Trojaner "TR/Agent.ruo" entdeckt

Julifee · 30.03.2010, 20:19

Hallo @all,
eine Freundin von mir hat ein Problem mit dem Plagegeist von oben!
Ich habe bei ihr diesen OSAM installiert und sende euch den Log! Hoffe Ihr findet was und könnt ihr helfen!
LG Juli

Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 20:39:51 on 30.03.2010

OS: Windows XP Home Edition Service Pack 3 (Build 2600)
Default Browser: Mozilla Corporation Firefox 3.6.2

Scanner Settings
Rootkits detection (hidden registry)
Rootkits detection (hidden files)
Retrieve files information
Check Microsoft signatures

Filters
Trusted entries
Empty entries
Hidden registry entries (rootkit activity)
Exclusively opened files
Not found files
Files without detailed information
Existing files
Non-startable services
Non-startable drivers
Active entries
Disabled entries

Risk Name Publisher Full Path Status
Common
%SystemRoot%\Tasks
|||| "GoogleUpdateTaskMachineCore.job" "Google Inc." C:\Programme\Google\Update\GoogleUpdate.exe File exists
|||| "GoogleUpdateTaskMachineUA.job" "Google Inc." C:\Programme\Google\Update\GoogleUpdate.exe File exists
|||||| "Automatische Problemsuche.job" "TuneUp Software" C:\Programme\TuneUp Utilities 2010\TuneUpSystemStatusCheck.exe File exists
"Automatische Wartung.job" "TuneUp Software" C:\Programme\TuneUp Utilities 2010\OneClickStarter.exe File exists
Control Panel Objects
%SystemRoot%\system32
|||||| "ALSNDMGR.CPL" C:\WINDOWS\system32\ALSNDMGR.CPL File signed by Microsoft | File found, but it contains no detailed information
|||||| "ddbaccpl.cpl" "DataDesign AG" C:\WINDOWS\system32\ddbaccpl.cpl File exists
|||||| "ddbacctm.cpl" "DataDesign AG" C:\WINDOWS\system32\ddbacctm.cpl File exists
|||||| "infocardcpl.cpl" "Microsoft Corporation" C:\WINDOWS\system32\infocardcpl.cpl File exists
|||||| "javacpl.cpl" "Sun Microsystems, Inc." C:\WINDOWS\system32\javacpl.cpl File exists
HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls
|||||| "Avira AntiVir Personal - Free Antivirus " "Avira GmbH" C:\PROGRA~1\Avira\ANTIVI~1\avconfig.cpl File exists
|||||| "NokiaConnectionManager" "Nokia" C:\PROGRA~1\Nokia\NOKIAP~1\CONNEC~1.CPL File exists
|||||| "QuickTime" "Apple Inc." C:\Programme\QuickTime\QTSystem\QuickTime.cpl File exists
Drivers
HKLM\SYSTEM\CurrentControlSet\Services
|||||| "acedrv10" (acedrv10) "Protect Software GmbH" C:\WINDOWS\system32\drivers\acedrv10.sys File exists
|||||| "acehlp10" (acehlp10) "Protect Software GmbH" C:\WINDOWS\system32\drivers\acehlp10.sys File exists
|||||| "avgio" (avgio) "Avira GmbH" C:\Programme\Avira\AntiVir Desktop\avgio.sys File exists
|||||| "avgntflt" (avgntflt) "Avira GmbH" C:\WINDOWS\System32\DRIVERS\avgntflt.sys File exists
|||||| "avipbb" (avipbb) "Avira GmbH" C:\WINDOWS\System32\DRIVERS\avipbb.sys File exists
"Changer" (Changer) C:\WINDOWS\system32\drivers\Changer.sys File not found
|||||| "d347bus" (d347bus) " " C:\WINDOWS\System32\DRIVERS\d347bus.sys File exists
|||||| "d347prt" (d347prt) " " C:\WINDOWS\System32\Drivers\d347prt.sys File exists
"i2omgmt" (i2omgmt) C:\WINDOWS\system32\drivers\i2omgmt.sys File not found
"kbdqtwmt" (kbdqtwmt) "Microsoft Corporation" C:\WINDOWS\system32\drivers\kbdqtwmt.sys File exists
"lbrtfdc" (lbrtfdc) C:\WINDOWS\system32\drivers\lbrtfdc.sys File not found
"PCIDump" (PCIDump) C:\WINDOWS\system32\drivers\PCIDump.sys File not found
"PDCOMP" (PDCOMP) C:\WINDOWS\system32\drivers\PDCOMP.sys File not found
|| "PDDSLHND" (PDDSLHND) "ProDyne" C:\WINDOWS\system32\drivers\PDDSLHND.sys File exists
"PDFRAME" (PDFRAME) C:\WINDOWS\system32\drivers\PDFRAME.sys File not found
"PDRELI" (PDRELI) C:\WINDOWS\system32\drivers\PDRELI.sys File not found
"PDRFRAME" (PDRFRAME) C:\WINDOWS\system32\drivers\PDRFRAME.sys File not found
|||||| "PPdus ASPI Shell" (Afc) "Arcsoft, Inc." C:\WINDOWS\System32\drivers\Afc.sys File exists
|| "ProDyne DSL Adapter" (PDDSLADP) "ProDyne" C:\WINDOWS\System32\DRIVERS\PDDSLADP.SYS File exists
|||||| "ssmdrv" (ssmdrv) "Avira GmbH" C:\WINDOWS\System32\DRIVERS\ssmdrv.sys File exists
"Treiber für Player-Wiederherstellungsgerät" (StMp3Rec) "Microsoft Corporation" C:\WINDOWS\System32\Drivers\StMp3Rec.sys File exists
|||||| "TuneUpUtilitiesDrv" (TuneUpUtilitiesDrv) "TuneUp Software" C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys File exists
"WAN Miniport (ATW)" (wanatw) C:\WINDOWS\System32\DRIVERS\wanatw4.sys File not found
"WDICA" (WDICA) C:\WINDOWS\system32\drivers\WDICA.sys File not found
Explorer
HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components
|||||| {89B4C1CD-B018-4511-B0A1-5476DBF70820} "StubPath" "Microsoft Corporation" C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install File exists
HKLM\Software\Classes\Folder\shellex\ColumnHandlers
|||||| {7D4D6379-F301-4311-BEBA-E26EB0561882} "NeroDigitalColumnHandler Class" "Nero AG" C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroDigitalExt.dll File exists
|||||| {F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" "Adobe Systems, Inc." C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.dll File exists
HKLM\Software\Classes\Protocols\Filter
|||||| {1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" "Microsoft Corporation" C:\WINDOWS\system32\mscoree.dll File exists
|||||| {1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" "Microsoft Corporation" C:\WINDOWS\system32\mscoree.dll File exists
|||||| {1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" "Microsoft Corporation" C:\WINDOWS\system32\mscoree.dll File exists
|||||| {807553E5-5146-11D5-A672-00B0D022E945} "text/xml" "Microsoft Corporation" C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL File exists
HKLM\Software\Classes\Protocols\Handler
|||||| {32505114-5902-49B2-880A-1F7738E5A384} "Data Page Plugable Protocal mso-offdap11 Handler" "Microsoft Corporation" C:\PROGRA~1\GEMEIN~1\MICROS~1\WEBCOM~1\11\OWC11.DLL File exists
|||| {828030A1-22C1-4009-854F-8E305202313F} "livecall" "Microsoft Corporation" C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL File exists
|||| {828030A1-22C1-4009-854F-8E305202313F} "msnim" "Microsoft Corporation" C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL File exists
HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
{D653647D-D607-4DF6-A5B8-48D2BA195F7B} "BitDefender Antivirus v8" File not found | COM-object registry key not found
{42071714-76d4-11d1-8b24-00a0c9068ff3} "CPL-Erweiterung für Anzeigeverschiebung" deskpan.dll File not found
|||||| {1D2680C9-0E2A-469d-B787-065558BC7D43} "Fusion Cache" "Microsoft Corporation" C:\WINDOWS\system32\mscoree.dll File exists
|||||| {B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} "iTunes" "Apple Inc." C:\Programme\iTunes\iTunesMiniPlayer.dll File exists
{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} "Kontextmenü für die Verschlüsselung" File not found | COM-object registry key not found
|||||| {42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" "Microsoft Corporation" C:\Programme\Microsoft Office\OFFICE11\msohev.dll File exists
|||||| {B327765E-D724-4347-8B16-78AE18552FC3} "NeroDigitalIconHandler Class" "Nero AG" C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroDigitalExt.dll File exists
|||||| {7F1CF152-04F8-453A-B34C-E609530A9DC8} "NeroDigitalPropSheetHandler Class" "Nero AG" C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroDigitalExt.dll File exists
|||||| {416651E4-9C3C-11D9-8BDE-F66BAD1E3F3A} "Nokia Phone Browser" "Nokia" C:\Programme\Nokia\Nokia PC Suite 7\PhoneBrowser.dll File exists
|||||| {45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" "Avira GmbH" C:\Programme\Avira\AntiVir Desktop\shlext.dll File exists
|||||| {E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} "Shell Icon Handler for Application References" "Microsoft Corporation" C:\WINDOWS\system32\dfshim.dll File exists
{764BF0E1-F219-11ce-972D-00AA00A14F56} "Shellerweiterungen für die Dateikomprimierung" File not found | COM-object registry key not found
|||||| {e82a2d71-5b2f-43a0-97b8-81be15854de8} "ShellLink for Application References" "Microsoft Corporation" C:\WINDOWS\system32\dfshim.dll File exists
|||||| {4838CD50-7E5D-4811-9B17-C47A85539F28} "TuneUp Disk Space Explorer Shell Extension" "TuneUp Software" C:\Programme\TuneUp Utilities 2010\DseShExt-x86.dll File exists
|||||| {4858E7D9-8E12-45a3-B6A3-1CD128C9D403} "TuneUp Shredder Shell Extension" "TuneUp Software" C:\Programme\TuneUp Utilities 2010\SDShelEx-win32.dll File exists
|||||| {44440D00-FF19-4AFC-B765-9A0970567D97} "TuneUp Theme Extension" "TuneUp Software" C:\WINDOWS\System32\uxtuneup.dll File exists
|||||| {BDEADF00-C265-11D0-BCED-00A0C90AB50F} "Webordner" "Microsoft Corporation" C:\PROGRA~1\GEMEIN~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL File exists
|||||| {B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" C:\Programme\WinRAR\rarext.dll File exists
Internet Explorer
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser
|||| "Google Toolbar" "Google Inc." C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll File exists
"ITBar7Layout" File not found | COM-object registry key not found
"{BC4FFE41-DE9F-46FA-B455-AAD49B9F9938}" File not found | COM-object registry key not found
HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units
|||||| {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} "CKAVWebScan Object"
hxxp://www.kaspersky.com/kos/german/partner/de/kavwebscan_unicode.cab "Kaspersky Lab" C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavwebscan.dll File exists
|||| {8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_15"
hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab "Sun Microsystems, Inc." C:\Programme\Java\jre6\bin\npjpi160_15.dll File exists
|||| {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} "Java Plug-in 1.6.0_15"
hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab "Sun Microsystems, Inc." C:\Programme\Java\jre6\bin\npjpi160_15.dll File exists
|||| {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_15"
hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab "Sun Microsystems, Inc." C:\Programme\Java\jre6\bin\npjpi160_15.dll File exists
|||| {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} "MsnMessengerSetupDownloadControl Class"
hxxp://messenger.msn.com/download/MsnMessengerSetupDownloader.cab "Microsoft Corporation" C:\WINDOWS\Downloaded Program Files\MsnMessengerSetupDownloader.ocx File exists
{D2982A7F-489A-47F5-A319-FC1F14EBC245} "Navigator Class"
hxxp://www.nutzwerk.de/control/NutzNavi.cab "Nutzwerk GmbH" C:\WINDOWS\Downloaded Program Files\NutzNavi.dll File exists
|||||| {D27CDB6E-AE6D-11CF-96B8-444553540000} "Shockwave Flash Object"
hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab "Adobe Systems, Inc." C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx File exists
{166B1BCA-3F9C-11CF-8075-444553540000} "{166B1BCA-3F9C-11CF-8075-444553540000}"
hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab File not found | COM-object registry key not found
{3334504D-9980-0010-8000-00AA00389B71} "{3334504D-9980-0010-8000-00AA00389B71}"
hxxp://download.microsoft.com/download/0/C/8/0C8EDFAB-30BC-4792-898E-2DABE27B2C4D/mp43dmo.CAB File not found | COM-object registry key not found
{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} "{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA}"
hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_02-windows-i586.cab File not found | COM-object registry key not found
HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions
|||| {FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Recherchieren" "Microsoft Corporation" C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL File exists
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar
|||| "Google Toolbar" "Google Inc." C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll File exists
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects
|||||| {18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" "Adobe Systems Incorporated" C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll File exists
|||| {AA58ED58-01DD-4d91-8333-CF10577473F7} "Google Toolbar Helper" "Google Inc." C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll File exists
|||| {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} "Google Toolbar Notifier BHO" "Google Inc." C:\Programme\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll File exists
|||| {DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" "Sun Microsystems, Inc." C:\Programme\Java\jre6\bin\jp2ssv.dll File exists
|||| {E7E6F031-17CE-4C07-BC86-EABFE594F69C} "JQSIEStartDetectorImpl Class" "Sun Microsystems, Inc." C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll File exists
|||||| {9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live Anmelde-Hilfsprogramm" "Microsoft Corporation" C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll File exists
{98C4D999-B288-8E34-0F4E-24A17D5518FA} "{98C4D999-B288-8E34-0F4E-24A17D5518FA}" File not found | COM-object registry key not found
Logon
%AllUsersProfile%\Startmenü\Programme\Autostart
|||||| "desktop.ini" C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\desktop.ini File exists
%UserProfile%\Startmenü\Programme\Autostart
|||||| "desktop.ini" C:\Dokumente und Einstellungen\lucy\Startmenü\Programme\Autostart\desktop.ini File exists
"Windows Live Messenger .lnk" "Microsoft Corporation" C:\Programme\Windows Live\Messenger\msnmsgr.exe Shortcut exists | File exists
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
"ccleaner" "Piriform Ltd" "C:\Programme\CCleaner\CCleaner.exe" /AUTO File exists
|||| "PC Suite Tray" "Nokia" "C:\Programme\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray File exists
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
|||||| "avgnt" "Avira GmbH" "C:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min File exists
|||| "rfagent" "KsL Software" "C:\Programme\RFA\rfagent.exe" File exists
Print Monitors
HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors
|||||| "Microsoft Document Imaging Writer Monitor" "Microsoft Corporation" C:\WINDOWS\system32\mdimon.dll File exists
Services
HKLM\SYSTEM\CurrentControlSet\Services
|||||| ".NET Runtime Optimization Service v2.0.50727_X86" (clr_optimization_v2.0.50727_32) "Microsoft Corporation" C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe File exists
"Anwendungsverwaltung" (AppMgmt) C:\WINDOWS\System32\appmgmts.dll File not found
|||||| "Apple Mobile Device" (Apple Mobile Device) "Apple Inc." C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe File exists
|||||| "ASP.NET State Service" (aspnet_state) "Microsoft Corporation" C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe File exists
|||||| "Avira AntiVir Guard" (AntiVirService) "Avira GmbH" C:\Programme\Avira\AntiVir Desktop\avguard.exe File exists
|||||| "Avira AntiVir Planer" (AntiVirSchedulerService) "Avira GmbH" C:\Programme\Avira\AntiVir Desktop\sched.exe File exists
|||||| "Bonjour-Dienst" (Bonjour Service) "Apple Inc." C:\Programme\Bonjour\mDNSResponder.exe File exists
|||| "Google Software Updater" (gusvc) "Google" C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe File exists
|||| "Google Update Service (gupdate)" (gupdate) "Google Inc." C:\Programme\Google\Update\GoogleUpdate.exe File exists
|||||| "iPod-Dienst" (iPod Service) "Apple Inc." C:\Programme\iPod\bin\iPodService.exe File exists
|||||| "Java Quick Starter" (JavaQuickStarterService) "Sun Microsystems, Inc." C:\Programme\Java\jre6\bin\jqs.exe File exists
|||||| "Office Source Engine" (ose) "Microsoft Corporation" C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE File exists
|||||| "Process Monitor" (LVPrcSrv) "Logitech Inc." C:\Programme\Gemeinsame Dateien\LogiShrd\LVMVFM\LVPrcSrv.exe File exists
|||||| "ServiceLayer" (ServiceLayer) "Nokia." C:\Programme\PC Connectivity Solution\ServiceLayer.exe File exists
|||||| "TuneUp Designerweiterung" (UxTuneUp) "TuneUp Software" C:\WINDOWS\System32\uxtuneup.dll File exists
|||||| "TuneUp Drive Defrag-Dienst" (TuneUp.Defrag) "TuneUp Software" C:\Programme\TuneUp Utilities 2010\TuneUpDefragService.exe File exists
|||||| "TuneUp Utilities Service" (TuneUp.UtilitiesSvc) "TuneUp Software" C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe File exists
|||||| "Windows CardSpace" (idsvc) "Microsoft Corporation" C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe File exists
|||||| "Windows Presentation Foundation Font Cache 3.0.0.0" (FontCache3.0.0.0) "Microsoft Corporation" C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe File exists
|||||| "X10 Device Network Service" (x10nets) "X10" C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe File exists
Winlogon
HKCU\Control Panel\IOProcs
"MVB" mvfs32.dll File not found
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions
{c6dc5466-785a-11d2-84d0-00c04fb169f7} "Softwareinstallation" appmgmts.dll File not found
Winsock Providers
HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries
|||||| "mdnsNSP" "Apple Inc." C:\Programme\Bonjour\mdnsNSP.dll File exists

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru

cosinus · 31.03.2010, 11:15

hallo und

Code:

ATTFilter

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"kbdqtwmt" (kbdqtwmt) "Microsoft Corporation" C:\WINDOWS\system32\drivers\kbdqtwmt.sys File exists

Bitte mit OSAM deaktivieren (siehe Anleitung zu OSAM). Poste danach ein neues Log von OSAM

Julifee · 31.03.2010, 18:52

Hallo Arne,
dankefür deine Hilfe schon mal im Vorraus!

Habe alles so gemacht wie in der Anleitung stand!
Hier das neue Log!
Gruß
Juli
Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 19:42:02 on 31.03.2010
OS: Windows XP Home Edition Service Pack 3 (Build 2600)
Default Browser: Mozilla Corporation Firefox 3.6.2

Scanner Settings
Rootkits detection (hidden registry)
Rootkits detection (hidden files)
Retrieve files information
Check Microsoft signatures

Filters
Trusted entries
Empty entries
Hidden registry entries (rootkit activity)
Exclusively opened files
Not found files
Files without detailed information
Existing files
Non-startable services
Non-startable drivers
Active entries
Disabled entries

Risk Name Publisher Full Path Status
Common
%SystemRoot%\Tasks
|||| "GoogleUpdateTaskMachineCore.job" "Google Inc." C:\Programme\Google\Update\GoogleUpdate.exe File exists
|||| "GoogleUpdateTaskMachineUA.job" "Google Inc." C:\Programme\Google\Update\GoogleUpdate.exe File exists
|||||| "Automatische Problemsuche.job" "TuneUp Software" C:\Programme\TuneUp Utilities 2010\TuneUpSystemStatusCheck.exe File exists
"Automatische Wartung.job" "TuneUp Software" C:\Programme\TuneUp Utilities 2010\OneClickStarter.exe File exists
Control Panel Objects
%SystemRoot%\system32
|||||| "ALSNDMGR.CPL" C:\WINDOWS\system32\ALSNDMGR.CPL File signed by Microsoft | File found, but it contains no detailed information
|||||| "ddbaccpl.cpl" "DataDesign AG" C:\WINDOWS\system32\ddbaccpl.cpl File exists
|||||| "ddbacctm.cpl" "DataDesign AG" C:\WINDOWS\system32\ddbacctm.cpl File exists
|||||| "infocardcpl.cpl" "Microsoft Corporation" C:\WINDOWS\system32\infocardcpl.cpl File exists
|||||| "javacpl.cpl" "Sun Microsystems, Inc." C:\WINDOWS\system32\javacpl.cpl File exists
HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls
|||||| "Avira AntiVir Personal - Free Antivirus " "Avira GmbH" C:\PROGRA~1\Avira\ANTIVI~1\avconfig.cpl File exists
|||||| "NokiaConnectionManager" "Nokia" C:\PROGRA~1\Nokia\NOKIAP~1\CONNEC~1.CPL File exists
|||||| "QuickTime" "Apple Inc." C:\Programme\QuickTime\QTSystem\QuickTime.cpl File exists
Drivers
HKLM\SYSTEM\CurrentControlSet\Services
|||||| "acedrv10" (acedrv10) "Protect Software GmbH" C:\WINDOWS\system32\drivers\acedrv10.sys File exists
|||||| "acehlp10" (acehlp10) "Protect Software GmbH" C:\WINDOWS\system32\drivers\acehlp10.sys File exists
|||||| "avgio" (avgio) "Avira GmbH" C:\Programme\Avira\AntiVir Desktop\avgio.sys File exists
|||||| "avgntflt" (avgntflt) "Avira GmbH" C:\WINDOWS\System32\DRIVERS\avgntflt.sys File exists
|||||| "avipbb" (avipbb) "Avira GmbH" C:\WINDOWS\System32\DRIVERS\avipbb.sys File exists
"Changer" (Changer) C:\WINDOWS\system32\drivers\Changer.sys File not found
|||||| "d347bus" (d347bus) " " C:\WINDOWS\System32\DRIVERS\d347bus.sys File exists
|||||| "d347prt" (d347prt) " " C:\WINDOWS\System32\Drivers\d347prt.sys File exists
"i2omgmt" (i2omgmt) C:\WINDOWS\system32\drivers\i2omgmt.sys File not found
"lbrtfdc" (lbrtfdc) C:\WINDOWS\system32\drivers\lbrtfdc.sys File not found
"PCIDump" (PCIDump) C:\WINDOWS\system32\drivers\PCIDump.sys File not found
"PDCOMP" (PDCOMP) C:\WINDOWS\system32\drivers\PDCOMP.sys File not found
|| "PDDSLHND" (PDDSLHND) "ProDyne" C:\WINDOWS\system32\drivers\PDDSLHND.sys File exists
"PDFRAME" (PDFRAME) C:\WINDOWS\system32\drivers\PDFRAME.sys File not found
"PDRELI" (PDRELI) C:\WINDOWS\system32\drivers\PDRELI.sys File not found
"PDRFRAME" (PDRFRAME) C:\WINDOWS\system32\drivers\PDRFRAME.sys File not found
|||||| "PPdus ASPI Shell" (Afc) "Arcsoft, Inc." C:\WINDOWS\System32\drivers\Afc.sys File exists
|| "ProDyne DSL Adapter" (PDDSLADP) "ProDyne" C:\WINDOWS\System32\DRIVERS\PDDSLADP.SYS File exists
|||||| "ssmdrv" (ssmdrv) "Avira GmbH" C:\WINDOWS\System32\DRIVERS\ssmdrv.sys File exists
"Treiber für Player-Wiederherstellungsgerät" (StMp3Rec) "Microsoft Corporation" C:\WINDOWS\System32\Drivers\StMp3Rec.sys File exists
|||||| "TuneUpUtilitiesDrv" (TuneUpUtilitiesDrv) "TuneUp Software" C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys File exists
"WAN Miniport (ATW)" (wanatw) C:\WINDOWS\System32\DRIVERS\wanatw4.sys File not found
"WDICA" (WDICA) C:\WINDOWS\system32\drivers\WDICA.sys File not found
"kbdqtwmt" (kbdqtwmt) "Microsoft Corporation" C:\WINDOWS\system32\drivers\kbdqtwmt.sys File exists
Explorer
HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components
|||||| {89B4C1CD-B018-4511-B0A1-5476DBF70820} "StubPath" "Microsoft Corporation" C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install File exists
HKLM\Software\Classes\Folder\shellex\ColumnHandlers
|||||| {7D4D6379-F301-4311-BEBA-E26EB0561882} "NeroDigitalColumnHandler Class" "Nero AG" C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroDigitalExt.dll File exists
|||||| {F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" "Adobe Systems, Inc." C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.dll File exists
HKLM\Software\Classes\Protocols\Filter
|||||| {1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" "Microsoft Corporation" C:\WINDOWS\system32\mscoree.dll File exists
|||||| {1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" "Microsoft Corporation" C:\WINDOWS\system32\mscoree.dll File exists
|||||| {1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" "Microsoft Corporation" C:\WINDOWS\system32\mscoree.dll File exists
|||||| {807553E5-5146-11D5-A672-00B0D022E945} "text/xml" "Microsoft Corporation" C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL File exists
HKLM\Software\Classes\Protocols\Handler
|||||| {32505114-5902-49B2-880A-1F7738E5A384} "Data Page Plugable Protocal mso-offdap11 Handler" "Microsoft Corporation" C:\PROGRA~1\GEMEIN~1\MICROS~1\WEBCOM~1\11\OWC11.DLL File exists
|||| {828030A1-22C1-4009-854F-8E305202313F} "livecall" "Microsoft Corporation" C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL File exists
|||| {828030A1-22C1-4009-854F-8E305202313F} "msnim" "Microsoft Corporation" C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL File exists
HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
{D653647D-D607-4DF6-A5B8-48D2BA195F7B} "BitDefender Antivirus v8" File not found | COM-object registry key not found
{42071714-76d4-11d1-8b24-00a0c9068ff3} "CPL-Erweiterung für Anzeigeverschiebung" deskpan.dll File not found
|||||| {1D2680C9-0E2A-469d-B787-065558BC7D43} "Fusion Cache" "Microsoft Corporation" C:\WINDOWS\system32\mscoree.dll File exists
|||||| {B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} "iTunes" "Apple Inc." C:\Programme\iTunes\iTunesMiniPlayer.dll File exists
{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} "Kontextmenü für die Verschlüsselung" File not found | COM-object registry key not found
|||||| {42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" "Microsoft Corporation" C:\Programme\Microsoft Office\OFFICE11\msohev.dll File exists
|||||| {B327765E-D724-4347-8B16-78AE18552FC3} "NeroDigitalIconHandler Class" "Nero AG" C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroDigitalExt.dll File exists
|||||| {7F1CF152-04F8-453A-B34C-E609530A9DC8} "NeroDigitalPropSheetHandler Class" "Nero AG" C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroDigitalExt.dll File exists
|||||| {416651E4-9C3C-11D9-8BDE-F66BAD1E3F3A} "Nokia Phone Browser" "Nokia" C:\Programme\Nokia\Nokia PC Suite 7\PhoneBrowser.dll File exists
|||||| {45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" "Avira GmbH" C:\Programme\Avira\AntiVir Desktop\shlext.dll File exists
|||||| {E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} "Shell Icon Handler for Application References" "Microsoft Corporation" C:\WINDOWS\system32\dfshim.dll File exists
{764BF0E1-F219-11ce-972D-00AA00A14F56} "Shellerweiterungen für die Dateikomprimierung" File not found | COM-object registry key not found
|||||| {e82a2d71-5b2f-43a0-97b8-81be15854de8} "ShellLink for Application References" "Microsoft Corporation" C:\WINDOWS\system32\dfshim.dll File exists
|||||| {4838CD50-7E5D-4811-9B17-C47A85539F28} "TuneUp Disk Space Explorer Shell Extension" "TuneUp Software" C:\Programme\TuneUp Utilities 2010\DseShExt-x86.dll File exists
|||||| {4858E7D9-8E12-45a3-B6A3-1CD128C9D403} "TuneUp Shredder Shell Extension" "TuneUp Software" C:\Programme\TuneUp Utilities 2010\SDShelEx-win32.dll File exists
|||||| {44440D00-FF19-4AFC-B765-9A0970567D97} "TuneUp Theme Extension" "TuneUp Software" C:\WINDOWS\System32\uxtuneup.dll File exists
|||||| {BDEADF00-C265-11D0-BCED-00A0C90AB50F} "Webordner" "Microsoft Corporation" C:\PROGRA~1\GEMEIN~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL File exists
|||||| {B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" C:\Programme\WinRAR\rarext.dll File exists
Internet Explorer
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser
|||| "Google Toolbar" "Google Inc." C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll File exists
"ITBar7Layout" File not found | COM-object registry key not found
"{BC4FFE41-DE9F-46FA-B455-AAD49B9F9938}" File not found | COM-object registry key not found
HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units
|||||| {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} "CKAVWebScan Object"
hxxp://www.kaspersky.com/kos/german/partner/de/kavwebscan_unicode.cab "Kaspersky Lab" C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavwebscan.dll File exists
|||| {8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_15"
hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab "Sun Microsystems, Inc." C:\Programme\Java\jre6\bin\npjpi160_15.dll File exists
|||| {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} "Java Plug-in 1.6.0_15"
hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab "Sun Microsystems, Inc." C:\Programme\Java\jre6\bin\npjpi160_15.dll File exists
|||| {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_15"
hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab "Sun Microsystems, Inc." C:\Programme\Java\jre6\bin\npjpi160_15.dll File exists
|||| {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} "MsnMessengerSetupDownloadControl Class"
hxxp://messenger.msn.com/download/MsnMessengerSetupDownloader.cab "Microsoft Corporation" C:\WINDOWS\Downloaded Program Files\MsnMessengerSetupDownloader.ocx File exists
{D2982A7F-489A-47F5-A319-FC1F14EBC245} "Navigator Class"
hxxp://www.nutzwerk.de/control/NutzNavi.cab "Nutzwerk GmbH" C:\WINDOWS\Downloaded Program Files\NutzNavi.dll File exists
|||||| {D27CDB6E-AE6D-11CF-96B8-444553540000} "Shockwave Flash Object"
hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab "Adobe Systems, Inc." C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx File exists
{166B1BCA-3F9C-11CF-8075-444553540000} "{166B1BCA-3F9C-11CF-8075-444553540000}"
hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab File not found | COM-object registry key not found
{3334504D-9980-0010-8000-00AA00389B71} "{3334504D-9980-0010-8000-00AA00389B71}"
hxxp://download.microsoft.com/download/0/C/8/0C8EDFAB-30BC-4792-898E-2DABE27B2C4D/mp43dmo.CAB File not found | COM-object registry key not found
{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} "{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA}"
hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_02-windows-i586.cab File not found | COM-object registry key not found
HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions
|||| {FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Recherchieren" "Microsoft Corporation" C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL File exists
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar
|||| "Google Toolbar" "Google Inc." C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll File exists
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects
|||||| {18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" "Adobe Systems Incorporated" C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll File exists
|||| {AA58ED58-01DD-4d91-8333-CF10577473F7} "Google Toolbar Helper" "Google Inc." C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll File exists
|||| {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} "Google Toolbar Notifier BHO" "Google Inc." C:\Programme\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll File exists
|||| {DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" "Sun Microsystems, Inc." C:\Programme\Java\jre6\bin\jp2ssv.dll File exists
|||| {E7E6F031-17CE-4C07-BC86-EABFE594F69C} "JQSIEStartDetectorImpl Class" "Sun Microsystems, Inc." C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll File exists
|||||| {9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live Anmelde-Hilfsprogramm" "Microsoft Corporation" C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll File exists
{98C4D999-B288-8E34-0F4E-24A17D5518FA} "{98C4D999-B288-8E34-0F4E-24A17D5518FA}" File not found | COM-object registry key not found
Logon
%AllUsersProfile%\Startmenü\Programme\Autostart
|||||| "desktop.ini" C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\desktop.ini File exists
%UserProfile%\Startmenü\Programme\Autostart
|||||| "desktop.ini" C:\Dokumente und Einstellungen\lucy\Startmenü\Programme\Autostart\desktop.ini File exists
"Windows Live Messenger .lnk" "Microsoft Corporation" C:\Programme\Windows Live\Messenger\msnmsgr.exe Shortcut exists | File exists
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
"ccleaner" "Piriform Ltd" "C:\Programme\CCleaner\CCleaner.exe" /AUTO File exists
|||| "PC Suite Tray" "Nokia" "C:\Programme\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray File exists
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
|||||| "avgnt" "Avira GmbH" "C:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min File exists
|||| "rfagent" "KsL Software" "C:\Programme\RFA\rfagent.exe" File exists
Print Monitors
HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors
|||||| "Microsoft Document Imaging Writer Monitor" "Microsoft Corporation" C:\WINDOWS\system32\mdimon.dll File exists
Services
HKLM\SYSTEM\CurrentControlSet\Services
|||||| ".NET Runtime Optimization Service v2.0.50727_X86" (clr_optimization_v2.0.50727_32) "Microsoft Corporation" C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe File exists
"Anwendungsverwaltung" (AppMgmt) C:\WINDOWS\System32\appmgmts.dll File not found
|||||| "Apple Mobile Device" (Apple Mobile Device) "Apple Inc." C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe File exists
|||||| "ASP.NET State Service" (aspnet_state) "Microsoft Corporation" C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe File exists
|||||| "Avira AntiVir Guard" (AntiVirService) "Avira GmbH" C:\Programme\Avira\AntiVir Desktop\avguard.exe File exists
|||||| "Avira AntiVir Planer" (AntiVirSchedulerService) "Avira GmbH" C:\Programme\Avira\AntiVir Desktop\sched.exe File exists
|||||| "Bonjour-Dienst" (Bonjour Service) "Apple Inc." C:\Programme\Bonjour\mDNSResponder.exe File exists
|||| "Google Software Updater" (gusvc) "Google" C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe File exists
|||| "Google Update Service (gupdate)" (gupdate) "Google Inc." C:\Programme\Google\Update\GoogleUpdate.exe File exists
|||||| "iPod-Dienst" (iPod Service) "Apple Inc." C:\Programme\iPod\bin\iPodService.exe File exists
|||||| "Java Quick Starter" (JavaQuickStarterService) "Sun Microsystems, Inc." C:\Programme\Java\jre6\bin\jqs.exe File exists
|||||| "Office Source Engine" (ose) "Microsoft Corporation" C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE File exists
|||||| "Process Monitor" (LVPrcSrv) "Logitech Inc." C:\Programme\Gemeinsame Dateien\LogiShrd\LVMVFM\LVPrcSrv.exe File exists
|||||| "ServiceLayer" (ServiceLayer) "Nokia." C:\Programme\PC Connectivity Solution\ServiceLayer.exe File exists
|||||| "TuneUp Designerweiterung" (UxTuneUp) "TuneUp Software" C:\WINDOWS\System32\uxtuneup.dll File exists
|||||| "TuneUp Drive Defrag-Dienst" (TuneUp.Defrag) "TuneUp Software" C:\Programme\TuneUp Utilities 2010\TuneUpDefragService.exe File exists
|||||| "TuneUp Utilities Service" (TuneUp.UtilitiesSvc) "TuneUp Software" C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe File exists
|||||| "Windows CardSpace" (idsvc) "Microsoft Corporation" C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe File exists
|||||| "Windows Presentation Foundation Font Cache 3.0.0.0" (FontCache3.0.0.0) "Microsoft Corporation" C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe File exists
|||||| "X10 Device Network Service" (x10nets) "X10" C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe File exists
Winlogon
HKCU\Control Panel\IOProcs
"MVB" mvfs32.dll File not found
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions
{c6dc5466-785a-11d2-84d0-00c04fb169f7} "Softwareinstallation" appmgmts.dll File not found
Winsock Providers
HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries
|||||| "mdnsNSP" "Apple Inc." C:\Programme\Bonjour\mdnsNSP.dll File exists

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru

Julifee · 31.03.2010, 19:12

Hallo Arne,
und jetzt noch der Log nachdem ich die Datei gelöscht habe!
Habe ich alles richtig gemacht und der Plagegeist ist weg?
Gruß
Juli
Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 20:07:35 on 31.03.2010
OS: Windows XP Home Edition Service Pack 3 (Build 2600)
Default Browser: Mozilla Corporation Firefox 3.6.2

Scanner Settings
Rootkits detection (hidden registry)
Rootkits detection (hidden files)
Retrieve files information
Check Microsoft signatures

Filters
Trusted entries
Empty entries
Hidden registry entries (rootkit activity)
Exclusively opened files
Not found files
Files without detailed information
Existing files
Non-startable services
Non-startable drivers
Active entries
Disabled entries

Risk Name Publisher Full Path Status
Common
%SystemRoot%\Tasks
|||| "GoogleUpdateTaskMachineCore.job" "Google Inc." C:\Programme\Google\Update\GoogleUpdate.exe File exists
|||| "GoogleUpdateTaskMachineUA.job" "Google Inc." C:\Programme\Google\Update\GoogleUpdate.exe File exists
|||||| "Automatische Problemsuche.job" "TuneUp Software" C:\Programme\TuneUp Utilities 2010\TuneUpSystemStatusCheck.exe File exists
"Automatische Wartung.job" "TuneUp Software" C:\Programme\TuneUp Utilities 2010\OneClickStarter.exe File exists
Control Panel Objects
%SystemRoot%\system32
|||||| "ALSNDMGR.CPL" C:\WINDOWS\system32\ALSNDMGR.CPL File signed by Microsoft | File found, but it contains no detailed information
|||||| "ddbaccpl.cpl" "DataDesign AG" C:\WINDOWS\system32\ddbaccpl.cpl File exists
|||||| "ddbacctm.cpl" "DataDesign AG" C:\WINDOWS\system32\ddbacctm.cpl File exists
|||||| "infocardcpl.cpl" "Microsoft Corporation" C:\WINDOWS\system32\infocardcpl.cpl File exists
|||||| "javacpl.cpl" "Sun Microsystems, Inc." C:\WINDOWS\system32\javacpl.cpl File exists
HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls
|||||| "Avira AntiVir Personal - Free Antivirus " "Avira GmbH" C:\PROGRA~1\Avira\ANTIVI~1\avconfig.cpl File exists
|||||| "NokiaConnectionManager" "Nokia" C:\PROGRA~1\Nokia\NOKIAP~1\CONNEC~1.CPL File exists
|||||| "QuickTime" "Apple Inc." C:\Programme\QuickTime\QTSystem\QuickTime.cpl File exists
Drivers
HKLM\SYSTEM\CurrentControlSet\Services
|||||| "acedrv10" (acedrv10) "Protect Software GmbH" C:\WINDOWS\system32\drivers\acedrv10.sys File exists
|||||| "acehlp10" (acehlp10) "Protect Software GmbH" C:\WINDOWS\system32\drivers\acehlp10.sys File exists
|||||| "avgio" (avgio) "Avira GmbH" C:\Programme\Avira\AntiVir Desktop\avgio.sys File exists
|||||| "avgntflt" (avgntflt) "Avira GmbH" C:\WINDOWS\System32\DRIVERS\avgntflt.sys File exists
|||||| "avipbb" (avipbb) "Avira GmbH" C:\WINDOWS\System32\DRIVERS\avipbb.sys File exists
"Changer" (Changer) C:\WINDOWS\system32\drivers\Changer.sys File not found
|||||| "d347bus" (d347bus) " " C:\WINDOWS\System32\DRIVERS\d347bus.sys File exists
|||||| "d347prt" (d347prt) " " C:\WINDOWS\System32\Drivers\d347prt.sys File exists
"i2omgmt" (i2omgmt) C:\WINDOWS\system32\drivers\i2omgmt.sys File not found
"lbrtfdc" (lbrtfdc) C:\WINDOWS\system32\drivers\lbrtfdc.sys File not found
"PCIDump" (PCIDump) C:\WINDOWS\system32\drivers\PCIDump.sys File not found
"PDCOMP" (PDCOMP) C:\WINDOWS\system32\drivers\PDCOMP.sys File not found
|| "PDDSLHND" (PDDSLHND) "ProDyne" C:\WINDOWS\system32\drivers\PDDSLHND.sys File exists
"PDFRAME" (PDFRAME) C:\WINDOWS\system32\drivers\PDFRAME.sys File not found
"PDRELI" (PDRELI) C:\WINDOWS\system32\drivers\PDRELI.sys File not found
"PDRFRAME" (PDRFRAME) C:\WINDOWS\system32\drivers\PDRFRAME.sys File not found
|||||| "PPdus ASPI Shell" (Afc) "Arcsoft, Inc." C:\WINDOWS\System32\drivers\Afc.sys File exists
|| "ProDyne DSL Adapter" (PDDSLADP) "ProDyne" C:\WINDOWS\System32\DRIVERS\PDDSLADP.SYS File exists
|||||| "ssmdrv" (ssmdrv) "Avira GmbH" C:\WINDOWS\System32\DRIVERS\ssmdrv.sys File exists
"Treiber für Player-Wiederherstellungsgerät" (StMp3Rec) "Microsoft Corporation" C:\WINDOWS\System32\Drivers\StMp3Rec.sys File exists
|||||| "TuneUpUtilitiesDrv" (TuneUpUtilitiesDrv) "TuneUp Software" C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys File exists
"WAN Miniport (ATW)" (wanatw) C:\WINDOWS\System32\DRIVERS\wanatw4.sys File not found
"WDICA" (WDICA) C:\WINDOWS\system32\drivers\WDICA.sys File not found
Explorer
HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components
|||||| {89B4C1CD-B018-4511-B0A1-5476DBF70820} "StubPath" "Microsoft Corporation" C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install File exists
HKLM\Software\Classes\Folder\shellex\ColumnHandlers
|||||| {7D4D6379-F301-4311-BEBA-E26EB0561882} "NeroDigitalColumnHandler Class" "Nero AG" C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroDigitalExt.dll File exists
|||||| {F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" "Adobe Systems, Inc." C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.dll File exists
HKLM\Software\Classes\Protocols\Filter
|||||| {1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" "Microsoft Corporation" C:\WINDOWS\system32\mscoree.dll File exists
|||||| {1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" "Microsoft Corporation" C:\WINDOWS\system32\mscoree.dll File exists
|||||| {1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" "Microsoft Corporation" C:\WINDOWS\system32\mscoree.dll File exists
|||||| {807553E5-5146-11D5-A672-00B0D022E945} "text/xml" "Microsoft Corporation" C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL File exists
HKLM\Software\Classes\Protocols\Handler
|||||| {32505114-5902-49B2-880A-1F7738E5A384} "Data Page Plugable Protocal mso-offdap11 Handler" "Microsoft Corporation" C:\PROGRA~1\GEMEIN~1\MICROS~1\WEBCOM~1\11\OWC11.DLL File exists
|||| {828030A1-22C1-4009-854F-8E305202313F} "livecall" "Microsoft Corporation" C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL File exists
|||| {828030A1-22C1-4009-854F-8E305202313F} "msnim" "Microsoft Corporation" C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL File exists
HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
{D653647D-D607-4DF6-A5B8-48D2BA195F7B} "BitDefender Antivirus v8" File not found | COM-object registry key not found
{42071714-76d4-11d1-8b24-00a0c9068ff3} "CPL-Erweiterung für Anzeigeverschiebung" deskpan.dll File not found
|||||| {1D2680C9-0E2A-469d-B787-065558BC7D43} "Fusion Cache" "Microsoft Corporation" C:\WINDOWS\system32\mscoree.dll File exists
|||||| {B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} "iTunes" "Apple Inc." C:\Programme\iTunes\iTunesMiniPlayer.dll File exists
{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} "Kontextmenü für die Verschlüsselung" File not found | COM-object registry key not found
|||||| {42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" "Microsoft Corporation" C:\Programme\Microsoft Office\OFFICE11\msohev.dll File exists
|||||| {B327765E-D724-4347-8B16-78AE18552FC3} "NeroDigitalIconHandler Class" "Nero AG" C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroDigitalExt.dll File exists
|||||| {7F1CF152-04F8-453A-B34C-E609530A9DC8} "NeroDigitalPropSheetHandler Class" "Nero AG" C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroDigitalExt.dll File exists
|||||| {416651E4-9C3C-11D9-8BDE-F66BAD1E3F3A} "Nokia Phone Browser" "Nokia" C:\Programme\Nokia\Nokia PC Suite 7\PhoneBrowser.dll File exists
|||||| {45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" "Avira GmbH" C:\Programme\Avira\AntiVir Desktop\shlext.dll File exists
|||||| {E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} "Shell Icon Handler for Application References" "Microsoft Corporation" C:\WINDOWS\system32\dfshim.dll File exists
{764BF0E1-F219-11ce-972D-00AA00A14F56} "Shellerweiterungen für die Dateikomprimierung" File not found | COM-object registry key not found
|||||| {e82a2d71-5b2f-43a0-97b8-81be15854de8} "ShellLink for Application References" "Microsoft Corporation" C:\WINDOWS\system32\dfshim.dll File exists
|||||| {4838CD50-7E5D-4811-9B17-C47A85539F28} "TuneUp Disk Space Explorer Shell Extension" "TuneUp Software" C:\Programme\TuneUp Utilities 2010\DseShExt-x86.dll File exists
|||||| {4858E7D9-8E12-45a3-B6A3-1CD128C9D403} "TuneUp Shredder Shell Extension" "TuneUp Software" C:\Programme\TuneUp Utilities 2010\SDShelEx-win32.dll File exists
|||||| {44440D00-FF19-4AFC-B765-9A0970567D97} "TuneUp Theme Extension" "TuneUp Software" C:\WINDOWS\System32\uxtuneup.dll File exists
|||||| {BDEADF00-C265-11D0-BCED-00A0C90AB50F} "Webordner" "Microsoft Corporation" C:\PROGRA~1\GEMEIN~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL File exists
|||||| {B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" C:\Programme\WinRAR\rarext.dll File exists
Internet Explorer
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser
|||| "Google Toolbar" "Google Inc." C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll File exists
"ITBar7Layout" File not found | COM-object registry key not found
"{BC4FFE41-DE9F-46FA-B455-AAD49B9F9938}" File not found | COM-object registry key not found
HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units
|||||| {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} "CKAVWebScan Object"
hxxp://www.kaspersky.com/kos/german/partner/de/kavwebscan_unicode.cab "Kaspersky Lab" C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavwebscan.dll File exists
|||| {8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_15"
hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab "Sun Microsystems, Inc." C:\Programme\Java\jre6\bin\npjpi160_15.dll File exists
|||| {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} "Java Plug-in 1.6.0_15"
hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab "Sun Microsystems, Inc." C:\Programme\Java\jre6\bin\npjpi160_15.dll File exists
|||| {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_15"
hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab "Sun Microsystems, Inc." C:\Programme\Java\jre6\bin\npjpi160_15.dll File exists
|||| {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} "MsnMessengerSetupDownloadControl Class"
hxxp://messenger.msn.com/download/MsnMessengerSetupDownloader.cab "Microsoft Corporation" C:\WINDOWS\Downloaded Program Files\MsnMessengerSetupDownloader.ocx File exists
{D2982A7F-489A-47F5-A319-FC1F14EBC245} "Navigator Class"
hxxp://www.nutzwerk.de/control/NutzNavi.cab "Nutzwerk GmbH" C:\WINDOWS\Downloaded Program Files\NutzNavi.dll File exists
|||||| {D27CDB6E-AE6D-11CF-96B8-444553540000} "Shockwave Flash Object"
hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab "Adobe Systems, Inc." C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx File exists
{166B1BCA-3F9C-11CF-8075-444553540000} "{166B1BCA-3F9C-11CF-8075-444553540000}"
hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab File not found | COM-object registry key not found
{3334504D-9980-0010-8000-00AA00389B71} "{3334504D-9980-0010-8000-00AA00389B71}"
hxxp://download.microsoft.com/download/0/C/8/0C8EDFAB-30BC-4792-898E-2DABE27B2C4D/mp43dmo.CAB File not found | COM-object registry key not found
{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} "{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA}"
hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_02-windows-i586.cab File not found | COM-object registry key not found
HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions
|||| {FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Recherchieren" "Microsoft Corporation" C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL File exists
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar
|||| "Google Toolbar" "Google Inc." C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll File exists
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects
|||||| {18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" "Adobe Systems Incorporated" C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll File exists
|||| {AA58ED58-01DD-4d91-8333-CF10577473F7} "Google Toolbar Helper" "Google Inc." C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll File exists
|||| {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} "Google Toolbar Notifier BHO" "Google Inc." C:\Programme\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll File exists
|||| {DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" "Sun Microsystems, Inc." C:\Programme\Java\jre6\bin\jp2ssv.dll File exists
|||| {E7E6F031-17CE-4C07-BC86-EABFE594F69C} "JQSIEStartDetectorImpl Class" "Sun Microsystems, Inc." C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll File exists
|||||| {9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live Anmelde-Hilfsprogramm" "Microsoft Corporation" C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll File exists
{98C4D999-B288-8E34-0F4E-24A17D5518FA} "{98C4D999-B288-8E34-0F4E-24A17D5518FA}" File not found | COM-object registry key not found
Logon
%AllUsersProfile%\Startmenü\Programme\Autostart
|||||| "desktop.ini" C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\desktop.ini File exists
%UserProfile%\Startmenü\Programme\Autostart
|||||| "desktop.ini" C:\Dokumente und Einstellungen\lucy\Startmenü\Programme\Autostart\desktop.ini File exists
"Windows Live Messenger .lnk" "Microsoft Corporation" C:\Programme\Windows Live\Messenger\msnmsgr.exe Shortcut exists | File exists
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
"ccleaner" "Piriform Ltd" "C:\Programme\CCleaner\CCleaner.exe" /AUTO File exists
|||| "PC Suite Tray" "Nokia" "C:\Programme\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray File exists
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
|||||| "avgnt" "Avira GmbH" "C:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min File exists
|||| "rfagent" "KsL Software" "C:\Programme\RFA\rfagent.exe" File exists
Print Monitors
HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors
|||||| "Microsoft Document Imaging Writer Monitor" "Microsoft Corporation" C:\WINDOWS\system32\mdimon.dll File exists
Services
HKLM\SYSTEM\CurrentControlSet\Services
|||||| ".NET Runtime Optimization Service v2.0.50727_X86" (clr_optimization_v2.0.50727_32) "Microsoft Corporation" C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe File exists
"Anwendungsverwaltung" (AppMgmt) C:\WINDOWS\System32\appmgmts.dll File not found
|||||| "Apple Mobile Device" (Apple Mobile Device) "Apple Inc." C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe File exists
|||||| "ASP.NET State Service" (aspnet_state) "Microsoft Corporation" C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe File exists
|||||| "Avira AntiVir Guard" (AntiVirService) "Avira GmbH" C:\Programme\Avira\AntiVir Desktop\avguard.exe File exists
|||||| "Avira AntiVir Planer" (AntiVirSchedulerService) "Avira GmbH" C:\Programme\Avira\AntiVir Desktop\sched.exe File exists
|||||| "Bonjour-Dienst" (Bonjour Service) "Apple Inc." C:\Programme\Bonjour\mDNSResponder.exe File exists
|||| "Google Software Updater" (gusvc) "Google" C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe File exists
|||| "Google Update Service (gupdate)" (gupdate) "Google Inc." C:\Programme\Google\Update\GoogleUpdate.exe File exists
|||||| "iPod-Dienst" (iPod Service) "Apple Inc." C:\Programme\iPod\bin\iPodService.exe File exists
|||||| "Java Quick Starter" (JavaQuickStarterService) "Sun Microsystems, Inc." C:\Programme\Java\jre6\bin\jqs.exe File exists
|||||| "Office Source Engine" (ose) "Microsoft Corporation" C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE File exists
|||||| "Process Monitor" (LVPrcSrv) "Logitech Inc." C:\Programme\Gemeinsame Dateien\LogiShrd\LVMVFM\LVPrcSrv.exe File exists
|||||| "ServiceLayer" (ServiceLayer) "Nokia." C:\Programme\PC Connectivity Solution\ServiceLayer.exe File exists
|||||| "TuneUp Designerweiterung" (UxTuneUp) "TuneUp Software" C:\WINDOWS\System32\uxtuneup.dll File exists
|||||| "TuneUp Drive Defrag-Dienst" (TuneUp.Defrag) "TuneUp Software" C:\Programme\TuneUp Utilities 2010\TuneUpDefragService.exe File exists
|||||| "TuneUp Utilities Service" (TuneUp.UtilitiesSvc) "TuneUp Software" C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe File exists
|||||| "Windows CardSpace" (idsvc) "Microsoft Corporation" C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe File exists
|||||| "Windows Presentation Foundation Font Cache 3.0.0.0" (FontCache3.0.0.0) "Microsoft Corporation" C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe File exists
|||||| "X10 Device Network Service" (x10nets) "X10" C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe File exists
Winlogon
HKCU\Control Panel\IOProcs
"MVB" mvfs32.dll File not found
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions
{c6dc5466-785a-11d2-84d0-00c04fb169f7} "Softwareinstallation" appmgmts.dll File not found
Winsock Providers
HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries
|||||| "mdnsNSP" "Apple Inc." C:\Programme\Bonjour\mdnsNSP.dll File exists

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru

cosinus · 31.03.2010, 19:38

Sieht ok aus. Mach bitte Kontrollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!

Julifee · 31.03.2010, 22:48

Hallo Arne,
das klingt ja super, ich hätte sonst auch nicht gewusst wie ich ihr helfen sollte! DANKE!
Leider haben die beide Programme auch noch etwas gefunden! Kannst du nochmal bitte schauen!
Hast du auch einen Tip für eine bessere Viren Software als Freeware!
Gruß
Juli

SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com

Generated 03/31/2010 at 11:37 PM

Application Version : 4.35.1000

Core Rules Database Version : 4754
Trace Rules Database Version: 2566

Scan type : Complete Scan
Total Scan Time : 01:43:26

Memory items scanned : 542
Memory threats detected : 0
Registry items scanned : 6128
Registry threats detected : 20
File items scanned : 94120
File threats detected : 2

Adware.Tracking Cookie
C:\Dokumente und Einstellungen\lucy\Cookies\lucy@atdmt[2].txt

Trojan.WinAntiSpyware/WinAntiVirus 2006/2007
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_VSPF
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_VSPF#NextInstance
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_VSPF\0000
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_VSPF\0000#Service
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_VSPF\0000#Legacy
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_VSPF\0000#ConfigFlags
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_VSPF\0000#Class
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_VSPF\0000#ClassGUID
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_VSPF\0000#DeviceDesc
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_VSPF\0000#Capabilities
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_VSPF_HK
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_VSPF_HK#NextInstance
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_VSPF_HK\0000
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_VSPF_HK\0000#Service
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_VSPF_HK\0000#Legacy
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_VSPF_HK\0000#ConfigFlags
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_VSPF_HK\0000#Class
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_VSPF_HK\0000#ClassGUID
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_VSPF_HK\0000#DeviceDesc
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_VSPF_HK\0000#Capabilities

Trojan.Agent/Gen-Nullo[Short]
C:\SYSTEM VOLUME INFORMATION\_RESTORE{F4590F1F-1C65-4C31-BF92-A80ED054E26A}\RP805\A0275777.SYS
-------------------------------
-------------------------------
-------------------------------
Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org

Datenbank Version: 3938

Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.11

31.03.2010 21:34:19
mbam-log-2010-03-31 (21-34-19).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 116456
Laufzeit: 10 Minute(n), 38 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 2
Infizierte Registrierungswerte: 2
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 2

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{deceaaa2-370a-49bb-9362-68c3a58ddc62} (Adware.180Solutions) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{b64f4a7c-97c9-11da-8bde-f66bad1e3f3a} (Rogue.WinAntiVirus) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow\mysearchnow.com (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow\www.mysearchnow.com (Malware.Trace) -> Quarantined and deleted successfully.

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
C:\WINDOWS\system32\drivers\kbdqtwmt.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\stera.job (Rogue.WinAntiVirus) -> Quarantined and deleted successfully.

cosinus · 01.04.2010, 09:55

Ups

Da müssen wir nochmal ran, bitte ein Log mti CF machen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix

Lade dir ComboFix hier herunter auf deinen Desktop. Benenne es beim Runterladen um in cofi.exe.

Dann folgende Anleitung durchlesen und abarbeiten -> CCleaner Systembereinigung

Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.

Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.

Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.

Wichtiger Hinweis:

Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Julifee · 02.04.2010, 14:38

Hallo Arne,
ich habe die cofi.exe durchlaufen lassen, man hat die lange gebraucht!

CCleaner kannte ich schon das ging schneller!

Hier mal das neue Log! Hoffe da ist nichts mehr zu finden! Hast du noch einen Tip für eine bessere Antiviren Software!
LG Juli

ComboFix 10-03-29.04 - lucy 01.04.2010 19:22:22.1.1 - x86
ausgeführt von:: c:\dokumente und einstellungen\lucy\Desktop\cofi.exe
.

(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\recycler\S-1-5-21-1236329858-2148240463-463229007-1003
c:\recycler\S-1-5-21-3100630053-2532005773-191470173-1003
C:\test.txt
c:\windows\system32\stera.log

.
((((((((((((((((((((((((((((((((((((((( Treiber/Dienste )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_FOPN

((((((((((((((((((((((( Dateien erstellt von 2010-03-01 bis 2010-04-01 ))))))))))))))))))))))))))))))
.

2010-03-31 19:44 . 2010-03-31 19:44 52224 ----a-w- c:\dokumente und einstellungen\lucy\Anwendungsdaten\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-03-31 19:44 . 2010-03-31 19:44 117760 ----a-w- c:\dokumente und einstellungen\lucy\Anwendungsdaten\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-03-31 19:43 . 2010-03-31 19:43 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\SUPERAntiSpyware.com
2010-03-31 19:43 . 2010-03-31 19:43 -------- d-----w- c:\programme\SUPERAntiSpyware
2010-03-31 19:43 . 2010-03-31 19:43 -------- d-----w- c:\dokumente und einstellungen\lucy\Anwendungsdaten\SUPERAntiSpyware.com
2010-03-31 19:42 . 2010-03-31 19:42 -------- d-----w- c:\programme\Gemeinsame Dateien\Wise Installation Wizard
2010-03-31 19:20 . 2010-03-31 19:20 -------- d-----w- c:\dokumente und einstellungen\lucy\Anwendungsdaten\Malwarebytes
2010-03-31 19:20 . 2010-03-29 13:24 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-31 19:20 . 2010-03-31 19:20 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Malwarebytes
2010-03-31 19:20 . 2010-03-31 19:20 -------- d-----w- c:\programme\Malwarebytes' Anti-Malware
2010-03-31 19:20 . 2010-03-29 13:24 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-31 17:32 . 2010-03-31 17:38 -------- d-----w- c:\dokumente und einstellungen\lucy\Anwendungsdaten\Online Solutions
2010-03-28 17:35 . 2010-03-31 16:21 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy
2010-03-28 17:35 . 2010-03-28 18:02 -------- d-----w- c:\programme\Spybot - Search & Destroy
2010-03-10 09:07 . 2009-10-23 15:28 3558912 -c----w- c:\windows\system32\dllcache\moviemk.exe
2010-03-06 08:14 . 2010-02-12 10:03 293376 ------w- c:\windows\system32\browserchoice.exe
2010-03-04 11:47 . 2010-03-04 11:47 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\IEConfiguration1und1

.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-01 17:36 . 2009-09-17 17:45 0 ----a-w- c:\windows\system32\drivers\lvuvc.hs
2010-04-01 17:36 . 2009-09-17 17:44 0 ----a-w- c:\windows\system32\drivers\logiflt.iad
2010-03-31 07:16 . 2009-03-24 16:42 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\RFA_Backups
2010-03-28 15:02 . 2005-07-25 17:33 85198 ----a-w- c:\windows\system32\perfc007.dat
2010-03-28 15:02 . 2005-07-25 17:33 460334 ----a-w- c:\windows\system32\perfh007.dat
2010-03-12 15:43 . 2008-12-29 14:45 -------- d-----w- c:\dokumente und einstellungen\lucy\Anwendungsdaten\Nokia
2010-03-11 12:31 . 2005-07-25 17:33 832512 ----a-w- c:\windows\system32\wininet.dll
2010-03-11 12:31 . 2005-07-25 17:32 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-03-11 12:31 . 2005-07-25 17:32 17408 ----a-w- c:\windows\system32\corpol.dll
2010-02-28 19:46 . 2005-07-25 14:49 -------- d-----w- c:\programme\DivX
2010-02-28 19:42 . 2010-02-28 19:42 -------- d-----w- c:\programme\Gemeinsame Dateien\DivX Shared
2010-02-28 19:22 . 2010-01-02 19:46 -------- d-----w- c:\programme\TuneUp Utilities 2010
2010-02-28 19:22 . 2006-06-15 16:31 -------- d-----w- c:\programme\Phototool
2010-02-28 19:22 . 2009-08-26 15:35 -------- d-----w- c:\programme\Free FLV Converter
2010-02-28 19:22 . 2009-05-27 17:27 -------- d-----w- c:\programme\Desktop Maestro
2010-02-28 19:22 . 2009-06-04 17:21 -------- d-----w- c:\programme\AliceHilfe
2010-02-28 19:22 . 2009-06-04 17:21 -------- d-----w- c:\dokumente und einstellungen\vivi\Anwendungsdaten\AliceHilfe
2010-02-28 19:22 . 2008-04-08 10:44 -------- d-----w- c:\dokumente und einstellungen\vivi\Anwendungsdaten\Nokia Multimedia Player
2010-02-28 19:11 . 2009-05-27 17:27 -------- d---a-w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\TEMP
2010-02-13 17:04 . 2010-02-12 18:10 -------- d-----w- c:\dokumente und einstellungen\lucy\Anwendungsdaten\Skype
2010-02-12 18:09 . 2010-02-12 18:09 -------- d-----r- c:\programme\Skype
2010-02-12 18:09 . 2010-02-12 18:09 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Skype
2010-02-12 18:08 . 2005-07-25 14:49 -------- d-----w- c:\programme\Google
2010-01-08 13:27 . 2010-01-08 13:27 8192 ----a-w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Installations\{AC4E9457-107B-448F-AD89-605E122E8C59}\Installer\CommonCustomActions\UninstCCD.exe
2010-01-08 13:27 . 2010-01-08 13:27 61440 ----a-w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Installations\{AC4E9457-107B-448F-AD89-605E122E8C59}\Installer\CommonCustomActions\UninstPCSFEMsi.exe
2010-01-08 13:27 . 2010-01-08 13:27 10240 ----a-w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Installations\{AC4E9457-107B-448F-AD89-605E122E8C59}\Installer\CommonCustomActions\UninstPCS.exe
2010-01-08 12:50 . 2008-03-12 10:04 61440 ----a-w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Installations\{A982E6CC-9F0D-4948-9B18-BDFD55DE4A72}\Installations\CommonCustomActions\UninstPCSFEMsi.exe
2010-01-08 12:50 . 2008-03-12 10:04 10240 ----a-w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Installations\{A982E6CC-9F0D-4948-9B18-BDFD55DE4A72}\Installations\CommonCustomActions\UninstPCS.exe
2010-01-08 12:50 . 2008-03-12 10:04 8192 ----a-w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Installations\{A982E6CC-9F0D-4948-9B18-BDFD55DE4A72}\Installations\CommonCustomActions\UninstCCD.exe
2005-07-25 14:49 . 2005-07-25 14:49 8 --sh--r- c:\windows\system32\0BE2C7B2ED.sys
2005-07-25 14:49 . 2005-07-25 14:49 4184 --sha-w- c:\windows\system32\KGyGaAvL.sys
.

(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ccleaner"="c:\programme\CCleaner\CCleaner.exe" [2010-01-26 1724728]
"PC Suite Tray"="c:\programme\Nokia\Nokia PC Suite 7\PCSuite.exe" [2009-05-18 1312256]
"WMPNSCFG"="c:\programme\Windows Media Player\WMPNSCFG.exe" [2006-11-03 204288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"rfagent"="c:\programme\RFA\rfagent.exe" [2008-11-24 916800]
"avgnt"="c:\programme\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\dokumente und einstellungen\lucy\Startmen\Programme\Autostart\
Windows Live Messenger .lnk - c:\programme\Windows Live\Messenger\msnmsgr.exe [2009-7-26 3883840]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\programme\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 13:21 548352 ----a-w- c:\programme\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"msnmsgr"="c:\programme\Windows Live\Messenger\msnmsgr.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="c:\programme\QuickTime\QTTask.exe" -atboottime
"Adobe Reader Speed Launcher"="c:\programme\Adobe\Reader 9.0\Reader\Reader_sl.exe"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%WinDir%\\system32\\fxsclnt.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\Programme\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Programme\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programme\\Bonjour\\mDNSResponder.exe"=
"c:\\Programme\\iTunes\\iTunes.exe"=
"c:\\Programme\\Skype\\Phone\\Skype.exe"=

R0 d347bus;d347bus;c:\windows\system32\drivers\d347bus.sys [15.09.2009 18:29 155136]
R0 d347prt;d347prt;c:\windows\system32\drivers\d347prt.sys [15.09.2009 18:29 5248]
R0 PDDSLHND;PDDSLHND;c:\windows\system32\drivers\PDDSLHND.SYS [28.12.2005 23:11 15187]
R1 SASDIFSV;SASDIFSV;c:\programme\SUPERAntiSpyware\sasdifsv.sys [17.02.2010 11:25 12872]
R1 SASKUTIL;SASKUTIL;c:\programme\SUPERAntiSpyware\SASKUTIL.SYS [17.02.2010 11:15 66632]
R2 acedrv10;acedrv10;c:\windows\system32\drivers\ACEDRV10.sys [27.07.2007 10:13 330144]
R2 acehlp10;acehlp10;c:\windows\system32\drivers\acehlp10.sys [27.07.2007 12:46 251680]
R2 AntiVirSchedulerService;Avira AntiVir Planer;c:\programme\Avira\AntiVir Desktop\sched.exe [14.07.2009 20:16 108289]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\programme\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [09.12.2009 14:42 1044808]
R3 3xHybrid;3xHybrid service;c:\windows\system32\drivers\3xHybrid.sys [25.07.2005 14:32 799744]
R3 PDDSLADP;ProDyne DSL Adapter;c:\windows\system32\drivers\PDDSLADP.SYS [28.12.2005 23:11 15571]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\programme\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys [14.10.2009 08:24 10064]
S2 gupdate;Google Update Service (gupdate);c:\programme\Google\Update\GoogleUpdate.exe [12.02.2010 20:08 135664]
S3 SASENUM;SASENUM;c:\programme\SUPERAntiSpyware\SASENUM.SYS [17.02.2010 11:15 12872]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Inhalt des "geplante Tasks" Ordners

2010-04-01 c:\windows\Tasks\Automatische Problemsuche.job
- c:\programme\TuneUp Utilities 2010\TuneUpSystemStatusCheck.exe [2009-12-09 12:50]

2010-03-12 c:\windows\Tasks\Automatische Wartung.job
- c:\programme\TuneUp Utilities 2010\OneClickStarter.exe [2009-12-09 12:50]

2010-04-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\programme\Google\Update\GoogleUpdate.exe [2010-02-12 18:08]

2010-04-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programme\Google\Update\GoogleUpdate.exe [2010-02-12 18:08]
.
.
------- Zusätzlicher Suchlauf -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE: Google Sidewiki... - c:\programme\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
TCP: {C8D0B20B-ECC6-45D7-881E-82AAAC3E0CB7} = 0.0.0.0
DPF: {D2982A7F-489A-47F5-A319-FC1F14EBC245} - hxxp://www.nutzwerk.de/control/NutzNavi.cab
FF - ProfilePath - c:\dokumente und einstellungen\lucy\Anwendungsdaten\Mozilla\Firefox\Profiles\mspb3zh7.default\
FF - plugin: c:\progra~1\MOZILL~1\plugins\npdeploytk.dll
FF - plugin: c:\progra~1\MOZILL~1\plugins\npnul32.dll
FF - plugin: c:\programme\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\programme\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX Richtlinien ----
c:\programme\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\programme\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\programme\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\programme\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\programme\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\programme\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\programme\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "hxxp://www.firefox.com");
c:\programme\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -

BHO-{98C4D999-B288-8E34-0F4E-24A17D5518FA} - (no file)
Notify-WgaLogon - (no file)

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2010-04-01 19:39
Windows 5.1.2600 Service Pack 3 NTFS

Scanne versteckte Prozesse...

Scanne versteckte Autostarteinträge...

Scanne versteckte Dateien...

Scan erfolgreich abgeschlossen
versteckte Dateien: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, hxxp://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x81EEE008]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf84b6f28
\Driver\ACPI -> ACPI.sys @ 0xf8322cb8
\Driver\atapi -> 0x81eee008
IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x80579022
ParseProcedure -> ntkrnlpa.exe @ 0x80577c84
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x80579022
ParseProcedure -> ntkrnlpa.exe @ 0x80577c84
Warning: possible MBR rootkit infection !
user & kernel MBR OK

**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\€–€|ÿÿÿÿÀ•€|ù•6~*]
"7040110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------

- - - - - - - > 'winlogon.exe'(652)
c:\programme\SUPERAntiSpyware\SASWINLO.dll

- - - - - - - > 'explorer.exe'(7928)
c:\windows\TEMP\logishrd\LVPrcInj01.dll
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\WPDShServiceObj.dll
c:\programme\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
c:\programme\Nokia\Nokia PC Suite 7\NGSCM.DLL
c:\programme\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_ger.nlr
c:\programme\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\programme\Avira\AntiVir Desktop\avguard.exe
c:\programme\Java\jre6\bin\jqs.exe
c:\programme\Gemeinsame Dateien\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\programme\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
c:\programme\PC Connectivity Solution\ServiceLayer.exe
c:\programme\PC Connectivity Solution\Transports\NclUSBSrv.exe
c:\programme\PC Connectivity Solution\Transports\NclRSSrv.exe
c:\windows\ISW\alice\signup\connctas.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2010-04-01 19:45:18 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2010-04-01 17:45

Vor Suchlauf: 9 Verzeichnis(se), 44.231.913.472 Bytes frei
Nach Suchlauf: 11 Verzeichnis(se), 45.278.175.232 Bytes frei

WindowsXP-KB310994-SP2-Home-BootDisk-DEU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

- - End Of File - - 9D8C8D41DDF29701C68175B79A1C195F

cosinus · 02.04.2010, 17:11

Sieht ok aus. Mach bitte Kontrollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!

Zitat:

Hast du noch einen Tip für eine bessere Antiviren Software!

Du bekommst das Virenproblem niemals allein mit einem Virenscanner in den Griff! Bitte mal lesen, hier mein Standardtext dazu:

Halte Dich am besten grob an diese fünf Regeln:

1) Sei misstrauisch im Internet und v.a. bei unbekannten E-Mails, sei vorsichtig bei der Herausgabe persönlicher Daten!!
2) Halte Windows und alle verwendeten Programme immer aktuell
3) Führe regelmäßig Backups auf externe Medien durch
4) Arbeite mit eingeschränkten Rechten
5) Nutze sichere Programme wie zB Opera oder Firefox zum Surfen statt den IE, zum Mailen Thunderbird statt Outlook Express - E-Mails nur als reinen text anzeigen lassen

Alles noch genauer erklärt steht hier => Kompromittierung unvermeidbar?

Julifee · 03.04.2010, 14:16

Hi Arne,
das klingt ja zuversichtlich! ;-)
Hier mal die neuen Log's!
Gruß
Juli

Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org

Datenbank Version: 3948

Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.11

03.04.2010 13:11:14
mbam-log-2010-04-03 (13-11-14).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 115301
Laufzeit: 8 Minute(n), 8 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)

SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com

Generated 04/03/2010 at 02:57 PM

Application Version : 4.35.1000

Core Rules Database Version : 4760
Trace Rules Database Version: 2572

Scan type : Complete Scan
Total Scan Time : 01:40:17

Memory items scanned : 545
Memory threats detected : 0
Registry items scanned : 6116
Registry threats detected : 0
File items scanned : 78474
File threats detected : 1

Adware.Tracking Cookie
C:\Dokumente und Einstellungen\lucy\Cookies\lucy@atdmt[2].txt

cosinus · 03.04.2010, 14:23

Jo ist ok. Hast Du die 5 Regeln und den Artikel beachtet?

Julifee · 03.04.2010, 15:20

Hi Arne,
Antivir hat gerade diesen blöden Plagegeist erneut gefunden!
Im Anhang mal die Meldung!
Was soll ich tun?

Gruß
Juli
PS Ja habe Ihr alles mal erklärt und Sie sagt das sie darauf achten wird! ;-)

cosinus · 03.04.2010, 16:32

Das ist "nur" in der Systemwiederherstellung (SWH).

Deaktiviere die SWH, im Verlauf der Infektion wurden auch Malwaredateien in Wiederherstellungspunkten mitgesichert - die sind alle nun unbrauchbar, da ein Zurücksetzen des Systems durch einen Wiederherstellungspunkt wahrscheinlich wieder eine Infektion nach sich ziehen würde.

Julifee · 03.04.2010, 17:00

Hi Arne,
super dann ist der Rechner ja endlich sauber!

Ein ganz großes DANKE!
LG
Juli

cosinus · 03.04.2010, 18:17

Ok. Dann bitte abschließend die Updates prüfen:

Microsoftupdate

Windows XP: Besuch mit dem IE die MS-Updateseite und lass Dir alle wichtigen Updates installieren.

Windows Vista/7: Anleitung Windows-Update

PDF-Reader aktualisieren
Dein Adobe Reader ist nicht aktuell, was ein großes Sicherheitsrisiko darstellt. Du solltest daher besser die alte Version über Systemsteuerung => Software deinstallieren, indem Du dort auf "Adobe Reader x.0" klickst und das Programm entfernst.

Ich empfehle einen alternativen PDF-Reader wie SumatraPDF oder Foxit PDF Reader, beide sind sehr viel schlanker und flotter als der AdobeReader.

Bitte überprüf bei der Gelegenheit auch die Aktualität des Flashplayers, hier der direkte Downloadlink => http://filepony.de/?q=Flash+Player

Java-Update
Veraltete Java-Installationen sind ein Sicherheitsrisiko, daher solltest Du die alten Versionen löschen (falls vorhanden) und auf die neuste aktualisieren. Beende dazu alle Programme (v.a. die Browser), klick danach auf Start, Systemsteuerung, Software und deinstalliere darüber alle aufgelisteten Java-Versionen. Lad Dir danach von hier das aktuelle Java SE Runtime Environment (JRE) herunter und installiere es.

31.03.2010, 11:15	#2
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Trojaner "TR/Agent.ruo" entdeckt hallo und Code: ATTFilter [Drivers] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "kbdqtwmt" (kbdqtwmt) "Microsoft Corporation" C:\WINDOWS\system32\drivers\kbdqtwmt.sys File exists Bitte mit OSAM deaktivieren (siehe Anleitung zu OSAM). Poste danach ein neues Log von OSAM __________________ __________________

31.03.2010, 19:38	#5
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Trojaner "TR/Agent.ruo" entdeckt Sieht ok aus. Mach bitte Kontrollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs. Denk dran beide Tools zu updaten vor dem Scan!! __________________ Logfiles bitte immer in CODE-Tags posten

03.04.2010, 14:23	#11
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Trojaner "TR/Agent.ruo" entdeckt Jo ist ok. Hast Du die 5 Regeln und den Artikel beachtet? __________________ Logfiles bitte immer in CODE-Tags posten

Trojaner "TR/Agent.ruo" entdeckt

Plagegeister aller Art und deren Bekämpfung: Trojaner "TR/Agent.ruo" entdeckt