Ich bekomme einen Error beim Installieren von "HijackThis" , warscheinlich durch Trojaner

    Niklas schrieb:

    Also die hochgeladenen Dateien ergaben keine Infektion nur ich konnte den Log nicht machen , da ich einen Error bekam T_T


    Wenn die Scanner keiner Infektion meldeten, dann ok.

    > Liefere das Log von SuperAntiSpyware nach.

    > Dann diesen Rootkit Scan durchführen:
    trojaner-board.de/74908-anleitung-gmer-rootkit-scanner.html
    (Halte dich genau an die Anleitung)

    Danach ein zweites Hijackthislog anfertigen. Wenn das "clean" ist die Bereinigung beendet.
    chip.de/downloads/HijackThis_24575647.html > Für Windows 7

    GAV.
    GMER 1.0.15.15281 - gmer.net
    Rootkit scan 2010-04-21 22:47:17
    Windows 6.1.7600
    Running: befe67j2.exe; Driver: C:\Users\User\AppData\Local\Temp\kwldapob.sys


    ---- System - GMER 1.0.15 ----

    SSDT 9182367C ZwCreateThread
    SSDT 91823668 ZwOpenProcess
    SSDT 9182366D ZwOpenThread
    SSDT 91823677 ZwTerminateProcess

    INT 0x1F \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82A24AF8
    INT 0x37 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82A24104
    INT 0xC1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82A243F4
    INT 0xD1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82A0D2D8
    INT 0xD2 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82A0C898
    INT 0xDF \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82A241DC
    INT 0xE1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82A24958
    INT 0xE3 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82A246F8
    INT 0xFD \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82A24F2C
    INT 0xFE \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82A251A8

    ---- Kernel code sections - GMER 1.0.15 ----

    .text ntkrnlpa.exe!ZwSaveKeyEx + 13AD 82A84599 1 Byte [06]
    .text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82AA8F52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
    .text ntkrnlpa.exe!RtlSidHashLookup + 34C 82AB085C 4 Bytes [7C, 36, 82, 91]
    .text ntkrnlpa.exe!RtlSidHashLookup + 4E8 82AB09F8 4 Bytes [68, 36, 82, 91]
    .text ntkrnlpa.exe!RtlSidHashLookup + 508 82AB0A18 4 Bytes [6D, 36, 82, 91]
    .text ntkrnlpa.exe!RtlSidHashLookup + 7B8 82AB0CC8 4 Bytes [77, 36, 82, 91]
    .text C:\Windows\system32\DRIVERS\atikmdag.sys section is writeable [0x91A0A000, 0x2D5378, 0xE8000020]
    .text peauth.sys 9C075C9E 27 Bytes [3F, 00, 1E, 37, 6C, 36, 46, ...]
    .text peauth.sys 9C075CC2 27 Bytes [3F, 00, 1E, 37, 6C, 36, 46, ...]
    PAGE peauth.sys 9C07BE21 100 Bytes [4D, BC, 8E, 11, C5, A3, 4C, ...]
    PAGE peauth.sys 9C07C02D 101 Bytes [4D, B6, 32, F2, BE, 80, 02, ...]
    ? C:\Users\User\AppData\Local\Temp\catchme.sys Das System kann die angegebene Datei nicht finden. !
    ? C:\Windows\system32\Drivers\PROCEXP113.SYS Das System kann die angegebene Datei nicht finden. !

    ---- User code sections - GMER 1.0.15 ----

    .text C:\Program Files\Tobit Radio.fx\Server\rfx-server.exe[1100] kernel32.dll!SetUnhandledExceptionFilter 77493162 5 Bytes JMP 0046F480 C:\Program Files\Tobit Radio.fx\Server\rfx-server.exe
    .text C:\Program Files\Tobit Radio.fx\Client\rfx-tray.exe[3416] USER32.dll!SetScrollRange 7798AE3C 5 Bytes JMP 10060960 C:\Program Files\Tobit Radio.fx\Client\TOBITCLT.dll
    .text C:\Program Files\Tobit Radio.fx\Client\rfx-tray.exe[3416] USER32.dll!GetSysColorBrush 77992949 5 Bytes JMP 100549E0 C:\Program Files\Tobit Radio.fx\Client\TOBITCLT.dll
    .text C:\Program Files\Tobit Radio.fx\Client\rfx-tray.exe[3416] USER32.dll!GetScrollInfo 77995151 7 Bytes JMP 10060830 C:\Program Files\Tobit Radio.fx\Client\TOBITCLT.dll
    .text C:\Program Files\Tobit Radio.fx\Client\rfx-tray.exe[3416] USER32.dll!SetScrollInfo 77996632 7 Bytes JMP 100608E0 C:\Program Files\Tobit Radio.fx\Client\TOBITCLT.dll
    .text C:\Program Files\Tobit Radio.fx\Client\rfx-tray.exe[3416] USER32.dll!GetSysColor 7799FA99 5 Bytes JMP 100549A0 C:\Program Files\Tobit Radio.fx\Client\TOBITCLT.dll
    .text C:\Program Files\Tobit Radio.fx\Client\rfx-tray.exe[3416] USER32.dll!DrawFrameControl 779AD301 7 Bytes JMP 10053B00 C:\Program Files\Tobit Radio.fx\Client\TOBITCLT.dll
    .text C:\Program Files\Tobit Radio.fx\Client\rfx-tray.exe[3416] USER32.dll!GetScrollRange 779B1B6C 5 Bytes JMP 100608A0 C:\Program Files\Tobit Radio.fx\Client\TOBITCLT.dll
    .text C:\Program Files\Tobit Radio.fx\Client\rfx-tray.exe[3416] USER32.dll!SetScrollPos 779B1BD0 5 Bytes JMP 10060920 C:\Program Files\Tobit Radio.fx\Client\TOBITCLT.dll
    .text C:\Program Files\Tobit Radio.fx\Client\rfx-tray.exe[3416] USER32.dll!GetScrollPos 779B252B 5 Bytes JMP 10060870 C:\Program Files\Tobit Radio.fx\Client\TOBITCLT.dll
    .text C:\Program Files\Tobit Radio.fx\Client\rfx-tray.exe[3416] USER32.dll!EnableScrollBar 779B386D 7 Bytes JMP 100607F0 C:\Program Files\Tobit Radio.fx\Client\TOBITCLT.dll
    .text C:\Program Files\Tobit Radio.fx\Client\rfx-tray.exe[3416] USER32.dll!ShowScrollBar 779B5785 5 Bytes JMP 100609B0 C:\Program Files\Tobit Radio.fx\Client\TOBITCLT.dll
    ---- User IAT/EAT - GMER 1.0.15 ----

    IAT C:\Program Files\Opera\Opera.exe[1588] @ C:\Windows\system32\kernel32.dll [ntdll.dll!RtlReAllocateHeap] [6D269832] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation)
    IAT C:\Program Files\Opera\Opera.exe[1588] @ C:\Windows\system32\kernel32.dll [ntdll.dll!RtlSizeHeap] [6D26A27D] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation)
    IAT C:\Program Files\Opera\Opera.exe[1588] @ C:\Windows\system32\kernel32.dll [ntdll.dll!RtlLockHeap] [6D2694D8] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation)
    IAT C:\Program Files\Opera\Opera.exe[1588] @ C:\Windows\system32\kernel32.dll [ntdll.dll!RtlUnlockHeap] [6D2694E8] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation)
    IAT C:\Program Files\Opera\Opera.exe[1588] @ C:\Windows\system32\kernel32.dll [ntdll.dll!RtlAllocateHeap] [6D2692CD] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation)
    IAT C:\Program Files\Opera\Opera.exe[1588] @ C:\Windows\system32\kernel32.dll [ntdll.dll!RtlFreeHeap] [6D269E78] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation)
    IAT C:\Program Files\Opera\Opera.exe[1588] @ C:\Windows\system32\kernel32.dll [ntdll.dll!RtlDestroyHeap] [6D2694B8] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation)
    IAT C:\Program Files\Opera\Opera.exe[1588] @ C:\Windows\system32\kernel32.dll [ntdll.dll!RtlCreateHeap] [6D2694A8] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation)
    IAT C:\Program Files\Opera\Opera.exe[1588] @ C:\Windows\system32\kernel32.dll [ntdll.dll!RtlExitUserProcess] [6D26AA9E] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation)
    IAT C:\Program Files\Opera\Opera.exe[1588] @ C:\Windows\system32\ADVAPI32.dll [ntdll.dll!RtlFreeHeap] [6D269E78] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation)
    IAT C:\Program Files\Opera\Opera.exe[1588] @ C:\Windows\system32\ADVAPI32.dll [ntdll.dll!RtlAllocateHeap] [6D2692CD] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation)
    IAT C:\Program Files\Opera\Opera.exe[1588] @ C:\Windows\system32\ADVAPI32.dll [ntdll.dll!RtlReAllocateHeap] [6D269832] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation)
    IAT C:\Program Files\Opera\Opera.exe[1588] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [75DB5E25] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
    IAT C:\Program Files\Opera\Opera.exe[1588] @ C:\Windows\system32\RPCRT4.dll [ntdll.dll!RtlFreeHeap] [6D269E78] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation)
    IAT C:\Program Files\Opera\Opera.exe[1588] @ C:\Windows\system32\RPCRT4.dll [ntdll.dll!RtlAllocateHeap] [6D2692CD] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation)
    IAT C:\Program Files\Opera\Opera.exe[1588] @ C:\Windows\system32\USER32.dll [ntdll.dll!RtlSizeHeap] [6D26A27D] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation)
    IAT C:\Program Files\Opera\Opera.exe[1588] @ C:\Windows\system32\USER32.dll [ntdll.dll!RtlReAllocateHeap] [6D269832] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation)
    IAT C:\Program Files\Opera\Opera.exe[1588] @ C:\Windows\system32\USER32.dll [ntdll.dll!RtlAllocateHeap] [6D2692CD] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation)
    IAT C:\Program Files\Opera\Opera.exe[1588] @ C:\Windows\system32\USER32.dll [ntdll.dll!RtlFreeHeap] [6D269E78] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation)
    IAT C:\Program Files\Opera\Opera.exe[1588] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [75DB5E25] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
    IAT C:\Program Files\Opera\Opera.exe[1588] @ C:\Windows\system32\GDI32.dll [ntdll.dll!RtlAllocateHeap] [6D2692CD] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation)
    IAT C:\Program Files\Opera\Opera.exe[1588] @ C:\Windows\system32\GDI32.dll [ntdll.dll!RtlFreeHeap] [6D269E78] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation)
    IAT C:\Program Files\Opera\Opera.exe[1588] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [75DB5E25] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
    IAT C:\Program Files\Opera\Opera.exe[1588] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [75DB5E25] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
    IAT C:\Program Files\Opera\Opera.exe[1588] @ C:\Windows\system32\ole32.dll [ntdll.dll!RtlFreeHeap] [6D269E78] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation)
    IAT C:\Program Files\Opera\Opera.exe[1588] @ C:\Windows\system32\ole32.dll [ntdll.dll!RtlAllocateHeap] [6D2692CD] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation)
    IAT C:\Program Files\Opera\Opera.exe[1588] @ C:\Windows\system32\ole32.dll [ntdll.dll!RtlReAllocateHeap] [6D269832] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation)
    IAT C:\Program Files\Opera\Opera.exe[1588] @ C:\Windows\system32\SHELL32.dll [ntdll.dll!RtlFreeHeap] [6D269E78] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation)
    IAT C:\Program Files\Opera\Opera.exe[1588] @ C:\Windows\system32\CRYPT32.dll [ntdll.dll!RtlFreeHeap] [6D269E78] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation)
    IAT C:\Program Files\Opera\Opera.exe[1588] @ C:\Windows\system32\CRYPT32.dll [ntdll.dll!RtlAllocateHeap] [6D2692CD] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation)
    IAT C:\Program Files\Opera\Opera.exe[1588] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [75DB5E25] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
    IAT C:\Program Files\Opera\Opera.exe[1588] @ C:\Windows\system32\WS2_32.dll [ntdll.dll!RtlFreeHeap] [6D269E78] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation)
    IAT C:\Program Files\Opera\Opera.exe[1588] @ C:\Windows\system32\WS2_32.dll [ntdll.dll!RtlAllocateHeap] [6D2692CD] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation)
    IAT C:\Program Files\Opera\Opera.exe[1588] @ C:\Windows\system32\Iphlpapi.DLL [ntdll.dll!RtlFreeHeap] [6D269E78] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation)
    IAT C:\Program Files\Opera\Opera.exe[1588] @ C:\Windows\system32\Iphlpapi.DLL [ntdll.dll!RtlAllocateHeap] [6D2692CD] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation)
    IAT C:\Program Files\Opera\Opera.exe[1588] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!GetProcAddress] [75DB5E25] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
    IAT C:\Program Files\Opera\Opera.exe[1588] @ C:\Windows\system32\Secur32.dll [ntdll.dll!RtlAllocateHeap] [6D2692CD] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation)
    IAT C:\Program Files\Opera\Opera.exe[1588] @ C:\Windows\system32\Secur32.dll [ntdll.dll!RtlFreeHeap] [6D269E78] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation)
    IAT C:\Program Files\Opera\Opera.exe[1588] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] [75DB5E25] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
    IAT C:\Program Files\Opera\Opera.exe[1588] @ C:\Windows\system32\SAMLIB.dll [ntdll.dll!RtlFreeHeap] [6D269E78] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation)
    IAT C:\Program Files\Steam\Steam.exe[3360] @ C:\Windows\system32\kernel32.dll [ntdll.dll!RtlReAllocateHeap] [6D269832] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation)
    IAT C:\Program Files\Steam\Steam.exe[3360] @ C:\Windows\system32\kernel32.dll [ntdll.dll!RtlSizeHeap] [6D26A27D] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation)
    IAT C:\Program Files\Steam\Steam.exe[3360] @ C:\Windows\system32\kernel32.dll [ntdll.dll!RtlLockHeap] [6D2694D8] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation)
    IAT C:\Program Files\Steam\Steam.exe[3360] @ C:\Windows\system32\kernel32.dll [ntdll.dll!RtlUnlockHeap] [6D2694E8] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation)
    IAT C:\Program Files\Steam\Steam.exe[3360] @ C:\Windows\system32\kernel32.dll [ntdll.dll!RtlAllocateHeap] [6D2692CD] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation)
    IAT C:\Program Files\Steam\Steam.exe[3360] @ C:\Windows\system32\kernel32.dll [ntdll.dll!RtlFreeHeap] [6D269E78] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation)
    IAT C:\Program Files\Steam\Steam.exe[3360] @ C:\Windows\system32\kernel32.dll [ntdll.dll!RtlDestroyHeap] [6D2694B8] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation)
    IAT C:\Program Files\Steam\Steam.exe[3360] @ C:\Windows\system32\kernel32.dll [ntdll.dll!RtlCreateHeap] [6D2694A8] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation)
    IAT C:\Program Files\Steam\Steam.exe[3360] @ C:\Windows\system32\kernel32.dll [ntdll.dll!RtlExitUserProcess] [6D26AA9E] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation)
    IAT C:\Program Files\Steam\Steam.exe[3360] @ C:\Windows\system32\WS2_32.dll [ntdll.dll!RtlFreeHeap] [6D269E78] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation)
    IAT C:\Program Files\Steam\Steam.exe[3360] @ C:\Windows\system32\WS2_32.dll [ntdll.dll!RtlAllocateHeap] [6D2692CD] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation)
    IAT C:\Program Files\Steam\Steam.exe[3360] @ C:\Windows\system32\RPCRT4.dll [ntdll.dll!RtlFreeHeap] [6D269E78] C:
    \Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation)
    IAT C:\Program Files\Steam\Steam.exe[3360] @ C:\Windows\system32\RPCRT4.dll [ntdll.dll!RtlAllocateHeap] [6D2692CD] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation)
    IAT C:\Program Files\Steam\Steam.exe[3360] @ C:\Windows\system32\USER32.dll [ntdll.dll!RtlSizeHeap] [6D26A27D] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation)
    IAT C:\Program Files\Steam\Steam.exe[3360] @ C:\Windows\system32\USER32.dll [ntdll.dll!RtlReAllocateHeap] [6D269832] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation)
    IAT C:\Program Files\Steam\Steam.exe[3360] @ C:\Windows\system32\USER32.dll [ntdll.dll!RtlAllocateHeap] [6D2692CD] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation)
    IAT C:\Program Files\Steam\Steam.exe[3360] @ C:\Windows\system32\USER32.dll [ntdll.dll!RtlFreeHeap] [6D269E78] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation)
    IAT C:\Program Files\Steam\Steam.exe[3360] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [75DB5E25] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
    IAT C:\Program Files\Steam\Steam.exe[3360] @ C:\Windows\system32\GDI32.dll [ntdll.dll!RtlAllocateHeap] [6D2692CD] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation)
    IAT C:\Program Files\Steam\Steam.exe[3360] @ C:\Windows\system32\GDI32.dll [ntdll.dll!RtlFreeHeap] [6D269E78] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation)
    IAT C:\Program Files\Steam\Steam.exe[3360] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [75DB5E25] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
    IAT C:\Program Files\Steam\Steam.exe[3360] @ C:\Windows\system32\ADVAPI32.dll [ntdll.dll!RtlFreeHeap] [6D269E78] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation)
    IAT C:\Program Files\Steam\Steam.exe[3360] @ C:\Windows\system32\ADVAPI32.dll [ntdll.dll!RtlAllocateHeap] [6D2692CD] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation)
    IAT C:\Program Files\Steam\Steam.exe[3360] @ C:\Windows\system32\ADVAPI32.dll [ntdll.dll!RtlReAllocateHeap] [6D269832] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation)
    IAT C:\Program Files\Steam\Steam.exe[3360] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [75DB5E25] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
    IAT C:\Program Files\Steam\Steam.exe[3360] @ C:\Windows\system32\SHELL32.dll [ntdll.dll!RtlFreeHeap] [6D269E78] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation)
    IAT C:\Program Files\Steam\Steam.exe[3360] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [75DB5E25] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
    IAT C:\Program Files\Steam\Steam.exe[3360] @ C:\Windows\system32\ole32.dll [ntdll.dll!RtlFreeHeap] [6D269E78] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation)
    IAT C:\Program Files\Steam\Steam.exe[3360] @ C:\Windows\system32\ole32.dll [ntdll.dll!RtlAllocateHeap] [6D2692CD] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation)
    IAT C:\Program Files\Steam\Steam.exe[3360] @ C:\Windows\system32\ole32.dll [ntdll.dll!RtlReAllocateHeap] [6D269832] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation)
    IAT C:\Program Files\Steam\Steam.exe[3360] @ C:\Windows\system32\CRYPT32.dll [ntdll.dll!RtlFreeHeap] [6D269E78] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation)
    IAT C:\Program Files\Steam\Steam.exe[3360] @ C:\Windows\system32\CRYPT32.dll [ntdll.dll!RtlAllocateHeap] [6D2692CD] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation)
    IAT C:\Program Files\Steam\Steam.exe[3360] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [75DB5E25] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
    IAT C:\Program Files\Steam\Steam.exe[3360] @ C:\Windows\system32\Iphlpapi.DLL [ntdll.dll!RtlFreeHeap] [6D269E78] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation)
    IAT C:\Program Files\Steam\Steam.exe[3360] @ C:\Windows\system32\Iphlpapi.DLL [ntdll.dll!RtlAllocateHeap] [6D2692CD] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation)
    IAT C:\Program Files\Steam\Steam.exe[3360] @ C:\Windows\system32\Secur32.dll [ntdll.dll!RtlAllocateHeap] [6D2692CD] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation)
    IAT C:\Program Files\Steam\Steam.exe[3360] @ C:\Windows\system32\Secur32.dll [ntdll.dll!RtlFreeHeap] [6D269E78] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation)
    IAT C:\Program Files\Steam\Steam.exe[3360] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] [75DB5E25] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
    IAT C:\Program Files\Steam\Steam.exe[3360] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!GetProcAddress] [75DB5E25] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
    IAT C:\Program Files\Steam\Steam.exe[3360] @ C:\Windows\system32\SAMLIB.dll [ntdll.dll!RtlFreeHeap] [6D269E78] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation)
    IAT C:\Windows\system32\msiexec.exe[5004] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [75DB5E25] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
    IAT C:\Windows\system32\msiexec.exe[5004] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [75DB5E25] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
    IAT C:\Windows\system32\msiexec.exe[5004] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [75DB5E25] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
    IAT C:\Windows\system32\msiexec.exe[5004] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [75DB5E25] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
    IAT C:\Windows\system32\msiexec.exe[5004] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [75DB5E25] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)

    ---- Devices - GMER 1.0.15 ----

    AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
    AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
    AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
    AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
    AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
    AttachedDevice \Driver\volmgr \Device\HarddiskVolume6 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

    Device \Driver\ACPI_HAL \Device\0000004b halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

    ---- Registry - GMER 1.0.15 ----

    Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs@C:\Program Files\NAMCO BANDAI Games\Warhammer\xae Mark of Chaos\redist\Miles\mssdsp.flt 1
    Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs@C:\Program Files\NAMCO BANDAI Games\Warhammer\xae Mark of Chaos\redist\Miles\msseax.flt 1
    Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs@C:\Program Files\NAMCO BANDAI Games\Warhammer\xae Mark of Chaos\redist\Miles\mssmp3.asi 1
    Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs@C:\Program Files\NAMCO BANDAI Games\Warhammer\xae Mark of Chaos\scenario\Multiplayer\Balance_of_Chaos.scn 1
    Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs@C:\Program Files\NAMCO BANDAI Games\Warhammer\xae Mark of Chaos\scenario\Multiplayer\Blood_on_the_Snow.scn 1
    Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs@C:\Program Files\NAMCO BANDAI Games\Warhammer\xae Mark of Chaos\scenario\Multiplayer\Castle_of_the_Gods.scn 1
    Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs@C:\Program Files\NAMCO BANDAI Games\Warhammer\xae Mark of Chaos\scenario\Multiplayer\General_Conflict.scn 1
    Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs@C:\Program Files\NAMCO BANDAI Games\Warhammer\xae Mark of Chaos\scenario\Multiplayer\Killing_Fields.scn 1
    Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs@C:\Program Files\NAMCO BANDAI Games\Warhammer\xae Mark of Chaos\scenario\Multiplayer\Range.scn 1
    Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs@C:\Program Files\NAMCO BANDAI Games\Warhammer\xae Mark of Chaos\scenario\Multiplayer\Refill_Conflict.scn 1
    Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs@C:\Program Files\NAMCO BANDAI Games\Warhammer\xae Mark of Chaos\scenario\Multiplayer\Reinforcement_Conflict.scn 1
    Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs@C:\Program Files\NAMCO BANDAI Games\Warhammer\xae Mark of Chaos\scenario\Multiplayer\Village_in_Squeeze.scn 1
    Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs@C:\Program Files\NAMCO BANDAI Games\Warhammer\xae Mark of Chaos\msvcr80.dll 1
    Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs@C:\Program Files\NAMCO BANDAI Games\Warhammer\xae Mark of Chaos\msvcp80.dll 1
    Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs@C:\Program Files\NAMCO BANDAI Games\Warhammer\xae Mark of Chaos\msvcm80.dll 1
    Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs@C:\Program Files\NAMCO BANDAI Games\Warhammer\xae Mark of Chaos\mfc80.dll 1
    Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs@C:\Program Files\NAMCO BANDAI Games\Warhammer\xae Mark of Chaos\mfcm80.dll 1
    Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs@C:\Program Files\NAMCO BANDAI Games\Warhammer\xae Mark of Chaos\libxml2.dll 2
    Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs@C:\Program Files\NAMCO BANDAI Games\Warhammer\xae Mark of Chaos\mss32.dll 2
    Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs@C:\Program Files\NAMCO BANDAI Games\Warhammer\xae Mark of Chaos\xinput1_3.dll 1
    Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs@C:\Program Files\NAMCO BANDAI Games\Warhammer\xae Mark of Chaos\mfcmifc80.dll 1

    ---- EOF - GMER 1.0.15 ----
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 22:51:18, on 21.04.2010
    Platform: Unknown Windows (WinNT 6.01.3504)
    MSIE: Unable to get Internet Explorer version!
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\Dwm.exe
    C:\Windows\system32\taskhost.exe
    C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
    C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
    C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
    C:\Program Files\Steam\Steam.exe
    C:\Program Files\Tobit Radio.fx\Client\rfx-tray.exe
    C:\Program Files\NETGEAR\WPN111\wpn111.exe
    C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
    C:\Program Files\Java\jre6\bin\jucheck.exe
    C:\Users\User\AppData\Local\TeamSpeak 3 Client\ts3client_win32.exe
    C:\Windows\explorer.exe
    C:\Program Files\Opera\Opera.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
    C:\Windows\system32\DllHost.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = start.icq.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - URLSearchHook: (no name) - - (no file)
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [LogMeIn Hamachi Ui] "C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
    O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
    O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
    O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
    O4 - HKCU\..\Run: [rfxsrvtray] "C:\Program Files\Tobit Radio.fx\Client\rfx-tray.exe"
    O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\\Phone\Skype.exe" /nosplash /minimized
    O4 - Startup: OpenOffice.org 3.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
    O4 - Global Startup: NETGEAR WPN111 Smart Wizard.lnk = ?
    O4 - Global Startup: Radio.fx.LNK = C:\Program Files\Tobit Radio.fx\Client\rfx-client.exe
    O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
    O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - fpdownload2.macromedia.com/get…ve/cabs/flash/swflash.cab
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
    O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
    O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    O23 - Service: Dienst "Bonjour" (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: LogMeIn Hamachi 2.0 Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
    O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
    O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)
    O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
    O23 - Service: Radio.fx Server (Radio.fx) - Unknown owner - C:\Program Files\Tobit Radio.fx\Server\rfx-server.exe
    O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe

    --
    End of file - 6153 bytes
    Gmer und Combofix zeigen aktive Rootkits an. Dein System war schwer verseucht. Diese Rootkits/Backdoors waren auf deinem System aktiv:
    prevx.com/filenames/2651304760124610190-X1/CATCHME.SYS.html
    prevx.com/filenames/106774550629318116-X1/DBK32.SYS.html

    Welche Gefahr besteht?
    symantec.com/de/de/security_re…docid=2002-011710-0057-99
    de.wikipedia.org/wiki/Rootkit
    de.wikipedia.org/wiki/Backdoor

    > Bei solchen Infektionen ist eine Bereinigung nicht angebracht.

    > Ich rate dir deswegen dringend Windows 7 neuaufzusetzen:
    hijackthis-forum.de/tipps-tric…indows-7-anleitungen.html

    > Ändere alle deine Passwörter, so bald wie nur möglich, von einem sauberen Zweit Computer.

    > Die Infizierungen sind sehr wahrscheinlich durch verseuchte Download gekommen. Du must unbedingt dein Download Verhalten überdenken. Crack/Torrent Downloads enthalten mit hoher Wahrscheinlichkeit Virus/Malware.

    > Deine USB Sticks musst du mit 2-3 Antivirenscannern auf Infektion scannen. Deaktiviere zuvor den Autostart.

    GAV.