Malware entfernen?

eos · 22.07.2010

Hi, ein Bekannter hat mir sein NB gebracht - das hatte er verliehen und nun ist dieses Biest drauf
Antivir Solution Pro
Neuinstallation erforderlich?HuhHuh?
Oder kann ich es versuchen zu bereinigen?
Er sagt, dass er keine wichtigen Daten auf der Platte hat - aber Acer - nicht mal RecoveryDVD........Vista HP32. Soll ich platt machen?

tschaang · 22.07.2010

Antivir Solution Pro entfernen

http://www.trojaner-board.de/88188-antivir-solution-pro-entfernen.html

schrauber · 22.07.2010

Hi

http://www.wintotal-forum.de/index.php/topic,147847.0.html#post_otl

CustomScan mit OTL

Starte bitte die OTL.exe.
Vista und Windows 7 User: Rechtsklick auf die OTL.exe und als Administrator ausführen wählen.
Kopiere nun den Inhalt in die

Textbox.

Code:

netsvcs
%SYSTEMDRIVE%\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\drivers\*.sys /90

Schließe alle Programme. (Wichtig)
Klicke auf den Quick Scan Button.
Klick auf

.
Kopiere den Inhalt aus OTL.txt und Extras.txt hier in Deinen Thread.

=========

http://www.wintotal-forum.de/index.php/topic,147847.0.html#post_gm

Gmer bitte nach Anleitung laufen lassen und das Logfile hier posten

===========

http://www.bleepingcomputer.com/forums/index.php?showtopic=324806&view=findpost&p=1848420

Bitte MBRCheck laden und laufen lassen. Falls Probleme mit dem englischen Text bestehen einfach Bescheid geben.

Und alle Logfiles bitte in Spoiler-Tags posten

eos · 22.07.2010

Mach es nachher - bin total im Stress - mein Banking-Programm will nicht mehr starten und ich brauch es dringend!
Bitte habt Geduld mit Oma......

tschaang · 22.07.2010

eos schrieb:
Mach es nachher - bin total im Stress - mein Banking-Programm will nicht mehr starten und ich brauch es dringend!
Bitte habt Geduld mit Oma......

;D ;D ;D

eos · 23.07.2010

Dauert alles noch - habe 3 Baustellen - und alles dauuuuuuuuuert.....

Der Ausleihende war so freundlich, dem Besitzer ungefragt alle mögliche Software zu installieren - fremden Drucker, Apple-Sachen und und und
Habe das alles erstmal entfernt - und SP2 installiert usw.

Bin jetzt soweit, dass ich OTL laufen lassen kann - nur verstellt es sich nach Beginn des QuickScan - zB

Unter Extra Registry, wähle bitte Use SafeList

setzt sich zurück - Scanzeitraum geht auf 90 Tage und rechts unten sind in beiden Kästchen Haken drin........
Und nach Neustart hatte sich das böse Teil wieder gemeldet mit Warnungen und Aufforderung zu neuer Installation der ProVersion - danach ging erstmal wieder nix - konnte nicht mal ne Textdatei dauerhaft offen halten - es nervt!!!!!!!!

Ich versuch es trotzdem brav weiter - denn ohne das KaufMalwarezeug lief gar nix mehr - keine einzige exe ging - man konnte NICHTS machen.
Ich nenn sowas mal doch kriminell. Erpressung zur Installation und Kauf von Malware für Basisversion 50 - die läuft aber nur mit Upgrade auf Pro für 70 Piepen. Toll - grrrrrrrrrrrr

eos · 23.07.2010

So - erster Lauf von OTL - Ergebnisse

OTL logfile created on: 23.07.2010 04:51:57 - Run 2
OTL by OldTimer - Version 3.2.9.1 Folder = C:\Users\user\Desktop\AntiMalware
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18928)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 65,00% Memory free
7,00 Gb Paging File | 6,00 Gb Available in Paging File | 84,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 144,04 Gb Total Space | 115,56 Gb Free Space | 80,22% Space Free | Partition Type: NTFS
Drive D: | 140,50 Gb Total Space | 140,39 Gb Free Space | 99,92% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: USER-PC
Current User Name: user
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Minimal
Quick Scan

========== Processes (SafeList) ==========

PRC - C:\Users\user\Desktop\AntiMalware\OTL.exe (OldTimer Tools)
PRC - C:\Users\user\AppData\Local\ickmfiqrv\qorcibltssd.exe ()
PRC - C:\Programme\Internet Explorer\iexplore.exe (Microsoft Corporation)
PRC - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
PRC - C:\Users\user\AppData\Local\Temp\RtkBtMnt.exe (Realtek Semiconductor Corp.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Acer\Empowering Technology\eAudio\eAudio.exe (Acer Incorporated)
PRC - C:\Programme\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe (CyberLink)
PRC - C:\Programme\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe (CyberLink Corp.)
PRC - C:\Programme\Acer Arcade Deluxe\PlayMovie\PMVService.exe (Acer Corp.)
PRC - C:\Programme\Acer\Empowering Technology\ePower\ePower_DMC.exe (Acer Inc.)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Programme\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe (NewTech InfoSystems, Inc.)
PRC - C:\Programme\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe ()
PRC - C:\Programme\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe ()
PRC - C:\Programme\Acer\Empowering Technology\Service\ETService.exe ()
PRC - C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe (Egis Incorporated)
PRC - C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe (Egis Incorporated)
PRC - C:\Programme\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe (NewTech Infosystems, Inc.)
PRC - C:\Programme\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe ()
PRC - C:\ACER\Mobility Center\MobilityService.exe ()
PRC - C:\Windows\PLFSetI.exe ()

========== Modules (SafeList) ==========

MOD - C:\Users\user\Desktop\AntiMalware\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll (Microsoft Corporation)
MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation)

========== Win32 Services (SafeList) ==========

SRV - (WPFFontCache_v0400) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe (Microsoft Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation)
SRV - (NTIBackupSvc) -- C:\Programme\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe (NewTech InfoSystems, Inc.)
SRV - (NTISchedulerSvc) -- C:\Programme\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe ()
SRV - (ETService) -- C:\Programme\Acer\Empowering Technology\Service\ETService.exe ()
SRV - (eDataSecurity Service) -- C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe (Egis Incorporated)
SRV - (BUNAgentSvc) -- C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe (NewTech Infosystems, Inc.)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (CLHNService) -- C:\Programme\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe ()
SRV - (MobilityService) -- C:\Acer\Mobility Center\MobilityService.exe ()

========== Driver Services (SafeList) ==========

DRV - (NwlnkFwd) -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- C:\Windows\System32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- C:\Windows\System32\DRIVERS\ipinip.sys File not found
DRV - (DritekPortIO) -- C:\PROGRA~1\LAUNCH~1\DPortIO.sys File not found
DRV - (hwdatacard) -- C:\Windows\System32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
DRV - (hwusbdev) -- C:\Windows\System32\drivers\ewusbdev.sys (Huawei Technologies Co., Ltd.)
DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (JMCR) -- C:\Windows\System32\drivers\jmcr.sys (JMicron Technology Corp.)
DRV - (usbfilter) -- C:\Windows\System32\drivers\usbfilter.sys (Advanced Micro Devices Inc.)
DRV - (ahcix86s) -- C:\Windows\system32\DRIVERS\ahcix86s.sys (AMD Technologies Inc.)
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
DRV - ({49DE1C67-83F8-4102-99E0-C16DCC7EEC796}) -- C:\Programme\Acer Arcade Deluxe\PlayMovie\000.fcl (Cyberlink Corp.)
DRV - (enecir) -- C:\Windows\System32\drivers\enecir.sys (ENE TECHNOLOGY INC.)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.)
DRV - (AtiPcie) ATI PCI Express (3GIO) -- C:\Windows\system32\DRIVERS\AtiPcie.sys (ATI Technologies Inc.)
DRV - (b57nd60x) -- C:\Windows\System32\drivers\b57nd60x.sys (Broadcom Corporation)
DRV - (HSF_DPV) -- C:\Windows\System32\drivers\HSX_DPV.sys (Conexant Systems, Inc.)
DRV - (HSXHWAZL) -- C:\Windows\System32\drivers\HSXHWAZL.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\Windows\System32\drivers\HSX_CNXT.sys (Conexant Systems, Inc.)
DRV - (int15) -- C:\Windows\System32\drivers\int15.sys (Acer, Inc.)
DRV - (psdvdisk) -- C:\Windows\System32\drivers\PSDVdisk.sys (Egis Incorporated)
DRV - (PSDNServ) -- C:\Windows\System32\drivers\PSDNServ.sys (Egis Incorporated)
DRV - (PSDFilter) -- C:\Windows\system32\DRIVERS\psdfilter.sys (Egis Incorporated)
DRV - (RTHDMIAzAudService) -- C:\Windows\System32\drivers\RtHDMIV.sys (Realtek Semiconductor Corp.)
DRV - (ApfiltrService) -- C:\Windows\System32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV - (NTIDrvr) -- C:\Windows\System32\drivers\NTIDrvr.sys (NewTech Infosystems, Inc.)
DRV - (UBHelper) -- C:\Windows\System32\drivers\UBHelper.sys (NewTech Infosystems Corporation)
DRV - (MegaSR) -- C:\Windows\system32\drivers\megasr.sys (LSI Corporation, Inc.)
DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Corporation)
DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)
DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (HSFHWAZL) -- C:\Windows\System32\drivers\VSTAZL3.SYS (Conexant Systems, Inc.)
DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (NTIPPKernel) -- C:\Programme\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\NTIPPKernel.sys (Cyberlink Corp.)
DRV - (BCM43XX) -- C:\Windows\System32\drivers\BCMWL6.SYS (Broadcom Corp.)
DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio.sys (Conexant Systems, Inc.)
DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://de.intl.acer.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://de.intl.acer.yahoo.com

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: ProxyEnable = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: ProxyEnable = 0

IE - HKU\S-1-5-21-772419714-465867292-1252962964-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=0908&m=aspire_5530
IE - HKU\S-1-5-21-772419714-465867292-1252962964-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://global.acer.com [binary data]
IE - HKU\S-1-5-21-772419714-465867292-1252962964-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKU\S-1-5-21-772419714-465867292-1252962964-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-772419714-465867292-1252962964-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://google.de/
IE - HKU\S-1-5-21-772419714-465867292-1252962964-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-772419714-465867292-1252962964-1000\..\URLSearchHook: {EEE6C35D-6118-11DC-9C72-001320C79847} - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-772419714-465867292-1252962964-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: ProxyEnable = 0

FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010.01.07 18:47:20 | 000,000,000 | ---D | M]

eos · 23.07.2010

O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Programme\HP\Digital Imaging\smart web printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
O2 - BHO: (ShowBarObj Class) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll (Egis)
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Programme\HP\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
O3 - HKU\S-1-5-21-772419714-465867292-1252962964-1000\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
O4 - HKLM..\Run: [ArcadeDeluxeAgent] C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [BkupTray] C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe ()
O4 - HKLM..\Run: [CLMLServer] C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [eAudio] C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe (Acer Incorporated)
O4 - HKLM..\Run: [eDataSecurity Loader] C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe (Egis Incorporated)
O4 - HKLM..\Run: [ePower_DMC] C:\Programme\Acer\Empowering Technology\ePower\ePower_DMC.exe (Acer Inc.)
O4 - HKLM..\Run: [eRecoveryService] File not found
O4 - HKLM..\Run: [PlayMovie] C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe (Acer Corp.)
O4 - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe ()
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Skytel] C:\Windows\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [WarReg_PopUp] C:\Programme\Acer\WR_PopUp\WarReg_PopUp.exe (Acer Incorporated)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-772419714-465867292-1252962964-1000..\Run: [{12239928-8A3D-80EC-268D-D5669DDAD859}] C:\Users\user\AppData\Roaming\Axazeg\qefyu.exe File not found
O4 - HKU\S-1-5-21-772419714-465867292-1252962964-1000..\Run: [AVSolution] C:\Program Files\Antivir Solution Basic\avsolution.exe ()
O4 - HKU\S-1-5-21-772419714-465867292-1252962964-1000..\Run: [excqvjfl] C:\Users\user\AppData\Local\ickmfiqrv\qorcibltssd.exe ()
O4 - HKU\S-1-5-21-772419714-465867292-1252962964-1000..\Run: [userinit] C:\Users\user\AppData\Roaming\sdra64.exe File not found
O9 - Extra Button: HP Smart Web Printing ein- oder ausblenden - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Programme\HP\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash5r42.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - explorer.exe ()
O24 - Desktop WallPaper: C:\Users\user\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\user\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{3ba57094-ea6a-11de-9d63-001eec5c8dc0}\Shell - = AutoRun
O33 - MountPoints2\{3ba57094-ea6a-11de-9d63-001eec5c8dc0}\Shell\AutoRun\command - = F:\NokiaPCIA_Autorun.exe -- File not found
O33 - MountPoints2\{f1af926a-b5c1-11de-aa57-001eec5c8dc0}\Shell - = AutoRun
O33 - MountPoints2\{f1af926a-b5c1-11de-aa57-001eec5c8dc0}\Shell\AutoRun\command - = F:\AutoRun.exe -- File not found
O33 - MountPoints2\{f1af9279-b5c1-11de-aa57-001eec5c8dc0}\Shell - = AutoRun
O33 - MountPoints2\{f1af9279-b5c1-11de-aa57-001eec5c8dc0}\Shell\AutoRun\command - = F:\AutoRun.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- %1 %*
O35 - HKLM\..exefile [open] -- %1 %*
O37 - HKLM\...com [@ = comfile] -- %1 %*
O37 - HKLM\...exe [@ = exefile] -- %1 %*

========== Files/Folders - Created Within 90 Days ==========

[2010.07.23 04:25:05 | 000,000,000 | ---D | C] -- C:\Programme\Windows Portable Devices
[2010.07.23 04:04:26 | 000,000,000 | ---D | C] -- C:\Programme\7-Zip
[2010.07.23 04:00:55 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Java
[2010.07.23 04:00:27 | 000,153,376 | ---- | C] (Oracle) -- C:\Windows\System32\javaws.exe
[2010.07.23 04:00:27 | 000,145,184 | ---- | C] (Oracle) -- C:\Windows\System32\javaw.exe
[2010.07.23 04:00:27 | 000,145,184 | ---- | C] (Oracle) -- C:\Windows\System32\java.exe
[2010.07.23 03:58:03 | 000,000,000 | ---D | C] -- C:\Programme\Unlocker
[2010.07.23 03:57:02 | 000,000,000 | ---D | C] -- C:\Users\user\Desktop\AntiMalware
[2010.07.23 01:36:55 | 000,000,000 | ---D | C] -- C:\Users\user\Desktop\LOGS
[2010.07.23 00:50:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2010.07.23 00:50:33 | 000,423,656 | ---- | C] (Oracle) -- C:\Windows\System32\deployJava1.dll
[2010.07.22 22:20:14 | 000,000,000 | ---D | C] -- C:\Windows\System32\vi-VN
[2010.07.22 22:20:14 | 000,000,000 | ---D | C] -- C:\Windows\System32\eu-ES
[2010.07.22 22:20:14 | 000,000,000 | ---D | C] -- C:\Windows\System32\ca-ES
[2010.07.22 21:26:45 | 000,000,000 | ---D | C] -- C:\Windows\System32\EventProviders
[2010.07.22 20:48:23 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft Silverlight
[2010.07.22 18:44:05 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\Seven Zip
[2010.07.22 18:09:13 | 000,000,000 | ---D | C] -- C:\Programme\Antivir Solution Basic
[2010.07.22 16:29:49 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\ickmfiqrv
[2010.07.21 18:15:11 | 000,000,000 | -HSD | C] -- C:\Users\user\AppData\Roaming\lowsec
[2010.07.14 16:36:31 | 000,000,000 | ---D | C] -- C:\Windows\Hewlett-Packard
[2010.06.09 17:06:56 | 000,000,000 | ---D | C] -- C:\Programme\SweetIM
[2010.05.29 16:16:33 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\PX Storage Engine
[2008.07.22 10:01:25 | 000,049,152 | ---- | C] ( ) -- C:\Windows\Interop.IWshRuntimeLibrary.dll

========== Files - Modified Within 90 Days ==========

[2010.07.23 04:52:37 | 000,767,488 | ---- | M] () -- C:\Windows\System32\drivers\jqmghmj.sys
[2010.07.23 04:51:53 | 002,621,440 | -HS- | M] () -- C:\Users\user\NTUSER.DAT
[2010.07.23 04:38:36 | 000,000,916 | ---- | M] () -- C:\Users\Public\Desktop\Antivir Solution Basic.lnk
[2010.07.23 04:34:29 | 001,445,310 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010.07.23 04:34:29 | 000,628,742 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2010.07.23 04:34:29 | 000,595,996 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010.07.23 04:34:29 | 000,126,454 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2010.07.23 04:34:29 | 000,104,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010.07.23 04:28:19 | 000,000,000 | ---- | M] () -- C:\Windows\System32\LogConfigTemp.xml
[2010.07.23 04:28:01 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010.07.23 04:28:01 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010.07.23 04:27:59 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010.07.23 04:27:49 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.07.23 04:24:59 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
[2010.07.23 04:24:44 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_07_00.Wdf
[2010.07.23 04:24:39 | 000,524,288 | -HS- | M] () -- C:\Users\user\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2010.07.23 04:24:39 | 000,065,536 | -HS- | M] () -- C:\Users\user\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2010.07.23 04:24:36 | 002,447,281 | -H-- | M] () -- C:\Users\user\AppData\Local\IconCache.db
[2010.07.23 04:01:51 | 000,000,201 | ---- | M] () -- C:\Users\user\Desktop\Startup - Verknüpfung.lnk
[2010.07.23 04:00:15 | 000,423,656 | ---- | M] (Oracle) -- C:\Windows\System32\deployJava1.dll
[2010.07.23 04:00:15 | 000,153,376 | ---- | M] (Oracle) -- C:\Windows\System32\javaws.exe
[2010.07.23 04:00:15 | 000,145,184 | ---- | M] (Oracle) -- C:\Windows\System32\javaw.exe
[2010.07.23 04:00:15 | 000,145,184 | ---- | M] (Oracle) -- C:\Windows\System32\java.exe
[2010.07.23 00:46:56 | 000,000,134 | ---- | M] () -- C:\Users\user\Desktop\Java - Verknüpfung.lnk
[2010.07.22 22:24:40 | 000,296,648 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010.07.22 20:43:26 | 000,000,134 | ---- | M] () -- C:\Users\user\Desktop\System - Verknüpfung.lnk
[2010.07.22 20:43:15 | 000,000,134 | ---- | M] () -- C:\Users\user\Desktop\Programme und Funktionen - Verknüpfung.lnk
[2010.07.22 20:43:01 | 000,000,134 | ---- | M] () -- C:\Users\user\Desktop\Geräte-Manager - Verknüpfung.lnk
[2010.07.22 19:47:14 | 000,000,527 | ---- | M] () -- C:\Users\user\Desktop\Temp - Verknüpfung (2).lnk
[2010.07.22 19:16:47 | 000,000,798 | ---- | M] () -- C:\Users\user\Desktop\Temp - Verknüpfung.lnk
[2010.07.22 19:10:07 | 000,071,400 | ---- | M] () -- C:\Users\user\AppData\Local\GDIPFONTCACHEV1.DAT
[2010.07.22 17:27:53 | 000,000,104 | ---- | M] () -- C:\Users\user\Desktop\Computer - Verknüpfung.lnk
[2010.07.01 17:21:09 | 000,001,832 | ---- | M] () -- C:\Users\user\Desktop\Cyberlink PowerDirector.lnk
[2010.06.29 17:40:10 | 000,005,632 | ---- | M] () -- C:\Users\user\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.05.29 16:16:33 | 000,001,978 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Photoshop Lightroom 2.6.lnk
[2010.05.04 04:58:45 | 000,057,667 | ---- | M] () -- C:\Windows\System32\ieuinit.inf
[2010.04.24 14:30:43 | 000,000,486 | ---- | M] () -- C:\Users\user\Documents\message-delivery-status-attachment

========== Files Created - No Company Name ==========

[2010.07.23 04:38:36 | 000,000,916 | ---- | C] () -- C:\Users\Public\Desktop\Antivir Solution Basic.lnk
[2010.07.23 04:24:59 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
[2010.07.23 04:24:44 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_07_00.Wdf
[2010.07.23 04:01:51 | 000,000,201 | ---- | C] () -- C:\Users\user\Desktop\Startup - Verknüpfung.lnk
[2010.07.23 04:01:21 | 000,081,920 | ---- | C] () -- C:\Windows\System32\Startup.cpl
[2010.07.23 00:46:56 | 000,000,134 | ---- | C] () -- C:\Users\user\Desktop\Java - Verknüpfung.lnk
[2010.07.22 20:47:03 | 000,057,667 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2010.07.22 20:43:26 | 000,000,134 | ---- | C] () -- C:\Users\user\Desktop\System - Verknüpfung.lnk
[2010.07.22 20:43:15 | 000,000,134 | ---- | C] () -- C:\Users\user\Desktop\Programme und Funktionen - Verknüpfung.lnk
[2010.07.22 20:43:01 | 000,000,134 | ---- | C] () -- C:\Users\user\Desktop\Geräte-Manager - Verknüpfung.lnk
[2010.07.22 19:47:14 | 000,000,527 | ---- | C] () -- C:\Users\user\Desktop\Temp - Verknüpfung (2).lnk
[2010.07.22 19:16:47 | 000,000,798 | ---- | C] () -- C:\Users\user\Desktop\Temp - Verknüpfung.lnk
[2010.07.22 17:27:53 | 000,000,104 | ---- | C] () -- C:\Users\user\Desktop\Computer - Verknüpfung.lnk
[2010.07.22 16:30:52 | 000,767,488 | ---- | C] () -- C:\Windows\System32\drivers\jqmghmj.sys
[2010.05.29 16:16:33 | 000,001,978 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Photoshop Lightroom 2.6.lnk
[2010.04.24 14:30:42 | 000,000,486 | ---- | C] () -- C:\Users\user\Documents\message-delivery-status-attachment
[2009.09.11 18:21:55 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009.04.21 18:39:54 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini
[2009.04.21 18:39:10 | 000,000,025 | ---- | C] () -- C:\Windows\CSES20.ini
[2008.09.30 06:48:32 | 000,626,688 | ---- | C] () -- C:\Windows\Image.dll
[2008.09.30 06:48:32 | 000,000,036 | ---- | C] () -- C:\Windows\PidList.ini
[2008.08.21 08:05:45 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2008.05.21 00:20:54 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIOFM4.dll
[2008.05.21 00:20:54 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIBUN5.dll
[2008.05.20 23:20:51 | 000,204,800 | ---- | C] () -- C:\Windows\System32\SysHook.dll
[2008.05.20 23:15:50 | 000,487,424 | ---- | C] () -- C:\Windows\System32\INT15.dll
[2008.05.20 22:59:29 | 000,001,694 | ---- | C] () -- C:\Windows\RtDefLvl.ini
[2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2001.12.26 16:12:30 | 000,065,536 | ---- | C] () -- C:\Windows\System32\multiplex_vcd.dll
[2001.09.03 23:46:38 | 000,110,592 | ---- | C] () -- C:\Windows\System32\Hmpg12.dll
[2001.07.30 16:33:56 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC.dll
[2001.07.23 22:04:36 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC_MMX.dll

========== LOP Check ==========

[2008.05.20 23:42:38 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Acer GameZone Console
[2010.07.09 16:31:07 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Axazeg
[2009.04.23 16:16:58 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\eSobi
[2010.07.22 19:09:39 | 000,000,000 | -HSD | M] -- C:\Users\user\AppData\Roaming\lowsec
[2009.04.21 19:01:04 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Template
[2010.07.06 20:29:00 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Xaum
[2010.07.23 04:25:15 | 000,032,628 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >
[2006.09.18 23:43:36 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
[2009.04.11 08:36:36 | 000,333,257 | RHS- | M] () -- C:\bootmgr
[2008.05.21 08:34:21 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK
[2006.09.18 23:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys
[2008.09.30 07:55:19 | 000,000,020 | ---- | M] () -- C:\Medion.ini
[2010.07.23 04:26:41 | 3768,049,664 | -HS- | M] () -- C:\pagefile.sys
[2008.09.30 07:49:28 | 000,000,060 | ---- | M] () -- C:\Partition.txt
[2008.05.20 23:00:53 | 000,000,650 | ---- | M] () -- C:\RHDSetup.log

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2008.07.08 17:26:16 | 000,421,888 | ---- | M] (Advanced Micro Devices, Inc.) Unable to obtain MD5 -- C:\Windows\System32\ATIDEMGX.dll
[2009.04.11 08:27:47 | 000,241,128 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\rsaenh.dll
[2009.04.11 08:28:23 | 000,228,352 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\SLC.dll

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2008.01.21 05:14:18 | 016,846,848 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2008.01.21 05:14:08 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2008.01.21 05:14:18 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006.11.02 12:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006.11.02 12:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

< %systemroot%\system32\drivers\*.sys /90 >
[2010.07.23 04:55:04 | 000,767,488 | ---- | M] () -- C:\Windows\System32\drivers\jqmghmj.sys

========== Alternate Data Streams ==========

@Alternate Data Stream - 64 bytes -> C:\Users\user\Documents\TruckersinPolen.mpg:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\user\Documents\tier-sex.mpeg:TOC.WMV
< End of report >

eos · 23.07.2010

Hier die Extras

OTL Extras logfile created on: 23.07.2010 04:51:57 - Run 2
OTL by OldTimer - Version 3.2.9.1 Folder = C:\Users\user\Desktop\AntiMalware
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18928)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 65,00% Memory free
7,00 Gb Paging File | 6,00 Gb Available in Paging File | 84,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 144,04 Gb Total Space | 115,56 Gb Free Space | 80,22% Space Free | Partition Type: NTFS
Drive D: | 140,50 Gb Total Space | 140,39 Gb Free Space | 99,92% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: USER-PC
Current User Name: user
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Minimal
Quick Scan

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- %1 %*
cmdfile [open] -- %1 %*
comfile [open] -- %1 %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe %1,%* (Microsoft Corporation)
exefile [open] -- %1 %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML %1
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe %1 (Microsoft Corporation)
piffile [open] -- %1 %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- %1
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- %1 /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd %V (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [runas] -- cmd.exe /k takeown /f %1 /r /d j && icacls %1 /grant administratoren:F /t (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
cval = 1
AntiVirusDisableNotify = 0
AntiVirusOverride = 0
UpdatesDisableNotify = 0
FirstRunDisabled = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
DisableMonitoring = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
AntiVirusOverride = 0
AntiSpywareOverride = 0
FirewallOverride = 0
VistaSp1 = Reg Error: Unknown registry data type -- File not found
VistaSp2 = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-772419714-465867292-1252962964-1000]
EnableNotifications = 0
EnableNotificationsRef = 2

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
EnableFirewall = 1
DisableNotifications = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
EnableFirewall = 1
DisableNotifications = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
EnableFirewall = 1
DisableNotifications = 0

========== Authorized Applications List ==========

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
{0FBDCDB9-F380-4520-A8CB-C034C7CA4A63} = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\client\agentsvc.exe |
{10B8FC8B-1E2A-474F-88B5-1D185C009437} = dir=in | app=c:\program files\hp\hp software update\hpwucli.exe |
{13DE1542-C1CE-4DFF-94F0-BD704E111E66} = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\client\agentsvc.exe |
{1A3B5D4C-0CDF-4ECE-8B17-25AC4CB85BF7} = dir=in | app=c:\program files\hp\digital imaging\bin\hpqtra08.exe |
{24DC5CB8-203B-407E-B201-F1546FEC58DA} = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe |
{26894E16-EA26-4AB5-90C4-D77BBAC908C7} = dir=in | app=c:\program files\hp\digital imaging\smart web printing\smartwebprintexe.exe |
{2BE4001C-57D3-4D7D-A865-0522CD79E0F0} = dir=in | app=c:\program files\acer arcade deluxe\playmovie\playmovie.exe |
{34E8E5D4-6F8B-44F8-8086-B96DFA171DAD} = dir=in | app=c:\program files\acer arcade deluxe\acer arcade deluxe\acer arcade deluxe.exe |
{3676BA2E-F21A-4965-8B37-EA9A16A27B7F} = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgpc01.exe |
{48EFE0A7-2A72-4172-BEA8-6CC6577F73B6} = dir=in | app=c:\program files\acer arcade deluxe\playmovie\pmvservice.exe |
{5CE31F69-2E47-464F-B52F-AE4E6145DBAF} = protocol=6 | dir=in | app=c:\users\user\appdata\local\microsoft\windows\temporary internet files\content.ie5\3lfc1uzr\sweetimsetup[1].exe |
{5D09B968-7EAF-4953-851F-98A48440CDD1} = dir=in | app=c:\program files\hp\digital imaging\bin\hpoews01.exe |
{616C5AD6-1C20-44B2-8968-3BB3D5A67497} = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgplgtupl.exe |
{639E9FA3-F1A9-4B1B-B4D8-96F3FC2ABB2C} = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgh.exe |
{6F79610E-F3A4-4FB3-8B9D-CAE11FBE57F7} = protocol=17 | dir=in | app=c:\users\user\appdata\local\microsoft\windows\temporary internet files\content.ie5\3lfc1uzr\sweetimsetup[1].exe |
{70776BD7-A543-477E-A80B-847500D0180D} = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe |
{957512EE-4688-470F-86D8-6C2353D8ED56} = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe |
{B83EE49C-839E-4A26-A4FD-7525A3FF049C} = dir=in | app=c:\program files\hp\digital imaging\bin\hpqste08.exe |
{C5C32A12-689F-430F-B7BF-BCD7CEF536A6} = dir=in | app=c:\program files\common files\hp\digital imaging\bin\hpqphotocrm.exe |
{CB2E9942-304A-47DA-81ED-BAD46CCB22BF} = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe |
{DFC6D5F5-FAC5-488E-9F33-E359CDA82BC7} = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgm.exe |
{E0A303B7-4CBC-4EF4-9BAA-50A2EDD00E82} = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe |
{F3F36A31-F98F-4C57-B103-8C1BC24C5C5D} = dir=in | app=c:\program files\hp\digital imaging\bin\hposid01.exe |
{F92615D4-AA45-49CC-8CD2-2AF59A36BD7C} = dir=in | app=c:\program files\acer arcade deluxe\homemedia\homemedia.exe |
TCP Query User{392177FB-F1B3-41D8-AF34-73BAA44266CC}C:\windows\explorer.exe = protocol=6 | dir=in | app=c:\windows\explorer.exe |
TCP Query User{39788365-BB78-44D5-8C69-5725A5999871}C:\windows\explorer.exe = protocol=6 | dir=in | app=c:\windows\explorer.exe |
UDP Query User{73B75E14-51A7-4614-96B4-5DDE8943008E}C:\windows\explorer.exe = protocol=17 | dir=in | app=c:\windows\explorer.exe |
UDP Query User{DF91BF52-6E6C-410D-929C-8CAF170F933F}C:\windows\explorer.exe = protocol=17 | dir=in | app=c:\windows\explorer.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

eos · 23.07.2010

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
{000BDCDA-F41C-0D45-3B1A-936F0B4ACE5B} = CCC Help Hungarian
{052FDD78-A6EA-3187-8386-C82F4CA3A929} = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
{06006FA0-1195-3E80-7C71-9F45F6CCDE6A} = CCC Help Greek
{07FB17D8-7DB6-4F06-80C4-8BE1719CB6A1} = hpWLPGInstaller
{11316260-6666-467B-AC34-183FCB5D4335} = Acer Mobility Center Plug-In
{12EFA1A4-AC3B-443C-8143-237EDE760403} = NTI Backup Now Standard
{13D85C14-2B85-419F-AC41-C7F21E68B25D} = Acer eSettings Management
{17D46D1F-97F3-9557-23F3-E799D7AB1594} = ccc-core-static
{17E12C4B-7822-18E7-9901-E56B71100454} = ccc-utility
{203E564A-51E6-44E5-9DF9-8D0AD66E401D} = DJ_SF_05_D2600_Software_Min
{21A2F5EE-1DC5-488A-BE7E-E526F8C61488} = DeviceDiscovery
{2413930C-8309-47A6-BC61-5EF27A4222BC} = NTI Media Maker 8
{2637C347-9DAD-11D6-9EA2-00055D0CA761} = Acer Arcade Deluxe
{26604C7E-A313-4D12-867F-7C6E7820BE4C} = JMicron JMB38X Flash Media Controller
{26A24AE4-039D-4CA4-87B4-2F83216021FF} = Java(TM) 6 Update 21
{2DA19D59-E9B9-ABF5-A7CB-EA1BEDF2C0FC} = Catalyst Control Center Localization Thai
{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C} = BufferChm
{318B26D1-46E8-A84F-2758-521C3C32346E} = Catalyst Control Center Graphics Light
{31A9C52D-8663-55B3-B22F-D5721F7666D9} = Catalyst Control Center Localization Danish
{3C3901C5-3455-3E0A-A214-0B093A5070A6} = Microsoft .NET Framework 4 Client Profile
{40FAE967-C659-865C-0030-74A8280CE48E} = Catalyst Control Center Localization Swedish
{41E9864B-785A-D312-7030-FB20B14F9246} = Catalyst Control Center Graphics Full Existing
{43361F3E-430A-B80D-248B-76B62C8D5384} = CCC Help Portuguese
{43CDF946-F5D9-4292-B006-BA0D92013021} = WebReg
{45193025-C4C4-967C-7D09-085E2C678B12} = CCC Help German
{494FE3AD-6A66-7607-C29A-E4B8A817F281} = CCC Help Czech
{4A03706F-666A-4037-7777-5F2748764D10} = Java Auto Updater
{4A1B7E9B-6C41-8EE8-B55F-264DEC2BF22C} = Catalyst Control Center Localization Dutch
{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4} = SolutionCenter
{4ABA5E02-4580-3A2D-18C9-19D93978F04E} = Catalyst Control Center Localization Korean
{4EA2F95F-A537-4d17-9E7F-6B3FF8D9BBE3} = Microsoft Works
{5179AAED-D78F-E989-801A-7825F97AB674} = CCC Help Russian
{5444EA18-A034-0B0D-37EA-6AE8DFA131EC} = CCC Help Spanish
{56DC1BB7-D46A-2F8D-7AC9-E4D68AA8DF02} = Catalyst Control Center Localization Turkish
{57265292-228A-41FA-9AEC-4620CBCC2739} = Acer eAudio Management
{58E5844B-7CE2-413D-83D1-99294BF6C74F} = Acer ePower Management
{5EC85130-EB97-3602-400F-6029B629F7A0} = Catalyst Control Center Localization German
{63FF21C9-A810-464F-B60A-3111747B1A6D} = GPBaseService2
{68A10D12-0D0F-4212-BDE6-D87FAD32A8FA} = SmartWebPrinting
{6A9E4582-7BDB-AD2C-8A04-0CDD0FE29637} = CCC Help French
{6BBA26E9-AB03-4FE7-831A-3535584CA002} = Toolbox
{6CCDCF6B-7BB2-022F-ACEB-9649CE0C3C9E} = CCC Help English
{7059BDA7-E1DB-442C-B7A1-6144596720A4} = HP Update
{72DCCB90-294C-FBCA-824B-49D54A0090B4} = Catalyst Control Center Graphics Full New
{73072CA1-5B40-21BB-47DC-38F64589EBA3} = CCC Help Italian
{73EFC5C1-2926-54F0-43FD-3D88076A7DFC} = CCC Help Finnish
{775290AD-C54E-418C-9564-A10836F42C1C} = D2600
{79BE93D6-4043-8914-BC76-6C8A6FE2F400} = CCC Help Swedish
{7F0696F2-39F5-DA17-7501-6C6D37BD50E4} = CCC Help Thai
{7F811A54-5A09-4579-90E1-C93498E230D9} = Acer eRecovery Management
{802F0F4E-A0A5-4E4D-9D7B-1933913EF7B6} = Catalyst Control Center - Branding
{80D3CFFD-4CB5-47A1-8779-11A720A9ADB2} = HP Deskjet D2600 Printer Driver Software 13.0 Rel .5
{81CB77FF-9789-4337-A46E-185F7876AC40} = Adobe Photoshop Lightroom 2.6
{85DDD70F-2EAE-550C-1F09-8CADFB2F7BD4} = Catalyst Control Center Localization Polish
{8949C868-DCE2-8D4F-8BF3-441031F8B4BF} = Catalyst Control Center Localization Greek
{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00} = Microsoft Silverlight
{8F1B6239-FEA0-450A-A950-B05276CE177C} = Acer Empowering Technology
{8FE6FD04-1F8D-2132-3178-C7C71C1980C5} = Catalyst Control Center Localization Japanese
{92127AF5-FDD8-4ADF-BC40-C356C9EE0B7D} = 32 Bit HP CIO Components Installer
{98834478-C82D-687B-36DB-E9B15C48C7C3} = CCC Help Polish
{9D521657-32BD-5C20-D739-D6A28EC21004} = Catalyst Control Center Localization Chinese Standard
{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD} = ALPS Touch Pad Driver
{A3AB35FA-943E-4799-99DC-46EFD59E998F} = AMD USB Audio Driver Filter
{A3AE2198-5EC2-1C86-3DF3-24FB352A22CC} = CCC Help Japanese
{A5633652-3795-4829-BB0B-644F0279E279} = Acer eDataSecurity Management
{A6F830C0-50C5-E5FE-4B6B-B285178E9139} = Catalyst Control Center Localization Czech
{A77255C4-AFCB-44A3-BF0F-2091A71FFD9E} = Acer Crystal Eye Webcam 2.0.8
{ABAD548B-C77B-0DD7-3533-17BF30EEFA4D} = CCC Help Korean
{AE8705FB-E13C-40A9-8A2D-68D6733FBFC2} = Status
{B512B38C-6391-F0A3-DC04-5E9006280619} = Catalyst Control Center Localization French
{B7273DAD-1972-0971-C126-B54B63D7F207} = Catalyst Control Center InstallProxy
{B9B2088C-3629-FC4E-9AB4-AA6A832C070B} = Catalyst Control Center Localization Hungarian
{BA94B209-9B88-C24E-1A11-0AE1D82768CF} = CCC Help Chinese Standard
{BDBED9FE-66E4-30D2-91FB-9EF360926B07} = Catalyst Control Center Localization Italian
{C10AA441-5EF2-1A5A-CD1A-002A49C32DFD} = CCC Help Dutch
{C1935A92-CCFC-17A5-7DE5-3961F2A987A1} = Catalyst Control Center Localization Russian
{C43326F5-F135-4551-8270-7F7ABA0462E1} = HPProductAssistant
{C6AC8645-DE33-5563-60D2-27E83AA6BADF} = CCC Help Turkish
{C70C0EE6-4A66-0442-0EE4-F8A6BBFF8956} = Catalyst Control Center Localization Finnish
{C73AA7F7-0ACA-327B-B15F-B5199F44CBBF} = Catalyst Control Center Localization Spanish
{C75CDBA2-3C86-481e-BD10-BDDA758F9DFF} = hpPrintProjects
{C78EAC6F-7A73-452E-8134-DBB2165C5A68} = QuickTime
{CAE4213F-F797-439D-BD9E-79B71D115BE3} = HPPhotoGadget
{CB099890-1D5F-11D5-9EA9-0050BAE317E1} = PowerDirector
{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} = Microsoft .NET Framework 3.5 SP1
{CE386A4E-D0DA-4208-8235-BCE43275C694} = LightScribe 1.4.142.1
{D36DD326-7280-11D8-97C8-000129760CBE} = PhotoNow!
{D9534EEA-F733-F153-BA56-8B0ACDAD827D} = CCC Help Norwegian
{DC0A5F99-FD66-433F-9D3A-05DCBA64BE42} = TrayApp
{DC137490-B154-9DAE-DC95-3C6A9E3BE802} = Catalyst Control Center Localization Norwegian
{DE62F674-72FA-841A-10BD-2FC04844BB07} = Catalyst Control Center Localization Chinese Traditional
{DF320EE9-D279-0B91-A036-7707D653672A} = Catalyst Control Center Core Implementation
{E23131B3-2465-9263-CCFF-E40C52B5AAF0} = CCC Help Danish
{ECE1EE17-9068-A1ED-BEAE-26F54EF14F83} = ATI Catalyst Install Manager
{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC} = Realtek High Definition Audio Driver
{F750C986-5310-3A5A-95F8-4EC71C8AC01C} = Microsoft .NET Framework 4 Client Profile DEU Language Pack
{F8B97782-A1EE-4292-D3A1-6413144FF450} = Catalyst Control Center Localization Portuguese
{FAE73242-6582-B839-0E5C-199AE2B72C40} = CCC Help Chinese Traditional
5D38134BF8A10D640B30E6B014EECDBC5F881E3D = Windows Driver Package - ENE (enecir) HIDClass (04/29/2008 2.5.0.0)
7-Zip = 7-Zip 4.65
Adobe Flash Player ActiveX = Adobe Flash Player 10 ActiveX
Antivir Solution Basic = Antivir Solution Basic
CNXT_MODEM_HDA_HSF = HDAUDIO Soft Data Fax Modem with SmartCP
GridVista = Acer GridVista
HP Imaging Device Functions = HP Imaging Device Functions 13.0
HP Print Projects = HP Print Projects 1.0
HP Smart Web Printing = HP Smart Web Printing 4.5
HP Solution Center & Imaging Support Tools = HP Solution Center 13.0
InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403} = NTI Backup Now 5
InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC} = NTI Media Maker 8
InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761} = Acer Arcade Deluxe
InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1} = PowerDirector
Microsoft .NET Framework 3.5 Language Pack SP1 - deu = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
Microsoft .NET Framework 3.5 SP1 = Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile = Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Client Profile DEU Language Pack = Microsoft .NET Framework 4 Client Profile DEU Language Pack
Mobile Partner = Mobile Partner
Unlocker = Unlocker 1.9.0

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 19.07.2010 10:37:38 | Computer Name = user-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 19.07.2010 11:45:50 | Computer Name = user-PC | Source = WinMgmt | ID = 10
Description =

Error - 19.07.2010 11:45:53 | Computer Name = user-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 19.07.2010 11:45:54 | Computer Name = user-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 19.07.2010 11:45:54 | Computer Name = user-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 20.07.2010 11:26:38 | Computer Name = user-PC | Source = WinMgmt | ID = 10
Description =

Error - 20.07.2010 11:26:41 | Computer Name = user-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 20.07.2010 11:26:42 | Computer Name = user-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 20.07.2010 11:26:42 | Computer Name = user-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 20.07.2010 12:54:44 | Computer Name = user-PC | Source = EventSystem | ID = 4621
Description =

[ System Events ]
Error - 22.07.2010 17:26:00 | Computer Name = user-PC | Source = Service Control Manager | ID = 7009
Description =

Error - 22.07.2010 17:26:00 | Computer Name = user-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 22.07.2010 17:46:49 | Computer Name = user-PC | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 10000
Description =

Error - 22.07.2010 17:47:11 | Computer Name = user-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 22.07.2010 19:01:24 | Computer Name = user-PC | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 10000
Description =

Error - 22.07.2010 19:02:06 | Computer Name = user-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 22.07.2010 20:02:45 | Computer Name = user-PC | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 10000
Description =

Error - 22.07.2010 20:03:01 | Computer Name = user-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 22.07.2010 22:27:59 | Computer Name = user-PC | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 10000
Description =

Error - 22.07.2010 22:28:15 | Computer Name = user-PC | Source = Service Control Manager | ID = 7000
Description =

< End of report >

Und nun rennt Gmer - und läuft und läuft und läuft........

eos · 23.07.2010

Gmer

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-07-23 05:46:54
Windows 6.0.6002 Service Pack 2
Running: gmer.exe; Driver: C:\Users\user\AppData\Local\Temp\kgtdapob.sys

---- Kernel code sections - GMER 1.0.15 ----

? System32\Drivers\jqmghmj.sys Ein an das System angeschlossenes Gerät funktioniert nicht. !
.text C:\Windows\system32\DRIVERS\atikmdag.sys section is writeable [0x8EC0C000, 0x20C302, 0xE8000020]
C:\Program Files\Acer Arcade Deluxe\PlayMovie\000.fcl entry point in section [0x9DBED41C]
.clc C:\Program Files\Acer Arcade Deluxe\PlayMovie\000.fcl unknown last code section [0x9DBEE000, 0x1000, 0xE0000020]

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Internet Explorer\iexplore.exe[1232] USER32.dll!CreateDialogParamW 760672A2 5 Bytes JMP 6E81DEA8 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1232] USER32.dll!GetAsyncKeyState 7606863C 5 Bytes JMP 6E738EFF C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1232] USER32.dll!SetWindowsHookExW 760687AD 5 Bytes JMP 6E819AC9 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1232] USER32.dll!CallNextHookEx 76068E3B 5 Bytes JMP 6E80D0ED C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1232] USER32.dll!UnhookWindowsHookEx 760698DB 5 Bytes JMP 6E78467C C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1232] USER32.dll!EnableWindow 7606CD8B 5 Bytes JMP 6E81DD35 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1232] USER32.dll!CreateWindowExW 76071305 5 Bytes JMP 6E81DB1C C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1232] USER32.dll!GetKeyState 76078CB1 5 Bytes JMP 6E81D2E3 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1232] USER32.dll!IsDialogMessageW 76080745 5 Bytes JMP 6E7459D7 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1232] USER32.dll!CreateDialogParamA 760817AA 5 Bytes JMP 6E91547B C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1232] USER32.dll!IsDialogMessage 76081847 5 Bytes JMP 6E914D17 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1232] USER32.dll!CreateDialogIndirectParamA 760826F1 5 Bytes JMP 6E9154B2 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1232] USER32.dll!CreateDialogIndirectParamW 76089A62 5 Bytes JMP 6E9154E9 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1232] USER32.dll!SetKeyboardState 76090987 5 Bytes JMP 6E915086 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1232] USER32.dll!DialogBoxParamW 760910B0 5 Bytes JMP 6E7454C5 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1232] USER32.dll!DialogBoxIndirectParamW 76092EF5 5 Bytes JMP 6E91480F C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1232] USER32.dll!SendInput 76092F75 5 Bytes JMP 6E915C43 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1232] USER32.dll!EndDialog 7609326E 5 Bytes JMP 6E747E7E C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1232] USER32.dll!SetCursorPos 760A6FB2 5 Bytes JMP 6E915C97 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1232] USER32.dll!DialogBoxParamA 760A8152 5 Bytes JMP 6E9147AC C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1232] USER32.dll!DialogBoxIndirectParamA 760A847D 5 Bytes JMP 6E914872 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1232] USER32.dll!MessageBoxIndirectA 760BD4D9 5 Bytes JMP 6E914741 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1232] USER32.dll!MessageBoxIndirectW 760BD5D3 5 Bytes JMP 6E9146D6 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1232] USER32.dll!MessageBoxExA 760BD639 5 Bytes JMP 6E914674 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1232] USER32.dll!MessageBoxExW 760BD65D 5 Bytes JMP 6E914612 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1232] USER32.dll!keybd_event 760BD972 5 Bytes JMP 6E915FC7 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1232] SHELL32.dll!SHRestricted + D95 76258988 4 Bytes [4D, 30, 9E, 66]

eos · 23.07.2010

.text C:\Program Files\Internet Explorer\iexplore.exe[1232] SHELL32.dll!SHRestricted + D9D 76258990 8 Bytes [57, 2F, 9E, 66, 9C, 5B, 9D, ...]
.text C:\Program Files\Internet Explorer\iexplore.exe[1232] ole32.dll!OleLoadFromStream 77511E12 5 Bytes JMP 6E914B77 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1232] ole32.dll!CoCreateInstance 77549EA6 5 Bytes JMP 6E81DB78 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2164] USER32.dll!CreateWindowExW 76071305 5 Bytes JMP 6E81DB1C C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2164] USER32.dll!DialogBoxParamW 760910B0 5 Bytes JMP 6E7454C5 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2164] USER32.dll!DialogBoxIndirectParamW 76092EF5 5 Bytes JMP 6E91480F C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2164] USER32.dll!DialogBoxParamA 760A8152 5 Bytes JMP 6E9147AC C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2164] USER32.dll!DialogBoxIndirectParamA 760A847D 5 Bytes JMP 6E914872 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2164] USER32.dll!MessageBoxIndirectA 760BD4D9 5 Bytes JMP 6E914741 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2164] USER32.dll!MessageBoxIndirectW 760BD5D3 5 Bytes JMP 6E9146D6 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2164] USER32.dll!MessageBoxExA 760BD639 5 Bytes JMP 6E914674 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2164] USER32.dll!MessageBoxExW 760BD65D 5 Bytes JMP 6E914612 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Windows\Explorer.EXE[3256] SHELL32.dll!SHGetFolderPathAndSubDirW + 81C9 7620B364 4 Bytes [50, 26, 00, 10] {PUSH EAX; ADD ES:[EAX], DL}
.text C:\Windows\Explorer.EXE[3256] SHELL32.dll!ShellExecuteExW + 18B7 7623D9EC 4 Bytes [70, 1D, 00, 10] {JO 0x1f; ADD [EAX], DL}
.text C:\Program Files\Internet Explorer\iexplore.exe[4572] USER32.dll!CreateWindowExW 76071305 5 Bytes JMP 6E81DB1C C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4572] USER32.dll!DialogBoxParamW 760910B0 5 Bytes JMP 6E7454C5 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4572] USER32.dll!DialogBoxIndirectParamW 76092EF5 5 Bytes JMP 6E91480F C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4572] USER32.dll!DialogBoxParamA 760A8152 5 Bytes JMP 6E9147AC C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4572] USER32.dll!DialogBoxIndirectParamA 760A847D 5 Bytes JMP 6E914872 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4572] USER32.dll!MessageBoxIndirectA 760BD4D9 5 Bytes JMP 6E914741 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4572] USER32.dll!MessageBoxIndirectW 760BD5D3 5 Bytes JMP 6E9146D6 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4572] USER32.dll!MessageBoxExA 760BD639 5 Bytes JMP 6E914674 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4572] USER32.dll!MessageBoxExW 760BD65D 5 Bytes JMP 6E914612 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5160] USER32.dll!CreateDialogParamW 760672A2 5 Bytes JMP 6E81DEA8 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5160] USER32.dll!GetAsyncKeyState 7606863C 5 Bytes JMP 6E738EFF C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5160] USER32.dll!SetWindowsHookExW 760687AD 5 Bytes JMP 6E819AC9 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5160] USER32.dll!CallNextHookEx 76068E3B 5 Bytes JMP 6E80D0ED C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5160] USER32.dll!UnhookWindowsHookEx 760698DB 5 Bytes JMP 6E78467C C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5160] USER32.dll!EnableWindow 7606CD8B 5 Bytes JMP 6E81DD35 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5160] USER32.dll!CreateWindowExW 76071305 5 Bytes JMP 6E81DB1C C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5160] USER32.dll!GetKeyState 76078CB1 5 Bytes JMP 6E81D2E3 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5160] USER32.dll!IsDialogMessageW 76080745 5 Bytes JMP 6E7459D7 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5160] USER32.dll!CreateDialogParamA 760817AA 5 Bytes JMP 6E91547B C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5160] USER32.dll!IsDialogMessage 76081847 5 Bytes JMP 6E914D17 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5160] USER32.dll!CreateDialogIndirectParamA 760826F1 5 Bytes JMP 6E9154B2 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5160] USER32.dll!CreateDialogIndirectParamW 76089A62 5 Bytes JMP 6E9154E9 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5160] USER32.dll!SetKeyboardState 76090987 5 Bytes JMP 6E915086 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5160] USER32.dll!DialogBoxParamW 760910B0 5 Bytes JMP 6E7454C5 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5160] USER32.dll!DialogBoxIndirectParamW 76092EF5 5 Bytes JMP 6E91480F C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5160] USER32.dll!SendInput 76092F75 5 Bytes JMP 6E915C43 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5160] USER32.dll!EndDialog 7609326E 5 Bytes JMP 6E747E7E C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5160] USER32.dll!SetCursorPos 760A6FB2 5 Bytes JMP 6E915C97 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5160] USER32.dll!DialogBoxParamA 760A8152 5 Bytes JMP 6E9147AC C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5160] USER32.dll!DialogBoxIndirectParamA 760A847D 5 Bytes JMP 6E914872 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5160] USER32.dll!MessageBoxIndirectA 760BD4D9 5 Bytes JMP 6E914741 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5160] USER32.dll!MessageBoxIndirectW 760BD5D3 5 Bytes JMP 6E9146D6 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5160] USER32.dll!MessageBoxExA 760BD639 5 Bytes JMP 6E914674 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5160] USER32.dll!MessageBoxExW 760BD65D 5 Bytes JMP 6E914612 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5160] USER32.dll!keybd_event 760BD972 5 Bytes JMP 6E915FC7 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5160] SHELL32.dll!SHRestricted + D95 76258988 4 Bytes [4D, 30, 9E, 66]
.text C:\Program Files\Internet Explorer\iexplore.exe[5160] SHELL32.dll!SHRestricted + D9D 76258990 8 Bytes [57, 2F, 9E, 66, 9C, 5B, 9D, ...]
.text C:\Program Files\Internet Explorer\iexplore.exe[5160] ole32.dll!OleLoadFromStream 77511E12 5 Bytes JMP 6E914B77 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5160] ole32.dll!CoCreateInstance 77549EA6 5 Bytes JMP 6E81DB78 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

eos · 23.07.2010

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Program Files\Internet Explorer\iexplore.exe[1232] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [669C82F6] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1232] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress] [669C82F6] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1232] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!SearchPathW] [669D1AEC] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1232] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [669D007C] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1232] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!CopyFileW] [669CE1E9] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1232] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!MoveFileW] [669D0994] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1232] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!DeleteFileW] [669CEE46] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1232] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!CreateProcessW] [669CA3FB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1232] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!SetCurrentDirectoryW] [669D1D56] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1232] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!FindClose] [669D3ADC] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1232] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!FindNextFileW] [669D2999] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1232] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!FindFirstFileW] [669D3035] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1232] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [669CFBE1] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1232] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!CreateFileW] [669CE860] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1232] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!WritePrivateProfileStringW] [669CDC5C] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1232] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [669CFD66] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1232] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [669C82F6] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1232] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetPrivateProfileStringW] [669CD4B8] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1232] @ C:\Windows\system32\USER32.dll [ADVAPI32.dll!RegQueryInfoKeyW] [669DFBB3] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1232] @ C:\Windows\system32\USER32.dll [ADVAPI32.dll!RegEnumValueW] [669E051D] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1232] @ C:\Windows\system32\USER32.dll [ADVAPI32.dll!RegOpenKeyExW] [669DEB3D] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1232] @ C:\Windows\system32\USER32.dll [ADVAPI32.dll!RegQueryValueExW] [669DF817] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1232] @ C:\Windows\system32\USER32.dll [ADVAPI32.dll!RegDeleteKeyW] [669DEF31] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1232] @ C:\Windows\system32\USER32.dll [ADVAPI32.dll!RegCreateKeyExW] [669DE5C5] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1232] @ C:\Windows\system32\USER32.dll [ADVAPI32.dll!RegCloseKey] [669DED95] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1232] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [669D007C] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1232] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [669CFBE1] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1232] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!CopyFileW] [669CE1E9] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1232] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [669C82F6] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1232] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [669CFD66] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1232] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!CreateFileW] [669CE860] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1232] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!SearchPathW] [669D1AEC] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1232] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!DeleteFileW] [669CEE46] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1232] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!FindClose] [669D3ADC] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1232] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!FindFirstFileA] [669D2CD2] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1232] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!FindNextFileA] [669D2926] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1232] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!FindFirstFileW] [669D3035] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1232] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!FindNextFileW] [669D2999] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1232] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!GetFileAttributesA] [669CBD77] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1232] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!SetCurrentDirectoryA] [669D173F] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1232] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!SetFileAttributesA] [669CBFCD] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1232] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!CreateDirectoryA] [669D0F0F] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1232] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!RemoveDirectoryA] [669D14E9] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1232] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!DeleteFileA] [669CED1B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1232] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!GetFileAttributesW] [669CBEA2] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1232] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!SetCurrentDirectoryW] [669D1D56] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1232] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!SetFileAttributesW] [669CC0FB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1232] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!CreateDirectoryW] [669D103D] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1232] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!DeleteFileW] [669CEE46] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1232] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!MoveFileW] [669D0994] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1232] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!RemoveDirectoryW] [669D1614] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1232] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!MoveFileA] [669D0921] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1232] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!GetProcAddress] [669C82F6] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1232] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!LoadLibraryA] [669CFBE1] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1232] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!CreateProcessA] [669CA073] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1232] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!CreateProcessW] [669CA3FB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1232] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!CreateFileA] [669CE717] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1232] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!CreateFileW] [669CE860] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1232] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!LoadLibraryW] [669CFD66] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1232] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [669CFD66] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1232] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!ReplaceFileW] [669D0C95] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1232] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!WritePrivateProfileStringW] [669CDC5C] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1232] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetPrivateProfileStringW] [669CD4B8] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1232] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetPrivateProfileStringA] [669CD361] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[1232] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!DeleteFileW] [669CEE46] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)

Geht so nicht - ich versuch es als Datei anzuhängen

Geht nicht - ich schick es per mail an Fee und Schrauber, die hoffentlich so lieb sind und aushelfen

eos · 23.07.2010

MBRcheck

MBRCheck, version 1.1.1

(c) 2010, AD

\\.\C: --> \\.\PhysicalDrive0

\\.\D: --> \\.\PhysicalDrive0

Size Device Name MBR Status

--------------------------------------------

298 GB \\.\PhysicalDrive0 Error reading raw MBR!

Done! Press ENTER to exit...

sieht wohl übel aus

schrauber · 23.07.2010

Hab schon schlimmeres gesehen

http://www.wintotal-forum.de/index.php/topic,147847.0.html#post_ave

Avenger bitte laden und mit folgendem Script laufen lassen:

Code:

Drivers to delete:
jqmghmj
Files to delete:
C:\Windows\System32\drivers\jqmghmj.sys
Folders to delete:
C:\Users\user\AppData\Local\ickmfiqrv
C:\Program Files\Antivir Solution Basic
C:\Users\user\AppData\Roaming\lowsec

==========

http://www.wintotal-forum.de/index.php/topic,147847.0.html#post_com

Bitte Combofix nach Anleitung laufen lassen und das Logfile posten

eos · 23.07.2010

Danke - werde das gleich in Angriff nehmen.......

eos · 23.07.2010

Avenger ist fertig.
Combofix gestartet - meckert, dass das Biest läuft und beendet werden sollte - ich find aber nix, wo ich es abschalten kann - habe Combofix trotzdem anlaufen lassen - es arbeitet jetzt.Melde mich nachher wieder mit den Logs

Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform: Windows Vista

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!

Driver jqmghmj deleted successfully.
File C:\Windows\System32\drivers\jqmghmj.sys deleted successfully.
Folder C:\Users\user\AppData\Local\ickmfiqrv deleted successfully.
Folder C:\Program Files\Antivir Solution Basic deleted successfully.
Folder C:\Users\user\AppData\Roaming\lowsec deleted successfully.

Completed script processing.

*******************

Finished! Terminate.

eos · 23.07.2010

Combofix

ComboFix 10-07-22.01 - user 23.07.2010 7:22.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.49.1031.18.3293.2238 [GMT 2:00]
ausgeführt von:: c:\users\user\Desktop\ComboFix.exe
AV: Antivir Solution Pro *On-access scanning enabled* (Updated) {2CC57799-C906-4c6b-B4A0-B77E78EBF31B}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\user\AppData\Roaming\Axazeg\qefyu.exe

.
((((((((((((((((((((((( Dateien erstellt von 2010-06-23 bis 2010-07-23 ))))))))))))))))))))))))))))))
.

2010-07-23 05:28 . 2010-07-23 05:28 -------- d-----w- c:\users\user\AppData\Local\temp
2010-07-23 05:28 . 2010-07-23 05:28 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-07-23 02:25 . 2010-07-23 02:25 -------- d-----w- c:\program files\Windows Portable Devices
2010-07-23 02:22 . 2009-09-10 02:00 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll
2010-07-23 02:22 . 2009-09-10 02:00 92672 ----a-w- c:\windows\system32\UIAnimation.dll
2010-07-23 02:22 . 2009-09-10 02:01 3023360 ----a-w- c:\windows\system32\UIRibbon.dll
2010-07-23 02:20 . 2009-10-08 21:08 555520 begin_of_the_skype_highlighting08 555520end_of_the_skype_highlighting ----a-w- c:\windows\system32\UIAutomationCore.dll
2010-07-23 02:20 . 2009-10-08 21:08 234496 ----a-w- c:\windows\system32\oleacc.dll
2010-07-23 02:20 . 2009-10-08 21:07 4096 ----a-w- c:\windows\system32\oleaccrc.dll
2010-07-23 02:04 . 2010-07-23 02:04 -------- d-----w- c:\program files\7-Zip
2010-07-23 02:00 . 2010-07-23 02:00 -------- d-----w- c:\program files\Common Files\Java
2010-07-23 01:58 . 2010-07-23 01:58 -------- d-----w- c:\program files\Unlocker
2010-07-23 01:23 . 2010-03-05 14:01 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-07-22 22:50 . 2010-07-23 02:00 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-07-22 21:44 . 2009-05-21 15:12 121344 ------w- c:\programdata\HP\Installer\Temp\hpqrrx08.exe
2010-07-22 21:43 . 2009-05-26 16:43 1710392 ------w- c:\programdata\HP\Installer\Temp\hpzmsi01.exe
2010-07-22 20:20 . 2010-07-22 20:20 -------- d-----w- c:\windows\system32\ca-ES
2010-07-22 20:20 . 2010-07-22 20:20 -------- d-----w- c:\windows\system32\eu-ES
2010-07-22 20:20 . 2010-07-22 20:20 -------- d-----w- c:\windows\system32\vi-VN
2010-07-22 19:26 . 2010-07-22 19:26 -------- d-----w- c:\windows\system32\EventProviders
2010-07-22 18:48 . 2010-07-22 18:48 -------- d-----w- c:\program files\Microsoft Silverlight
2010-07-22 18:45 . 2009-03-08 11:32 72704 ----a-w- c:\windows\system32\admparse.dll
2010-07-22 16:44 . 2010-07-22 16:44 -------- d-----w- c:\users\user\AppData\Local\Seven Zip
2010-07-17 18:47 . 2009-08-24 11:36 377344 ----a-w- c:\windows\system32\winhttp.dll
2010-07-16 15:09 . 2009-06-15 14:53 270848 ----a-w- c:\windows\system32\schannel.dll
2010-07-16 15:09 . 2009-06-15 14:52 499712 ----a-w- c:\windows\system32\kerberos.dll
2010-07-14 14:36 . 2010-07-14 14:36 -------- d-----w- c:\windows\Hewlett-Packard
2010-06-25 14:46 . 2009-11-08 08:55 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2010-06-25 14:46 . 2009-11-08 08:55 49472 ----a-w- c:\windows\system32\netfxperf.dll
2010-06-25 14:46 . 2009-11-08 08:55 297808 ----a-w- c:\windows\system32\mscoree.dll
2010-06-25 14:46 . 2009-11-08 08:55 295264 ----a-w- c:\windows\system32\PresentationHost.exe
2010-06-25 14:46 . 2009-11-08 08:55 1130824 ----a-w- c:\windows\system32\dfshim.dll
2010-06-24 14:28 . 2010-04-16 16:43 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2010-06-24 14:28 . 2010-04-16 14:39 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2010-06-24 14:28 . 2010-01-06 15:39 1696256 ----a-w- c:\windows\system32\gameux.dll

.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-23 03:20 . 2008-01-21 07:15 628742 ----a-w- c:\windows\system32\perfh007.dat
2010-07-23 03:20 . 2008-01-21 07:15 126454 ----a-w- c:\windows\system32\perfc007.dat
2010-07-23 02:25 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2010-07-23 02:24 . 2010-07-23 02:24 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
2010-07-23 02:24 . 2010-07-23 02:24 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_07_00.Wdf
2010-07-22 23:31 . 2009-04-21 16:37 -------- d-----w- c:\programdata\EPSON
2010-07-22 23:08 . 2008-05-20 20:54 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-07-22 22:50 . 2009-05-18 15:15 -------- d-----w- c:\program files\Java
2010-07-22 21:43 . 2010-01-07 16:39 -------- d-----w- c:\program files\HP
2010-07-22 21:43 . 2010-06-09 15:06 -------- d-----w- c:\program files\SweetIM
2010-07-22 21:34 . 2009-04-21 16:39 -------- d-----w- c:\program files\EPSON
2010-07-22 21:30 . 2008-05-20 22:12 -------- d-----w- c:\program files\eSobi
2010-07-22 21:26 . 2008-05-20 21:31 -------- d-----w- c:\program files\Acer GameZone
2010-07-22 20:20 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Sidebar
2010-07-22 20:20 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Photo Gallery
2010-07-22 20:20 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Journal
2010-07-22 20:20 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Collaboration
2010-07-22 20:20 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Calendar
2010-07-22 20:20 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-07-22 20:20 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Defender
2010-07-22 17:10 . 2009-04-11 19:42 71400 ----a-w- c:\users\user\AppData\Local\GDIPFONTCACHEV1.DAT
2010-07-22 17:05 . 2010-01-07 16:47 -------- d-----w- c:\program files\Yahoo!
2010-07-22 17:00 . 2008-05-20 21:45 -------- d-----w- c:\programdata\Microsoft Help
2010-07-22 17:00 . 2008-05-20 21:47 -------- d-----w- c:\program files\Microsoft.NET
2010-07-22 16:59 . 2008-05-20 21:47 -------- d-----w- c:\program files\Microsoft Works
2010-07-09 14:31 . 2009-09-12 17:09 -------- d-----w- c:\users\user\AppData\Roaming\Axazeg
2010-07-06 18:29 . 2010-03-24 21:29 -------- d-----w- c:\users\user\AppData\Roaming\Xaum
2010-06-16 14:34 . 2010-06-16 14:34 1079048 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2010-06-01 17:37 . 2009-10-03 15:09 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-05-29 14:16 . 2010-05-29 14:16 -------- d-----w- c:\program files\Common Files\PX Storage Engine
2010-05-26 17:06 . 2010-06-12 10:52 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-05-26 14:47 . 2010-06-12 10:52 289792 ----a-w- c:\windows\system32\atmfd.dll
2010-05-04 05:59 . 2010-07-22 18:47 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-04 05:55 . 2010-07-22 18:47 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-05-04 05:55 . 2010-07-22 18:47 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-05-04 04:31 . 2010-07-22 18:47 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-05-01 14:13 . 2010-06-12 10:52 2037248 ----a-w- c:\windows\system32\win32k.sys
.

(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@={30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2008-03-04 21:38 121392 ----a-w- c:\program files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
ehTray.exe=c:\windows\ehome\ehTray.exe [2008-01-21 125952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
Windows Defender=c:\program files\Windows Defender\MSASCui.exe [2008-01-21 1008184]
RtHDVCpl=RtHDVCpl.exe [2008-04-28 6111232]
ePower_DMC=c:\program files\Acer\Empowering Technology\ePower\ePower_DMC.exe [2008-05-09 397312]
eDataSecurity Loader=c:\program files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe [2008-03-04 526896]
BkupTray=c:\program files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe [2008-04-25 28672]
PLFSetI=c:\windows\PLFSetI.exe [2007-10-23 200704]
StartCCC=c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2008-01-21 61440]
Apoint=c:\program files\Apoint2K\Apoint.exe [2007-07-21 159744]
eAudio=c:\program files\Acer\Empowering Technology\eAudio\eAudio.exe [2008-05-30 544768]
ArcadeDeluxeAgent=c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe [2008-05-12 147456]
PlayMovie=c:\program files\Acer Arcade Deluxe\PlayMovie\PMVService.exe [2008-05-12 167936]
CLMLServer=c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe [2008-05-12 167936]
WarReg_PopUp=c:\program files\Acer\WR_PopUp\WarReg_PopUp.exe [2008-01-29 303104]
QuickTime Task=c:\program files\QuickTime\QTTask.exe [2009-05-26 413696]
HP Software Update=c:\program files\HP\HP Software Update\HPWuSchd2.exe [2007-05-08 54840]
Skytel=Skytel.exe [2007-11-20 1826816]
SunJavaUpdateSched=c:\program files\Common Files\Java\Java Update\jusched.exe [2010-05-14 248552]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-5-21 275768]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
EnableUIADesktopToggle= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@=Driver

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@=Service

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
DisableMonitoring=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
VistaSp2=hex(b):f8,95,97,55,dc,29,cb,01

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-772419714-465867292-1252962964-1000]
EnableNotificationsRef=dword:00000002

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2008-04-25 131072]
R3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\DRIVERS\ewusbdev.sys [2009-06-22 100736]
R3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2008-05-30 93968]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796};c:\program files\Acer Arcade Deluxe\PlayMovie\000.fcl [2008-05-09 61424]
S2 BUNAgentSvc;NTI Backup Now 5 Agent Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe [2008-03-03 16384]
S2 CLHNService;CLHNService;c:\program files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe [2008-01-16 81504]
S2 ETService;Empowering Technology Service;c:\program files\Acer\Empowering Technology\Service\ETService.exe [2008-03-21 24576]
S2 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2008-04-25 45056]
S2 NTIPPKernel;NTIPPKernel;c:\program files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\NTIPPKernel.sys [2008-01-16 122368]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2008-03-27 210432]
S3 enecir;ENE CIR Receiver;c:\windows\system32\DRIVERS\enecir.sys [2008-04-28 54784]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2008-05-28 22072]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://google.de/
mStart Page = hxxp://de.intl.acer.yahoo.com
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -

URLSearchHooks-{EEE6C35D-6118-11DC-9C72-001320C79847} - (no file)
WebBrowser-{EEE6C35B-6118-11DC-9C72-001320C79847} - (no file)
HKCU-Run-{12239928-8A3D-80EC-268D-D5669DDAD859} - c:\users\user\AppData\Roaming\Axazeg\qefyu.exe
HKCU-Run-excqvjfl - c:\users\user\AppData\Local\ickmfiqrv\qorcibltssd.exe
HKCU-Run-AVSolution - c:\program files\Antivir Solution Basic\avsolution.exe
HKLM-Run-eRecoveryService - (no file)
AddRemove-Antivir Solution Basic - c:\program files\Antivir Solution Basic\uninstall.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-07-23 07:28
Windows 6.0.6002 Service Pack 2 NTFS

Scanne versteckte Prozesse...

Scanne versteckte Autostarteinträge...

Scanne versteckte Dateien...

Scan erfolgreich abgeschlossen
versteckte Dateien: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{49DE1C67-83F8-4102-99E0-C16DCC7EEC796}]
ImagePath=\??\c:\program files\Acer Arcade Deluxe\PlayMovie\000.fcl
.
--------------------- Gesperrte Registrierungsschluessel ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
BlindDial=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
BlindDial=dword:00000000
.
Zeit der Fertigstellung: 2010-07-23 07:31:08
ComboFix-quarantined-files.txt 2010-07-23 05:31

Vor Suchlauf: 10 Verzeichnis(se), 122.867.933.184 Bytes frei
Nach Suchlauf: 15 Verzeichnis(se), 122.803.740.672 Bytes frei

- - End Of File - - 0EB79339B966FCFF9FF0D7032DF061B7

Und was muss ich nun machen?

schrauber · 23.07.2010

Sieht doch schon viel besser aus

http://www.wintotal-forum.de/index.php/topic,147847.0.html#post_mwb

Malwarebytes laufen lassen und das Log posten.

====

ESET Onlinescan nach dieser Anleitung und poste mir die Ergebnisse.

Poste bitte auch ein frisches OTL logfile und teil mir mit, wie der Rechner läuft

.

eos · 23.07.2010

Darf ich die Logfiles - wenn sie sehr gross werden - auch per mail zu Dir senden?

Malware entfernen?

eos

tschaang

schrauber

eos

tschaang

eos

eos

eos

eos

eos

eos

eos

eos

eos

schrauber

eos

eos

eos

schrauber

eos

Malware entfernen?

ANGEBOTE & SPONSOREN

Neueste Themen

Statistik des Forums