Na dann hier die Logs:
OSAM Logfile:

Code: Alles auswählenAufklappen

ATTFilter

Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 17:16:48 on 04.08.2012

OS: Windows XP Home Edition Service Pack 2 (Build 2600)
Default Browser: Mozilla Corporation Firefox 14.0.1

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Boot Execute]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Session Manager )-----
"BootExecute" - ? - C:\WINDOWS\system32\sdnclean.exe

[Common]
-----( %SystemRoot%\Tasks )-----
"Scan the system (Spybot - Search & Destroy).job" - "Safer-Networking Ltd." - C:\Programme\Spybot - Search & Destroy 2\SDScan.exe
"avast! Emergency Update.job" - "AVAST Software" - C:\Programme\Alwil Software\Avast5\AvastEmUpdate.exe
"Check for updates (Spybot - Search & Destroy).job" - "Safer-Networking Ltd." - C:\Programme\Spybot - Search & Destroy 2\SDUpdate.exe
"Refresh immunization (Spybot - Search & Destroy).job" - "Safer-Networking Ltd." - C:\Programme\Spybot - Search & Destroy 2\SDImmunize.exe

[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"cttune.cpl" - ? - C:\WINDOWS\system32\cttune.cpl
"ddbaccpl.cpl" - "DataDesign AG" - C:\WINDOWS\system32\ddbaccpl.cpl
"ddbacctm.cpl" - "DataDesign AG" - C:\WINDOWS\system32\ddbacctm.cpl
"FlashPlayerCPLApp.cpl" - "Adobe Systems Incorporated" - C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
"infocardcpl.cpl" - "Microsoft Corporation" - C:\WINDOWS\system32\infocardcpl.cpl
"javacpl.cpl" - "Oracle Corporation" - C:\WINDOWS\system32\javacpl.cpl
"QTW32.CPL" - "Apple Computer, Inc." - C:\WINDOWS\system32\QTW32.CPL
"scurecpl.cpl" - "Softex, Inc" - C:\WINDOWS\system32\scurecpl.cpl
"wuaucpl.cpl" - "Microsoft Corporation" - C:\WINDOWS\system32\wuaucpl.cpl
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"ColorManagement" - "Microsoft Corporation" - C:\Programme\Pro Imaging Powertoys\Microsoft Color Control Panel Applet for Windows XP\ColorMgmt.cpl
"Folder Size" - "Brio" - C:\Programme\FolderSize\FolderSize.cpl
"QuickTime" - "Apple Inc." - C:\Programme\QT Lite\QTSystem\QuickTime.cpl

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"A4Tech PS/2 Port Mouse Driver" (Amps2prt) - "A4Tech Co.,Ltd." - C:\WINDOWS\System32\DRIVERS\Amps2prt.sys
"AEGIS Protocol (IEEE 802.1x) v3.7.5.0" (AegisP) - "Cisco Systems, Inc." - C:\WINDOWS\System32\DRIVERS\AegisP.sys
"aswFsBlk" (aswFsBlk) - "AVAST Software" - C:\WINDOWS\system32\drivers\aswFsBlk.sys
"aswRdr" (aswRdr) - "AVAST Software" - C:\WINDOWS\system32\drivers\aswRdr.sys
"aswSnx" (aswSnx) - "AVAST Software" - C:\WINDOWS\system32\drivers\aswSnx.sys
"aswSP" (aswSP) - "AVAST Software" - C:\WINDOWS\system32\drivers\aswSP.sys
"ati2mtag" (ati2mtag) - "ATI Technologies Inc." - C:\WINDOWS\System32\DRIVERS\ati2mtag.sys
"ATITool Overclocking Utility" (ATITool) - ? - C:\WINDOWS\System32\DRIVERS\ATITool.sys
"avast! Asynchronous Virus Monitor" (Aavmker4) - "AVAST Software" - C:\WINDOWS\system32\drivers\Aavmker4.sys
"avast! Network Shield Support" (aswTdi) - "AVAST Software" - C:\WINDOWS\system32\drivers\aswTdi.sys
"avast! Standard Shield Support" (aswMon2) - "AVAST Software" - C:\WINDOWS\system32\drivers\aswMon2.sys
"catchme" (catchme) - ? - C:\ComboFix\catchme.sys  (File not found)
"CrystalSysInfo" (CrystalSysInfo) - ? - C:\Programme\MediaCoder\SysInfo.sys  (File not found)
"DgiVecp" (DgiVecp) - "Samsung Electronics Co., Ltd." - C:\WINDOWS\system32\Drivers\DgiVecp.sys
"Dokan" (Dokan) - "Windows (R) Win 7 DDK provider" - C:\WINDOWS\system32\drivers\dokan.sys
"dsltestSp5 NDIS Protocol Driver" (dsltestSp5) - "Printing Communications Assoc., Inc. (PCAUSA)" - C:\WINDOWS\System32\Drivers\dsltestSp5.sys
"FsUsbExDisk" (FsUsbExDisk) - ? - C:\WINDOWS\system32\FsUsbExDisk.SYS  (File found, but it contains no detailed information)
"GEARAspiWDM" (GEARAspiWDM) - "GEAR Software Inc." - C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys
"giveio" (giveio) - ? - C:\WINDOWS\System32\giveio.sys  (File found, but it contains no detailed information)
"HDPrfDrv" (HDPrfDrv) - "Matthias Withopf" - C:\WINDOWS\system32\HDPrfDrv-1.sys
"ISDN PCI CAPI" (WDMCAPI) - ? - C:\WINDOWS\System32\DRIVERS\WDMCAPI.sys  (File signed by Microsoft | File found, but it contains no detailed information)
"mbmiodrvr" (mbmiodrvr) - "cansoft@livewiredev.com" - C:\WINDOWS\system32\mbmiodrvr.sys
"MxlW2k" (MxlW2k) - "MusicMatch, Inc." - C:\WINDOWS\system32\drivers\MxlW2k.sys
"NDIS WAN miniport" (WDMWANMP) - ? - C:\WINDOWS\System32\DRIVERS\wdmwanmp.sys  (File signed by Microsoft | File found, but it contains no detailed information)
"NPPTNT2" (NPPTNT2) - "INCA Internet Co., Ltd." - C:\WINDOWS\system32\npptNT2.sys
"nv" (nv) - "NVIDIA Corporation" - C:\WINDOWS\System32\DRIVERS\nv4_mini.sys
"NVR0Dev" (NVR0Dev) - "NVidia Corp." - C:\WINDOWS\nvoclock.sys
"PCIDump" (PCIDump) - ? - C:\WINDOWS\system32\drivers\PCIDump.sys  (File not found)
"PortTalk" (PortTalk) - "Beyond Logic hxxp://www.beyondlogic.org" - C:\WINDOWS\system32\Drivers\PtbTalk.sys
"PSI" (PSI) - "Secunia" - C:\WINDOWS\System32\DRIVERS\psi_mf.sys
"PxHelp20" (PxHelp20) - "Sonic Solutions" - C:\WINDOWS\System32\Drivers\PxHelp20.sys
"RT2500 USB Wireless LAN Driver" (RT2500USB) - "Ralink Technology Inc." - C:\WINDOWS\System32\DRIVERS\rt2500usb.sys
"SASDIFSV" (SASDIFSV) - "SUPERAdBlocker.com and SUPERAntiSpyware.com" - C:\Programme\SUPERAntiSpyware\SASDIFSV.SYS
"SASKUTIL" (SASKUTIL) - "SUPERAdBlocker.com and SUPERAntiSpyware.com" - C:\Programme\SUPERAntiSpyware\SASKUTIL.SYS
"StarForce Protection Environment Driver (version 1.x.a)" (sfdrv01a) - "Protection Technology (StarForce)" - C:\WINDOWS\System32\drivers\sfdrv01a.sys
"StarForce Protection Environment Driver v6" (prodrv06) - "Protection Technology" - C:\WINDOWS\System32\drivers\prodrv06.sys
"StarForce Protection Helper Driver" (sfhlp01) - "Protection Technology" - C:\WINDOWS\System32\drivers\sfhlp01.sys
"StarForce Protection Helper Driver (version 2.x)" (sfhlp02) - "Protection Technology (StarForce)" - C:\WINDOWS\System32\drivers\sfhlp02.sys
"StarForce Protection Helper Driver v2" (prohlp02) - "Protection Technology" - C:\WINDOWS\System32\drivers\prohlp02.sys
"StarForce Protection Synchronization Driver (version 4.x)" (sfsync04) - "Protection Technology (StarForce)" - C:\WINDOWS\System32\drivers\sfsync04.sys
"StarForce Protection Synchronization Driver v1" (prosync1) - "Protection Technology" - C:\WINDOWS\System32\drivers\prosync1.sys
"StarForce Protection VFS Driver (version 2.x)" (sfvfs02) - "Protection Technology" - C:\WINDOWS\System32\drivers\sfvfs02.sys
"TCP/IP-Protokolltreiber" (Tcpip) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\tcpip.sys
"TfFsMon" (TfFsMon) - "PC Tools" - C:\WINDOWS\System32\drivers\TfFsMon.sys
"TfNetMon" (TfNetMon) - "PC Tools" - C:\WINDOWS\system32\drivers\TfNetMon.sys
"TfSysMon" (TfSysMon) - "PC Tools" - C:\WINDOWS\System32\drivers\TfSysMon.sys
"Tunebite High-Speed Dubbing" (tbhsd) - "RapidSolution Software AG" - C:\WINDOWS\System32\drivers\tbhsd.sys
"TuneUpUtilitiesDrv" (TuneUpUtilitiesDrv) - "TuneUp Software" - C:\Programme\TuneUp Utilities 2012\TuneUpUtilitiesDriver32.sys
"VMware Virtual Ethernet Adapter Driver" (VMnetAdapter) - ? - C:\WINDOWS\System32\DRIVERS\vmnetadapter.sys  (File not found)
"Windows7FirewallControl" (Windows7FirewallControl) - ? - C:\Programme\Windows7FirewallControl\Windows7FirewallControl.sys  (File found, but it contains no detailed information)
"WinRing0 driver" (WinRing0_1_2_0) - "OpenLibSys.org" - C:\WINDOWS\system32\Drivers\ptbring0.sys

[Explorer]
-----( HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components )-----
{89B4C1CD-B018-4511-B0A1-5476DBF70820} "StubPath" - "Microsoft Corporation" - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install
{89820200-ECBD-11cf-8B85-00AA005B4340} "Windows Desktop-Update" - "Microsoft Corporation" - regsvr32.exe /s /n /i:U shell32.dll
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{04DAAD08-70EF-450E-834A-DCFAF9B48748} "{04DAAD08-70EF-450E-834A-DCFAF9B48748}" - "Brio" - C:\Programme\FolderSize\FolderSizeColumn.dll
{0D2E74C4-3C34-11d2-A27E-00C04FC30871} "{0D2E74C4-3C34-11d2-A27E-00C04FC30871}" - "Microsoft Corporation" - C:\WINDOWS\system32\SHELL32.dll
{24F14F01-7B1C-11d1-838f-0000F80461CF} "{24F14F01-7B1C-11d1-838f-0000F80461CF}" - "Microsoft Corporation" - C:\WINDOWS\system32\SHELL32.dll
{24F14F02-7B1C-11d1-838f-0000F80461CF} "{24F14F02-7B1C-11d1-838f-0000F80461CF}" - "Microsoft Corporation" - C:\WINDOWS\system32\SHELL32.dll
{66742402-F9B9-11D1-A202-0000F81FEDEE} "{66742402-F9B9-11D1-A202-0000F81FEDEE}" - "Microsoft Corporation" - C:\WINDOWS\system32\SHELL32.dll
{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" - "The Document Foundation" - C:\Programme\LibreOffice 3.4\Basis\program\shlxthdl\shlxthdl.dll
-----( HKLM\Software\Classes\Protocols\Filter )-----
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
{733AC4CB-F1A4-11d0-B951-00A0C90312E1} "WebView MIME Filter" - "Microsoft Corporation" - C:\WINDOWS\system32\SHELL32.dll
-----( HKLM\Software\Classes\Protocols\Handler )-----
{314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll
{0A9007C0-4076-11D3-8789-0000F8105754} "Microsoft Infotech Storage Protocol for IE 4.0" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\msitss.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )-----
{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} "SABShellExecuteHook Class" - "SuperAdBlocker.com" - C:\Programme\SUPERAntiSpyware\SASSEH.DLL
{AEB6717E-7E19-11d0-97EE-00C04FD91972} "URL Exec Hook" - "Microsoft Corporation" - C:\WINDOWS\system32\shell32.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{1B96FAD8-1C10-416E-8027-6EFF94045F6F} "FoxitPDFPreviewHandlerHost Class" - "Foxit Corporation" - C:\Programme\Foxit Software\Foxit Reader\Shell Extensions\FoxitPrevhost.exe
{ED6E87C6-8A83-43aa-8208-8DBC8247F4D2} "IntelliType Pro Key Settings Property Page" - "Microsoft Corporation" - C:\Programme\Microsoft IntelliType Pro\itcplkey.dll
{111D8120-25EB-4E1C-A4DF-C9EE5FCA35CB} "IntelliType Pro Scrolling Property Page" - "Microsoft Corporation" - C:\Programme\Microsoft IntelliType Pro\itcplwhl.dll
{1825D0FA-5B0C-4e20-A929-3EFD15B6DF71} "IntelliType Pro Touchpad Control Property Page" - "Microsoft Corporation" - C:\Programme\Microsoft IntelliType Pro\itcpltp.dll
{A2569D1F-4E06-43EC-9825-0088B471BE47} "IntelliType Pro Wireless Control Panel Property Page" - "Microsoft Corporation" - C:\Programme\Microsoft IntelliType Pro\itcplwir.dll
{97FA8AA2-EE77-4FF2-9449-424D8924EF21} "IntelliType Pro Zooming Property Page" - "Microsoft Corporation" - C:\Programme\Microsoft IntelliType Pro\itcplzm.dll
{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "OpenOffice.org Column Handler" - "The Document Foundation" - C:\Programme\LibreOffice 3.4\Basis\program\shlxthdl\shlxthdl.dll
{087B3AE3-E237-4467-B8DB-5A38AB959AC9} "OpenOffice.org Infotip Handler" - "The Document Foundation" - C:\Programme\LibreOffice 3.4\Basis\program\shlxthdl\shlxthdl.dll
{63542C48-9552-494A-84F7-73AA6A7C99C1} "OpenOffice.org Property Sheet Handler" - "The Document Foundation" - C:\Programme\LibreOffice 3.4\Basis\program\shlxthdl\shlxthdl.dll
{3B092F0C-7696-40E3-A80F-68D74DA84210} "OpenOffice.org Thumbnail Viewer" - "The Document Foundation" - C:\Programme\LibreOffice 3.4\Basis\program\shlxthdl\shlxthdl.dll
{BDAA6E01-669F-4783-8831-1648CEB8A16C} "Phoenix Backup Context Menu Shell Extension" - ? -   (File not found | COM-object registry key not found)
{44176360-2BBF-4EC1-93CE-384B8681A0BC} "Spybot-S&D Explorer Integration" - "Safer-Networking Ltd." - C:\Programme\Spybot - Search & Destroy 2\SDECon32.dll
{4838CD50-7E5D-4811-9B17-C47A85539F28} "TuneUp Disk Space Explorer Shell Extension" - "TuneUp Software" - C:\Programme\TuneUp Utilities 2012\DseShExt-x86.dll
{4858E7D9-8E12-45a3-B6A3-1CD128C9D403} "TuneUp Shredder Shell Extension" - "TuneUp Software" - C:\Programme\TuneUp Utilities 2012\SDShelEx-win32.dll
{44440D00-FF19-4AFC-B765-9A0970567D97} "TuneUp Theme Extension" - "TuneUp Software" - C:\WINDOWS\System32\uxtuneup.dll
DefragglerShellExtension "{4380C993-0C43-4E02-9A7A-0D40B6EA7590}" - ? -   (File not found | COM-object registry key not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad )-----
{7849596a-48ea-486e-8937-a2a3009f31a9} "PostBootReminder object" - "Microsoft Corporation" - C:\WINDOWS\system32\shell32.dll
{fbeb8a05-beee-4442-804e-409d6c4515e9} "ShellFolder for CD Burning" - "Microsoft Corporation" - C:\WINDOWS\system32\SHELL32.dll

[Internet Explorer]
-----( HKCU\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars )-----
{4D5C8C25-D075-11D0-B416-00C04FB90376} "&Tipps und Tricks" - "Microsoft Corporation" - C:\WINDOWS\system32\shdocvw.dll
{EFA24E64-B078-11D0-89E4-00C04FC9E26E} "Explorer-Band" - "Microsoft Corporation" - C:\WINDOWS\system32\shdocvw.dll
{C4EE31F3-4768-11D2-BE5C-00A0C9A83DA1} "File Search Explorer Band" - "Microsoft Corporation" - C:\WINDOWS\system32\SHELL32.dll
{EFA24E62-B078-11D0-89E4-00C04FC9E26E} "History Band" - "Microsoft Corporation" - C:\WINDOWS\system32\shdocvw.dll
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
<binary data> "&Links" - "Microsoft Corporation" - C:\WINDOWS\system32\SHELL32.dll
ITBar7Height "ITBar7Height" - ? -   (File not found | COM-object registry key not found)
<binary data> "ITBar7Layout" - ? -   (File not found | COM-object registry key not found)
<binary data> "ITBarLayout" - ? -   (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{6E32070A-766D-4EE6-879C-DC1FA91D2FC3} "MUWebControl Class" - "Microsoft Corporation" - C:\WINDOWS\system32\muweb.dll / hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1244713437203
{3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} "Office Update Installation Engine" - "Microsoft Corporation" - C:\WINDOWS\opuc.dll / hxxp://office.microsoft.com/officeupdate/content/opuc3.cab
{17492023-C23A-453E-A040-C7C580BBF700} "Windows Genuine Advantage Validation Tool" - "Microsoft Corporation" - C:\WINDOWS\system32\legitcheckcontrol.dll / hxxp://go.microsoft.com/fwlink/?linkid=39204
{6414512B-B978-451D-A0D8-FCFDF33E833C} "WUWebControl Class" - "Microsoft Corporation" - C:\WINDOWS\system32\wuweb.dll / hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1194093786750
{166B1BCA-3F9C-11CF-8075-444553540000} "{166B1BCA-3F9C-11CF-8075-444553540000}" - ? -   (File not found | COM-object registry key not found) / hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab
{8AD9C840-044E-11D1-B3E9-00805F499D93} "{8AD9C840-044E-11D1-B3E9-00805F499D93}" - ? -   (File not found | COM-object registry key not found) / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} "{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}" - ? -   (File not found | COM-object registry key not found) / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}" - ? -   (File not found | COM-object registry key not found) / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
{D27CDB6E-AE6D-11CF-96B8-444553540000} "{D27CDB6E-AE6D-11CF-96B8-444553540000}" - ? -   (File not found | COM-object registry key not found) / 
{E2883E8F-472F-4FB0-9522-AC9BF37916A7} "{E2883E8F-472F-4FB0-9522-AC9BF37916A7}" - ? -   (File not found | COM-object registry key not found) / 
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBC} "ClsidExtension" - ? -   (File not found | COM-object registry key not found)
{53707962-6F74-2D53-2644-206D7942484F} "ClsidExtension" - "Safer-Networking Ltd." - C:\Programme\Spybot - Search & Destroy 2\SDHelper.dll
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )-----
<binary data> "avast! WebRep" - "AVAST Software" - C:\Programme\Alwil Software\Avast5\aswWebRepIE.dll
{2B171655-A69C-5c18-B693-6CB5DC269D41} "FVD Suite Toolbar" - "www.flashvideodownloader.org/fvd-suite/" - C:\Programme\FVD Suite\addons\IE\FVDToolbar.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} "avast! WebRep" - "AVAST Software" - C:\Programme\Alwil Software\Avast5\aswWebRepIE.dll
{7C7A8947-5935-4430-AC0E-E7D04697414E} "Buyertools" - ? - C:\PROGRA~1\Buyertools Reminder\IEButtonBuyertoolsInterface.dll  (File found, but it contains no detailed information)
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Oracle Corporation" - C:\Programme\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} "Java(tm) Plug-In SSV Helper" - "Oracle Corporation" - C:\Programme\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
{1536BA74-8625-4240-99B0-BE65883689C8} "Mediaplayer" - ? - C:\Programme\Mediapiraten\Mediapiraten\IEButtonMPInterface.dll  (File found, but it contains no detailed information)
{2B171655-A69C-5c18-B693-6CB5DC269D44} "Open FVD Suite Toolbar" - "www.flashvideodownloader.org/fvd-suite/" - C:\Programme\FVD Suite\addons\IE\FVDToolbar.dll
{53707962-6F74-2D53-2644-206D7942484F} "Spybot-S&D IE Protection" - "Safer-Networking Ltd." - C:\Programme\Spybot - Search & Destroy 2\SDHelper.dll
{E7E6F031-17CE-4C07-BC86-EABFE594F69C} "{E7E6F031-17CE-4C07-BC86-EABFE594F69C}" - ? -   (File not found | COM-object registry key not found)

[Known DLLs]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\KnownDLLs )-----
"shell32" - "Microsoft Corporation" - C:\WINDOWS\system32\shell32.dll
"url" - "Microsoft Corporation" - C:\WINDOWS\system32\url.dll

[Logon]
-----( %AllUsersProfile%\Startmenü\Programme\Autostart )-----
"desktop.ini" - ? - C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\desktop.ini
"Ralink Wireless Utility.lnk" - "Ralink Technology, Corp." - C:\Programme\RALINK\Common\RaUI.exe  (Shortcut exists | File exists)
"Secunia PSI Tray.lnk" - "Secunia" - C:\Programme\Secunia\PSI\psi_tray.exe  (Shortcut exists | File exists)
-----( %UserProfile%\Startmenü\Programme\Autostart )-----
"desktop.ini" - ? - C:\Dokumente und Einstellungen\Roman\Startmenü\Programme\Autostart\desktop.ini
-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----
"RocketDock" - ? - "C:\Programme\RocketDock\RocketDock.exe"  (File found, but it contains no detailed information)
"SpybotSD TeaTimer" - "Safer-Networking Ltd." - C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
"SUPERAntiSpyware" - "SUPERAntiSpyware.com" - C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe
-----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon )-----
"Shell" - "Microsoft Corporation" - C:\WINDOWS\Explorer.exe
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"IntelliPoint" - "Microsoft Corporation" - "C:\Programme\Microsoft IntelliPoint\ipoint.exe"
"MedionVFD" - "Dritek System Inc." - "C:\Programme\Medion Info Display\MdionLCM.exe"
"Samsung PanelMgr" - ? - C:\WINDOWS\Samsung\PanelMgr\ssmmgr.exe /autorun
"SDTray" - "Safer-Networking Ltd." - "C:\Programme\Spybot - Search & Destroy 2\SDTray.exe"
"Start WingMan Profiler" - "Logitech Inc." - C:\Programme\Logitech\Gaming Software\LWEMon.exe /noui
"SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe"

[Print Monitors]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----
"1und1 Fax Monitor" - "1&1 Internet AG" - C:\WINDOWS\system32\UI1&1MON.DLL
"Canon BJ Language Monitor S820" - "CANON INC." - C:\WINDOWS\system32\CNMLM3k.DLL
"FRITZ!fax Color Monitor" - ? - FritzVistaColorMon.dll  (File not found)
"FRITZ!fax Color Port Monitor" - "AVM Berlin GmbH" - C:\WINDOWS\system32\FritzColorPort.dll
"FRITZ!fax Port Monitor" - "AVM Berlin GmbH" - C:\WINDOWS\system32\FritzPort.dll

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"Ati HotKey Poller" (Ati HotKey Poller) - "ATI Technologies Inc." - C:\WINDOWS\system32\Ati2evxx.exe
"avast! Antivirus" (avast! Antivirus) - "AVAST Software" - C:\Programme\Alwil Software\Avast5\AvastSvc.exe
"CyberLink Background Capture Service (CBCS)" (CLCapSvc) - ? - C:\Programme\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe
"CyberLink Media Library Service" (CyberLink Media Library Service) - "Cyberlink" - C:\Programme\Home Cinema\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
"Cyberlink RichVideo Service(CRVS)" (RichVideo) - ? - C:\Programme\CyberLink\Shared Files\RichVideo.exe
"CyberLink Task Scheduler (CTS)" (CLSched) - ? - C:\Programme\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe
"Folder Size" (FolderSize) - "Brio" - C:\Programme\FolderSize\FolderSizeSvc.exe
"Java Quick Starter" (JavaQuickStarterService) - "Oracle Corporation" - C:\Programme\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
"LightScribeService Direct Disc Labeling Service" (LightScribeService) - "Hewlett-Packard Company" - C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe
"Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
"Mozilla Maintenance Service" (MozillaMaintenance) - "Mozilla Foundation" - C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe
"Poweroff" (Poweroff) - "Jorgen Bosman" - C:\WINDOWS\system32\poweroff.exe
"SAS Core Service" (!SASCORE) - "SUPERAntiSpyware.com" - C:\Programme\SUPERAntiSpyware\SASCORE.EXE
"Secunia PSI Agent" (Secunia PSI Agent) - "Secunia" - C:\Programme\Secunia\PSI\PSIA.exe
"Secunia Update Agent" (Secunia Update Agent) - "Secunia" - C:\Programme\Secunia\PSI\sua.exe
"Spybot-S&D 2 Scanner Service" (SDScannerService) - "Safer-Networking Ltd." - C:\Programme\Spybot - Search & Destroy 2\SDFSSvc.exe
"Spybot-S&D 2 Updating Service" (SDUpdateService) - "Safer-Networking Ltd." - C:\Programme\Spybot - Search & Destroy 2\SDUpdSvc.exe
"ThreatFire" (ThreatFire) - "PC Tools" - C:\Programme\ThreatFire\TFService.exe
"TuneUp Designerweiterung" (UxTuneUp) - "TuneUp Software" - C:\WINDOWS\System32\uxtuneup.dll
"TuneUp Utilities Service" (TuneUp.UtilitiesSvc) - "TuneUp Software" - C:\Programme\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe
"Windows CardSpace" (idsvc) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
"Windows Presentation Foundation Font Cache 3.0.0.0" (FontCache3.0.0.0) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
"Windows7FirewallService" (Windows7FirewallService) - "Sphinx Software" - C:\Programme\Windows7FirewallControl\Windows7FirewallService.exe
"X10 Device Network Service" (x10nets) - "X10" - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

[Winlogon]
-----( HKCU\Control Panel\IOProcs )-----
"MVB" - ? - mvfs32.dll  (File not found)
-----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions )-----
{c6dc5466-785a-11d2-84d0-00c04fb169f7} "Softwareinstallation" - ? - appmgmts.dll  (File not found)
-----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify )-----
"!SASWinLogon" - "SUPERAntiSpyware.com" - C:\Programme\SUPERAntiSpyware\SASWINLO.DLL
"AtiExtEvent" - "ATI Technologies Inc." - C:\WINDOWS\system32\Ati2evxx.dll

===[ Logfile end ]=========================================[ Logfile end ]===
         

Zitat:

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-08-04 17:17:57
-----------------------------
17:17:57.109 OS Version: Windows 5.1.2600 Service Pack 2
17:17:57.109 Number of processors: 2 586 0x404
17:17:57.109 ComputerName: PALME UserName: Roman
17:17:58.015 Initialize success
17:18:01.750 AVAST engine defs: 12080400
17:18:09.781 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-17
17:18:09.781 Disk 0 Vendor: ST3250823AS 3.03 Size: 238475MB BusType: 3
17:18:09.796 Disk 0 MBR read successfully
17:18:09.796 Disk 0 MBR scan
17:18:09.812 Disk 0 Windows XP default MBR code
17:18:09.812 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 119208 MB offset 63
17:18:09.812 Disk 0 Partition - 00 0F Extended LBA 119263 MB offset 244139805
17:18:09.843 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 110501 MB offset 244139868
17:18:09.843 Disk 0 Partition - 00 05 Extended 8762 MB offset 470447460
17:18:09.875 Disk 0 Partition 3 00 0B FAT32 MSWIN4.1 8761 MB offset 470447523
17:18:09.890 Disk 0 scanning sectors +488392065
17:18:09.953 Disk 0 scanning C:\WINDOWS\system32\drivers
17:18:19.437 Service scanning
17:18:33.281 Modules scanning
17:18:38.718 Disk 0 trace - called modules:
17:18:38.734 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll prosync1.sys >>UNKNOWN [0x8a7858e8]<<
17:18:38.734 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a748ab8]
17:18:38.734 3 CLASSPNP.SYS[f74c805b] -> nt!IofCallDriver -> \Device\0000008e[0x8a7bc760]
17:18:38.734 5 ACPI.sys[f735d620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-17[0x8a749d98]
17:18:38.734 \Driver\atapi[0x8a74ad20] -> IRP_MJ_INTERNAL_DEVICE_CONTROL -> prosync1.sys[0xf798d661]
17:18:39.093 AVAST engine scan C:\WINDOWS
17:18:47.750 AVAST engine scan C:\WINDOWS\system32
17:21:18.421 AVAST engine scan C:\WINDOWS\system32\drivers
17:21:43.546 AVAST engine scan C:\Dokumente und Einstellungen\Roman
17:35:29.656 AVAST engine scan C:\Dokumente und Einstellungen\All Users
17:37:32.859 Scan finished successfully
18:31:33.250 Disk 0 MBR has been saved successfully to "C:\Dokumente und Einstellungen\Roman\Desktop\MBR.dat"
18:31:33.265 The log file has been saved successfully to "C:\Dokumente und Einstellungen\Roman\Desktop\aswMBR.txt"

Gmer logfile

War das GMER Log zu groß zum direkten Posten?

Ja sehr gross.

Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!

hallo Arne hier die logfiles

Zitat:

Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Datenbank Version: v2012.08.05.07

Windows XP Service Pack 2 x86 NTFS
Internet Explorer 8.0.6001.18702
Roman :: PALME [Administrator]

05.08.2012 19:20:02
mbam-log-2012-08-05 (19-20-02).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 394169
Laufzeit: 1 Stunde(n), 28 Minute(n), 40 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

Zitat:

SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com

Generated 08/05/2012 at 07:08 PM

Application Version : 5.5.1012

Core Rules Database Version : 9012
Trace Rules Database Version: 6824

Scan type : Complete Scan
Total Scan Time : 00:55:09

Operating System Information
Windows XP Home Edition 32-bit, Service Pack 2 (Build 5.01.2600)
Administrator

Memory items scanned : 520
Memory threats detected : 0
Registry items scanned : 38004
Registry threats detected : 0
File items scanned : 63933
File threats detected : 2

Adware.Tracking Cookie
accounts.google.com [ C:\DOKUMENTE UND EINSTELLUNGEN\ROMAN\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\KNVWX1WV.ROMAN\COOKIES.SQLITE ]

Adware.Casino Games (Golden Palace Casino)
C:\CASINO\CASINO-CLUB DEUTSCH\CASINO.EXE

Sieht ok aus, da wurden nur ein Cookie und Casino-Adware gefunden
Cookies sind keine Schädlinge direkt, aber es besteht die Gefahr der missbräuchlichen Verwendung (eindeutige Wiedererkennung zB für gezielte Werbung o.ä. => HTTP-Cookie )


Wegen Cookies und anderer Dinge im Web: Um die Pest von vornherein zu blocken (also TrackingCookies, Werbebanner etc.) müsstest du dir mal sowas wie MVPS Hosts File anschauen => Blocking Unwanted Parasites with a Hosts File - sinnvollerweise solltest du alle 4 Wochen mal bei MVPS nachsehen, ob er eine neue Hosts Datei herausgebracht hat.

Ansonsten gibt es noch gute Cookiemanager, Erweiterungen für den Firefox zB wäre da CookieCuller http://filepony.de/download-cookie_culler/
Wenn du aber damit leben kannst, dich bei jeder Browsersession überall neu einzuloggen (zB Facebook, Ebay, GMX, oder auch Trojaner-Board) dann stell den Browser einfach so ein, dass einfach alles beim Beenden des Browser inkl. Cookies gelöscht wird.

Ich halte es so, dass ich zum "wilden Surfen" den Opera-Browser oder Chromium unter meinem Linux verwende. Mein Hauptbrowser (Firefox) speichert nur die Cookies von den Sites die ich auch will, alles andere lehne ich manuell ab (der FF fragt mich immer) - die anderen Browser nehmen alles an Cookies zwar an, aber spätestens beim nächsten Start von Opera oder Chromium sind keine Cookies mehr da.

Ist dein System nun wieder in Ordnung oder gibt's noch andere Funde oder Probleme?

Hallo Arne

Soweit geht alles das einzige was noch nicht geht ist der Win Explorer 8 zeigt beim öffnen kein Fenster an wird aber im Taskmanager unter Prozesse aufgelistet aber nicht unter Anwendungen (hab schon neu installiert). Falls Du ne Idee hast, aber ist nicht so wichtig da ich ihn eh nicht benutze. Ist das Win SP 3 eigentlich unbedigt nötig wenn alle Updates drauf sind( hatte damals nicht geklappt mit dem aufspielen)?
Danke erstmal für deine Arbeit!

Ja das SP3 ist ein absolutes Muss!!

1. Das SP3 von hier downloaden => Detail Seite Windows XP Service Pack 3-Netzwerkinstallationspaket für IT-Spezialisten und Entwickler (und ja es ist das richtige Paket für dich)
   
2. Alle Programme beenden, Internetverbindung trennen, Virenscanner abstellen!
   
3. SP3 instalieren, Anweisungen folgen - Installation sollte ca. 15-20 Minuten dauern. Kann auch schneller gehen, bei älteren Rechnern dauert es ca. ne halbe Stunde - nach der Installation Rechner neu starten

So hab das SP3 drauf, ist zwar am Schluß hängen geblieben aber nach neuem Hochfahren wird es unter Informationen angezeigt.
Jezt will Win aber noch 47 updates drauf installieren! Kann das sein?

Ja das ist folgerichtig! Es gibt Updates, nach dem SP3 - immerhin ist das SP3 ja auch nun über vier Jahre alt
Und diese Update, die nach dem SP3 erschienen sind, erfodern auch das SP3, d.h. die konntest du vorher nicht sehen weil du nur das SP2 drin hattest