\RunOnce: [ICQ Lite] D:\Programme\ICQLite\ICQLite.exe -trayboot
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\DVDVid eoSoftIEHelpers\youtubetomp3.htm
O9 - Extra button: Knowledge Base Suche - {8b2d996f-b7d1-4961-a929-414d9cf5ba7b} - hxxp://support.microsoft.com/default...;EN-US;KBHOWTO (file missing)
O9 - Extra 'Tools' menuitem: Knowledge Base Suche - {8b2d996f-b7d1-4961-a929-414d9cf5ba7b} - hxxp://support.microsoft.com/default...;EN-US;KBHOWTO (file missing)
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - D:\Programme\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - D:\Programme\ICQLite\ICQLite.exe
O15 - Trusted Zone: *.line6.net
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file://C:\Programme\Monopoly\Images\stg_drm.ocx
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - hxxp://messenger.zone.msn.com/binary...r.cab56986.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - hxxp://messenger.zone.msn.com/binary...n.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - hxxp://messenger.zone.msn.com/DE-DE/.../GAME_UNO1.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - hxxp://messenger.zone.msn.com/binary...o.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - hxxp://messenger.zone.msn.com/binary...t.cab56907.cab
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file://C:\Programme\Monopoly\Images\armhelper.ocx
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/pu...sh/swflash.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - hxxp://messenger.zone.msn.com/binary...r.cab56986.cab
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - D:\Programme\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - D:\Programme\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Dienst "Bonjour" (Bonjour Service) - Apple Inc. - C:\Programme\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Programme\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programme\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

--
End of file - 8020 bytes
--- --- ---

cosinus 30.01.2011 21:36
Hijackthis interessiert micht nicht.

Marcel121 30.01.2011 21:39
Sorry, das tut mir leid.

Wie bekomme ich denn den Log aus AntiVir?

cosinus 30.01.2011 21:40
Aus dem Programm heraus unter Berichte.

Marcel121 30.01.2011 21:42
Da stehen nur die Updates, und der Scan vom 07.01..

Muss ich also erstmal einen kompletten Scan durchführen?

cosinus 31.01.2011 10:35
Schau doch bitte einfach mal alles durch! Was steht bei Ereignisse?
Irgendwo müssen die Logs da sein!

Marcel121 31.01.2011 16:28
So, habe vorhin einen AntiVir Scan im abgesichterten Modus gemacht.
Er hatte 2 Funde, welche ich dann am Ende "repariert" habe - nun wird die "Fundmeldung" nicht mehr bei jedem Seitenwechsel, also gar nicht mehr angezeigt.

Hier der zugehörige Log:

Zitat:
Avira AntiVir Personal
Erstellungsdatum der Reportdatei: Montag, 31. Januar 2011 13:54

Es wird nach 2435637 Virenstämmen gesucht.

Lizenznehmer : Avira AntiVir Personal - FREE Antivirus
Seriennummer : 0000149996-ADJIE-0000001
Plattform : Windows XP
Windowsversion : (Service Pack 2) [5.1.2600]
Boot Modus : Abgesicherter Modus
Benutzername : Administrator
Computername : WINDOWSPC

Versionsinformationen:
BUILD.DAT : 9.0.0.429 21701 Bytes 06.10.2010 09:59:00
AVSCAN.EXE : 9.0.3.10 466689 Bytes 19.11.2009 16:47:48
AVSCAN.DLL : 9.0.3.0 49409 Bytes 13.02.2009 11:04:10
LUKE.DLL : 9.0.3.2 209665 Bytes 20.02.2009 10:35:44
LUKERES.DLL : 9.0.2.0 13569 Bytes 26.01.2009 09:41:59
VBASE000.VDF : 7.10.0.0 19875328 Bytes 06.11.2009 16:47:48
VBASE001.VDF : 7.11.0.0 13342208 Bytes 14.12.2010 17:12:10
VBASE002.VDF : 7.11.0.1 2048 Bytes 14.12.2010 17:12:10
VBASE003.VDF : 7.11.0.2 2048 Bytes 14.12.2010 17:12:10
VBASE004.VDF : 7.11.0.3 2048 Bytes 14.12.2010 17:12:10
VBASE005.VDF : 7.11.0.4 2048 Bytes 14.12.2010 17:12:10
VBASE006.VDF : 7.11.0.5 2048 Bytes 14.12.2010 17:12:10
VBASE007.VDF : 7.11.0.6 2048 Bytes 14.12.2010 17:12:10
VBASE008.VDF : 7.11.0.7 2048 Bytes 14.12.2010 17:12:10
VBASE009.VDF : 7.11.0.8 2048 Bytes 14.12.2010 17:12:10
VBASE010.VDF : 7.11.0.9 2048 Bytes 14.12.2010 17:12:10
VBASE011.VDF : 7.11.0.10 2048 Bytes 14.12.2010 17:12:10
VBASE012.VDF : 7.11.0.11 2048 Bytes 14.12.2010 17:12:10
VBASE013.VDF : 7.11.0.52 128000 Bytes 16.12.2010 17:12:00
VBASE014.VDF : 7.11.0.91 226816 Bytes 20.12.2010 18:01:21
VBASE015.VDF : 7.11.0.122 136192 Bytes 21.12.2010 18:01:22
VBASE016.VDF : 7.11.0.156 122880 Bytes 24.12.2010 18:01:26
VBASE017.VDF : 7.11.0.185 146944 Bytes 27.12.2010 18:01:31
VBASE018.VDF : 7.11.0.228 132608 Bytes 30.12.2010 18:01:43
VBASE019.VDF : 7.11.1.5 148480 Bytes 03.01.2011 18:01:47
VBASE020.VDF : 7.11.1.37 156672 Bytes 07.01.2011 18:01:57
VBASE021.VDF : 7.11.1.65 140800 Bytes 10.01.2011 18:02:00
VBASE022.VDF : 7.11.1.87 225280 Bytes 11.01.2011 18:01:58
VBASE023.VDF : 7.11.1.124 125440 Bytes 14.01.2011 18:02:00
VBASE024.VDF : 7.11.1.155 132096 Bytes 17.01.2011 18:02:07
VBASE025.VDF : 7.11.1.189 451072 Bytes 20.01.2011 18:05:25
VBASE026.VDF : 7.11.1.230 138752 Bytes 24.01.2011 18:02:18
VBASE027.VDF : 7.11.2.12 164352 Bytes 27.01.2011 18:02:21
VBASE028.VDF : 7.11.2.13 2048 Bytes 27.01.2011 18:02:21
VBASE029.VDF : 7.11.2.14 2048 Bytes 27.01.2011 18:02:21
VBASE030.VDF : 7.11.2.15 2048 Bytes 27.01.2011 18:02:21
VBASE031.VDF : 7.11.2.31 71168 Bytes 28.01.2011 18:02:24
Engineversion : 8.2.4.158
AEVDF.DLL : 8.1.2.1 106868 Bytes 29.07.2010 19:09:24
AESCRIPT.DLL : 8.1.3.53 1282427 Bytes 30.01.2011 18:03:18
AESCN.DLL : 8.1.7.2 127349 Bytes 22.11.2010 17:13:26
AESBX.DLL : 8.1.3.2 254324 Bytes 22.11.2010 17:13:45
AERDL.DLL : 8.1.9.2 635252 Bytes 21.09.2010 16:09:03
AEPACK.DLL : 8.2.4.9 512374 Bytes 30.01.2011 18:03:16
AEOFFICE.DLL : 8.1.1.16 205179 Bytes 30.01.2011 18:03:15
AEHEUR.DLL : 8.1.2.70 3191159 Bytes 30.01.2011 18:03:14
AEHELP.DLL : 8.1.16.0 246136 Bytes 02.12.2010 17:15:35
AEGEN.DLL : 8.1.5.2 397683 Bytes 20.01.2011 18:05:33
AEEMU.DLL : 8.1.3.0 393589 Bytes 22.11.2010 17:12:51
AECORE.DLL : 8.1.19.2 196983 Bytes 20.01.2011 18:05:28
AEBB.DLL : 8.1.1.0 53618 Bytes 23.04.2010 15:01:20
AVWINLL.DLL : 9.0.0.3 18177 Bytes 12.12.2008 07:47:56
AVPREF.DLL : 9.0.3.0 44289 Bytes 09.09.2009 12:39:57
AVREP.DLL : 8.0.0.7 159784 Bytes 18.02.2010 15:32:15
AVREG.DLL : 9.0.0.0 36609 Bytes 07.11.2008 14:25:04
AVARKT.DLL : 9.0.0.3 292609 Bytes 24.03.2009 14:05:37
AVEVTLOG.DLL : 9.0.0.7 167169 Bytes 30.01.2009 09:37:04
SQLITE3.DLL : 3.6.1.0 326401 Bytes 28.01.2009 14:03:49
SMTPLIB.DLL : 9.2.0.25 28417 Bytes 02.02.2009 07:21:28
NETNT.DLL : 9.0.0.0 11521 Bytes 07.11.2008 14:41:21
RCIMAGE.DLL : 9.0.0.25 2438913 Bytes 09.06.2009 15:25:51
RCTEXT.DLL : 9.0.73.0 87297 Bytes 19.11.2009 16:47:46

Konfiguration für den aktuellen Suchlauf:
Job Name..............................: Vollständige Systemprüfung
Konfigurationsdatei...................: d:\programme\avira\antivir desktop\sysscan.avp
Protokollierung.......................: niedrig
Primäre Aktion........................: interaktiv
Sekundäre Aktion......................: ignorieren
Durchsuche Masterbootsektoren.........: ein
Durchsuche Bootsektoren...............: ein
Bootsektoren..........................: C:, D:,
Durchsuche aktive Programme...........: ein
Durchsuche Registrierung..............: ein
Suche nach Rootkits...................: ein
Integritätsprüfung von Systemdateien..: aus
Datei Suchmodus.......................: Alle Dateien
Durchsuche Archive....................: ein
Rekursionstiefe einschränken..........: 20
Archiv Smart Extensions...............: ein
Makrovirenheuristik...................: ein
Dateiheuristik........................: mittel

Beginn des Suchlaufs: Montag, 31. Januar 2011 13:54

Der Suchlauf nach versteckten Objekten wird begonnen.
Der Treiber konnte nicht initialisiert werden.

Der Suchlauf über gestartete Prozesse wird begonnen:
Durchsuche Prozess 'avscan.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'avcenter.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'explorer.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'lsass.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'services.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'winlogon.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'csrss.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'smss.exe' - '1' Modul(e) wurden durchsucht
Es wurden '11' Prozesse mit '11' Modulen durchsucht

Der Suchlauf über die Masterbootsektoren wird begonnen:
Masterbootsektor HD0
[INFO] Es wurde kein Virus gefunden!

Der Suchlauf über die Bootsektoren wird begonnen:
Bootsektor 'C:\'
[INFO] Es wurde kein Virus gefunden!
Bootsektor 'D:\'
[INFO] Es wurde kein Virus gefunden!

Der Suchlauf auf Verweise zu ausführbaren Dateien (Registry) wird begonnen:
Die Registry wurde durchsucht ( '46' Dateien ).


Der Suchlauf über die ausgewählten Dateien wird begonnen:

Beginne mit der Suche in 'C:\' <Windows XP Prof m SP 2>
C:\pagefile.sys
[WARNUNG] Die Datei konnte nicht geöffnet werden!
[HINWEIS] Bei dieser Datei handelt es sich um eine Windows Systemdatei.
[HINWEIS] Es ist in Ordnung, dass diese Datei für die Suche nicht geöffnet werden kann.
C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\38\706b3426-6553d7bb
[0] Archivtyp: ZIP
--> bpac/a.class
[FUND] Enthält Erkennungsmuster des Java-Virus JAVA/OpenConnect.CF
C:\Dokumente und Einstellungen\Administrator\Desktop\Downloads\OOo_3.2.1_Win_x86_install_de.exe
[0] Archivtyp: NSIS
--> a
[1] Archivtyp: CAB (Microsoft)
--> testtar.tar
[2] Archivtyp: TAR (tape archiver)
[WARNUNG] Interner Fehler!
C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\CatDBnet90\userMobileusb.dll
[FUND] Ist das Trojanische Pferd TR/ATRAPS.Gen
C:\WINDOWS\system32\drivers\sptd.sys
[WARNUNG] Die Datei konnte nicht geöffnet werden!
C:\WINDOWS\system32\drivers\vaxscsi.sys
[WARNUNG] Die Datei konnte nicht geöffnet werden!
Beginne mit der Suche in 'D:\' <Daten>
D:\Dokumente und Einstellungen\Administrator\Desktop\OpenOffice.org 3.2 (de) Installation Files\openofficeorg1.cab
[0] Archivtyp: CAB (Microsoft)
--> testtar.tar
[1] Archivtyp: TAR (tape archiver)
[WARNUNG] Interner Fehler!
D:\Programme\OpenOffice.org 3\Basis\program\python-core-2.6.1\lib\test\testtar.tar
[WARNUNG] Interner Fehler!
[WARNUNG] Interner Fehler!

Beginne mit der Desinfektion:
C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\38\706b3426-6553d7bb
[HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '4d7cd3b2.qua' verschoben!
C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\CatDBnet90\userMobileusb.dll
[FUND] Ist das Trojanische Pferd TR/ATRAPS.Gen
[HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '4dabd3f6.qua' verschoben!


Ende des Suchlaufs: Montag, 31. Januar 2011 16:21
Benötigte Zeit: 1:38:52 Stunde(n)

Der Suchlauf wurde vollständig durchgeführt.

7751 Verzeichnisse wurden überprüft
590573 Dateien wurden geprüft
2 Viren bzw. unerwünschte Programme wurden gefunden
0 Dateien wurden als verdächtig eingestuft
0 Dateien wurden gelöscht
0 Viren bzw. unerwünschte Programme wurden repariert
2 Dateien wurden in die Quarantäne verschoben
0 Dateien wurden umbenannt
3 Dateien konnten nicht durchsucht werden
590568 Dateien ohne Befall
3924 Archive wurden durchsucht
6 Warnungen
3 Hinweise

cosinus 31.01.2011 19:07
Sieht eher halb so wild aus.


Bitte routinemäßig einen Vollscan mit malwarebytes machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!

Danach OTL:

Systemscan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles hier in den Thread.

Marcel121 31.01.2011 20:27
Hier die Logs:
Zitat:
Malwarebytes' Anti-Malware 1.50.1.1100
Malwarebytes

Datenbank Version: 5649

Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180

31.01.2011 20:14:37
mbam-log-2011-01-31 (20-14-37).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 244705
Laufzeit: 52 Minute(n), 0 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 2
Infizierte Registrierungswerte: 1
Infizierte Dateiobjekte der Registrierung: 4
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{055FD26D-3A88-4e15-963D-DC8493744B1D} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{055FD26D-3A88-4e15-963D-DC8493744B1D} (Trojan.BHO) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\ForceClassicControlPanel (Hijack.ControlPanelStyle) -> Value: ForceClassicControlPanel -> Quarantined and deleted successfully.

Infizierte Dateiobjekte der Registrierung:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowHelp (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell (Hijack.Shell) -> Bad: (explorer.exe ) Good: (Explorer.exe) -> Quarantined and deleted successfully.

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
OTL Logfile:
Code:
OTL logfile created on: 31.01.2011 20:20:39 - Run 1
OTL by OldTimer - Version 3.2.20.6    Folder = C:\Dokumente und Einstellungen\Administrator\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1.023,00 Mb Total Physical Memory | 579,00 Mb Available Physical Memory | 57,00% Memory free
1,00 Gb Paging File | 1,00 Gb Available in Paging File | 71,00% Paging File free
Paging file location(s): C:\pagefile.sys 384 768 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 19,53 Gb Total Space | 7,80 Gb Free Space | 39,96% Space Free | Partition Type: NTFS
Drive D: | 57,15 Gb Total Space | 24,05 Gb Free Space | 42,09% Space Free | Partition Type: NTFS
 
Computer Name: WINDOWSPC | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Dokumente und Einstellungen\Administrator\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - D:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - D:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - D:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - D:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH)
PRC - C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe (Rocket Division Software)
PRC - D:\Programme\CursorXP\CursorXP.exe ( )
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\WINDOWS\mixer.exe (C-Media Electronic Inc. (C-Media Electronics, Inc.))
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Dokumente und Einstellungen\Administrator\Desktop\OTL.exe (OldTimer Tools)
MOD - D:\Programme\CursorXP\CurXP0.dll ( )
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (AntiVirSchedulerService) -- D:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (AntiVirService) -- D:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (FLEXnet Licensing Service) -- C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (StarWindService) -- C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe (Rocket Division Software)
SRV - (WmcCds) Windows Media Connect (WMC) -- c:\Programme\Windows Media Connect\mswmccds.exe (Microsoft Corporation)
SRV - (WmcCdsLs) -- C:\Programme\Windows Media Connect\mswmcls.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH)
DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (sptd) -- C:\WINDOWS\System32\Drivers\sptd.sys ()
DRV - (FsUsbExDisk) -- C:\WINDOWS\system32\FsUsbExDisk.Sys ()
DRV - (avgio) -- D:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (timounter) -- C:\WINDOWS\system32\DRIVERS\timntr.sys (Acronis)
DRV - (tifsfilter) -- C:\WINDOWS\system32\drivers\tifsfilt.sys (Acronis)
DRV - (RT73) -- C:\WINDOWS\system32\drivers\rt73.sys (Ralink Technology, Corp.)
DRV - (vaxscsi) -- C:\WINDOWS\System32\Drivers\vaxscsi.sys ()
DRV - (SynasUSB) -- C:\WINDOWS\system32\drivers\synasUSB.sys (SIA Syncrosoft)
DRV - (CLEDX) -- C:\WINDOWS\system32\drivers\cledx.sys (Team H2O)
DRV - (viaagp1) -- C:\WINDOWS\system32\DRIVERS\viaagp1.sys (VIA Technologies, Inc.)
DRV - (nvmpu401) Service for NVIDIA(R) nForce(TM) -- C:\WINDOWS\system32\drivers\nvmpu401.sys (NVIDIA Corporation)
DRV - (ViaIde) -- C:\WINDOWS\system32\DRIVERS\viaidexp.sys (VIA Technologies, Inc.)
DRV - (gameenum) -- C:\WINDOWS\system32\drivers\gameenum.sys (Microsoft Corporation)
DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation)
DRV - (PRISM_USB) -- C:\WINDOWS\system32\drivers\PRISMUSB.sys (Intersil Americas Inc.)
DRV - (cmpci) C-Media PCI Audio Driver (WDM) -- C:\WINDOWS\system32\drivers\cmaudio.sys (C-Media Inc)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = QIP.RU: ?????, ?????, ???????, ??????????, ???? ? ???????????
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Microsoft\Internet Explorer\qipsearchbar.dll (qip.ru)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "QIP Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "www.gmx.de"
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..keyword.URL: "hxxp://search.qip.ru/search?from=FF&query="
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Programme\Mozilla Firefox\components [2010.12.24 10:19:52 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2010.12.13 14:25:16 | 000,000,000 | ---D | M]
 
[2008.08.28 16:29:25 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Extensions
[2011.01.30 21:01:29 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\ryeahwqi.default\extensions
[2010.06.07 14:08:00 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\ryeahwqi.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2010.12.25 12:05:53 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\ryeahwqi.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2011.01.30 21:01:29 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2008.12.04 12:02:04 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAMME\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2010.03.11 22:48:09 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.03.11 22:48:09 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.03.11 22:48:09 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.03.11 22:48:09 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.03.11 22:48:09 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2011.01.07 10:47:57 | 000,428,597 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O1 - Hosts: 127.0.0.1        007guard.com - 007guard and Free Antivirus
O1 - Hosts: 127.0.0.1        007guard.com
O1 - Hosts: 127.0.0.1        008i.com
O1 - Hosts: 127.0.0.1        008k.com
O1 - Hosts: 127.0.0.1        008k.com
O1 - Hosts: 127.0.0.1        00hq.com
O1 - Hosts: 127.0.0.1        00hq.com
O1 - Hosts: 127.0.0.1        010402.com
O1 - Hosts: 127.0.0.1        www.032439.com
O1 - Hosts: 127.0.0.1        032439.com
O1 - Hosts: 127.0.0.1        unzip vim 1000 zip files at 0scan.com
O1 - Hosts: 127.0.0.1        0scan.com
O1 - Hosts: 127.0.0.1        1000gratisproben.com
O1 - Hosts: 127.0.0.1        www.1000gratisproben.com
O1 - Hosts: 127.0.0.1        1001namen.com
O1 - Hosts: 127.0.0.1        1001namen.com
O1 - Hosts: 127.0.0.1        100888290cs.com
O1 - Hosts: 127.0.0.1        www.100888290cs.com
O1 - Hosts: 127.0.0.1        100sexlinks.com
O1 - Hosts: 127.0.0.1        100sexlinks.com
O1 - Hosts: 127.0.0.1        10sek.com
O1 - Hosts: 127.0.0.1        10sek.com
O1 - Hosts: 127.0.0.1        www.1-2005-search.com
O1 - Hosts: 127.0.0.1        1-2005-search.com
O1 - Hosts: 14756 more lines...
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - d:\Programme\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx ()
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (QIPBHO Class) - {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Microsoft\Internet Explorer\qipsearchbar.dll (qip.ru)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (no name) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - No CLSID value found.
O4 - HKLM..\Run: [avgnt] D:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [C-Media Mixer] C:\WINDOWS\mixer.exe (C-Media Electronic Inc. (C-Media Electronics, Inc.))
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe (NVIDIA Corporation)
O4 - HKLM..\Run: [razertra] d:\Programme\Razer\razertra.exe (Razer Inc.)
O4 - HKCU..\Run: [CursorXP] D:\Programme\CursorXP\CursorXP.exe ( )
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 128
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 0
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\DVDVideoSoftIEHelpers\youtubetomp3.htm ()
O9 - Extra Button: Knowledge Base Suche - {8b2d996f-b7d1-4961-a929-414d9cf5ba7b} -  File not found
O9 - Extra 'Tools' menuitem : Knowledge Base Suche - {8b2d996f-b7d1-4961-a929-414d9cf5ba7b} -  File not found
O9 - Extra Button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - D:\Programme\ICQLite\ICQLite.exe (ICQ Ltd.)
O9 - Extra 'Tools' menuitem : ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - D:\Programme\ICQLite\ICQLite.exe (ICQ Ltd.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: line6.net ([]* in Vertrauenswürdige Sites)
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} file://C:\Programme\Monopoly\Images\stg_drm.ocx (SpinTop DRM Control)
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} hxxp://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab (Checkers Class)
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} hxxp://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab (Solitaire Showdown Class)
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} hxxp://messenger.zone.msn.com/DE-DE/a-UNO1/GAME_UNO1.cab (UnoCtrl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} hxxp://messenger.zone.msn.com/binary/ZIntro.cab56649.cab (MSN Games - Installer)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0013-0001-0003-ABCDEFFEDCBA} hxxp://java.sun.com/products/plugin/1.3.1/jinstall-131_03-win.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} file://C:\Programme\Monopoly\Images\armhelper.ocx (ArmHelper Control)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} hxxp://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab (Minesweeper Flags Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007.07.08 10:46:01 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{4aa0d180-3253-11dc-8471-000d88746eb8}\Shell - "" = AutoRun
O33 - MountPoints2\{4aa0d180-3253-11dc-8471-000d88746eb8}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{4aa0d180-3253-11dc-8471-000d88746eb8}\Shell\AutoRun\command - "" = G:\Autorun.exe
O33 - MountPoints2\{89a9707c-c10b-11dc-85f2-000d88746eb8}\Shell - "" = AutoRun
O33 - MountPoints2\{89a9707c-c10b-11dc-85f2-000d88746eb8}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{89a9707c-c10b-11dc-85f2-000d88746eb8}\Shell\AutoRun\command - "" = G:\Autorun.exe
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.01.31 20:19:31 | 000,602,624 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Administrator\Desktop\OTL.exe
[2011.01.31 19:20:21 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Malwarebytes
[2011.01.31 19:20:12 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011.01.31 19:20:12 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Malwarebytes' Anti-Malware
[2011.01.31 19:20:09 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
[2011.01.31 19:20:06 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011.01.31 18:13:04 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Avira
[2011.01.31 17:28:23 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\Administrator\Recent
[2011.01.31 17:03:11 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Startmenü\Programme\Free Registry Cleaner
[2011.01.30 11:33:25 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Desktop\Bio
[2011.01.23 22:30:19 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2011.01.23 22:26:50 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\OpenOffice.org
[2011.01.23 22:26:08 | 000,000,000 | --SD | C] -- C:\Dokumente und Einstellungen\Administrator\Startmenü\Programme\OpenOffice.org 3.2
[2011.01.23 22:21:42 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011.01.07 10:38:31 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData
[2011.01.07 10:04:26 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SecTaskMan
[2008.07.06 20:17:11 | 000,047,360 | ---- | C] (VSO Software) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\pcouffin.sys
[7 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011.01.31 20:19:32 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Administrator\Desktop\OTL.exe
[2011.01.31 20:16:28 | 000,001,044 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2011.01.31 20:16:10 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011.01.31 20:16:07 | 1073,270,784 | -HS- | M] () -- C:\hiberfil.sys
[2011.01.31 17:13:06 | 000,005,462 | ---- | M] () -- D:\Eigene Dateien\cc_20110131_171303.reg
[2011.01.30 22:05:29 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2011.01.30 20:38:38 | 000,007,490 | ---- | M] () -- D:\Eigene Dateien\cc_20110130_203836.reg
[2011.01.30 09:26:24 | 000,001,104 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Weight.rtf
[2011.01.29 10:29:59 | 000,008,305 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Easy Rider.odt
[2011.01.25 12:50:58 | 000,002,278 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011.01.24 12:14:44 | 001,464,560 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011.01.23 11:16:00 | 000,000,617 | ---- | M] () -- D:\Eigene Dateien\pop.gmx.net.iaf
[2011.01.15 21:18:48 | 000,000,532 | ---- | M] () -- D:\Eigene Dateien\cc_20110115_211847.reg
[2011.01.15 21:18:37 | 000,000,684 | ---- | M] () -- D:\Eigene Dateien\cc_20110115_211833.reg
[2011.01.15 21:18:23 | 000,022,182 | ---- | M] () -- D:\Eigene Dateien\cc_20110115_211813.reg
[2011.01.13 16:24:19 | 000,000,417 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\1234.rtf
[2011.01.07 10:47:57 | 000,428,597 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011.01.07 10:17:39 | 000,236,374 | ---- | M] () -- D:\Eigene Dateien\cc_20110107_101719.reg
[2011.01.07 10:15:28 | 000,000,561 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\CCleaner.lnk
[7 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011.01.31 17:13:05 | 000,005,462 | ---- | C] () -- D:\Eigene Dateien\cc_20110131_171303.reg
[2011.01.31 16:23:19 | 1073,270,784 | -HS- | C] () -- C:\hiberfil.sys
[2011.01.30 20:38:37 | 000,007,490 | ---- | C] () -- D:\Eigene Dateien\cc_20110130_203836.reg
[2011.01.23 11:16:00 | 000,000,617 | ---- | C] () -- D:\Eigene Dateien\pop.gmx.net.iaf
[2011.01.15 21:18:47 | 000,000,532 | ---- | C] () -- D:\Eigene Dateien\cc_20110115_211847.reg
[2011.01.15 21:18:36 | 000,000,684 | ---- | C] () -- D:\Eigene Dateien\cc_20110115_211833.reg
[2011.01.15 21:18:16 | 000,022,182 | ---- | C] () -- D:\Eigene Dateien\cc_20110115_211813.reg
[2011.01.12 13:58:18 | 000,000,417 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\1234.rtf
[2011.01.11 13:45:19 | 000,008,305 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Easy Rider.odt
[2011.01.07 10:17:22 | 000,236,374 | ---- | C] () -- D:\Eigene Dateien\cc_20110107_101719.reg
[2010.08.16 15:16:54 | 000,598,016 | ---- | C] () -- C:\WINDOWS\System32\viscomqtde.dll
[2010.07.31 17:10:00 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDevice.Dll
[2010.07.31 17:10:00 | 000,036,608 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDisk.Sys
[2010.01.21 19:42:14 | 000,000,022 | ---- | C] () -- C:\WINDOWS\CMAURACK.INI
[2010.01.21 19:42:05 | 000,000,027 | ---- | C] () -- C:\WINDOWS\CMCDPLAY.INI
[2010.01.21 17:50:58 | 000,000,036 | ---- | C] () -- C:\WINDOWS\CMMPLAY.INI
[2009.09.05 16:59:19 | 000,076,407 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Smiley.ico
[2009.04.02 18:38:48 | 000,000,000 | -HS- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\dip.ini
[2009.01.02 01:32:04 | 000,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI
[2008.10.31 15:32:00 | 000,000,028 | ---- | C] () -- C:\WINDOWS\Robota.INI
[2008.10.31 15:30:19 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\mgxasio2.dll
[2008.10.31 15:29:07 | 000,120,200 | ---- | C] () -- C:\WINDOWS\System32\DLLDEV32i.dll
[2008.10.31 15:28:24 | 000,007,119 | ---- | C] () -- C:\WINDOWS\mgxoschk.ini
[2008.07.29 12:47:40 | 000,000,000 | ---- | C] () -- C:\WINDOWS\odbcddp.ini
[2008.07.22 22:55:56 | 000,262,144 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[2008.07.06 20:20:11 | 000,000,668 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\vso_ts_preview.xml
[2008.07.06 20:19:57 | 000,087,608 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\inst.exe
[2008.07.06 20:17:17 | 000,000,034 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\pcouffin.log
[2008.07.06 20:17:11 | 000,081,920 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\ezpinst.exe
[2008.07.06 20:17:11 | 000,007,887 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\pcouffin.cat
[2008.07.06 20:17:11 | 000,001,144 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\pcouffin.inf
[2008.06.14 13:25:03 | 000,069,632 | R--- | C] () -- C:\WINDOWS\System32\xmltok.dll
[2008.06.14 13:25:02 | 000,036,864 | R--- | C] () -- C:\WINDOWS\System32\xmlparse.dll
[2007.12.03 20:44:36 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2007.11.20 20:20:32 | 000,000,952 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2007.10.25 16:26:10 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2007.09.20 11:27:16 | 003,190,784 | ---- | C] () -- C:\WINDOWS\System32\libavcodec.dll
[2007.09.20 11:27:16 | 000,741,376 | ---- | C] () -- C:\WINDOWS\System32\audxlib.dll
[2007.09.20 11:27:16 | 000,662,016 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2007.09.20 11:27:16 | 000,511,488 | ---- | C] () -- C:\WINDOWS\System32\ff_x264.dll
[2007.09.20 11:27:16 | 000,405,504 | ---- | C] () -- C:\WINDOWS\System32\libmplayer.dll
[2007.09.20 11:27:16 | 000,245,760 | ---- | C] () -- C:\WINDOWS\System32\ff_libfaad2.dll
[2007.09.20 11:27:16 | 000,221,184 | ---- | C] () -- C:\WINDOWS\System32\ff_kernelDeint.dll
[2007.09.20 11:27:16 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\TomsMoComp_ff.dll
[2007.09.20 11:27:16 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\ff_libdts.dll
[2007.09.20 11:27:16 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\ff_theora.dll
[2007.09.20 11:27:16 | 000,122,880 | ---- | C] () -- C:\WINDOWS\System32\ff_samplerate.dll
[2007.09.20 11:27:16 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\ff_libmad.dll
[2007.09.20 11:27:16 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\libmpeg2_ff.dll
[2007.09.20 11:27:16 | 000,097,280 | ---- | C] () -- C:\WINDOWS\System32\ff_realaac.dll
[2007.09.20 11:27:16 | 000,079,872 | ---- | C] () -- C:\WINDOWS\System32\ff_tremor.dll
[2007.09.20 11:27:16 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\ff_liba52.dll
[2007.09.20 11:27:16 | 000,038,400 | ---- | C] () -- C:\WINDOWS\System32\ff_unrar.dll
[2007.09.20 11:27:16 | 000,026,624 | ---- | C] () -- C:\WINDOWS\System32\ff_wmv9.dll
[2007.09.20 11:27:16 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2007.09.08 14:02:58 | 000,000,730 | ---- | C] () -- C:\WINDOWS\KLETT.INI
[2007.09.08 14:02:54 | 000,005,557 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007.08.25 09:02:01 | 000,000,032 | ---- | C] () -- C:\WINDOWS\CD_Start.INI
[2007.07.29 13:45:47 | 000,002,528 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\$_hpcst$.hpc
[2007.07.18 19:19:42 | 000,000,034 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2007.07.16 18:48:56 | 000,057,856 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007.07.16 18:30:49 | 000,000,081 | ---- | C] () -- C:\WINDOWS\Setup8a.ini
[2007.07.11 13:31:55 | 000,000,107 | ---- | C] () -- C:\WINDOWS\CMSurround.ini
[2007.07.09 12:05:38 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2007.07.09 11:59:54 | 000,000,140 | ---- | C] () -- C:\WINDOWS\CMMIXER.INI
[2007.07.09 11:38:40 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll
[2007.07.09 11:37:07 | 000,028,145 | ---- | C] () -- C:\WINDOWS\cmijack.ini
[2007.07.09 11:37:06 | 000,017,824 | ---- | C] () -- C:\WINDOWS\cmaudio.ini
[2007.07.09 11:31:23 | 000,004,333 | ---- | C] () -- C:\WINDOWS\mixerdef.ini
[2007.07.09 10:11:44 | 000,000,411 | ---- | C] () -- C:\WINDOWS\CMISETUP.INI
[2007.07.09 10:05:51 | 000,002,399 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2007.07.09 10:05:50 | 000,005,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2007.07.08 12:58:26 | 000,000,305 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\addr_file.html
[2007.07.08 12:53:48 | 000,223,128 | ---- | C] () -- C:\WINDOWS\System32\drivers\vaxscsi.sys
[2007.07.08 12:52:42 | 000,721,904 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2007.07.08 11:38:32 | 000,004,429 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2007.07.08 10:53:11 | 000,000,146 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat
[2004.11.11 13:00:00 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\ieencode.dll
[2004.11.11 13:00:00 | 000,028,400 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 96 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:CE2C623F
@Alternate Data Stream - 157 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:517B507A
@Alternate Data Stream - 133 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:96EE29A3
@Alternate Data Stream - 122 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:52B72A7C

< End of report >
--- --- ---


OTL Logfile:
Code:
OTL Extras logfile created on: 31.01.2011 20:20:39 - Run 1
OTL by OldTimer - Version 3.2.20.6    Folder = C:\Dokumente und Einstellungen\Administrator\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1.023,00 Mb Total Physical Memory | 579,00 Mb Available Physical Memory | 57,00% Memory free
1,00 Gb Paging File | 1,00 Gb Available in Paging File | 71,00% Paging File free
Paging file location(s): C:\pagefile.sys 384 768 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 19,53 Gb Total Space | 7,80 Gb Free Space | 39,96% Space Free | Partition Type: NTFS
Drive D: | 57,15 Gb Total Space | 24,05 Gb Free Space | 42,09% Space Free | Partition Type: NTFS
 
Computer Name: WINDOWSPC | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
.url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
http [open] -- "C:\Programme\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Programme\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "D:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /k "cd %L" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "D:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"D:\Programme\Azureus\Azureus.exe" = D:\Programme\Azureus\Azureus.exe:*:Enabled:Azureus -- (Azureus Inc)
"D:\Programme\ICQLite\ICQLite.exe" = D:\Programme\ICQLite\ICQLite.exe:*:Enabled:ICQ Lite -- (ICQ Ltd.)
"C:\Programme\Azureus\Azureus.exe" = C:\Programme\Azureus\Azureus.exe:*:Enabled:Azureus -- (Vuze Inc.)
"D:\Program Files\Ubi Soft\Racing Simulation 3\RS3.exe" = D:\Program Files\Ubi Soft\Racing Simulation 3\RS3.exe:*:Enabled:Racing Simulation 3 -- (Ubi Soft)
"D:\Programme\SopCast\SopCast.exe" = D:\Programme\SopCast\SopCast.exe:*:Enabled:SopCast Main Application -- (SopCast - Free P2P internet TV | live football, NBA, cricket)
"D:\Programme\SopCast\adv\SopAdver.exe" = D:\Programme\SopCast\adv\SopAdver.exe:*:Enabled:SopCast Adver -- (SopCast - Free P2P internet TV | live football, NBA, cricket)
"C:\Programme\Google\Google Earth\client\googleearth.exe" = C:\Programme\Google\Google Earth\client\googleearth.exe:*:Enabled:Google Earth -- (Google)
"C:\Programme\Google\Google Earth\plugin\geplugin.exe" = C:\Programme\Google\Google Earth\plugin\geplugin.exe:*:Enabled:Google Earth -- (Google)
"C:\Programme\Java\jre6\bin\javaw.exe" = C:\Programme\Java\jre6\bin\javaw.exe:*:Enabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.)
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0046FA01-C5B9-4985-BACB-398DC480FC05}" = Adobe Photoshop CS3
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP4300" = Canon iP4300
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 15
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{2D7F824B-6744-4C30-B78B-0966E9BD461D}" = KalOnlineEng
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java(TM) 6 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java(TM) 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{43602F34-1AA3-44FB-AEB2-D08C2C73743F}" = Paint.NET v3.36
"{43DCF766-6838-4F9A-8C91-D92DA586DFA7}" = Microsoft Windows-Journal-Viewer
"{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}" = Microsoft .NET Framework 2.0
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{85C6CE1E-2A22-4C5A-A8A1-9DBFBEA81DE1}" = Razer
"{870F1750-BA89-11DA-A94D-0800200C9A66}_is1" = VSO CopyToDVD 4
"{8D1E61D1-1395-4E97-997F-D002DB3A5074}" = OpenOffice.org 3.2
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A4D7B764-4140-11D4-88EB-0050DA3579C0}" = Nero - Burning Rom
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AF6ECA04-F2CC-11D3-9D68-0020781864F1}" = International CueClub
"{B360A8E5-C171-4AAE-9777-65B3CDB0072C}" = CanoScan LiDE20,30 Manual
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{BB406CEB-6207-4512-9BB2-89950DC9D6B6}_is1" = ConvertXtoDVD 2.2.3.258
"{BCE46757-7674-4416-BEDB-68205A60409E}" = Canon CanoScan Toolbox 4.1
"{C1A80F67-656F-4DF3-A6C4-DE18A47477C5}_is1" = ICQ Away Reader 1.4
"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2
"{C768790F-04FB-11E0-9B2C-001AA037B01E}" = Google Earth
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D1BB4446-AE9C-4256-9A7F-4D46604D2462}" = Adobe Setup
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = AusLogics Disk Defrag
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F3D7915D-6B42-49FA-9FC8-5020479A6A57}" = Nero Reloaded PlugIn Pack 2.0.4 by GEAR
"{F48C6EA5-3B43-11D6-86A6-0050BA0259A2}" = YXT PC Camera
"{F6869CD2-3DB4-476D-A4C7-B3AE7C3ACF7B}" = Windows Media Connect
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}" = HighMAT-Erweiterung für den Microsoft Windows XP-Assistenten zum Schreiben von CDs
"6194C28A8F62DD817EA1B918E6E46E806A21B452" = Windows-Treiberpaket - MobileTop (sshpmdm) Modem  (02/23/2007 2.5.0.0)
"65B6FE5418CE28F4D72543FB2D964C3CEC83F161" = Windows-Treiberpaket - MobileTop (sshpusb) USB  (02/23/2007 2.5.0.0)
"8461-7759-5462-8226" = Vuze
"Adobe Acrobat 5.0" = Adobe Acrobat 5.0
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Adobe_2ac78060bc5856b0c1cf873bb919b58" = Adobe Photoshop CS3
"Audiograbber" = Audiograbber 1.83 SE
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Azureus" = Azureus
"Canon iP4300 Benutzerregistrierung" = Canon iP4300 Benutzerregistrierung
"CCleaner" = CCleaner
"CursorXP" = CursorXP
"Eusing Free Registry Cleaner" = Eusing Free Registry Cleaner
"Free Video Flip and Rotate_is1" = Free Video Flip and Rotate version 1.8
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.7
"Google Updater" = Google Updater
"Guitar Pro 5_is1" = Guitar Pro 5.2
"ICQLite" = ICQ 5.1
"JRE 1.3.1_03" = Java 2 Runtime Environment Standard Edition v1.3.1_03
"KaloMa_is1" = KaloMa 4.9
"Live 7.0.10" = Live 7.0.10
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 2.0" = Microsoft .NET Framework 2.0
"Moorhuhn 2 V1.1" = Moorhuhn 2 V1.1
"Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13)
"Nero 6.x Audio + Video Plugins1.0.0.0" = Nero 6.x Audio + Video Plugins
"NeroVision!UninstallKey" = Nero Digital
"NMPUninstallKey" = Nero Media Player
"NVIDIA Drivers" = NVIDIA Drivers
"PCI Audio Applications" = PCI Audio Applications
"PCI Audio Driver" = PCI Audio Driver
"Racing Simulation 3" = Racing Simulation 3
"SopCast" = SopCast 3.0.3
"Steinberg Groove Agent 2" = Steinberg Groove Agent 2
"Steinberg Groove Agent 2 v2.0.0.28" = Steinberg Groove Agent 2 v2.0.0.28
"SyncroSoft Emu" = SyncroSoft Emu (Remove only)
"Syncrosoft License Control" = Syncrosoft Lizenz Kontrolle
"Uninstall_is1" = Uninstall 1.0.0.1
"VLC media player" = VLC media player 1.0.1
"Windows Media Connect" = Windows Media Connect
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
"XTTB00001.XTTB00001Toolbar" = ICQ Toolbar
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 23.01.2011 17:24:51 | Computer Name = WINDOWSPC | Source = MsiInstaller | ID = 10005
Description = Produkt: OpenOffice.org 3.2 -- Interner Fehler 2908. {1D8C55E1-83AA-4D88-4822-E7598EA5F941}
 
Error - 23.01.2011 17:24:51 | Computer Name = WINDOWSPC | Source = MsiInstaller | ID = 10005
Description = Produkt: OpenOffice.org 3.2 -- Interner Fehler 2908. {0864C925-A784-D87B-D2E9-BE427AA6C847}
 
Error - 23.01.2011 17:24:51 | Computer Name = WINDOWSPC | Source = MsiInstaller | ID = 10005
Description = Produkt: OpenOffice.org 3.2 -- Interner Fehler 2908. {27F681E6-5E5C-482A-AE9D-3116DB2047DE}
 
Error - 23.01.2011 17:24:51 | Computer Name = WINDOWSPC | Source = MsiInstaller | ID = 10005
Description = Produkt: OpenOffice.org 3.2 -- Interner Fehler 2908. {958A864F-26EB-FF0F-5C3B-1CB9200EF704}
 
Error - 23.01.2011 17:24:51 | Computer Name = WINDOWSPC | Source = MsiInstaller | ID = 10005
Description = Produkt: OpenOffice.org 3.2 -- Interner Fehler 2908. {11DF34EE-1B53-6136-262A-87B6DC1F34D3}
 
Error - 23.01.2011 17:24:51 | Computer Name = WINDOWSPC | Source = MsiInstaller | ID = 10005
Description = Produkt: OpenOffice.org 3.2 -- Interner Fehler 2908. {F5BF468E-7F6E-0DC8-B099-D72FEC088E86}
 
Error - 23.01.2011 17:24:51 | Computer Name = WINDOWSPC | Source = MsiInstaller | ID = 10005
Description = Produkt: OpenOffice.org 3.2 -- Interner Fehler 2908. {13B498DE-91CE-AC27-66E8-4266DEFFB71C}
 
Error - 23.01.2011 17:24:51 | Computer Name = WINDOWSPC | Source = MsiInstaller | ID = 10005
Description = Produkt: OpenOffice.org 3.2 -- Interner Fehler 2908. {6954DC4F-9E06-34A5-C071-C9F9827A6384}
 
Error - 31.01.2011 12:14:10 | Computer Name = WINDOWSPC | Source = crypt32 | ID = 131083
Description = Die Extrahierung der Drittanbieterstammlisten aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
 ist fehlgeschlagen mit dem Fehler: Ein erforderliches Zertifikat befindet sich
nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel
 in der signierten Datei.  .
 
Error - 31.01.2011 12:14:10 | Computer Name = WINDOWSPC | Source = crypt32 | ID = 131083
Description = Die Extrahierung der Drittanbieterstammlisten aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
 ist fehlgeschlagen mit dem Fehler: Ein erforderliches Zertifikat befindet sich
nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel
 in der signierten Datei.  .
 
[ System Events ]
Error - 31.01.2011 11:22:40 | Computer Name = WINDOWSPC | Source = DCOM | ID = 10005
Description = Bei DCOM ist der Fehler "%1084" aufgetreten, als der Dienst "EventSystem"
 mit den Argumenten ""  gestartet wurde, um den folgenden Server zu verwenden:  {1BE1F766-5536-11D1-B726-00C04FB926AF}
 
Error - 31.01.2011 11:24:20 | Computer Name = WINDOWSPC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Nsynas32" wurde aufgrund folgenden Fehlers nicht gestartet:
  %%2
 
Error - 31.01.2011 13:11:31 | Computer Name = WINDOWSPC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Nsynas32" wurde aufgrund folgenden Fehlers nicht gestartet:
  %%2
 
Error - 31.01.2011 13:13:05 | Computer Name = WINDOWSPC | Source = nv | ID = 11141226
Description = Silent Running: Stress test transition:  L2 -> L1
 
Error - 31.01.2011 13:13:05 | Computer Name = WINDOWSPC | Source = nv | ID = 11141226
Description = Silent Running: Stress test transition:  L1 -> L0
 
Error - 31.01.2011 13:49:49 | Computer Name = WINDOWSPC | Source = nv | ID = 11141226
Description = Silent Running: Stress test transition:  L2 -> L1
 
Error - 31.01.2011 13:49:49 | Computer Name = WINDOWSPC | Source = nv | ID = 11141226
Description = Silent Running: Stress test transition:  L1 -> L0
 
Error - 31.01.2011 14:44:25 | Computer Name = WINDOWSPC | Source = nv | ID = 11141226
Description = Silent Running: Stress test transition:  L2 -> L1
 
Error - 31.01.2011 14:44:25 | Computer Name = WINDOWSPC | Source = nv | ID = 11141226
Description = Silent Running: Stress test transition:  L1 -> L0
 
Error - 31.01.2011 15:16:45 | Computer Name = WINDOWSPC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Nsynas32" wurde aufgrund folgenden Fehlers nicht gestartet:
  %%2
 
 
< End of report >
--- --- ---

cosinus 31.01.2011 21:19
Beende alle Programme, starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:
:OTL
O33 - MountPoints2\{4aa0d180-3253-11dc-8471-000d88746eb8}\Shell - "" = AutoRun
O33 - MountPoints2\{4aa0d180-3253-11dc-8471-000d88746eb8}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{4aa0d180-3253-11dc-8471-000d88746eb8}\Shell\AutoRun\command - "" = G:\Autorun.exe
O33 - MountPoints2\{89a9707c-c10b-11dc-85f2-000d88746eb8}\Shell - "" = AutoRun
O33 - MountPoints2\{89a9707c-c10b-11dc-85f2-000d88746eb8}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{89a9707c-c10b-11dc-85f2-000d88746eb8}\Shell\AutoRun\command - "" = G:\Autorun.exe
@Alternate Data Stream - 96 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:CE2C623F
@Alternate Data Stream - 157 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:517B507A
@Alternate Data Stream - 133 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:96EE29A3
@Alternate Data Stream - 122 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:52B72A7C
:Commands
[purity]
[resethosts]
[emptytemp]
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Marcel121 01.02.2011 13:55
Habe das mit dem Kopieren und dem Fix gemacht, aber leider vergessen das Logfile zu kopieren. :(

Und nun?


Edit:
Was mir spontan aufällt ist, dass jetzt aufeinmal Dokumente auf dem Desktop mit Dateiendung angezeigt werden. :confused:

cosinus 01.02.2011 14:11
Schau in den Ordner C:\_OTL bitte nach

Marcel121 01.02.2011 14:12
========== OTL ==========
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4aa0d180-3253-11dc-8471-000d88746eb8}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4aa0d180-3253-11dc-8471-000d88746eb8}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4aa0d180-3253-11dc-8471-000d88746eb8}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4aa0d180-3253-11dc-8471-000d88746eb8}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4aa0d180-3253-11dc-8471-000d88746eb8}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4aa0d180-3253-11dc-8471-000d88746eb8}\ not found.
File G:\Autorun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{89a9707c-c10b-11dc-85f2-000d88746eb8}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{89a9707c-c10b-11dc-85f2-000d88746eb8}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{89a9707c-c10b-11dc-85f2-000d88746eb8}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{89a9707c-c10b-11dc-85f2-000d88746eb8}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{89a9707c-c10b-11dc-85f2-000d88746eb8}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{89a9707c-c10b-11dc-85f2-000d88746eb8}\ not found.
File G:\Autorun.exe not found.
ADS C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:CE2C623F deleted successfully.
ADS C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:517B507A deleted successfully.
ADS C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:96EE29A3 deleted successfully.
ADS C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:52B72A7C deleted successfully.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 26734885 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 117248244 bytes
->Flash cache emptied: 48832 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 41044 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 1250472 bytes
%systemroot%\System32 .tmp files removed: 2951 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1640091 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 140,00 mb


OTL by OldTimer - Version 3.2.20.6 log created on 02012011_134441

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

cosinus 01.02.2011 14:15
Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Lade dir ComboFix hier herunter auf deinen Desktop. Benenne es beim Runterladen um in cofi.exe.
http://saved.im/mtm0nzyzmzd5/cofi.jpg
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Marcel121 01.02.2011 14:43
Combofix Logfile:
Code:
ComboFix 11-01-31.02 - Administrator 01.02.2011  14:26:51.1.1 - x86
Microsoft Windows XP Professional  5.1.2600.2.1252.49.1031.18.1023.697 [GMT 1:00]
ausgeführt von:: c:\dokumente und einstellungen\Administrator\Desktop\cofi.exe
AV: AntiVir Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
.

((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\dokumente und einstellungen\Administrator\Anwendungsdaten\inst.exe
c:\windows\system32\twunk_32.exe

.
(((((((((((((((((((((((  Dateien erstellt von 2011-01-01 bis 2011-02-01  ))))))))))))))))))))))))))))))
.

2011-02-01 12:44 . 2011-02-01 12:44        --------        d-----w-        C:\_OTL
2011-01-31 18:20 . 2011-01-31 18:20        --------        d-----w-        c:\dokumente und einstellungen\Administrator\Anwendungsdaten\Malwarebytes
2011-01-31 18:20 . 2010-12-20 17:09        38224        ----a-w-        c:\windows\system32\drivers\mbamswissarmy.sys
2011-01-31 18:20 . 2011-01-31 18:20        --------        d-----w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\Malwarebytes
2011-01-31 18:20 . 2010-12-20 17:08        20952        ----a-w-        c:\windows\system32\drivers\mbam.sys
2011-01-31 17:13 . 2011-01-31 17:13        --------        d-----w-        c:\dokumente und einstellungen\Administrator\Anwendungsdaten\Avira
2011-01-30 18:37 . 2011-01-30 18:37        --------        d-----r-        c:\dokumente und einstellungen\LocalService\Favoriten
2011-01-23 21:26 . 2011-01-23 21:26        --------        d-----w-        c:\dokumente und einstellungen\Administrator\Anwendungsdaten\OpenOffice.org
2011-01-07 09:38 . 2011-01-07 09:39        --------        d-----w-        c:\windows\system32\NtmsData
2011-01-07 09:04 . 2011-01-07 09:10        --------        d-----w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\SecTaskMan

.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-12-13 07:39 . 2009-05-18 14:04        135096        ----a-w-        c:\windows\system32\drivers\avipbb.sys
2010-12-13 07:39 . 2009-05-18 14:04        61960        ----a-w-        c:\windows\system32\drivers\avgntflt.sys
.

((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CursorXP"="d:\programme\CursorXP\CursorXP.exe" [2005-01-19 128000]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"C-Media Mixer"="Mixer.exe" [2002-08-05 1495040]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2004-07-12 4112384]
"nwiz"="nwiz.exe" [2004-07-12 843776]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2004-07-12 81920]
"razertra"="d:\programme\Razer\razertra.exe" [2004-10-10 208896]
"avgnt"="d:\programme\Avira\AntiVir Desktop\avgnt.exe" [2010-12-13 281768]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-11-11 15360]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"d:\\Programme\\Azureus\\Azureus.exe"=
"d:\\Programme\\ICQLite\\ICQLite.exe"=
"c:\\Programme\\Azureus\\Azureus.exe"=
"d:\\Program Files\\Ubi Soft\\Racing Simulation 3\\RS3.exe"=
"d:\\Programme\\SopCast\\SopCast.exe"=
"d:\\Programme\\SopCast\\adv\\SopAdver.exe"=
"c:\\Programme\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Programme\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programme\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\Programme\\Google\\Google Earth\\plugin\\geplugin.exe"=
"c:\\Programme\\Bonjour\\mDNSResponder.exe"=
"c:\\Programme\\Java\\jre6\\bin\\javaw.exe"=

R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [08.07.2007 12:52 721904]
R2 AntiVirSchedulerService;Avira AntiVir Planer;d:\programme\Avira\AntiVir Desktop\sched.exe [18.05.2009 15:04 135336]
R3 CLEDX;Team H2O CLEDX service;c:\windows\system32\drivers\cledx.sys [12.01.2008 14:06 33792]
R3 vaxscsi;vaxscsi;c:\windows\system32\drivers\vaxscsi.sys [08.07.2007 12:53 223128]
S0 NeroCdNt;NeroCdNt; [x]
S2 gupdate;Google Update Service (gupdate);c:\programme\Google\Update\GoogleUpdate.exe [20.06.2010 20:28 136176]
S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [31.07.2010 17:10 36608]
S3 L6UX2;Service - Line 6 UX2;c:\windows\system32\Drivers\L6UX2.sys --> c:\windows\system32\Drivers\L6UX2.sys [?]
S3 PRISM_USB;D-Link Air DWL-122 Wireless USB Adapter Driver;c:\windows\system32\drivers\PRISMUSB.sys [09.07.2007 11:53 636502]
S3 SynasUSB;SynasUSB;c:\windows\system32\drivers\synasUSB.sys [14.07.2007 22:48 18432]
.
Inhalt des "geplante Tasks" Ordners

2011-02-01 c:\windows\Tasks\Google Software Updater.job
- c:\programme\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-09-28 19:38]

2010-10-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore1cb6c33e1cd5b6.job
- c:\programme\Google\Update\GoogleUpdate.exe [2010-06-20 19:28]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = about:blank
uInternet Settings,ProxyOverride = *.local
IE: Free YouTube to Mp3 Converter - c:\dokumente und einstellungen\Administrator\Anwendungsdaten\DVDVideoSoftIEHelpers\youtubetomp3.htm
IE: {{8b2d996f-b7d1-4961-a929-414d9cf5ba7b} - Help and Support
Trusted Zone: line6.net
FF - ProfilePath - c:\dokumente und einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\ryeahwqi.default\
FF - prefs.js: browser.startup.homepage - GMX - E-Mail, FreeMail, De-Mail, Themen- & Shopping-Portal - kostenlos
FF - prefs.js: keyword.URL - hxxp://search.qip.ru/search?from=FF&query=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\programme\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - c:\programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - c:\programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - c:\programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - c:\programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - c:\programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\programme\Java\jre6\lib\deploy\jqs\ff
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Ext: DVDVideoSoft Menu: {ACAA314B-EEBA-48e4-AD47-84E31C44796C} - %profile%\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2011-02-01 14:29
Windows 5.1.2600 Service Pack 2 NTFS

Scanne versteckte Prozesse...

Scanne versteckte Autostarteinträge...

Scanne versteckte Dateien...

Scan erfolgreich abgeschlossen
versteckte Dateien: 0

**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------

- - - - - - - > 'winlogon.exe'(720)
c:\windows\system32\sfc_os.dll
.
Zeit der Fertigstellung: 2011-02-01  14:32:12
ComboFix-quarantined-files.txt  2011-02-01 13:31

Vor Suchlauf: 8.357.158.912 Bytes frei
Nach Suchlauf: 8.315.932.672 Bytes frei

WindowsXP-KB310994-SP2-Pro-BootDisk-DEU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

Current=5 Default=5 Failed=4 LastKnownGood=6 Sets=2,3,4,5,6
- - End Of File - - 2A75A68D2D62086BC8A10F6E94034EDA
--- --- ---

cosinus 01.02.2011 18:46
Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.


Downloade Dir danach bitte MBRCheck (by a_d_13) und speichere die Datei auf dem Desktop.
  • Doppelklick auf die MBRCheck.exe.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Das Tool braucht nur einige Sekunden.
  • Danach solltest du eine MBRCheck_<Datum>_<Uhrzeit>.txt auf dem Desktop finden.
Poste mir bitte den Inhalt des .txt Dokumentes

Marcel121 01.02.2011 20:24
Hier die Logs:
GMER Logfile:
Code:
GMER 1.0.15.15530 - GMER - Rootkit Detector and Remover
Rootkit scan 2011-02-01 20:17:38
Windows 5.1.2600 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 ExcelStor_Technology_J8080 rev.P21OA85A
Running: zf9l02d6.exe; Driver: C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\fglyqpog.sys


---- System - GMER 1.0.15 ----

SSDT            F7CD3C1E                                                                                                              ZwCreateKey
SSDT            F7CD3C14                                                                                                              ZwCreateThread
SSDT            F7CD3C23                                                                                                              ZwDeleteKey
SSDT            F7CD3C2D                                                                                                              ZwDeleteValueKey
SSDT            spoj.sys                                                                                                              ZwEnumerateKey [0xF74ACCA4]
SSDT            spoj.sys                                                                                                              ZwEnumerateValueKey [0xF74AD032]
SSDT            F7CD3C32                                                                                                              ZwLoadKey
SSDT            spoj.sys                                                                                                              ZwOpenKey [0xF748E0C0]
SSDT            F7CD3C00                                                                                                              ZwOpenProcess
SSDT            F7CD3C05                                                                                                              ZwOpenThread
SSDT            spoj.sys                                                                                                              ZwQueryKey [0xF74AD10A]
SSDT            spoj.sys                                                                                                              ZwQueryValueKey [0xF74ACF8A]
SSDT            F7CD3C3C                                                                                                              ZwReplaceKey
SSDT            F7CD3C37                                                                                                              ZwRestoreKey
SSDT            F7CD3C28                                                                                                              ZwSetValueKey

INT 0x62        ?                                                                                                                    86F6EBF8
INT 0x63        ?                                                                                                                    86E90F00
INT 0x63        ?                                                                                                                    86E90F00
INT 0x63        ?                                                                                                                    86E90F00
INT 0x63        ?                                                                                                                    86E90F00
INT 0x63        ?                                                                                                                    86E90F00
INT 0x82        ?                                                                                                                    86F6EBF8

Code            \??\C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\catchme.sys                                                                    pIofCallDriver

---- Kernel code sections - GMER 1.0.15 ----

?              spoj.sys                                                                                                              Das System kann die angegebene Datei nicht finden. !
.text          USBPORT.SYS!DllUnload                                                                                                F6EEC62C 5 Bytes  JMP 86E904E0
.text          vaxscsi.sys!A0DB34FC6FE35D429A28ADDE5467D4D7                                                                          F6E8B4D0 48 Bytes  [3A, C2, 71, BE, 3C, 40, AC, ...]
?              C:\WINDOWS\System32\Drivers\vaxscsi.sys                                                                              Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird.
?              C:\WINDOWS\system32\Drivers\PROCEXP113.SYS                                                                            Das System kann die angegebene Datei nicht finden. !
?              C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\catchme.sys                                                                        Das System kann die angegebene Datei nicht finden. !

---- User code sections - GMER 1.0.15 ----

.text          D:\Programme\Avira\AntiVir Desktop\avgnt.exe[636] USER32.dll!GetCursor                                                77D1CECD 5 Bytes  JMP 01701080 D:\Programme\CursorXP\CurXP0.dll (CursorXP control panel/ )
.text          D:\Programme\Avira\AntiVir Desktop\avgnt.exe[636] USER32.dll!GetIconInfo                                              77D1E9A1 5 Bytes  JMP 01701030 D:\Programme\CursorXP\CurXP0.dll (CursorXP control panel/ )
.text          D:\Programme\Avira\AntiVir Desktop\avgnt.exe[636] USER32.dll!DrawIconEx                                              77D1F38A 5 Bytes  JMP 01701120 D:\Programme\CursorXP\CurXP0.dll (CursorXP control panel/ )
.text          C:\WINDOWS\explorer.exe[1296] USER32.dll!GetCursor                                                                    77D1CECD 5 Bytes  JMP 10001080 D:\Programme\CursorXP\CurXP0.dll (CursorXP control panel/ )
.text          C:\WINDOWS\explorer.exe[1296] USER32.dll!GetIconInfo                                                                  77D1E9A1 5 Bytes  JMP 10001030 D:\Programme\CursorXP\CurXP0.dll (CursorXP control panel/ )
.text          C:\WINDOWS\explorer.exe[1296] USER32.dll!DrawIconEx                                                                  77D1F38A 5 Bytes  JMP 10001120 D:\Programme\CursorXP\CurXP0.dll (CursorXP control panel/ )
.text          C:\Dokumente und Einstellungen\Administrator\Desktop\Downloads\zf9l02d6.exe[2904] USER32.dll!GetCursor                77D1CECD 5 Bytes  JMP 10001080 D:\Programme\CursorXP\CurXP0.dll (CursorXP control panel/ )
.text          C:\Dokumente und Einstellungen\Administrator\Desktop\Downloads\zf9l02d6.exe[2904] USER32.dll!GetIconInfo              77D1E9A1 5 Bytes  JMP 10001030 D:\Programme\CursorXP\CurXP0.dll (CursorXP control panel/ )
.text          C:\Dokumente und Einstellungen\Administrator\Desktop\Downloads\zf9l02d6.exe[2904] USER32.dll!DrawIconEx              77D1F38A 5 Bytes  JMP 10001120 D:\Programme\CursorXP\CurXP0.dll (CursorXP control panel/ )
.text          C:\WINDOWS\Mixer.exe[3524] USER32.dll!GetCursor                                                                      77D1CECD 5 Bytes  JMP 016F1080 D:\Programme\CursorXP\CurXP0.dll (CursorXP control panel/ )
.text          C:\WINDOWS\Mixer.exe[3524] USER32.dll!GetIconInfo                                                                    77D1E9A1 5 Bytes  JMP 016F1030 D:\Programme\CursorXP\CurXP0.dll (CursorXP control panel/ )
.text          C:\WINDOWS\Mixer.exe[3524] USER32.dll!DrawIconEx                                                                      77D1F38A 5 Bytes  JMP 016F1120 D:\Programme\CursorXP\CurXP0.dll (CursorXP control panel/ )

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT            \WINDOWS\System32\Drivers\SCSIPORT.SYS[ntoskrnl.exe!DbgBreakPoint]                                                    86FDC2D8
IAT            pci.sys[ntoskrnl.exe!IoDetachDevice]                                                                                  [F74BFC4C] spoj.sys
IAT            pci.sys[ntoskrnl.exe!IoAttachDeviceToDeviceStack]                                                                    [F74BFCA0] spoj.sys
IAT            atapi.sys[HAL.dll!READ_PORT_UCHAR]                                                                                    [F748F042] spoj.sys
IAT            atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT]                                                                            [F748F13E] spoj.sys
IAT            atapi.sys[HAL.dll!READ_PORT_USHORT]                                                                                  [F748F0C0] spoj.sys
IAT            atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT]                                                                          [F748F800] spoj.sys
IAT            atapi.sys[HAL.dll!WRITE_PORT_UCHAR]                                                                                  [F748F6D6] spoj.sys
IAT            \SystemRoot\system32\DRIVERS\USBPORT.SYS[ntoskrnl.exe!DbgBreakPoint]                                                  86E905E0
IAT            \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR]                                                    [F749EE9C] spoj.sys

---- Devices - GMER 1.0.15 ----

Device          \FileSystem\Ntfs \Ntfs                                                                                                86F6D1F8
Device          \FileSystem\Fastfat \FatCdrom                                                                                        86D61500
Device          \Driver\usbuhci \Device\USBPDO-0                                                                                      86F13500
Device          \Driver\PCI_PNP5504 \Device\00000044                                                                                  spoj.sys
Device          \Driver\usbuhci \Device\USBPDO-1                                                                                      86F13500
Device          \Driver\dmio \Device\DmControl\DmIoDaemon                                                                            86FDA1F8
Device          \Driver\dmio \Device\DmControl\DmConfig                                                                              86FDA1F8
Device          \Driver\dmio \Device\DmControl\DmPnP                                                                                  86FDA1F8
Device          \Driver\dmio \Device\DmControl\DmInfo                                                                                86FDA1F8
Device          \Driver\usbuhci \Device\USBPDO-2                                                                                      86F13500
Device          \Driver\usbehci \Device\USBPDO-3                                                                                      86F0B1F8
Device          \Driver\Ftdisk \Device\HarddiskVolume1                                                                                86F6F1F8
Device          \Driver\Ftdisk \Device\HarddiskVolume2                                                                                86F6F1F8
Device          \Driver\Cdrom \Device\CdRom0                                                                                          86E641F8
Device          \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17                                                                          86F6E1F8
Device          \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3                                                                          86F6E1F8
Device          \Driver\atapi \Device\Ide\IdePort0                                                                                    86F6E1F8
Device          \Driver\atapi \Device\Ide\IdePort1                                                                                    86F6E1F8
Device          \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-f                                                                          86F6E1F8
Device          \Driver\Cdrom \Device\CdRom1                                                                                          86E641F8
Device          \Driver\NetBT \Device\NetBt_Wins_Export                                                                              86CB21F8
Device          \Driver\NetBT \Device\NetbiosSmb                                                                                      86CB21F8
Device          \Driver\usbuhci \Device\USBFDO-0                                                                                      86F13500
Device          \Driver\usbuhci \Device\USBFDO-1                                                                                      86F13500
Device          \FileSystem\MRxSmb \Device\LanmanDatagramReceiver                                                                    86CB7500
Device          \Driver\usbuhci \Device\USBFDO-2                                                                                      86F13500
Device          \FileSystem\MRxSmb \Device\LanmanRedirector                                                                          86CB7500
Device          \Driver\usbehci \Device\USBFDO-3                                                                                      86F0B1F8
Device          \Driver\Ftdisk \Device\FtControl                                                                                      86F6F1F8
Device          \Driver\NetBT \Device\NetBT_Tcpip_{740DC537-F77C-4AE3-A34A-94075CBA8284}                                              86CB21F8
Device          \Driver\vaxscsi \Device\Scsi\vaxscsi1                                                                                86E5D1F8
Device          \FileSystem\Fastfat \Fat                                                                                              86D61500

AttachedDevice  \FileSystem\Fastfat \Fat                                                                                              fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

Device          \FileSystem\Cdfs \Cdfs                                                                                                86CFC1F8

---- Registry - GMER 1.0.15 ----

Reg            HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)                 
Reg            HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0                                      C:\Programme\Alcohol Soft\Alcohol 120\
Reg            HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0                                      0
Reg            HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew                                    0xB2 0x40 0xD9 0x1A ...
Reg            HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet)       
Reg            HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0                              0x20 0x01 0x00 0x00 ...
Reg            HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew                          0x14 0xCF 0x82 0x0D ...
Reg            HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 (not active ControlSet) 
Reg            HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew                    0xD9 0x31 0xBA 0xA3 ...
Reg            HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)                 
Reg            HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0                                      C:\Programme\Alcohol Soft\Alcohol 120\
Reg            HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0                                      0
Reg            HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew                                    0xB2 0x40 0xD9 0x1A ...
Reg            HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet)       
Reg            HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0                              0x20 0x01 0x00 0x00 ...
Reg            HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew                          0x14 0xCF 0x82 0x0D ...
Reg            HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 (not active ControlSet) 
Reg            HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew                    0xD9 0x31 0xBA 0xA3 ...
Reg            HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)                 
Reg            HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0                                      C:\Programme\Alcohol Soft\Alcohol 120\
Reg            HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0                                      0
Reg            HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew                                    0xB2 0x40 0xD9 0x1A ...
Reg            HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet)       
Reg            HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0                              0x20 0x01 0x00 0x00 ...
Reg            HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew                          0x14 0xCF 0x82 0x0D ...
Reg            HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 (not active ControlSet) 
Reg            HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew                    0xD9 0x31 0xBA 0xA3 ...
Reg            HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1                                                                    1958251951
Reg            HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2                                                                    361294002
Reg            HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0                                                                    3
Reg            HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04                                     
Reg            HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0                                  C:\Programme\Alcohol Soft\Alcohol 120\
Reg            HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0                                  0
Reg            HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew                                0x4E 0xBF 0x66 0x8C ...
Reg            HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001                           
Reg            HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0                          0x20 0x01 0x00 0x00 ...
Reg            HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew                      0x14 0xCF 0x82 0x0D ...
Reg            HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40                     
Reg            HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew                0xD9 0x31 0xBA 0xA3 ...
Reg            HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC                                     
Reg            HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                  2
Reg            HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                                0xC5 0x3D 0x75 0x6C ...
Reg            HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4                                     
Reg            HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0                                  1
Reg            HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh                                0x5A 0xB9 0x6C 0x51 ...
Reg            HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001                           
Reg            HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh                      0xBE 0xD8 0xFB 0x52 ...
Reg            HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40                     
Reg            HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh                0xF3 0xD5 0x4B 0x0F ...
Reg            HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)                 
Reg            HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0                                      C:\Programme\Alcohol Soft\Alcohol 120\
Reg            HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0                                      0
Reg            HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew                                    0x4E 0xBF 0x66 0x8C ...
Reg            HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet)       
Reg            HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0                              0x20 0x01 0x00 0x00 ...
Reg            HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew                          0x14 0xCF 0x82 0x0D ...
Reg            HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 (not active ControlSet) 
Reg            HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew                    0xD9 0x31 0xBA 0xA3 ...
Reg            HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)                 
Reg            HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                      2
Reg            HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                                    0xC5 0x3D 0x75 0x6C ...
Reg            HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)                 
Reg            HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0                                      1
Reg            HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh                                    0x5A 0xB9 0x6C 0x51 ...
Reg            HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)       
Reg            HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh                          0xBE 0xD8 0xFB 0x52 ...
Reg            HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet) 
Reg            HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh                    0xF3 0xD5 0x4B 0x0F ...

---- EOF - GMER 1.0.15 ----
--- --- ---


OSAM Logfile:
Code:
Report of OSAM: Autorun Manager v5.0.11926.0
Online Solutions. Complex Protection for Information Systems
Saved at 20:22:50 on 01.02.2011

OS: Windows XP Professional Service Pack 2 (Build 2600)
Default Browser: Mozilla Corporation Firefox 3.6.13

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Common]
-----( %SystemRoot%\Tasks )-----
"GoogleUpdateTaskMachineCore1cb6c33e1cd5b6.job" - "Google Inc." - C:\Programme\Google\Update\GoogleUpdate.exe
"Google Software Updater.job" - "Google" - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe

[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"javacpl.cpl" - "Sun Microsystems, Inc." - C:\WINDOWS\system32\javacpl.cpl
"nvtuicpl.cpl" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvtuicpl.cpl
"plugincpl131_03.cpl" - "Sun Microsystems" - C:\WINDOWS\system32\plugincpl131_03.cpl
"razer.cpl" - "Razer Inc." - C:\WINDOWS\system32\razer.cpl
"Startup.cpl" - ? - C:\WINDOWS\system32\Startup.cpl  (File found, but it contains no detailed information)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"Avira AntiVir Personal - Free Antivirus " - "Avira GmbH" - D:\PROGRA~1\Avira\ANTIVI~1\avconfig.cpl
"ContentDirectory" - "Microsoft Corporation" - c:\programme\windows media connect\mswmccpl.dll

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"Acronis True Image Backup Archive Explorer" (timounter) - "Acronis" - C:\WINDOWS\System32\DRIVERS\timntr.sys
"Acronis True Image FS Filter" (tifsfilter) - "Acronis" - C:\WINDOWS\System32\DRIVERS\tifsfilt.sys
"avgio" (avgio) - "Avira GmbH" - D:\Programme\Avira\AntiVir Desktop\avgio.sys
"avgntflt" (avgntflt) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\avgntflt.sys
"avipbb" (avipbb) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\avipbb.sys
"catchme" (catchme) - ? - C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\catchme.sys  (File not found)
"Changer" (Changer) - ? - C:\WINDOWS\system32\drivers\Changer.sys  (File not found)
"EagleNT" (EagleNT) - ? - C:\WINDOWS\system32\drivers\EagleNT.sys  (File not found)
"fglyqpog" (fglyqpog) - ? - C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\fglyqpog.sys  (Hidden registry entry, rootkit activity | File not found)
"FsUsbExDisk" (FsUsbExDisk) - ? - C:\WINDOWS\system32\FsUsbExDisk.SYS  (File found, but it contains no detailed information)
"i2omgmt" (i2omgmt) - ? - C:\WINDOWS\system32\drivers\i2omgmt.sys  (File not found)
"lbrtfdc" (lbrtfdc) - ? - C:\WINDOWS\system32\drivers\lbrtfdc.sys  (File not found)
"mbr" (mbr) - ? - C:\cofi\mbr.sys  (Hidden registry entry, rootkit activity | File not found)
"MSI US54EX Wireless Adapter" (RT73) - "Ralink Technology, Corp." - C:\WINDOWS\System32\DRIVERS\rt73.sys
"NeroCdNt" (NeroCdNt) - ? - C:\WINDOWS\system32\drivers\NeroCdNt.sys  (File not found)
"Nsynas32" (Nsynas32) - ? - C:\WINDOWS\system32\drivers\Nsynas32.sys  (File not found)
"nv" (nv) - "NVIDIA Corporation" - C:\WINDOWS\System32\DRIVERS\nv4_mini.sys
"PCCS Mode Change Filter Driver" (pccsmcfd) - ? - C:\WINDOWS\System32\DRIVERS\pccsmcfd.sys  (File not found)
"PCIDump" (PCIDump) - ? - C:\WINDOWS\system32\drivers\PCIDump.sys  (File not found)
"PDCOMP" (PDCOMP) - ? - C:\WINDOWS\system32\drivers\PDCOMP.sys  (File not found)
"PDFRAME" (PDFRAME) - ? - C:\WINDOWS\system32\drivers\PDFRAME.sys  (File not found)
"PDRELI" (PDRELI) - ? - C:\WINDOWS\system32\drivers\PDRELI.sys  (File not found)
"PDRFRAME" (PDRFRAME) - ? - C:\WINDOWS\system32\drivers\PDRFRAME.sys  (File not found)
"PxHelp20" (PxHelp20) - ? - C:\WINDOWS\System32\Drivers\PxHelp20.sys  (File not found)
"Secdrv" (Secdrv) - ? - C:\WINDOWS\System32\DRIVERS\secdrv.sys  (File found, but it contains no detailed information)
"Service - Line 6 UX2" (L6UX2) - ? - C:\WINDOWS\System32\Drivers\L6UX2.sys  (File not found)
"sptd" (sptd) - "Duplex Secure Ltd." - C:\WINDOWS\System32\Drivers\sptd.sys  (File is exclusively opened, access blocked)
"ssmdrv" (ssmdrv) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\ssmdrv.sys
"SynasUSB" (SynasUSB) - "SIA Syncrosoft" - C:\WINDOWS\System32\drivers\SynasUSB.sys
"Team H2O CLEDX service" (CLEDX) - "Team H2O" - C:\WINDOWS\System32\DRIVERS\cledx.sys
"vaxscsi" (vaxscsi) - "Alcohol Soft Co., Ltd." - C:\WINDOWS\System32\Drivers\vaxscsi.sys  (File is exclusively opened, access blocked)
"VSO Software pcouffin" (pcouffin) - "VSO Software" - C:\WINDOWS\System32\Drivers\pcouffin.sys
"WDICA" (WDICA) - ? - C:\WINDOWS\system32\drivers\WDICA.sys  (File not found)

[Explorer]
-----( HKCU\Software\Classes\Folder\shellex\ColumnHandlers )-----
{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" - ? -  (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components )-----
{89B4C1CD-B018-4511-B0A1-5476DBF70820} "StubPath" - "Microsoft Corporation" - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{7D4D6379-F301-4311-BEBA-E26EB0561882} "NeroDigitalColumnHandler Class" - "Nero AG" - C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroDigitalExt.dll
-----( HKLM\Software\Classes\Protocols\Filter )-----
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
-----( HKLM\Software\Classes\Protocols\Handler )-----
{828030A1-22C1-4009-854F-8E305202313F} "livecall" - "Microsoft Corporation" - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
{828030A1-22C1-4009-854F-8E305202313F} "msnim" - "Microsoft Corporation" - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{32020A01-506E-484D-A2A8-BE3CF17601C3} "AlcoholShellEx" - "Alcohol Soft Development Team" - C:\PROGRA~1\ALCOHO~1\ALCOHO~1\axshlex.dll
{2AA59FC0-31E8-42DA-9D3C-E9A52953853B} "CopyToCD shell extension" - "VSO Software" - D:\Programme\vso\copytodvd\CtcdShell.dll
{42071714-76d4-11d1-8b24-00a0c9068ff3} "CPL-Erweiterung für Anzeigeverschiebung" - ? - deskpan.dll  (File not found)
{1CDB2949-8F65-4355-8456-263E7C208A5D} "Desktop Explorer" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvshell.dll
{1E9B04FB-F9E5-4718-997B-B8DA88302A47} "Desktop Explorer Menu" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvshell.dll
{A70C977A-BF00-412C-90B7-034C51DA2439} "DesktopContext Class" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvcpl.dll
{1D2680C9-0E2A-469d-B787-065558BC7D43} "Fusion Cache" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
{73B24247-042E-4EF5-ADC2-42F62E6FD654} "MCLiteShellExt Class" - ? - D:\Programme\ICQLite\ICQLiteShell.dll
{B327765E-D724-4347-8B16-78AE18552FC3} "NeroDigitalIconHandler Class" - "Nero AG" - C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroDigitalExt.dll
{7F1CF152-04F8-453A-B34C-E609530A9DC8} "NeroDigitalPropSheetHandler Class" - "Nero AG" - C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroDigitalExt.dll
{FFB699E0-306A-11d3-8BD1-00104B6F7516} "NVIDIA CPL Extension" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvcpl.dll
{1E9B04FB-F9E5-4718-997B-B8DA88302A48} "nView Desktop Context Menu" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvshell.dll
{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "OpenOffice.org Column Handler" - ? -  (File not found | COM-object registry key not found)
{087B3AE3-E237-4467-B8DB-5A38AB959AC9} "OpenOffice.org Infotip Handler" - ? -  (File not found | COM-object registry key not found)
{63542C48-9552-494A-84F7-73AA6A7C99C1} "OpenOffice.org Property Sheet Handler" - ? -  (File not found | COM-object registry key not found)
{3B092F0C-7696-40E3-A80F-68D74DA84210} "OpenOffice.org Thumbnail Viewer" - ? -  (File not found | COM-object registry key not found)
{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira GmbH" - D:\Programme\Avira\AntiVir Desktop\shlext.dll
{E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} "Shell Icon Handler for Application References" - "Microsoft Corporation" - C:\WINDOWS\system32\dfshim.dll
{e82a2d71-5b2f-43a0-97b8-81be15854de8} "ShellLink for Application References" - "Microsoft Corporation" - C:\WINDOWS\system32\dfshim.dll
{B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - ? - D:\Programme\WinRAR\rarext.dll  (File found, but it contains no detailed information)

[Internet Explorer]
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
<binary data> "ITBarLayout" - ? -  (File not found | COM-object registry key not found)
<binary data> "{855F3B16-6D32-4FE6-8A56-BBB695989046}" - ? -  (File not found | COM-object registry key not found)
-----( HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks )-----
{A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} "QIPBHO Class" - "qip.ru" - C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Microsoft\Internet Explorer\qipsearchbar.dll
{855F3B16-6D32-4fe6-8A56-BBB695989046} "{855F3B16-6D32-4fe6-8A56-BBB695989046}" - ? -  (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{CC450D71-CC90-424C-8638-1F2DBAC87A54} "ArmHelper Control" - ? - ./Images/armhelper.ocx  (File not found) / file://C:\Programme\Monopoly\Images\armhelper.ocx
{20A60F0D-9AFA-4515-A0FD-83BD84642501} "Checkers Class" - "Microsoft Corporation" - C:\WINDOWS\Downloaded Program Files\msgrchkr.dll / hxxp://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_15" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_15.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} "Java Plug-in 1.6.0_15" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_15.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_15" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_15.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
{C3F79A2B-B9B4-4A66-B012-3EE46475B072} "MessengerStatsClient Class" - "Microsoft Corporation" - C:\WINDOWS\Downloaded Program Files\MessengerStatsPAClient.dll / hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
{F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} "Minesweeper Flags Class" - "Microsoft Corporation" - C:\WINDOWS\Downloaded Program Files\MineSweeper.dll / hxxp://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
{B8BE5E93-A60C-4D26-A2DC-220313175592} "MSN Games - Installer" - "Microsoft Corporation" - C:\WINDOWS\Downloaded Program Files\ZIntro.ocx / hxxp://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
{D27CDB6E-AE6D-11CF-96B8-444553540000} "Shockwave Flash Object" - "Adobe Systems, Inc." - C:\WINDOWS\system32\Macromed\Flash\Flash10l.ocx / https://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
{5C051655-FCD5-4969-9182-770EA5AA5565} "Solitaire Showdown Class" - "Microsoft Corporation" - C:\WINDOWS\Downloaded Program Files\SolitaireShowdown.dll / hxxp://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
{149E45D8-163E-4189-86FC-45022AB2B6C9} "SpinTop DRM Control" - "SpinTop Media Inc." - C:\WINDOWS\DOWNLO~1\stg_drm.ocx / file://C:\Programme\Monopoly\Images\stg_drm.ocx
{5D6F45B3-9043-443D-A792-115447494D24} "UnoCtrl Class" - "Microsoft" - C:\WINDOWS\Downloaded Program Files\GAME_UNO1.dll / hxxp://messenger.zone.msn.com/DE-DE/a-UNO1/GAME_UNO1.cab
{8FFBE65D-2C9C-4669-84BD-5829DC0B603C} "{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}" - ? -  (File not found | COM-object registry key not found) / hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBA} "{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBA}" - ? -  (File not found | COM-object registry key not found) / hxxp://java.sun.com/products/plugin/1.3.1/jinstall-131_03-win.cab
{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} "{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}" - ? -  (File not found | COM-object registry key not found) / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} "{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}" - ? -  (File not found | COM-object registry key not found) / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} "{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}" - ? -  (File not found | COM-object registry key not found) / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} "{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}" - ? -  (File not found | COM-object registry key not found) / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
"ICQ Lite" - "ICQ Ltd." - D:\Programme\ICQLite\ICQLite.exe
"Knowledge Base Suche" - ? - Help and Support  (HTTP value)
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )-----
<binary data> "{855F3B16-6D32-4fe6-8A56-BBB695989046}" - ? -  (File not found | COM-object registry key not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} "AcroIEHlprObj Class" - ? - d:\Programme\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} "Google Toolbar Notifier BHO" - "Google Inc." - C:\Programme\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jp2ssv.dll
{E7E6F031-17CE-4C07-BC86-EABFE594F69C} "JQSIEStartDetectorImpl Class" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
{A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} "QIPBHO Class" - "qip.ru" - C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Microsoft\Internet Explorer\qipsearchbar.dll
{9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live Anmelde-Hilfsprogramm" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
{5C255C8A-E604-49b4-9D64-90988571CECB} "{5C255C8A-E604-49b4-9D64-90988571CECB}" - ? -  (File not found | COM-object registry key not found)

[Logon]
-----( %AllUsersProfile%\Startmenü\Programme\Autostart )-----
"desktop.ini" - ? - C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\desktop.ini
-----( %UserProfile%\Startmenü\Programme\Autostart )-----
"desktop.ini" - ? - C:\Dokumente und Einstellungen\Administrator\Startmenü\Programme\Autostart\desktop.ini
-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----
"CursorXP" - " " - D:\Programme\CursorXP\CursorXP.exe
-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce )-----
"ICQ Lite" - "ICQ Ltd." - D:\Programme\ICQLite\ICQLite.exe -trayboot
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"avgnt" - "Avira GmbH" - "D:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min
"NvCplDaemon" - "NVIDIA Corporation" - RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
"NvMediaCenter" - "NVIDIA Corporation" - RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
"nwiz" - "NVIDIA Corporation" - nwiz.exe /install
"razertra" - "Razer Inc." - d:\Programme\Razer\razertra.exe

[Print Monitors]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----
"Canon BJ Language Monitor iP4300" - "CANON INC." - C:\WINDOWS\system32\CNMLM86.DLL

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
".NET Runtime Optimization Service v2.0.50727_X86" (clr_optimization_v2.0.50727_32) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
"ASP.NET State Service" (aspnet_state) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
"Avira AntiVir Guard" (AntiVirService) - "Avira GmbH" - D:\Programme\Avira\AntiVir Desktop\avguard.exe
"Avira AntiVir Planer" (AntiVirSchedulerService) - "Avira GmbH" - D:\Programme\Avira\AntiVir Desktop\sched.exe
"Dienst "Bonjour"" (Bonjour Service) - "Apple Inc." - C:\Programme\Bonjour\mDNSResponder.exe
"FLEXnet Licensing Service" (FLEXnet Licensing Service) - "Macrovision Europe Ltd." - C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
"Google Software Updater" (gusvc) - "Google" - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe
"Google Update Service (gupdate)" (gupdate) - "Google Inc." - C:\Programme\Google\Update\GoogleUpdate.exe
"Java Quick Starter" (JavaQuickStarterService) - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jqs.exe
"NVIDIA Display Driver Service" (NVSvc) - "NVIDIA Corporation" - C:\WINDOWS\system32\nvsvc32.exe
"StarWind iSCSI Service" (StarWindService) - "Rocket Division Software" - C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
"Windows Media Connect (WMC)" (WmcCds) - "Microsoft Corporation" - c:\programme\windows media connect\mswmccds.exe
"Windows Media Connect-Hilfsprogramm" (WmcCdsLs) - "Microsoft Corporation" - C:\Programme\Windows Media Connect\mswmcls.exe

[Winlogon]
-----( HKCU\Control Panel\IOProcs )-----
"MVB" - ? - mvfs32.dll  (File not found)

[Winsock Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )-----
"mdnsNSP" - "Apple Inc." - C:\Programme\Bonjour\mdnsNSP.dll

===[ Logfile end ]=========================================[ Logfile end ]===
--- --- ---
If You have questions or want to get some help, You can visit Online Solutions :: Index[/QUOTE]

Zitat:
MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows XP Professional
Windows Information: Service Pack 2 (build 2600)
Logical Drives Mask: 0x0000003d

Kernel Drivers (total 126):
0x804D7000 \WINDOWS\system32\ntoskrnl.exe
0x806ED000 \WINDOWS\system32\hal.dll
0xF7AAF000 \WINDOWS\system32\KDCOM.DLL
0xF79BF000 \WINDOWS\system32\BOOTVID.dll
0xF748D000 spoj.sys
0xF7AB1000 \WINDOWS\System32\Drivers\WMILIB.SYS
0xF7475000 \WINDOWS\System32\Drivers\SCSIPORT.SYS
0xF7446000 ACPI.sys
0xF7435000 pci.sys
0xF75AF000 isapnp.sys
0xF7AB3000 viaidexp.sys
0xF782F000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xF75BF000 MountMgr.sys
0xF7416000 ftdisk.sys
0xF7AB5000 dmload.sys
0xF73F0000 dmio.sys
0xF7837000 PartMgr.sys
0xF75CF000 VolSnap.sys
0xF73D8000 atapi.sys
0xF75DF000 disk.sys
0xF75EF000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xF73B9000 fltMgr.sys
0xF73A7000 sr.sys
0xF7390000 KSecDD.sys
0xF7303000 Ntfs.sys
0xF72D6000 NDIS.sys
0xF726B000 timntr.sys
0xF783F000 viaagp1.sys
0xF7250000 Mup.sys
0xF761F000 \SystemRoot\system32\DRIVERS\amdk7.sys
0xF6FAF000 \SystemRoot\system32\DRIVERS\nv4_mini.sys
0xF6F9B000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xF6F3E000 \SystemRoot\system32\drivers\cmaudio.sys
0xF6F1A000 \SystemRoot\system32\drivers\portcls.sys
0xF762F000 \SystemRoot\system32\drivers\drmk.sys
0xF6EF7000 \SystemRoot\system32\drivers\ks.sys
0xF7867000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0xF6ED4000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xF786F000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xF763F000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0xF787F000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xF764F000 \SystemRoot\system32\DRIVERS\imapi.sys
0xF765F000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xF766F000 \SystemRoot\system32\DRIVERS\redbook.sys
0xF767F000 \SystemRoot\system32\DRIVERS\fetnd5b.sys
0xF6E8A000 \SystemRoot\System32\Drivers\vaxscsi.sys
0xF78A7000 \SystemRoot\system32\DRIVERS\fdc.sys
0xF6E79000 \SystemRoot\system32\DRIVERS\serial.sys
0xF7A6F000 \SystemRoot\system32\DRIVERS\serenum.sys
0xF6E65000 \SystemRoot\system32\DRIVERS\parport.sys
0xF7A77000 \SystemRoot\system32\DRIVERS\gameenum.sys
0xF7C6F000 \SystemRoot\system32\DRIVERS\audstub.sys
0xF768F000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xF7A7F000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xF6E26000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xF769F000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xF76AF000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xF78C7000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xF6E15000 \SystemRoot\system32\DRIVERS\psched.sys
0xF76BF000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xF78D7000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xF78E7000 \SystemRoot\system32\DRIVERS\raspti.sys
0xF76CF000 \SystemRoot\System32\Drivers\pcouffin.sys
0xF6DE4000 \SystemRoot\system32\DRIVERS\rdpdr.sys
0xF76DF000 \SystemRoot\system32\DRIVERS\termdd.sys
0xF78EF000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xF7ABF000 \SystemRoot\system32\DRIVERS\swenum.sys
0xF6DB0000 \SystemRoot\system32\DRIVERS\update.sys
0xF7AA7000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xF76EF000 \SystemRoot\system32\DRIVERS\cledx.sys
0xF76FF000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xF770F000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xF7AC5000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xF7907000 \SystemRoot\system32\DRIVERS\flpydisk.sys
0xF7AC9000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xF7CB3000 \SystemRoot\System32\Drivers\Null.SYS
0xF7ACD000 \SystemRoot\System32\Drivers\Beep.SYS
0xF791F000 \SystemRoot\System32\drivers\vga.sys
0xF7AD1000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xF7AD5000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xF792F000 \SystemRoot\System32\Drivers\Msfs.SYS
0xF793F000 \SystemRoot\System32\Drivers\Npfs.SYS
0xF7A5B000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xF5BB5000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xF5B5D000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xF5B35000 \SystemRoot\system32\DRIVERS\netbt.sys
0xF5B14000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xF772F000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xF5AF2000 \SystemRoot\System32\drivers\afd.sys
0xF773F000 \SystemRoot\system32\DRIVERS\netbios.sys
0xF7957000 \SystemRoot\system32\DRIVERS\ssmdrv.sys
0xF5AC6000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xF5A57000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xF774F000 \SystemRoot\System32\Drivers\Fips.SYS
0xF5A31000 \SystemRoot\system32\DRIVERS\avipbb.sys
0xF7ADB000 \??\D:\Programme\Avira\AntiVir Desktop\avgio.sys
0xF776F000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xF59F1000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xF7ADF000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xF799F000 \SystemRoot\System32\watchdog.sys
0xF5C04000 \SystemRoot\System32\drivers\Dxapi.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xF7C00000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF012000 \SystemRoot\System32\nv4_disp.dll
0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
0xF4979000 \SystemRoot\system32\DRIVERS\avgntflt.sys
0xF6D20000 \SystemRoot\system32\DRIVERS\tifsfilt.sys
0xF49AE000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xF3FE4000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0xF7B1F000 \SystemRoot\System32\Drivers\ParVdm.SYS
0xF3D9F000 \SystemRoot\system32\drivers\wdmaud.sys
0xF4889000 \SystemRoot\system32\drivers\sysaudio.sys
0xF78AF000 \SystemRoot\system32\DRIVERS\secdrv.sys
0xF3C86000 \SystemRoot\system32\DRIVERS\hidusb.sys
0xF5909000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0xF7937000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0xF3C7E000 \SystemRoot\system32\DRIVERS\mouhid.sys
0xF3A11000 \SystemRoot\system32\DRIVERS\srv.sys
0xF38AE000 \SystemRoot\System32\Drivers\Fastfat.SYS
0xF359D000 \SystemRoot\System32\Drivers\HTTP.sys
0xF7AB9000 \??\C:\WINDOWS\system32\Drivers\PROCEXP113.SYS
0xF7897000 \??\C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\catchme.sys
0xF0ADC000 \??\C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\fglyqpog.sys
0xF0A74000 \SystemRoot\system32\DRIVERS\rt73.sys
0x7C910000 \WINDOWS\system32\ntdll.dll

Processes (total 33):
0 System Idle Process
4 System
640 C:\WINDOWS\system32\smss.exe
696 csrss.exe
720 C:\WINDOWS\system32\winlogon.exe
764 C:\WINDOWS\system32\services.exe
776 C:\WINDOWS\system32\lsass.exe
936 C:\WINDOWS\system32\svchost.exe
1016 svchost.exe
1056 C:\WINDOWS\system32\svchost.exe
1104 svchost.exe
1176 svchost.exe
1328 C:\WINDOWS\system32\spoolsv.exe
1364 D:\Programme\Avira\AntiVir Desktop\sched.exe
1464 D:\Programme\Avira\AntiVir Desktop\avguard.exe
1476 C:\Programme\Bonjour\mDNSResponder.exe
1540 D:\Programme\Avira\AntiVir Desktop\avshadow.exe
1624 C:\Programme\Google\Update\GoogleUpdate.exe
1652 C:\Programme\Java\jre6\bin\jqs.exe
1808 C:\WINDOWS\system32\nvsvc32.exe
1904 C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
1964 C:\WINDOWS\system32\svchost.exe
1980 wdfmgr.exe
636 D:\Programme\Avira\AntiVir Desktop\avgnt.exe
1884 C:\WINDOWS\system32\ctfmon.exe
1496 D:\Programme\CursorXP\CursorXP.exe
2572 alg.exe
3168 C:\WINDOWS\system32\svchost.exe
592 C:\WINDOWS\system32\wuauclt.exe
1296 C:\WINDOWS\explorer.exe
3524 C:\WINDOWS\mixer.exe
1900 C:\Programme\Mozilla Firefox\firefox.exe
2680 C:\Dokumente und Einstellungen\Administrator\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000004`e22d6a00 (NTFS)

PhysicalDrive0 Model Number: ExcelStorTechnologyJ8080, Rev: P21OA85A

Size Device Name MBR Status
--------------------------------------------
76 GB \\.\PhysicalDrive0 Windows XP MBR code detected
SHA1: ADFE55CD0C6ED2E00B22375835E4C2736CE9AD11


Done!

Marcel121 01.02.2011 20:24
Hier die Logs:
GMER Logfile:
Code:
GMER 1.0.15.15530 - GMER - Rootkit Detector and Remover
Rootkit scan 2011-02-01 20:17:38
Windows 5.1.2600 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 ExcelStor_Technology_J8080 rev.P21OA85A
Running: zf9l02d6.exe; Driver: C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\fglyqpog.sys


---- System - GMER 1.0.15 ----

SSDT            F7CD3C1E                                                                                                              ZwCreateKey
SSDT            F7CD3C14                                                                                                              ZwCreateThread
SSDT            F7CD3C23                                                                                                              ZwDeleteKey
SSDT            F7CD3C2D                                                                                                              ZwDeleteValueKey
SSDT            spoj.sys                                                                                                              ZwEnumerateKey [0xF74ACCA4]
SSDT            spoj.sys                                                                                                              ZwEnumerateValueKey [0xF74AD032]
SSDT            F7CD3C32                                                                                                              ZwLoadKey
SSDT            spoj.sys                                                                                                              ZwOpenKey [0xF748E0C0]
SSDT            F7CD3C00                                                                                                              ZwOpenProcess
SSDT            F7CD3C05                                                                                                              ZwOpenThread
SSDT            spoj.sys                                                                                                              ZwQueryKey [0xF74AD10A]
SSDT            spoj.sys                                                                                                              ZwQueryValueKey [0xF74ACF8A]
SSDT            F7CD3C3C                                                                                                              ZwReplaceKey
SSDT            F7CD3C37                                                                                                              ZwRestoreKey
SSDT            F7CD3C28                                                                                                              ZwSetValueKey

INT 0x62        ?                                                                                                                    86F6EBF8
INT 0x63        ?                                                                                                                    86E90F00
INT 0x63        ?                                                                                                                    86E90F00
INT 0x63        ?                                                                                                                    86E90F00
INT 0x63        ?                                                                                                                    86E90F00
INT 0x63        ?                                                                                                                    86E90F00
INT 0x82        ?                                                                                                                    86F6EBF8

Code            \??\C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\catchme.sys                                                                    pIofCallDriver

---- Kernel code sections - GMER 1.0.15 ----

?              spoj.sys                                                                                                              Das System kann die angegebene Datei nicht finden. !
.text          USBPORT.SYS!DllUnload                                                                                                F6EEC62C 5 Bytes  JMP 86E904E0
.text          vaxscsi.sys!A0DB34FC6FE35D429A28ADDE5467D4D7                                                                          F6E8B4D0 48 Bytes  [3A, C2, 71, BE, 3C, 40, AC, ...]
?              C:\WINDOWS\System32\Drivers\vaxscsi.sys                                                                              Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird.
?              C:\WINDOWS\system32\Drivers\PROCEXP113.SYS                                                                            Das System kann die angegebene Datei nicht finden. !
?              C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\catchme.sys                                                                        Das System kann die angegebene Datei nicht finden. !

---- User code sections - GMER 1.0.15 ----

.text          D:\Programme\Avira\AntiVir Desktop\avgnt.exe[636] USER32.dll!GetCursor                                                77D1CECD 5 Bytes  JMP 01701080 D:\Programme\CursorXP\CurXP0.dll (CursorXP control panel/ )
.text          D:\Programme\Avira\AntiVir Desktop\avgnt.exe[636] USER32.dll!GetIconInfo                                              77D1E9A1 5 Bytes  JMP 01701030 D:\Programme\CursorXP\CurXP0.dll (CursorXP control panel/ )
.text          D:\Programme\Avira\AntiVir Desktop\avgnt.exe[636] USER32.dll!DrawIconEx                                              77D1F38A 5 Bytes  JMP 01701120 D:\Programme\CursorXP\CurXP0.dll (CursorXP control panel/ )
.text          C:\WINDOWS\explorer.exe[1296] USER32.dll!GetCursor                                                                    77D1CECD 5 Bytes  JMP 10001080 D:\Programme\CursorXP\CurXP0.dll (CursorXP control panel/ )
.text          C:\WINDOWS\explorer.exe[1296] USER32.dll!GetIconInfo                                                                  77D1E9A1 5 Bytes  JMP 10001030 D:\Programme\CursorXP\CurXP0.dll (CursorXP control panel/ )
.text          C:\WINDOWS\explorer.exe[1296] USER32.dll!DrawIconEx                                                                  77D1F38A 5 Bytes  JMP 10001120 D:\Programme\CursorXP\CurXP0.dll (CursorXP control panel/ )
.text          C:\Dokumente und Einstellungen\Administrator\Desktop\Downloads\zf9l02d6.exe[2904] USER32.dll!GetCursor                77D1CECD 5 Bytes  JMP 10001080 D:\Programme\CursorXP\CurXP0.dll (CursorXP control panel/ )
.text          C:\Dokumente und Einstellungen\Administrator\Desktop\Downloads\zf9l02d6.exe[2904] USER32.dll!GetIconInfo              77D1E9A1 5 Bytes  JMP 10001030 D:\Programme\CursorXP\CurXP0.dll (CursorXP control panel/ )
.text          C:\Dokumente und Einstellungen\Administrator\Desktop\Downloads\zf9l02d6.exe[2904] USER32.dll!DrawIconEx              77D1F38A 5 Bytes  JMP 10001120 D:\Programme\CursorXP\CurXP0.dll (CursorXP control panel/ )
.text          C:\WINDOWS\Mixer.exe[3524] USER32.dll!GetCursor                                                                      77D1CECD 5 Bytes  JMP 016F1080 D:\Programme\CursorXP\CurXP0.dll (CursorXP control panel/ )
.text          C:\WINDOWS\Mixer.exe[3524] USER32.dll!GetIconInfo                                                                    77D1E9A1 5 Bytes  JMP 016F1030 D:\Programme\CursorXP\CurXP0.dll (CursorXP control panel/ )
.text          C:\WINDOWS\Mixer.exe[3524] USER32.dll!DrawIconEx                                                                      77D1F38A 5 Bytes  JMP 016F1120 D:\Programme\CursorXP\CurXP0.dll (CursorXP control panel/ )

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT            \WINDOWS\System32\Drivers\SCSIPORT.SYS[ntoskrnl.exe!DbgBreakPoint]                                                    86FDC2D8
IAT            pci.sys[ntoskrnl.exe!IoDetachDevice]                                                                                  [F74BFC4C] spoj.sys
IAT            pci.sys[ntoskrnl.exe!IoAttachDeviceToDeviceStack]                                                                    [F74BFCA0] spoj.sys
IAT            atapi.sys[HAL.dll!READ_PORT_UCHAR]                                                                                    [F748F042] spoj.sys
IAT            atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT]                                                                            [F748F13E] spoj.sys
IAT            atapi.sys[HAL.dll!READ_PORT_USHORT]                                                                                  [F748F0C0] spoj.sys
IAT            atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT]                                                                          [F748F800] spoj.sys
IAT            atapi.sys[HAL.dll!WRITE_PORT_UCHAR]                                                                                  [F748F6D6] spoj.sys
IAT            \SystemRoot\system32\DRIVERS\USBPORT.SYS[ntoskrnl.exe!DbgBreakPoint]                                                  86E905E0
IAT            \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR]                                                    [F749EE9C] spoj.sys

---- Devices - GMER 1.0.15 ----

Device          \FileSystem\Ntfs \Ntfs                                                                                                86F6D1F8
Device          \FileSystem\Fastfat \FatCdrom                                                                                        86D61500
Device          \Driver\usbuhci \Device\USBPDO-0                                                                                      86F13500
Device          \Driver\PCI_PNP5504 \Device\00000044                                                                                  spoj.sys
Device          \Driver\usbuhci \Device\USBPDO-1                                                                                      86F13500
Device          \Driver\dmio \Device\DmControl\DmIoDaemon                                                                            86FDA1F8
Device          \Driver\dmio \Device\DmControl\DmConfig                                                                              86FDA1F8
Device          \Driver\dmio \Device\DmControl\DmPnP                                                                                  86FDA1F8
Device          \Driver\dmio \Device\DmControl\DmInfo                                                                                86FDA1F8
Device          \Driver\usbuhci \Device\USBPDO-2                                                                                      86F13500
Device          \Driver\usbehci \Device\USBPDO-3                                                                                      86F0B1F8
Device          \Driver\Ftdisk \Device\HarddiskVolume1                                                                                86F6F1F8
Device          \Driver\Ftdisk \Device\HarddiskVolume2                                                                                86F6F1F8
Device          \Driver\Cdrom \Device\CdRom0                                                                                          86E641F8
Device          \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17                                                                          86F6E1F8
Device          \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3                                                                          86F6E1F8
Device          \Driver\atapi \Device\Ide\IdePort0                                                                                    86F6E1F8
Device          \Driver\atapi \Device\Ide\IdePort1                                                                                    86F6E1F8
Device          \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-f                                                                          86F6E1F8
Device          \Driver\Cdrom \Device\CdRom1                                                                                          86E641F8
Device          \Driver\NetBT \Device\NetBt_Wins_Export                                                                              86CB21F8
Device          \Driver\NetBT \Device\NetbiosSmb                                                                                      86CB21F8
Device          \Driver\usbuhci \Device\USBFDO-0                                                                                      86F13500
Device          \Driver\usbuhci \Device\USBFDO-1                                                                                      86F13500
Device          \FileSystem\MRxSmb \Device\LanmanDatagramReceiver                                                                    86CB7500
Device          \Driver\usbuhci \Device\USBFDO-2                                                                                      86F13500
Device          \FileSystem\MRxSmb \Device\LanmanRedirector                                                                          86CB7500
Device          \Driver\usbehci \Device\USBFDO-3                                                                                      86F0B1F8
Device          \Driver\Ftdisk \Device\FtControl                                                                                      86F6F1F8
Device          \Driver\NetBT \Device\NetBT_Tcpip_{740DC537-F77C-4AE3-A34A-94075CBA8284}                                              86CB21F8
Device          \Driver\vaxscsi \Device\Scsi\vaxscsi1                                                                                86E5D1F8
Device          \FileSystem\Fastfat \Fat                                                                                              86D61500

AttachedDevice  \FileSystem\Fastfat \Fat                                                                                              fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

Device          \FileSystem\Cdfs \Cdfs                                                                                                86CFC1F8

---- Registry - GMER 1.0.15 ----

Reg            HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)                 
Reg            HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0                                      C:\Programme\Alcohol Soft\Alcohol 120\
Reg            HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0                                      0
Reg            HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew                                    0xB2 0x40 0xD9 0x1A ...
Reg            HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet)       
Reg            HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0                              0x20 0x01 0x00 0x00 ...
Reg            HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew                          0x14 0xCF 0x82 0x0D ...
Reg            HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 (not active ControlSet) 
Reg            HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew                    0xD9 0x31 0xBA 0xA3 ...
Reg            HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)                 
Reg            HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0                                      C:\Programme\Alcohol Soft\Alcohol 120\
Reg            HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0                                      0
Reg            HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew                                    0xB2 0x40 0xD9 0x1A ...
Reg            HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet)       
Reg            HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0                              0x20 0x01 0x00 0x00 ...
Reg            HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew                          0x14 0xCF 0x82 0x0D ...
Reg            HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 (not active ControlSet) 
Reg            HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew                    0xD9 0x31 0xBA 0xA3 ...
Reg            HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)                 
Reg            HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0                                      C:\Programme\Alcohol Soft\Alcohol 120\
Reg            HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0                                      0
Reg            HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew                                    0xB2 0x40 0xD9 0x1A ...
Reg            HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet)       
Reg            HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0                              0x20 0x01 0x00 0x00 ...
Reg            HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew                          0x14 0xCF 0x82 0x0D ...
Reg            HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 (not active ControlSet) 
Reg            HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew                    0xD9 0x31 0xBA 0xA3 ...
Reg            HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1                                                                    1958251951
Reg            HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2                                                                    361294002
Reg            HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0                                                                    3
Reg            HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04                                     
Reg            HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0                                  C:\Programme\Alcohol Soft\Alcohol 120\
Reg            HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0                                  0
Reg            HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew                                0x4E 0xBF 0x66 0x8C ...
Reg            HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001                           
Reg            HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0                          0x20 0x01 0x00 0x00 ...
Reg            HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew                      0x14 0xCF 0x82 0x0D ...
Reg            HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40                     
Reg            HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew                0xD9 0x31 0xBA 0xA3 ...
Reg            HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC                                     
Reg            HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                  2
Reg            HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                                0xC5 0x3D 0x75 0x6C ...
Reg            HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4                                     
Reg            HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0                                  1
Reg            HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh                                0x5A 0xB9 0x6C 0x51 ...
Reg            HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001                           
Reg            HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh                      0xBE 0xD8 0xFB 0x52 ...
Reg            HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40                     
Reg            HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh                0xF3 0xD5 0x4B 0x0F ...
Reg            HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)                 
Reg            HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0                                      C:\Programme\Alcohol Soft\Alcohol 120\
Reg            HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0                                      0
Reg            HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew                                    0x4E 0xBF 0x66 0x8C ...
Reg            HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet)       
Reg            HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0                              0x20 0x01 0x00 0x00 ...
Reg            HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew                          0x14 0xCF 0x82 0x0D ...
Reg            HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 (not active ControlSet) 
Reg            HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew                    0xD9 0x31 0xBA 0xA3 ...
Reg            HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)                 
Reg            HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                      2
Reg            HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                                    0xC5 0x3D 0x75 0x6C ...
Reg            HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)                 
Reg            HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0                                      1
Reg            HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh                                    0x5A 0xB9 0x6C 0x51 ...
Reg            HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)       
Reg            HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh                          0xBE 0xD8 0xFB 0x52 ...
Reg            HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet) 
Reg            HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh                    0xF3 0xD5 0x4B 0x0F ...

---- EOF - GMER 1.0.15 ----
--- --- ---


OSAM Logfile:
Code:
Report of OSAM: Autorun Manager v5.0.11926.0
Online Solutions. Complex Protection for Information Systems
Saved at 20:22:50 on 01.02.2011

OS: Windows XP Professional Service Pack 2 (Build 2600)
Default Browser: Mozilla Corporation Firefox 3.6.13

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Common]
-----( %SystemRoot%\Tasks )-----
"GoogleUpdateTaskMachineCore1cb6c33e1cd5b6.job" - "Google Inc." - C:\Programme\Google\Update\GoogleUpdate.exe
"Google Software Updater.job" - "Google" - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe

[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"javacpl.cpl" - "Sun Microsystems, Inc." - C:\WINDOWS\system32\javacpl.cpl
"nvtuicpl.cpl" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvtuicpl.cpl
"plugincpl131_03.cpl" - "Sun Microsystems" - C:\WINDOWS\system32\plugincpl131_03.cpl
"razer.cpl" - "Razer Inc." - C:\WINDOWS\system32\razer.cpl
"Startup.cpl" - ? - C:\WINDOWS\system32\Startup.cpl  (File found, but it contains no detailed information)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"Avira AntiVir Personal - Free Antivirus " - "Avira GmbH" - D:\PROGRA~1\Avira\ANTIVI~1\avconfig.cpl
"ContentDirectory" - "Microsoft Corporation" - c:\programme\windows media connect\mswmccpl.dll

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"Acronis True Image Backup Archive Explorer" (timounter) - "Acronis" - C:\WINDOWS\System32\DRIVERS\timntr.sys
"Acronis True Image FS Filter" (tifsfilter) - "Acronis" - C:\WINDOWS\System32\DRIVERS\tifsfilt.sys
"avgio" (avgio) - "Avira GmbH" - D:\Programme\Avira\AntiVir Desktop\avgio.sys
"avgntflt" (avgntflt) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\avgntflt.sys
"avipbb" (avipbb) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\avipbb.sys
"catchme" (catchme) - ? - C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\catchme.sys  (File not found)
"Changer" (Changer) - ? - C:\WINDOWS\system32\drivers\Changer.sys  (File not found)
"EagleNT" (EagleNT) - ? - C:\WINDOWS\system32\drivers\EagleNT.sys  (File not found)
"fglyqpog" (fglyqpog) - ? - C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\fglyqpog.sys  (Hidden registry entry, rootkit activity | File not found)
"FsUsbExDisk" (FsUsbExDisk) - ? - C:\WINDOWS\system32\FsUsbExDisk.SYS  (File found, but it contains no detailed information)
"i2omgmt" (i2omgmt) - ? - C:\WINDOWS\system32\drivers\i2omgmt.sys  (File not found)
"lbrtfdc" (lbrtfdc) - ? - C:\WINDOWS\system32\drivers\lbrtfdc.sys  (File not found)
"mbr" (mbr) - ? - C:\cofi\mbr.sys  (Hidden registry entry, rootkit activity | File not found)
"MSI US54EX Wireless Adapter" (RT73) - "Ralink Technology, Corp." - C:\WINDOWS\System32\DRIVERS\rt73.sys
"NeroCdNt" (NeroCdNt) - ? - C:\WINDOWS\system32\drivers\NeroCdNt.sys  (File not found)
"Nsynas32" (Nsynas32) - ? - C:\WINDOWS\system32\drivers\Nsynas32.sys  (File not found)
"nv" (nv) - "NVIDIA Corporation" - C:\WINDOWS\System32\DRIVERS\nv4_mini.sys
"PCCS Mode Change Filter Driver" (pccsmcfd) - ? - C:\WINDOWS\System32\DRIVERS\pccsmcfd.sys  (File not found)
"PCIDump" (PCIDump) - ? - C:\WINDOWS\system32\drivers\PCIDump.sys  (File not found)
"PDCOMP" (PDCOMP) - ? - C:\WINDOWS\system32\drivers\PDCOMP.sys  (File not found)
"PDFRAME" (PDFRAME) - ? - C:\WINDOWS\system32\drivers\PDFRAME.sys  (File not found)
"PDRELI" (PDRELI) - ? - C:\WINDOWS\system32\drivers\PDRELI.sys  (File not found)
"PDRFRAME" (PDRFRAME) - ? - C:\WINDOWS\system32\drivers\PDRFRAME.sys  (File not found)
"PxHelp20" (PxHelp20) - ? - C:\WINDOWS\System32\Drivers\PxHelp20.sys  (File not found)
"Secdrv" (Secdrv) - ? - C:\WINDOWS\System32\DRIVERS\secdrv.sys  (File found, but it contains no detailed information)
"Service - Line 6 UX2" (L6UX2) - ? - C:\WINDOWS\System32\Drivers\L6UX2.sys  (File not found)
"sptd" (sptd) - "Duplex Secure Ltd." - C:\WINDOWS\System32\Drivers\sptd.sys  (File is exclusively opened, access blocked)
"ssmdrv" (ssmdrv) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\ssmdrv.sys
"SynasUSB" (SynasUSB) - "SIA Syncrosoft" - C:\WINDOWS\System32\drivers\SynasUSB.sys
"Team H2O CLEDX service" (CLEDX) - "Team H2O" - C:\WINDOWS\System32\DRIVERS\cledx.sys
"vaxscsi" (vaxscsi) - "Alcohol Soft Co., Ltd." - C:\WINDOWS\System32\Drivers\vaxscsi.sys  (File is exclusively opened, access blocked)
"VSO Software pcouffin" (pcouffin) - "VSO Software" - C:\WINDOWS\System32\Drivers\pcouffin.sys
"WDICA" (WDICA) - ? - C:\WINDOWS\system32\drivers\WDICA.sys  (File not found)

[Explorer]
-----( HKCU\Software\Classes\Folder\shellex\ColumnHandlers )-----
{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" - ? -  (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components )-----
{89B4C1CD-B018-4511-B0A1-5476DBF70820} "StubPath" - "Microsoft Corporation" - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{7D4D6379-F301-4311-BEBA-E26EB0561882} "NeroDigitalColumnHandler Class" - "Nero AG" - C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroDigitalExt.dll
-----( HKLM\Software\Classes\Protocols\Filter )-----
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
-----( HKLM\Software\Classes\Protocols\Handler )-----
{828030A1-22C1-4009-854F-8E305202313F} "livecall" - "Microsoft Corporation" - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
{828030A1-22C1-4009-854F-8E305202313F} "msnim" - "Microsoft Corporation" - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{32020A01-506E-484D-A2A8-BE3CF17601C3} "AlcoholShellEx" - "Alcohol Soft Development Team" - C:\PROGRA~1\ALCOHO~1\ALCOHO~1\axshlex.dll
{2AA59FC0-31E8-42DA-9D3C-E9A52953853B} "CopyToCD shell extension" - "VSO Software" - D:\Programme\vso\copytodvd\CtcdShell.dll
{42071714-76d4-11d1-8b24-00a0c9068ff3} "CPL-Erweiterung für Anzeigeverschiebung" - ? - deskpan.dll  (File not found)
{1CDB2949-8F65-4355-8456-263E7C208A5D} "Desktop Explorer" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvshell.dll
{1E9B04FB-F9E5-4718-997B-B8DA88302A47} "Desktop Explorer Menu" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvshell.dll
{A70C977A-BF00-412C-90B7-034C51DA2439} "DesktopContext Class" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvcpl.dll
{1D2680C9-0E2A-469d-B787-065558BC7D43} "Fusion Cache" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
{73B24247-042E-4EF5-ADC2-42F62E6FD654} "MCLiteShellExt Class" - ? - D:\Programme\ICQLite\ICQLiteShell.dll
{B327765E-D724-4347-8B16-78AE18552FC3} "NeroDigitalIconHandler Class" - "Nero AG" - C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroDigitalExt.dll
{7F1CF152-04F8-453A-B34C-E609530A9DC8} "NeroDigitalPropSheetHandler Class" - "Nero AG" - C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroDigitalExt.dll
{FFB699E0-306A-11d3-8BD1-00104B6F7516} "NVIDIA CPL Extension" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvcpl.dll
{1E9B04FB-F9E5-4718-997B-B8DA88302A48} "nView Desktop Context Menu" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvshell.dll
{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "OpenOffice.org Column Handler" - ? -  (File not found | COM-object registry key not found)
{087B3AE3-E237-4467-B8DB-5A38AB959AC9} "OpenOffice.org Infotip Handler" - ? -  (File not found | COM-object registry key not found)
{63542C48-9552-494A-84F7-73AA6A7C99C1} "OpenOffice.org Property Sheet Handler" - ? -  (File not found | COM-object registry key not found)
{3B092F0C-7696-40E3-A80F-68D74DA84210} "OpenOffice.org Thumbnail Viewer" - ? -  (File not found | COM-object registry key not found)
{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira GmbH" - D:\Programme\Avira\AntiVir Desktop\shlext.dll
{E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} "Shell Icon Handler for Application References" - "Microsoft Corporation" - C:\WINDOWS\system32\dfshim.dll
{e82a2d71-5b2f-43a0-97b8-81be15854de8} "ShellLink for Application References" - "Microsoft Corporation" - C:\WINDOWS\system32\dfshim.dll
{B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - ? - D:\Programme\WinRAR\rarext.dll  (File found, but it contains no detailed information)

[Internet Explorer]
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
<binary data> "ITBarLayout" - ? -  (File not found | COM-object registry key not found)
<binary data> "{855F3B16-6D32-4FE6-8A56-BBB695989046}" - ? -  (File not found | COM-object registry key not found)
-----( HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks )-----
{A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} "QIPBHO Class" - "qip.ru" - C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Microsoft\Internet Explorer\qipsearchbar.dll
{855F3B16-6D32-4fe6-8A56-BBB695989046} "{855F3B16-6D32-4fe6-8A56-BBB695989046}" - ? -  (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{CC450D71-CC90-424C-8638-1F2DBAC87A54} "ArmHelper Control" - ? - ./Images/armhelper.ocx  (File not found) / file://C:\Programme\Monopoly\Images\armhelper.ocx
{20A60F0D-9AFA-4515-A0FD-83BD84642501} "Checkers Class" - "Microsoft Corporation" - C:\WINDOWS\Downloaded Program Files\msgrchkr.dll / hxxp://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_15" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_15.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} "Java Plug-in 1.6.0_15" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_15.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_15" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_15.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
{C3F79A2B-B9B4-4A66-B012-3EE46475B072} "MessengerStatsClient Class" - "Microsoft Corporation" - C:\WINDOWS\Downloaded Program Files\MessengerStatsPAClient.dll / hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
{F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} "Minesweeper Flags Class" - "Microsoft Corporation" - C:\WINDOWS\Downloaded Program Files\MineSweeper.dll / hxxp://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
{B8BE5E93-A60C-4D26-A2DC-220313175592} "MSN Games - Installer" - "Microsoft Corporation" - C:\WINDOWS\Downloaded Program Files\ZIntro.ocx / hxxp://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
{D27CDB6E-AE6D-11CF-96B8-444553540000} "Shockwave Flash Object" - "Adobe Systems, Inc." - C:\WINDOWS\system32\Macromed\Flash\Flash10l.ocx / https://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
{5C051655-FCD5-4969-9182-770EA5AA5565} "Solitaire Showdown Class" - "Microsoft Corporation" - C:\WINDOWS\Downloaded Program Files\SolitaireShowdown.dll / hxxp://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
{149E45D8-163E-4189-86FC-45022AB2B6C9} "SpinTop DRM Control" - "SpinTop Media Inc." - C:\WINDOWS\DOWNLO~1\stg_drm.ocx / file://C:\Programme\Monopoly\Images\stg_drm.ocx
{5D6F45B3-9043-443D-A792-115447494D24} "UnoCtrl Class" - "Microsoft" - C:\WINDOWS\Downloaded Program Files\GAME_UNO1.dll / hxxp://messenger.zone.msn.com/DE-DE/a-UNO1/GAME_UNO1.cab
{8FFBE65D-2C9C-4669-84BD-5829DC0B603C} "{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}" - ? -  (File not found | COM-object registry key not found) / hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBA} "{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBA}" - ? -  (File not found | COM-object registry key not found) / hxxp://java.sun.com/products/plugin/1.3.1/jinstall-131_03-win.cab
{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} "{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}" - ? -  (File not found | COM-object registry key not found) / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} "{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}" - ? -  (File not found | COM-object registry key not found) / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} "{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}" - ? -  (File not found | COM-object registry key not found) / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} "{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}" - ? -  (File not found | COM-object registry key not found) / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
"ICQ Lite" - "ICQ Ltd." - D:\Programme\ICQLite\ICQLite.exe
"Knowledge Base Suche" - ? - Help and Support  (HTTP value)
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )-----
<binary data> "{855F3B16-6D32-4fe6-8A56-BBB695989046}" - ? -  (File not found | COM-object registry key not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} "AcroIEHlprObj Class" - ? - d:\Programme\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} "Google Toolbar Notifier BHO" - "Google Inc." - C:\Programme\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jp2ssv.dll
{E7E6F031-17CE-4C07-BC86-EABFE594F69C} "JQSIEStartDetectorImpl Class" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
{A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} "QIPBHO Class" - "qip.ru" - C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Microsoft\Internet Explorer\qipsearchbar.dll
{9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live Anmelde-Hilfsprogramm" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
{5C255C8A-E604-49b4-9D64-90988571CECB} "{5C255C8A-E604-49b4-9D64-90988571CECB}" - ? -  (File not found | COM-object registry key not found)

[Logon]
-----( %AllUsersProfile%\Startmenü\Programme\Autostart )-----
"desktop.ini" - ? - C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\desktop.ini
-----( %UserProfile%\Startmenü\Programme\Autostart )-----
"desktop.ini" - ? - C:\Dokumente und Einstellungen\Administrator\Startmenü\Programme\Autostart\desktop.ini
-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----
"CursorXP" - " " - D:\Programme\CursorXP\CursorXP.exe
-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce )-----
"ICQ Lite" - "ICQ Ltd." - D:\Programme\ICQLite\ICQLite.exe -trayboot
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"avgnt" - "Avira GmbH" - "D:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min
"NvCplDaemon" - "NVIDIA Corporation" - RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
"NvMediaCenter" - "NVIDIA Corporation" - RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
"nwiz" - "NVIDIA Corporation" - nwiz.exe /install
"razertra" - "Razer Inc." - d:\Programme\Razer\razertra.exe

[Print Monitors]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----
"Canon BJ Language Monitor iP4300" - "CANON INC." - C:\WINDOWS\system32\CNMLM86.DLL

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
".NET Runtime Optimization Service v2.0.50727_X86" (clr_optimization_v2.0.50727_32) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
"ASP.NET State Service" (aspnet_state) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
"Avira AntiVir Guard" (AntiVirService) - "Avira GmbH" - D:\Programme\Avira\AntiVir Desktop\avguard.exe
"Avira AntiVir Planer" (AntiVirSchedulerService) - "Avira GmbH" - D:\Programme\Avira\AntiVir Desktop\sched.exe
"Dienst "Bonjour"" (Bonjour Service) - "Apple Inc." - C:\Programme\Bonjour\mDNSResponder.exe
"FLEXnet Licensing Service" (FLEXnet Licensing Service) - "Macrovision Europe Ltd." - C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
"Google Software Updater" (gusvc) - "Google" - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe
"Google Update Service (gupdate)" (gupdate) - "Google Inc." - C:\Programme\Google\Update\GoogleUpdate.exe
"Java Quick Starter" (JavaQuickStarterService) - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jqs.exe
"NVIDIA Display Driver Service" (NVSvc) - "NVIDIA Corporation" - C:\WINDOWS\system32\nvsvc32.exe
"StarWind iSCSI Service" (StarWindService) - "Rocket Division Software" - C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
"Windows Media Connect (WMC)" (WmcCds) - "Microsoft Corporation" - c:\programme\windows media connect\mswmccds.exe
"Windows Media Connect-Hilfsprogramm" (WmcCdsLs) - "Microsoft Corporation" - C:\Programme\Windows Media Connect\mswmcls.exe

[Winlogon]
-----( HKCU\Control Panel\IOProcs )-----
"MVB" - ? - mvfs32.dll  (File not found)

[Winsock Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )-----
"mdnsNSP" - "Apple Inc." - C:\Programme\Bonjour\mdnsNSP.dll

===[ Logfile end ]=========================================[ Logfile end ]===
--- --- ---

If You have questions or want to get some help, You can visit Online Solutions :: Index[/QUOTE]

Zitat:
MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows XP Professional
Windows Information: Service Pack 2 (build 2600)
Logical Drives Mask: 0x0000003d

Kernel Drivers (total 126):
0x804D7000 \WINDOWS\system32\ntoskrnl.exe
0x806ED000 \WINDOWS\system32\hal.dll
0xF7AAF000 \WINDOWS\system32\KDCOM.DLL
0xF79BF000 \WINDOWS\system32\BOOTVID.dll
0xF748D000 spoj.sys
0xF7AB1000 \WINDOWS\System32\Drivers\WMILIB.SYS
0xF7475000 \WINDOWS\System32\Drivers\SCSIPORT.SYS
0xF7446000 ACPI.sys
0xF7435000 pci.sys
0xF75AF000 isapnp.sys
0xF7AB3000 viaidexp.sys
0xF782F000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xF75BF000 MountMgr.sys
0xF7416000 ftdisk.sys
0xF7AB5000 dmload.sys
0xF73F0000 dmio.sys
0xF7837000 PartMgr.sys
0xF75CF000 VolSnap.sys
0xF73D8000 atapi.sys
0xF75DF000 disk.sys
0xF75EF000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xF73B9000 fltMgr.sys
0xF73A7000 sr.sys
0xF7390000 KSecDD.sys
0xF7303000 Ntfs.sys
0xF72D6000 NDIS.sys
0xF726B000 timntr.sys
0xF783F000 viaagp1.sys
0xF7250000 Mup.sys
0xF761F000 \SystemRoot\system32\DRIVERS\amdk7.sys
0xF6FAF000 \SystemRoot\system32\DRIVERS\nv4_mini.sys
0xF6F9B000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xF6F3E000 \SystemRoot\system32\drivers\cmaudio.sys
0xF6F1A000 \SystemRoot\system32\drivers\portcls.sys
0xF762F000 \SystemRoot\system32\drivers\drmk.sys
0xF6EF7000 \SystemRoot\system32\drivers\ks.sys
0xF7867000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0xF6ED4000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xF786F000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xF763F000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0xF787F000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xF764F000 \SystemRoot\system32\DRIVERS\imapi.sys
0xF765F000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xF766F000 \SystemRoot\system32\DRIVERS\redbook.sys
0xF767F000 \SystemRoot\system32\DRIVERS\fetnd5b.sys
0xF6E8A000 \SystemRoot\System32\Drivers\vaxscsi.sys
0xF78A7000 \SystemRoot\system32\DRIVERS\fdc.sys
0xF6E79000 \SystemRoot\system32\DRIVERS\serial.sys
0xF7A6F000 \SystemRoot\system32\DRIVERS\serenum.sys
0xF6E65000 \SystemRoot\system32\DRIVERS\parport.sys
0xF7A77000 \SystemRoot\system32\DRIVERS\gameenum.sys
0xF7C6F000 \SystemRoot\system32\DRIVERS\audstub.sys
0xF768F000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xF7A7F000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xF6E26000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xF769F000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xF76AF000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xF78C7000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xF6E15000 \SystemRoot\system32\DRIVERS\psched.sys
0xF76BF000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xF78D7000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xF78E7000 \SystemRoot\system32\DRIVERS\raspti.sys
0xF76CF000 \SystemRoot\System32\Drivers\pcouffin.sys
0xF6DE4000 \SystemRoot\system32\DRIVERS\rdpdr.sys
0xF76DF000 \SystemRoot\system32\DRIVERS\termdd.sys
0xF78EF000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xF7ABF000 \SystemRoot\system32\DRIVERS\swenum.sys
0xF6DB0000 \SystemRoot\system32\DRIVERS\update.sys
0xF7AA7000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xF76EF000 \SystemRoot\system32\DRIVERS\cledx.sys
0xF76FF000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xF770F000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xF7AC5000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xF7907000 \SystemRoot\system32\DRIVERS\flpydisk.sys
0xF7AC9000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xF7CB3000 \SystemRoot\System32\Drivers\Null.SYS
0xF7ACD000 \SystemRoot\System32\Drivers\Beep.SYS
0xF791F000 \SystemRoot\System32\drivers\vga.sys
0xF7AD1000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xF7AD5000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xF792F000 \SystemRoot\System32\Drivers\Msfs.SYS
0xF793F000 \SystemRoot\System32\Drivers\Npfs.SYS
0xF7A5B000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xF5BB5000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xF5B5D000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xF5B35000 \SystemRoot\system32\DRIVERS\netbt.sys
0xF5B14000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xF772F000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xF5AF2000 \SystemRoot\System32\drivers\afd.sys
0xF773F000 \SystemRoot\system32\DRIVERS\netbios.sys
0xF7957000 \SystemRoot\system32\DRIVERS\ssmdrv.sys
0xF5AC6000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xF5A57000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xF774F000 \SystemRoot\System32\Drivers\Fips.SYS
0xF5A31000 \SystemRoot\system32\DRIVERS\avipbb.sys
0xF7ADB000 \??\D:\Programme\Avira\AntiVir Desktop\avgio.sys
0xF776F000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xF59F1000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xF7ADF000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xF799F000 \SystemRoot\System32\watchdog.sys
0xF5C04000 \SystemRoot\System32\drivers\Dxapi.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xF7C00000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF012000 \SystemRoot\System32\nv4_disp.dll
0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
0xF4979000 \SystemRoot\system32\DRIVERS\avgntflt.sys
0xF6D20000 \SystemRoot\system32\DRIVERS\tifsfilt.sys
0xF49AE000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xF3FE4000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0xF7B1F000 \SystemRoot\System32\Drivers\ParVdm.SYS
0xF3D9F000 \SystemRoot\system32\drivers\wdmaud.sys
0xF4889000 \SystemRoot\system32\drivers\sysaudio.sys
0xF78AF000 \SystemRoot\system32\DRIVERS\secdrv.sys
0xF3C86000 \SystemRoot\system32\DRIVERS\hidusb.sys
0xF5909000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0xF7937000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0xF3C7E000 \SystemRoot\system32\DRIVERS\mouhid.sys
0xF3A11000 \SystemRoot\system32\DRIVERS\srv.sys
0xF38AE000 \SystemRoot\System32\Drivers\Fastfat.SYS
0xF359D000 \SystemRoot\System32\Drivers\HTTP.sys
0xF7AB9000 \??\C:\WINDOWS\system32\Drivers\PROCEXP113.SYS
0xF7897000 \??\C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\catchme.sys
0xF0ADC000 \??\C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\fglyqpog.sys
0xF0A74000 \SystemRoot\system32\DRIVERS\rt73.sys
0x7C910000 \WINDOWS\system32\ntdll.dll

Processes (total 33):
0 System Idle Process
4 System
640 C:\WINDOWS\system32\smss.exe
696 csrss.exe
720 C:\WINDOWS\system32\winlogon.exe
764 C:\WINDOWS\system32\services.exe
776 C:\WINDOWS\system32\lsass.exe
936 C:\WINDOWS\system32\svchost.exe
1016 svchost.exe
1056 C:\WINDOWS\system32\svchost.exe
1104 svchost.exe
1176 svchost.exe
1328 C:\WINDOWS\system32\spoolsv.exe
1364 D:\Programme\Avira\AntiVir Desktop\sched.exe
1464 D:\Programme\Avira\AntiVir Desktop\avguard.exe
1476 C:\Programme\Bonjour\mDNSResponder.exe
1540 D:\Programme\Avira\AntiVir Desktop\avshadow.exe
1624 C:\Programme\Google\Update\GoogleUpdate.exe
1652 C:\Programme\Java\jre6\bin\jqs.exe
1808 C:\WINDOWS\system32\nvsvc32.exe
1904 C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
1964 C:\WINDOWS\system32\svchost.exe
1980 wdfmgr.exe
636 D:\Programme\Avira\AntiVir Desktop\avgnt.exe
1884 C:\WINDOWS\system32\ctfmon.exe
1496 D:\Programme\CursorXP\CursorXP.exe
2572 alg.exe
3168 C:\WINDOWS\system32\svchost.exe
592 C:\WINDOWS\system32\wuauclt.exe
1296 C:\WINDOWS\explorer.exe
3524 C:\WINDOWS\mixer.exe
1900 C:\Programme\Mozilla Firefox\firefox.exe
2680 C:\Dokumente und Einstellungen\Administrator\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000004`e22d6a00 (NTFS)

PhysicalDrive0 Model Number: ExcelStorTechnologyJ8080, Rev: P21OA85A

Size Device Name MBR Status
--------------------------------------------
76 GB \\.\PhysicalDrive0 Windows XP MBR code detected
SHA1: ADFE55CD0C6ED2E00B22375835E4C2736CE9AD11


Done!

cosinus 01.02.2011 20:29
Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SASW und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!

Marcel121 01.02.2011 22:11
Hier schon mal der erste Log, der andere folgt Morgen:

Zitat:
SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com

Generated 02/01/2011 at 10:09 PM

Application Version : 4.48.1000

Core Rules Database Version : 6319
Trace Rules Database Version: 4131

Scan type : Complete Scan
Total Scan Time : 01:11:31

Memory items scanned : 463
Memory threats detected : 0
Registry items scanned : 6165
Registry threats detected : 0
File items scanned : 67890
File threats detected : 2

Adware.Tracking Cookie
C:\Dokumente und Einstellungen\Administrator\Cookies\administrator@at.atwola[1].txt
C:\Dokumente und Einstellungen\Administrator\Cookies\administrator@rambler[2].txt

Marcel121 02.02.2011 11:49
Und hier der andere Log:

Zitat:
Malwarebytes' Anti-Malware 1.50.1.1100
Malwarebytes

Datenbank Version: 5658

Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180

02.02.2011 10:02:44
mbam-log-2011-02-02 (10-02-44).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 183001
Laufzeit: 29 Minute(n), 17 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)

Irgendwie kommt mir mein Rechner jetzt aber langsamer als vorher vor, kann das sein?

Marcel121 02.02.2011 19:38
Zitat:
Zitat von Marcel121 (Beitrag 615764)
Irgendwie kommt mir mein Rechner jetzt aber langsamer als vorher vor, kann das sein?
Okay, das hat sich wieder gelegt, bzw. war wohl nur Einbildung.

Ist denn jetzt wieder alles i.O. ?

cosinus 02.02.2011 21:22
Sieht ok aus, da wurden nur Cookies gefunden.
Noch Probleme oder weitere Funde in der Zwischenzeit?

Marcel121 02.02.2011 21:23
Zitat:
Zitat von cosinus (Beitrag 615913)
Sieht ok aus, da wurden nur Cookies gefunden.
Noch Probleme oder weitere Funde in der Zwischenzeit?
Nein, Antivir hat keinen Mucks mehr gemacht.


Vielen Vielen Dank! :daumenhoc:daumenhoc

cosinus 02.02.2011 21:25
Dann wären wir durch! :abklatsch:

Bitte abschließend die Updates prüfen, unten mein Leitfaden dazu.
Für noch mehr Sicherheit solltest Du nach der beseitigten Infektion auch möglichst alle Passwörter ändern.


Microsoftupdate

Windows XP: Besuch mit dem IE die MS-Updateseite und lass Dir alle wichtigen Updates installieren.

Windows Vista/7: Anleitung Windows-Update



PDF-Reader aktualisieren
Dein Adobe Reader ist nicht aktuell, was ein großes Sicherheitsrisiko darstellt. Du solltest daher besser die alte Version über Systemsteuerung => Software deinstallieren, indem Du dort auf "Adobe Reader x.0" klickst und das Programm entfernst.

Ich empfehle einen alternativen PDF-Reader wie SumatraPDF oder Foxit PDF Reader, beide sind sehr viel schlanker und flotter als der AdobeReader.

Bitte überprüf bei der Gelegenheit auch die Aktualität des Flashplayers, hier der direkte Downloadlink => http://filepony.de/?q=Flash+Player


Java-Update
Veraltete Java-Installationen sind ein Sicherheitsrisiko, daher solltest Du die alten Versionen löschen (falls vorhanden, am besten mit JavaRa) und auf die neuste aktualisieren. Beende dazu alle Programme (v.a. die Browser), klick danach auf Start, Systemsteuerung, Software und deinstalliere darüber alle aufgelisteten Java-Versionen. Lad Dir danach von hier das aktuelle Java SE Runtime Environment (JRE) herunter und installiere es.

Marcel121 02.02.2011 21:30
Die Windows Updates werde ich wohl lieber sein lassen, da ich keine originale XP Version habe. :pfeiff:

cosinus 02.02.2011 21:45
Zitat:
da ich keine originale XP Version habe.
na, dann besorg mal lieber schnell eine. Die nächste Hilfe wird hier nämlich sonst format c: sein, da gecrackte Programme und Betriebssysteme im TB nicht supportet werden.

Marcel121 02.02.2011 21:55
Gibt es denn XP überhaupt noch zu kaufen und wenn ja, wie viel müsste ich investieren?

cosinus 02.02.2011 22:02
Je nachdem. Gibts bei Ebay für 20-30 EUR, kann aber je nach Auktion unterschiedlich sein.
Ohne Updates wirst du das malwareproblem nicht nachhaltig in den Griff bekommen.

Marcel121 02.02.2011 22:05
Puh, das ist ja kein finanzielles Fiasko. :D
Das ist richtig?
hxxp://cgi.ebay.de/Windows-XP-Professional-SP3-DEUTSCH-Win-XP-SP-3-COA_W0QQitemZ230541917946QQcategoryZ39275QQcmdZViewItemQQ_trksidZp5197.m7QQ_trkparmsZalgo%3DLVI%26itu%3DUCI%26otn%3D2%26po%3DLVI%26ps%3D63%26clkid%3D6 810383882252221614


Wenn ich das neue System dann installiere, sind meine jetzigen Daten aber weg, sofern nicht vorher gespeichert?
Oder kann ich ein komplettes Backup machen und das dann einfach auf das neue System aufziehen?

cosinus 02.02.2011 22:45
Das sollte passen, sieht ok aus. Anbieter scheint auch vertrauenswürdig zu sein, bei fast 13000 Ebay-Transaktionen.

Zitat:
Wenn ich das neue System dann installiere, sind meine jetzigen Daten aber weg, sofern nicht vorher gespeichert?
Oder kann ich ein komplettes Backup machen und das dann einfach auf das neue System aufziehen?
Einfach alle Daten sichern, dann Windows mit der neuen CD neu installieren. Zur Neuinstallation von Windows findest du viele Hinweise zum passenden Artikel Neuinstallation von Windows, zum Datensichern folgst du am besten dem 2. Link in meiner Signatur.


Alle Zeitangaben in WEZ +1. Es ist jetzt 08:59 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19