Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Java/Agent, + versch. Tr/...

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 22.09.2010, 09:43   #16
©onsultant
 
Java/Agent, + versch. Tr/... - Beitrag

Java/Agent, + versch. Tr/...



Und wieder mal ein Hallo oder besser "noch" guten Morgen.


Hier habe ich nun das Logfile von CF:



Code:
ATTFilter
ComboFix 10-09-21.01 - Admin 22.09.2010   9:42.2.1 - x86
Microsoft Windows XP Home Edition  5.1.2600.3.1252.49.1031.18.502.242 [GMT 2:00]
ausgeführt von:: c:\dokumente und einstellungen\Admin\Desktop\cofi.exe.exe
Benutzte Befehlsschalter :: c:\dokumente und einstellungen\Admin\Desktop\CFScript.txt
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

FILE ::
"c:\dokume~1\Admin\LOKALE~1\Temp\krdpdre.sys"
.

((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.

.
(((((((((((((((((((((((((((((((((((((((   Treiber/Dienste   )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_KRDPDRE
-------\Service_krdpdre


(((((((((((((((((((((((   Dateien erstellt von 2010-08-22 bis 2010-09-22  ))))))))))))))))))))))))))))))
.

2010-09-21 20:39 . 2010-09-21 20:39	--------	d-----w-	c:\programme\Characterizer
2010-09-21 20:02 . 2008-09-11 19:01	59904	----a-w-	c:\windows\system32\unpdf.exe
2010-09-21 20:02 . 2008-06-16 11:11	81920	----a-w-	c:\windows\system32\emfxp.dll
2010-09-21 20:02 . 2010-09-21 20:02	--------	d-----w-	c:\dokumente und einstellungen\All Users\Anwendungsdaten\TalkAndWrite
2010-09-21 20:02 . 2010-09-21 20:02	--------	d-----w-	c:\programme\TalkAndWrite
2010-09-21 12:32 . 2010-09-21 12:32	--------	d-----w-	c:\programme\CCleaner
2010-09-20 14:49 . 2010-09-20 14:49	--------	d-----w-	C:\_OTL
2010-09-19 07:50 . 2010-09-19 07:50	--------	d-----w-	c:\programme\PokerTH-0.8-beta3
2010-09-18 16:31 . 2009-11-21 15:54	471552	-c----w-	c:\windows\system32\dllcache\aclayers.dll
2010-09-18 16:31 . 2010-06-14 14:31	744448	-c----w-	c:\windows\system32\dllcache\helpsvc.exe
2010-09-18 16:30 . 2010-06-24 12:21	743424	-c----w-	c:\windows\system32\dllcache\iedvtool.dll
2010-09-18 16:28 . 2010-02-12 10:03	293376	------w-	c:\windows\system32\browserchoice.exe
2010-09-18 16:25 . 2010-06-18 13:36	3558912	-c----w-	c:\windows\system32\dllcache\moviemk.exe
2010-09-18 13:59 . 2010-09-18 13:59	--------	d-----w-	c:\dokumente und einstellungen\Admin\Anwendungsdaten\Malwarebytes
2010-09-18 13:59 . 2010-04-29 13:39	38224	----a-w-	c:\windows\system32\drivers\mbamswissarmy.sys
2010-09-18 13:59 . 2010-09-18 13:59	--------	d-----w-	c:\dokumente und einstellungen\All Users\Anwendungsdaten\Malwarebytes
2010-09-18 13:59 . 2010-04-29 13:39	20952	----a-w-	c:\windows\system32\drivers\mbam.sys
2010-09-18 13:59 . 2010-09-18 13:59	--------	d-----w-	c:\programme\Malwarebytes' Anti-Malware
2010-09-17 15:32 . 2010-09-17 15:36	--------	d-----w-	c:\programme\Csdf4.3
2010-09-15 04:27 . 2010-09-15 04:27	--------	d-----w-	c:\dokumente und einstellungen\Admin\Anwendungsdaten\Engelmann Media
2010-09-15 04:26 . 2010-09-15 04:26	--------	d-----w-	c:\programme\S.A.D
2010-09-15 04:11 . 2010-09-15 04:19	36675	----a-w-	c:\windows\DIIUnin.dat
2010-09-15 04:11 . 2010-09-15 04:11	2829	----a-w-	c:\windows\DIIUnin.pif
2010-09-15 04:11 . 2010-09-15 04:11	102400	----a-w-	c:\windows\DIIUnin.exe
2010-09-15 04:04 . 2010-09-15 04:04	--------	d-----w-	c:\programme\D2
2010-09-13 20:15 . 2010-09-13 20:15	--------	d-----w-	c:\dokumente und einstellungen\Admin\Lokale Einstellungen\Anwendungsdaten\TechSmith
2010-09-13 20:13 . 2010-03-04 15:27	411480	----a-w-	c:\windows\system32\tsccvid.dll
2010-09-13 20:13 . 2010-09-13 20:13	--------	d-----w-	c:\windows\system32\QuickTime
2010-09-13 20:12 . 2010-09-13 20:12	--------	d-----w-	c:\programme\Gemeinsame Dateien\TechSmith Shared
2010-09-13 20:11 . 2010-09-13 20:12	--------	d-----w-	c:\dokumente und einstellungen\All Users\Anwendungsdaten\TechSmith
2010-09-13 20:11 . 2010-09-13 20:11	--------	d-----w-	c:\programme\TechSmith
2010-09-13 20:03 . 2010-09-13 20:03	--------	d-----w-	c:\dokumente und einstellungen\Admin\Anwendungsdaten\Media Player Classic
2010-09-13 20:01 . 2010-03-15 09:31	165376	----a-w-	c:\windows\system32\unrar.dll
2010-09-13 17:09 . 2008-04-14 05:52	54272	-c--a-w-	c:\windows\system32\dllcache\vfwwdm32.dll
2010-09-13 17:09 . 2008-04-14 05:52	54272	----a-w-	c:\windows\system32\vfwwdm32.dll
2010-09-13 17:08 . 2006-06-27 06:56	31872	----a-w-	c:\windows\system32\drivers\superwebcam.sys
2010-09-12 15:02 . 2010-09-12 15:13	--------	d-----w-	c:\programme\CamStudio
2010-09-12 14:27 . 2010-09-12 14:54	--------	d-----w-	c:\dokumente und einstellungen\All Users\Anwendungsdaten\WebcamMax
2010-09-12 14:27 . 2010-09-12 14:27	--------	d-----w-	c:\dokumente und einstellungen\Admin\Anwendungsdaten\WebcamMax
2010-09-12 14:17 . 2010-09-12 14:17	--------	d-----w-	c:\programme\WebcamMax
2010-09-12 10:20 . 2010-09-12 10:23	--------	d-----w-	c:\dokumente und einstellungen\Admin\Anwendungsdaten\GetRightToGo
2010-09-12 10:09 . 2010-09-12 10:09	--------	d-----w-	c:\programme\MSN Webcam Recorder
2010-09-08 19:07 . 2010-09-08 19:07	--------	d-----w-	c:\programme\WinPcap
2010-09-08 19:07 . 2010-09-08 19:15	--------	d-----w-	c:\programme\Cain
2010-09-08 17:55 . 2010-09-08 17:57	--------	d-----w-	c:\dokumente und einstellungen\Xander\Anwendungsdaten\Passware
2010-08-31 01:07 . 2010-08-31 01:07	--------	d-----w-	c:\dokumente und einstellungen\Xander\Anwendungsdaten\Image Zone Express
2010-08-26 17:40 . 2010-09-05 01:57	--------	d-----w-	c:\dokumente und einstellungen\Gastkonto\Lokale Einstellungen\Anwendungsdaten\Adobe

.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-22 07:35 . 2009-11-09 23:28	--------	d-----w-	c:\dokumente und einstellungen\Admin\Anwendungsdaten\vlc
2010-09-22 06:04 . 2010-01-05 22:11	--------	d-----w-	c:\dokumente und einstellungen\Admin\Anwendungsdaten\skypePM
2010-09-21 22:18 . 2010-01-05 22:10	--------	d-----w-	c:\dokumente und einstellungen\Admin\Anwendungsdaten\Skype
2010-09-21 20:02 . 2010-09-21 20:02	465	----a-w-	c:\dokumente und einstellungen\All Users\Anwendungsdaten\Skype\Plugins\Plugins\1163D2B46CC742E5A3CC9E4157887751\dropall.bat
2010-09-21 20:02 . 2010-09-21 20:02	184	----a-w-	c:\dokumente und einstellungen\All Users\Anwendungsdaten\Skype\Plugins\Plugins\1163D2B46CC742E5A3CC9E4157887751\uninst.bat
2010-09-21 20:01 . 2010-09-21 20:01	397824	----a-w-	c:\dokumente und einstellungen\All Users\Anwendungsdaten\Skype\Plugins\Plugins\1163D2B46CC742E5A3CC9E4157887751\TAWLauncher.exe
2010-09-21 20:01 . 2010-09-21 20:01	3930796	----a-w-	c:\dokumente und einstellungen\All Users\Anwendungsdaten\Skype\Plugins\Plugins\1163D2B46CC742E5A3CC9E4157887751\TalkAndWrite_setup.exe
2010-09-21 19:53 . 2010-06-11 22:44	--------	d-----w-	c:\dokumente und einstellungen\Admin\Anwendungsdaten\Nettalk
2010-09-20 09:15 . 2010-06-27 17:03	848	--sha-w-	c:\windows\system32\KGyGaAvL.sys
2010-09-19 08:32 . 2010-07-08 08:51	43520	----a-w-	c:\windows\system32\CmdLineExt03.dll
2010-09-18 18:07 . 2009-10-27 16:40	101232	----a-w-	c:\dokumente und einstellungen\Admin\Lokale Einstellungen\Anwendungsdaten\GDIPFONTCACHEV1.DAT
2010-09-18 17:51 . 2009-11-03 13:41	--------	d-----w-	c:\dokumente und einstellungen\All Users\Anwendungsdaten\Microsoft Help
2010-09-18 17:43 . 2004-08-04 12:00	85170	----a-w-	c:\windows\system32\perfc007.dat
2010-09-18 17:43 . 2004-08-04 12:00	461726	----a-w-	c:\windows\system32\perfh007.dat
2010-09-18 17:23 . 2009-11-03 13:47	--------	d-----w-	c:\programme\Microsoft Works
2010-09-15 04:47 . 2010-03-27 04:30	--------	d-----w-	c:\programme\HEditor
2010-09-15 04:47 . 2010-03-27 04:30	249856	------w-	c:\windows\Setup1.exe
2010-09-15 04:47 . 2010-03-27 04:30	73216	----a-w-	c:\windows\ST6UNST.EXE
2010-09-15 03:33 . 2009-10-27 21:17	--------	d-----w-	c:\dokumente und einstellungen\Admin\Anwendungsdaten\sadGAME
2010-09-11 12:44 . 2000-09-26 19:12	1722	----a-w-	c:\programme\RDMS.INI
2010-09-09 21:56 . 2010-07-30 22:44	--------	d-----w-	c:\dokumente und einstellungen\Admin\Anwendungsdaten\DVDVideoSoftIEHelpers
2010-09-09 21:55 . 2009-11-09 20:27	--------	d-----w-	c:\programme\Gemeinsame Dateien\DVDVideoSoft
2010-08-22 20:45 . 2010-08-22 20:42	--------	d-----w-	c:\programme\mbrola
2010-08-22 20:28 . 2010-08-22 20:28	--------	d-----w-	c:\programme\eSpeak
2010-08-22 20:08 . 2010-08-22 20:08	--------	d-----w-	c:\programme\Acapela Group
2010-08-22 20:08 . 2009-10-27 18:01	--------	d--h--w-	c:\programme\InstallShield Installation Information
2010-08-22 20:07 . 2010-08-22 20:07	--------	d-----w-	c:\dokumente und einstellungen\Admin\Anwendungsdaten\InstallShield
2010-08-22 11:43 . 2010-08-22 11:43	--------	d-----w-	c:\programme\ScanSoft
2010-08-22 11:34 . 2010-08-22 11:34	--------	d-----w-	c:\dokumente und einstellungen\Admin\Anwendungsdaten\Hunspell
2010-08-22 11:34 . 2010-08-22 11:34	--------	d-----w-	c:\programme\Balabolka
2010-08-22 11:34 . 2010-08-22 11:34	--------	d-----w-	c:\dokumente und einstellungen\Admin\Anwendungsdaten\Balabolka
2010-08-22 11:30 . 2010-08-22 11:25	--------	d-----w-	c:\programme\Gemeinsame Dateien\Logox.4.0
2010-08-22 11:25 . 2010-08-22 11:25	--------	d-----w-	c:\programme\Gemeinsame Dateien\WebSpeech.4.0
2010-08-22 11:25 . 2010-08-22 11:25	159744	----a-w-	c:\windows\LgxSetup.exe
2010-08-21 22:10 . 2010-08-21 22:10	--------	d-----w-	c:\programme\BlablaMaker
2010-08-21 22:04 . 2010-08-21 22:00	--------	d-----w-	c:\programme\Microsoft Agent
2010-08-21 20:57 . 2010-08-21 20:57	--------	d-----w-	c:\programme\Gemeinsame Dateien\L&H
2010-08-21 20:56 . 2010-08-21 20:55	--------	d-----w-	c:\programme\Microsoft Reader
2010-08-20 19:22 . 2010-08-20 19:22	61440	----a-w-	c:\dokumente und einstellungen\Gastkonto\Anwendungsdaten\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-229f1b99-n\decora-sse.dll
2010-08-20 19:22 . 2010-08-20 19:22	503808	----a-w-	c:\dokumente und einstellungen\Gastkonto\Anwendungsdaten\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-45290bf7-n\msvcp71.dll
2010-08-20 19:22 . 2010-08-20 19:22	499712	----a-w-	c:\dokumente und einstellungen\Gastkonto\Anwendungsdaten\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-45290bf7-n\jmc.dll
2010-08-20 19:22 . 2010-08-20 19:22	348160	----a-w-	c:\dokumente und einstellungen\Gastkonto\Anwendungsdaten\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-45290bf7-n\msvcr71.dll
2010-08-20 19:22 . 2010-08-20 19:22	12800	----a-w-	c:\dokumente und einstellungen\Gastkonto\Anwendungsdaten\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-229f1b99-n\decora-d3d.dll
2010-08-18 18:57 . 2010-08-18 18:56	--------	d-----w-	c:\programme\PokerTH-0.8-beta2
2010-08-17 13:17 . 2004-08-04 12:00	58880	----a-w-	c:\windows\system32\spoolsv.exe
2010-08-10 06:43 . 2010-08-09 21:52	--------	d-----w-	c:\programme\AutoShutdownManager
2010-08-06 02:00 . 2010-08-06 02:00	503808	----a-w-	c:\dokumente und einstellungen\Admin\Anwendungsdaten\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-11e8810c-n\msvcp71.dll
2010-08-06 02:00 . 2010-08-06 02:00	61440	----a-w-	c:\dokumente und einstellungen\Admin\Anwendungsdaten\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-5a6ea140-n\decora-sse.dll
2010-08-06 02:00 . 2010-08-06 02:00	499712	----a-w-	c:\dokumente und einstellungen\Admin\Anwendungsdaten\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-11e8810c-n\jmc.dll
2010-08-06 02:00 . 2010-08-06 02:00	348160	----a-w-	c:\dokumente und einstellungen\Admin\Anwendungsdaten\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-11e8810c-n\msvcr71.dll
2010-08-06 02:00 . 2010-08-06 02:00	12800	----a-w-	c:\dokumente und einstellungen\Admin\Anwendungsdaten\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-5a6ea140-n\decora-d3d.dll
2010-08-03 16:56 . 2010-08-03 16:56	--------	d-----w-	c:\programme\Gemeinsame Dateien\Skype
2010-07-27 01:35 . 2010-07-27 01:35	--------	d-----w-	c:\programme\PokerTH-0.8-beta1
2010-07-22 15:48 . 2004-08-04 12:00	590848	----a-w-	c:\windows\system32\rpcrt4.dll
2010-07-22 06:19 . 2008-05-05 06:25	5632	----a-w-	c:\windows\system32\xpsp4res.dll
2010-07-20 13:33 . 2010-07-20 13:33	503808	----a-w-	c:\dokumente und einstellungen\Admin\Anwendungsdaten\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-1483a6e2-n\msvcp71.dll
2010-07-20 13:33 . 2010-07-20 13:33	499712	----a-w-	c:\dokumente und einstellungen\Adminr\Anwendungsdaten\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-1483a6e2-n\jmc.dll
2010-07-20 13:33 . 2010-07-20 13:33	348160	----a-w-	c:\dokumente und einstellungen\Admin\Anwendungsdaten\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-1483a6e2-n\msvcr71.dll
2010-07-20 13:33 . 2010-07-20 13:33	61440	----a-w-	c:\dokumente und einstellungen\Admin\Anwendungsdaten\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-391499c7-n\decora-sse.dll
2010-07-20 13:33 . 2010-07-20 13:33	12800	----a-w-	c:\dokumente und einstellungen\Admin\Anwendungsdaten\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-391499c7-n\decora-d3d.dll
2010-06-30 12:28 . 2004-08-04 12:00	149504	----a-w-	c:\windows\system32\schannel.dll
2010-06-24 12:22 . 2004-09-29 18:47	916480	----a-w-	c:\windows\system32\wininet.dll
2010-06-24 09:02 . 2004-08-04 12:00	1852032	----a-w-	c:\windows\system32\win32k.sys
2010-05-30 11:36 . 2010-05-27 19:43	1137336	----a-w-	c:\programme\SAVE5289.SAV
2010-05-30 11:28 . 2010-05-26 19:02	1124630	----a-w-	c:\programme\autosave.sav
2010-05-30 11:11 . 2010-05-20 21:30	1128565	----a-w-	c:\programme\SAVE0043.SAV
2010-05-26 16:09 . 2010-05-20 21:17	58330	----a-w-	c:\programme\RandMap.img
2010-05-26 16:09 . 2010-05-20 21:17	304	----a-w-	c:\programme\RandMap.Sed
2010-05-26 16:09 . 2010-05-26 16:09	304	----a-w-	c:\programme\SAVE18BE.SED
2010-05-22 10:43 . 2010-05-20 21:17	284	----a-w-	c:\programme\SAVE0029.SED
2010-05-22 07:47 . 2010-05-22 07:35	1738485	----a-w-	c:\programme\SAVE4957.SAV
2010-05-22 07:12 . 2010-05-22 07:12	284	----a-w-	c:\programme\SAVE4823.SED
2010-05-20 21:13 . 2010-05-20 21:13	1553	----a-w-	c:\programme\Keyboard.ini
2010-05-20 20:47 . 2010-05-20 20:47	50	----a-w-	c:\programme\CC.dat
2010-05-20 20:47 . 2010-05-20 20:47	3838	----a-w-	c:\programme\UNINST.WSU
2010-05-20 20:47 . 2010-05-20 20:47	128	----a-w-	c:\programme\Wkey.key
2010-05-20 20:46 . 2010-05-20 20:42	281074192	----a-w-	c:\programme\rdms.mix
2010-05-20 20:42 . 2010-05-20 20:41	53105368	----a-w-	c:\programme\language.mix
2000-11-05 17:08 . 2010-05-29 17:20	11264	----a-w-	c:\programme\cm-rdmstr.exe
2000-10-25 03:11 . 2000-10-25 03:11	129024	----a-w-	c:\programme\Rdms.exe
2000-10-01 23:31 . 2000-10-01 23:31	308276	----a-w-	c:\programme\00000409.256
2000-10-01 23:31 . 2000-10-01 23:31	307320	----a-w-	c:\programme\00000409.016
2000-10-01 23:31 . 2000-10-01 23:31	18768	----a-w-	c:\programme\SECDRV.SYS
2000-10-01 21:40 . 2000-10-01 21:40	4387088	----a-w-	c:\programme\GAME.EXE
2000-09-29 15:37 . 2000-09-29 15:37	27136	----a-w-	c:\programme\README.DOC
2000-09-29 15:34 . 2000-09-29 15:34	14171	----a-w-	c:\programme\README.TXT
2000-09-28 17:02 . 2000-09-28 17:02	73728	----a-w-	c:\programme\MPH.EXE
2000-09-26 20:37 . 2000-09-26 20:37	139264	----a-w-	c:\programme\Uninst.exe
2000-09-19 18:23 . 2000-09-19 18:23	4710	----a-w-	c:\programme\Rdms.ICO
2000-08-30 20:49 . 2000-08-30 20:49	53248	----a-w-	c:\programme\UNINSTLL.EXE
2000-08-24 21:00 . 2000-08-24 21:00	90112	----a-w-	c:\programme\PATCHGET.DAT
2000-07-27 19:22 . 2000-07-27 19:22	286208	----a-w-	c:\programme\Insoft.DLL
2000-07-17 13:45 . 2000-07-17 13:45	165	----a-w-	c:\programme\Rdms.lcf
2000-07-17 13:45 . 2000-07-17 13:45	39604	----a-w-	c:\programme\LAUNCHER.BMP
2000-07-17 13:45 . 2000-07-17 13:45	171520	----a-w-	c:\programme\PATCHW32.DLL
2000-06-27 22:00 . 2000-06-27 22:00	766	----a-w-	c:\programme\NOTES.ICO
2000-03-10 17:20 . 2000-03-10 17:20	2348	----a-w-	c:\programme\InsoftR.tlb
2000-03-10 17:20 . 2000-03-10 17:20	30896	----a-w-	c:\programme\Rdms.tlb
.

((((((((((((((((((((((((((((((((((((((((((((   Look   )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

--- c:\windows\DIIUnin.dat ---
Company: ------
File Description: ------
File Version: ------
Product Name: ------
Copyright: ------
Original Filename: ------
File size: 36675
Created time: 2010-09-15 04:11
Modified time: 2010-09-15 04:19
MD5: 9C438B7A1C0844477CA876F9646620DD
SHA1: DAE0ACAC3A2C08EE5CAC0BA4F6A0A11D97B424BE


--- c:\windows\DIIUnin.exe ---
Company: GameProjectX © 2005-2010 
File Description: DIIUnin -Deinstallationsprogramm
File Version: 1, 0, 0, 5
Product Name: DIIUnin -Deinstallationsprogramm
Copyright: Copyright © 1995-2010
Original Filename: DII Unin.exe
File size: 102400
Created time: 2010-09-15 04:11
Modified time: 2010-09-15 04:11
MD5: 9033A5D45A5C81FA3605E4C5057F4DF5
SHA1: A5D25D1AB4F32426084095473F73D2D67F5DFBED


--- c:\windows\DIIUnin.pif ---
Company: ------
File Description: ------
File Version: ------
Product Name: ------
Copyright: ------
Original Filename: ------
File size: 2829
Created time: 2010-09-15 04:11
Modified time: 2010-09-15 04:11
MD5: B67B23A2B0DAB45B6232658219DA7A1B
SHA1: B0FBD63169966A0BE2461FF67D5FCA5BD098B42F


--- c:\windows\system32\dllcache\moviemk.exe ---
Company: Microsoft Corporation
File Description: Windows Movie Maker
File Version: 2, 1, 4028, 0
Product Name: Windows Movie Maker
Copyright: Copyright (C) Microsoft Corp, 2004
Original Filename: MOVIEMK2.EXE
File size: 3558912
Created time: 2010-09-18 16:25
Modified time: 2010-06-18 13:36
MD5: B66621D7360044D3645C0AC059CF60B2
SHA1: D8CDC06D4361A912E2ADBC56B2715258EFBB3EFE


--- c:\windows\system32\dllcache\vfwwdm32.dll ---
Company: Microsoft Corporation
File Description: VfW MM-Treiber für WDM-Videoaufnahmegeräte
File Version: 5.1.2600.5512 (xpsp.080413-0845)
Product Name: Betriebssystem Microsoft® Windows®
Copyright: © Microsoft Corporation. Alle Rechte vorbehalten.
Original Filename: VfWWDM32.DLL
File size: 54272
Created time: 2010-09-13 17:09
Modified time: 2008-04-14 05:52
MD5: 5B8DD211BBEA1410CE4D7B57BD6BB872
SHA1: CFF472AE5DA838FEEEFF7E03AA212CF5D7216934


--- c:\windows\system32\vfwwdm32.dll ---
Company: Microsoft Corporation
File Description: VfW MM-Treiber für WDM-Videoaufnahmegeräte
File Version: 5.1.2600.5512 (xpsp.080413-0845)
Product Name: Betriebssystem Microsoft® Windows®
Copyright: © Microsoft Corporation. Alle Rechte vorbehalten.
Original Filename: VfWWDM32.DLL
File size: 54272
Created time: 2010-09-13 17:09
Modified time: 2008-04-14 05:52
MD5: 5B8DD211BBEA1410CE4D7B57BD6BB872
SHA1: CFF472AE5DA838FEEEFF7E03AA212CF5D7216934

---- Directory of C:\Ftr ----


---- Directory of C:\Infovox2.lic ----

2010-08-22 20:08 . 2010-08-22 20:08	510	----a-w-	c:\infovox2.lic\demo512-4.lic
2010-08-22 20:08 . 2010-08-22 20:08	510	----a-w-	c:\infovox2.lic\demo512-1.lic
2010-08-22 20:08 . 2010-08-22 20:08	36	--sha-w-	c:\infovox2.lic\agmm2.db.512
2010-08-22 20:08 . 2010-08-22 20:08	6464	--sha-w-	c:\infovox2.lic\agmm1.db.512
2010-08-22 20:08 . 2010-08-22 20:08	1745	----a-w-	c:\infovox2.lic\license.prl

---- Directory of c:\programme\CCS ----


---- Directory of c:\programme\D2 ----

2010-09-19 08:31 . 2010-09-19 08:32	2532	----a-w-	c:\programme\D2\DII II\D2100919.txt
2010-09-15 22:09 . 2010-09-19 09:15	35928	----a-w-	c:\programme\D2\DII II\save\Stealth.ma0
2010-09-15 22:09 . 2010-09-15 22:09	24	----a-w-	c:\programme\D2\DII II\save\Stealth.map
2010-09-15 22:09 . 2010-09-15 22:09	1142	----a-w-	c:\programme\D2\DII II\save\Stealth.key
2010-09-15 22:09 . 2010-09-19 09:16	1527	----a-w-	c:\programme\D2\DII II\save\Stealth.d2s
2010-09-15 22:09 . 2010-09-15 22:10	980	----a-w-	c:\programme\D2\DII II\save\Stealth160011.bak
2010-09-15 22:09 . 2010-09-15 22:11	985	----a-w-	c:\programme\D2\DII II\save\Stealth160012.bak
2010-09-15 22:09 . 2010-09-15 22:12	985	----a-w-	c:\programme\D2\DII II\save\Stealth160014.bak
2010-09-15 22:09 . 2010-09-15 22:14	985	----a-w-	c:\programme\D2\DII II\save\Stealth160017.bak
2010-09-15 22:09 . 2010-09-15 22:17	1021	----a-w-	c:\programme\D2\DII II\save\Stealth160021.bak
2010-09-15 22:09 . 2010-09-15 22:21	1074	----a-w-	c:\programme\D2\DII II\save\Stealth160024.bak
2010-09-15 22:09 . 2010-09-15 22:24	1165	----a-w-	c:\programme\D2\DII II\save\Stealth160031.bak
2010-09-15 22:09 . 2010-09-15 22:31	1320	----a-w-	c:\programme\D2\DII II\save\Stealth160034.bak
2010-09-15 22:09 . 2010-09-15 22:34	1372	----a-w-	c:\programme\D2\DII II\save\Stealth160036.bak
2010-09-15 22:09 . 2010-09-15 22:36	1419	----a-w-	c:\programme\D2\DII II\save\Stealth160038.bak
2010-09-15 22:09 . 2010-09-15 22:38	1471	----a-w-	c:\programme\D2\DII II\save\Stealth160040.bak
2010-09-15 22:09 . 2010-09-15 22:40	1502	----a-w-	c:\programme\D2\DII II\save\Stealth160041.bak
2010-09-15 22:09 . 2010-09-15 22:43	1593	----a-w-	c:\programme\D2\DII II\save\Stealth160043.bak
2010-09-15 22:09 . 2010-09-15 22:43	1616	----a-w-	c:\programme\D2\DII II\save\Stealth160044.bak
2010-09-15 22:09 . 2010-09-15 23:03	1548	----a-w-	c:\programme\D2\DII II\save\Stealth191030.bak
2010-09-15 07:04 . 2010-09-15 23:05	35148	----a-w-	c:\programme\D2\DII II\save\Elizz.ma1
2010-09-15 04:36 . 2010-09-15 06:37	19598	----a-w-	c:\programme\D2\DII II\save\Elizz.ma0
2010-09-15 04:36 . 2010-09-15 07:04	24	----a-w-	c:\programme\D2\DII II\save\Elizz.map
2010-09-15 04:36 . 2010-09-15 22:09	1146	----a-w-	c:\programme\D2\DII II\default.key
2010-09-15 04:36 . 2010-09-15 04:36	1142	----a-w-	c:\programme\D2\DII II\save\Elizz.key
2010-09-15 04:36 . 2010-09-15 23:05	1644	----a-w-	c:\programme\D2\DII II\save\Elizz.d2s
2010-09-15 04:36 . 2010-09-15 04:46	958	----a-w-	c:\programme\D2\DII II\save\Elizz150650.bak
2010-09-15 04:36 . 2010-09-15 04:50	963	----a-w-	c:\programme\D2\DII II\save\Elizz150654.bak
2010-09-15 04:36 . 2010-09-15 04:58	999	----a-w-	c:\programme\D2\DII II\save\Elizz150659.bak
2010-09-15 04:36 . 2010-09-15 04:59	999	----a-w-	c:\programme\D2\DII II\save\Elizz150708.bak
2010-09-15 04:36 . 2010-09-15 05:08	1077	----a-w-	c:\programme\D2\DII II\save\Elizz150711.bak
2010-09-15 04:36 . 2010-09-15 05:31	1242	----a-w-	c:\programme\D2\DII II\save\Elizz150755.bak
2010-09-15 04:36 . 2010-09-15 05:55	1308	----a-w-	c:\programme\D2\DII II\save\Elizz150757.bak
2010-09-15 04:36 . 2010-09-15 05:57	1308	----a-w-	c:\programme\D2\DII II\save\Elizz150800.bak
2010-09-15 04:36 . 2010-09-15 06:00	1338	----a-w-	c:\programme\D2\DII II\save\Elizz150802.bak
2010-09-15 04:36 . 2010-09-15 06:04	1336	----a-w-	c:\programme\D2\DII II\save\Elizz150804.bak
2010-09-15 04:36 . 2010-09-15 06:04	1336	----a-w-	c:\programme\D2\DII II\save\Elizz150814.bak
2010-09-15 04:36 . 2010-09-15 06:39	1371	----a-w-	c:\programme\D2\DII II\save\Elizz150839.bak
2010-09-15 04:36 . 2010-09-15 06:39	1371	----a-w-	c:\programme\D2\DII II\save\Elizz150844.bak
2010-09-15 04:36 . 2010-09-15 06:46	1371	----a-w-	c:\programme\D2\DII II\save\Elizz150846.bak
2010-09-15 04:36 . 2010-09-15 06:46	1371	----a-w-	c:\programme\D2\DII II\save\Elizz150857.bak
2010-09-15 04:36 . 2010-09-15 06:57	1442	----a-w-	c:\programme\D2\DII II\save\Elizz150900.bak
2010-09-15 04:36 . 2010-09-15 07:02	1483	----a-w-	c:\programme\D2\DII II\save\Elizz150902.bak
2010-09-15 04:36 . 2010-09-15 07:02	1483	----a-w-	c:\programme\D2\DII II\save\Elizz150903.bak
2010-09-15 04:36 . 2010-09-15 07:06	1483	----a-w-	c:\programme\D2\DII II\save\Elizz150906.bak
2010-09-15 04:36 . 2010-09-15 07:07	1483	----a-w-	c:\programme\D2\DII II\save\Elizz150907.bak
2010-09-15 04:36 . 2010-09-15 07:08	1483	----a-w-	c:\programme\D2\DII II\save\Elizz150910.bak
2010-09-15 04:36 . 2010-09-15 07:18	1480	----a-w-	c:\programme\D2\DII II\save\Elizz150918.bak
2010-09-15 04:36 . 2010-09-15 07:18	1480	----a-w-	c:\programme\D2\DII II\save\Elizz150923.bak
2010-09-15 04:36 . 2010-09-15 07:26	1498	----a-w-	c:\programme\D2\DII II\save\Elizz150926.bak
2010-09-15 04:36 . 2010-09-15 07:26	1498	----a-w-	c:\programme\D2\DII II\save\Elizz150928.bak
2010-09-15 04:36 . 2010-09-15 07:28	1498	----a-w-	c:\programme\D2\DII II\save\Elizz150929.bak
2010-09-15 04:36 . 2010-09-15 07:35	1484	----a-w-	c:\programme\D2\DII II\save\Elizz151301.bak
2010-09-15 04:36 . 2010-09-15 11:01	1484	----a-w-	c:\programme\D2\DII II\save\Elizz151303.bak
2010-09-15 04:36 . 2010-09-15 11:03	1484	----a-w-	c:\programme\D2\DII II\save\Elizz151312.bak
2010-09-15 04:36 . 2010-09-15 11:12	1508	----a-w-	c:\programme\D2\DII II\save\Elizz151315.bak
2010-09-15 04:36 . 2010-09-15 11:15	1557	----a-w-	c:\programme\D2\DII II\save\Elizz151316.bak
2010-09-15 04:36 . 2010-09-15 12:24	1834	----a-w-	c:\programme\D2\DII II\save\Elizz151425.bak
2010-09-15 04:36 . 2010-09-15 12:25	1818	----a-w-	c:\programme\D2\DII II\save\Elizz152251.bak
2010-09-15 04:36 . 2010-09-15 20:51	1620	----a-w-	c:\programme\D2\DII II\save\Elizz152300.bak
2010-09-15 04:36 . 2010-09-15 21:00	1734	----a-w-	c:\programme\D2\DII II\save\Elizz152308.bak
2010-09-15 04:36 . 2010-09-15 21:08	1752	----a-w-	c:\programme\D2\DII II\save\Elizz152314.bak
2010-09-15 04:36 . 2010-09-15 21:15	1752	----a-w-	c:\programme\D2\DII II\save\Elizz152315.bak
2010-09-15 04:36 . 2010-09-15 21:37	1744	----a-w-	c:\programme\D2\DII II\save\Elizz152337.bak
2010-09-15 04:36 . 2010-09-15 22:07	1644	----a-w-	c:\programme\D2\DII II\save\Elizz160008.bak
2010-09-15 04:36 . 2010-09-15 22:08	1644	----a-w-	c:\programme\D2\DII II\save\Elizz160104.bak
2010-09-15 04:34 . 2010-09-19 09:17	192	----a-w-	c:\programme\D2\DII II\DSnetLog.txt
2010-09-15 04:19 . 2010-09-15 04:23	286	----a-w-	c:\programme\D2\DII II\DSupdate.log
2010-09-15 04:19 . 2010-09-15 04:19	2104101	----a-w-	c:\programme\D2\DII II\Patch_D2.mpq
2010-09-15 04:19 . 2010-09-15 04:23	80457	----a-w-	c:\programme\D2\DII II\Patch.txt
2010-09-15 04:19 . 2010-09-15 04:23	237568	----a-w-	c:\programme\D2\DII II\BNUpdate.exe
2010-09-15 04:18 . 2010-09-15 04:18	74	----a-w-	c:\programme\D2\DII II\Install.log
2010-09-15 04:18 . 2010-09-15 04:18	4639	----a-w-	c:\programme\D2\DII II\support\images\char\War2Bne.jpg
2010-09-15 04:18 . 2010-09-15 04:18	3681	----a-w-	c:\programme\D2\DII II\support\images\char\SysOp.jpg
2010-09-15 04:18 . 2010-09-15 04:18	3377	----a-w-	c:\programme\D2\DII II\support\images\char\Speaker.jpg
2010-09-15 04:18 . 2010-09-15 04:18	3843	----a-w-	c:\programme\D2\DII II\support\images\char\SC.jpg
2010-09-15 04:18 . 2010-09-15 04:18	3592	----a-w-	c:\programme\D2\DII II\support\images\char\Referee.jpg
2010-09-15 04:18 . 2010-09-15 04:18	4293	----a-w-	c:\programme\D2\DII II\support\images\char\mod.jpg
2010-09-15 04:18 . 2010-09-15 04:18	4027	----a-w-	c:\programme\D2\DII II\support\images\char\Medic.jpg
2010-09-15 04:18 . 2010-09-15 04:18	3203	----a-w-	c:\programme\D2\DII II\support\images\char\GHood.jpg
2010-09-15 04:18 . 2010-09-15 04:18	3587	----a-w-	c:\programme\D2\DII II\support\images\char\DS.jpg
2010-09-15 04:18 . 2010-09-15 04:18	3380	----a-w-	c:\programme\D2\DII II\support\images\char\Chat.jpg
2010-09-15 04:18 . 2010-09-15 04:18	3683	----a-w-	c:\programme\D2\DII II\support\images\char\BlizRep.jpg
2010-09-15 04:18 . 2010-09-15 04:18	3161	----a-w-	c:\programme\D2\DII II\support\images\char\BHood.jpg
2010-09-15 04:18 . 2010-09-15 04:18	2989	----a-w-	c:\programme\D2\DII II\support\images\readme.jpg
2010-09-15 04:18 . 2010-09-15 04:18	3133	----a-w-	c:\programme\D2\DII II\support\images\proxy.jpg
2010-09-15 04:18 . 2010-09-15 04:18	2827	----a-w-	c:\programme\D2\DII II\support\images\lat.jpg
2010-09-15 04:18 . 2010-09-15 04:18	4362	----a-w-	c:\programme\D2\DII II\support\images\d2.jpg
2010-09-15 04:18 . 2010-09-15 04:18	7456	----a-w-	c:\programme\D2\DII II\support\images\common.jpg
2010-09-15 04:18 . 2010-09-15 04:18	2675	----a-w-	c:\programme\D2\DII II\support\images\cd.jpg
2010-09-15 04:18 . 2010-09-15 04:18	3894	----a-w-	c:\programme\D2\DII II\support\images\dsnet.jpg
2010-09-15 04:18 . 2010-09-15 04:18	1999	----a-w-	c:\programme\D2\DII II\support\d2\sprite.htm
2010-09-15 04:18 . 2010-09-15 04:18	1955	----a-w-	c:\programme\D2\DII II\support\d2\realm.htm
2010-09-15 04:18 . 2010-09-15 04:18	1725	----a-w-	c:\programme\D2\DII II\support\d2\d2music.htm
2010-09-15 04:18 . 2010-09-15 04:18	2344	----a-w-	c:\programme\D2\DII II\support\d2\corpse.htm
2010-09-15 04:18 . 2010-09-15 04:18	15421	----a-w-	c:\programme\D2\DII II\support\d2\choppy.htm
2010-09-15 04:18 . 2010-09-15 04:18	1615	----a-w-	c:\programme\D2\DII II\support\d2\blckedge.htm
2010-09-15 04:18 . 2010-09-15 04:18	8082	----a-w-	c:\programme\D2\DII II\support\d2\accessv.htm
2010-09-15 04:18 . 2010-09-15 04:18	1654	----a-w-	c:\programme\D2\DII II\support\DSnet\general\symbols.htm
2010-09-15 04:18 . 2010-09-15 04:18	2264	----a-w-	c:\programme\D2\DII II\support\DSnet\errors\inuse.htm
2010-09-15 04:18 . 2010-09-15 04:18	120820	----a-w-	c:\programme\D2\DII II\xreadme.htm
2010-09-15 04:17 . 2010-09-15 04:18	62003804	----a-w-	c:\programme\D2\DII II\d2xtalk.mpq
2010-09-15 04:17 . 2010-09-15 04:17	250634963	----a-w-	c:\programme\D2\DII II\d2exp.mpq
2010-09-15 04:15 . 2010-09-15 04:16	348433635	----a-w-	c:\programme\D2\DII II\d2music.mpq
2010-09-15 04:11 . 2010-09-15 21:17	5865	----a-w-	c:\programme\D2\DII II\D2100915.txt
2010-09-15 04:11 . 2010-09-15 04:18	15304	----a-w-	c:\programme\D2\DII II\License.txt
2010-09-15 04:11 . 2005-08-17 01:12	2129920	----a-w-	c:\programme\D2\DII II\Game.exe
2010-09-15 04:11 . 2010-09-15 04:18	180224	----a-w-	c:\programme\D2\DII II\ijl11.dll
2010-09-15 04:11 . 2005-08-17 00:59	1138688	----a-w-	c:\programme\D2\DII II\D2Game.dll
2010-09-15 04:11 . 2005-08-17 01:02	180224	----a-w-	c:\programme\D2\DII II\D2VidTst.exe
2010-09-15 04:11 . 2005-08-17 00:55	98304	----a-w-	c:\programme\D2\DII II\D2sound.dll
2010-09-15 04:10 . 2010-09-15 04:18	95232	----a-w-	c:\programme\D2\DII II\SmackW32.dll
2010-09-15 04:10 . 2005-08-17 00:56	167936	----a-w-	c:\programme\D2\DII II\D2Launch.dll
2010-09-15 04:10 . 2005-08-17 00:54	372736	----a-w-	c:\programme\D2\DII II\Storm.dll
2010-09-15 04:10 . 2005-08-17 00:55	212992	----a-w-	c:\programme\D2\DII II\Fog.dll
2010-09-15 04:10 . 2010-09-15 04:18	45056	----a-w-	c:\programme\D2\DII II\DII.exe
2010-09-15 04:10 . 2005-08-17 00:56	143360	----a-w-	c:\programme\D2\DII II\D2Win.dll
2010-09-15 04:10 . 2005-08-17 00:55	49152	----a-w-	c:\programme\D2\DII II\D2Net.dll
2010-09-15 04:10 . 2005-08-17 00:56	126976	----a-w-	c:\programme\D2\DII II\D2Multi.dll
2010-09-15 04:10 . 2005-08-17 00:55	49152	----a-w-	c:\programme\D2\DII II\D2MCPClient.dll
2010-09-15 04:10 . 2005-08-17 00:55	77824	----a-w-	c:\programme\D2\DII II\D2Lang.dll
2010-09-15 04:10 . 2005-08-17 00:56	98304	----a-w-	c:\programme\D2\DII II\D2Glide.dll
2010-09-15 04:10 . 2005-08-17 00:55	77824	----a-w-	c:\programme\D2\DII II\D2gfx.dll
2010-09-15 04:10 . 2005-08-17 00:56	53248	----a-w-	c:\programme\D2\DII II\D2Gdi.dll
2010-09-15 04:10 . 2005-08-17 00:56	110592	----a-w-	c:\programme\D2\DII II\D2Direct3D.dll
2010-09-15 04:10 . 2005-08-17 00:56	69632	----a-w-	c:\programme\D2\DII II\D2DDraw.dll
2010-09-15 04:10 . 2005-08-17 00:58	679936	----a-w-	c:\programme\D2\DII II\D2Common.dll
2010-09-15 04:10 . 2005-08-17 00:55	159744	----a-w-	c:\programme\D2\DII II\D2CMP.dll
2010-09-15 04:10 . 2005-08-17 01:02	1093632	----a-w-	c:\programme\D2\DII II\D2Client.dll
2010-09-15 04:10 . 2010-09-15 04:10	1536	----a-w-	c:\programme\D2\DII II\D2.LNG
2010-09-15 04:10 . 2005-08-17 00:55	131072	----a-w-	c:\programme\D2\DII II\Bnclient.dll
2010-09-15 04:10 . 2010-09-15 04:18	200704	----a-w-	c:\programme\D2\DII II\binkw32.dll
2010-09-15 04:10 . 2010-09-15 04:10	176697998	----a-w-	c:\programme\D2\DII II\d2speech.mpq
2010-09-15 04:10 . 2010-09-15 04:11	51955649	----a-w-	c:\programme\D2\DII II\d2sfx.mpq
2010-09-15 04:09 . 2010-09-15 04:10	258361096	----a-w-	c:\programme\D2\DII II\d2data.mpq
2010-09-15 04:09 . 2010-09-15 04:18	2763	----a-w-	c:\programme\D2\DII II\support\include\support.css
2010-09-15 04:09 . 2010-09-15 04:09	5760	----a-w-	c:\programme\D2\DII II\support\images\winproxy\winproxy.gif
2010-09-15 04:09 . 2010-09-15 04:09	9639	----a-w-	c:\programme\D2\DII II\support\images\winproxy\wp3.gif
2010-09-15 04:09 . 2010-09-15 04:09	4317	----a-w-	c:\programme\D2\DII II\support\images\winproxy\wp2.gif
2010-09-15 04:09 . 2010-09-15 04:09	4326	----a-w-	c:\programme\D2\DII II\support\images\winproxy\wp1.gif
2010-09-15 04:09 . 2010-09-15 04:09	2895	----a-w-	c:\programme\D2\DII II\support\images\winproxy\sc3.gif
2010-09-15 04:09 . 2010-09-15 04:09	3632	----a-w-	c:\programme\D2\DII II\support\images\winproxy\sc2.gif
2010-09-15 04:09 . 2010-09-15 04:09	7582	----a-w-	c:\programme\D2\DII II\support\images\winproxy\sc1.gif
2010-09-15 04:09 . 2010-09-15 04:09	3824	----a-w-	c:\programme\D2\DII II\support\images\winproxy\sc.gif
2010-09-15 04:09 . 2010-09-15 04:09	5626	----a-w-	c:\programme\D2\DII II\support\images\wingate\wingate.gif
2010-09-15 04:09 . 2010-09-15 04:09	4408	----a-w-	c:\programme\D2\DII II\support\images\wingate\wg5.gif
2010-09-15 04:09 . 2010-09-15 04:09	4447	----a-w-	c:\programme\D2\DII II\support\images\wingate\wg4.gif
2010-09-15 04:09 . 2010-09-15 04:09	3998	----a-w-	c:\programme\D2\DII II\support\images\wingate\wg3.gif
2010-09-15 04:09 . 2010-09-15 04:09	5537	----a-w-	c:\programme\D2\DII II\support\images\wingate\wg2.gif
2010-09-15 04:09 . 2010-09-15 04:09	9609	----a-w-	c:\programme\D2\DII II\support\images\wingate\wg1.gif
2010-09-15 04:09 . 2010-09-15 04:09	2895	----a-w-	c:\programme\D2\DII II\support\images\wingate\sc3.gif
2010-09-15 04:09 . 2010-09-15 04:09	3632	----a-w-	c:\programme\D2\DII II\support\images\wingate\sc2.gif
2010-09-15 04:09 . 2010-09-15 04:09	7582	----a-w-	c:\programme\D2\DII II\support\images\wingate\sc1.gif
2010-09-15 04:09 . 2010-09-15 04:09	3824	----a-w-	c:\programme\D2\DII II\support\images\wingate\sc.gif
2010-09-15 04:09 . 2010-09-15 04:09	5865	----a-w-	c:\programme\D2\DII II\support\images\msproxy\msproxy.gif
2010-09-15 04:09 . 2010-09-15 04:09	6897	----a-w-	c:\programme\D2\DII II\support\images\msproxy\msp10.gif
2010-09-15 04:09 . 2010-09-15 04:09	8209	----a-w-	c:\programme\D2\DII II\support\images\msproxy\msp9.gif
2010-09-15 04:09 . 2010-09-15 04:09	6182	----a-w-	c:\programme\D2\DII II\support\images\msproxy\msp8.gif
2010-09-15 04:09 . 2010-09-15 04:09	2691	----a-w-	c:\programme\D2\DII II\support\images\msproxy\msp7.gif
2010-09-15 04:09 . 2010-09-15 04:09	2705	----a-w-	c:\programme\D2\DII II\support\images\msproxy\msp6.gif
2010-09-15 04:09 . 2010-09-15 04:09	2724	----a-w-	c:\programme\D2\DII II\support\images\msproxy\msp5.gif
2010-09-15 04:09 . 2010-09-15 04:09	2705	----a-w-	c:\programme\D2\DII II\support\images\msproxy\msp4.gif
2010-09-15 04:09 . 2010-09-15 04:09	5480	----a-w-	c:\programme\D2\DII II\support\images\msproxy\msp3.gif
2010-09-15 04:09 . 2010-09-15 04:09	8180	----a-w-	c:\programme\D2\DII II\support\images\msproxy\msp2.gif
2010-09-15 04:09 . 2010-09-15 04:09	7002	----a-w-	c:\programme\D2\DII II\support\images\msproxy\msp1.gif
2010-09-15 04:09 . 2010-09-15 04:09	3564	----a-w-	c:\programme\D2\DII II\support\images\msproxy\clnt4.gif
2010-09-15 04:09 . 2010-09-15 04:09	5385	----a-w-	c:\programme\D2\DII II\support\images\msproxy\clnt3.gif
2010-09-15 04:09 . 2010-09-15 04:09	6896	----a-w-	c:\programme\D2\DII II\support\images\msproxy\clnt2.gif
2010-09-15 04:09 . 2010-09-15 04:09	4106	----a-w-	c:\programme\D2\DII II\support\images\msproxy\clnt1.gif
2010-09-15 04:09 . 2010-09-15 04:09	3425	----a-w-	c:\programme\D2\DII II\support\images\char\war2bne.gif
2010-09-15 04:09 . 2010-09-15 04:09	1832	----a-w-	c:\programme\D2\DII II\support\images\char\sysop.gif
2010-09-15 04:09 . 2010-09-15 04:09	1539	----a-w-	c:\programme\D2\DII II\support\images\char\speaker.gif
2010-09-15 04:09 . 2010-09-15 04:09	2283	----a-w-	c:\programme\D2\DII II\support\images\char\sc.gif
2010-09-15 04:09 . 2010-09-15 04:09	1788	----a-w-	c:\programme\D2\DII II\support\images\char\referee.gif
2010-09-15 04:09 . 2010-09-15 04:09	2484	----a-w-	c:\programme\D2\DII II\support\images\char\mod.gif
2010-09-15 04:09 . 2010-09-15 04:09	2281	----a-w-	c:\programme\D2\DII II\support\images\char\medic.gif
2010-09-15 04:09 . 2010-09-15 04:09	1322	----a-w-	c:\programme\D2\DII II\support\images\char\ghood.gif
2010-09-15 04:09 . 2010-09-15 04:09	1783	----a-w-	c:\programme\D2\DII II\support\images\char\ds.gif
2010-09-15 04:09 . 2010-09-15 04:09	1510	----a-w-	c:\programme\D2\DII II\support\images\char\chat.gif
2010-09-15 04:09 . 2010-09-15 04:09	1938	----a-w-	c:\programme\D2\DII II\support\images\char\blizrep.gif
2010-09-15 04:09 . 2010-09-15 04:09	1534	----a-w-	c:\programme\D2\DII II\support\images\char\bhood.gif
2010-09-15 04:09 . 2010-09-15 04:09	586	----a-w-	c:\programme\D2\DII II\support\images\arrows\right.gif
2010-09-15 04:09 . 2010-09-15 04:09	587	----a-w-	c:\programme\D2\DII II\support\images\arrows\left.gif
2010-09-15 04:09 . 2010-09-15 04:09	283	----a-w-	c:\programme\D2\DII II\support\images\readme.gif
2010-09-15 04:09 . 2010-09-15 04:09	267	----a-w-	c:\programme\D2\DII II\support\images\proxy.gif
2010-09-15 04:09 . 2010-09-15 04:09	323	----a-w-	c:\programme\D2\DII II\support\images\lat.gif
2010-09-15 04:09 . 2010-09-15 04:09	2512	----a-w-	c:\programme\D2\DII II\support\images\d2.gif
2010-09-15 04:09 . 2010-09-15 04:18	85737	----a-w-	c:\programme\D2\DII II\support\images\d2logo.jpg
2010-09-15 04:09 . 2010-09-15 04:09	13612	----a-w-	c:\programme\D2\DII II\support\images\common.gif
2010-09-15 04:09 . 2010-09-15 04:09	1530	----a-w-	c:\programme\D2\DII II\support\images\cd.gif
2010-09-15 04:09 . 2010-09-15 04:09	1924	----a-w-	c:\programme\D2\DII II\support\images\bnet.gif
2010-09-15 04:09 . 2010-09-15 04:18	3769	----a-w-	c:\programme\D2\DII II\support\d2\windows.htm
2010-09-15 04:09 . 2010-09-15 04:18	2091	----a-w-	c:\programme\D2\DII II\support\d2\vid_mode.htm
2010-09-15 04:09 . 2010-09-15 04:18	30760	----a-w-	c:\programme\D2\DII II\support\d2\vendors.htm
2010-09-15 04:09 . 2010-09-15 04:18	1364	----a-w-	c:\programme\D2\DII II\support\d2\unique.htm
2010-09-15 04:09 . 2010-09-15 04:18	5051	----a-w-	c:\programme\D2\DII II\support\d2\terms.htm
2010-09-15 04:09 . 2010-09-15 04:18	3315	----a-w-	c:\programme\D2\DII II\support\d2\tech.htm
2010-09-15 04:09 . 2010-09-15 04:18	3971	----a-w-	c:\programme\D2\DII II\support\d2\msinfo.htm
2010-09-15 04:09 . 2010-09-15 04:18	4692	----a-w-	c:\programme\D2\DII II\support\d2\minreq.htm
2010-09-15 04:09 . 2010-09-15 04:18	13673	----a-w-	c:\programme\D2\DII II\support\d2\legalfaq.htm
2010-09-15 04:09 . 2010-09-15 04:18	3098	----a-w-	c:\programme\D2\DII II\support\d2\index.htm
2010-09-15 04:09 . 2010-09-15 04:18	12272	----a-w-	c:\programme\D2\DII II\support\d2\icontact.htm
2010-09-15 04:09 . 2010-09-15 04:18	2095	----a-w-	c:\programme\D2\DII II\support\d2\hardcore.htm
2010-09-15 04:09 . 2010-09-15 04:18	2570	----a-w-	c:\programme\D2\DII II\support\d2\errors.htm
2010-09-15 04:09 . 2010-09-15 04:18	3438	----a-w-	c:\programme\D2\DII II\support\d2\drivers.htm
2010-09-15 04:09 . 2010-09-15 04:18	2353	----a-w-	c:\programme\D2\DII II\support\d2\death.htm
2010-09-15 04:09 . 2010-09-15 04:18	4192	----a-w-	c:\programme\D2\DII II\support\d2\cr.htm
2010-09-15 04:09 . 2010-09-15 04:18	2160	----a-w-	c:\programme\D2\DII II\support\d2\contact.htm
2010-09-15 04:09 . 2010-09-15 04:18	34971	----a-w-	c:\programme\D2\DII II\support\d2\cd.htm
2010-09-15 04:09 . 2010-09-15 04:18	2554	----a-w-	c:\programme\D2\DII II\support\d2\alt_tab.htm
2010-09-15 04:09 . 2010-09-15 04:18	2691	----a-w-	c:\programme\D2\DII II\support\d2\altav.htm
2010-09-15 04:09 . 2010-09-15 04:09	1579	----a-w-	c:\programme\D2\DII II\support\bnet\general\symobls.htm
2010-09-15 04:09 . 2010-09-15 04:18	1399	----a-w-	c:\programme\D2\DII II\support\bnet\general\index.htm
2010-09-15 04:09 . 2010-09-15 04:18	2993	----a-w-	c:\programme\D2\DII II\support\bnet\general\harass.htm
2010-09-15 04:09 . 2010-09-15 04:18	1900	----a-w-	c:\programme\D2\DII II\support\bnet\general\chatboot.htm
2010-09-15 04:09 . 2010-09-15 04:18	2526	----a-w-	c:\programme\D2\DII II\support\bnet\errors\password.htm
2010-09-15 04:09 . 2010-09-15 04:18	2062	----a-w-	c:\programme\D2\DII II\support\bnet\errors\noname.htm
2010-09-15 04:09 . 2010-09-15 04:18	2517	----a-w-	c:\programme\D2\DII II\support\bnet\errors\manually.htm
2010-09-15 04:09 . 2010-09-15 04:18	2845	----a-w-	c:\programme\D2\DII II\support\bnet\errors\index.htm
2010-09-15 04:09 . 2010-09-15 04:18	1766	----a-w-	c:\programme\D2\DII II\support\bnet\errors\cdkey.htm
2010-09-15 04:09 . 2010-09-15 04:18	2717	----a-w-	c:\programme\D2\DII II\support\bnet\errors\appver.htm
2010-09-15 04:09 . 2010-09-15 04:18	1612	----a-w-	c:\programme\D2\DII II\support\bnet\errors\account.htm
2010-09-15 04:09 . 2010-09-15 04:18	1528	----a-w-	c:\programme\D2\DII II\support\bnet\errors\16bit.htm
2010-09-15 04:09 . 2010-09-15 04:18	3182	----a-w-	c:\programme\D2\DII II\support\bnet\latency.htm
2010-09-15 04:09 . 2010-09-15 04:18	1938	----a-w-	c:\programme\D2\DII II\support\bnet\index.htm
2010-09-15 04:09 . 2010-09-15 04:18	8354	----a-w-	c:\programme\D2\DII II\support\bnet\commands.htm
2010-09-15 04:09 . 2010-09-15 04:18	3379	----a-w-	c:\programme\D2\DII II\support\bnet\char.htm
2010-09-15 04:09 . 2010-09-15 04:18	5109	----a-w-	c:\programme\D2\DII II\support\bnet\channels.htm
2010-09-15 04:09 . 2010-09-15 04:18	2523	----a-w-	c:\programme\D2\DII II\support\index.htm
2010-09-15 04:09 . 2010-09-15 04:09	108411	----a-w-	c:\programme\D2\DII II\d2readme.htm
2010-09-15 04:07 . 2010-09-15 04:08	460922267	----a-w-	c:\programme\D2\DII\d2video.mpq
2010-09-15 04:05 . 2010-09-15 04:18	266912357	----a-w-	c:\programme\D2\DII\d2char.mpq

---- Directory of c:\programme\mbrola ----

2010-08-22 20:45 . 2004-08-11 07:33	9920	----a-w-	c:\programme\mbrola\de8\test\traum.pho
2010-08-22 20:45 . 2004-08-11 15:09	25	----a-w-	c:\programme\mbrola\de8\test\mbroli.ini
2010-08-22 20:45 . 2004-08-11 15:01	2955	----a-w-	c:\programme\mbrola\de8\de8.txt
2010-08-22 20:45 . 2004-08-11 15:12	1685	----a-w-	c:\programme\mbrola\de8\license.txt
2010-08-22 20:45 . 2004-08-11 15:05	10412936	----a-w-	c:\programme\mbrola\de8\de8
2010-08-22 20:45 . 2003-03-28 10:13	6312	----a-w-	c:\programme\mbrola\de7.txt
2010-08-22 20:45 . 2003-04-04 12:17	56593182	----a-w-	c:\programme\mbrola\de7
2010-08-22 20:45 . 2003-03-28 10:26	361	----a-w-	c:\programme\mbrola\test\spanish.pho
2010-08-22 20:44 . 2003-03-28 10:25	273	----a-w-	c:\programme\mbrola\test\kennen.pho
2010-08-22 20:44 . 2003-03-20 15:37	4354	----a-w-	c:\programme\mbrola\test\gale_loud.pho
2010-08-22 20:44 . 2003-03-20 15:37	2784	----a-w-	c:\programme\mbrola\test\gale_modal.pho
2010-08-22 20:44 . 2003-03-20 15:37	4354	----a-w-	c:\programme\mbrola\test\gale_soft.pho
2010-08-22 20:44 . 2003-04-04 16:59	676	----a-w-	c:\programme\mbrola\test\hallo.pho
2010-08-22 20:44 . 2003-03-28 10:24	338	----a-w-	c:\programme\mbrola\test\hoerzu.pho
2010-08-22 20:44 . 2003-03-28 10:18	528	----a-w-	c:\programme\mbrola\test\english.pho
2010-08-22 20:44 . 2003-03-28 10:20	363	----a-w-	c:\programme\mbrola\test\erzaehl.pho
2010-08-22 20:44 . 2003-03-28 10:23	450	----a-w-	c:\programme\mbrola\test\french.pho
2010-08-22 20:44 . 2002-11-05 17:17	351	----a-w-	c:\programme\mbrola\de6\TEST\spanish.pho
2010-08-22 20:44 . 2002-11-08 09:45	23	----a-w-	c:\programme\mbrola\de6\TEST\mbroli.ini
2010-08-22 20:44 . 2002-11-05 16:38	522	----a-w-	c:\programme\mbrola\de6\TEST\english.pho
2010-08-22 20:44 . 2002-11-05 16:22	358	----a-w-	c:\programme\mbrola\de6\TEST\erzaehl.pho
2010-08-22 20:44 . 2002-11-05 16:52	445	----a-w-	c:\programme\mbrola\de6\TEST\french.pho
2010-08-22 20:44 . 2002-11-05 16:18	335	----a-w-	c:\programme\mbrola\de6\TEST\hoerzu.pho
2010-08-22 20:44 . 2002-11-05 16:24	270	----a-w-	c:\programme\mbrola\de6\TEST\kennen.pho
2010-08-22 20:44 . 2002-11-25 13:13	1772	----a-w-	c:\programme\mbrola\de6\license.txt
2010-08-22 20:44 . 2002-11-25 13:13	6340	----a-w-	c:\programme\mbrola\de6\de6.txt
2010-08-22 20:44 . 2002-11-25 12:15	56671331	----a-w-	c:\programme\mbrola\de6\de6
2010-08-22 20:44 . 2002-11-05 09:26	4822	----a-w-	c:\programme\mbrola\de5\test\de5test.pho
2010-08-22 20:44 . 2002-11-07 09:47	23	----a-w-	c:\programme\mbrola\de5\test\mbroli.ini
2010-08-22 20:44 . 2002-11-05 09:41	5452	----a-w-	c:\programme\mbrola\de5\de5.txt
2010-08-22 20:44 . 2002-11-05 08:55	1729	----a-w-	c:\programme\mbrola\de5\license.txt
2010-08-22 20:44 . 2002-11-07 09:42	14243825	----a-w-	c:\programme\mbrola\de5\de5
2010-08-22 20:44 . 2002-08-12 08:51	4931	----a-w-	c:\programme\mbrola\de4.txt
2010-08-22 20:44 . 2002-10-17 10:12	1863	----a-w-	c:\programme\mbrola\license.txt
2010-08-22 20:44 . 2002-08-12 08:51	22267458	----a-w-	c:\programme\mbrola\de4
2010-08-22 20:44 . 2002-08-12 09:01	23	----a-w-	c:\programme\mbrola\test\mbroli.ini
2010-08-22 20:44 . 2002-08-12 08:53	2930	----a-w-	c:\programme\mbrola\test\de4.movies.pho
2010-08-22 20:44 . 2002-08-12 08:53	4538	----a-w-	c:\programme\mbrola\test\de4.tourdefrance.pho
2010-08-22 20:44 . 2000-03-07 10:31	6446	----a-w-	c:\programme\mbrola\de3\de3.txt
2010-08-22 20:44 . 2000-03-01 09:26	1740	----a-w-	c:\programme\mbrola\de3\license.txt
2010-08-22 20:44 . 2000-03-06 18:53	12588	----a-w-	c:\programme\mbrola\de3\TEST\de3tts.pho
2010-08-22 20:44 . 2000-03-07 10:46	5366	----a-w-	c:\programme\mbrola\de3\TEST\wetter.pho
2010-08-22 20:44 . 2000-03-06 17:52	4102	----a-w-	c:\programme\mbrola\de3\TEST\de3test.pho
2010-08-22 20:44 . 2000-03-07 10:45	877	----a-w-	c:\programme\mbrola\de3\TEST\demo.pho
2010-08-22 20:44 . 2000-03-01 09:24	23	----a-w-	c:\programme\mbrola\de3\TEST\mbroli.ini
2010-08-22 20:44 . 2000-03-01 08:48	11470107	----a-w-	c:\programme\mbrola\de3\de3
2010-08-22 20:44 . 1999-01-06 14:08	10447243	----a-w-	c:\programme\mbrola\de2\de2
2010-08-22 20:44 . 1999-01-06 14:41	7541	----a-w-	c:\programme\mbrola\de2\de2.txt
2010-08-22 20:44 . 1997-09-17 11:33	1740	----a-w-	c:\programme\mbrola\de2\license.txt
2010-08-22 20:44 . 1997-09-17 10:53	2355	----a-w-	c:\programme\mbrola\de2\TEST\lautern.pho
2010-08-22 20:44 . 1997-09-17 10:53	2695	----a-w-	c:\programme\mbrola\de2\TEST\tts.pho
2010-08-22 20:44 . 1997-10-16 08:12	24	----a-w-	c:\programme\mbrola\de2\TEST\mbroli.ini
2010-08-22 20:44 . 1997-08-18 12:26	8810	----a-w-	c:\programme\mbrola\de2\TEST\wetter.pho
2010-08-22 20:44 . 1997-10-16 07:12	24	----a-w-	c:\programme\mbrola\de1\TEST\mbroli.ini
2010-08-22 20:44 . 1996-09-27 07:47	5549	----a-w-	c:\programme\mbrola\de1\TEST\weather.pho
2010-08-22 20:44 . 1997-05-28 16:04	14489	----a-w-	c:\programme\mbrola\de1\TEST\wetter2.pho
2010-08-22 20:44 . 1997-05-27 15:44	14426	----a-w-	c:\programme\mbrola\de1\TEST\wetter2a.pho
2010-08-22 20:44 . 1996-09-27 07:42	1594	----a-w-	c:\programme\mbrola\de1\TEST\w1.pho
2010-08-22 20:44 . 1996-09-27 07:43	956	----a-w-	c:\programme\mbrola\de1\TEST\w5.pho
2010-08-22 20:44 . 1996-09-27 07:44	827	----a-w-	c:\programme\mbrola\de1\TEST\w6.pho
2010-08-22 20:44 . 1996-09-27 07:44	424	----a-w-	c:\programme\mbrola\de1\TEST\w7.pho
2010-08-22 20:44 . 1996-09-27 07:45	717	----a-w-	c:\programme\mbrola\de1\TEST\w8.pho
2010-08-22 20:44 . 1996-09-27 07:47	1031	----a-w-	c:\programme\mbrola\de1\TEST\w9.pho
2010-08-22 20:44 . 2002-03-19 12:42	5143	----a-w-	c:\programme\mbrola\de1\de1.txt
2010-08-22 20:44 . 2002-03-19 12:42	1677	----a-w-	c:\programme\mbrola\de1\license.txt
2010-08-22 20:44 . 1997-10-15 12:00	868	----a-w-	c:\programme\mbrola\de1\TEST\demo.pho
2010-08-22 20:44 . 2002-03-19 12:52	11456451	----a-w-	c:\programme\mbrola\de1\de1
2010-08-22 20:38 . 2010-08-22 20:38	9693603	----a-w-	c:\programme\mbrola\de8.zip
2010-08-22 20:33 . 2010-08-22 20:34	47642004	----a-w-	c:\programme\mbrola\de7.zip
2010-08-22 20:32 . 2010-08-22 20:33	48479957	----a-w-	c:\programme\mbrola\de6.zip
2010-08-22 20:31 . 2010-08-22 20:32	13134662	----a-w-	c:\programme\mbrola\de5.zip
2010-08-22 20:31 . 2010-08-22 20:31	19520969	----a-w-	c:\programme\mbrola\de4.zip
2010-08-22 20:30 . 2010-08-22 20:31	10486554	----a-w-	c:\programme\mbrola\de3-000307.zip
2010-08-22 20:30 . 2010-08-22 20:30	9463658	----a-w-	c:\programme\mbrola\de2-990106.zip
2010-08-22 20:30 . 2010-08-22 20:30	9946342	----a-w-	c:\programme\mbrola\de1-980227.zip

---- Directory of c:\programme\S.A.D ----

2006-10-23 12:54 . 2006-10-23 12:54	450560	----a-w-	c:\programme\S.A.D\Gamejack 6\HHActiveX.dll
2006-10-09 07:32 . 2006-10-09 07:32	2072962	----a-w-	c:\programme\S.A.D\Gamejack 6\GameJack 6.pdf
2006-10-09 07:28 . 2006-10-09 07:28	2117322	----a-w-	c:\programme\S.A.D\Gamejack 6\GameJack 6.chm
2006-10-06 10:46 . 2006-10-06 10:46	1490944	----a-w-	c:\programme\S.A.D\Gamejack 6\DVDArchive\gjarchiv.exe
2006-09-21 13:51 . 2006-09-21 13:51	2768896	----a-w-	c:\programme\S.A.D\Gamejack 6\Gamejack6.exe
2006-09-20 09:31 . 2006-09-20 09:31	1310720	----a-w-	c:\programme\S.A.D\Gamejack 6\BCGCB650.dll
2006-09-14 09:16 . 2006-09-14 09:16	122880	----a-w-	c:\programme\S.A.D\Gamejack 6\BugReport.exe
2006-09-01 15:50 . 2006-09-01 15:50	540672	----a-w-	c:\programme\S.A.D\Gamejack 6\RecDev.dll
2006-08-22 21:00 . 2006-08-22 21:00	122880	----a-w-	c:\programme\S.A.D\Gamejack 6\dvdchk.dll
2006-02-16 22:00 . 2006-02-16 22:00	608768	----a-w-	c:\programme\S.A.D\Gamejack 6\unidrv.msi
2006-01-24 12:29 . 2006-01-24 12:29	200704	----a-w-	c:\programme\S.A.D\Gamejack 6\wnaspi32.dll
2006-01-20 14:25 . 2006-01-20 14:25	217088	----a-w-	c:\programme\S.A.D\Gamejack 6\SoftCore.dll
2005-05-24 05:37 . 2005-05-24 05:37	1038848	----a-w-	c:\programme\S.A.D\Gamejack 6\dbghelp.dll
2005-05-11 13:44 . 2005-05-11 13:44	1466368	----a-w-	c:\programme\S.A.D\GameTuner\GameTuner.exe
2005-02-06 21:00 . 2005-02-06 21:00	212992	----a-w-	c:\programme\S.A.D\Gamejack 6\MXParser.dll
2004-07-02 16:07 . 2004-07-02 16:07	612236	----a-w-	c:\programme\S.A.D\GameTuner\GameTuner.pdf
2002-08-31 21:00 . 2002-08-31 21:00	51	----a-w-	c:\programme\S.A.D\Gamejack 6\DVDArchive\AUTORUN.INF


((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2004-10-27 61952]
"RTHDCPL"="RTHDCPL.EXE" [2009-10-06 18750976]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2006-10-06 98304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2006-10-06 114688]
"Persistence"="c:\windows\system32\igfxpers.exe" [2006-10-06 94208]
"avgnt"="c:\programme\Avira\AntiVir Desktop\avgnt.exe" [2010-03-02 282792]
"SunJavaUpdateSched"="c:\programme\Gemeinsame Dateien\Java\Java Update\jusched.exe" [2010-05-14 248552]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^HP Digital Imaging Monitor.lnk]
path=c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^Admin^Startmenü^Programme^Autostart^ICQ-Tools.de Launcher.lnk]
path=c:\dokumente und einstellungen\Admin\Startmenü\Programme\Autostart\ICQ-Tools.de Launcher.lnk
backup=c:\windows\pss\ICQ-Tools.de Launcher.lnkStartup

[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^Admin^Startmenü^Programme^Autostart^MagicDisc.lnk]
path=c:\dokumente und einstellungen\Admin\Startmenü\Programme\Autostart\MagicDisc.lnk
backup=c:\windows\pss\MagicDisc.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-06-09 08:06	976832	----a-w-	c:\programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-10-03 03:08	35696	-c--a-w-	c:\programme\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BtTray]
2010-03-08 12:16	319574	----a-w-	c:\programme\IVT Corporation\BlueSoleil\BtTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Corel File Shell Monitor]
2009-01-21 15:34	16712	----a-r-	c:\programme\Corel\Corel Paint Shop\DEMO\CorelIOMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Corel Photo Downloader]
2009-01-21 15:34	532808	----a-r-	c:\programme\Gemeinsame Dateien\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Draw Suite]
2009-04-23 13:51	691656	----a-w-	c:\programme\Draw Suite Lite\dst.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2010-06-06 16:18	136176	----atw-	c:\dokumente und einstellungen\Admin\Lokale Einstellungen\Anwendungsdaten\Google\Update\GoogleUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2008-10-25 09:44	31072	----a-w-	c:\programme\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2006-02-19 01:41	49152	-c--a-w-	c:\programme\HP\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 06:52	1695232	------w-	c:\programme\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2009-07-26 15:44	3883840	----a-w-	c:\programme\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
2009-07-27 02:37	180224	----a-w-	c:\programme\PowerISO\PWRISOVM.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2008-09-06 14:09	413696	----a-w-	c:\programme\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2010-05-13 15:57	26192168	----a-r-	c:\programme\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]
2009-11-20 08:17	434176	----a-w-	c:\programme\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2010-09-18 06:25	1242448	----a-w-	c:\programme\Valve\Steam\Steam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UnlockerAssistant]
2009-10-26 07:33	15872	----a-w-	c:\programme\Unlocker\UnlockerAssistant.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VB]
2009-10-27 21:17	288560	----a-w-	c:\programme\VB\VBStudio.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WebcamMaxAutoRun]
2009-12-30 21:50	1561232	----a-w-	c:\programme\WebcamMax\WebcamMax.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"ServiceLayer"=3 (0x3)
"JavaQuickStarterService"=2 (0x2)
"ose"=3 (0x3)
"odserv"=3 (0x3)
"Microsoft Office Groove Audit Service"=3 (0x3)
"wuauserv"=2 (0x2)
"OMSI download service"=2 (0x2)
"BsMobileCS"=2 (0x2)
"BsHelpCS"=3 (0x3)
"BlueSoleilCS"=2 (0x2)
"PSI_SVC_2"=2 (0x2)
"PCAutoShutdown_Service"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programme\\VB\\VBStudio.exe"=
"c:\\Programme\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Programme\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Programme\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Programme\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Programme\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Programme\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Programme\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Programme\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Programme\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Programme\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Programme\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Programme\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Programme\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Programme\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Programme\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Programme\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Programme\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Programme\\ICQ6.5\\ICQ.exe"=
"c:\\Programme\\Valve\\Steam\\SteamApps\\Hector\\counter-strike beta\\hl.exe"=
"c:\\Programme\\Valve\\Steam\\SteamApps\\Hector\\condition zero\\hl.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Programme\\Valve\\Steam\\SteamApps\\Hector\\day of defeat\\hl.exe"=
"c:\\Programme\\Valve\\Steam\\SteamApps\\Hector\\deathmatch classic\\hl.exe"=
"c:\\Programme\\Valve\\Steam\\SteamApps\\Hector\\ricochet\\hl.exe"=
"c:\\Programme\\Mozilla Firefox\\firefox.exe"=
"c:\\Programme\\Pinnacle\\VideoSpin\\Programs\\RM.exe"=
"c:\\Programme\\Pinnacle\\VideoSpin\\Programs\\umi.exe"=
"c:\\Programme\\Pinnacle\\VideoSpin\\Programs\\VideoSpin.exe"=
"c:\\Programme\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Programme\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programme\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Programme\\EA GAMES\\Need for Speed Underground 2\\Demo\\speed2.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programme\\Valve\\Steam\\SteamApps\\Hector\\counter-strike source\\hl2.exe"=
"c:\\Programme\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"c:\\Programme\\IVT Corporation\\BlueSoleil\\BlueSoleilCS.exe"=
"c:\\Programme\\mIRC\\mirc.exe"=
"c:\\Programme\\Valve\\Steam\\SteamApps\\Hector\\dedicated server\\hlds.exe"=
"c:\\WINDOWS\\system32\\java.exe"=
"c:\\LFS\\LFS.exe"=
"c:\\Programme\\Counter Strike\\Counter-Strike 1.6\\hl.exe"=
"c:\\Programme\\Valve\\Steam\\SteamApps\\Hector\\counter-strike\\hl.exe"=
"c:\\Programme\\Skype\\Phone\\Skype.exe"=

R0 BtHidBus;Bluetooth HID Bus Service;c:\windows\system32\drivers\BtHidBus.sys [17.06.2009 15:01 19592]
R2 AntiVirSchedulerService;Avira AntiVir Planer;c:\programme\Avira\AntiVir Desktop\sched.exe [25.04.2010 01:05 135336]
R2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [20.10.2009 20:19 50704]
R3 btnetBUs;Bluetooth PAN Bus Service;c:\windows\system32\drivers\btnetBus.sys [17.06.2009 15:02 29192]
R3 IvtBtBUs;IVT Bluetooth Bus Service;c:\windows\system32\drivers\IvtBtBus.sys [17.06.2009 15:01 25480]
R3 SUPERWEBCAM;SuperWebcam, WDM Virtual Video Capture Device;c:\windows\system32\drivers\superwebcam.sys [13.09.2010 19:08 31872]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [27.10.2009 20:01 1684736]
S3 s1018bus;Sony Ericsson Device 1018 driver (WDM);c:\windows\system32\drivers\s1018bus.sys [05.11.2009 08:01 86824]
S3 s1018mdfl;Sony Ericsson Device 1018 USB WMC Modem Filter;c:\windows\system32\drivers\s1018mdfl.sys [05.11.2009 08:01 15016]
S3 s1018mdm;Sony Ericsson Device 1018 USB WMC Modem Driver;c:\windows\system32\drivers\s1018mdm.sys [05.11.2009 08:01 114728]
S3 s1018mgmt;Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s1018mgmt.sys [05.11.2009 08:01 106208]
S3 s1018nd5;Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS);c:\windows\system32\drivers\s1018nd5.sys [05.11.2009 08:01 26024]
S3 s1018obex;Sony Ericsson Device 1018 USB WMC OBEX Interface;c:\windows\system32\drivers\s1018obex.sys [05.11.2009 08:01 104744]
S3 s1018unic;Sony Ericsson Device 1018 USB Ethernet Emulation (WDM);c:\windows\system32\drivers\s1018unic.sys [05.11.2009 08:01 109864]
S4 BsMobileCS;BsMobileCS;c:\programme\IVT Corporation\BlueSoleil\BsMobileCS.exe [09.03.2010 16:57 143467]
S4 OMSI download service;Sony Ericsson OMSI download service;c:\programme\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe [16.04.2010 01:19 90112]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [28.10.2009 00:50 721904]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.facebook.de/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Free YouTube Download - c:\dokumente und einstellungen\Admin\Anwendungsdaten\DVDVideoSoftIEHelpers\youtubedownload.htm
IE: Free YouTube to Mp3 Converter - c:\dokumente und einstellungen\Admin\Anwendungsdaten\DVDVideoSoftIEHelpers\youtubetomp3.htm
FF - ProfilePath - c:\dokumente und einstellungen\Admin\Anwendungsdaten\Mozilla\Firefox\Profiles\ido3j2y7.default\
FF - prefs.js: browser.search.selectedEngine - heise Netze: Whois
FF - prefs.js: browser.startup.homepage - hxxp://google.de
FF - plugin: c:\dokumente und einstellungen\Admin\Anwendungsdaten\Mozilla\Firefox\Profiles\ido3j2y7.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\plugins\np_gp.dll
FF - plugin: c:\dokumente und einstellungen\Admin\Lokale Einstellungen\Anwendungsdaten\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\programme\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\programme\Mozilla Firefox\plugins\npdeployJava1.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX Richtlinien ----
c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true); 
c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); 
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2010-09-22 09:53
Windows 5.1.2600 Service Pack 3 NTFS

Scanne versteckte Prozesse... 

Scanne versteckte Autostarteinträge... 

Scanne versteckte Dateien... 

Scan erfolgreich abgeschlossen
versteckte Dateien: 0

**************************************************************************
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------

- - - - - - - > 'explorer.exe'(2052)
c:\windows\system32\msi.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\BsMobileSDK.dll
c:\windows\system32\BsLangInDepRes.dll
c:\windows\system32\Bs2Res.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\programme\Avira\AntiVir Desktop\avguard.exe
c:\windows\system32\HPZipm12.exe
c:\programme\Avira\AntiVir Desktop\avshadow.exe
c:\windows\system32\wscntfy.exe
c:\windows\RTHDCPL.EXE
.
**************************************************************************
.
Zeit der Fertigstellung: 2010-09-22  09:59:52 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2010-09-22 07:59
ComboFix2.txt  2010-09-21 12:58

Vor Suchlauf: 22 Verzeichnis(se), 49.868.935.168 Bytes frei
Nach Suchlauf: 23 Verzeichnis(se), 49.772.617.728 Bytes frei

- - End Of File - - DE8417C1782FE9E07204F0475DCC114F
         

Alt 22.09.2010, 12:19   #17
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Java/Agent, + versch. Tr/... - Standard

Java/Agent, + versch. Tr/...



Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus

Anschließend den bootkit_remover herunterladen. Entpacke das Tool in einen eigenen Ordner auf dem Desktop und führe in diesem Ordner die Datei remove.exe aus.

Wenn Du Windows Vista oder Windows 7 verwendest, musst Du die remover.exe über ein Rechtsklick => als Administrator ausführen

Ein schwarzes Fenster wird sich öffnen und automatisch nach bösartigen Veränderungen im MBR suchen.
Poste dann bitte, ob es Veränderungen gibt und wenn ja in welchem device. Am besten alles posten was die remover.exe ausgibt.
__________________

__________________

Alt 22.09.2010, 19:23   #18
©onsultant
 
Java/Agent, + versch. Tr/... - Beitrag

Java/Agent, + versch. Tr/...



Hallo cosinus,


hier wie von dir beschrieben die gewählten Logs:

GMER-Log:



Code:
ATTFilter
GMER 1.0.15.15281 - hxxp://www.gmer.net
Rootkit scan 2010-09-22 19:20:10
Windows 5.1.2600 Service Pack 3
Running: kb1jt3hq.exe; Driver: C:\DOKUME~1\Admin\LOKALE~1\Temp\ufldipob.sys


---- System - GMER 1.0.15 ----

SSDT   F8DD6CDE                                                                                                            ZwCreateKey
SSDT   F8DD6CD4                                                                                                            ZwCreateThread
SSDT   F8DD6CE3                                                                                                            ZwDeleteKey
SSDT   F8DD6CED                                                                                                            ZwDeleteValueKey
SSDT   F8DD6CF2                                                                                                            ZwLoadKey
SSDT   F8DD6CC0                                                                                                            ZwOpenProcess
SSDT   F8DD6CC5                                                                                                            ZwOpenThread
SSDT   F8DD6CFC                                                                                                            ZwReplaceKey
SSDT   F8DD6CF7                                                                                                            ZwRestoreKey
SSDT   F8DD6CE8                                                                                                            ZwSetValueKey

---- Kernel code sections - GMER 1.0.15 ----

.text  ntoskrnl.exe!_abnormal_termination + 428                                                                            804E2A94 4 Bytes  CALL 90470805 
?      Combo-Fix.sys                                                                                                       Das System kann die angegebene Datei nicht finden. !
?      C:\DOKUME~1\Admin\LOKALE~1\Temp\mbr.sys                                                                            Das System kann die angegebene Datei nicht finden. !
?      C:\cofi.exe\catchme.sys                                                                                             Das System kann den angegebenen Pfad nicht finden. !
?      C:\WINDOWS\system32\Drivers\PROCEXP113.SYS                                                                          Das System kann die angegebene Datei nicht finden. !

---- Registry - GMER 1.0.15 ----

Reg    HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC                                    
Reg    HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0                                 C:\Programme\DTS
Reg    HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                 0
Reg    HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                              0xE8 0x5F 0x37 0xD3 ...
Reg    HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001                           
Reg    HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0                        0x20 0x01 0x00 0x00 ...
Reg    HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12                     0x99 0x46 0xD6 0xBD ...
Reg    HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0                      
Reg    HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12                0x1C 0x5D 0xFA 0x84 ...
Reg    HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1                      
Reg    HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12                0x5C 0x82 0xB7 0x1E ...
Reg    HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)                
Reg    HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0                                     C:\Programme\DTS\
Reg    HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                     0
Reg    HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                                  0xE8 0x5F 0x37 0xD3 ...
Reg    HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)       
Reg    HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0                            0x20 0x01 0x00 0x00 ...
Reg    HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12                         0x99 0x46 0xD6 0xBD ...
Reg    HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)  
Reg    HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12                    0x4D 0x9E 0x03 0xF2 ...
Reg    HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1 (not active ControlSet)  
Reg    HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12                    0x0C 0x51 0x4A 0x79 ...
Reg    HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)                
Reg    HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0                                     C:\Programme\DTS\
Reg    HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                     0
Reg    HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                                  0xE8 0x5F 0x37 0xD3 ...
Reg    HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)       
Reg    HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0                            0x20 0x01 0x00 0x00 ...
Reg    HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12                         0x99 0x46 0xD6 0xBD ...
Reg    HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)  
Reg    HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12                    0x1C 0x5D 0xFA 0x84 ...
Reg    HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1 (not active ControlSet)  
Reg    HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12                    0x5C 0x82 0xB7 0x1E ...
Reg    HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32                                   
Reg    HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ThreadingModel                    Apartment
Reg    HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@                                  C:\WINDOWS\system32\OLE32.DLL
Reg    HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@cd042efbbd7f7af1647644e76e06692b  0xC8 0x28 0x51 0xAF ...
Reg    HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32                                   
Reg    HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ThreadingModel                    Apartment
Reg    HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@                                  C:\WINDOWS\system32\OLE32.DLL
Reg    HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@bca643cdc5c2726b20d2ecedcc62c59b  0x6A 0x9C 0xD6 0x61 ...
Reg    HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32                                   
Reg    HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ThreadingModel                    Apartment
Reg    HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@                                  C:\WINDOWS\system32\OLE32.DLL
Reg    HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@2c81e34222e8052573023a60d06dd016  0xFF 0x7C 0x85 0xE0 ...
Reg    HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32                                   
Reg    HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ThreadingModel                    Apartment
Reg    HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@                                  C:\WINDOWS\system32\OLE32.DLL
Reg    HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@2582ae41fb52324423be06337561aa48  0x86 0x8C 0x21 0x01 ...
Reg    HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32                                   
Reg    HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ThreadingModel                    Apartment
Reg    HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@                                  C:\WINDOWS\system32\OLE32.DLL
Reg    HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@caaeda5fd7a9ed7697d9686d4b818472  0xF5 0x1D 0x4D 0x73 ...
Reg    HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32                                   
Reg    HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ThreadingModel                    Apartment
Reg    HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@                                  C:\WINDOWS\system32\OLE32.DLL
Reg    HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@a4a1bcf2cc2b8bc3716b74b2b4522f5d  0xB0 0x18 0xED 0xA7 ...
Reg    HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32                                   
Reg    HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ThreadingModel                    Apartment
Reg    HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@                                  C:\WINDOWS\system32\OLE32.DLL
Reg    HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@4d370831d2c43cd13623e232fed27b7b  0x31 0x77 0xE1 0xBA ...
Reg    HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32                                   
Reg    HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ThreadingModel                    Apartment
Reg    HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@                                  C:\WINDOWS\system32\OLE32.DLL
Reg    HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@1d68fe701cdea33e477eb204b76f993d  0x01 0x3A 0x48 0xFC ...
Reg    HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32                                   
Reg    HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ThreadingModel                    Apartment
Reg    HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@                                  C:\WINDOWS\system32\OLE32.DLL
Reg    HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@1fac81b91d8e3c5aa4b0a51804d844a3  0x51 0xFA 0x6E 0x91 ...
Reg    HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32                                   
Reg    HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ThreadingModel                    Apartment
Reg    HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@                                  C:\WINDOWS\system32\OLE32.DLL
Reg    HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@f5f62a6129303efb32fbe080bb27835b  0x3D 0xCE 0xEA 0x26 ...
Reg    HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32                                   
Reg    HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ThreadingModel                    Apartment
Reg    HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@                                  C:\WINDOWS\system32\OLE32.DLL
Reg    HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@fd4e2e1a3940b94dceb5a6a021f2e3c6  0x2A 0xB7 0xCC 0xB5 ...
Reg    HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32                                   
Reg    HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ThreadingModel                    Apartment
Reg    HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@                                  C:\WINDOWS\system32\OLE32.DLL
Reg    HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@8a8aec57dd6508a385616fbc86791ec2  0x6C 0x43 0x2D 0x1E ...

---- EOF - GMER 1.0.15 ----
         
--- --- ---





OSAM-Log:


Code:
ATTFilter
Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 19:57:47 on 22.09.2010

OS: Windows XP Home Edition Service Pack 3 (Build 2600)
Default Browser: Mozilla Corporation Firefox 3.5.13

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"infocardcpl.cpl" - "Microsoft Corporation" - C:\WINDOWS\system32\infocardcpl.cpl
"javacpl.cpl" - "Oracle" - C:\WINDOWS\system32\javacpl.cpl
"mbrola.cpl" - "Multitel ASBL" - C:\WINDOWS\system32\mbrola.cpl
"PhysX.cpl" - ? - C:\WINDOWS\system32\PhysX.cpl
"speech.cpl" - "Microsoft" - C:\WINDOWS\system32\speech.cpl
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"Avira AntiVir Personal" - "Avira GmbH" - C:\PROGRA~1\Avira\ANTIVI~1\avconfig.cpl
"Avira AntiVir Personal - Free Antivirus " - "Avira GmbH" - C:\PROGRA~1\Avira\ANTIVI~1\avconfig.cpl
"mlcfg32.cpl" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\MLCFG32.CPL
"QuickTime" - "Apple Inc." - C:\Programme\QuickTime\QTSystem\QuickTime.cpl
"WebSpeech" - "G DATA Software AG" - C:\PROGRA~1\GEMEIN~1\WEBSPE~1.0\LgxIEControl.cpl

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"avgio" (avgio) - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\avgio.sys
"avgntflt" (avgntflt) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\avgntflt.sys
"avipbb" (avipbb) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\avipbb.sys
"Bluetooth HID Enumerator" (BTHidEnum) - ? - C:\WINDOWS\System32\Drivers\vbtenum.sys  (File not found)
"Bluetooth HID Manager Service" (BTHidMgr) - ? - C:\WINDOWS\System32\Drivers\BTHidMgr.sys  (File not found)
"Bluetooth PAN Bus Service" (btnetBUs) - ? - C:\WINDOWS\System32\Drivers\btnetBus.sys  (File signed by Microsoft | File found, but it contains no detailed information)
"catchme" (catchme) - ? - C:\cofi.exe\catchme.sys  (File not found)
"Changer" (Changer) - ? - C:\WINDOWS\system32\drivers\Changer.sys  (File not found)
"Driver for MagicISO SCSI Host Controller" (mcdbus) - "MagicISO, Inc." - C:\WINDOWS\System32\DRIVERS\mcdbus.sys
"i2omgmt" (i2omgmt) - ? - C:\WINDOWS\system32\drivers\i2omgmt.sys  (File not found)
"lbrtfdc" (lbrtfdc) - ? - C:\WINDOWS\system32\drivers\lbrtfdc.sys  (File not found)
"mbr" (mbr) - ? - C:\DOKUME~1\Xander\LOKALE~1\Temp\mbr.sys  (Hidden registry entry, rootkit activity | File not found)
"NetGroup Packet Filter Driver" (NPF) - "CACE Technologies, Inc." - C:\WINDOWS\System32\drivers\npf.sys
"PCIDump" (PCIDump) - ? - C:\WINDOWS\system32\drivers\PCIDump.sys  (File not found)
"PDCOMP" (PDCOMP) - ? - C:\WINDOWS\system32\drivers\PDCOMP.sys  (File not found)
"PDFRAME" (PDFRAME) - ? - C:\WINDOWS\system32\drivers\PDFRAME.sys  (File not found)
"PDRELI" (PDRELI) - ? - C:\WINDOWS\system32\drivers\PDRELI.sys  (File not found)
"PDRFRAME" (PDRFRAME) - ? - C:\WINDOWS\system32\drivers\PDRFRAME.sys  (File not found)
"SCDEmu" (SCDEmu) - "PowerISO Computing, Inc." - C:\WINDOWS\system32\drivers\SCDEmu.sys
"ssmdrv" (ssmdrv) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\ssmdrv.sys
"StarForce Protection Environment Driver (version 1.x)" (sfdrv01) - "Protection Technology" - C:\WINDOWS\System32\drivers\sfdrv01.sys
"StarForce Protection Helper Driver (version 2.x)" (sfhlp02) - "Protection Technology" - C:\WINDOWS\System32\drivers\sfhlp02.sys
"StarForce Protection VFS Driver (version 2.x)" (sfvfs02) - "Protection Technology" - C:\WINDOWS\System32\drivers\sfvfs02.sys
"SuperWebcam, WDM Virtual Video Capture Device" (SUPERWEBCAM) - "Windows (R) 2000 DDK provider" - C:\WINDOWS\System32\DRIVERS\superwebcam.sys
"ufldipob" (ufldipob) - ? - C:\DOKUME~1\Xander\LOKALE~1\Temp\ufldipob.sys  (Hidden registry entry, rootkit activity | File not found)
"WDICA" (WDICA) - ? - C:\WINDOWS\system32\drivers\WDICA.sys  (File not found)

[Explorer]
-----( HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components )-----
{89B4C1CD-B018-4511-B0A1-5476DBF70820} "StubPath" - "Microsoft Corporation" - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.dll
{8AAA7E68-62C0-47D2-A290-FEA30B9F66A4} "VTFColExt Class" - "Neil 'Jed' Jedrzejewski" - C:\WINDOWS\system32\vtfcolumnext.dll
-----( HKLM\Software\Classes\Protocols\Filter )-----
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
{807563E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
-----( HKLM\Software\Classes\Protocols\Handler )-----
{314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll
{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL
{828030A1-22C1-4009-854F-8E305202313F} "livecall" - "Microsoft Corporation" - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
{88FED34C-F0CA-4636-A375-3CB6248B04CD} "Local Groove Web Services Protocol" - "Microsoft Corporation" - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll
{828030A1-22C1-4009-854F-8E305202313F} "msnim" - "Microsoft Corporation" - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )-----
{B5A7F190-DDA6-4420-B3BA-52453494E6CD} "Groove GFS Stub Execution Hook" - "Microsoft Corporation" - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{79BC0345-1015-11D2-A299-006008312725} "///FAST project settings" - ? - C:\Programme\Pinnacle\VideoSpin\Programs\BlueShellExt.dll  (File found, but it contains no detailed information)
{42071714-76d4-11d1-8b24-00a0c9068ff3} "CPL-Erweiterung für Anzeigeverschiebung" - ? - deskpan.dll  (File not found)
{E81FFB23-40E2-431C-A041-76AEA0E4B04C} "Enterprise Projects" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\NAMEEXT.DLL
{1D2680C9-0E2A-469d-B787-065558BC7D43} "Fusion Cache" - "Microsoft Corporation" - c:\WINDOWS\system32\mscoree.dll
{99FD978C-D287-4F50-827F-B2C658EDA8E7} "Groove Explorer Icon Overlay 1 (GFS Unread Stub)" - "Microsoft Corporation" - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll
{AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} "Groove Explorer Icon Overlay 2 (GFS Stub)" - "Microsoft Corporation" - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll
{920E6DB1-9907-4370-B3A0-BAFC03D81399} "Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)" - "Microsoft Corporation" - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll
{16F3DD56-1AF5-4347-846D-7C10C4192619} "Groove Explorer Icon Overlay 3 (GFS Folder)" - "Microsoft Corporation" - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll
{2916C86E-86A6-43FE-8112-43ABE6BF8DCC} "Groove Explorer Icon Overlay 4 (GFS Unread Mark)" - "Microsoft Corporation" - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll
{2A541AE1-5BF6-4665-A8A3-CFA9672E4291} "Groove Folder Synchronization" - "Microsoft Corporation" - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll
{72853161-30C5-4D22-B7F9-0BBC1D38A37E} "Groove GFS Browser Helper" - "Microsoft Corporation" - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll
{6C467336-8281-4E60-8204-430CED96822D} "Groove GFS Context Menu Handler" - "Microsoft Corporation" - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll
{B5A7F190-DDA6-4420-B3BA-52453494E6CD} "Groove GFS Stub Execution Hook" - "Microsoft Corporation" - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll
{A449600E-1DC6-4232-B948-9BD794D62056} "Groove GFS Stub Icon Handler" - "Microsoft Corporation" - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll
{387E725D-DC16-4D76-B310-2C93ED4752A0} "Groove XML Icon Handler" - "Microsoft Corporation" - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll
{FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} "IE User Assist" - ? -   (File not found | COM-object registry key not found)
{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} "Kontextmenü für die Verschlüsselung" - ? -   (File not found | COM-object registry key not found)
{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Programme\Microsoft Office\Office12\msohevi.dll
{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\OFFICE12\msoshext.dll
{5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C} "Microsoft Office OneNote Namespace Extension for Windows Desktop Search" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\ONFILTER.DLL
{00020D75-0000-0000-C000-000000000046} "Microsoft Office Outlook" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\MLSHEXT.DLL
{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\OFFICE12\msoshext.dll
{0006F045-0000-0000-C000-000000000046} "Outlook File Icon Extension" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\OLKFSTUB.DLL
{967B2D40-8B7D-4127-9049-61EA0C2C6DCE} "PowerISO" - "PowerISO Computing, Inc." - C:\Programme\PowerISO\PWRISOSH.DLL
{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\shlext.dll
{E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} "Shell Icon Handler for Application References" - "Microsoft Corporation" - c:\WINDOWS\system32\dfshim.dll
{764BF0E1-F219-11ce-972D-00AA00A14F56} "Shellerweiterungen für die Dateikomprimierung" - ? -   (File not found | COM-object registry key not found)
{e82a2d71-5b2f-43a0-97b8-81be15854de8} "ShellLink for Application References" - "Microsoft Corporation" - c:\WINDOWS\system32\dfshim.dll
{DDE4BEEB-DDE6-48fd-8EB5-035C09923F83} "UnlockerShellExtension" - ? - C:\Programme\Unlocker\UnlockerCOM.dll  (File found, but it contains no detailed information)
{BDEADF00-C265-11D0-BCED-00A0C90AB50F} "Web Folders" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Folders\MSONSEXT.DLL
{B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - ? - C:\Programme\WinRAR\rarext.dll

[Internet Explorer]
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
ITBar7Height "ITBar7Height" - ? -   (File not found | COM-object registry key not found)
<binary data> "ITBar7Layout" - ? -   (File not found | COM-object registry key not found)
<binary data> "ITBarLayout" - ? -   (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_21" - "Oracle" - C:\Programme\Java\jre6\bin\npjpi160_21.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} "Java Plug-in 1.6.0_21" - "Oracle" - C:\Programme\Java\jre6\bin\npjpi160_21.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_21" - "Oracle" - C:\Programme\Java\jre6\bin\npjpi160_21.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
{CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} "{CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA}" - ? -   (File not found | COM-object registry key not found) / hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0-windows-i586.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
"ICQ6" - "ICQ, LLC." - C:\Programme\ICQ6.5\ICQ.exe
{FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Research" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
{48E73304-E1D6-4330-914C-F5F514E3486C} "Send to OneNote" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{72853161-30C5-4D22-B7F9-0BBC1D38A37E} "Groove GFS Browser Helper" - "Microsoft Corporation" - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Oracle" - C:\Programme\Java\jre6\bin\jp2ssv.dll
{E7E6F031-17CE-4C07-BC86-EABFE594F69C} "JQSIEStartDetectorImpl Class" - "Oracle" - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
{9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live Anmelde-Hilfsprogramm" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

[Logon]
-----( %AllUsersProfile%\Startmenü\Programme\Autostart )-----
"desktop.ini" - ? - C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\desktop.ini
-----( %UserProfile%\Startmenü\Programme\Autostart )-----
"desktop.ini" - ? - C:\Dokumente und Einstellungen\Xander\Startmenü\Programme\Autostart\desktop.ini
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"avgnt" - "Avira GmbH" - "C:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min
"SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe"

[Print Monitors]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----
"BlueSoleil Print Port" - "IVT Corporation" - C:\WINDOWS\system32\BsMonSvr.dll
"HP Standard TCP/IP Port" - "Hewlett Packard" - C:\WINDOWS\system32\HpTcpMon.dll
"PrintPort" - ? - C:\WINDOWS\system32\emfxp.dll  (File found, but it contains no detailed information)
"Send To Microsoft OneNote Monitor" - "Microsoft Corporation" - C:\WINDOWS\system32\msonpmon.dll

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
".NET Runtime Optimization Service v2.0.50727_X86" (clr_optimization_v2.0.50727_32) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
"Anwendungsverwaltung" (AppMgmt) - ? - C:\WINDOWS\System32\appmgmts.dll  (File not found)
"ASP.NET-Zustandsdienst" (aspnet_state) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
"Avira AntiVir Guard" (AntiVirService) - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\avguard.exe
"Avira AntiVir Planer" (AntiVirSchedulerService) - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\sched.exe
"HID Input Service" (HidServ) - ? -  C:\WINDOWS\System32\hidserv.dll  (File not found)
"InstallDriver Table Manager" (IDriverT) - "Macrovision Corporation" - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe
"Remote Packet Capture Protocol v.0 (experimental)" (rpcapd) - "CACE Technologies, Inc." - C:\Programme\WinPcap\rpcapd.exe
"Windows CardSpace" (idsvc) - "Microsoft Corporation" - c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
"Windows Presentation Foundation Font Cache 3.0.0.0" (FontCache3.0.0.0) - "Microsoft Corporation" - c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe

[Winlogon]
-----( HKCU\Control Panel\IOProcs )-----
"MVB" - ? - mvfs32.dll  (File not found)
-----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions )-----
{c6dc5466-785a-11d2-84d0-00c04fb169f7} "Softwareinstallation" - ? - appmgmts.dll  (File not found)

===[ Logfile end ]=========================================[ Logfile end ]===

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru
         



Bootkit Remover/SCREENSHOT:


__________________
__________________

Alt 22.09.2010, 20:43   #19
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Java/Agent, + versch. Tr/... - Standard

Java/Agent, + versch. Tr/...



Downloade Dir bitte MBRCheck (by a_d_13) und speichere die Datei auf dem Desktop.
  • Doppelklick auf die MBRCheck.exe.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Das Tool braucht nur eine Sekunde.
  • Danach solltest du eine MBRCheck_<Datum>_<Uhrzeit>.txt auf dem Desktop finden.
Poste mir bitte den Inhalt des .txt Dokumentes
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 22.09.2010, 21:32   #20
©onsultant
 
Java/Agent, + versch. Tr/... - Standard

Java/Agent, + versch. Tr/...





Hier bitte, die Log-Datei von MBRCheck



Code:
ATTFilter
MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:			
Windows Version:		Windows XP Home Edition
Windows Information:		Service Pack 3 (build 2600)
Logical Drives Mask:		0x000003fd

Kernel Drivers (total 136):
  0x804D7000 \WINDOWS\system32\ntoskrnl.exe
  0x806EF000 \WINDOWS\system32\hal.dll
  0xF8C3E000 \WINDOWS\system32\KDCOM.DLL
  0xF8B4E000 \WINDOWS\system32\BOOTVID.dll
  0xF86EE000 ACPI.sys
  0xF8C40000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
  0xF86DD000 pci.sys
  0xF873E000 ohci1394.sys
  0xF874E000 \WINDOWS\system32\DRIVERS\1394BUS.SYS
  0xF875E000 isapnp.sys
  0xF8D06000 PCIIde.sys
  0xF89BE000 \WINDOWS\System32\Drivers\PCIIDEX.SYS
  0xF8C42000 intelide.sys
  0xF876E000 MountMgr.sys
  0xF86BE000 ftdisk.sys
  0xF89C6000 PartMgr.sys
  0xF877E000 VolSnap.sys
  0xF86A6000 atapi.sys
  0xF878E000 disk.sys
  0xF879E000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
  0xF8686000 fltmgr.sys
  0xF8674000 sr.sys
  0xF865D000 KSecDD.sys
  0xF864A000 WudfPf.sys
  0xF85BD000 Ntfs.sys
  0xF8590000 NDIS.sys
  0xF87AE000 Combo-Fix.sys
  0xF857C000 sfvfs02.sys
  0xF89CE000 sfhlp02.sys
  0xF856A000 sfdrv01.sys
  0xF8550000 Mup.sys
  0xF8B52000 BtHidBus.sys
  0xF87EE000 \SystemRoot\system32\DRIVERS\intelppm.sys
  0xF7F42000 \SystemRoot\system32\DRIVERS\igxpmp32.sys
  0xF7F2E000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
  0xF7F06000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
  0xF8ACE000 \SystemRoot\system32\DRIVERS\usbuhci.sys
  0xF7EE2000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
  0xF8AD6000 \SystemRoot\system32\DRIVERS\usbehci.sys
  0xF87FE000 \SystemRoot\system32\DRIVERS\AN983.sys
  0xF880E000 \SystemRoot\system32\DRIVERS\nic1394.sys
  0xF8ADE000 \SystemRoot\system32\DRIVERS\fdc.sys
  0xF881E000 \SystemRoot\system32\DRIVERS\serial.sys
  0xF84E6000 \SystemRoot\system32\DRIVERS\serenum.sys
  0xF882E000 \SystemRoot\system32\DRIVERS\imapi.sys
  0xF883E000 \SystemRoot\system32\DRIVERS\cdrom.sys
  0xF884E000 \SystemRoot\system32\DRIVERS\redbook.sys
  0xF7EBF000 \SystemRoot\system32\DRIVERS\ks.sys
  0xF8AE6000 \SystemRoot\System32\Drivers\btnetBus.sys
  0xF8AEE000 \SystemRoot\System32\Drivers\VcommMgr.sys
  0xF8AF6000 \SystemRoot\System32\Drivers\IvtBtBus.sys
  0xF8AFE000 \SystemRoot\system32\DRIVERS\superwebcam.sys
  0xF885E000 \SystemRoot\system32\DRIVERS\STREAM.SYS
  0xF8E47000 \SystemRoot\system32\DRIVERS\audstub.sys
  0xF886E000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
  0xF84DE000 \SystemRoot\system32\DRIVERS\ndistapi.sys
  0xF7EA8000 \SystemRoot\system32\DRIVERS\ndiswan.sys
  0xF887E000 \SystemRoot\system32\DRIVERS\raspppoe.sys
  0xF888E000 \SystemRoot\system32\DRIVERS\raspptp.sys
  0xF8B0E000 \SystemRoot\system32\DRIVERS\TDI.SYS
  0xF7E97000 \SystemRoot\system32\DRIVERS\psched.sys
  0xF889E000 \SystemRoot\system32\DRIVERS\msgpc.sys
  0xF8B16000 \SystemRoot\system32\DRIVERS\ptilink.sys
  0xF8B1E000 \SystemRoot\system32\DRIVERS\raspti.sys
  0xF88AE000 \SystemRoot\system32\DRIVERS\termdd.sys
  0xF8B26000 \SystemRoot\system32\DRIVERS\kbdclass.sys
  0xF8B2E000 \SystemRoot\system32\DRIVERS\mouclass.sys
  0xF7E6F000 \SystemRoot\system32\DRIVERS\mcdbus.sys
  0xF7E03000 \SystemRoot\system32\DRIVERS\SCSIPORT.SYS
  0xF8C7C000 \SystemRoot\system32\DRIVERS\swenum.sys
  0xF7DA5000 \SystemRoot\system32\DRIVERS\update.sys
  0xF84CE000 \SystemRoot\system32\DRIVERS\mssmbios.sys
  0xF88CE000 \SystemRoot\System32\Drivers\NDProxy.SYS
  0xF8B3E000 \SystemRoot\system32\DRIVERS\flpydisk.sys
  0xAA1D1000 \SystemRoot\system32\drivers\RtkHDAud.sys
  0xAA1AD000 \SystemRoot\system32\drivers\portcls.sys
  0xF88FE000 \SystemRoot\system32\drivers\drmk.sys
  0xF891E000 \SystemRoot\system32\DRIVERS\usbhub.sys
  0xF8C88000 \SystemRoot\system32\DRIVERS\USBD.SYS
  0xF8C8A000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
  0xF8D81000 \SystemRoot\System32\Drivers\Null.SYS
  0xF8C8C000 \SystemRoot\System32\Drivers\Beep.SYS
  0xF89FE000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
  0xF8A06000 \SystemRoot\System32\drivers\vga.sys
  0xF8C8E000 \SystemRoot\System32\Drivers\mnmdd.SYS
  0xF8C90000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
  0xF8A0E000 \SystemRoot\System32\Drivers\Msfs.SYS
  0xF8A16000 \SystemRoot\System32\Drivers\Npfs.SYS
  0xF8C06000 \SystemRoot\system32\DRIVERS\rasacd.sys
  0xA9678000 \SystemRoot\system32\DRIVERS\ipsec.sys
  0xA961F000 \SystemRoot\system32\DRIVERS\tcpip.sys
  0xA95F7000 \SystemRoot\system32\DRIVERS\netbt.sys
  0xA95D5000 \SystemRoot\System32\drivers\afd.sys
  0xF893E000 \SystemRoot\system32\DRIVERS\netbios.sys
  0xF8A1E000 \SystemRoot\system32\DRIVERS\ssmdrv.sys
  0xF894E000 \SystemRoot\System32\Drivers\SCDEmu.SYS
  0xA94BA000 \SystemRoot\system32\DRIVERS\rdbss.sys
  0xA944A000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
  0xF895E000 \SystemRoot\System32\Drivers\Fips.SYS
  0xA93FC000 \SystemRoot\system32\DRIVERS\ipnat.sys
  0xF896E000 \SystemRoot\system32\DRIVERS\wanarp.sys
  0xF897E000 \SystemRoot\system32\DRIVERS\arp1394.sys
  0xA93C1000 \SystemRoot\system32\DRIVERS\avipbb.sys
  0xF8C96000 \??\C:\Programme\Avira\AntiVir Desktop\avgio.sys
  0xF8A36000 \SystemRoot\system32\DRIVERS\usbccgp.sys
  0xA96BB000 \SystemRoot\system32\DRIVERS\hidusb.sys
  0xF899E000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
  0xF8A3E000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
  0xA96B3000 \SystemRoot\system32\DRIVERS\mouhid.sys
  0xA96AB000 \SystemRoot\system32\DRIVERS\kbdhid.sys
  0xF812C000 \SystemRoot\System32\Drivers\Cdfs.SYS
  0xA933A000 \SystemRoot\System32\Drivers\dump_atapi.sys
  0xF8C9C000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
  0xBF800000 \SystemRoot\System32\win32k.sys
  0xA9505000 \SystemRoot\System32\drivers\Dxapi.sys
  0xF8A5E000 \SystemRoot\System32\watchdog.sys
  0xBF000000 \SystemRoot\System32\drivers\dxg.sys
  0xF8DA8000 \SystemRoot\System32\drivers\dxgthk.sys
  0xBF024000 \SystemRoot\System32\igxpgd32.dll
  0xBF012000 \SystemRoot\System32\igxprd32.dll
  0xBF04D000 \SystemRoot\System32\igxpdv32.DLL
  0xBF1AE000 \SystemRoot\System32\igxpdx32.DLL
  0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
  0xA91E5000 \SystemRoot\system32\DRIVERS\avgntflt.sys
  0xA91DD000 \SystemRoot\system32\DRIVERS\ndisuio.sys
  0xA8F60000 \SystemRoot\system32\DRIVERS\mrxdav.sys
  0xA8F23000 \SystemRoot\system32\drivers\wdmaud.sys
  0xA9292000 \SystemRoot\system32\drivers\sysaudio.sys
  0xA8FF5000 \SystemRoot\system32\drivers\npf.sys
  0xA8BD4000 \SystemRoot\system32\DRIVERS\srv.sys
  0xA9382000 \??\C:\DOKUME~1\Admin\LOKALE~1\Temp\mbr.sys
  0xA8913000 \SystemRoot\System32\Drivers\HTTP.sys
  0xA938A000 \??\C:\cofi.exe\catchme.sys
  0xF8CCA000 \??\C:\WINDOWS\system32\Drivers\PROCEXP113.SYS
  0xA8533000 \??\C:\DOKUME~1\Admin\LOKALE~1\Temp\ufldipob.sys
  0x7C910000 \WINDOWS\system32\ntdll.dll

Processes (total 34):
       0 System Idle Process
       4 System
     596 C:\WINDOWS\system32\smss.exe
     644 csrss.exe
     668 C:\WINDOWS\system32\winlogon.exe
     716 C:\WINDOWS\system32\services.exe
     728 C:\WINDOWS\system32\lsass.exe
     896 C:\WINDOWS\system32\svchost.exe
     952 svchost.exe
    1020 C:\WINDOWS\system32\svchost.exe
    1056 C:\WINDOWS\system32\svchost.exe
    1192 svchost.exe
    1248 svchost.exe
    1352 C:\WINDOWS\system32\spoolsv.exe
    1400 C:\Programme\Avira\AntiVir Desktop\sched.exe
    1468 svchost.exe
    1748 C:\Programme\Avira\AntiVir Desktop\avguard.exe
    1876 C:\WINDOWS\system32\svchost.exe
     552 C:\Programme\Avira\AntiVir Desktop\avshadow.exe
    1232 alg.exe
    2420 C:\WINDOWS\RTHDCPL.EXE
    2520 C:\WINDOWS\system32\igfxtray.exe
    2588 C:\WINDOWS\system32\hkcmd.exe
    2648 C:\WINDOWS\system32\igfxpers.exe
    2672 C:\Programme\Avira\AntiVir Desktop\avgnt.exe
    2712 C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe
    2052 C:\WINDOWS\explorer.exe
    2704 C:\WINDOWS\system32\svchost.exe
    3376 C:\WINDOWS\system32\ctfmon.exe
    1160 C:\WINDOWS\system32\taskmgr.exe
    2784 C:\Programme\Mozilla Firefox\firefox.exe
    2492 C:\WINDOWS\system32\charmap.exe
    2036 C:\WINDOWS\system32\notepad.exe
    3616 C:\Dokumente und Einstellungen\Admin\Eigene Dateien\Downloads\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00  (NTFS)

PhysicalDrive0 Model Number: ST3160023AS, Rev: 3.00    

      Size  Device Name          MBR Status
  --------------------------------------------
    149 GB  \\.\PhysicalDrive0   Windows XP MBR code detected
            SHA1: ADFE55CD0C6ED2E00B22375835E4C2736CE9AD11


Done!
         

__________________
LG,
©onsultant

_______________________________________________
Anleitungen, FAQs & Links | Anleitung: Neuaufsetzen des Systems + Absicherung

Alt 22.09.2010, 21:36   #21
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Java/Agent, + versch. Tr/... - Standard

Java/Agent, + versch. Tr/...



Code:
ATTFilter
      Size  Device Name          MBR Status
  --------------------------------------------
    149 GB  \\.\PhysicalDrive0   Windows XP MBR code detected
            SHA1: ADFE55CD0C6ED2E00B22375835E4C2736CE9AD11
         
Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!
__________________
--> Java/Agent, + versch. Tr/...

Alt 22.09.2010, 21:51   #22
©onsultant
 
Java/Agent, + versch. Tr/... - Beitrag

Java/Agent, + versch. Tr/...



Gut, werde ich machen, werde morgen die Logs posten da die Scans eine Weile dauern, danke
__________________
LG,
©onsultant

_______________________________________________
Anleitungen, FAQs & Links | Anleitung: Neuaufsetzen des Systems + Absicherung

Alt 23.09.2010, 16:38   #23
©onsultant
 
Java/Agent, + versch. Tr/... - Standard

Java/Agent, + versch. Tr/...



Hallo cosinus,


nun habe ich ja noch einmal die Control-Scans mit Malwarebytes und SUPERAntiSpyware durchgeführt; (leider muß ich dich enttäuschen da anscheinend ein RootKit gefunden wurde) und es wurden beiderseits Funde angezeigt. Ich poste nachfolgend die Logs mit Screenshot:


Malwarebytes-Log:



Code:
ATTFilter
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 4645

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

23.09.2010 15:16:15
LOG12345678.txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Durchsuchte Objekte: 254306
Laufzeit: 1 Stunde(n), 23 Minute(n), 40 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 1
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
         


SCREENSHOT:






SUPERAntiSpyware-Log:


Code:
ATTFilter
SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com

Generated 09/23/2010 at 05:18 PM

Application Version : 4.43.1000

Core Rules Database Version : 5563
Trace Rules Database Version: 3375

Scan type       : Complete Scan
Total Scan Time : 01:54:16

Memory items scanned      : 498
Memory threats detected   : 0
Registry items scanned    : 7758
Registry threats detected : 1
File items scanned        : 115116
File threats detected     : 2

Disabled.SecurityCenterOption
	HKLM\SOFTWARE\MICROSOFT\SECURITY CENTER#UPDATESDISABLENOTIFY

Adware.Tracking Cookie
	cdn.eyewonder.com [ C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Macromedia\Flash Player\#SharedObjects\ZP82H4ZU ]
	www.adservercentral.info [ C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Macromedia\Flash Player\#SharedObjects\ZP82H4ZU ]
         


SCREENSHOT:






P.S.: Ich habe bei beiden Scannern die Funde noch NICHT gelöscht, danke schon im Voraus für deinen Lösungsvorschlag.
__________________
LG,
©onsultant

_______________________________________________
Anleitungen, FAQs & Links | Anleitung: Neuaufsetzen des Systems + Absicherung

Alt 23.09.2010, 19:01   #24
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Java/Agent, + versch. Tr/... - Standard

Java/Agent, + versch. Tr/...



Zitat:
Infizierte Dateiobjekte der Registrierung:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
Das ist kein Rootkit! Nur ein Eintrag, der auf ein deaktiviertes Sicherheitscenter hinweist. Das ist an für sich nicht mal ein Schädling sondern nur eine kleine veränderte Einstellung.

Zitat:
Disabled.SecurityCenterOption
HKLM\SOFTWARE\MICROSOFT\SECURITY CENTER#UPDATESDISABLENOTIFY
SASW hat das gleiche gefunden. Ansonsten nur Cookies. Sieht ok aus. Noch Probleme oder weitere Funde in der Zwischenzeit?
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 24.09.2010, 18:09   #25
©onsultant
 
Java/Agent, + versch. Tr/... - Beitrag

Java/Agent, + versch. Tr/...



Abend,

gut, danke für den Hinweis

Nein keine weiteren Funde - das AV-Programm gibt nun auch wieder Ruhe.


THX für den guten Support!
__________________
LG,
©onsultant

_______________________________________________
Anleitungen, FAQs & Links | Anleitung: Neuaufsetzen des Systems + Absicherung

Alt 25.09.2010, 13:49   #26
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Java/Agent, + versch. Tr/... - Standard

Java/Agent, + versch. Tr/...



Dann wären wir durch!

Bitte abschließend die Updates prüfen, unten mein Leitfaden dazu.
Für noch mehr Sicherheit solltest Du nach der beseitigten Infektion auch möglichst alle Passwörter ändern.


Microsoftupdate

Windows XP: Besuch mit dem IE die MS-Updateseite und lass Dir alle wichtigen Updates installieren.

Windows Vista/7: Anleitung Windows-Update



PDF-Reader aktualisieren
Dein Adobe Reader ist nicht aktuell, was ein großes Sicherheitsrisiko darstellt. Du solltest daher besser die alte Version über Systemsteuerung => Software deinstallieren, indem Du dort auf "Adobe Reader x.0" klickst und das Programm entfernst.

Ich empfehle einen alternativen PDF-Reader wie SumatraPDF oder Foxit PDF Reader, beide sind sehr viel schlanker und flotter als der AdobeReader.

Bitte überprüf bei der Gelegenheit auch die Aktualität des Flashplayers, hier der direkte Downloadlink => http://filepony.de/?q=Flash+Player


Java-Update
Veraltete Java-Installationen sind ein Sicherheitsrisiko, daher solltest Du die alten Versionen löschen (falls vorhanden, am besten mit JavaRa) und auf die neuste aktualisieren. Beende dazu alle Programme (v.a. die Browser), klick danach auf Start, Systemsteuerung, Software und deinstalliere darüber alle aufgelisteten Java-Versionen. Lad Dir danach von hier das aktuelle Java SE Runtime Environment (JRE) herunter und installiere es.
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 25.09.2010, 13:53   #27
©onsultant
 
Java/Agent, + versch. Tr/... - Standard

Java/Agent, + versch. Tr/...



Zitat:
Zitat von cosinus Beitrag anzeigen
Dann wären wir durch!

Bitte abschließend die Updates prüfen, unten mein Leitfaden dazu.
Für noch mehr Sicherheit solltest Du nach der beseitigten Infektion auch möglichst alle Passwörter ändern.


Microsoftupdate

Windows XP: Besuch mit dem IE die MS-Updateseite und lass Dir alle wichtigen Updates installieren.

Windows Vista/7: Anleitung Windows-Update



PDF-Reader aktualisieren
Dein Adobe Reader ist nicht aktuell, was ein großes Sicherheitsrisiko darstellt. Du solltest daher besser die alte Version über Systemsteuerung => Software deinstallieren, indem Du dort auf "Adobe Reader x.0" klickst und das Programm entfernst.

Ich empfehle einen alternativen PDF-Reader wie SumatraPDF oder Foxit PDF Reader, beide sind sehr viel schlanker und flotter als der AdobeReader.

Bitte überprüf bei der Gelegenheit auch die Aktualität des Flashplayers, hier der direkte Downloadlink => hxxp://fpdownload.adobe.com/get/flashplayer/current/install_flash_player.exe


Java-Update
Veraltete Java-Installationen sind ein Sicherheitsrisiko, daher solltest Du die alten Versionen löschen (falls vorhanden, am besten mit JavaRa) und auf die neuste aktualisieren. Beende dazu alle Programme (v.a. die Browser), klick danach auf Start, Systemsteuerung, Software und deinstalliere darüber alle aufgelisteten Java-Versionen. Lad Dir danach von hier das aktuelle Java SE Runtime Environment (JRE) herunter und installiere es.




Gut,

Ist alles auf dem aktuellsten Stand - danke für die Tipps!
__________________
LG,
©onsultant

_______________________________________________
Anleitungen, FAQs & Links | Anleitung: Neuaufsetzen des Systems + Absicherung

Antwort

Themen zu Java/Agent, + versch. Tr/...
0 bytes, antivir, antivir guard, avira, bho, converter, dllhost.exe, einstellungen, eudora, excel, firefox, frage, helper, hijack, hijackthis, hkus\s-1-5-18, internet explorer, java-virus, jusched.exe, mp3, msiexec.exe, notepad.exe, nt.dll, plug-in, problem, programm, prozess, prozesse, registry, scan, services.exe, shortcut, software, svchost.exe, versteckte objekte, verweise, virus gefunden, warnung, windows




Ähnliche Themen: Java/Agent, + versch. Tr/...


  1. Win 7 (64bit); Versch. Schädlinge nach Java Update (? (Trojaner, Virus, Adware & Exploits)); Internetgeschwindigkeit massiv reduziert
    Log-Analyse und Auswertung - 18.09.2013 (11)
  2. Nach Verschlüsselungstrojaner viele Virenfunde (JAVA/Jogek.CT; rus JAVA/Agent.MH; JAVA/Dldr.Pesur.BH; W32/Idele.2219; VBS/Fluenza.B; u.a...
    Log-Analyse und Auswertung - 28.01.2013 (1)
  3. Avira Antivir findet JAVA/Agent.LP, EXP/JAVA.Ternub.Gen und EXP/CVE-2012-0507.AR
    Log-Analyse und Auswertung - 21.01.2013 (1)
  4. Anhaltendes Virenproblem: JAVA/Agent.MN, TR/Spy.ZBot.gfbr.1, EXP/Dldr.Java.D-G, JAVA/Dldr.Rilly.A
    Plagegeister aller Art und deren Bekämpfung - 09.11.2012 (25)
  5. Malware auf Homepage und Rechner gefunden. 'JAVA/Agent.JT' , JAVA/Agent.10515
    Log-Analyse und Auswertung - 31.05.2011 (22)
  6. Java:Agent-DU und Java:Agent-DR in einem Archiv gefunden
    Plagegeister aller Art und deren Bekämpfung - 02.05.2011 (45)
  7. Massig Viren: JS/Agent.DZ, JAVA/Exdoer.UW, JAVA/Agent.10515
    Plagegeister aller Art und deren Bekämpfung - 04.04.2011 (4)
  8. Avira findet 2 Trojaner Java-Virus JAVA/Agent.BH und Exploit EXP/Pidief.coi
    Plagegeister aller Art und deren Bekämpfung - 07.01.2011 (29)
  9. Antivir Fund JAVA/Agent.IV; JAVA/Agent.HT.2; JAVA/Agent.ID.2
    Plagegeister aller Art und deren Bekämpfung - 07.01.2011 (22)
  10. JAVA/Agent.FP und JAVA/Dldr.Agent und andere Schädlinge
    Plagegeister aller Art und deren Bekämpfung - 07.12.2010 (21)
  11. Avira meldet Befall mit TR/Dldr.Carberp.C.51 und Java/Agent.HT.2 bzw. Java/Agent.ID.2
    Plagegeister aller Art und deren Bekämpfung - 26.11.2010 (14)
  12. Virus gefunden: JAVA/Agent.HR , JAVA/Agent.M.1, JAVA/Rowindal.C
    Plagegeister aller Art und deren Bekämpfung - 13.11.2010 (18)
  13. HILFE --- JAVA/Agent.M.1 & JAVA/Agent.M.2 --- INTERNET KOLLABIERT
    Plagegeister aller Art und deren Bekämpfung - 19.10.2010 (9)
  14. Avirafund: TR/Drop.Agent.cxpr, JAVA/Agent.A, JAVA/Rowindal.C und andere
    Plagegeister aller Art und deren Bekämpfung - 14.09.2010 (25)
  15. 'JAVA/Agent.D' [virus] und 'EXP/Java.Agent.BF' --- Notebook extrem laaaangsam..
    Plagegeister aller Art und deren Bekämpfung - 26.08.2010 (30)
  16. TR/Dldr.Java.Agent und JAVA/Agent.F.1 allerdings nur von antivir erkannt
    Plagegeister aller Art und deren Bekämpfung - 06.06.2010 (8)
  17. Versch. Trojaner in mehreren Dateien - TR/SMALL.cjd TR/Dldr.Agent.dmrq TR/Ertfor.B.
    Plagegeister aller Art und deren Bekämpfung - 28.04.2010 (8)

Zum Thema Java/Agent, + versch. Tr/... - Und wieder mal ein Hallo oder besser "noch" guten Morgen. Hier habe ich nun das Logfile von CF: Code: Alles auswählen Aufklappen ATTFilter ComboFix 10-09-21.01 - Admin 22.09.2010 9:42.2.1 - - Java/Agent, + versch. Tr/......
Archiv
Du betrachtest: Java/Agent, + versch. Tr/... auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.