Werde bei Google-Suche auf Werbe-Seiten weitergeleitet

Kaliostro · 17.03.2009, 15:52

Hallihallo!

Ich habe seit einiger Zeit das Problem, dass ich bei Google-Suchergebnissen grundsätzlich auf Werbeseiten weitergeleitet werde. Es funktioniert zwar wenn ich die einzelnen Link-Adressen kopiere, die Google mir liefert und in ein neues Tab einfüge, aber das kann ja auf Dauer keine Lösung sein.

Ich habe durch Recherche gefunden, dass man mit Hilfe des Programmes HijackThis irgendwie ein Log erstellen muss, und habe dies bereits heruntergeladen. Ich hoffe ihr könnt mir nun weiterhelfen, welche Programme ich fixen lassen muss, oder wie genau das funktioniert.

Hier der Log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:51:39, on 17.03.2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\PixArt\Pac207\Monitor.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\SiS VGA Utilities\SiSTray.exe
C:\Program Files\Mediafour\MacDrive 7\MacDrive.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Ulead Systems\Ulead Photo Express 3.0 SE\CalCheck.exe
C:\Windows\ehome\ehmsas.exe
D:\Programme\Opera\opera.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
D:\Programme\mIRC\mirc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\conime.exe
D:\Programme\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = XDCCing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {88516C26-3EBD-445A-9C28-EBBA9637DB75} - C:\Windows\system32\TRAPI32.dll (file missing)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Monitor] C:\Windows\PixArt\PAC207\Monitor.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [SiSTray] %ProgramFiles%\SiS VGA Utilities\SiSTray.exe
O4 - HKLM\..\Run: [{B179023B-6238-4499-8F26-CD73E9D90E0A}] "C:\Program Files\Mediafour\MacDrive 7\MacDrive.exe"
O4 - HKLM\..\Run: [MDGetStarted.exe] "C:\Program Files\Mediafour\MacDrive 7\MDGetStarted.exe" /auto
O4 - HKLM\..\Run: [TkBellExe] "realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST')
O4 - Global Startup: Ulead Photo Express SE Calendar Checker.lnk = C:\Program Files\Ulead Systems\Ulead Photo Express 3.0 SE\CalCheck.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O13 - Gopher Prefix:
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary...n.cab56986.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - D:\Programme\Ad-Aware\aawservice.exe
O23 - Service: AntiVir PersonalEdition Classic Planer (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour-Dienst (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - Unknown owner - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MacDriveService - Mediafour Corporation - C:\Program Files\Mediafour\MacDrive 7\MacDriveService.exe
O23 - Service: Microsoft security update service (msupdate) - Unknown owner - c:\windows\system32\mssrv32.exe (file missing)
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe

--
End of file - 6691 bytes

Vielen Dank im voraus,

Grüße!

IchGoogleAlles · 17.03.2009, 17:20

Moin,

GMER - Rootkit Detection

Lade Tralala von File-Upload.net - Tralala.exe
Klick auf Download (rechts in der Mitte) und speichere es auf den Desktop
Beende alle Programme
Doppelklick auf Tralala.exe
Der Reiter Rootkit oben ist schon angewählt

Drücke Scan, Der Vorgang kann je nach System 3 - 10min dauern
nach Beendigung des Scan, drücke "Copy"
nun kannst Du das Ergebnis hier einfügen. Sollte das Log zu lang sein, dann lade es bei einem Filehoster wie z.B. Materialordner hoch und poste den Link.
Sollte Gmer sagen "Gmer hasen´t found any System Modifikation", so hat Gmer keine Einträge gefunden.

ciao, andreas

Kaliostro · 17.03.2009, 17:34

GMER 1.0.14.14536 - http://www.gmer.net
Rootkit scan 2009-03-17 16:34:24
Windows 6.0.6001 Service Pack 1

---- System - GMER 1.0.14 ----

SSDT 8968F864 ZwCreateThread
SSDT 8968F850 ZwOpenProcess
SSDT 8968F855 ZwOpenThread
SSDT 8968F85F ZwTerminateProcess
SSDT 8968F85A ZwWriteVirtualMemory

INT 0x52 ? 8625EBF8
INT 0x62 ? 8625EBF8
INT 0x72 ? 8625EBF8
INT 0xA2 ? 8548CBF8
INT 0xB2 ? 8548CBF8
INT 0xB3 ? 8548BBF8

Code 8A301B60 ZwEnumerateKey
Code 8A301B28 ZwFlushInstructionCache
Code 8A302C1D IofCallDriver

---- Kernel code sections - GMER 1.0.14 ----

.text ntkrnlpa.exe!KeSetTimerEx + 454 82AF1A18 4 Bytes [ 64, F8, 68, 89 ]
.text ntkrnlpa.exe!KeSetTimerEx + 624 82AF1BE8 4 Bytes [ 50, F8, 68, 89 ]
.text ntkrnlpa.exe!KeSetTimerEx + 640 82AF1C04 4 Bytes [ 55, F8, 68, 89 ]
.text ntkrnlpa.exe!KeSetTimerEx + 854 82AF1E18 4 Bytes [ 5F, F8, 68, 89 ]
.text ntkrnlpa.exe!KeSetTimerEx + 8B4 82AF1E78 4 Bytes [ 5A, F8, 68, 89 ]
.text ntkrnlpa.exe!IofCallDriver 82AF4F6F 5 Bytes JMP 8A302C22
PAGE ntkrnlpa.exe!ZwFlushInstructionCache 82BEB30B 2 Bytes JMP 8A301B2C
PAGE ntkrnlpa.exe!ZwFlushInstructionCache + 3 82BEB30E 2 Bytes [ 71, 07 ]
PAGE ntkrnlpa.exe!ZwEnumerateKey 82C40BB4 5 Bytes JMP 8A301B64
? System32\Drivers\spig.sys Das System kann den angegebenen Pfad nicht finden. !
.text USBPORT.SYS!DllUnload 8AA3046F 5 Bytes JMP 8625E1D8

---- User code sections - GMER 1.0.14 ----

.text C:\Windows\Explorer.EXE[1816] WS2_32.dll!closesocket 7729330C 5 Bytes JMP 0172000A
.text C:\Windows\Explorer.EXE[1816] WS2_32.dll!connect 772940D9 5 Bytes JMP 0171000A
.text C:\Windows\Explorer.EXE[1816] WS2_32.dll!send 7729659B 5 Bytes JMP 0173000A
.text C:\Windows\explorer.exe[38504] WS2_32.dll!closesocket 7729330C 5 Bytes JMP 0173000A
.text C:\Windows\explorer.exe[38504] WS2_32.dll!connect 772940D9 5 Bytes JMP 0172000A
.text C:\Windows\explorer.exe[38504] WS2_32.dll!send 7729659B 5 Bytes JMP 0174000A

---- Kernel IAT/EAT - GMER 1.0.14 ----

IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortUchar] [8068B6D2] \SystemRoot\System32\Drivers\spig.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUchar] [8068B040] \SystemRoot\System32\Drivers\spig.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortBufferUshort] [8068B7FC] \SystemRoot\System32\Drivers\spig.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUshort] [8068B0BE] \SystemRoot\System32\Drivers\spig.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortBufferUshort] [8068B13C] \SystemRoot\System32\Drivers\spig.sys
IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [8069B048] \SystemRoot\System32\Drivers\spig.sys

---- User IAT/EAT - GMER 1.0.14 ----

IAT C:\Windows\Explorer.EXE[1816] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [74167BA4] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_65 95b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c1322 2\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1816] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [741A98C5] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_65 95b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c1322 2\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1816] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [7416D3C8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_65 95b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c1322 2\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1816] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [7415F527] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_65 95b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c1322 2\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1816] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [74167599] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_65 95b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c1322 2\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1816] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [7415E43D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_65 95b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c1322 2\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1816] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM] [7419B33D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_65 95b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c1322 2\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1816] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream] [7416D68A] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_65 95b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c1322 2\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1816] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [7416012E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_65 95b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c1322 2\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1816] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [74160095] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_65 95b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c1322 2\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1816] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [741571F3] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_65 95b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c1322 2\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1816] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM] [741ED802] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_65 95b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c1322 2\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1816] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile] [741875E1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_65 95b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c1322 2\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1816] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [7415DAE1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_65 95b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c1322 2\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1816] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [7415668F] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_65 95b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c1322 2\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1816] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [741566BA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_65 95b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c1322 2\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1816] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [74161E45] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_65 95b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c1322 2\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[38504] @ C:\Windows\explorer.exe [gdiplus.dll!GdiplusShutdown] [74167BA4] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_65 95b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c1322 2\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[38504] @ C:\Windows\explorer.exe [gdiplus.dll!GdipCloneImage] [741A98C5] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_65 95b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c1322 2\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[38504] @ C:\Windows\explorer.exe [gdiplus.dll!GdipDrawImageRectI] [7416D3C8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_65 95b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c1322 2\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[38504] @ C:\Windows\explorer.exe [gdiplus.dll!GdipSetInterpolationMode] [7415F527] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_65 95b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c1322 2\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[38504] @ C:\Windows\explorer.exe [gdiplus.dll!GdiplusStartup] [74167599] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_65 95b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c1322 2\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[38504] @ C:\Windows\explorer.exe [gdiplus.dll!GdipCreateFromHDC] [7415E43D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_65 95b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c1322 2\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[38504] @ C:\Windows\explorer.exe [gdiplus.dll!GdipCreateBitmapFromStreamICM] [7419B33D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_65 95b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c1322 2\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[38504] @ C:\Windows\explorer.exe [gdiplus.dll!GdipCreateBitmapFromStream] [7416D68A] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_65 95b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c1322 2\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[38504] @ C:\Windows\explorer.exe [gdiplus.dll!GdipGetImageHeight] [7416012E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_65 95b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c1322 2\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[38504] @ C:\Windows\explorer.exe [gdiplus.dll!GdipGetImageWidth] [74160095] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_65 95b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c1322 2\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[38504] @ C:\Windows\explorer.exe [gdiplus.dll!GdipDisposeImage] [741571F3] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_65 95b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c1322 2\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[38504] @ C:\Windows\explorer.exe [gdiplus.dll!GdipLoadImageFromFileICM] [741ED802] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_65 95b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c1322 2\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[38504] @ C:\Windows\explorer.exe [gdiplus.dll!GdipLoadImageFromFile] [741875E1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_65 95b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c1322 2\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[38504] @ C:\Windows\explorer.exe [gdiplus.dll!GdipDeleteGraphics] [7415DAE1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_65 95b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c1322 2\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[38504] @ C:\Windows\explorer.exe [gdiplus.dll!GdipFree] [7415668F] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_65 95b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c1322 2\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[38504] @ C:\Windows\explorer.exe [gdiplus.dll!GdipAlloc] [741566BA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_65 95b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c1322 2\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[38504] @ C:\Windows\explorer.exe [gdiplus.dll!GdipSetCompositingMode] [74161E45] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_65 95b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c1322 2\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

---- Devices - GMER 1.0.14 ----

Device \FileSystem\Ntfs \Ntfs 854921F8
Device \FileSystem\Ntfs \Ntfs MDFSYSNT.sys (MacDrive file system driver/Mediafour Corporation)
Device \FileSystem\fastfat \FatCdrom C217B1F8
Device \Driver\sptd \Device\2560782500 spig.sys
Device \Driver\volmgr \Device\VolMgrControl 8548E1F8
Device \Driver\usbohci \Device\USBPDO-0 861DF500
Device \Driver\usbohci \Device\USBPDO-1 861DF500
Device \Driver\usbehci \Device\USBPDO-2 8625D1F8
Device \Driver\PCI_PNP2490 \Device\00000053 spig.sys
Device \Driver\netbt \Device\NetBT_Tcpip_{9DC45FF3-14FA-4802-9514-155B9D689101} 8BE92500
Device \Driver\volmgr \Device\HarddiskVolume1 8548E1F8

AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

Device \Driver\volmgr \Device\HarddiskVolume2 8548E1F8

AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

Device \Driver\cdrom \Device\CdRom0 863651F8
Device \Driver\cdrom \Device\CdRom1 863651F8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-0 854901F8
Device \Driver\atapi \Device\Ide\IdePort0 854901F8
Device \Driver\atapi \Device\Ide\IdePort1 854901F8
Device \Driver\atapi \Device\Ide\IdePort2 854901F8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-1 854901F8
Device \Driver\netbt \Device\NetBt_Wins_Export 8BE92500
Device \Driver\Smb \Device\NetbiosSmb 8BE871F8
Device \FileSystem\Mup \Device\Mup MDFSYSNT.sys (MacDrive file system driver/Mediafour Corporation)
Device \Driver\iScsiPrt \Device\RaidPort0 861DE1F8
Device \Driver\MDPMGRNT \Device\MacDrivePartitionDriver 854911F8
Device \Driver\usbohci \Device\USBFDO-0 861DF500
Device \Driver\usbohci \Device\USBFDO-1 861DF500
Device \Driver\usbehci \Device\USBFDO-2 8625D1F8
Device \Driver\netbt \Device\NetBT_Tcpip_{0A243E33-67A0-466D-8886-87D527523284} 8BE92500
Device \Driver\a6p2tm2m \Device\Scsi\a6p2tm2m1Port4Path0Target0Lun0 862991F8
Device \Driver\a6p2tm2m \Device\Scsi\a6p2tm2m1 862991F8
Device \FileSystem\fastfat \Fat C217B1F8

AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Dateisystem-Filter-Manager/Microsoft Corporation)

Device \FileSystem\Fs_Rec \FileSystem\ExFatRecognizer MDFSYSNT.sys (MacDrive file system driver/Mediafour Corporation)
Device \FileSystem\Fs_Rec \FileSystem\UdfsCdRomRecognizer MDFSYSNT.sys (MacDrive file system driver/Mediafour Corporation)
Device \FileSystem\Fs_Rec \FileSystem\FatCdRomRecognizer MDFSYSNT.sys (MacDrive file system driver/Mediafour Corporation)
Device \FileSystem\Fs_Rec \FileSystem\CdfsRecognizer MDFSYSNT.sys (MacDrive file system driver/Mediafour Corporation)
Device \FileSystem\Fs_Rec \FileSystem\FatDiskRecognizer MDFSYSNT.sys (MacDrive file system driver/Mediafour Corporation)
Device \FileSystem\Fs_Rec \FileSystem\UdfsDiskRecognizer MDFSYSNT.sys (MacDrive file system driver/Mediafour Corporation)
Device \FileSystem\cdfs \Cdfs AE1FD1F8

---- Modules - GMER 1.0.14 ----

Module \systemroot\system32\drivers\TDSSmbcb.sys (*** hidden *** ) 8B251000-8B263000 (73728 bytes)

---- Threads - GMER 1.0.14 ----

Thread 4:384 8B253D66

---- Services - GMER 1.0.14 ----

Service C:\Windows\system32\drivers\TDSSmbcb.sys (*** hidden *** ) [SYSTEM] TDSSserv.sys <-- ROOTKIT !!!

---- Registry - GMER 1.0.14 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19 659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19 659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19 659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19 659239224E364682FA4BAF72C53EA4@khjeh 0x23 0xCB 0x25 0x99 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19 659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19 659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19 659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xEB 0xF9 0x94 0xA4 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19 659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19 659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khje h 0x72 0xA5 0x29 0x11 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\TDSSserv.sy s
Reg HKLM\SYSTEM\CurrentControlSet\Services\TDSSserv.sy s@start 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\TDSSserv.sy s@type 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\TDSSserv.sy s@imagepath \systemroot\system32\drivers\TDSSmbcb.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\TDSSserv.sy s@group file system
Reg HKLM\SYSTEM\CurrentControlSet\Services\TDSSserv.sy s\modules
Reg HKLM\SYSTEM\CurrentControlSet\Services\TDSSserv.sy s\modules@TDSSserv \systemroot\system32\drivers\TDSSmbcb.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\TDSSserv.sy s\modules@TDSSl \systemroot\system32\TDSScrrx.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\TDSSserv.sy s\modules@tdssservers \systemroot\system32\TDSSwqsc.dat
Reg HKLM\SYSTEM\CurrentControlSet\Services\TDSSserv.sy s\modules@tdssmain \systemroot\system32\TDSStmei.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\TDSSserv.sy s\modules@tdsslog \systemroot\system32\TDSSrfpp.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\TDSSserv.sy s\modules@tdssadw \systemroot\system32\TDSSntlv.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\TDSSserv.sy s\modules@tdssinit \systemroot\system32\TDSSfopt.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\TDSSserv.sy s\modules@tdssurls \systemroot\system32\TDSSnyfn.log
Reg HKLM\SYSTEM\CurrentControlSet\Services\TDSSserv.sy s\modules@tdsspanels \systemroot\system32\TDSSqycx.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\TDSSserv.sy s\modules@tdsserrors \systemroot\system32\TDSSdotf.log
Reg HKLM\SYSTEM\CurrentControlSet\Services\TDSSserv.sy s\modules@TDSSproc \systemroot\system32\TDSSsbxq.log
Reg HKLM\SYSTEM\ControlSet002\Services\TDSSserv.sys
Reg HKLM\SYSTEM\ControlSet002\Services\TDSSserv.sys@st art 1
Reg HKLM\SYSTEM\ControlSet002\Services\TDSSserv.sys@ty pe 1
Reg HKLM\SYSTEM\ControlSet002\Services\TDSSserv.sys@im agepath \systemroot\system32\drivers\TDSSmbcb.sys
Reg HKLM\SYSTEM\ControlSet002\Services\TDSSserv.sys@gr oup file system
Reg HKLM\SYSTEM\ControlSet002\Services\TDSSserv.sys\mo dules
Reg HKLM\SYSTEM\ControlSet002\Services\TDSSserv.sys\mo dules@TDSSserv \systemroot\system32\drivers\TDSSmbcb.sys
Reg HKLM\SYSTEM\ControlSet002\Services\TDSSserv.sys\mo dules@TDSSl \systemroot\system32\TDSScrrx.dll
Reg HKLM\SYSTEM\ControlSet002\Services\TDSSserv.sys\mo dules@tdssservers \systemroot\system32\TDSSwqsc.dat
Reg HKLM\SYSTEM\ControlSet002\Services\TDSSserv.sys\mo dules@tdssmain \systemroot\system32\TDSStmei.dll
Reg HKLM\SYSTEM\ControlSet002\Services\TDSSserv.sys\mo dules@tdsslog \systemroot\system32\TDSSrfpp.dll
Reg HKLM\SYSTEM\ControlSet002\Services\TDSSserv.sys\mo dules@tdssadw \systemroot\system32\TDSSntlv.dll
Reg HKLM\SYSTEM\ControlSet002\Services\TDSSserv.sys\mo dules@tdssinit \systemroot\system32\TDSSfopt.dll
Reg HKLM\SYSTEM\ControlSet002\Services\TDSSserv.sys\mo dules@tdssurls \systemroot\system32\TDSSnyfn.log
Reg HKLM\SYSTEM\ControlSet002\Services\TDSSserv.sys\mo dules@tdsspanels \systemroot\system32\TDSSqycx.dll
Reg HKLM\SYSTEM\ControlSet002\Services\TDSSserv.sys\mo dules@tdsserrors \systemroot\system32\TDSSdotf.log
Reg HKLM\SYSTEM\ControlSet002\Services\TDSSserv.sys\mo dules@TDSSproc \systemroot\system32\TDSSsbxq.log
Reg HKLM\SYSTEM\ControlSet003\Services\TDSSserv.sys
Reg HKLM\SYSTEM\ControlSet003\Services\TDSSserv.sys@st art 1
Reg HKLM\SYSTEM\ControlSet003\Services\TDSSserv.sys@ty pe 1
Reg HKLM\SYSTEM\ControlSet003\Services\TDSSserv.sys@im agepath \systemroot\system32\drivers\TDSSmbcb.sys
Reg HKLM\SYSTEM\ControlSet003\Services\TDSSserv.sys@gr oup file system
Reg HKLM\SYSTEM\ControlSet003\Services\TDSSserv.sys\mo dules
Reg HKLM\SYSTEM\ControlSet003\Services\TDSSserv.sys\mo dules@TDSSserv \systemroot\system32\drivers\TDSSmbcb.sys
Reg HKLM\SYSTEM\ControlSet003\Services\TDSSserv.sys\mo dules@TDSSl \systemroot\system32\TDSScrrx.dll
Reg HKLM\SYSTEM\ControlSet003\Services\TDSSserv.sys\mo dules@tdssservers \systemroot\system32\TDSSwqsc.dat
Reg HKLM\SYSTEM\ControlSet003\Services\TDSSserv.sys\mo dules@tdssmain \systemroot\system32\TDSStmei.dll
Reg HKLM\SYSTEM\ControlSet003\Services\TDSSserv.sys\mo dules@tdsslog \systemroot\system32\TDSSrfpp.dll
Reg HKLM\SYSTEM\ControlSet003\Services\TDSSserv.sys\mo dules@tdssadw \systemroot\system32\TDSSntlv.dll
Reg HKLM\SYSTEM\ControlSet003\Services\TDSSserv.sys\mo dules@tdssinit \systemroot\system32\TDSSfopt.dll
Reg HKLM\SYSTEM\ControlSet003\Services\TDSSserv.sys\mo dules@tdssurls \systemroot\system32\TDSSnyfn.log
Reg HKLM\SYSTEM\ControlSet003\Services\TDSSserv.sys\mo dules@tdsspanels \systemroot\system32\TDSSqycx.dll
Reg HKLM\SYSTEM\ControlSet003\Services\TDSSserv.sys\mo dules@tdsserrors \systemroot\system32\TDSSdotf.log
Reg HKLM\SYSTEM\ControlSet003\Services\TDSSserv.sys\mo dules@TDSSproc \systemroot\system32\TDSSsbxq.log
Reg HKLM\SYSTEM\ControlSet004\Services\TDSSserv.sys
Reg HKLM\SYSTEM\ControlSet004\Services\TDSSserv.sys@st art 1
Reg HKLM\SYSTEM\ControlSet004\Services\TDSSserv.sys@ty pe 1
Reg HKLM\SYSTEM\ControlSet004\Services\TDSSserv.sys@im agepath \systemroot\system32\drivers\TDSSmbcb.sys
Reg HKLM\SYSTEM\ControlSet004\Services\TDSSserv.sys@gr oup file system
Reg HKLM\SYSTEM\ControlSet004\Services\TDSSserv.sys\mo dules
Reg HKLM\SYSTEM\ControlSet004\Services\TDSSserv.sys\mo dules@TDSSserv \systemroot\system32\drivers\TDSSmbcb.sys
Reg HKLM\SYSTEM\ControlSet004\Services\TDSSserv.sys\mo dules@TDSSl \systemroot\system32\TDSScrrx.dll
Reg HKLM\SYSTEM\ControlSet004\Services\TDSSserv.sys\mo dules@tdssservers \systemroot\system32\TDSSwqsc.dat
Reg HKLM\SYSTEM\ControlSet004\Services\TDSSserv.sys\mo dules@tdssmain \systemroot\system32\TDSStmei.dll
Reg HKLM\SYSTEM\ControlSet004\Services\TDSSserv.sys\mo dules@tdsslog \systemroot\system32\TDSSrfpp.dll
Reg HKLM\SYSTEM\ControlSet004\Services\TDSSserv.sys\mo dules@tdssadw \systemroot\system32\TDSSntlv.dll
Reg HKLM\SYSTEM\ControlSet004\Services\TDSSserv.sys\mo dules@tdssinit \systemroot\system32\TDSSfopt.dll
Reg HKLM\SYSTEM\ControlSet004\Services\TDSSserv.sys\mo dules@tdssurls \systemroot\system32\TDSSnyfn.log
Reg HKLM\SYSTEM\ControlSet004\Services\TDSSserv.sys\mo dules@tdsspanels \systemroot\system32\TDSSqycx.dll
Reg HKLM\SYSTEM\ControlSet004\Services\TDSSserv.sys\mo dules@tdsserrors \systemroot\system32\TDSSdotf.log
Reg HKLM\SYSTEM\ControlSet004\Services\TDSSserv.sys\mo dules@TDSSproc \systemroot\system32\TDSSsbxq.log
Reg HKLM\SYSTEM\ControlSet005\Services\TDSSserv.sys
Reg HKLM\SYSTEM\ControlSet005\Services\TDSSserv.sys@st art 1
Reg HKLM\SYSTEM\ControlSet005\Services\TDSSserv.sys@ty pe 1
Reg HKLM\SYSTEM\ControlSet005\Services\TDSSserv.sys@im agepath \systemroot\system32\drivers\TDSSmbcb.sys
Reg HKLM\SYSTEM\ControlSet005\Services\TDSSserv.sys@gr oup file system
Reg HKLM\SYSTEM\ControlSet005\Services\TDSSserv.sys\mo dules
Reg HKLM\SYSTEM\ControlSet005\Services\TDSSserv.sys\mo dules@TDSSserv \systemroot\system32\drivers\TDSSmbcb.sys
Reg HKLM\SYSTEM\ControlSet005\Services\TDSSserv.sys\mo dules@TDSSl \systemroot\system32\TDSScrrx.dll
Reg HKLM\SYSTEM\ControlSet005\Services\TDSSserv.sys\mo dules@tdssservers \systemroot\system32\TDSSwqsc.dat
Reg HKLM\SYSTEM\ControlSet005\Services\TDSSserv.sys\mo dules@tdssmain \systemroot\system32\TDSStmei.dll
Reg HKLM\SYSTEM\ControlSet005\Services\TDSSserv.sys\mo dules@tdsslog \systemroot\system32\TDSSrfpp.dll
Reg HKLM\SYSTEM\ControlSet005\Services\TDSSserv.sys\mo dules@tdssadw \systemroot\system32\TDSSntlv.dll
Reg HKLM\SYSTEM\ControlSet005\Services\TDSSserv.sys\mo dules@tdssinit \systemroot\system32\TDSSfopt.dll
Reg HKLM\SYSTEM\ControlSet005\Services\TDSSserv.sys\mo dules@tdssurls \systemroot\system32\TDSSnyfn.log
Reg HKLM\SYSTEM\ControlSet005\Services\TDSSserv.sys\mo dules@tdsspanels \systemroot\system32\TDSSqycx.dll
Reg HKLM\SYSTEM\ControlSet005\Services\TDSSserv.sys\mo dules@tdsserrors \systemroot\system32\TDSSdotf.log
Reg HKLM\SYSTEM\ControlSet005\Services\TDSSserv.sys\mo dules@TDSSproc \systemroot\system32\TDSSsbxq.log
Reg HKLM\SYSTEM\ControlSet006\Services\TDSSserv.sys
Reg HKLM\SYSTEM\ControlSet006\Services\TDSSserv.sys@st art 1
Reg HKLM\SYSTEM\ControlSet006\Services\TDSSserv.sys@ty pe 1
Reg HKLM\SYSTEM\ControlSet006\Services\TDSSserv.sys@im agepath \systemroot\system32\drivers\TDSSmbcb.sys
Reg HKLM\SYSTEM\ControlSet006\Services\TDSSserv.sys@gr oup file system
Reg HKLM\SYSTEM\ControlSet006\Services\TDSSserv.sys\mo dules
Reg HKLM\SYSTEM\ControlSet006\Services\TDSSserv.sys\mo dules@TDSSserv \systemroot\system32\drivers\TDSSmbcb.sys
Reg HKLM\SYSTEM\ControlSet006\Services\TDSSserv.sys\mo dules@TDSSl \systemroot\system32\TDSScrrx.dll
Reg HKLM\SYSTEM\ControlSet006\Services\TDSSserv.sys\mo dules@tdssservers \systemroot\system32\TDSSwqsc.dat
Reg HKLM\SYSTEM\ControlSet006\Services\TDSSserv.sys\mo dules@tdssmain \systemroot\system32\TDSStmei.dll
Reg HKLM\SYSTEM\ControlSet006\Services\TDSSserv.sys\mo dules@tdsslog \systemroot\system32\TDSSrfpp.dll
Reg HKLM\SYSTEM\ControlSet006\Services\TDSSserv.sys\mo dules@tdssadw \systemroot\system32\TDSSntlv.dll
Reg HKLM\SYSTEM\ControlSet006\Services\TDSSserv.sys\mo dules@tdssinit \systemroot\system32\TDSSfopt.dll
Reg HKLM\SYSTEM\ControlSet006\Services\TDSSserv.sys\mo dules@tdssurls \systemroot\system32\TDSSnyfn.log
Reg HKLM\SYSTEM\ControlSet006\Services\TDSSserv.sys\mo dules@tdsspanels \systemroot\system32\TDSSqycx.dll
Reg HKLM\SYSTEM\ControlSet006\Services\TDSSserv.sys\mo dules@tdsserrors \systemroot\system32\TDSSdotf.log
Reg HKLM\SYSTEM\ControlSet006\Services\TDSSserv.sys\mo dules@TDSSproc \systemroot\system32\TDSSsbxq.log
Reg HKLM\SYSTEM\ControlSet007\Services\TDSSserv.sys
Reg HKLM\SYSTEM\ControlSet007\Services\TDSSserv.sys@st art 1
Reg HKLM\SYSTEM\ControlSet007\Services\TDSSserv.sys@ty pe 1
Reg HKLM\SYSTEM\ControlSet007\Services\TDSSserv.sys@im agepath \systemroot\system32\drivers\TDSSmbcb.sys
Reg HKLM\SYSTEM\ControlSet007\Services\TDSSserv.sys@gr oup file system
Reg HKLM\SYSTEM\ControlSet007\Services\TDSSserv.sys\mo dules
Reg HKLM\SYSTEM\ControlSet007\Services\TDSSserv.sys\mo dules@TDSSserv \systemroot\system32\drivers\TDSSmbcb.sys
Reg HKLM\SYSTEM\ControlSet007\Services\TDSSserv.sys\mo dules@TDSSl \systemroot\system32\TDSScrrx.dll
Reg HKLM\SYSTEM\ControlSet007\Services\TDSSserv.sys\mo dules@tdssservers \systemroot\system32\TDSSwqsc.dat
Reg HKLM\SYSTEM\ControlSet007\Services\TDSSserv.sys\mo dules@tdssmain \systemroot\system32\TDSStmei.dll
Reg HKLM\SYSTEM\ControlSet007\Services\TDSSserv.sys\mo dules@tdsslog \systemroot\system32\TDSSrfpp.dll
Reg HKLM\SYSTEM\ControlSet007\Services\TDSSserv.sys\mo dules@tdssadw \systemroot\system32\TDSSntlv.dll
Reg HKLM\SYSTEM\ControlSet007\Services\TDSSserv.sys\mo dules@tdssinit \systemroot\system32\TDSSfopt.dll
Reg HKLM\SYSTEM\ControlSet007\Services\TDSSserv.sys\mo dules@tdssurls \systemroot\system32\TDSSnyfn.log
Reg HKLM\SYSTEM\ControlSet007\Services\TDSSserv.sys\mo dules@tdsspanels \systemroot\system32\TDSSqycx.dll
Reg HKLM\SYSTEM\ControlSet007\Services\TDSSserv.sys\mo dules@tdsserrors \systemroot\system32\TDSSdotf.log
Reg HKLM\SYSTEM\ControlSet007\Services\TDSSserv.sys\mo dules@TDSSproc \systemroot\system32\TDSSsbxq.log
Reg HKLM\SYSTEM\ControlSet008\Services\TDSSserv.sys
Reg HKLM\SYSTEM\ControlSet008\Services\TDSSserv.sys@st art 1
Reg HKLM\SYSTEM\ControlSet008\Services\TDSSserv.sys@ty pe 1
Reg HKLM\SYSTEM\ControlSet008\Services\TDSSserv.sys@im agepath \systemroot\system32\drivers\TDSSmbcb.sys
Reg HKLM\SYSTEM\ControlSet008\Services\TDSSserv.sys@gr oup file system
Reg HKLM\SYSTEM\ControlSet008\Services\TDSSserv.sys\mo dules
Reg HKLM\SYSTEM\ControlSet008\Services\TDSSserv.sys\mo dules@TDSSserv \systemroot\system32\drivers\TDSSmbcb.sys
Reg HKLM\SYSTEM\ControlSet008\Services\TDSSserv.sys\mo dules@TDSSl \systemroot\system32\TDSScrrx.dll
Reg HKLM\SYSTEM\ControlSet008\Services\TDSSserv.sys\mo dules@tdssservers \systemroot\system32\TDSSwqsc.dat
Reg HKLM\SYSTEM\ControlSet008\Services\TDSSserv.sys\mo dules@tdssmain \systemroot\system32\TDSStmei.dll
Reg HKLM\SYSTEM\ControlSet008\Services\TDSSserv.sys\mo dules@tdsslog \systemroot\system32\TDSSrfpp.dll
Reg HKLM\SYSTEM\ControlSet008\Services\TDSSserv.sys\mo dules@tdssadw \systemroot\system32\TDSSntlv.dll
Reg HKLM\SYSTEM\ControlSet008\Services\TDSSserv.sys\mo dules@tdssinit \systemroot\system32\TDSSfopt.dll
Reg HKLM\SYSTEM\ControlSet008\Services\TDSSserv.sys\mo dules@tdssurls \systemroot\system32\TDSSnyfn.log
Reg HKLM\SYSTEM\ControlSet008\Services\TDSSserv.sys\mo dules@tdsspanels \systemroot\system32\TDSSqycx.dll
Reg HKLM\SYSTEM\ControlSet008\Services\TDSSserv.sys\mo dules@tdsserrors \systemroot\system32\TDSSdotf.log
Reg HKLM\SYSTEM\ControlSet008\Services\TDSSserv.sys\mo dules@TDSSproc \systemroot\system32\TDSSsbxq.log
Reg HKLM\SYSTEM\ControlSet009\Services\TDSSserv.sys
Reg HKLM\SYSTEM\ControlSet009\Services\TDSSserv.sys@st art 1
Reg HKLM\SYSTEM\ControlSet009\Services\TDSSserv.sys@ty pe 1
Reg HKLM\SYSTEM\ControlSet009\Services\TDSSserv.sys@im agepath \systemroot\system32\drivers\TDSSmbcb.sys
Reg HKLM\SYSTEM\ControlSet009\Services\TDSSserv.sys@gr oup file system
Reg HKLM\SYSTEM\ControlSet009\Services\TDSSserv.sys\mo dules
Reg HKLM\SYSTEM\ControlSet009\Services\TDSSserv.sys\mo dules@TDSSserv \systemroot\system32\drivers\TDSSmbcb.sys
Reg HKLM\SYSTEM\ControlSet009\Services\TDSSserv.sys\mo dules@TDSSl \systemroot\system32\TDSScrrx.dll
Reg HKLM\SYSTEM\ControlSet009\Services\TDSSserv.sys\mo dules@tdssservers \systemroot\system32\TDSSwqsc.dat
Reg HKLM\SYSTEM\ControlSet009\Services\TDSSserv.sys\mo dules@tdssmain \systemroot\system32\TDSStmei.dll
Reg HKLM\SYSTEM\ControlSet009\Services\TDSSserv.sys\mo dules@tdsslog \systemroot\system32\TDSSrfpp.dll
Reg HKLM\SYSTEM\ControlSet009\Services\TDSSserv.sys\mo dules@tdssadw \systemroot\system32\TDSSntlv.dll
Reg HKLM\SYSTEM\ControlSet009\Services\TDSSserv.sys\mo dules@tdssinit \systemroot\system32\TDSSfopt.dll
Reg HKLM\SYSTEM\ControlSet009\Services\TDSSserv.sys\mo dules@tdssurls \systemroot\system32\TDSSnyfn.log
Reg HKLM\SYSTEM\ControlSet009\Services\TDSSserv.sys\mo dules@tdsspanels \systemroot\system32\TDSSqycx.dll
Reg HKLM\SYSTEM\ControlSet009\Services\TDSSserv.sys\mo dules@tdsserrors \systemroot\system32\TDSSdotf.log
Reg HKLM\SYSTEM\ControlSet009\Services\TDSSserv.sys\mo dules@TDSSproc \systemroot\system32\TDSSsbxq.log
Reg HKLM\SYSTEM\ControlSet010\Services\TDSSserv.sys
Reg HKLM\SYSTEM\ControlSet010\Services\TDSSserv.sys@st art 1
Reg HKLM\SYSTEM\ControlSet010\Services\TDSSserv.sys@ty pe 1
Reg HKLM\SYSTEM\ControlSet010\Services\TDSSserv.sys@im agepath \systemroot\system32\drivers\TDSSmbcb.sys
Reg HKLM\SYSTEM\ControlSet010\Services\TDSSserv.sys@gr oup file system
Reg HKLM\SYSTEM\ControlSet010\Services\TDSSserv.sys\mo dules
Reg HKLM\SYSTEM\ControlSet010\Services\TDSSserv.sys\mo dules@TDSSserv \systemroot\system32\drivers\TDSSmbcb.sys
Reg HKLM\SYSTEM\ControlSet010\Services\TDSSserv.sys\mo dules@TDSSl \systemroot\system32\TDSScrrx.dll
Reg HKLM\SYSTEM\ControlSet010\Services\TDSSserv.sys\mo dules@tdssservers \systemroot\system32\TDSSwqsc.dat
Reg HKLM\SYSTEM\ControlSet010\Services\TDSSserv.sys\mo dules@tdssmain \systemroot\system32\TDSStmei.dll
Reg HKLM\SYSTEM\ControlSet010\Services\TDSSserv.sys\mo dules@tdsslog \systemroot\system32\TDSSrfpp.dll
Reg HKLM\SYSTEM\ControlSet010\Services\TDSSserv.sys\mo dules@tdssadw \systemroot\system32\TDSSntlv.dll
Reg HKLM\SYSTEM\ControlSet010\Services\TDSSserv.sys\mo dules@tdssinit \systemroot\system32\TDSSfopt.dll
Reg HKLM\SYSTEM\ControlSet010\Services\TDSSserv.sys\mo dules@tdssurls \systemroot\system32\TDSSnyfn.log
Reg HKLM\SYSTEM\ControlSet010\Services\TDSSserv.sys\mo dules@tdsspanels \systemroot\system32\TDSSqycx.dll
Reg HKLM\SYSTEM\ControlSet010\Services\TDSSserv.sys\mo dules@tdsserrors \systemroot\system32\TDSSdotf.log
Reg HKLM\SYSTEM\ControlSet010\Services\TDSSserv.sys\mo dules@TDSSproc \systemroot\system32\TDSSsbxq.log
Reg HKLM\SYSTEM\ControlSet011\Services\TDSSserv.sys
Reg HKLM\SYSTEM\ControlSet011\Services\TDSSserv.sys@st art 1
Reg HKLM\SYSTEM\ControlSet011\Services\TDSSserv.sys@ty pe 1
Reg HKLM\SYSTEM\ControlSet011\Services\TDSSserv.sys@im agepath \systemroot\system32\drivers\TDSSmbcb.sys
Reg HKLM\SYSTEM\ControlSet011\Services\TDSSserv.sys@gr oup file system
Reg HKLM\SYSTEM\ControlSet011\Services\TDSSserv.sys\mo dules
Reg HKLM\SYSTEM\ControlSet011\Services\TDSSserv.sys\mo dules@TDSSserv \systemroot\system32\drivers\TDSSmbcb.sys
Reg HKLM\SYSTEM\ControlSet011\Services\TDSSserv.sys\mo dules@TDSSl \systemroot\system32\TDSScrrx.dll
Reg HKLM\SYSTEM\ControlSet011\Services\TDSSserv.sys\mo dules@tdssservers \systemroot\system32\TDSSwqsc.dat
Reg HKLM\SYSTEM\ControlSet011\Services\TDSSserv.sys\mo dules@tdssmain \systemroot\system32\TDSStmei.dll
Reg HKLM\SYSTEM\ControlSet011\Services\TDSSserv.sys\mo dules@tdsslog \systemroot\system32\TDSSrfpp.dll
Reg HKLM\SYSTEM\ControlSet011\Services\TDSSserv.sys\mo dules@tdssadw \systemroot\system32\TDSSntlv.dll
Reg HKLM\SYSTEM\ControlSet011\Services\TDSSserv.sys\mo dules@tdssinit \systemroot\system32\TDSSfopt.dll
Reg HKLM\SYSTEM\ControlSet011\Services\TDSSserv.sys\mo dules@tdssurls \systemroot\system32\TDSSnyfn.log
Reg HKLM\SYSTEM\ControlSet011\Services\TDSSserv.sys\mo dules@tdsspanels \systemroot\system32\TDSSqycx.dll
Reg HKLM\SYSTEM\ControlSet011\Services\TDSSserv.sys\mo dules@tdsserrors \systemroot\system32\TDSSdotf.log
Reg HKLM\SYSTEM\ControlSet011\Services\TDSSserv.sys\mo dules@TDSSproc \systemroot\system32\TDSSsbxq.log
Reg HKLM\SYSTEM\ControlSet012\Services\TDSSserv.sys
Reg HKLM\SYSTEM\ControlSet012\Services\TDSSserv.sys@st art 1
Reg HKLM\SYSTEM\ControlSet012\Services\TDSSserv.sys@ty pe 1
Reg HKLM\SYSTEM\ControlSet012\Services\TDSSserv.sys@im agepath \systemroot\system32\drivers\TDSSmbcb.sys
Reg HKLM\SYSTEM\ControlSet012\Services\TDSSserv.sys@gr oup file system
Reg HKLM\SYSTEM\ControlSet012\Services\TDSSserv.sys\mo dules
Reg HKLM\SYSTEM\ControlSet012\Services\TDSSserv.sys\mo dules@TDSSserv \systemroot\system32\drivers\TDSSmbcb.sys
Reg HKLM\SYSTEM\ControlSet012\Services\TDSSserv.sys\mo dules@TDSSl \systemroot\system32\TDSScrrx.dll
Reg HKLM\SYSTEM\ControlSet012\Services\TDSSserv.sys\mo dules@tdssservers \systemroot\system32\TDSSwqsc.dat
Reg HKLM\SYSTEM\ControlSet012\Services\TDSSserv.sys\mo dules@tdssmain \systemroot\system32\TDSStmei.dll
Reg HKLM\SYSTEM\ControlSet012\Services\TDSSserv.sys\mo dules@tdsslog \systemroot\system32\TDSSrfpp.dll
Reg HKLM\SYSTEM\ControlSet012\Services\TDSSserv.sys\mo dules@tdssadw \systemroot\system32\TDSSntlv.dll
Reg HKLM\SYSTEM\ControlSet012\Services\TDSSserv.sys\mo dules@tdssinit \systemroot\system32\TDSSfopt.dll
Reg HKLM\SYSTEM\ControlSet012\Services\TDSSserv.sys\mo dules@tdssurls \systemroot\system32\TDSSnyfn.log
Reg HKLM\SYSTEM\ControlSet012\Services\TDSSserv.sys\mo dules@tdsspanels \systemroot\system32\TDSSqycx.dll
Reg HKLM\SYSTEM\ControlSet012\Services\TDSSserv.sys\mo dules@tdsserrors \systemroot\system32\TDSSdotf.log
Reg HKLM\SYSTEM\ControlSet012\Services\TDSSserv.sys\mo dules@TDSSproc \systemroot\system32\TDSSsbxq.log
Reg HKLM\SYSTEM\ControlSet013\Services\sptd\Cfg\196592 39224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\ControlSet013\Services\sptd\Cfg\196592 39224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet013\Services\sptd\Cfg\196592 39224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet013\Services\sptd\Cfg\196592 39224E364682FA4BAF72C53EA4@khjeh 0x23 0xCB 0x25 0x99 ...
Reg HKLM\SYSTEM\ControlSet013\Services\sptd\Cfg\196592 39224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\ControlSet013\Services\sptd\Cfg\196592 39224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet013\Services\sptd\Cfg\196592 39224E364682FA4BAF72C53EA4\00000001@khjeh 0xEB 0xF9 0x94 0xA4 ...
Reg HKLM\SYSTEM\ControlSet013\Services\sptd\Cfg\196592 39224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\ControlSet013\Services\sptd\Cfg\196592 39224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x72 0xA5 0x29 0x11 ...
Reg HKLM\SYSTEM\ControlSet013\Services\TDSSserv.sys
Reg HKLM\SYSTEM\ControlSet013\Services\TDSSserv.sys@st art 1
Reg HKLM\SYSTEM\ControlSet013\Services\TDSSserv.sys@ty pe 1
Reg HKLM\SYSTEM\ControlSet013\Services\TDSSserv.sys@im agepath \systemroot\system32\drivers\TDSSmbcb.sys
Reg HKLM\SYSTEM\ControlSet013\Services\TDSSserv.sys@gr oup file system
Reg HKLM\SYSTEM\ControlSet013\Services\TDSSserv.sys\mo dules
Reg HKLM\SYSTEM\ControlSet013\Services\TDSSserv.sys\mo dules@TDSSserv \systemroot\system32\drivers\TDSSmbcb.sys
Reg HKLM\SYSTEM\ControlSet013\Services\TDSSserv.sys\mo dules@TDSSl \systemroot\system32\TDSScrrx.dll
Reg HKLM\SYSTEM\ControlSet013\Services\TDSSserv.sys\mo dules@tdssservers \systemroot\system32\TDSSwqsc.dat
Reg HKLM\SYSTEM\ControlSet013\Services\TDSSserv.sys\mo dules@tdssmain \systemroot\system32\TDSStmei.dll
Reg HKLM\SYSTEM\ControlSet013\Services\TDSSserv.sys\mo dules@tdsslog \systemroot\system32\TDSSrfpp.dll
Reg HKLM\SYSTEM\ControlSet013\Services\TDSSserv.sys\mo dules@tdssadw \systemroot\system32\TDSSntlv.dll
Reg HKLM\SYSTEM\ControlSet013\Services\TDSSserv.sys\mo dules@tdssinit \systemroot\system32\TDSSfopt.dll
Reg HKLM\SYSTEM\ControlSet013\Services\TDSSserv.sys\mo dules@tdssurls \systemroot\system32\TDSSnyfn.log
Reg HKLM\SYSTEM\ControlSet013\Services\TDSSserv.sys\mo dules@tdsspanels \systemroot\system32\TDSSqycx.dll
Reg HKLM\SYSTEM\ControlSet013\Services\TDSSserv.sys\mo dules@tdsserrors \systemroot\system32\TDSSdotf.log
Reg HKLM\SYSTEM\ControlSet013\Services\TDSSserv.sys\mo dules@TDSSproc \systemroot\system32\TDSSsbxq.log
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\tdssdata
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\tdssdata@affid 95
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\tdssdata@subid 456
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\tdssdata@control 0x09 0x19 0x1F 0x16 ...
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\tdssdata@prov 10010
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\tdssdata@googleadserver pagead2.googlesyndication.com
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\tdssdata@flagged 1

---- EOF - GMER 1.0.14 ----

IchGoogleAlles · 17.03.2009, 18:30

Wie lange hast du schon Probleme?

Anleitung Avenger (by swandog46)

Lade dir das Tool Hopsassa und speichere es auf dem Desktop:

Doppelklick auf das Avenger-Symbol

Kopiere nun folgenden Text in das weiße Feld bei -> "input script here"

Code:

Drivers to delete:
TDSSserv.sys

Registry Keys to delete:
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\tdssdata
HKLM\SYSTEM\ControlSet013\Services\TDSSserv.sys
HKLM\SYSTEM\ControlSet012\Services\TDSSserv.sys
HKLM\SYSTEM\ControlSet011\Services\TDSSserv.sys
HKLM\SYSTEM\ControlSet010\Services\TDSSserv.sys
HKLM\SYSTEM\ControlSet009\Services\TDSSserv.sys
HKLM\SYSTEM\ControlSet008\Services\TDSSserv.sys
HKLM\SYSTEM\ControlSet007\Services\TDSSserv.sys
HKLM\SYSTEM\ControlSet006\Services\TDSSserv.sys
HKLM\SYSTEM\ControlSet005\Services\TDSSserv.sys
HKLM\SYSTEM\ControlSet004\Services\TDSSserv.sys
HKLM\SYSTEM\ControlSet003\Services\TDSSserv.sys
HKLM\SYSTEM\ControlSet002\Services\TDSSserv.sys

Files to delete:
c:\windows\system32\drivers\TDSSmbcb.sys
c:\windows\system32\TDSScrrx.dll
c:\windows\system32\TDSSwqsc.dat
c:\windows\system32\TDSStmei.dll
c:\windows\system32\TDSSrfpp.dll
c:\windows\system32\TDSSntlv.dll
c:\windows\system32\TDSSfopt.dll
c:\windows\system32\TDSSnyfn.log
c:\windows\system32\TDSSqycx.dll
c:\windows\system32\TDSSdotf.log
c:\windows\system32\TDSSsbxq.log

Schliesse nun alle Programme und Browser-Fenster

Um den Avenger zu starten klicke auf -> Execute
Dann bestätigen mit "Yes" das der Rechner neu startet

Nachdem das System neu gestartet ist, findest du einen Report vom Avenger unter -> C:\avenger.txt

Öffne die Datei mit dem Editor und kopiere den gesamten Text in deinen Beitrag.

Nachdem du das durchgeführt hast, wird es deinem Rechner spürbar besser gehen. Mache nicht den Fehler hier abzubrechen. Du bist noch nicht geheilt!

Mach auch gleich noch ein neues Gmer-Log um sicher zu gehen, dass ich nichts übersehen habe.

ciao, andreas

Kaliostro · 17.03.2009, 19:29

Avenger-Log:
Logfile of The Avenger Version 2.0, (c) by Swandog46
Swandog46's Public Anti-Malware Tools

Platform: Windows Vista

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.

Hidden driver "TDSSserv.sys" found!
ImagePath: \systemroot\system32\drivers\TDSSmbcb.sys
Start Type: 4 (Disabled)

Rootkit scan completed.

Driver "TDSSserv.sys" deleted successfully.
Registry key "HKLM\SYSTEM\ControlSet013\Services\TDSSserv.s ys" deleted successfully.

Error: registry key "HKLM\SYSTEM\ControlSet012\Services\TDSSserv.s ys" not found!
Deletion of registry key "HKLM\SYSTEM\ControlSet012\Services\TDSSserv.s ys" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist

Error: registry key "HKLM\SYSTEM\ControlSet011\Services\TDSSserv.s ys" not found!
Deletion of registry key "HKLM\SYSTEM\ControlSet011\Services\TDSSserv.s ys" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist

Error: registry key "HKLM\SYSTEM\ControlSet010\Services\TDSSserv.s ys" not found!
Deletion of registry key "HKLM\SYSTEM\ControlSet010\Services\TDSSserv.s ys" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist

Error: registry key "HKLM\SYSTEM\ControlSet009\Services\TDSSserv.s ys" not found!
Deletion of registry key "HKLM\SYSTEM\ControlSet009\Services\TDSSserv.s ys" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist

Error: registry key "HKLM\SYSTEM\ControlSet008\Services\TDSSserv.s ys" not found!
Deletion of registry key "HKLM\SYSTEM\ControlSet008\Services\TDSSserv.s ys" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist

Error: registry key "HKLM\SYSTEM\ControlSet007\Services\TDSSserv.s ys" not found!
Deletion of registry key "HKLM\SYSTEM\ControlSet007\Services\TDSSserv.s ys" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist

Error: registry key "HKLM\SYSTEM\ControlSet006\Services\TDSSserv.s ys" not found!
Deletion of registry key "HKLM\SYSTEM\ControlSet006\Services\TDSSserv.s ys" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist

Error: registry key "HKLM\SYSTEM\ControlSet005\Services\TDSSserv.s ys" not found!
Deletion of registry key "HKLM\SYSTEM\ControlSet005\Services\TDSSserv.s ys" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist

Error: registry key "HKLM\SYSTEM\ControlSet004\Services\TDSSserv.s ys" not found!
Deletion of registry key "HKLM\SYSTEM\ControlSet004\Services\TDSSserv.s ys" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist

Error: registry key "HKLM\SYSTEM\ControlSet003\Services\TDSSserv.s ys" not found!
Deletion of registry key "HKLM\SYSTEM\ControlSet003\Services\TDSSserv.s ys" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist

Error: registry key "HKLM\SYSTEM\ControlSet002\Services\TDSSserv.s ys" not found!
Deletion of registry key "HKLM\SYSTEM\ControlSet002\Services\TDSSserv.s ys" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist

File "c:\windows\system32\drivers\TDSSmbcb.sys" deleted successfully.
File "c:\windows\system32\TDSScrrx.dll" deleted successfully.
File "c:\windows\system32\TDSSwqsc.dat" deleted successfully.
File "c:\windows\system32\TDSStmei.dll" deleted successfully.
File "c:\windows\system32\TDSSrfpp.dll" deleted successfully.
File "c:\windows\system32\TDSSntlv.dll" deleted successfully.
File "c:\windows\system32\TDSSfopt.dll" deleted successfully.

Error: file "c:\windows\system32\TDSSnyfn.log" not found!
Deletion of file "c:\windows\system32\TDSSnyfn.log" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist

Error: file "c:\windows\system32\TDSSqycx.dll" not found!
Deletion of file "c:\windows\system32\TDSSqycx.dll" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist

Error: file "c:\windows\system32\TDSSdotf.log" not found!
Deletion of file "c:\windows\system32\TDSSdotf.log" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist

File "c:\windows\system32\TDSSsbxq.log" deleted successfully.
Registry key "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\tdssdata" deleted successfully.

Completed script processing.

*******************

Finished! Terminate.

Gmer-Log:
GMER 1.0.14.14536 - http://www.gmer.net
Rootkit scan 2009-03-17 18:29:12
Windows 6.0.6001 Service Pack 1

---- System - GMER 1.0.14 ----

SSDT A9D8B26C ZwCreateThread
SSDT A9D8B258 ZwOpenProcess
SSDT A9D8B25D ZwOpenThread
SSDT A9D8B267 ZwTerminateProcess
SSDT A9D8B262 ZwWriteVirtualMemory

INT 0x52 ? 8601FBF8
INT 0x62 ? 8601FBF8
INT 0x72 ? 8601FBF8
INT 0xA2 ? 8528DBF8
INT 0xB2 ? 8528DBF8
INT 0xB3 ? 8528CBF8

---- Kernel code sections - GMER 1.0.14 ----

.text ntkrnlpa.exe!KeSetTimerEx + 454 82AEDA18 4 Bytes [ 6C, B2, D8, A9 ]
.text ntkrnlpa.exe!KeSetTimerEx + 624 82AEDBE8 4 Bytes [ 58, B2, D8, A9 ]
.text ntkrnlpa.exe!KeSetTimerEx + 640 82AEDC04 4 Bytes [ 5D, B2, D8, A9 ]
.text ntkrnlpa.exe!KeSetTimerEx + 854 82AEDE18 4 Bytes [ 67, B2, D8, A9 ]
.text ntkrnlpa.exe!KeSetTimerEx + 8B4 82AEDE78 4 Bytes [ 62, B2, D8, A9 ]
? system32\drivers\vidopdnr.sys Das System kann den angegebenen Pfad nicht finden. !
? System32\Drivers\spzo.sys Das System kann den angegebenen Pfad nicht finden. !
.text USBPORT.SYS!DllUnload 8AD3946F 5 Bytes JMP 8601F1D8
.text adtmfgov.SYS 8AED9000 22 Bytes [ 26, 92, A0, 82, 10, 91, A0, ... ]
.text adtmfgov.SYS 8AED9017 159 Bytes [ 00, 32, 47, 79, 80, 3D, 45, ... ]
.text adtmfgov.SYS 8AED90B7 22 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text adtmfgov.SYS 8AED90CE 80 Bytes [ 00, 00, 26, 00, 00, 00, E0, ... ]
.text adtmfgov.SYS 8AED911F 194 Bytes [ 7E, 38, 40, 39, 82, 3B, C4, ... ]
.text ...

---- Kernel IAT/EAT - GMER 1.0.14 ----

IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortUchar] [8068B6D2] \SystemRoot\System32\Drivers\spzo.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUchar] [8068B040] \SystemRoot\System32\Drivers\spzo.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortBufferUshort] [8068B7FC] \SystemRoot\System32\Drivers\spzo.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUshort] [8068B0BE] \SystemRoot\System32\Drivers\spzo.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortBufferUshort] [8068B13C] \SystemRoot\System32\Drivers\spzo.sys
IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [8069B048] \SystemRoot\System32\Drivers\spzo.sys
IAT \SystemRoot\System32\Drivers\adtmfgov.SYS[ataport.SYS!AtaPortNotification] F73BFF33
IAT \SystemRoot\System32\Drivers\adtmfgov.SYS[ataport.SYS!AtaPortWritePortUchar] B85F0B75
IAT \SystemRoot\System32\Drivers\adtmfgov.SYS[ataport.SYS!AtaPortWritePortUlong] FFFFFFFE
IAT \SystemRoot\System32\Drivers\adtmfgov.SYS[ataport.SYS!AtaPortGetPhysicalAddress] 08C25D5E
IAT \SystemRoot\System32\Drivers\adtmfgov.SYS[ataport.SYS!AtaPortConvertPhysicalAddressToUlong] 5D8B5300
IAT \SystemRoot\System32\Drivers\adtmfgov.SYS[ataport.SYS!AtaPortGetScatterGatherList] 74DF3B0C
IAT \SystemRoot\System32\Drivers\adtmfgov.SYS[ataport.SYS!AtaPortReadPortUchar] 01FB8311
IAT \SystemRoot\System32\Drivers\adtmfgov.SYS[ataport.SYS!AtaPortStallExecution] 5F5B0C74
IAT \SystemRoot\System32\Drivers\adtmfgov.SYS[ataport.SYS!AtaPortGetParentBusType] FFFFFEB8
IAT \SystemRoot\System32\Drivers\adtmfgov.SYS[ataport.SYS!AtaPortRequestCallback] C25D5EFF
IAT \SystemRoot\System32\Drivers\adtmfgov.SYS[ataport.SYS!AtaPortWritePortBufferUshort] 7E390008
IAT \SystemRoot\System32\Drivers\adtmfgov.SYS[ataport.SYS!AtaPortGetUnCachedExtension] C7077524
IAT \SystemRoot\System32\Drivers\adtmfgov.SYS[ataport.SYS!AtaPortCompleteRequest] 71642446
IAT \SystemRoot\System32\Drivers\adtmfgov.SYS[ataport.SYS!AtaPortMoveMemory] 7E398AEE
IAT \SystemRoot\System32\Drivers\adtmfgov.SYS[ataport.SYS!AtaPortCompleteAllActiveRequests] C7077528
IAT \SystemRoot\System32\Drivers\adtmfgov.SYS[ataport.SYS!AtaPortReleaseRequestSenseIrb] 71902846
IAT \SystemRoot\System32\Drivers\adtmfgov.SYS[ataport.SYS!AtaPortBuildRequestSenseIrb] 468B8AEE
IAT \SystemRoot\System32\Drivers\adtmfgov.SYS[ataport.SYS!AtaPortReadPortUshort] 244E8B2C
IAT \SystemRoot\System32\Drivers\adtmfgov.SYS[ataport.SYS!AtaPortReadPortBufferUshort] 7468016A
IAT \SystemRoot\System32\Drivers\adtmfgov.SYS[ataport.SYS!AtaPortInitialize] 500000FA
IAT \SystemRoot\System32\Drivers\adtmfgov.SYS[ataport.SYS!AtaPortGetDeviceBase] C73BD1FF
IAT \SystemRoot\System32\Drivers\adtmfgov.SYS[ataport.SYS!AtaPortDeviceStateChange] 5F5B0C75

---- User IAT/EAT - GMER 1.0.14 ----

IAT C:\Windows\Explorer.EXE[1772] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [74927BA4] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_65 95b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c1322 2\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1772] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [749698C5] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_65 95b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c1322 2\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1772] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [7492D3C8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_65 95b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c1322 2\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1772] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [7491F527] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_65 95b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c1322 2\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1772] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [74927599] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_65 95b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c1322 2\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1772] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [7491E43D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_65 95b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c1322 2\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1772] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM] [7495B33D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_65 95b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c1322 2\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1772] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream] [7492D68A] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_65 95b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c1322 2\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1772] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [7492012E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_65 95b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c1322 2\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1772] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [74920095] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_65 95b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c1322 2\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1772] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [749171F3] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_65 95b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c1322 2\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1772] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM] [749AD802] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_65 95b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c1322 2\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1772] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile] [749475E1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_65 95b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c1322 2\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1772] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [7491DAE1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_65 95b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c1322 2\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1772] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [7491668F] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_65 95b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c1322 2\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1772] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [749166BA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_65 95b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c1322 2\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1772] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [74921E45] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_65 95b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c1322 2\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

---- Devices - GMER 1.0.14 ----

Device \FileSystem\Ntfs \Ntfs 852931F8
Device \FileSystem\Ntfs \Ntfs MDFSYSNT.sys (MacDrive file system driver/Mediafour Corporation)
Device \Driver\volmgr \Device\VolMgrControl 8528F1F8
Device \Driver\usbohci \Device\USBPDO-0 860211F8
Device \Driver\usbohci \Device\USBPDO-1 860211F8
Device \Driver\usbehci \Device\USBPDO-2 860221F8
Device \Driver\PCI_PNP4474 \Device\00000055 spzo.sys
Device \Driver\netbt \Device\NetBT_Tcpip_{9DC45FF3-14FA-4802-9514-155B9D689101} 8BDD61F8
Device rdpdr.sys (Microsoft RDP Device redirector/Microsoft Corporation)
Device \Driver\volmgr \Device\HarddiskVolume1 8528F1F8

AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

Device \Driver\volmgr \Device\HarddiskVolume2 8528F1F8

AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

Device \Driver\cdrom \Device\CdRom0 860541F8
Device \Driver\cdrom \Device\CdRom1 860541F8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-0 852911F8
Device \Driver\atapi \Device\Ide\IdePort0 852911F8
Device \Driver\atapi \Device\Ide\IdePort1 852911F8
Device \Driver\atapi \Device\Ide\IdePort2 852911F8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-1 852911F8
Device \Driver\netbt \Device\NetBt_Wins_Export 8BDD61F8
Device \Driver\Smb \Device\NetbiosSmb 8BE291F8
Device \FileSystem\Mup \Device\Mup MDFSYSNT.sys (MacDrive file system driver/Mediafour Corporation)
Device \Driver\iScsiPrt \Device\RaidPort0 861081F8
Device \Driver\MDPMGRNT \Device\MacDrivePartitionDriver 852921F8
Device \Driver\usbohci \Device\USBFDO-0 860211F8
Device \Driver\usbohci \Device\USBFDO-1 860211F8
Device \Driver\usbehci \Device\USBFDO-2 860221F8
Device \Driver\sptd \Device\188104484 spzo.sys
Device \Driver\netbt \Device\NetBT_Tcpip_{0A243E33-67A0-466D-8886-87D527523284} 8BDD61F8
Device \Driver\adtmfgov \Device\Scsi\adtmfgov1Port4Path0Target0Lun0 860821F8
Device \Driver\adtmfgov \Device\Scsi\adtmfgov1 860821F8
Device \FileSystem\Fs_Rec \FileSystem\ExFatRecognizer MDFSYSNT.sys (MacDrive file system driver/Mediafour Corporation)
Device \FileSystem\Fs_Rec \FileSystem\UdfsCdRomRecognizer MDFSYSNT.sys (MacDrive file system driver/Mediafour Corporation)
Device \FileSystem\Fs_Rec \FileSystem\FatCdRomRecognizer MDFSYSNT.sys (MacDrive file system driver/Mediafour Corporation)
Device \FileSystem\Fs_Rec \FileSystem\CdfsRecognizer MDFSYSNT.sys (MacDrive file system driver/Mediafour Corporation)
Device \FileSystem\Fs_Rec \FileSystem\FatDiskRecognizer MDFSYSNT.sys (MacDrive file system driver/Mediafour Corporation)
Device \FileSystem\Fs_Rec \FileSystem\UdfsDiskRecognizer MDFSYSNT.sys (MacDrive file system driver/Mediafour Corporation)
Device \FileSystem\cdfs \Cdfs B2E201F8

---- Registry - GMER 1.0.14 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19 659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19 659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19 659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19 659239224E364682FA4BAF72C53EA4@khjeh 0x23 0xCB 0x25 0x99 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19 659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19 659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19 659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xEB 0xF9 0x94 0xA4 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19 659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19 659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khje h 0x72 0xA5 0x29 0x11 ...
Reg HKLM\SYSTEM\ControlSet013\Services\sptd\Cfg\196592 39224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\ControlSet013\Services\sptd\Cfg\196592 39224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet013\Services\sptd\Cfg\196592 39224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet013\Services\sptd\Cfg\196592 39224E364682FA4BAF72C53EA4@khjeh 0x23 0xCB 0x25 0x99 ...
Reg HKLM\SYSTEM\ControlSet013\Services\sptd\Cfg\196592 39224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\ControlSet013\Services\sptd\Cfg\196592 39224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet013\Services\sptd\Cfg\196592 39224E364682FA4BAF72C53EA4\00000001@khjeh 0xEB 0xF9 0x94 0xA4 ...
Reg HKLM\SYSTEM\ControlSet013\Services\sptd\Cfg\196592 39224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\ControlSet013\Services\sptd\Cfg\196592 39224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x72 0xA5 0x29 0x11 ...

---- EOF - GMER 1.0.14 ----

IchGoogleAlles · 17.03.2009, 19:39

Wie lange hast du schon Probleme?

Falls du irgendetwas hast, das du mit dem Computer verbindest, wie SD-Karten, Kamera, Memorysticks, externe Datenträger, ... so hänge vor dem Scan alle an.

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix

Lade dir das Tool hier herunter auf den Desktop -> KLICK

Das Programm jedoch noch nicht starten sondern zuerst folgendes tun:

Schliesse alle Anwendungen und Programme, vor allem deine Antiviren-Software und andere Hintergrundwächter, sowie deinen Internetbrowser.
Vermeide es auch explizit während das Combofix läuft die Maus und Tastatur zu benutzen.

Dann folgende Anleitung durchlesen und abarbeiten -> CCleaner Systembereinigung

Starte nun die combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen und lass dein System durchsuchen.

Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte abkopieren und in deinen Beitrag einfügen. Das log findest du außerdem unter: C:\ComboFix.txt.

Wichtiger Hinweis:

Combofix darf ausschließlich ausgeführt werden wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Hinweis: Combofix verhindert die Autostart Funktion aller CD / DVD und USB - Laufwerken um so eine Verbeitung einzudämmen. Wenn es hierdurch zu Problemen kommt, diese im Thread posten.

ciao, andreas

Kaliostro · 17.03.2009, 20:14

Hm, das Problem mit Google hab' ich jetzt vielleicht 'nen Monat.

Kann ich den CC Cleaner von Zeit zu Zeit einfach wieder benutzen? Das Tool erscheint mir simpel und effektiv, weswegen ich das gerne öfters nutzen würde...

Hier die Log-Datei:
ComboFix 09-03-15.01 - Kaliostro 2009-03-17 19:00:26.1 - NTFSx86
Microsoft® Windows Vista™ Ultimate 6.0.6001.1.1252.1.1031.18.1276.583 [GMT 1:00]
ausgeführt von:: c:\users\Kaliostro\Desktop\ComboFix.exe
* Neuer Wiederherstellungspunkt wurde erstellt
.
ADS - Windows: deleted 48 bytes in 1 streams.

(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\Mozilla Firefox\components\iamfamous.dll
C:\resycled
c:\resycled\boot.com
c:\users\Kaliostro\AppData\Roaming\inst.exe
D:\resycled
d:\resycled\boot.com

.
((((((((((((((((((((((((((((((((((((((( Treiber/Dienste )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_TDSSSERV.SYS
-------\Service_msupdate

((((((((((((((((((((((( Dateien erstellt von 2009-02-17 bis 2009-03-17 ))))))))))))))))))))))))))))))
.

2009-03-17 16:24 . 2009-03-17 16:24 300,544 --a------ c:\windows\System32\Tralala.dll
2009-03-17 16:24 . 2009-03-17 18:11 250 --a------ c:\windows\System32\gmer.ini
2009-03-15 16:52 . 2009-03-15 16:52 <DIR> d-------- c:\program files\Common Files\Windows Live
2009-03-11 06:41 . 2008-12-16 04:29 8,147,456 --a------ c:\windows\System32\wmploc.DLL
2009-03-11 06:41 . 2009-02-09 04:10 2,033,152 --a------ c:\windows\System32\win32k.sys
2009-03-11 06:41 . 2008-11-27 05:43 268,288 --a------ c:\windows\System32\schannel.dll
2009-03-11 06:41 . 2008-12-16 06:31 7,680 --a------ c:\windows\System32\spwmp.dll
2009-03-11 06:41 . 2008-12-16 06:31 4,096 --a------ c:\windows\System32\msdxm.ocx
2009-03-11 06:41 . 2008-12-16 06:31 4,096 --a------ c:\windows\System32\dxmasf.dll
2009-03-07 10:58 . 2009-03-07 10:58 <DIR> d-------- c:\users\All Users\Elaborate Bytes
2009-03-07 10:58 . 2009-03-07 10:58 <DIR> d-------- c:\programdata\Elaborate Bytes
2009-03-06 15:45 . 1997-01-18 10:40 299,520 --a------ c:\windows\uninst.exe
2009-03-06 13:17 . 2009-03-06 13:18 <DIR> d-------- c:\users\Public\OST_The_Watchmen_2oo9_Dj-Mp3
2009-03-04 18:21 . 2009-03-04 18:24 69,632 --a------ c:\windows\ScUnin.exe
2009-03-04 18:21 . 2009-03-04 18:24 28,912 --a------ c:\windows\scunin.dat
2009-03-04 18:21 . 2009-03-04 18:24 967 --a------ c:\windows\ScUnin.pif
2009-03-03 10:47 . 2009-03-03 10:47 <DIR> d-------- c:\users\Public\Training_Day
2009-02-25 17:39 . 2009-02-25 17:39 <DIR> dr------- c:\users\Public\Music
2009-02-25 17:39 . 2009-02-25 17:39 <DIR> dr------- c:\users\Public\Documents
2009-02-24 13:37 . 2008-06-20 02:14 622,080 --a------ c:\windows\System32\icardagt.exe
2009-02-24 13:37 . 2008-06-20 02:14 105,016 --a------ c:\windows\System32\PresentationCFFRasterizerNativ e_v0300.dll
2009-02-24 13:37 . 2008-06-20 02:14 97,800 --a------ c:\windows\System32\infocardapi.dll
2009-02-24 13:37 . 2008-06-20 02:14 43,544 --a------ c:\windows\System32\PresentationHostProxy.dll
2009-02-24 13:37 . 2008-06-20 02:14 37,384 --a------ c:\windows\System32\infocardcpl.cpl
2009-02-24 13:37 . 2008-06-20 02:14 11,264 --a------ c:\windows\System32\icardres.dll
2009-02-24 13:36 . 2008-06-20 02:14 781,344 --a------ c:\windows\System32\PresentationNative_v0300.dll
2009-02-24 13:36 . 2008-06-20 02:14 326,160 --a------ c:\windows\System32\PresentationHost.exe
2009-02-24 13:23 . 2008-07-27 19:03 282,112 --a------ c:\windows\System32\mscoree.dll
2009-02-24 13:23 . 2008-07-27 19:03 96,760 --a------ c:\windows\System32\dfshim.dll
2009-02-24 13:23 . 2008-07-27 19:03 41,984 --a------ c:\windows\System32\netfxperf.dll
2009-02-24 13:22 . 2008-07-27 19:03 158,720 --a------ c:\windows\System32\mscorier.dll
2009-02-24 13:22 . 2008-07-27 19:03 83,968 --a------ c:\windows\System32\mscories.dll
2009-02-22 11:46 . 2009-02-22 11:46 <DIR> d-------- c:\users\Kaliostro\AppData\Roaming\avidemux
2009-02-19 18:07 . 2009-03-11 12:07 <DIR> d-------- c:\users\Public\DRUCKEN BITTE

.
(((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))) ))))
.
2009-03-17 15:42 --------- d-----w c:\users\Kaliostro\AppData\Roaming\mIRC
2009-03-17 11:13 --------- d-----w c:\users\Kaliostro\AppData\Roaming\AIMP
2009-03-13 15:35 --------- d-----w c:\program files\ICQ6
2009-02-21 13:45 --------- d-----w c:\program files\Common Files\DVDVideoSoft
2009-02-15 17:53 --------- d-----w c:\program files\Opera
2009-02-10 18:47 --------- d-----w c:\program files\Messenger Plus! Live
2009-01-28 12:30 --------- d-----w c:\program files\Windows Mail
2009-01-27 15:53 --------- d--h--w c:\program files\InstallShield Installation Information
2009-01-26 18:05 --------- d-----w c:\program files\Java
2008-11-14 14:08 47,360 ----a-w c:\users\Kaliostro\AppData\Roaming\pcouffin.sys
2008-02-07 02:37 174 --sha-w c:\program files\desktop.ini
.

(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-18 125952]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\I SUSPM.exe" [2004-07-28 221184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"Monitor"="c:\windows\PixArt\PAC207\Monitor.ex e" [2006-11-03 319488]
"avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-07-18 266497]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-01-28 136600]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-28 81920]
"SiSTray"="c:\program files\SiS VGA Utilities\SiSTray.exe" [2008-07-29 552960]
"{B179023B-6238-4499-8F26-CD73E9D90E0A}"="c:\program files\Mediafour\MacDrive 7\MacDrive.exe" [2007-07-12 179288]
"MDGetStarted.exe"="c:\program files\Mediafour\MacDrive 7\MDGetStarted.exe" [2007-06-13 139264]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-11-04 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"RtHDVCpl"="RtHDVCpl.exe" [2008-03-20 c:\windows\RtHDVCpl.exe]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Ulead Photo Express SE Calendar Checker.lnk - c:\program files\Ulead Systems\Ulead Photo Express 3.0 SE\CalCheck.exe [2008-03-31 61440]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.i420"= i420vfw.dll

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\FirewallRules]
"{933F73FE-399D-4178-8A3B-99F1FD0A215B}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{3188866E-AD60-44CB-9505-87A2F97D266F}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{E0A9B4A2-8198-4D41-8950-177685DE2D40}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{FCE068A4-DF26-4CDD-A877-7BA062E4A08B}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{694EA7D0-9349-45EF-B222-70D72FA619C5}c:\\program files\\icq6\\icq.exe"= UDP:c:\program files\icq6\icq.exe:ICQ Library
"UDP Query User{ECEFF289-D6CE-4831-84A6-3E0EEC3D01D1}c:\\program files\\icq6\\icq.exe"= TCP:c:\program files\icq6\icq.exe:ICQ Library
"TCP Query User{498B8F2B-21ED-4892-B67E-B1D63EA2726A}c:\\program files\\ea games\\mohaa\\mohaa.exe"= UDP:c:\program files\ea games\mohaa\mohaa.exe:Medal of Honor Allied Assault(tm)
"UDP Query User{16F3EB8A-91CE-4BD8-BFAF-A7F7FC6C26E7}c:\\program files\\ea games\\mohaa\\mohaa.exe"= TCP:c:\program files\ea games\mohaa\mohaa.exe:Medal of Honor Allied Assault(tm)
"TCP Query User{2A27E9F9-4517-4C2F-BB40-30288444E409}c:\\program files\\icq6\\icq.exe"= UDP:c:\program files\icq6\icq.exe:ICQ Library
"UDP Query User{6A20B932-8EC5-4153-8ACC-AABCF8381B0F}c:\\program files\\icq6\\icq.exe"= TCP:c:\program files\icq6\icq.exe:ICQ Library
"TCP Query User{71F3782E-612C-49AC-923F-3568129C6415}c:\\program files\\real\\realplayer\\realplay.exe"= UDP:c:\program files\real\realplayer\realplay.exe:RealPlayer
"UDP Query User{D9C334D9-571E-4D1C-847D-F3690B00974D}c:\\program files\\real\\realplayer\\realplay.exe"= TCP:c:\program files\real\realplayer\realplay.exe:RealPlayer
"TCP Query User{8A6F13BB-6DBB-4741-A50D-3F6F251177FF}c:\\program files\\veoh networks\\veoh\\veohclient.exe"= UDP:c:\program files\veoh networks\veoh\veohclient.exe:Veoh Client
"UDP Query User{C63BF28C-3F1D-47BF-9588-73FFA2BA3CC3}c:\\program files\\veoh networks\\veoh\\veohclient.exe"= TCP:c:\program files\veoh networks\veoh\veohclient.exe:Veoh Client
"TCP Query User{9BBDDB17-EA69-41EB-874A-B6AF8166AB7C}c:\\program files\\wolfenstein - enemy territory\\et.exe"= UDP:c:\program files\wolfenstein - enemy territory\et.exe:ET
"UDP Query User{EDBBC89F-765A-4300-894F-8556713D2FF8}c:\\program files\\wolfenstein - enemy territory\\et.exe"= TCP:c:\program files\wolfenstein - enemy territory\et.exe:ET
"TCP Query User{8625D0B0-7E41-496F-B8E4-352263D74D02}c:\\program files\\mozilla firefox\\firefox.exe"= UDP:c:\program files\mozilla firefox\firefox.exe:Firefox
"UDP Query User{3F6B06F8-1F03-4FC8-BDB8-7528F619D296}c:\\program files\\mozilla firefox\\firefox.exe"= TCP:c:\program files\mozilla firefox\firefox.exe:Firefox
"TCP Query User{68A49B1A-EB08-46CD-9B79-E3306E6D2929}d:\\quake iii arena\\quake3.exe"= UDP:d:\quake iii arena\quake3.exe:quake3
"UDP Query User{FA23C130-DD10-403B-A10D-E1D67165DA81}d:\\quake iii arena\\quake3.exe"= TCP:d:\quake iii arena\quake3.exe:quake3
"TCP Query User{6F51C6F2-93CF-44FF-940E-D38C75146183}d:\\quake iii arena\\quake3.exe"= UDP:d:\quake iii arena\quake3.exe:quake3
"UDP Query User{7038FD7A-C4E1-42B7-99F1-072E7324850C}d:\\quake iii arena\\quake3.exe"= TCP:d:\quake iii arena\quake3.exe:quake3
"{C1B19692-FE92-461A-80DB-E2483A8AECA1}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{C9CC9B6E-96D2-4373-BD76-55200C4F18A7}c:\\program files\\opera\\opera.exe"= UDP:c:\program files\opera\opera.exe:Opera Internet Browser
"UDP Query User{DF0BE417-44B5-4AC9-9E83-C1ABFF0AC1B9}c:\\program files\\opera\\opera.exe"= TCP:c:\program files\opera\opera.exe:Opera Internet Browser
"TCP Query User{A8CF9247-D86A-4741-B1EA-E7206005409E}c:\\program files\\ubi soft\\xiii\\system\\xiii.exe"= UDP:c:\program files\ubi soft\xiii\system\xiii.exe:XIII
"UDP Query User{9318A090-36C3-4C68-A520-FDDE2E22D803}c:\\program files\\ubi soft\\xiii\\system\\xiii.exe"= TCP:c:\program files\ubi soft\xiii\system\xiii.exe:XIII
"TCP Query User{0E8667C4-4BF4-408E-907C-6C0F25B4DB78}c:\\unrealtournament\\system\\unrealt ournament.exe"= UDP:c:\unrealtournament\system\unrealtournament.ex e:UnrealTournament
"UDP Query User{F200A6C5-F859-4494-A135-B86698ADAE4B}c:\\unrealtournament\\system\\unrealt ournament.exe"= TCP:c:\unrealtournament\system\unrealtournament.ex e:UnrealTournament
"TCP Query User{E3495E3D-A2D0-45DE-A099-A4DBCB68DF09}c:\\users\\kaliostro\\desktop\\ea games\\mohaa\\mohaa.exe"= UDP:c:\users\kaliostro\desktop\ea games\mohaa\mohaa.exe:mohaa.exe
"UDP Query User{7A30B3F2-69D4-448D-9EDE-46ABA54F4528}c:\\users\\kaliostro\\desktop\\ea games\\mohaa\\mohaa.exe"= TCP:c:\users\kaliostro\desktop\ea games\mohaa\mohaa.exe:mohaa.exe
"TCP Query User{14F633D8-DDCD-49FC-B30A-5D8C75AF4BF2}c:\\sierra\\half-life\\hl.exe"= UDP:c:\sierra\half-life\hl.exe:Half-Life Launcher
"UDP Query User{19E473F6-824A-4ACA-A760-C69F5487632F}c:\\sierra\\half-life\\hl.exe"= TCP:c:\sierra\half-life\hl.exe:Half-Life Launcher
"TCP Query User{BAB27C74-D23F-459E-8FC1-A57F6046ED62}d:\\programme\\veoh networks\\veoh\\veohclient.exe"= UDP:d:\programme\veoh networks\veoh\veohclient.exe:Veoh Client
"UDP Query User{A5D9DA52-2970-4153-81C6-5350B076C4AB}d:\\programme\\veoh networks\\veoh\\veohclient.exe"= TCP:d:\programme\veoh networks\veoh\veohclient.exe:Veoh Client
"TCP Query User{5AFF63DB-F5AA-4C23-BDF0-07AC88F8FEB8}d:\\programme\\mirc\\mirc.exe"= UDP:d:\programme\mirc\mirc.exe:mIRC
"UDP Query User{9C4081C5-7B08-4CAC-9EA4-79E134ECB5A6}d:\\programme\\mirc\\mirc.exe"= TCP:d:\programme\mirc\mirc.exe:mIRC
"{AD87B113-3FFC-462E-9B80-B78124FA36DF}"= UDP:c:\program files\Winamp Remote\bin\Orb.exe:Orb
"{4C2A791D-A69E-490F-BD9C-65BAF3B37F64}"= TCP:c:\program files\Winamp Remote\bin\Orb.exe:Orb
"{592EB826-8BDA-4200-BE75-B3899E5AF9A5}"= UDP:c:\program files\Winamp Remote\bin\OrbTray.exe:OrbTray
"{6C721738-F5AE-489E-897C-D59AE23492F6}"= TCP:c:\program files\Winamp Remote\bin\OrbTray.exe:OrbTray
"{5A4122EF-8DC7-40E4-8FB2-E2F6B1DA7F97}"= UDP:c:\program files\Winamp Remote\bin\OrbIR.exe:OrbIR
"{DB5FBEDC-9A2F-4EE6-8FA6-CE19FFCBE2F6}"= TCP:c:\program files\Winamp Remote\bin\OrbIR.exe:OrbIR
"{F7375FAD-248B-4BEB-86F8-87D89C6B9445}"= UDP:c:\program files\Winamp Remote\bin\OrbStreamerClient.exe:Orb Stream Client
"{D96890AC-174B-4418-B658-27428319962A}"= TCP:c:\program files\Winamp Remote\bin\OrbStreamerClient.exe:Orb Stream Client
"TCP Query User{043D873A-F98C-4A80-90BF-578F7700FB4C}d:\\programme\\mirc\\mirc.exe"= UDP:d:\programme\mirc\mirc.exe:mIRC
"UDP Query User{5F8B9F51-7094-4440-BB4F-C9F21F7107DD}d:\\programme\\mirc\\mirc.exe"= TCP:d:\programme\mirc\mirc.exe:mIRC
"{49E023BD-088B-402E-8002-09295AABFA02}"= UDP:c:\program files\Roxio\WinOnCD 8\Digital Home\RoxUpnpServer.exe:Roxio Upnp Service
"{EEE5178F-B3FB-4252-8DB3-C0857C98B9C3}"= TCP:c:\program files\Roxio\WinOnCD 8\Digital Home\RoxUpnpServer.exe:Roxio Upnp Service
"TCP Query User{4FEA05AE-D3DC-44CF-A3A5-243B59A248EC}d:\\spiele\\elite force\\stvoyhm.exe"= UDP:d:\spiele\elite force\stvoyhm.exe:stvoyHM
"UDP Query User{6F8DF20F-65DA-42C8-A7EB-20D7BCBF3F3C}d:\\spiele\\elite force\\stvoyhm.exe"= TCP:d:\spiele\elite force\stvoyhm.exe:stvoyHM
"TCP Query User{7AE395A7-63B3-4518-9D5B-1DD3638CE97F}d:\\spiele\\diablo ii\\game.exe"= UDP:d:\spiele\diablo ii\game.exe

iablo II
"UDP Query User{8D33030B-5937-4C08-B155-53E0C9BD8677}d:\\spiele\\diablo ii\\game.exe"= TCP:d:\spiele\diablo ii\game.exe

iablo II
"{E9A50DD9-DAB0-447D-AE00-A1AAA2953800}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{1F892145-C22C-4683-96A4-ECA979E9CE60}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"{1B1CAC08-0EE4-45F3-BF38-C55457507839}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{22904D9B-726C-4130-BDB8-E681186C6F72}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"TCP Query User{A8FEAAAE-B95B-49C9-BE31-810824D1399D}d:\\programme\\opera\\opera.exe"= UDP:d:\programme\opera\opera.exe:Opera Internet Browser
"UDP Query User{AEEEC34C-13AF-42BE-9838-FF1318ACE30A}d:\\programme\\opera\\opera.exe"= TCP:d:\programme\opera\opera.exe:Opera Internet Browser
"TCP Query User{FCEF905C-F959-4BB3-9175-A54FC1E72859}c:\\users\\kaliostro\\appdata\\local\ \temp\\usmt\\migwiz.exe"= UDP:c:\users\kaliostro\appdata\local\temp\usmt\mig wiz.exe:migwiz.exe
"UDP Query User{33A9D6D1-11D0-4498-81DD-0069F4E9BF0C}c:\\users\\kaliostro\\appdata\\local\ \temp\\usmt\\migwiz.exe"= TCP:c:\users\kaliostro\appdata\local\temp\usmt\mig wiz.exe:migwiz.exe

R0 MDFSYSNT;MacDrive file system driver;c:\windows\System32\drivers\MDFSYSNT.SYS [2007-09-05 277888]
R0 MDPMGRNT;MDPMGRNT;c:\windows\System32\drivers\MDPM GRNT.sys [2007-02-28 19072]
R2 MacDriveService;MacDriveService;c:\program files\Mediafour\MacDrive 7\MacDriveService.exe [2007-05-01 143360]
R3 PAC207;PC Camer@;c:\windows\System32\drivers\PFC027.SYS [2006-11-20 506112]
R3 SiS6350;SiS6350;c:\windows\System32\drivers\SISGRK MD.sys [2008-08-04 459264]
R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\System32\drivers\SiSGB6.sys [2007-07-04 47616]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\MAGIX\Common\Database\bin\fbserver.exe --> c:\program files\MAGIX\Common\Database\bin\fbserver.exe [?]

--- Andere Dienste/Treiber im Speicher ---

*Deregistered* - sptd

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\G]
\shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL g:\resycled\boot.com g:
\shell\Open\command - g:\resycled\boot.com g:

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{02fb6b4b-fa7a-11dd-9814-001e3304144a}]
\shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL g:\resycled\boot.com g:
\shell\Open\command - g:\resycled\boot.com g:

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{05c3b37f-e537-11dd-b230-001e3304144a}]
\shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL h:\resycled\boot.com h:

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{07361c90-f40f-11dd-b109-001e3304144a}]
\shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL g:\resycled\boot.com g:
\shell\Open\command - g:\resycled\boot.com g:

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{218a8199-fe70-11dd-8ff7-001e3304144a}]
\shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL g:\resycled\boot.com g:
\shell\Open\command - g:\resycled\boot.com g:

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{218a81a0-fe70-11dd-8ff7-001e3304144a}]
\shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL g:\resycled\boot.com g:
\shell\Open\command - g:\resycled\boot.com g:

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{2326aa8b-f2b7-11dd-80e3-001e3304144a}]
\shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL h:\resycled\boot.com g:
\shell\Open\command - h:\resycled\boot.com g:

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{2af51244-fd8b-11dd-87d4-001e3304144a}]
\shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL g:\resycled\boot.com g:
\shell\Open\command - g:\resycled\boot.com g:

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{2bef59d6-f1dc-11dd-9eb6-001e3304144a}]
\shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL g:\resycled\boot.com g:
\shell\Open\command - g:\resycled\boot.com g:

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{2f469000-e09c-11dd-b2a4-001e3304144a}]
\shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL h:\resycled\boot.com h:

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{3190195b-031c-11de-be4c-001e3304144a}]
\shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL g:\resycled\boot.com g:
\shell\Open\command - g:\resycled\boot.com g:

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{33b66a34-f733-11dd-8e98-001e3304144a}]
\shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL g:\resycled\boot.com g:
\shell\Open\command - g:\resycled\boot.com g:

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{343e9fca-07cb-11de-8e29-001e3304144a}]
\shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL g:\resycled\boot.com g:
\shell\Open\command - g:\resycled\boot.com g:

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{37ca76ce-f5d1-11dd-8b80-001e3304144a}]
\shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL g:\resycled\boot.com g:
\shell\Open\command - g:\resycled\boot.com g:

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{37ca76ea-f5d1-11dd-8b80-001e3304144a}]
\shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL g:\resycled\boot.com g:
\shell\Open\command - g:\resycled\boot.com g:

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{383bfd0b-f76a-11dd-9c65-001e3304144a}]
\shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL g:\resycled\boot.com g:
\shell\Open\command - g:\resycled\boot.com g:

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{3a299455-e3f3-11dd-b496-001e3304144a}]
\shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL h:\resycled\boot.com h:

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{3b2a34d2-f69b-11dd-8d26-001e3304144a}]
\shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL g:\resycled\boot.com g:
\shell\Open\command - g:\resycled\boot.com g:

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{3cb0af17-fde6-11dd-980e-001e3304144a}]
\shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL g:\resycled\boot.com g:
\shell\Open\command - g:\resycled\boot.com g:

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{3ce10b62-e9f4-11dd-b374-806e6f6e6963}]
\shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL h:\resycled\boot.com h:

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{42200e83-e3c8-11dd-a992-806e6f6e6963}]
\shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL h:\resycled\boot.com h:

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{434108c5-e39e-11dd-86ed-806e6f6e6963}]
\shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL g:\resycled\boot.com g:
\shell\Open\command - g:\resycled\boot.com g:

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{434108c6-e39e-11dd-86ed-806e6f6e6963}]
\shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL h:\resycled\boot.com h:

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{467aee09-ef75-11dd-870b-001e3304144a}]
\shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL g:\resycled\boot.com g:
\shell\Open\command - g:\resycled\boot.com g:

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{467aee0f-ef75-11dd-870b-001e3304144a}]
\shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL g:\resycled\boot.com g:
\shell\Open\command - g:\resycled\boot.com g:

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{467aee1c-ef75-11dd-870b-001e3304144a}]
\shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL g:\resycled\boot.com g:
\shell\Open\command - g:\resycled\boot.com g:

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{51da712a-e26f-11dd-a144-001e3304144a}]
\shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL h:\resycled\boot.com h:

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{54360ea2-ed2b-11dd-9455-806e6f6e6963}]
\shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL g:\resycled\boot.com g:
\shell\Open\command - g:\resycled\boot.com g:

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{55d3afec-f356-11dd-b373-001e3304144a}]
\shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL g:\resycled\boot.com g:
\shell\Open\command - g:\resycled\boot.com g:

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{569c6c08-e133-11dd-b27d-001e3304144a}]
\shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL h:\resycled\boot.com h:

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{569c6c21-e133-11dd-b27d-001e3304144a}]
\shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL h:\resycled\boot.com h:

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{5bc97568-ed70-11dd-9e6c-001e3304144a}]
\shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL g:\resycled\boot.com g:
\shell\Open\command - g:\resycled\boot.com g:

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{5bc9756e-ed70-11dd-9e6c-001e3304144a}]
\shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL g:\resycled\boot.com g:
\shell\Open\command - g:\resycled\boot.com g:

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{5ccf6c66-e5ea-11dd-8d79-001e3304144a}]
\shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL h:\resycled\boot.com h:

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{5ccf6c9b-e5ea-11dd-8d79-001e3304144a}]
\shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL h:\resycled\boot.com h:

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{5ce6b484-e57b-11dd-a639-806e6f6e6963}]
\shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL h:\resycled\boot.com h:

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{5ce6b4d8-e57b-11dd-a639-001e3304144a}]
\shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL h:\resycled\boot.com h:

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{5df050c5-f835-11dd-a064-001e3304144a}]
\shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL g:\resycled\boot.com g:
\shell\Open\command - g:\resycled\boot.com g:

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{5ff7a601-f8cd-11dd-b95b-001e3304144a}]
\shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL g:\resycled\boot.com g:
\shell\Open\command - g:\resycled\boot.com g:

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{60cf44eb-e023-11dd-afc5-001e3304144a}]
\shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL h:\resycled\boot.com h:

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{661df8f8-f91b-11dd-85f5-001e3304144a}]
\shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL g:\resycled\boot.com g:
\shell\Open\command - g:\resycled\boot.com g:

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{661df914-f91b-11dd-85f5-001e3304144a}]
\shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL g:\resycled\boot.com g:
\shell\Open\command - g:\resycled\boot.com g:

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{667ce645-fb0b-11dd-83d6-806e6f6e6963}]
\shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL g:\resycled\boot.com g:
\shell\Open\command - g:\resycled\boot.com g:

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{747e7265-e1fa-11dd-8046-806e6f6e6963}]
\shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL h:\resycled\boot.com h:

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{76942bfa-ff38-11dd-b529-001e3304144a}]
\shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL g:\resycled\boot.com g:
\shell\Open\command - g:\resycled\boot.com g:

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{76942c00-ff38-11dd-b529-001e3304144a}]
\shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL g:\resycled\boot.com g:
\shell\Open\command - g:\resycled\boot.com g:

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{76942c06-ff38-11dd-b529-001e3304144a}]
\shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL g:\resycled\boot.com g:
\shell\Open\command - g:\resycled\boot.com g:

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{76942c0f-ff38-11dd-b529-001e3304144a}]
\shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL g:\resycled\boot.com g:
\shell\Open\command - g:\resycled\boot.com g:

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{7acfdda6-0410-11de-ab6c-001e3304144a}]
\shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL g:\resycled\boot.com g:
\shell\Open\command - g:\resycled\boot.com g:

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{7bbccdb6-eea5-11dd-87ae-001e3304144a}]
\shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL g:\resycled\boot.com g:
\shell\Open\command - g:\resycled\boot.com g:

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{7bbccdbd-eea5-11dd-87ae-001e3304144a}]
\shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL g:\resycled\boot.com g:
\shell\Open\command - g:\resycled\boot.com g:

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{7fd2c8e4-e3c7-11dd-9ebe-806e6f6e6963}]
\shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL h:\resycled\boot.com h:

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{81de4358-e6b3-11dd-a85d-001e3304144a}]
\shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL h:\resycled\boot.com h:

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{896087d9-f04c-11dd-9bc3-001e3304144a}]
\shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL g:\resycled\boot.com g:
\shell\Open\command - g:\resycled\boot.com g:

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{8c2d8a45-e2d6-11dd-aad4-806e6f6e6963}]
\shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL h:\resycled\boot.com h:

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{8c2d8acb-e2d6-11dd-aad4-001e3304144a}]
\shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL h:\resycled\boot.com h:

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{924877fd-03f9-11de-a8b2-001e3304144a}]
\shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL g:\resycled\boot.com g:
\shell\Open\command - g:\resycled\boot.com g:

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{92506345-e3c9-11dd-8ac0-806e6f6e6963}]
\shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL h:\resycled\boot.com h:

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{947541f4-e77c-11dd-8bda-001e3304144a}]
\shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL h:\resycled\boot.com h:

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{94754203-e77c-11dd-8bda-001e3304144a}]
\shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL h:\resycled\boot.com h:

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{9916e3fc-f6b8-11dd-9734-001e3304144a}]
\shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL g:\resycled\boot.com g:
\shell\Open\command - g:\resycled\boot.com g:

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{9b6d293b-fbfb-11dd-8f78-001e3304144a}]
\shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL g:\resycled\boot.com g:
\shell\Open\command - g:\resycled\boot.com g:

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{9b6d2941-fbfb-11dd-8f78-001e3304144a}]
\shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL g:\resycled\boot.com g:
\shell\Open\command - g:\resycled\boot.com g:

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{a75c4f3a-0030-11de-9043-001e3304144a}]
\shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL g:\resycled\boot.com g:
\shell\Open\command - g:\resycled\boot.com g:

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{ad0743c8-ed33-11dd-b8c8-806e6f6e6963}]
\shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL g:\resycled\boot.com g:
\shell\Open\command - g:\resycled\boot.com g:

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{ada3dc6c-fcaf-11dd-b622-001e3304144a}]
\shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL g:\resycled\boot.com g:
\shell\Open\command - g:\resycled\boot.com g:

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{b153d9d1-e47a-11dd-a51f-001e3304144a}]
\shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL h:\resycled\boot.com h:

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{b153d9d7-e47a-11dd-a51f-001e3304144a}]
\shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL h:\resycled\boot.com h:

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{b4967db1-0e27-11de-8c45-001e3304144a}]
\shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL g:\resycled\boot.com g:
\shell\Open\command - g:\resycled\boot.com g:

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{c0acd777-f3a6-11dd-875e-001e3304144a}]
\shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL g:\resycled\boot.com g:
\shell\Open\command - g:\resycled\boot.com g:

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{c647dc3a-ff71-11dd-93ac-001e3304144a}]
\shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL g:\resycled\boot.com g:
\shell\Open\command - g:\resycled\boot.com g:

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{d35bf5ae-f66a-11dd-8993-001e3304144a}]
\shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL g:\resycled\boot.com g:
\shell\Open\command - g:\resycled\boot.com g:

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{d623dce0-032c-11de-9a2c-001e3304144a}]
\shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL g:\resycled\boot.com g:
\shell\Open\command - g:\resycled\boot.com g:

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{d623dd00-032c-11de-9a2c-001e3304144a}]
\shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL g:\resycled\boot.com g:
\shell\Open\command - g:\resycled\boot.com g:

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{d84af55c-edd3-11dd-93be-001e3304144a}]
\shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL g:\resycled\boot.com g:
\shell\Open\command - g:\resycled\boot.com g:

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{da4ba686-e41a-11dd-ac07-001e3304144a}]
\shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL h:\resycled\boot.com h:

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{ea2596f1-f9c5-11dd-8b9e-001e3304144a}]
\shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL g:\resycled\boot.com g:
\shell\Open\command - g:\resycled\boot.com g:

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{ea259702-f9c5-11dd-8b9e-001e3304144a}]
\shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL g:\resycled\boot.com g:
\shell\Open\command - g:\resycled\boot.com g:

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{ebc6f5bb-f52e-11dd-8df0-001e3304144a}]
\shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL g:\resycled\boot.com g:
\shell\Open\command - g:\resycled\boot.com g:

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{f244ef41-dddf-11dd-9dde-806e6f6e6963}]
\shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL g:\resycled\boot.com g:
\shell\Open\command - g:\resycled\boot.com g:

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{f9ae442d-e91f-11dd-9037-806e6f6e6963}]
\shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL g:\resycled\boot.com g:
\shell\Open\command - g:\resycled\boot.com g:

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{f9ae442e-e91f-11dd-9037-806e6f6e6963}]
\shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL h:\resycled\boot.com h:

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{f9ae446f-e91f-11dd-9037-001e3304144a}]
\shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL h:\resycled\boot.com h:

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{f9ae447c-e91f-11dd-9037-001e3304144a}]
\shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL h:\resycled\boot.com h:

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{fd7cb85e-e855-11dd-b38a-001e3304144a}]
\shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL h:\resycled\boot.com h:

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{fe6e4e23-ead2-11dd-b012-001e3304144a}]
\shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL h:\resycled\boot.com h:

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{ffbcb3d3-097d-11de-9e0b-001e3304144a}]
\shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL g:\resycled\boot.com g:
\shell\Open\command - g:\resycled\boot.com g:
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -

BHO-{88516C26-3EBD-445A-9C28-EBBA9637DB75} - (no file)
ShellIconOverlayIdentifiers-MacDrive Volume Icons - (no file)
HKCU-Run-AdobeBridge - (no file)
HKLM-Run-TkBellExe - realsched.exe

.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://xdccing.com/
uInternet Settings,ProxyOverride = *.local
FF - ProfilePath - c:\users\Kaliostro\AppData\Roaming\Mozilla\Firefox \Profiles\n090kpjk.default\
FF - prefs.js: browser.startup.homepage - kwick.de
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Opera\program\plugins\npdivx32.dll
FF - plugin: d:\programme\DivX\DivX Content Uploader\npUpload.dll
FF - plugin: d:\programme\DivX\DivX Player\npDivxPlayerPlugin.dll
.

************************************************** ************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-17 19:07:21
Windows 6.0.6001 Service Pack 1 NTFS

Scanne versteckte Prozesse...

Scanne versteckte Autostarteinträge...

Scanne versteckte Dateien...

Scan erfolgreich abgeschlossen
versteckte Dateien: 0

************************************************** ************************
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\System32\audiodg.exe
d:\programme\Ad-Aware\aawservice.exe
c:\program files\Avira\AntiVir PersonalEdition Classic\avguard.exe
c:\windows\ehome\ehmsas.exe
c:\program files\Avira\AntiVir PersonalEdition Classic\sched.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\CDBurnerXP\NMSAccessU.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\System32\conime.exe
.
************************************************** ************************
.
Zeit der Fertigstellung: 2009-03-17 19:13:12 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2009-03-17 18:13:08

Vor Suchlauf: 18 Verzeichnis(se), 10.221.723.648 Bytes frei
Nach Suchlauf: 9,476,083,712 Bytes frei

448 --- E O F --- 2009-03-14 16:16:59

IchGoogleAlles · 17.03.2009, 20:33

Zitat:

Kann ich den CC Cleaner von Zeit zu Zeit einfach wieder benutzen? Das Tool erscheint mir simpel und effektiv, weswegen ich das gerne öfters nutzen würde...

Ja, jederzeit.

1.) Was sind deine Laufwerke G: und H:?

2.) Solange ich Log lesen musst, lasse folgende Scanner laufen und poste jeweils das Log.

3.) Lade dir Lop S&D herunter.

Führe Lop S&D.exe per Doppelklick aus.
Wähle die Sprache deiner Wahl und anschließend die Option 2 (Suche)
Warte bis der Scanbericht erstellt wird (Du findest ihn unter C:\lopR.txt, sollte der Bericht nicht erscheinen)

(Sollte dein Desktop verschwinden, drücke bitte Ctrl + Alt + Entf um den Taskmanager zu starten. Wähle unter Datei, neuen Task aus und gib dort explorer.exe ein)

ciao, andreas

Kaliostro · 17.03.2009, 22:13

Hier der Malware-Bericht:

Malwarebytes' Anti-Malware 1.34
Datenbank Version: 1859
Windows 6.0.6001 Service Pack 1

17.03.2009 21:13:05
mbam-log-2009-03-17 (21-13-05).txt

Scan-Methode: Vollständiger Scan (C:\|D:\|)
Durchsuchte Objekte: 190403
Laufzeit: 1 hour(s), 33 minute(s), 47 second(s)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)

IchGoogleAlles · 17.03.2009, 22:22

Was sind deine Laufwerke G: und H:? Darüber wurdest du vermutlich infiziert.

ciao, andreas

Kaliostro · 17.03.2009, 23:18

G: ist ein Teil meines Cardreaders den ich aber nie benutze. Und H: kann ich momentan eigentlich gar nicht zuordnen, möglicherweise meine vor kurzem defekt gegangene externe Festplatte...

Kaliostro · 18.03.2009, 13:37

Superantispyware:

SUPERAntiSpyware Scan Log
SUPERAntiSpyware.com - AntiAdware, AntiSpyware, AntiMalware!

Generated 03/18/2009 at 12:12 PM

Application Version : 4.25.1014

Core Rules Database Version : 3802
Trace Rules Database Version: 1757

Scan type : Complete Scan
Total Scan Time : 00:31:53

Memory items scanned : 590
Memory threats detected : 0
Registry items scanned : 5882
Registry threats detected : 0
File items scanned : 22361
File threats detected : 4

Adware.Tracking Cookie
C:\Users\Kaliostro\AppData\Roaming\Microsoft\Windo ws\Cookies\kaliostro@atdmt[1].txt

Rootkit.TDSServ-Trace
C:\SYSTEM VOLUME INFORMATION\SYSTEMRESTORE\FRSTAGING\WINDOWS\SYSTEM 32\TDSSFOPT.DLL
C:\SYSTEM VOLUME INFORMATION\SYSTEMRESTORE\FRSTAGING{F5B9C908-B54E-4D37-89C5-CFD7577DE4DD}\WINDOWS\SYSTEM32\TDSSFOPT.DLL

Trojan.Agent/Gen-FSG
D:\KOKO ARENA\KEYGEN\KEYGEN.EXE

Rev2004 · 18.03.2009, 15:36

Zitat:

Zitat von Kaliostro

Trojan.Agent/Gen-FSG
D:\KOKO ARENA\KEYGEN\KEYGEN.EXE

lass lieber die Finger von Keygens
so praktisch wie sie auch manchmal sind bringen gerade die gerne Trojaner mit

Kaliostro · 18.03.2009, 16:19

Okay, danke! Auch vielen Dank an IchGoogleAlles! Vielen, vielen Tausend Dank für die Bemühungen! =)

IchGoogleAlles · 18.03.2009, 18:39

Schade, hätte gerne noch das Log von LopSD gesehen.

ciao, andreas

Kaliostro · 18.03.2009, 20:16

Hier isser:

--------------------\\ Lop S&D 4.2.5-0 XP/Vista

Microsoft® Windows Vista™ Ultimate ( v6.0.6001 ) Service Pack 1
X86-based PC ( Multiprocessor Free : Intel(R) Celeron(R) CPU 540 @ 1.86GHz )
BIOS : Ver 1.00PARTTBL"
USER : Kaliostro ( Administrator )
BOOT : Normal boot
C:\ (Local Disk) - NTFS - Total:29 Go (Free:8 Go)
D:\ (Local Disk) - NTFS - Total:45 Go (Free:13 Go)
E:\ (CD or DVD)
F:\ (CD or DVD)

"C:\Lop SD" ( MAJ : 19-12-2008|23:40 )
Option : [1] ( 18.03.2009|19:10 )

[ UAC => 0 ]

--------------------\\ Ordner Verzeichnis unter Local

[15.11.2008|10:50] C:\Users\KALIOS~1\AppData\Local\Adobe
[20.03.2008|15:50] C:\Users\KALIOS~1\AppData\Local\Anwendungsdaten
[08.04.2008|17:21] C:\Users\KALIOS~1\AppData\Local\Apple
[24.08.2008|17:14] C:\Users\KALIOS~1\AppData\Local\Apple Computer
[23.03.2008|18:19] C:\Users\KALIOS~1\AppData\Local\ashampoo
[04.01.2009|18:50] C:\Users\KALIOS~1\AppData\Local\d3d9caps.dat
[18.03.2009|19:03] C:\Users\KALIOS~1\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[01.04.2008|18:31] C:\Users\KALIOS~1\AppData\Local\DFX
[14.03.2009|16:46] C:\Users\KALIOS~1\AppData\Local\FASTWiz.log
[15.11.2008|08:43] C:\Users\KALIOS~1\AppData\Local\GDIPFONTCACHEV1.DA T
[26.10.2008|22:51] C:\Users\KALIOS~1\AppData\Local\Graboid_Inc
[18.03.2009|12:21] C:\Users\KALIOS~1\AppData\Local\IconCache.db
[19.11.2008|09:40] C:\Users\KALIOS~1\AppData\Local\Kingswood_Studios
[15.03.2009|16:56] C:\Users\KALIOS~1\AppData\Local\Microsoft
[16.04.2008|16:49] C:\Users\KALIOS~1\AppData\Local\Microsoft Games
[23.03.2008|17:50] C:\Users\KALIOS~1\AppData\Local\Mozilla
[16.06.2008|05:43] C:\Users\KALIOS~1\AppData\Local\Opera
[22.04.2008|16:09] C:\Users\KALIOS~1\AppData\Local\Roxio
[22.04.2008|16:14] C:\Users\KALIOS~1\AppData\Local\rx_image.Cache
[21.06.2008|10:44] C:\Users\KALIOS~1\AppData\Local\Steam
[18.03.2009|19:05] C:\Users\KALIOS~1\AppData\Local\Temp
[20.03.2008|15:50] C:\Users\KALIOS~1\AppData\Local\Temporary Internet Files
[20.03.2008|15:50] C:\Users\KALIOS~1\AppData\Local\Verlauf
[20.03.2008|15:50] C:\Users\KALIOS~1\AppData\Local\VirtualStore
[6|Datei(en),] C:\Users\KALIOS~1\AppData\Local\Bytes
[20|Verzeichnis(se),] C:\Users\KALIOS~1\AppData\Local\Bytes frei

--------------------\\ Geplante Aufgaben unter C:\Windows\Tasks

[18.03.2009 12:23][--ah-----] C:\Windows\tasks\SA.DAT
[18.03.2009 12:23][--a------] C:\Windows\tasks\SCHEDLGU.TXT

--------------------\\ Ordner Verzeichnis unter C:\ProgramData

[07.03.2009|11:00] C:\ProgramData\.zreglib
[01.12.2008|17:06] C:\ProgramData\{3276BE95_AF08_429F_A64F_CA64CB79BC F6}
[23.03.2008|18:25] C:\ProgramData\addr_file.html
[15.11.2008|10:35] C:\ProgramData\Adobe
[20.03.2008|15:46] C:\ProgramData\Anwendungsdaten
[29.04.2008|14:17] C:\ProgramData\Apple
[01.12.2008|17:05] C:\ProgramData\Apple Computer
[23.03.2008|18:19] C:\ProgramData\ashampoo
[23.03.2008|18:20] C:\ProgramData\Avira
[03.10.2008|14:11] C:\ProgramData\AVS4YOU
[20.03.2008|15:46] C:\ProgramData\Desktop
[01.04.2008|18:31] C:\ProgramData\DFX
[20.03.2008|15:46] C:\ProgramData\Dokumente
[07.03.2009|10:58] C:\ProgramData\Elaborate Bytes
[20.03.2008|15:46] C:\ProgramData\Favoriten
[15.11.2008|09:31] C:\ProgramData\FLEXnet
[26.10.2008|22:51] C:\ProgramData\Graboid Inc
[22.04.2008|12:51] C:\ProgramData\InstallShield
[16.01.2009|18:44] C:\ProgramData\Lavasoft
[10.06.2008|18:35] C:\ProgramData\MAGIX
[17.03.2009|19:36] C:\ProgramData\Malwarebytes
[16.10.2008|12:29] C:\ProgramData\Mediafour
[22.09.2008|12:03] C:\ProgramData\Messenger Plus!
[15.03.2009|16:52] C:\ProgramData\Microsoft
[24.08.2008|16:53] C:\ProgramData\Roxio
[22.04.2008|12:47] C:\ProgramData\Sonic
[20.03.2008|15:46] C:\ProgramData\Startmenü
[18.03.2009|07:53] C:\ProgramData\SUPERAntiSpyware.com
[31.03.2008|18:43] C:\ProgramData\Ulead Systems
[20.03.2008|15:46] C:\ProgramData\Vorlagen
[02.11.2008|16:52] C:\ProgramData\WindowsSearch
[2|Datei(en),] C:\ProgramData\Bytes
[31|Verzeichnis(se),] C:\ProgramData\Bytes frei

--------------------\\ Ordner Verzeichnis unter C:\Program Files

[15.11.2008|10:44] C:\Program Files\Adobe
[09.08.2008|08:29] C:\Program Files\Apple Software Update
[23.03.2008|18:20] C:\Program Files\Avira
[29.12.2008|17:06] C:\Program Files\Bonjour
[30.12.2008|13:16] C:\Program Files\CDBurnerXP
[17.03.2009|19:02] C:\Program Files\Common Files
[26.06.2008|18:28] C:\Program Files\DAEMON Tools Lite
[01.04.2008|18:31] C:\Program Files\DFX
[20.03.2008|15:58] C:\Program Files\DIFX
[26.10.2008|17:33] C:\Program Files\DivX
[06.06.2008|15:05] C:\Program Files\DVDVideoSoft
[20.03.2008|15:46] C:\Program Files\Gemeinsame Dateien [C:\Program Files\Common Files]
[13.03.2009|16:35] C:\Program Files\ICQ6
[27.01.2009|16:53] C:\Program Files\InstallShield Installation Information
[20.03.2008|17:56] C:\Program Files\Internet Explorer
[01.12.2008|17:05] C:\Program Files\iPod
[01.12.2008|17:06] C:\Program Files\iTunes
[26.01.2009|19:05] C:\Program Files\Java
[16.10.2008|12:28] C:\Program Files\Mediafour
[10.02.2009|19:47] C:\Program Files\Messenger Plus! Live
[04.08.2008|14:19] C:\Program Files\Microsoft Games
[07.02.2008|03:26] C:\Program Files\Movie Maker
[18.03.2009|19:00] C:\Program Files\Mozilla Firefox
[26.03.2008|15:42] C:\Program Files\mresreg
[02.11.2006|13:35] C:\Program Files\MSBuild
[23.04.2008|05:44] C:\Program Files\MSXML 4.0
[10.10.2008|14:37] C:\Program Files\OOo-dev 3
[10.10.2008|14:35] C:\Program Files\OpenOffice.org
[23.10.2008|14:21] C:\Program Files\OpenOffice.org 3
[15.02.2009|18:53] C:\Program Files\Opera
[21.03.2008|12:25] C:\Program Files\PC Camer@
[01.12.2008|17:04] C:\Program Files\QuickTime
[26.10.2008|22:44] C:\Program Files\Real
[20.03.2008|16:14] C:\Program Files\Realtek
[02.11.2006|13:35] C:\Program Files\Reference Assemblies
[04.08.2008|13:58] C:\Program Files\SiS VGA Utilities
[26.06.2008|22:20] C:\Program Files\Ulead Systems
[02.11.2006|14:00] C:\Program Files\Uninstall Information
[08.06.2008|15:20] C:\Program Files\VDMSound
[07.02.2008|03:26] C:\Program Files\Windows Calendar
[07.02.2008|03:26] C:\Program Files\Windows Collaboration
[07.02.2008|03:26] C:\Program Files\Windows Defender
[07.02.2008|03:26] C:\Program Files\Windows Journal
[10.06.2008|18:38] C:\Program Files\Windows Live
[28.01.2009|13:30] C:\Program Files\Windows Mail
[12.03.2009|08:06] C:\Program Files\Windows Media Player
[20.03.2008|15:46] C:\Program Files\Windows NT
[07.02.2008|03:26] C:\Program Files\Windows Photo Gallery
[07.02.2008|03:26] C:\Program Files\Windows Sidebar
[20.03.2008|16:41] C:\Program Files\WinRAR
[22.06.2008|10:56] C:\Program Files\Witcobber
[0|Datei(en),] C:\Program Files\Bytes
[53|Verzeichnis(se),] C:\Program Files\Bytes frei

--------------------\\ Ordner Verzeichnis unter C:\Program Files\Common Files

[15.11.2008|10:52] C:\Program Files\Common Files\Adobe
[01.12.2008|17:05] C:\Program Files\Common Files\Apple
[03.10.2008|16:22] C:\Program Files\Common Files\AVSMedia
[21.02.2009|14:45] C:\Program Files\Common Files\DVDVideoSoft
[22.04.2008|12:42] C:\Program Files\Common Files\InstallShield
[23.04.2008|19:33] C:\Program Files\Common Files\Java
[16.10.2008|12:30] C:\Program Files\Common Files\Mediafour
[03.10.2008|14:08] C:\Program Files\Common Files\microsoft shared
[27.04.2008|11:07] C:\Program Files\Common Files\NSV
[21.03.2008|12:25] C:\Program Files\Common Files\PAC207
[26.10.2008|22:45] C:\Program Files\Common Files\Real
[21.03.2008|12:25] C:\Program Files\Common Files\Remove64C
[21.03.2008|12:25] C:\Program Files\Common Files\RemoveC
[24.08.2008|16:53] C:\Program Files\Common Files\Roxio Shared
[02.11.2006|12:18] C:\Program Files\Common Files\Services
[02.11.2006|12:18] C:\Program Files\Common Files\SpeechEngines
[26.06.2008|15:56] C:\Program Files\Common Files\SWF Studio
[07.02.2008|03:26] C:\Program Files\Common Files\System
[15.03.2009|16:52] C:\Program Files\Common Files\Windows Live
[18.03.2009|07:51] C:\Program Files\Common Files\Wise Installation Wizard
[26.10.2008|22:45] C:\Program Files\Common Files\xing shared
[0|Datei(en),] C:\Program Files\Common Files\Bytes
[23|Verzeichnis(se),] C:\Program Files\Common Files\Bytes frei

--------------------\\ Process

( 60 Processes )

... OK !

--------------------\\ Ueberpruefung mit S_Lop

Kein Lop Ordner gefunden !

--------------------\\ Suche nach Lop Dateien - Ordnern

Kein Lop Ordner gefunden !

--------------------\\ Suche innerhalb der Registry

..... OK !

--------------------\\ Ueberpruefung der Hosts Datei

Hosts Datei SAUBER

--------------------\\ Suche nach verborgenen Dateien mit Catchme

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-18 19:11:10
Windows 6.0.6001 Service Pack 1 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 219

--------------------\\ Suche nach anderen Infektionen

--------------------\\ Cracks & Keygens ..

C:\Users\KALIOS~1\AppData\Local\Opera\Opera\profil e\images\http%3A%2F%2Fwww.keygen.ms%2Ffavicon.ico
C:\Users\KALIOS~1\AppData\Local\Opera\Opera\profil e\images\www.keygen.ms.idx

[F:14][D:2]-> C:\Users\KALIOS~1\AppData\Local\Temp
[F:11][D:1]-> C:\Users\KALIOS~1\AppData\Roaming\MICROS~1\Windows \Cookies
[F:524][D:4]-> C:\Users\KALIOS~1\AppData\Local\MICROS~1\Windows\T EMPOR~1\content.IE5
[F:5][D:4]-> C:\$Recycle.Bin

1 - "C:\Lop SD\LopR_1.txt" - 18.03.2009|19:15 - Option : [1]

--------------------\\ Scan beendet um 19:15:02
[ UAC => 1 ]

Nochmals vielen Dank!!

IchGoogleAlles · 18.03.2009, 20:26

Du glaubst doch wohl nicht schon fertig zu sein? Dann schau mal hier, was noch auf dich zukommt.

Scripten mit Combofix

Öffne den Editor (Start => Zubehör => Editor ) kopiere nun folgenden Text in das weiße Feld:

Code:

KILLALL::

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"=-
"SunJavaUpdateSched"=-
"ISUSScheduler"=-
"QuickTime Task"=-
"iTunesHelper"=-

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{1B1CAC08-0EE4-45F3-BF38-C55457507839}"=-
"{22904D9B-726C-4130-BDB8-E681186C6F72}"=-

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{02fb6b4b-fa7a-11dd-9814-001e3304144a}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{05c3b37f-e537-11dd-b230-001e3304144a}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{07361c90-f40f-11dd-b109-001e3304144a}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{218a8199-fe70-11dd-8ff7-001e3304144a}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{218a81a0-fe70-11dd-8ff7-001e3304144a}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2326aa8b-f2b7-11dd-80e3-001e3304144a}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2af51244-fd8b-11dd-87d4-001e3304144a}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2bef59d6-f1dc-11dd-9eb6-001e3304144a}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2f469000-e09c-11dd-b2a4-001e3304144a}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3190195b-031c-11de-be4c-001e3304144a}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{33b66a34-f733-11dd-8e98-001e3304144a}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{343e9fca-07cb-11de-8e29-001e3304144a}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{37ca76ce-f5d1-11dd-8b80-001e3304144a}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{37ca76ea-f5d1-11dd-8b80-001e3304144a}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{383bfd0b-f76a-11dd-9c65-001e3304144a}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3a299455-e3f3-11dd-b496-001e3304144a}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3b2a34d2-f69b-11dd-8d26-001e3304144a}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3cb0af17-fde6-11dd-980e-001e3304144a}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3ce10b62-e9f4-11dd-b374-806e6f6e6963}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{42200e83-e3c8-11dd-a992-806e6f6e6963}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{434108c5-e39e-11dd-86ed-806e6f6e6963}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{434108c6-e39e-11dd-86ed-806e6f6e6963}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{467aee09-ef75-11dd-870b-001e3304144a}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{467aee0f-ef75-11dd-870b-001e3304144a}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{467aee1c-ef75-11dd-870b-001e3304144a}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{51da712a-e26f-11dd-a144-001e3304144a}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{54360ea2-ed2b-11dd-9455-806e6f6e6963}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{55d3afec-f356-11dd-b373-001e3304144a}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{569c6c08-e133-11dd-b27d-001e3304144a}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{569c6c21-e133-11dd-b27d-001e3304144a}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5bc97568-ed70-11dd-9e6c-001e3304144a}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5bc9756e-ed70-11dd-9e6c-001e3304144a}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5ccf6c66-e5ea-11dd-8d79-001e3304144a}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5ccf6c9b-e5ea-11dd-8d79-001e3304144a}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5ce6b484-e57b-11dd-a639-806e6f6e6963}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5ce6b4d8-e57b-11dd-a639-001e3304144a}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5df050c5-f835-11dd-a064-001e3304144a}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5ff7a601-f8cd-11dd-b95b-001e3304144a}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{60cf44eb-e023-11dd-afc5-001e3304144a}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{661df8f8-f91b-11dd-85f5-001e3304144a}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{661df914-f91b-11dd-85f5-001e3304144a}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{667ce645-fb0b-11dd-83d6-806e6f6e6963}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{747e7265-e1fa-11dd-8046-806e6f6e6963}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{76942bfa-ff38-11dd-b529-001e3304144a}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{76942c00-ff38-11dd-b529-001e3304144a}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{76942c06-ff38-11dd-b529-001e3304144a}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{76942c0f-ff38-11dd-b529-001e3304144a}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7acfdda6-0410-11de-ab6c-001e3304144a}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7bbccdb6-eea5-11dd-87ae-001e3304144a}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7bbccdbd-eea5-11dd-87ae-001e3304144a}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7fd2c8e4-e3c7-11dd-9ebe-806e6f6e6963}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{81de4358-e6b3-11dd-a85d-001e3304144a}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{896087d9-f04c-11dd-9bc3-001e3304144a}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8c2d8a45-e2d6-11dd-aad4-806e6f6e6963}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8c2d8acb-e2d6-11dd-aad4-001e3304144a}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{924877fd-03f9-11de-a8b2-001e3304144a}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{92506345-e3c9-11dd-8ac0-806e6f6e6963}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{947541f4-e77c-11dd-8bda-001e3304144a}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{94754203-e77c-11dd-8bda-001e3304144a}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9916e3fc-f6b8-11dd-9734-001e3304144a}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9b6d293b-fbfb-11dd-8f78-001e3304144a}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9b6d2941-fbfb-11dd-8f78-001e3304144a}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a75c4f3a-0030-11de-9043-001e3304144a}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ad0743c8-ed33-11dd-b8c8-806e6f6e6963}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ada3dc6c-fcaf-11dd-b622-001e3304144a}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b153d9d1-e47a-11dd-a51f-001e3304144a}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b153d9d7-e47a-11dd-a51f-001e3304144a}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b4967db1-0e27-11de-8c45-001e3304144a}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c0acd777-f3a6-11dd-875e-001e3304144a}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c647dc3a-ff71-11dd-93ac-001e3304144a}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d35bf5ae-f66a-11dd-8993-001e3304144a}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d623dce0-032c-11de-9a2c-001e3304144a}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d623dd00-032c-11de-9a2c-001e3304144a}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d84af55c-edd3-11dd-93be-001e3304144a}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{da4ba686-e41a-11dd-ac07-001e3304144a}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ea2596f1-f9c5-11dd-8b9e-001e3304144a}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ea259702-f9c5-11dd-8b9e-001e3304144a}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ebc6f5bb-f52e-11dd-8df0-001e3304144a}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f244ef41-dddf-11dd-9dde-806e6f6e6963}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f9ae442d-e91f-11dd-9037-806e6f6e6963}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f9ae442e-e91f-11dd-9037-806e6f6e6963}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f9ae446f-e91f-11dd-9037-001e3304144a}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f9ae447c-e91f-11dd-9037-001e3304144a}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fd7cb85e-e855-11dd-b38a-001e3304144a}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fe6e4e23-ead2-11dd-b012-001e3304144a}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ffbcb3d3-097d-11de-9e0b-001e3304144a}]

Speichere diese Datei nun auf dem Desktop unter -> cfscript.txt

Nun die Datei cfscript.txt mit der rechten Maustaste auf das Sysmbol von Combofix ziehen!

Danach das Combofix nochmal ausführen, das System neu starten und das Log von Combofix posten

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann.

ciao, andreas

Kaliostro · 18.03.2009, 21:09

ComboFix 09-03-15.01 - Kaliostro 2009-03-18 19:44:26.2 - NTFSx86
Microsoft® Windows Vista™ Ultimate 6.0.6001.1.1252.1.1031.18.1276.766 [GMT 1:00]
ausgeführt von:: c:\users\Kaliostro\Desktop\ComboFix.exe
Benutzte Befehlsschalter :: c:\users\Kaliostro\Desktop\cfscript.txt
* Neuer Wiederherstellungspunkt wurde erstellt
.

((((((((((((((((((((((( Dateien erstellt von 2009-02-18 bis 2009-03-18 ))))))))))))))))))))))))))))))
.

2009-03-18 19:02 . 2009-03-18 19:15 <DIR> d-------- C:\Lop SD
2009-03-18 07:53 . 2009-03-18 07:53 <DIR> d-------- c:\users\All Users\SUPERAntiSpyware.com
2009-03-18 07:53 . 2009-03-18 07:53 <DIR> d-------- c:\programdata\SUPERAntiSpyware.com
2009-03-18 07:52 . 2009-03-18 07:52 <DIR> d-------- c:\users\Kaliostro\AppData\Roaming\SUPERAntiSpywar e.com
2009-03-17 19:36 . 2009-03-17 19:36 <DIR> d-------- c:\users\Kaliostro\AppData\Roaming\Malwarebytes
2009-03-17 19:36 . 2009-03-17 19:36 <DIR> d-------- c:\users\All Users\Malwarebytes
2009-03-17 19:36 . 2009-03-17 19:36 <DIR> d-------- c:\programdata\Malwarebytes
2009-03-17 19:36 . 2009-02-11 10:19 38,496 --a------ c:\windows\System32\drivers\mbamswissarmy.sys
2009-03-17 19:36 . 2009-02-11 10:19 15,504 --a------ c:\windows\System32\drivers\mbam.sys
2009-03-17 16:24 . 2009-03-17 16:24 300,544 --a------ c:\windows\System32\Tralala.dll
2009-03-17 16:24 . 2009-03-17 18:11 250 --a------ c:\windows\System32\gmer.ini
2009-03-15 16:52 . 2009-03-15 16:52 <DIR> d-------- c:\program files\Common Files\Windows Live
2009-03-11 06:41 . 2008-12-16 04:29 8,147,456 --a------ c:\windows\System32\wmploc.DLL
2009-03-11 06:41 . 2009-02-09 04:10 2,033,152 --a------ c:\windows\System32\win32k.sys
2009-03-11 06:41 . 2008-11-27 05:43 268,288 --a------ c:\windows\System32\schannel.dll
2009-03-11 06:41 . 2008-12-16 06:31 7,680 --a------ c:\windows\System32\spwmp.dll
2009-03-11 06:41 . 2008-12-16 06:31 4,096 --a------ c:\windows\System32\msdxm.ocx
2009-03-11 06:41 . 2008-12-16 06:31 4,096 --a------ c:\windows\System32\dxmasf.dll
2009-03-07 10:58 . 2009-03-07 10:58 <DIR> d-------- c:\users\All Users\Elaborate Bytes
2009-03-07 10:58 . 2009-03-07 10:58 <DIR> d-------- c:\programdata\Elaborate Bytes
2009-03-06 15:45 . 1997-01-18 10:40 299,520 --a------ c:\windows\uninst.exe
2009-03-06 13:17 . 2009-03-06 13:18 <DIR> d-------- c:\users\Public\OST_The_Watchmen_2oo9_Dj-Mp3
2009-03-04 18:21 . 2009-03-04 18:24 69,632 --a------ c:\windows\ScUnin.exe
2009-03-04 18:21 . 2009-03-04 18:24 28,912 --a------ c:\windows\scunin.dat
2009-03-04 18:21 . 2009-03-04 18:24 967 --a------ c:\windows\ScUnin.pif
2009-03-03 10:47 . 2009-03-03 10:47 <DIR> d-------- c:\users\Public\Training_Day
2009-02-25 17:39 . 2009-02-25 17:39 <DIR> dr------- c:\users\Public\Music
2009-02-25 17:39 . 2009-02-25 17:39 <DIR> dr------- c:\users\Public\Documents
2009-02-24 13:37 . 2008-06-20 02:14 622,080 --a------ c:\windows\System32\icardagt.exe
2009-02-24 13:37 . 2008-06-20 02:14 105,016 --a------ c:\windows\System32\PresentationCFFRasterizerNativ e_v0300.dll
2009-02-24 13:37 . 2008-06-20 02:14 97,800 --a------ c:\windows\System32\infocardapi.dll
2009-02-24 13:37 . 2008-06-20 02:14 43,544 --a------ c:\windows\System32\PresentationHostProxy.dll
2009-02-24 13:37 . 2008-06-20 02:14 37,384 --a------ c:\windows\System32\infocardcpl.cpl
2009-02-24 13:37 . 2008-06-20 02:14 11,264 --a------ c:\windows\System32\icardres.dll
2009-02-24 13:36 . 2008-06-20 02:14 781,344 --a------ c:\windows\System32\PresentationNative_v0300.dll
2009-02-24 13:36 . 2008-06-20 02:14 326,160 --a------ c:\windows\System32\PresentationHost.exe
2009-02-24 13:23 . 2008-07-27 19:03 282,112 --a------ c:\windows\System32\mscoree.dll
2009-02-24 13:23 . 2008-07-27 19:03 96,760 --a------ c:\windows\System32\dfshim.dll
2009-02-24 13:23 . 2008-07-27 19:03 41,984 --a------ c:\windows\System32\netfxperf.dll
2009-02-24 13:22 . 2008-07-27 19:03 158,720 --a------ c:\windows\System32\mscorier.dll
2009-02-24 13:22 . 2008-07-27 19:03 83,968 --a------ c:\windows\System32\mscories.dll
2009-02-22 11:46 . 2009-02-22 11:46 <DIR> d-------- c:\users\Kaliostro\AppData\Roaming\avidemux
2009-02-19 18:07 . 2009-03-11 12:07 <DIR> d-------- c:\users\Public\DRUCKEN BITTE

.
(((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))) ))))
.
2009-03-18 17:24 --------- d-----w c:\users\Kaliostro\AppData\Roaming\AIMP
2009-03-18 15:56 --------- d-----w c:\users\Kaliostro\AppData\Roaming\mIRC
2009-03-18 06:51 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2009-03-13 15:35 --------- d-----w c:\program files\ICQ6
2009-02-21 13:45 --------- d-----w c:\program files\Common Files\DVDVideoSoft
2009-02-15 17:53 --------- d-----w c:\program files\Opera
2009-02-10 18:47 --------- d-----w c:\program files\Messenger Plus! Live
2009-01-28 12:30 --------- d-----w c:\program files\Windows Mail
2009-01-27 15:53 --------- d--h--w c:\program files\InstallShield Installation Information
2009-01-26 18:05 --------- d-----w c:\program files\Java
2008-11-14 14:08 47,360 ----a-w c:\users\Kaliostro\AppData\Roaming\pcouffin.sys
2008-02-07 02:37 174 --sha-w c:\program files\desktop.ini
.

((((((((((((((((((((((((((((( SnapShot@2009-03-17_19.10.59.20 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-03-18 06:53:05 18,944 ----a-r c:\windows\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF13.exe
+ 2009-03-18 06:53:05 65,024 ----a-r c:\windows\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF15.exe
- 2009-03-17 18:06:52 262,144 --sha-w c:\windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2009-03-18 18:50:14 262,144 --sha-w c:\windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2009-03-18 18:50:14 262,144 ---ha-w c:\windows\ServiceProfiles\LocalService\ntuser.dat .LOG1
- 2009-03-17 18:06:52 262,144 --sha-w c:\windows\ServiceProfiles\NetworkService\NTUSER.D AT
+ 2009-03-18 18:50:14 262,144 --sha-w c:\windows\ServiceProfiles\NetworkService\NTUSER.D AT
+ 2009-03-18 18:50:14 262,144 ---ha-w c:\windows\ServiceProfiles\NetworkService\ntuser.d at.LOG1
- 2009-03-17 17:58:53 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\L ocal\Microsoft\Windows\History\History.IE5\index.d at
+ 2009-03-18 11:18:46 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\L ocal\Microsoft\Windows\History\History.IE5\index.d at
- 2009-03-17 17:58:53 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\L ocal\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-03-18 11:18:46 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\L ocal\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-03-17 17:58:53 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\R oaming\Microsoft\Windows\Cookies\index.dat
+ 2009-03-18 11:18:46 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\R oaming\Microsoft\Windows\Cookies\index.dat
- 2009-03-17 17:11:47 11,854 ----a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-479288212-1475659841-697932167-1000_UserData.bin
+ 2009-03-18 11:25:16 12,212 ----a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-479288212-1475659841-697932167-1000_UserData.bin
- 2009-03-17 17:11:47 84,734 ----a-w c:\windows\System32\WDI\BootPerformanceDiagnostics _SystemData.bin
+ 2009-03-18 11:25:15 85,768 ----a-w c:\windows\System32\WDI\BootPerformanceDiagnostics _SystemData.bin
- 2009-03-17 17:11:46 42,530 ----a-w c:\windows\System32\WDI\ShutdownPerformanceDiagnos tics_SystemData.bin
+ 2009-03-18 11:25:14 42,708 ----a-w c:\windows\System32\WDI\ShutdownPerformanceDiagnos tics_SystemData.bin
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-18 125952]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\I SUSPM.exe" [2004-07-28 221184]
"SUPERAntiSpyware"="d:\programme\SUPERAntiSpyware. exe" [2009-02-17 1830128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"Monitor"="c:\windows\PixArt\PAC207\Monitor.ex e" [2006-11-03 319488]
"avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-07-18 266497]
"SiSTray"="c:\program files\SiS VGA Utilities\SiSTray.exe" [2008-07-29 552960]
"{B179023B-6238-4499-8F26-CD73E9D90E0A}"="c:\program files\Mediafour\MacDrive 7\MacDrive.exe" [2007-07-12 179288]
"MDGetStarted.exe"="c:\program files\Mediafour\MacDrive 7\MDGetStarted.exe" [2007-06-13 139264]
"RtHDVCpl"="RtHDVCpl.exe" [2008-03-20 c:\windows\RtHDVCpl.exe]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Ulead Photo Express SE Calendar Checker.lnk - c:\program files\Ulead Systems\Ulead Photo Express 3.0 SE\CalCheck.exe [2008-03-31 61440]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\system]
"FilterAdministratorToken"= 1 (0x1)
"EnableUIADesktopToggle"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\curr entversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "d:\programme\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 11:05 356352 d:\programme\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.i420"= i420vfw.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\FirewallRules]
"{933F73FE-399D-4178-8A3B-99F1FD0A215B}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{3188866E-AD60-44CB-9505-87A2F97D266F}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{E0A9B4A2-8198-4D41-8950-177685DE2D40}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{FCE068A4-DF26-4CDD-A877-7BA062E4A08B}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{694EA7D0-9349-45EF-B222-70D72FA619C5}c:\\program files\\icq6\\icq.exe"= UDP:c:\program files\icq6\icq.exe:ICQ Library
"UDP Query User{ECEFF289-D6CE-4831-84A6-3E0EEC3D01D1}c:\\program files\\icq6\\icq.exe"= TCP:c:\program files\icq6\icq.exe:ICQ Library
"TCP Query User{498B8F2B-21ED-4892-B67E-B1D63EA2726A}c:\\program files\\ea games\\mohaa\\mohaa.exe"= UDP:c:\program files\ea games\mohaa\mohaa.exe:Medal of Honor Allied Assault(tm)
"UDP Query User{16F3EB8A-91CE-4BD8-BFAF-A7F7FC6C26E7}c:\\program files\\ea games\\mohaa\\mohaa.exe"= TCP:c:\program files\ea games\mohaa\mohaa.exe:Medal of Honor Allied Assault(tm)
"TCP Query User{2A27E9F9-4517-4C2F-BB40-30288444E409}c:\\program files\\icq6\\icq.exe"= UDP:c:\program files\icq6\icq.exe:ICQ Library
"UDP Query User{6A20B932-8EC5-4153-8ACC-AABCF8381B0F}c:\\program files\\icq6\\icq.exe"= TCP:c:\program files\icq6\icq.exe:ICQ Library
"TCP Query User{71F3782E-612C-49AC-923F-3568129C6415}c:\\program files\\real\\realplayer\\realplay.exe"= UDP:c:\program files\real\realplayer\realplay.exe:RealPlayer
"UDP Query User{D9C334D9-571E-4D1C-847D-F3690B00974D}c:\\program files\\real\\realplayer\\realplay.exe"= TCP:c:\program files\real\realplayer\realplay.exe:RealPlayer
"TCP Query User{8A6F13BB-6DBB-4741-A50D-3F6F251177FF}c:\\program files\\veoh networks\\veoh\\veohclient.exe"= UDP:c:\program files\veoh networks\veoh\veohclient.exe:Veoh Client
"UDP Query User{C63BF28C-3F1D-47BF-9588-73FFA2BA3CC3}c:\\program files\\veoh networks\\veoh\\veohclient.exe"= TCP:c:\program files\veoh networks\veoh\veohclient.exe:Veoh Client
"TCP Query User{9BBDDB17-EA69-41EB-874A-B6AF8166AB7C}c:\\program files\\wolfenstein - enemy territory\\et.exe"= UDP:c:\program files\wolfenstein - enemy territory\et.exe:ET
"UDP Query User{EDBBC89F-765A-4300-894F-8556713D2FF8}c:\\program files\\wolfenstein - enemy territory\\et.exe"= TCP:c:\program files\wolfenstein - enemy territory\et.exe:ET
"TCP Query User{8625D0B0-7E41-496F-B8E4-352263D74D02}c:\\program files\\mozilla firefox\\firefox.exe"= UDP:c:\program files\mozilla firefox\firefox.exe:Firefox
"UDP Query User{3F6B06F8-1F03-4FC8-BDB8-7528F619D296}c:\\program files\\mozilla firefox\\firefox.exe"= TCP:c:\program files\mozilla firefox\firefox.exe:Firefox
"TCP Query User{68A49B1A-EB08-46CD-9B79-E3306E6D2929}d:\\quake iii arena\\quake3.exe"= UDP:d:\quake iii arena\quake3.exe:quake3
"UDP Query User{FA23C130-DD10-403B-A10D-E1D67165DA81}d:\\quake iii arena\\quake3.exe"= TCP:d:\quake iii arena\quake3.exe:quake3
"TCP Query User{6F51C6F2-93CF-44FF-940E-D38C75146183}d:\\quake iii arena\\quake3.exe"= UDP:d:\quake iii arena\quake3.exe:quake3
"UDP Query User{7038FD7A-C4E1-42B7-99F1-072E7324850C}d:\\quake iii arena\\quake3.exe"= TCP:d:\quake iii arena\quake3.exe:quake3
"{C1B19692-FE92-461A-80DB-E2483A8AECA1}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{C9CC9B6E-96D2-4373-BD76-55200C4F18A7}c:\\program files\\opera\\opera.exe"= UDP:c:\program files\opera\opera.exe:Opera Internet Browser
"UDP Query User{DF0BE417-44B5-4AC9-9E83-C1ABFF0AC1B9}c:\\program files\\opera\\opera.exe"= TCP:c:\program files\opera\opera.exe:Opera Internet Browser
"TCP Query User{A8CF9247-D86A-4741-B1EA-E7206005409E}c:\\program files\\ubi soft\\xiii\\system\\xiii.exe"= UDP:c:\program files\ubi soft\xiii\system\xiii.exe:XIII
"UDP Query User{9318A090-36C3-4C68-A520-FDDE2E22D803}c:\\program files\\ubi soft\\xiii\\system\\xiii.exe"= TCP:c:\program files\ubi soft\xiii\system\xiii.exe:XIII
"TCP Query User{0E8667C4-4BF4-408E-907C-6C0F25B4DB78}c:\\unrealtournament\\system\\unrealt ournament.exe"= UDP:c:\unrealtournament\system\unrealtournament.ex e:UnrealTournament
"UDP Query User{F200A6C5-F859-4494-A135-B86698ADAE4B}c:\\unrealtournament\\system\\unrealt ournament.exe"= TCP:c:\unrealtournament\system\unrealtournament.ex e:UnrealTournament
"TCP Query User{E3495E3D-A2D0-45DE-A099-A4DBCB68DF09}c:\\users\\kaliostro\\desktop\\ea games\\mohaa\\mohaa.exe"= UDP:c:\users\kaliostro\desktop\ea games\mohaa\mohaa.exe:mohaa.exe
"UDP Query User{7A30B3F2-69D4-448D-9EDE-46ABA54F4528}c:\\users\\kaliostro\\desktop\\ea games\\mohaa\\mohaa.exe"= TCP:c:\users\kaliostro\desktop\ea games\mohaa\mohaa.exe:mohaa.exe
"TCP Query User{14F633D8-DDCD-49FC-B30A-5D8C75AF4BF2}c:\\sierra\\half-life\\hl.exe"= UDP:c:\sierra\half-life\hl.exe:Half-Life Launcher
"UDP Query User{19E473F6-824A-4ACA-A760-C69F5487632F}c:\\sierra\\half-life\\hl.exe"= TCP:c:\sierra\half-life\hl.exe:Half-Life Launcher
"TCP Query User{BAB27C74-D23F-459E-8FC1-A57F6046ED62}d:\\programme\\veoh networks\\veoh\\veohclient.exe"= UDP:d:\programme\veoh networks\veoh\veohclient.exe:Veoh Client
"UDP Query User{A5D9DA52-2970-4153-81C6-5350B076C4AB}d:\\programme\\veoh networks\\veoh\\veohclient.exe"= TCP:d:\programme\veoh networks\veoh\veohclient.exe:Veoh Client
"TCP Query User{5AFF63DB-F5AA-4C23-BDF0-07AC88F8FEB8}d:\\programme\\mirc\\mirc.exe"= UDP:d:\programme\mirc\mirc.exe:mIRC
"UDP Query User{9C4081C5-7B08-4CAC-9EA4-79E134ECB5A6}d:\\programme\\mirc\\mirc.exe"= TCP:d:\programme\mirc\mirc.exe:mIRC
"{AD87B113-3FFC-462E-9B80-B78124FA36DF}"= UDP:c:\program files\Winamp Remote\bin\Orb.exe:Orb
"{4C2A791D-A69E-490F-BD9C-65BAF3B37F64}"= TCP:c:\program files\Winamp Remote\bin\Orb.exe:Orb
"{592EB826-8BDA-4200-BE75-B3899E5AF9A5}"= UDP:c:\program files\Winamp Remote\bin\OrbTray.exe:OrbTray
"{6C721738-F5AE-489E-897C-D59AE23492F6}"= TCP:c:\program files\Winamp Remote\bin\OrbTray.exe:OrbTray
"{5A4122EF-8DC7-40E4-8FB2-E2F6B1DA7F97}"= UDP:c:\program files\Winamp Remote\bin\OrbIR.exe:OrbIR
"{DB5FBEDC-9A2F-4EE6-8FA6-CE19FFCBE2F6}"= TCP:c:\program files\Winamp Remote\bin\OrbIR.exe:OrbIR
"{F7375FAD-248B-4BEB-86F8-87D89C6B9445}"= UDP:c:\program files\Winamp Remote\bin\OrbStreamerClient.exe:Orb Stream Client
"{D96890AC-174B-4418-B658-27428319962A}"= TCP:c:\program files\Winamp Remote\bin\OrbStreamerClient.exe:Orb Stream Client
"TCP Query User{043D873A-F98C-4A80-90BF-578F7700FB4C}d:\\programme\\mirc\\mirc.exe"= UDP:d:\programme\mirc\mirc.exe:mIRC
"UDP Query User{5F8B9F51-7094-4440-BB4F-C9F21F7107DD}d:\\programme\\mirc\\mirc.exe"= TCP:d:\programme\mirc\mirc.exe:mIRC
"{49E023BD-088B-402E-8002-09295AABFA02}"= UDP:c:\program files\Roxio\WinOnCD 8\Digital Home\RoxUpnpServer.exe:Roxio Upnp Service
"{EEE5178F-B3FB-4252-8DB3-C0857C98B9C3}"= TCP:c:\program files\Roxio\WinOnCD 8\Digital Home\RoxUpnpServer.exe:Roxio Upnp Service
"TCP Query User{4FEA05AE-D3DC-44CF-A3A5-243B59A248EC}d:\\spiele\\elite force\\stvoyhm.exe"= UDP:d:\spiele\elite force\stvoyhm.exe:stvoyHM
"UDP Query User{6F8DF20F-65DA-42C8-A7EB-20D7BCBF3F3C}d:\\spiele\\elite force\\stvoyhm.exe"= TCP:d:\spiele\elite force\stvoyhm.exe:stvoyHM
"TCP Query User{7AE395A7-63B3-4518-9D5B-1DD3638CE97F}d:\\spiele\\diablo ii\\game.exe"= UDP:d:\spiele\diablo ii\game.exe

iablo II
"UDP Query User{8D33030B-5937-4C08-B155-53E0C9BD8677}d:\\spiele\\diablo ii\\game.exe"= TCP:d:\spiele\diablo ii\game.exe

iablo II
"{E9A50DD9-DAB0-447D-AE00-A1AAA2953800}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{1F892145-C22C-4683-96A4-ECA979E9CE60}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"TCP Query User{A8FEAAAE-B95B-49C9-BE31-810824D1399D}d:\\programme\\opera\\opera.exe"= UDP:d:\programme\opera\opera.exe:Opera Internet Browser
"UDP Query User{AEEEC34C-13AF-42BE-9838-FF1318ACE30A}d:\\programme\\opera\\opera.exe"= TCP:d:\programme\opera\opera.exe:Opera Internet Browser
"TCP Query User{FCEF905C-F959-4BB3-9175-A54FC1E72859}c:\\users\\kaliostro\\appdata\\local\ \temp\\usmt\\migwiz.exe"= UDP:c:\users\kaliostro\appdata\local\temp\usmt\mig wiz.exe:migwiz.exe
"UDP Query User{33A9D6D1-11D0-4498-81DD-0069F4E9BF0C}c:\\users\\kaliostro\\appdata\\local\ \temp\\usmt\\migwiz.exe"= TCP:c:\users\kaliostro\appdata\local\temp\usmt\mig wiz.exe:migwiz.exe

R0 MDFSYSNT;MacDrive file system driver;c:\windows\System32\drivers\MDFSYSNT.SYS [2007-09-05 277888]
R0 MDPMGRNT;MDPMGRNT;c:\windows\System32\drivers\MDPM GRNT.sys [2007-02-28 19072]
R1 SASDIFSV;SASDIFSV;d:\programme\sasdifsv.sys [2009-02-17 8944]
R1 SASKUTIL;SASKUTIL;d:\programme\SASKUTIL.SYS [2009-02-17 55024]
R2 MacDriveService;MacDriveService;c:\program files\Mediafour\MacDrive 7\MacDriveService.exe [2007-05-01 143360]
R3 SASENUM;SASENUM;d:\programme\SASENUM.SYS [2009-02-17 7408]
R3 SiS6350;SiS6350;c:\windows\System32\drivers\SISGRK MD.sys [2008-08-04 459264]
R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\System32\drivers\SiSGB6.sys [2007-07-04 47616]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\MAGIX\Common\Database\bin\fbserver.exe --> c:\program files\MAGIX\Common\Database\bin\fbserver.exe [?]
S3 PAC207;PC Camer@;c:\windows\System32\drivers\PFC027.SYS [2006-11-20 506112]

--- Andere Dienste/Treiber im Speicher ---

*Deregistered* - sptd
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://xdccing.com/
uInternet Settings,ProxyOverride = *.local
FF - ProfilePath - c:\users\Kaliostro\AppData\Roaming\Mozilla\Firefox \Profiles\n090kpjk.default\
FF - prefs.js: browser.startup.homepage - kwick.de
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Opera\program\plugins\npdivx32.dll
FF - plugin: d:\programme\DivX\DivX Content Uploader\npUpload.dll
FF - plugin: d:\programme\DivX\DivX Player\npDivxPlayerPlugin.dll
.

************************************************** ************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-18 19:50:22
Windows 6.0.6001 Service Pack 1 NTFS

Scanne versteckte Prozesse...

Scanne versteckte Autostarteinträge...

Scanne versteckte Dateien...

Scan erfolgreich abgeschlossen
versteckte Dateien: 0

************************************************** ************************
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\System32\audiodg.exe
d:\programme\Ad-Aware\aawservice.exe
c:\program files\Avira\AntiVir PersonalEdition Classic\avguard.exe
c:\program files\Avira\AntiVir PersonalEdition Classic\sched.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\CDBurnerXP\NMSAccessU.exe
c:\windows\System32\conime.exe
c:\windows\ehome\ehmsas.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\servicing\TrustedInstaller.exe
.
************************************************** ************************
.
Zeit der Fertigstellung: 2009-03-18 19:56:20 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2009-03-18 18:56:15
ComboFix2.txt 2009-03-17 18:13:14

Vor Suchlauf: 18 Verzeichnis(se), 10.014.797.824 Bytes frei
Nach Suchlauf: 9,693,102,080 Bytes frei

236 --- E O F --- 2009-03-14 16:16:59

IchGoogleAlles · 18.03.2009, 21:36

1.) Deinstalliere SuperAntiSpyware und AdAware.

2.) Erstelle eine Liste, der installierten Programme:

Starte HijackThis
Klick "open the Misc Tools section"
Klick "Open Uninstall Manager"
Klick "Save List" (jetzt wird eine uninstall_list.txt im Ordner HiJackThis angelegt.)
Diese Datei öffnest du, und kopiertst ihren Inhalt hier in deinem Thread.

3.) Überprüfe Dein komplettes System mit dem Kaspersky Online-Scanner. Bitte während des Scans alle evtl. vorhandenen externen Festplatten einschalten/anschließen. Außerdem während des Scans alle Hintergrundwächter (Anti-Virus-Programm, Firewall, Skriptblocking und ähnliche) abstellen und nicht vergessen, sie hinterher wieder einzuschalten.

Kaspersky Online Scanner
- Anmerkung für Vista-User: Bitte den Browser unbedingt als Administrator starten.
- Java muss installiert, aktiv und erlaubt sein.
- Bebilderte Anleitung von sundavis.
- Dieser Scanner entfernt die Funde nicht, gibt aber einen guten Überblick.
- Wir werden Dir helfen, die Funde manuell vom System zu entfernen.
- Die Datenschutzerklärung akzeptieren.
- Programm installieren lassen.
- Update der Signaturen installieren lassen.
- Wenn der Status "Complete" ist,
- Scan-Einstellungen (Settings) Standard lassen
- Links den Link "My Computer" anklicken.
- Scan beginnt automatisch.
- Wenn der Scan fertig ist, auf "View scan report" klicken,
- "Save report as" und Dateityp auf .txt umstellen,
- und auf dem Desktop als Kaspersky.txt speichern.
- Logdatei hier posten.
- Deinstallation ist nicht nötig, alle Dateien werden in temporären Ordnern gespeichert.

ciao, andreas

Kaliostro · 19.03.2009, 02:38

Programm-Liste:

Ad-Aware
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)
Adobe Flash Player 10 Plugin
Adobe Flash Player ActiveX
Adobe Reader 8.1.2 - Deutsch
AIMP2
Apple Mobile Device Support
Apple Software Update
Ashampoo Burning Studio 6
Avidemux 2.4
Avira AntiVir Personal - Free Antivirus
Bonjour
CCleaner (remove only)
CDBurnerXP
Deutsch (NEO ergonomisch 1.1)
DivX Converter
DivX Player
DivX Web Player
Free YouTube Download 2.2
Free YouTube to Mp3 Converter version 3.1
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
ICQ6
iTunes
Java(TM) 6 Update 11
Java(TM) 6 Update 5
Java(TM) 6 Update 7
K-Lite Codec Pack 4.4.5 (Full)
MacDrive 7
Malwarebytes' Anti-Malware
Messenger Plus! Live
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft Visual C++ 2005 Redistributable
mIRC
Mozilla Firefox (3.0.7)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
OpenOffice.org 3.0
Opera 9.64
PC Camer@
QuickTime
RealPlayer
Realtek High Definition Audio Driver
SiS VGA Utilities
Starcraft
Text-To-Speech-Runtime
Ulead Photo Express 3.0 SE
Ulead PhotoImpact 7
Uninstall 1.0.0.1
VDMSound
Windows Driver Package - Silicon Integrated Systems Corp.(1.11.03) (SIS163u) Net (05/07/2007 6.0.1039.1110)
Windows Live Messenger
Windows Media Player Firefox Plugin
WinRAR
Wireless LAN Driver

Kaspersky-Scan-Report:
--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Thursday, March 19, 2009
Operating System: Microsoft Windows Vista Ultimate Edition, 32-bit Service Pack 1 (build 6001)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Wednesday, March 18, 2009 22:29:54
Records in database: 1930582
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\
F:\

Scan statistics:
Files scanned: 119475
Threat name: 2
Infected objects: 2
Suspicious objects: 0
Duration of the scan: 01:35:47

File name / Threat name / Threats count
C:\Qoobox\Quarantine\C\Program Files\Mozilla Firefox\components\iamfamous.dll.vir Infected: Packed.Win32.Tdss.c 1
C:\Qoobox\Quarantine\C\resycled\boot.com.vir Infected: Rootkit.Win32.TDSS.nyn 1

The selected area was scanned.

-----Doppelpost zusammengeführt am 19.3.2009 um 01:41:46-----

Ad-Aware hatte ich vorhin vergessen zu deinstallieren, ich hab die Scans bevor ich das Programm gelöscht habe gemacht. Muss ich die nochmal durchführen?