Help :(

SunnyJilu · 22 August 2009

Huhu,
also erstmal sorry wenn es zu diesem Virus schon einen Thread gibt! Wenn, bitte link geben. Danke!

Hab den virus win32/cryptor auf dem laptop...Es blinkt ca alle 30min mein virenprogi auf das immer 2 dateien aufzeigt welches von dem virus befallen ist.Ich klicke auf entfernen,aber es sind immer neue dateien die befallen sind.Immer in den ordnern temp und temporary internet files (welcher soo garnicht existiert...).Hab den virus gegoogelt&auf einen seiten stand das ich einfach malwarebytes durchlaufen lassen soll&die andren meinten das ich bestimmte dateien löschen soll.Nun, malware hab ich 3 mal durchlaufen lassen.Des hat den virus ned mal gefunden!Und die dateien die ich löschen soll,gibz nicht °° Also wie bekomm ich dieses ding los?? Hier mal mein logfile von hijack. Help I need somebody!;_;

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 00:23:16, on 22.08.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\AskBarDis\bar\bin\AskService.exe
C:\Programme\AskBarDis\bar\bin\ASKUpgrade.exe
C:\Programme\Gemeinsame Dateien\InterVideo\DeviceService\DevSvc.exe
C:\Programme\ICQ6Toolbar\ICQ Service.exe
C:\Programme\Java\jre6\bin\jqs.exe
C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe
C:\Programme\Gemeinsame Dateien\Nero\Nero BackItUp 4\NBService.exe
C:\WINDOWS\system32\svchost.exe
C:\Programme\Gemeinsame Dateien\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Programme\Analog Devices\Core\smax4pnp.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Programme\Winamp\winampa.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Programme\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\DHTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Windows Live\Messenger\MsnMsgr.Exe
C:\Programme\Eraser\Eraser.exe
C:\Programme\DAEMON Tools Lite\daemon.exe
C:\Programme\Gemeinsame Dateien\LightScribe\LightScribeControlPanel.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Programme\HP\Digital Imaging\bin\hpqtra08.exe
C:\Programme\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Programme\Hewlett-Packard\Shared\HpqToaster.exe
C:\Programme\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Programme\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programme\Opera\Opera.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Programme\AVG\AVG8\avgcsrvx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Programme\Gemeinsame Dateien\Adobe\Updater6\Adobe_Updater.exe
C:\Programme\Vuze\Azureus.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programme\Trend Micro\HijackThis\HijackThis.exe

Fortsetzung im nächsten post....

SunnyJilu · 22 August 2009

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =

Please, Anmelden or Registrieren to view URLs content!

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

Please, Anmelden or Registrieren to view URLs content!

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

Please, Anmelden or Registrieren to view URLs content!

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

Please, Anmelden or Registrieren to view URLs content!

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =

Please, Anmelden or Registrieren to view URLs content!

R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll
R3 - URLSearchHook: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Programme\AskBarDis\bar\bin\askBar.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programme\AVG\AVG8\avgssie.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: pdfforge Toolbar - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Programme\pdfforge Toolbar\WidgiToolbarIE.dll
O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Programme\AskBarDis\bar\bin\askBar.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Programme\DAEMON Tools Toolbar\DTToolbar.dll
O3 - Toolbar: pdfforge Toolbar - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Programme\pdfforge Toolbar\WidgiToolbarIE.dll
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Programme\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [soundMAXPnP] C:\Programme\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [soundMAX] C:\Programme\Analog Devices\SoundMAX\Smax4.exe /tray
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Programme\Winamp\winampa.exe
O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [searchSettings] C:\Programme\pdfforge Toolbar\SearchSettings.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Programme\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [DHTray] C:\WINDOWS\system32\DHTray.exe
O4 - HKLM\..\Run: [A0380mon] C:\WINDOWS\system32\A0380mon.exe
O4 - HKLM\..\Run: [uVS11 Preload] C:\Programme\Ulead Systems\Ulead VideoStudio 11\uvPL.exe
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\Run: [spyHunter Security Suite] C:\Programme\Enigma Software Group\SpyHunter\SpyHunter3.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Programme\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Eraser] C:\Programme\Eraser\Eraser.exe -hide
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Programme\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Programme\Gemeinsame Dateien\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programme\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programme\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: ASKService - Unknown owner - C:\Programme\AskBarDis\bar\bin\AskService.exe
O23 - Service: ASKUpgrade - Unknown owner - C:\Programme\AskBarDis\bar\bin\ASKUpgrade.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Capture Device Service - InterVideo Inc. - C:\Programme\Gemeinsame Dateien\InterVideo\DeviceService\DevSvc.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Programme\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: ICQ Service - Unknown owner - C:\Programme\ICQ6Toolbar\ICQ Service.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programme\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe
O23 - Service: MBAMService - Unknown owner - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (file missing)
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Programme\Gemeinsame Dateien\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Programme\Gemeinsame Dateien\Ulead Systems\DVD\ULCDRSvr.exe
End of file - 9362 bytes

McFly · 22 August 2009

Lade dir mal bitte die aktuelle Version von Spybot Search & Destroy (

Please, Anmelden or Registrieren to view URLs content!

),dem Programm GMER (

Please, Anmelden or Registrieren to view URLs content!

) und Das Programm Avenger-> unter The Avenger <Download>

Please, Anmelden or Registrieren to view URLs content!

,scanne mit Spybot komplett und lass die gefundenen schädlichen Programme entfernen. Starte GMER
; Drücke Scan, Der Vorgang kann je nach System 3 - 10min dauern
; nach Beendigung des Scan, drücke "Copy"
; nun kannst Du das Ergebnis hier als Text einfügen.

Danach sehen wir weiter.

SunnyJilu · 22 August 2009

Danke für die antwort! Hab jetzt das programm durchlaufen lassen (spybot und gmer) und hier nun das ergebnis

Muss es leider in 4 posts aufteilen! Also sry!

GMER 1.0.15.15077 [37fx8hot.exe] -

Please, Anmelden or Registrieren to view URLs content!

Rootkit scan 2009-08-22 20:45:03
Windows 5.1.2600 Service Pack 3

---- System - GMER 1.0.15 ----

SSDT sppx.sys ZwCreateKey [0xF74B70E0]
SSDT sppx.sys ZwEnumerateKey [0xF74D5CA2]
SSDT sppx.sys ZwEnumerateValueKey [0xF74D6030]
SSDT sppx.sys ZwOpenKey [0xF74B70C0]
SSDT sppx.sys ZwQueryKey [0xF74D6108]
SSDT sppx.sys ZwQueryValueKey [0xF74D5F88]
SSDT sppx.sys ZwSetValueKey [0xF74D619A]

INT 0x62 ? 8636EBF8
INT 0x63 ? 86135BF8
INT 0x82 ? 8636EBF8
INT 0x83 ? 86135BF8
INT 0xA4 ? 86135BF8
INT 0xB4 ? 86135BF8

---- Kernel code sections - GMER 1.0.15 ----

? sppx.sys Das System kann die angegebene Datei nicht finden. !
.text USBPORT.SYS!DllUnload F660E8AC 5 Bytes JMP 861351D8
.text a9zx6qq4.SYS F643A386 35 Bytes [00, 00, 00, 00, 00, 00, 20, ...]
.text a9zx6qq4.SYS F643A3AA 24 Bytes [00, 00, 00, 00, 00, 00, 00, ...]
.text a9zx6qq4.SYS F643A3C4 3 Bytes [00, 70, 02] {ADD [EAX+0x2], DH}
.text a9zx6qq4.SYS F643A3C9 1 Byte [2E]
.text a9zx6qq4.SYS F643A3C9 11 Bytes [2E, 00, 00, 00, 5C, 02, 00, ...] {ADD CS:[EAX], AL; ADD [EDX+EAX+0x0], BL; ADD [EAX], AL; ADD [EAX], AL}
.text ...

---- User code sections - GMER 1.0.15 ----

.text C:\Programme\Windows Live\Messenger\MsnMsgr.Exe[336] kernel32.dll!LoadResource 7C80A055 7 Bytes JMP 28001E20 C:\Programme\Messenger Plus! Live\MsgPlusLive1.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Programme\Windows Live\Messenger\MsnMsgr.Exe[336] kernel32.dll!FindResourceExW 7C80AD28 7 Bytes JMP 28001C60 C:\Programme\Messenger Plus! Live\MsgPlusLive1.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Programme\Windows Live\Messenger\MsnMsgr.Exe[336] kernel32.dll!FindResourceW 7C80BC6E 7 Bytes JMP 28001BE0 C:\Programme\Messenger Plus! Live\MsgPlusLive1.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Programme\Windows Live\Messenger\MsnMsgr.Exe[336] kernel32.dll!SizeofResource 7C80BD09 7 Bytes JMP 28001EE0 C:\Programme\Messenger Plus! Live\MsgPlusLive1.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Programme\Windows Live\Messenger\MsnMsgr.Exe[336] kernel32.dll!FindResourceA 7C80BF29 7 Bytes JMP 28001CF0 C:\Programme\Messenger Plus! Live\MsgPlusLive1.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Programme\Windows Live\Messenger\MsnMsgr.Exe[336] kernel32.dll!LockResource 7C80CD37 5 Bytes JMP 28001F50 C:\Programme\Messenger Plus! Live\MsgPlusLive1.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Programme\Windows Live\Messenger\MsnMsgr.Exe[336] kernel32.dll!CreateEventA 7C8308B5 5 Bytes JMP 28001840 C:\Programme\Messenger Plus! Live\MsgPlusLive1.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Programme\Windows Live\Messenger\MsnMsgr.Exe[336] kernel32.dll!FindResourceExA 7C835FA8 7 Bytes JMP 28001D80 C:\Programme\Messenger Plus! Live\MsgPlusLive1.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Programme\Windows Live\Messenger\MsnMsgr.Exe[336] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 5 Bytes JMP 0056DBBD C:\Programme\Windows Live\Messenger\MsnMsgr.Exe (Windows Live Messenger/Microsoft Corporation)
.text C:\Programme\Windows Live\Messenger\MsnMsgr.Exe[336] kernel32.dll!OutputDebugStringW 7C85B405 5 Bytes JMP 28001FB0 C:\Programme\Messenger Plus! Live\MsgPlusLive1.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Programme\Windows Live\Messenger\MsnMsgr.Exe[336] ADVAPI32.dll!CryptDeriveKey 77DB9FFD 7 Bytes JMP 28001000 C:\Programme\Messenger Plus! Live\MsgPlusLive1.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Programme\Windows Live\Messenger\MsnMsgr.Exe[336] ADVAPI32.dll!CryptDecrypt 77DBA129 7 Bytes JMP 28001060 C:\Programme\Messenger Plus! Live\MsgPlusLive1.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Programme\Windows Live\Messenger\MsnMsgr.Exe[336] USER32.dll!PeekMessageW 7E36929B 5 Bytes JMP 280046C0 C:\Programme\Messenger Plus! Live\MsgPlusLive1.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Programme\Windows Live\Messenger\MsnMsgr.Exe[336] USER32.dll!SetWindowPlacement 7E36DE46 5 Bytes

SunnyJilu · 22 August 2009

.text C:\Programme\Windows Live\Messenger\MsnMsgr.Exe[336] USER32.dll!LoadIconW 7E37E8BC 5 Bytes JMP 28006960 C:\Programme\Messenger Plus! Live\MsgPlusLive1.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Programme\Windows Live\Messenger\MsnMsgr.Exe[336] USER32.dll!MessageBoxIndirectW 7E3B64D5 5 Bytes JMP 28006310 C:\Programme\Messenger Plus! Live\MsgPlusLive1.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Programme\Windows Live\Messenger\MsnMsgr.Exe[336] USER32.dll!TrackPopupMenuEx 7E3BCF62 5 Bytes JMP 28004FA0 C:\Programme\Messenger Plus! Live\MsgPlusLive1.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Programme\Windows Live\Messenger\MsnMsgr.Exe[336] WS2_32.dll!closesocket 71A13E2B 5 Bytes JMP 2800BB90 C:\Programme\Messenger Plus! Live\MsgPlusLive1.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Programme\Windows Live\Messenger\MsnMsgr.Exe[336] WS2_32.dll!send 71A14C27 5 Bytes JMP 2800B770 C:\Programme\Messenger Plus! Live\MsgPlusLive1.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Programme\Windows Live\Messenger\MsnMsgr.Exe[336] WS2_32.dll!WSARecv 71A14CB5 5 Bytes JMP 2800B550 C:\Programme\Messenger Plus! Live\MsgPlusLive1.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Programme\Windows Live\Messenger\MsnMsgr.Exe[336] WS2_32.dll!recv 71A1676F 5 Bytes JMP 2800B3B0 C:\Programme\Messenger Plus! Live\MsgPlusLive1.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Programme\Windows Live\Messenger\MsnMsgr.Exe[336] WS2_32.dll!WSASend 71A168FA 5 Bytes JMP 2800B950 C:\Programme\Messenger Plus! Live\MsgPlusLive1.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Programme\Windows Live\Messenger\MsnMsgr.Exe[336] SHELL32.dll!Shell_NotifyIconW 7E6DA5BF 5 Bytes JMP 28003440 C:\Programme\Messenger Plus! Live\MsgPlusLive1.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Programme\Windows Live\Messenger\MsnMsgr.Exe[336] ole32.dll!CoInitializeEx 774CEF7B 5 Bytes JMP 28002260 C:\Programme\Messenger Plus! Live\MsgPlusLive1.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Programme\Windows Live\Messenger\MsnMsgr.Exe[336] ole32.dll!CoRegisterClassObject 774E7E90 5 Bytes JMP 28002360 C:\Programme\Messenger Plus! Live\MsgPlusLive1.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Programme\Windows Live\Messenger\MsnMsgr.Exe[336] WININET.dll!InternetReadFile 408C654B 5 Bytes JMP 2800A3B0 C:\Programme\Messenger Plus! Live\MsgPlusLive1.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Programme\Windows Live\Messenger\MsnMsgr.Exe[336] WININET.dll!InternetCloseHandle 408C9088 5 Bytes JMP 2800A560 C:\Programme\Messenger Plus! Live\MsgPlusLive1.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Programme\Windows Live\Messenger\MsnMsgr.Exe[336] WININET.dll!HttpOpenRequestA 408CD508 5 Bytes JMP 2800A220 C:\Programme\Messenger Plus! Live\MsgPlusLive1.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Programme\Windows Live\Messenger\MsnMsgr.Exe[336] WININET.dll!HttpSendRequestA 408DEE81 5 Bytes JMP 2800A490 C:\Programme\Messenger Plus! Live\MsgPlusLive1.dll (Messenger Plus! Live Add-On/Patchou)

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT \WINDOWS\System32\Drivers\SCSIPORT.SYS[ntoskrnl.exe!DbgBreakPoint] 863DD2D8
IAT pci.sys[ntoskrnl.exe!IoDetachDevice] [F74E8C4C] sppx.sys
IAT pci.sys[ntoskrnl.exe!IoAttachDeviceToDeviceStack] [F74E8CA0] sppx.sys
IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [F74B8040] sppx.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [F74B813C] sppx.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [F74B80BE] sppx.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [F74B87FC] sppx.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [F74B86D2] sppx.sys
IAT \SystemRoot\system32\DRIVERS\USBPORT.SYS[ntoskrnl.exe!DbgBreakPoint] 861352D8
IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [F74C8048] sppx.sys
IAT \SystemRoot\System32\Drivers\a9zx6qq4.SYS[ntoskrnl.exe!RtlInitUnicodeString] 2266E852
IAT \SystemRoot\System32\Drivers\a9zx6qq4.SYS[ntoskrnl.exe!swprintf] 478B0000
IAT \SystemRoot\System32\Drivers\a9zx6qq4.SYS[ntoskrnl.exe!KeSetEvent] 50016A40
IAT \SystemRoot\System32\Drivers\a9zx6qq4.SYS[ntoskrnl.exe!IoCreateSymbolicLink] 1CAC8E8D
IAT \SystemRoot\System32\Drivers\a9zx6qq4.SYS[ntoskrnl.exe!IoGetConfigurationInformation] E8510000
IAT \SystemRoot\System32\Drivers\a9zx6qq4.SYS[ntoskrnl.exe!IoDeleteSymbolicLink] 00002254
IAT \SystemRoot\System32\Drivers\a9zx6qq4.SYS[ntoskrnl.exe!MmFreeMappingAddress] 6A18538B
IAT \SystemRoot\System32\Drivers\a9zx6qq4.SYS[ntoskrnl.exe!IoFreeErrorLogEntry] 868D5200
IAT \SystemRoot\System32\Drivers\a9zx6qq4.SYS[ntoskrnl.exe!IoDisconnectInterrupt] 00001C98
IAT \SystemRoot\System32\Drivers\a9zx6qq4.SYS[ntoskrnl.exe!MmUnmapIoSpace] 2242E850
IAT \SystemRoot\System32\Drivers\a9zx6qq4.SYS[ntoskrnl.exe!ObReferenceObjectByPointer] 4B8B0000
IAT \SystemRoot\System32\Drivers\a9zx6qq4.SYS[ntoskrnl.exe!IofCompleteRequest] 51016A18
IAT \SystemRoot\System32\Drivers\a9zx6qq4.SYS[ntoskrnl.exe!RtlCompareUnicodeString] 1CB4968D
IAT \SystemRoot\System32\Drivers\a9zx6qq4.SYS[ntoskrnl.exe!IofCallDriver] E8520000
IAT \SystemRoot\System32\Drivers\a9zx6qq4.SYS[ntoskrnl.exe!MmAllocateMappingAddress] 00002230
IAT \SystemRoot\System32\Drivers\a9zx6qq4.SYS[ntoskrnl.exe!IoAllocateErrorLogEntry] 8A05478A
IAT \SystemRoot\System32\Drivers\a9zx6qq4.SYS[ntoskrnl.exe!IoConnectInterrupt] 001CBB8E

SunnyJilu · 22 August 2009

IAT \SystemRoot\System32\Drivers\a9zx6qq4.SYS[ntoskrnl.exe!IoDetachDevice] 30C48300
IAT \SystemRoot\System32\Drivers\a9zx6qq4.SYS[ntoskrnl.exe!KeWaitForSingleObject] 1CBD8688
IAT \SystemRoot\System32\Drivers\a9zx6qq4.SYS[ntoskrnl.exe!KeInitializeEvent] 80E90000
IAT \SystemRoot\System32\Drivers\a9zx6qq4.SYS[ntoskrnl.exe!KeCancelTimer] C6000000
IAT \SystemRoot\System32\Drivers\a9zx6qq4.SYS[ntoskrnl.exe!RtlAnsiStringToUnicodeString] 001CBB86
IAT \SystemRoot\System32\Drivers\a9zx6qq4.SYS[ntoskrnl.exe!RtlInitAnsiString] 438B0100
IAT \SystemRoot\System32\Drivers\a9zx6qq4.SYS[ntoskrnl.exe!IoBuildDeviceIoControlRequest] 8E8D5018
IAT \SystemRoot\System32\Drivers\a9zx6qq4.SYS[ntoskrnl.exe!IoQueueWorkItem] 00001C90
IAT \SystemRoot\System32\Drivers\a9zx6qq4.SYS[ntoskrnl.exe!MmMapIoSpace] 2202E851
IAT \SystemRoot\System32\Drivers\a9zx6qq4.SYS[ntoskrnl.exe!IoInvalidateDeviceRelations] 538B0000
IAT \SystemRoot\System32\Drivers\a9zx6qq4.SYS[ntoskrnl.exe!IoReportDetectedDevice] 52016A18
IAT \SystemRoot\System32\Drivers\a9zx6qq4.SYS[ntoskrnl.exe!IoReportResourceForDetection] 1CAC868D
IAT \SystemRoot\System32\Drivers\a9zx6qq4.SYS[ntoskrnl.exe!RtlxAnsiStringToUnicodeSize] E8500000
IAT \SystemRoot\System32\Drivers\a9zx6qq4.SYS[ntoskrnl.exe!NlsMbCodePageTag] 000021F0
IAT \SystemRoot\System32\Drivers\a9zx6qq4.SYS[ntoskrnl.exe!PoRequestPowerIrp] 8A05478A
IAT \SystemRoot\System32\Drivers\a9zx6qq4.SYS[ntoskrnl.exe!KeInsertByKeyDeviceQueue] 001CBB8E
IAT \SystemRoot\System32\Drivers\a9zx6qq4.SYS[ntoskrnl.exe!PoRegisterDeviceForIdleDetection] 18C48300
IAT \SystemRoot\System32\Drivers\a9zx6qq4.SYS[ntoskrnl.exe!sprintf] 1CBD8688
IAT \SystemRoot\System32\Drivers\a9zx6qq4.SYS[ntoskrnl.exe!MmMapLockedPagesSpecifyCache] 43EB0000
IAT \SystemRoot\System32\Drivers\a9zx6qq4.SYS[ntoskrnl.exe!ObfDereferenceObject] 320C538A
IAT \SystemRoot\System32\Drivers\a9zx6qq4.SYS[ntoskrnl.exe!IoGetAttachedDeviceReference] 88F93BC0
IAT \SystemRoot\System32\Drivers\a9zx6qq4.SYS[ntoskrnl.exe!IoInvalidateDeviceState] 001CBB96
IAT \SystemRoot\System32\Drivers\a9zx6qq4.SYS[ntoskrnl.exe!ZwClose] F6317300
IAT \SystemRoot\System32\Drivers\a9zx6qq4.SYS[ntoskrnl.exe!ObReferenceObjectByHandle] 74070647
IAT \SystemRoot\System32\Drivers\a9zx6qq4.SYS[ntoskrnl.exe!ZwCreateDirectoryObject] 75C0841A
IAT \SystemRoot\System32\Drivers\a9zx6qq4.SYS[ntoskrnl.exe!IoBuildSynchronousFsdRequest] 05578A0B
IAT \SystemRoot\System32\Drivers\a9zx6qq4.SYS[ntoskrnl.exe!PoStartNextPowerIrp] 968801B0
IAT \SystemRoot\System32\Drivers\a9zx6qq4.SYS[ntoskrnl.exe!IoCreateDevice] 00001CBD
IAT \SystemRoot\System32\Drivers\a9zx6qq4.SYS[ntoskrnl.exe!RtlCopyUnicodeString] 57B60F66
IAT \SystemRoot\System32\Drivers\a9zx6qq4.SYS[ntoskrnl.exe!IoAllocateDriverObjectExtension] 533B6604
IAT \SystemRoot\System32\Drivers\a9zx6qq4.SYS[ntoskrnl.exe!RtlQueryRegistryValues] 03087408
IAT \SystemRoot\System32\Drivers\a9zx6qq4.SYS[ntoskrnl.exe!ZwOpenKey] 72F93B3F
IAT \SystemRoot\System32\Drivers\a9zx6qq4.SYS[ntoskrnl.exe!RtlFreeUnicodeString] 8A09EBDA
IAT \SystemRoot\System32\Drivers\a9zx6qq4.SYS[ntoskrnl.exe!IoStartTimer] 86880547

SunnyJilu · 22 August 2009

Korrigiere: ca. 10 posts brauch ich ~~

IAT \SystemRoot\System32\Drivers\a9zx6qq4.SYS[ntoskrnl.exe!KeInitializeTimer] 00001CBD
IAT \SystemRoot\System32\Drivers\a9zx6qq4.SYS[ntoskrnl.exe!IoInitializeTimer] 88084B8A
IAT \SystemRoot\System32\Drivers\a9zx6qq4.SYS[ntoskrnl.exe!KeInitializeDpc] 001CBE8E
IAT \SystemRoot\System32\Drivers\a9zx6qq4.SYS[ntoskrnl.exe!KeInitializeSpinLock] 40578B00
IAT \SystemRoot\System32\Drivers\a9zx6qq4.SYS[ntoskrnl.exe!IoInitializeIrp] 8D52006A
IAT \SystemRoot\System32\Drivers\a9zx6qq4.SYS[ntoskrnl.exe!ZwCreateKey] 001CC086
IAT \SystemRoot\System32\Drivers\a9zx6qq4.SYS[ntoskrnl.exe!RtlAppendUnicodeStringToString] 81E85000
IAT \SystemRoot\System32\Drivers\a9zx6qq4.SYS[ntoskrnl.exe!RtlIntegerToUnicodeString] 8B000021
IAT \SystemRoot\System32\Drivers\a9zx6qq4.SYS[ntoskrnl.exe!ZwSetValueKey] 001CB88E
IAT \SystemRoot\System32\Drivers\a9zx6qq4.SYS[ntoskrnl.exe!KeInsertQueueDpc] BC968B00
IAT \SystemRoot\System32\Drivers\a9zx6qq4.SYS[ntoskrnl.exe!KefAcquireSpinLockAtDpcLevel] 8900001C
IAT \SystemRoot\System32\Drivers\a9zx6qq4.SYS[ntoskrnl.exe!IoStartPacket] 001CC48E
IAT \SystemRoot\System32\Drivers\a9zx6qq4.SYS[ntoskrnl.exe!KefReleaseSpinLockFromDpcLevel] C8968900
IAT \SystemRoot\System32\Drivers\a9zx6qq4.SYS[ntoskrnl.exe!IoBuildAsynchronousFsdRequest] 8B00001C
IAT \SystemRoot\System32\Drivers\a9zx6qq4.SYS[ntoskrnl.exe!IoFreeMdl] 016A4047
IAT \SystemRoot\System32\Drivers\a9zx6qq4.SYS[ntoskrnl.exe!MmUnlockPages] CCC68150
IAT \SystemRoot\System32\Drivers\a9zx6qq4.SYS[ntoskrnl.exe!IoWriteErrorLogEntry] 5600001C
IAT \SystemRoot\System32\Drivers\a9zx6qq4.SYS[ntoskrnl.exe!KeRemoveByKeyDeviceQueue] 002157E8
IAT \SystemRoot\System32\Drivers\a9zx6qq4.SYS[ntoskrnl.exe!MmMapLockedPagesWithReservedMapping] 18C48300
IAT \SystemRoot\System32\Drivers\a9zx6qq4.SYS[ntoskrnl.exe!MmUnmapReservedMapping] 5D5B5E5F
IAT \SystemRoot\System32\Drivers\a9zx6qq4.SYS[ntoskrnl.exe!KeSynchronizeExecution] CCCCCCC3
IAT \SystemRoot\System32\Drivers\a9zx6qq4.SYS[ntoskrnl.exe!IoStartNextPacket] CCCCCCCC
IAT \SystemRoot\System32\Drivers\a9zx6qq4.SYS[ntoskrnl.exe!KeBugCheckEx] CCCCCCCC
IAT \SystemRoot\System32\Drivers\a9zx6qq4.SYS[ntoskrnl.exe!KeRemoveDeviceQueue] CCCCCCCC
IAT \SystemRoot\System32\Drivers\a9zx6qq4.SYS[ntoskrnl.exe!KeSetTimer] 8BEC8B55
IAT \SystemRoot\System32\Drivers\a9zx6qq4.SYS[ntoskrnl.exe!_allmul] 00C73445
IAT \SystemRoot\System32\Drivers\a9zx6qq4.SYS[ntoskrnl.exe!MmProbeAndLockPages] 00000000
IAT \SystemRoot\System32\Drivers\a9zx6qq4.SYS[ntoskrnl.exe!_except_handler3] 830C458B
IAT \SystemRoot\System32\Drivers\a9zx6qq4.SYS[ntoskrnl.exe!PoSetPowerState] C0840CEC
IAT \SystemRoot\System32\Drivers\a9zx6qq4.SYS[ntoskrnl.exe!IoOpenDeviceRegistryKey] 053C0D74
IAT \SystemRoot\System32\Drivers\a9zx6qq4.SYS[ntoskrnl.exe!RtlWriteRegistryValue] 57B80974
IAT \SystemRoot\System32\Drivers\a9zx6qq4.SYS[ntoskrnl.exe!RtlDeleteRegistryValue] 8B000000
IAT \SystemRoot\System32\Drivers\a9zx6qq4.SYS[ntoskrnl.exe!_aulldiv] 56C35DE5
IAT \SystemRoot\System32\Drivers\a9zx6qq4.SYS[ntoskrnl.exe!strstr] 8D08758B
IAT \SystemRoot\System32\Drivers\a9zx6qq4.SYS[ntoskrnl.exe!_strupr] 8D51FC4D
IAT \SystemRoot\System32\Drivers\a9zx6qq4.SYS[ntoskrnl.exe!KeQuerySystemTime] 8D52FD55
IAT \SystemRoot\System32\Drivers\a9zx6qq4.SYS[ntoskrnl.exe!IoWMIRegistrationControl] 8D51FE4D
IAT \SystemRoot\System32\Drivers\a9zx6qq4.SYS[ntoskrnl.exe!KeTickCount] 8D52FF55
IAT \SystemRoot\System32\Drivers\a9zx6qq4.SYS[ntoskrnl.exe!IoAttachDeviceToDeviceStack] 8D51F84D
IAT \SystemRoot\System32\Drivers\a9zx6qq4.SYS[ntoskrnl.exe!IoDeleteDevice] 5052F455
IAT \SystemRoot\System32\Drivers\a9zx6qq4.SYS[ntoskrnl.exe!ExAllocatePoolWithTag] EACAE856
IAT \SystemRoot\System32\Drivers\a9zx6qq4.SYS[ntoskrnl.exe!IoAllocateWorkItem] C483FFFF
IAT \SystemRoot\System32\Drivers\a9zx6qq4.SYS[ntoskrnl.exe!IoAllocateIrp] 0FC08520
IAT \SystemRoot\System32\Drivers\a9zx6qq4.SYS[ntoskrnl.exe!IoAllocateMdl] 0001AD85
IAT \SystemRoot\System32\Drivers\a9zx6qq4.SYS[ntoskrnl.exe!MmBuildMdlForNonPagedPool] 46B70F00
IAT \SystemRoot\System32\Drivers\a9zx6qq4.SYS[ntoskrnl.exe!MmLockPagableDataSection] F44D8B48
IAT \SystemRoot\System32\Drivers\a9zx6qq4.SYS[ntoskrnl.exe!IoGetDriverObjectExtension] C1815753
IAT \SystemRoot\System32\Drivers\a9zx6qq4.SYS[ntoskrnl.exe!MmUnlockPagableImageSection] 00002590
IAT \SystemRoot\System32\Drivers\a9zx6qq4.SYS[ntoskrnl.exe!ExFreePoolWithTag] 467C8D51
IAT \SystemRoot\System32\Drivers\a9zx6qq4.SYS[ntoskrnl.exe!IoFreeIrp] 7622E84A
IAT \SystemRoot\System32\Drivers\a9zx6qq4.SYS[ntoskrnl.exe!IoFreeWorkItem] D88BFFFF
IAT \SystemRoot\System32\Drivers\a9zx6qq4.SYS[ntoskrnl.exe!InitSafeBootMode] 8504C483
IAT \SystemRoot\System32\Drivers\a9zx6qq4.SYS[ntoskrnl.exe!RtlCompareMemory] 5F0A75DB
IAT \SystemRoot\System32\Drivers\a9zx6qq4.SYS[ntoskrnl.exe!PoCallDriver] 5B08438D
IAT \SystemRoot\System32\Drivers\a9zx6qq4.SYS[ntoskrnl.exe!memmove] 5DE58B5E
IAT \SystemRoot\System32\Drivers\a9zx6qq4.SYS[ntoskrnl.exe!MmHighestUserAddress] 259068C3
IAT \SystemRoot\System32\Drivers\a9zx6qq4.SYS[HAL.dll!KfAcquireSpinLock] 4B8BDF8B
IAT \SystemRoot\System32\Drivers\a9zx6qq4.SYS[HAL.dll!READ_PORT_UCHAR] 8D3F0304
IAT \SystemRoot\System32\Drivers\a9zx6qq4.SYS[HAL.dll!KeGetCurrentIrql] CB033043
IAT \SystemRoot\System32\Drivers\a9zx6qq4.SYS[HAL.dll!KfRaiseIrql] 0673C13B
IAT \SystemRoot\System32\Drivers\a9zx6qq4.SYS[HAL.dll!KfLowerIrql] C13B0003
IAT \SystemRoot\System32\Drivers\a9zx6qq4.SYS[HAL.dll!HalGetInterruptVector] 8366FA72
IAT \SystemRoot\System32\Drivers\a9zx6qq4.SYS[HAL.dll!HalTranslateBusAddress] 75000E7B
IAT \SystemRoot\System32\Drivers\a9zx6qq4.SYS[HAL.dll!KeStallExecutionProcessor] 0B7D80E3
IAT \SystemRoot\System32\Drivers\a9zx6qq4.SYS[HAL.dll!KfReleaseSpinLock] 307B8D00
IAT \SystemRoot\System32\Drivers\a9zx6qq4.SYS[HAL.dll! 968D5140

SunnyJilu · 22 August 2009

IAT \SystemRoot\System32\Drivers\a9zx6qq4.SYS[HAL.dll!READ_PORT_USHORT] 83660000
IAT \SystemRoot\System32\Drivers\a9zx6qq4.SYS[HAL.dll!WRITE_PORT_BUFFER_USHORT] 6A000E7A
IAT \SystemRoot\System32\Drivers\a9zx6qq4.SYS[HAL.dll!WRITE_PORT_UCHAR] C6647400
IAT \SystemRoot\System32\Drivers\a9zx6qq4.SYS[WMILIB.SYS!WmiSystemControl] 4F8B0200
IAT \SystemRoot\System32\Drivers\a9zx6qq4.SYS[WMILIB.SYS!WmiCompleteRequest] 968D5140

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 8636D1F8
Device \FileSystem\Fastfat \FatCdrom 856BA1F8
Device \FileSystem\Udfs \UdfsCdRom 85F7F1F8
Device \FileSystem\Udfs \UdfsDisk 85F7F1F8

AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

Device \Driver\NetBT \Device\NetBT_Tcpip_{B9B0775D-B319-4EA2-88AA-08D3955C8431} 85D47500
Device \Driver\usbuhci \Device\USBPDO-0 861341F8
Device \Driver\usbehci \Device\USBPDO-1 861281F8
Device \Driver\dmio \Device\DmControl\DmIoDaemon 863DB1F8
Device \Driver\dmio \Device\DmControl\DmConfig 863DB1F8
Device \Driver\dmio \Device\DmControl\DmPnP 863DB1F8
Device \Driver\dmio \Device\DmControl\DmInfo 863DB1F8
Device \Driver\usbehci \Device\USBPDO-2 861281F8
Device \Driver\usbuhci \Device\USBPDO-3 861341F8
Device \Driver\usbuhci \Device\USBPDO-4 861341F8

AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

Device \Driver\usbuhci \Device\USBPDO-5 861341F8
Device \Driver\Ftdisk \Device\HarddiskVolume1 8636F1F8
Device \Driver\Cdrom \Device\CdRom0 8605A1F8
Device \Driver\Cdrom \Device\CdRom1 8605A1F8
Device \Driver\NetBT \Device\NetBt_Wins_Export 85D47500
Device \Driver\NetBT \Device\NetbiosSmb 85D47500
Device \Driver\PCI_PNP4984 \Device\0000004d sppx.sys

SunnyJilu · 22 August 2009

AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

Device \Driver\usbuhci \Device\USBFDO-0 861341F8
Device \Driver\sptd \Device\1440189984 sppx.sys
Device \Driver\usbehci \Device\USBFDO-1 861281F8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 85A991F8
Device \Driver\usbuhci \Device\USBFDO-2 861341F8
Device \FileSystem\MRxSmb \Device\LanmanRedirector 85A991F8
Device \Driver\usbuhci \Device\USBFDO-3 861341F8
Device \Driver\usbuhci \Device\USBFDO-4 861341F8
Device \Driver\Ftdisk \Device\FtControl 8636F1F8
Device \Driver\usbehci \Device\USBFDO-5 861281F8
Device \Driver\a9zx6qq4 \Device\Scsi\a9zx6qq41Port2Path0Target0Lun0 8604C1F8
Device \Driver\a9zx6qq4 \Device\Scsi\a9zx6qq41 8604C1F8
Device \FileSystem\Fastfat \Fat 856BA1F8

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

Device \FileSystem\Cdfs \Cdfs 86015390

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Programme\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xF5 0xE1 0xD1 0xF9 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x72 0x06 0x92 0x5A ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x62 0x17 0xB1 0x9E ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Programme\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xF5 0xE1 0xD1 0xF9 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x72 0x06 0x92 0x5A ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x62 0x17 0xB1 0x9E ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Programme\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xF5 0xE1 0xD1 0xF9 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x72 0x06 0x92 0x5A ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x62 0x17 0xB1 0x9E ...

---- Files - GMER 1.0.15 ----

File C:\Dokumente und Einstellungen\Sunny\Lokale Einstellungen\Anwendungsdaten\Opera\Opera\profile\cache4\opr04TQG 49 bytes
File C:\Dokumente und Einstellungen\Sunny\Lokale Einstellungen\Anwendungsdaten\Opera\Opera\profile\cache4\opr04TQH 0 bytes
File C:\Dokumente und Einstellungen\Sunny\Lokale Einstellungen\Anwendungsdaten\Opera\Opera\profile\cache4\opr04TQI 0 bytes

---- EOF - GMER 1.0.15 ----

McFly · 23 August 2009

Das sieht doch gar nicht mal soo schlecht aus.
Poste bitte ein neues HJT-Logfile.

SunnyJilu · 25 August 2009

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 00:35:03, on 25.08.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\AskBarDis\bar\bin\AskService.exe
C:\Programme\AskBarDis\bar\bin\ASKUpgrade.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Programme\Gemeinsame Dateien\InterVideo\DeviceService\DevSvc.exe
C:\Programme\ICQ6Toolbar\ICQ Service.exe
C:\Programme\Java\jre6\bin\jqs.exe
C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe
C:\Programme\Gemeinsame Dateien\Nero\Nero BackItUp 4\NBService.exe
C:\WINDOWS\system32\svchost.exe
C:\Programme\Gemeinsame Dateien\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Programme\AVG\AVG8\avgcsrvx.exe
C:\Programme\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Programme\Analog Devices\Core\smax4pnp.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Programme\Winamp\winampa.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Programme\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\A0380mon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Windows Live\Messenger\MsnMsgr.Exe
C:\Programme\Eraser\Eraser.exe
C:\Programme\DAEMON Tools Lite\daemon.exe
C:\Programme\Gemeinsame Dateien\LightScribe\LightScribeControlPanel.exe
C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
C:\Programme\HP\Digital Imaging\bin\hpqtra08.exe
C:\Programme\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Programme\Hewlett-Packard\Shared\HpqToaster.exe
C:\Programme\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Programme\Opera\Opera.exe
C:\Nostale(DE)\nostalex.dat
C:\WINDOWS\system32\wuauclt.exe
C:\Programme\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =

Please, Anmelden or Registrieren to view URLs content!

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

Please, Anmelden or Registrieren to view URLs content!

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

Please, Anmelden or Registrieren to view URLs content!

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

Please, Anmelden or Registrieren to view URLs content!

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =

Please, Anmelden or Registrieren to view URLs content!

R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll
R3 - URLSearchHook: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Programme\AskBarDis\bar\bin\askBar.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programme\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: pdfforge Toolbar - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Programme\pdfforge Toolbar\WidgiToolbarIE.dll
O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Programme\AskBarDis\bar\bin\askBar.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Programme\DAEMON Tools Toolbar\DTToolbar.dll
O3 - Toolbar: pdfforge Toolbar - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Programme\pdfforge Toolbar\WidgiToolbarIE.dll
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Programme\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [soundMAXPnP] C:\Programme\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [soundMAX] C:\Programme\Analog Devices\SoundMAX\Smax4.exe /tray
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Programme\Winamp\winampa.exe
O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [searchSettings] C:\Programme\pdfforge Toolbar\SearchSettings.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Programme\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [DHTray] C:\WINDOWS\system32\DHTray.exe
O4 - HKLM\..\Run: [A0380mon] C:\WINDOWS\system32\A0380mon.exe
O4 - HKLM\..\Run: [uVS11 Preload] C:\Programme\Ulead Systems\Ulead VideoStudio 11\uvPL.exe
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\Run: [spyHunter Security Suite] C:\Programme\Enigma Software Group\SpyHunter\SpyHunter3.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Programme\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Eraser] C:\Programme\Eraser\Eraser.exe -hide
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Programme\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Programme\Gemeinsame Dateien\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programme\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programme\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: ASKService - Unknown owner - C:\Programme\AskBarDis\bar\bin\AskService.exe
O23 - Service: ASKUpgrade - Unknown owner - C:\Programme\AskBarDis\bar\bin\ASKUpgrade.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Capture Device Service - InterVideo Inc. - C:\Programme\Gemeinsame Dateien\InterVideo\DeviceService\DevSvc.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Programme\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: ICQ Service - Unknown owner - C:\Programme\ICQ6Toolbar\ICQ Service.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programme\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe
O23 - Service: MBAMService - Unknown owner - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (file missing)
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Programme\Gemeinsame Dateien\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Programme\Gemeinsame Dateien\Ulead Systems\DVD\ULCDRSvr.exe

--
End of file - 9686 bytes

Feri · 25 August 2009

C:\Programme\AskBarDis\bar\bin\AskService.exe

Ich dneke mal sdas ist müll von ask.com. Fixen.

C:\Programme\AskBarDis\bar\bin\ASKUpgrade.exe

Siehe oben.

C:\Programme\ICQ6Toolbar\ICQ Service.exe

In Sachen Datenschutz ist ICQ nicht gerade das beste. Fixen.

R3 - URLSearchHook: (no name) - - (no file)

No Name? Das sagt alles... Fixen.

R3 - URLSearchHook: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - (no file)

Siehe oben. Fixen.

O2 - BHO: pdfforge Toolbar - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Programme\pdfforge Toolbar\WidgiToolbarIE.dll

PDF.... creator? Fixen.

O4 - HKLM\..\Run: [searchSettings] C:\Programme\pdfforge Toolbar\SearchSettings.exe

Uff.... Fixen.

O23 - Service: ASKService - Unknown owner - C:\Programme\AskBarDis\bar\bin\AskService.exe

Siehe ganz oben. Fixen.

O23 - Service: ASKUpgrade - Unknown owner - C:\Programme\AskBarDis\bar\bin\ASKUpgrade.exe

Auch Fixen.

So jez haste einiges zum abhaken.... viel spass. :schreib:

Sag bescheid wenn du soweit bist

SunnyJilu · 25 August 2009

Soooo, alles gefixed was du gesagt hast

Habe auch pc washer einmal durchlaufen lassen und nochmal alle spyware und adware proggis. Die meldung von win 32/cryptor ist nicht mehr aufgetaucht

)) Mal kucken was die nächsten tage sagen

Aber danke schon mal

Sini1 · 30 August 2009

re

Hallo

@ Feri deine Zeit möchte ich haben,das du dir die Mühe machst, jeden Satz zu Zitieren :]

War kein Vorwurf,wollte es nur anmerken. Mach weiter so, sehr gut und sehr brav

MFG

ennywise

Feri · 30 August 2009

Hallo

@ Feri deine Zeit möchte ich haben,das du dir die Mühe machst, jeden Satz zu Zitieren :]

War kein Vorwurf,wollte es nur anmerken. Mach weiter so, sehr gut und sehr brav

MFG

ennywise

Hallo.

Vielen dank, so etwas liest man doch gern =P :daumenhoch:

Help :(

SunnyJilu

Member

SunnyJilu

Member

McFly

Well-known member

SunnyJilu

Member

SunnyJilu

Member

SunnyJilu

Member

SunnyJilu

Member

SunnyJilu

Member

SunnyJilu

Member

McFly

Well-known member

SunnyJilu

Member

Feri

Member

SunnyJilu

Member

Sini1

Well-known member

Feri

Member

Windows Forum

Neueste Beiträge

Partner

Online-Statistiken