Malwarebytes findet Spyware.Passwords / 2 infizierte Registrierungsschlüssel

hfx · 03.03.2012, 00:23

GMER

Code:

ATTFilter

GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-03-02 13:23:03
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP4T0L0-b ST3200820AS rev.3.AAE
Running: vnif51hs.exe; Driver: C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\pxtdypog.sys


---- System - GMER 1.0.15 ----

SSDT            \??\C:\WINDOWS\system32\drivers\HookCentre.sys (Security Hook/G DATA Software AG)  ZwClose [0xBA4913B0]
SSDT            \??\C:\WINDOWS\system32\drivers\HookCentre.sys (Security Hook/G DATA Software AG)  ZwCreateKey [0xBA492090]
SSDT            \??\C:\WINDOWS\system32\drivers\HookCentre.sys (Security Hook/G DATA Software AG)  ZwDeleteKey [0xBA4921B2]
SSDT            \??\C:\WINDOWS\system32\drivers\HookCentre.sys (Security Hook/G DATA Software AG)  ZwDeleteValueKey [0xBA4921D4]
SSDT            \??\C:\WINDOWS\system32\drivers\HookCentre.sys (Security Hook/G DATA Software AG)  ZwOpenKey [0xBA492118]
SSDT            \??\C:\WINDOWS\system32\drivers\HookCentre.sys (Security Hook/G DATA Software AG)  ZwOpenProcess [0xBA4912D6]
SSDT            \??\C:\WINDOWS\system32\drivers\HookCentre.sys (Security Hook/G DATA Software AG)  ZwSetValueKey [0xBA492184]

---- Devices - GMER 1.0.15 ----

Device          \Driver\Tcpip \Device\Ip                                                           GDTdiIcpt.sys (G DATA Software AG)
Device          \Driver\Tcpip \Device\Tcp                                                          GDTdiIcpt.sys (G DATA Software AG)

AttachedDevice  \Driver\Ftdisk \Device\HarddiskVolume1                                             snapman.sys (Acronis Snapshot API/Acronis)
AttachedDevice  \Driver\Ftdisk \Device\HarddiskVolume2                                             snapman.sys (Acronis Snapshot API/Acronis)

Device          \Driver\Tcpip \Device\Udp                                                          GDTdiIcpt.sys (G DATA Software AG)
Device          \Driver\Tcpip \Device\RawIp                                                        GDTdiIcpt.sys (G DATA Software AG)
Device          \Driver\Tcpip \Device\IPMULTICAST                                                  GDTdiIcpt.sys (G DATA Software AG)

---- EOF - GMER 1.0.15 ----

OSAM

Code:

ATTFilter

Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 18:22:28 on 02.03.2012

OS: Windows XP Professional Service Pack 3 (Build 2600)
Default Browser: Microsoft Corporation Internet Explorer 7.00.6000.17108

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Common]
-----( %SystemRoot%\Tasks )-----
"GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Programme\Google\Update\GoogleUpdate.exe
"GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Programme\Google\Update\GoogleUpdate.exe

[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"BDEADMIN.CPL" - ? - C:\WINDOWS\system32\BDEADMIN.CPL
"FlashPlayerCPLApp.cpl" - "Adobe Systems Incorporated" - C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
"igfxcpl.cpl" - "Intel Corporation" - C:\WINDOWS\system32\igfxcpl.cpl
"infocardcpl.cpl" - "Microsoft Corporation" - C:\WINDOWS\system32\infocardcpl.cpl
"ISUSPM.cpl" - "Macrovision Corporation" - C:\WINDOWS\system32\ISUSPM.cpl
"javacpl.cpl" - "Sun Microsystems, Inc." - C:\WINDOWS\system32\javacpl.cpl
"plotman.cpl" - "Autodesk, Inc." - C:\WINDOWS\system32\plotman.cpl
"QuickTime.cpl" - "Apple Computer, Inc." - C:\WINDOWS\system32\QuickTime.cpl
"styleman.cpl" - "Autodesk, Inc." - C:\WINDOWS\system32\styleman.cpl
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"Nero BurnRights" - "Nero AG" - C:\Programme\Nero\Nero 7\Nero Toolkit\NeroBurnRights.cpl

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"A4S2600" (A4S2600) - ? - C:\WINDOWS\System32\drivers\A4S2600.sys  (File not found)
"Acronis Snapshots Manager" (snapman) - "Acronis" - C:\WINDOWS\System32\DRIVERS\snapman.sys
"Acronis TrueImage Backup Archive Explorer" (timounter) - "Acronis" - C:\WINDOWS\System32\DRIVERS\timntr.sys
"Acronis TrueImage FS Filter" (tifsfilter) - "Acronis" - C:\WINDOWS\System32\DRIVERS\tifsfilt.sys
"C-Dilla" (C-Dilla) - "Macrovision" - C:\WINDOWS\system32\drivers\CDANT.SYS
"catchme" (catchme) - ? - C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\catchme.sys  (File not found)
"Changer" (Changer) - ? - C:\WINDOWS\system32\drivers\Changer.sys  (File not found)
"cpuz132" (cpuz132) - "Windows (R) Codename Longhorn DDK provider" - C:\WINDOWS\system32\drivers\cpuz132_x32.sys
"G DATA Rootkit Detector Driver" (GRD) - "G DATA Software" - C:\WINDOWS\system32\drivers\GRD.sys
"GDMnIcpt" (GDMnIcpt) - "G DATA Software AG" - C:\WINDOWS\system32\drivers\MiniIcpt.sys
"GDTdiInterceptor" (GDTdiInterceptor) - ? - C:\WINDOWS\system32\drivers\GDTdiIcpt.sys
"GEARAspiWDM" (GEARAspiWDM) - "GEAR Software Inc." - C:\WINDOWS\System32\drivers\GEARAspiWDM.sys
"giveio" (giveio) - ? - C:\WINDOWS\System32\giveio.sys  (File found, but it contains no detailed information)
"HookCentre" (HookCentre) - "G DATA Software AG" - C:\WINDOWS\system32\drivers\HookCentre.sys
"i2omgmt" (i2omgmt) - ? - C:\WINDOWS\system32\drivers\i2omgmt.sys  (File not found)
"ialm" (ialm) - "Intel Corporation" - C:\WINDOWS\System32\DRIVERS\igxpmp32.sys
"Intel (R) System Management BIOS Service" (SMBios) - "Intel Corporation" - C:\WINDOWS\System32\DRIVERS\SMBios.sys
"lbrtfdc" (lbrtfdc) - ? - C:\WINDOWS\system32\drivers\lbrtfdc.sys  (File not found)
"Nal Service " (NAL) - "Intel Corporation " - C:\WINDOWS\system32\Drivers\iqvw32.sys
"NetGroup Packet Filter Driver (devolo)" (NPF_devolo) - "CACE Technologies" - C:\WINDOWS\system32\drivers\npf_devolo.sys
"osaio" (osaio) - "OSA Technologies, An Avocent Company" - C:\WINDOWS\system32\drivers\osaio.sys
"PCIDump" (PCIDump) - ? - C:\WINDOWS\system32\drivers\PCIDump.sys  (File not found)
"PDCOMP" (PDCOMP) - ? - C:\WINDOWS\system32\drivers\PDCOMP.sys  (File not found)
"PDFRAME" (PDFRAME) - ? - C:\WINDOWS\system32\drivers\PDFRAME.sys  (File not found)
"PDRELI" (PDRELI) - ? - C:\WINDOWS\system32\drivers\PDRELI.sys  (File not found)
"PDRFRAME" (PDRFRAME) - ? - C:\WINDOWS\system32\drivers\PDRFRAME.sys  (File not found)
"SANDRA" (SANDRA) - "SiSoftware" - C:\Programme\Sandra Lite 2010c_Systemanalyse\WNt500x86\Sandra.sys
"SCANDEV" (SCANDEV) - "Plustek Corporation." - C:\WINDOWS\system32\drivers\SCANDEV.sys
"speedfan" (speedfan) - "Windows (R) 2000 DDK provider" - C:\WINDOWS\System32\speedfan.sys
"StarOpen" (StarOpen) - ? - C:\WINDOWS\system32\drivers\StarOpen.sys  (File found, but it contains no detailed information)
"USB to Serial Bridge Controller" (usb2vcom) - ? - C:\WINDOWS\System32\Drivers\usb2vcom.sys
"WDICA" (WDICA) - ? - C:\WINDOWS\system32\drivers\WDICA.sys  (File not found)

[Explorer]
-----( HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{BDEADF00-C265-11d0-BCED-00A0C90AB50F} "Webordner" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
-----( HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components )-----
{89B4C1CD-B018-4511-B0A1-5476DBF70820} "StubPath" - "Microsoft Corporation" - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{8A0BC933-7552-42E2-A228-3BE055777227} "AcColumnHandler" - "Autodesk" - C:\Programme\Gemeinsame Dateien\Autodesk Shared\AcShellEx\AcShellExtension.dll
{7D4D6379-F301-4311-BEBA-E26EB0561882} "NeroDigitalColumnHandler Class" - "Nero AG" - C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroDigitalExt.dll
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Programme\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll
-----( HKLM\Software\Classes\Protocols\Filter )-----
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )-----
{93f261fc-7dce-4268-9edb-4c94f8afb899} "RadioRipper.ShellExecuteHook" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{8A0BC933-7552-42E2-A228-3BE055777227} "AcColumnHandler" - "Autodesk" - C:\Programme\Gemeinsame Dateien\Autodesk Shared\AcShellEx\AcShellExtension.dll
{ADC46291-D8A1-4486-A24C-86FFB392AEFA} "AcDgnImageExtractor" - "Autodesk" - C:\Programme\Gemeinsame Dateien\Autodesk Shared\AcDgnCOM17.dll
{5800AD5B-72C1-477B-9A08-CA112DF06D97} "AcInfoTipHandler" - "Autodesk" - C:\Programme\Gemeinsame Dateien\Autodesk Shared\AcShellEx\AcShellExtension.dll
{36A21736-36C2-4C11-8ACB-D4136F2B57BD} "AcSignIcon" - "Autodesk, Inc." - C:\WINDOWS\system32\AcSignIcon.dll
{AC1DB655-4F9A-4c39-8AD2-A65324A4C446} "ACTHUMBNAIL" - "Autodesk, Inc." - C:\Programme\Gemeinsame Dateien\Autodesk Shared\Thumbnail\AcThumbnail16.dll
{42071714-76d4-11d1-8b24-00a0c9068ff3} "CPL-Erweiterung für Anzeigeverschiebung" - ? -   (File not found | COM-object registry key not found)
{FCF608CF-5716-47C3-A1A8-991D873AF72B} "Delphi Context Menu Shell Extension Example" - ? - C:\Programme\Exifer-Fotosoftware\exifershellext.dll  (File found, but it contains no detailed information)
{1D2680C9-0E2A-469d-B787-065558BC7D43} "Fusion Cache" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} "Kontextmenü für die Verschlüsselung" - ? -   (File not found | COM-object registry key not found)
{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\OFFICE12\msoshext.dll
{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\OFFICE12\msoshext.dll
{B327765E-D724-4347-8B16-78AE18552FC3} "NeroDigitalIconHandler Class" - "Nero AG" - C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroDigitalExt.dll
{7F1CF152-04F8-453A-B34C-E609530A9DC8} "NeroDigitalPropSheetHandler Class" - "Nero AG" - C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroDigitalExt.dll
{32A9D769-5B55-4a25-9A62-86B5683FE50A} "NikonView Drop Extension" - "Nikon Corporation" - C:\Programme\Nikon\NkView6\NkvDropExt.dll
{0006F045-0000-0000-C000-000000000046} "Outlook-Dateisymbolerweiterung" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office\OLKFSTUB.DLL
{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} "RealOne Player Context Menu Class" - "RealNetworks, Inc." - C:\Programme\Real\RealPlayer\rpshell.dll
{E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} "Shell Icon Handler for Application References" - "Microsoft Corporation" - C:\WINDOWS\system32\dfshim.dll
{764BF0E1-F219-11ce-972D-00AA00A14F56} "Shellerweiterungen für die Dateikomprimierung" - ? -   (File not found | COM-object registry key not found)
{e82a2d71-5b2f-43a0-97b8-81be15854de8} "ShellLink for Application References" - "Microsoft Corporation" - C:\WINDOWS\system32\dfshim.dll
{B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - ? - C:\Programme\WinRAR\rarext.dll  (File found, but it contains no detailed information)
{E0D79304-84BE-11CE-9641-444553540000} "WinZip" - "WinZip Computing, Inc." - C:\PROGRA~1\WinZip8.0\WZSHLSTB.DLL
{E0D79305-84BE-11CE-9641-444553540000} "WinZip" - "WinZip Computing, Inc." - C:\PROGRA~1\WinZip8.0\WZSHLSTB.DLL
{E0D79306-84BE-11CE-9641-444553540000} "WinZip" - "WinZip Computing, Inc." - C:\PROGRA~1\WinZip8.0\WZSHLSTB.DLL

[Internet Explorer]
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
<binary data> "ITBar7Layout" - ? -   (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} "AcDcToday-Steuerung" - "Autodesk" - C:\WINDOWS\DOWNLO~1\ACDCTO~1.OCX / file:///C:/Programme/Autodesk%20Map%206/AcDcToday.ocx
{F281A59C-7B65-11D3-8617-0010830243BD} "AcPreview-Steuerung" - "Autodesk" - C:\WINDOWS\DOWNLO~1\ACPREV~1.OCX / file:///C:/Programme/Autodesk%20Map%206/AcPreview.ocx
{1F831FA3-42FC-11D4-95A6-0080AD30DCE1} "InstaFred" - "Autodesk, Inc." - C:\WINDOWS\DOWNLO~1\InstFred.Ocx / hxxp://pointa.autodesk.com/portal/lang/deu/InstFred.Ocx
{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} "Java Plug-in 1.6.0_03" - "Sun Microsystems, Inc." - C:\Programme\Java\jre1.6.0_03\bin\npjpi160_03.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_31" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_31.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} "Java Plug-in 1.6.0_31" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_31.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_31" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_31.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
{AE563724-B4F5-11D4-A415-00108302FDFD} "NOXLATE-BANR" - "Autodesk, Inc." - C:\WINDOWS\DOWNLO~1\InstBanr.Ocx / hxxp://pointa.autodesk.com/portal/lang/deu/InstBanr.Ocx
{D27CDB6E-AE6D-11CF-96B8-444553540000} "Shockwave Flash Object" - "Adobe Systems, Inc." - C:\WINDOWS\system32\Macromed\Flash\Flash9d.ocx / hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
{737D14F8-4090-11D4-AE0E-0010830243BD} "SysVerChk Control" - "Autodesk, Inc." - C:\WINDOWS\DOWNLO~1\SYSVER~1.OCX / hxxp://pointa.autodesk.com/portal/lang/neutral/SysVerChk.ocx
{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} "{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}" - ? -   (File not found | COM-object registry key not found) / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )-----
{0124123D-61B4-456f-AF86-78C53A0790C5} "G DATA WebFilter" - ? - C:\Programme\GDATA-AntiVirus_2009\Webfilter\AVKWebIE.dll  (File found, but it contains no detailed information)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} "Adobe PDF Reader Link Helper" - "Adobe Systems Incorporated" - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
{0124123D-61B4-456f-AF86-78C53A0790C5} "G DATA WebFilter" - ? - C:\Programme\GDATA-AntiVirus_2009\Webfilter\AVKWebIE.dll  (File found, but it contains no detailed information)
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jp2ssv.dll
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} "Java(tm) Plug-In SSV Helper" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\ssv.dll
{E7E6F031-17CE-4C07-BC86-EABFE594F69C} "JQSIEStartDetectorImpl Class" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
{3049C3E9-B461-4BC5-8870-4C09146192CA} "RealPlayer Download and Record Plugin for Internet Explorer" - "RealPlayer" - C:\Programme\Real\RealPlayer\rpbrowserrecordplugin.dll

[LSA Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Lsa )-----
"Authentication packages" - "Acronis" - C:\WINDOWS\system32\relog_ap.dll

[Logon]
-----( %AllUsersProfile%\Startmenü\Programme\Autostart )-----
"desktop.ini" - ? - C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\desktop.ini
"EPSON Status Monitor 3 Environment Check(3).lnk" - "SEIKO EPSON CORPORATION" - C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV03.EXE  (Shortcut exists | File exists)
"Microsoft Office.lnk" - "Microsoft Corporation" - C:\Programme\Microsoft Office\Office\OSA9.EXE  (Shortcut exists | File exists)
"NkvMon.exe.lnk" - "Nikon Corporation" - C:\Programme\Nikon\NkView6\NkvMon.exe  (Shortcut exists | File exists)
"AutoStart IR.lnk" - "Hauppauge Computer Works" - C:\Programme\WinTV\Ir.exe  (Shortcut exists | File exists)
-----( %UserProfile%\Startmenü\Programme\Autostart )-----
"desktop.ini" - ? - C:\Dokumente und Einstellungen\Administrator\Startmenü\Programme\Autostart\desktop.ini
-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----
"LinkMagic for magicolor 4690MF" - "Konica Minolta" - C:\Programme\KONICA MINOLTA\magicolor 4690MF\LinkMagic for magicolor 4690MF\lmmc4690.exe -startup
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"CanonSolutionMenu" - "CANON INC." - C:\Programme\Canon\SolutionMenu\CNSLMAIN.exe /logon
"G DATA AntiVirus Trayapplication" - "G DATA Software AG" - C:\Programme\GDATA-AntiVirus_2009\AVKTray\AVKTray.exe
"HotKeysCmds" - "Intel Corporation" - C:\WINDOWS\system32\hkcmd.exe
"IgfxTray" - "Intel Corporation" - C:\WINDOWS\system32\igfxtray.exe
"IndexSearch" - "Nuance Communications, Inc." - "C:\Programme\ScanSoft\PaperPort\IndexSearch.exe"
"IntelAudioStudio" - "Intel Corporation" - "C:\Programme\Intel Audio Studio\IntelAudioStudio.exe" BOOT
"ipTray.exe" - "Intel(R) Corporation" - "C:\Programme\Intel Desktop Utilities\ipTray.exe"
"ISUSPM" - "Macrovision Corporation" - "C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\ISUSPM.exe" -scheduler
"OpwareSE4" - "Nuance Communications, Inc." - "C:\Programme\ScanSoft\OmniPageSE4\OpwareSE4.exe"
"PaperPort PTD" - "Nuance Communications, Inc." - "C:\Programme\ScanSoft\PaperPort\pptd40nt.exe"
"Persistence" - "Intel Corporation" - C:\WINDOWS\system32\igfxpers.exe
"PPort11reminder" - "Nuance Communications, Inc." - "C:\Programme\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini"
"QuickTime Task" - "Apple Computer, Inc." - "C:\Programme\QuickTime\qttask.exe" -atboottime
"SSBkgdUpdate" - "Nuance Communications, Inc." - "C:\Programme\Gemeinsame Dateien\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
"SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe"
"WrtMon.exe" - ? - C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe

[Print Monitors]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----
"FRITZ!fax Color Port Monitor" - "AVM Berlin GmbH" - C:\WINDOWS\system32\FritzColorPort.dll
"FRITZ!fax Port Monitor" - "AVM Berlin GmbH" - C:\WINDOWS\system32\FritzPort.dll
"PDFCreator" - ? - C:\WINDOWS\system32\pdfcmnnt.dll  (File found, but it contains no detailed information)

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
".NET Runtime Optimization Service v2.0.50727_X86" (clr_optimization_v2.0.50727_32) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
"Acronis Scheduler2 Service" (AcrSch2Svc) - "Acronis" - C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedul2.exe
"AntiVirus Wächter" (AVKWCtl) - "G DATA Software AG" - C:\Programme\GDATA-AntiVirus_2009\AVK\AVKWCtl.exe
"ASP.NET-Zustandsdienst" (aspnet_state) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
"C-DillaSrv" (C-DillaSrv) - "C-Dilla Ltd" - C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
"DataSvr" (DataSvr) - "Wave Systems Corp." - C:\Programme\Wave Systems Corp\Common\DataServer.exe
"G DATA AntiVirus Proxy" (AVKProxy) - "G DATA Software AG" - C:\Programme\Gemeinsame Dateien\G DATA\AVKProxy\AVKProxy.exe
"G DATA Scheduler" (AVKService) - "G DATA Software AG" - C:\Programme\GDATA-AntiVirus_2009\AVK\AVKService.exe
"Google Update Service (gupdate)" (gupdate) - "Google Inc." - C:\Programme\Google\Update\GoogleUpdate.exe
"Google Update-Dienst (gupdatem)" (gupdatem) - "Google Inc." - C:\Programme\Google\Update\GoogleUpdate.exe
"HauppaugeTVServer" (HauppaugeTVServer) - "Hauppauge Computer Works" - C:\PROGRA~1\WinTV\TVServer\HAUPPA~1.EXE
"InstallDriver Table Manager" (IDriverT) - "Macrovision Corporation" - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
"Intel(R) Active Management Technology LMS Service" (LMS) - "Intel" - C:\Programme\Intel\AMT\LMS.exe
"Intel(R) Desktop Utilities Service" (IduService) - "Intel(R) Corporation" - C:\Programme\Intel Desktop Utilities\iduServ.exe
"Java Quick Starter" (JavaQuickStarterService) - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jqs.exe
"KONICA MINOLTA PageScope Enterprise Suite Service" (KONICA MINOLTA PageScope Enterprise Suite Service) - "KONICA MINOLTA BUSINESS TECHNOLOGIES, INC." - C:\Programme\KONICA MINOLTA\PageScope Enterprise Suite\bin\Release\PSESCoreScheduler.exe
"NMSAccess" (NMSAccess) - ? - C:\Programme\CDBurnerXP_4.3.2.2212\NMSAccessU.exe  (File found, but it contains no detailed information)
"NTRU Hybrid TSS v1.05 TCSD" (tcsd_win32.exe) - ? - C:\Programme\NTRU Cryptosystems\NTRU Hybrid TSS v1.05\bin\tcsd_win32.exe  (File found, but it contains no detailed information)
"SiSoftware Deployment Agent Service" (SandraAgentSrv) - "SiSoftware" - C:\Programme\Sandra Lite 2010c_Systemanalyse\RpcAgentSrv.exe
"SQL Server (SQLEXPRESS)" (MSSQL$SQLEXPRESS) - "Microsoft Corporation" - C:\Programme\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
"SQL Server VSS Writer" (SQLWriter) - "Microsoft Corporation" - C:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe
"Windows CardSpace" (idsvc) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
"Windows Presentation Foundation Font Cache 3.0.0.0" (FontCache3.0.0.0) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe

[Winlogon]
-----( HKCU\Control Panel\IOProcs )-----
"MVB" - ? - mvfs32.dll  (File not found)
-----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify )-----
"igfxcui" - "Intel Corporation" - C:\WINDOWS\system32\igfxdev.dll
"WgaLogon" - "Microsoft Corporation" - C:\WINDOWS\system32\WgaLogon.dll

===[ Logfile end ]=========================================[ Logfile end ]===

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru

aswMBR

Code:

ATTFilter

aswMBR version 0.9.9.1649 Copyright(c) 2011 AVAST Software
Run date: 2012-03-02 18:23:45
-----------------------------
18:23:45.250    OS Version: Windows 5.1.2600 Service Pack 3
18:23:45.250    Number of processors: 2 586 0xF02
18:23:45.250    ComputerName: JF  UserName: 
18:23:45.609    Initialize success
18:25:15.218    AVAST engine defs: 12030200
18:25:37.812    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP4T0L0-b
18:25:37.812    Disk 0 Vendor: ST3200820AS 3.AAE Size: 190782MB BusType: 3
18:25:37.812    Disk 0 MBR read successfully
18:25:37.812    Disk 0 MBR scan
18:25:37.859    Disk 0 Windows XP default MBR code
18:25:37.859    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS        60000 MB offset 63
18:25:37.859    Disk 0 Partition - 00     0F Extended LBA            130779 MB offset 122881185
18:25:37.875    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS       130779 MB offset 122881248
18:25:37.875    Disk 0 scanning sectors +390716865
18:25:37.937    Disk 0 scanning C:\WINDOWS\system32\drivers
18:25:52.125    Service scanning
18:26:12.593    Modules scanning
18:26:16.625    Disk 0 trace - called modules:
18:26:16.640    ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS 
18:26:16.640    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a4abab8]
18:26:16.640    3 CLASSPNP.SYS[ba108fd7] -> nt!IofCallDriver -> \Device\00000074[0x8a4b2338]
18:26:16.640    5 ACPI.sys[b9f7e620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP4T0L0-b[0x8a4b1b00]
18:26:17.062    AVAST engine scan C:\WINDOWS
18:26:27.312    AVAST engine scan C:\WINDOWS\system32
18:31:22.000    AVAST engine scan C:\WINDOWS\system32\drivers
18:31:41.515    AVAST engine scan C:\Dokumente und Einstellungen\Administrator
18:32:02.718    AVAST engine scan C:\Dokumente und Einstellungen\All Users
18:43:21.359    Scan finished successfully
00:19:49.093    Disk 0 MBR has been saved successfully to "C:\Dokumente und Einstellungen\Administrator\Desktop\MBR.dat"
00:19:49.109    The log file has been saved successfully to "C:\Dokumente und Einstellungen\Administrator\Desktop\aswMBR.txt"

Malwarebytes findet Spyware.Passwords / 2 infizierte Registrierungsschlüssel

Log-Analyse und Auswertung: Malwarebytes findet Spyware.Passwords / 2 infizierte Registrierungsschlüssel

Malwarebytes findet Spyware.Passwords / 2 infizierte Registrierungsschlüssel

Ähnliche Themen: Malwarebytes findet Spyware.Passwords / 2 infizierte Registrierungsschlüssel