Trojaner-Board
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Firefox öffnet Tab zu Security Threat Analysis (https://www.trojaner-board.de/85349-firefox-oeffnet-tab-security-threat-analysis.html)

Una 27.04.2010 07:22
Firefox öffnet Tab zu Security Threat Analysis
 
Hallo,

ich habe seit kurzem das Problem, dass sich im Firefox, sobald ich damit surfe (aber nie ohne, dass Firefox geöffnet ist), nach einiger Zeit ein eigener Tab öffnet zu einer Seite auf der etwas mit Security Threat Analsysis steht. Dann wird irgendwas runtergezählt und mir wird eine Datei namens packupdate_build107_231 . exe angeboten. Das Ganze sieht wie eine offizielle Microsoft-Sicherheitsseite bzw. Fenster von Windows XP aus. Jedesmal kurz danach meldet AntiVir irgendeinen Trojaner TR/Agent etc. Diese kann ich problemlos in die Quarantäne verschieben.

Zuerst habe ich mir das Tool von euch zum Anhalten runtergeladen und ausgeführt. Dann habe ich Malwarebytes durchlaufen lassen. Das erste Log habe ich weiter unten angehängt. Dann habe ich noch den CCleaner ausprobiert und auf Anraten innerhalb eines Themas hier im Forum ein neues Profil für den Firefox angelegt und nun weiß ich nicht weiter.

HiJack-Log:

Code:
Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 20:59:59, on 26.04.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
P:\tools\Avira\AntiVir Desktop\sched.exe C:\WINDOWS\SOUNDMAN.EXE P:\media\Winamp\winampa.exe P:\tools\Avira\AntiVir Desktop\avgnt.exe C:\Programme\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
P:\sicherheit\BackUp Maker\bkmaker.exe
P:\tools\Avira\AntiVir Desktop\avguard.exe C:\Programme\Application Updater\ApplicationUpdater.exe C:\Programme\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Canon\CAL\CALMAIN.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\WINDOWS\explorer.exe
P:\inet\Mozilla Firefox\firefox.exe
C:\Dokumente und Einstellungen\.....\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = h..p://www.google.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = h..p://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = h..p://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = h..p://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = h..p://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Programme\pdfforge Toolbar\SearchSettings.dll
O3 - Toolbar: pdfforge Toolbar - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Programme\pdfforge Toolbar\IE\1.1.2\pdfforgeToolbarIE.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [WinampAgent] P:\media\Winamp\winampa.exe
O4 - HKLM\..\Run: [QuickTime Task] "P:\media\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [avgnt] "P:\tools\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [LexwareInfoService] C:\Programme\Gemeinsame Dateien\Lexware\Update Manager\LxUpdateManager.exe /autostart
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SearchSettings] C:\Programme\pdfforge Toolbar\SearchSettings.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: BackUp Maker.lnk = P:\sicherheit\BackUp Maker\bkmaker.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - h..p://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - h..p://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - h..p://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1270055997859
O18 - Protocol: haufereader - (no CLSID) - (no file)
O23 - Service: AAV UpdateService - Unknown owner - C:\Programme\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe
O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - P:\tools\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - P:\tools\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Application Updater - Spigot, Inc. - C:\Programme\Application Updater\ApplicationUpdater.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Programme\Canon\CAL\CALMAIN.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programme\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 5817 bytes
Das erste erstelle Malwarebytes-Log (die neueren zeigen keine Fehler mehr an)

Code:
Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org

Datenbank Version: 4032

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

24.04.2010 23:47:16
mbam-log-2010-04-24 (23-47-16).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 108237
Laufzeit: 3 Minute(n), 50 Sekunde(n)

Infizierte Speicherprozesse: 1
Infizierte Speichermodule: 3
Infizierte Registrierungsschlüssel: 32
Infizierte Registrierungswerte: 14
Infizierte Dateiobjekte der Registrierung: 3 Infizierte Verzeichnisse: 11 Infizierte Dateien: 34

Infizierte Speicherprozesse:
C:\WINDOWS\system32\net.net (Trojan.Downloader) -> Unloaded process successfully.

Infizierte Speichermodule:
C:\WINDOWS\system32\voljm.dll (Trojan.Ertfor) -> Delete on reboot.
C:\Dokumente und Einstellungen\.....\Lokale Einstellungen\Temp\jqzmod.dll (Trojan.Ertfor) -> Delete on reboot.
C:\WINDOWS\system32\sshnas21.dll (Trojan.Downloader) -> Delete on reboot.

Infizierte Registrierungsschlüssel:
HKEY_CLASSES_ROOT\AppID\{38061edc-40bb-4618-a8da-e56353347e6d} (Adware.EZlife) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{a9722a0d-365f-47d2-b70b-37d046316d99} (Adware.EZlife) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a2ba40a0-74f1-52bd-f411-00b15a2c8953} (Trojan.Ertfor) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{e0ec6fba-f009-3535-95d6-b6390db27da1} (Adware.EZlife) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{a2ba40a0-74f1-52bd-f411-00b15a2c8953} (Trojan.Ertfor) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{a2ba40a0-74f1-52bd-f411-00b15a2c8953} (Trojan.Ertfor) -> Delete on reboot.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\pqdtewtdmqtmshl (Adware.Adrotator) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\setup.exe (Trojan.Chifrax) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CscrptXt.CscrptXt (Adware.EZlife) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\YVIBBBHA8C (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sshnas (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\cscrptxt.cscrptxt.1.0 (Adware.EZlife) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\ezLife (Adware.EZlife) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ezLife (Adware.EzLife) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\ezLife (Adware.EzLife) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Smart-Ads-Solutions (Adware.SmartAds) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Smart-Ads-Solutions (Adware.SmartAds) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Smart-Ads-Solutions (Adware.SmartAds) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\net (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Handle (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Antimalware Doctor (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Antimalware Doctor Inc (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\adshothlpr.adshothlpr (Adware.Adrotator) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\adshothlpr.adshothlpr.1.0 (Adware.Adrotator) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\adhlpr.adhlpr (Adware.Adrotator) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\adhlpr.adhlpr.1.0 (Adware.Adrotator) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\QZAIB7KITK (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\net (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\newupdate1142c.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\hsf87efjhdsf87f3jfsdi7fhsujfd (Trojan.Clicker) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\hsf87sdhfush87fsufhuie3fddf (Trojan.Ertfor) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{a2ba40a0-74f1-52bd-f411-00b15a2c8953} (Trojan.Ertfor) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mcexecwin (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\yvibbbha8c (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ezlife (Adware.EZlife) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\idstrf (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\winid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\nofolderoptions (Hijack.FolderOptions) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Network\uid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\hqamblkhnmg (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ewrgetuj (Worm.Prolaco.M) -> Quarantined and deleted successfully.

Infizierte Dateiobjekte der Registrierung:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Spyware.Zbot) -> Data: c:\dokumente und einstellungen\.....\anwendungsdaten\sdra64.exe -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFolderOptions (Hijack.FolderOptions) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Hijack.Userinit) -> Bad: (C:\WINDOWS\system32\userinit.exe,C:\Dokumente und Einstellungen\.....\Anwendungsdaten\sdra64.exe,C:\WINDOWS\system32\sdra64.exe,) Good: (Userinit.exe) -> Quarantined and deleted successfully.

Infizierte Verzeichnisse:
C:\WINDOWS\system32\lowsec (Stolen.data) -> Quarantined and deleted successfully.
C:\Programme\Smart-Ads-Solutions (Adware.SmartAds) -> Quarantined and deleted successfully.
C:\Programme\Smart-Ads-Solutions\SmartAds (Adware.SmartAds) -> Quarantined and deleted successfully.
C:\Programme\Smart-Ads-Solutions\SmartAds\1.5.2.0 (Adware.SmartAds) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\.....\Anwendungsdaten\Smart-Ads-Solutions (Adware.SmartAds) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\.....\Anwendungsdaten\Smart-Ads-Solutions\SmartAds (Adware.SmartAds) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\.....\Anwendungsdaten\ezLife (Adware.EzLife) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\.....\Anwendungsdaten\ezLife\ezLife (Adware.EzLife) -> Quarantined and deleted successfully.
C:\Programme\ezLife (Adware.EzLife) -> Quarantined and deleted successfully.
C:\Programme\ezLife\ezLife (Adware.EzLife) -> Quarantined and deleted successfully.
C:\Programme\ezLife\ezLife\1.5.2.0 (Adware.EzLife) -> Quarantined and deleted successfully.

Infizierte Dateien:
C:\WINDOWS\system32\voljm.dll (Trojan.Ertfor) -> Delete on reboot.
C:\WINDOWS\system32\net.net (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\.....\Lokale Einstellungen\Temp\jqzmod.dll (Trojan.Ertfor) -> Delete on reboot.
C:\Dokumente und Einstellungen\.....\Anwendungsdaten\2D5C43747779ED51A3D56F4DF9DF64D5\newupdate1142C.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\.....\Lokale Einstellungen\Temp\smss.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\.....\Lokale Einstellungen\Temp\iv287o.exe (Trojan.Ertfor) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\lxwvyszd.dll (Adware.EZlife) -> Quarantined and deleted successfully.
C:\Programme\Mozilla Firefox\Components\ffxShot.dll (Adware.Adrotator) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\pqdtewtdmqtmshl.exe (Adware.Adrotator) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\djpwsmps.sys (Rootkit.Agent) -> Delete on reboot.
C:\Dokumente und Einstellungen\.....\Lokale Einstellungen\Temp\1664.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\.....\Lokale Einstellungen\Temp\cwrnxosema.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\.....\Lokale Einstellungen\Temp\ps5koofm7piinqy.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\.....\Lokale Einstellungen\Temp\xromsewacn.tmp (Trojan.Agent.Gen) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\1666.tmp (Trojan.Downloader) -> Delete on reboot.
C:\WINDOWS\system32\lowsec\local.ds (Stolen.data) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\lowsec\user.ds (Stolen.data) -> Quarantined and deleted successfully.
C:\Programme\Smart-Ads-Solutions\SmartAds\1.5.2.0\uninstall.exe (Adware.SmartAds) -> Quarantined and deleted successfully.
C:\Programme\ezLife\ezLife\1.5.2.0\uninstall.exe (Adware.EzLife) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\.....\Startmenü\Programme\Autostart\Antimalware Doctor.lnk (Rogue.AntiMalwareDoctor) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\.....\Lokale Einstellungen\Temp\setup.exe (Trojan.Chifrax) -> Quarantined and deleted successfully.
C:\Programme\Mozilla Firefox\components\nsFFxSHot.xpt (Adware.Adrotator) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\.....\Lokale Einstellungen\Temp\Nkh.exe (Trojan.FakeAlert) -> Delete on reboot.
C:\Dokumente und Einstellungen\.....\Anwendungsdaten\Microsoft\Internet Explorer\Quick Launch\Antimalware Doctor.lnk (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\.....\Desktop\Antimalware Doctor.lnk (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\.....\Startmenü\Antimalware Doctor.lnk (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\sshnas21.dll (Trojan.Downloader) -> Delete on reboot.
C:\WINDOWS\Tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\.....\Lokale Einstellungen\Temp\svchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\.....\Lokale Einstellungen\Temp\taskmgr.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\lycbqzvqcgh.dll (Trojan.Agent) -> Delete on reboot.
C:\Dokumente und Einstellungen\.....\Lokale Einstellungen\Temp\jisfije9fjoiee.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\.....\Anwendungsdaten\sdra64.exe (Spyware.Zbot) -> Quarantined and deleted successfully.
Ich hoffe, ihr könnt mir weiterhelfen.
Vielen Dank

cosinus 27.04.2010 14:52
Hallo und :hallo:

Bitte malwarebytes aktualisieren und einen Vollscan starten - Log posten. Danach OTL:

Systemscan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles hier in den Thread.

Una 28.04.2010 17:23
Hallo und schonmal danke für die schnelle Antwort.

Vollscan Malweare

Code:
Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org

Datenbank Version: 4046

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

28.04.2010 18:22:46
mbam-log-2010-04-28 (18-22-46).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|F:\|P:\|S:\|)
Durchsuchte Objekte: 223085
Laufzeit: 1 Stunde(n), 17 Minute(n), 19 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)

cosinus 28.04.2010 19:32
Vollscan mit aktuellen Signaturen ohne Funde ist schon mal nicht schlecht (aber noch nicht alles). Das OTL Log wär jetzt gut.

Una 28.04.2010 19:33
Merkwürdigerweise habe ich große Probleme, im Forum zu posten wenn ich das bereits einmal gemacht habe. Ich bekomme dann anschließend beständig die Meldung, dass die Verbindung unterbrochen wurde. Weder mit dem Firefox noch dem Internet Explorer geht es dann. Auch ein Neustart bringt nichts. Ich kann einfach die Logs nicht posten, jedenfalls nicht mit diesen CODE-Tags.

EXTRA-Log

Code:
OTL Extras logfile created on: 28.04.2010 18:51:39 - Run 1
OTL by OldTimer - Version 3.2.3.0    Folder = C:\Dokumente und Einstellungen\.....\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 68,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 86,00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 29,30 Gb Total Space | 16,38 Gb Free Space | 55,89% Space Free | Partition Type: NTFS
Drive D: | 48,83 Gb Total Space | 13,10 Gb Free Space | 26,83% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
Drive F: | 464,80 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive P: | 24,67 Gb Total Space | 0,55 Gb Free Space | 2,25% Space Free | Partition Type: NTFS
Drive S: | 49,86 Gb Total Space | 5,01 Gb Free Space | 10,04% Space Free | Partition Type: NTFS
 
Computer Name: .....-PC
Current User Name: .....
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- P:\inet\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Programme\Microsoft Office\Office10\msohtmed.exe" %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "P:\media\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "P:\media\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "P:\media\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"3724:TCP" = 3724:TCP:*:Enabled:Blizzard Downloader: 3724
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"P:\inet\WS_FTP\ftp95pro.exe" = P:\inet\WS_FTP\ftp95pro.exe:*:Enabled:WS_FTP 95 -- (Ipswitch, Inc. 81 Hartwell Ave. Lexington, MA)
"C:\Dokumente und Einstellungen\.....\Lokale Einstellungen\Temp\Blizzard Launcher Temporary - 89218168\Launcher.exe" = C:\Dokumente und Einstellungen\.....\Lokale Einstellungen\Temp\Blizzard Launcher Temporary - 89218168\Launcher.exe:*:Enabled:Blizzard Launcher -- File not found
"C:\Dokumente und Einstellungen\.....\Lokale Einstellungen\Temp\Blizzard Launcher Temporary - 3a1dcad8\Launcher.exe" = C:\Dokumente und Einstellungen\.....\Lokale Einstellungen\Temp\Blizzard Launcher Temporary - 3a1dcad8\Launcher.exe:*:Enabled:Blizzard Launcher -- File not found
"S:\World_of_Warcraft\Launcher.exe" = S:\World_of_Warcraft\Launcher.exe:*:Enabled:Blizzard Launcher -- (Blizzard Entertainment)
"S:\World_of_Warcraft\WoW-3.1.1.9835-to-3.1.2.9901-deDE-downloader.exe" = S:\World_of_Warcraft\WoW-3.1.1.9835-to-3.1.2.9901-deDE-downloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)
"S:\World_of_Warcraft\WoW-3.1.3.9947-to-3.2.0.10192-deDE-downloader.exe" = S:\World_of_Warcraft\WoW-3.1.3.9947-to-3.2.0.10192-deDE-downloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)
"S:\World_of_Warcraft\WoW-3.2.0.10192-to-3.2.0.10314-deDE-downloader.exe" = S:\World_of_Warcraft\WoW-3.2.0.10192-to-3.2.0.10314-deDE-downloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)
"S:\Sacred 2 - Fallen Angel\system\s2gs.exe" = S:\Sacred 2 - Fallen Angel\system\s2gs.exe:*:Enabled:Sacred 2 Game Server -- (Ascaron Entertainment GmbH)
"S:\Sacred 2 - Fallen Angel\system\sacred2.exe" = S:\Sacred 2 - Fallen Angel\system\sacred2.exe:*:Enabled:Sacred 2 -- (Ascaron Entertainment GmbH)
"S:\World_of_Warcraft\WoW-3.2.0.10314-to-3.2.2.10482-deDE-downloader.exe" = S:\World_of_Warcraft\WoW-3.2.0.10314-to-3.2.2.10482-deDE-downloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)
"S:\World_of_Warcraft\WoW-3.2.2.10482-to-3.2.2.10505-deDE-downloader.exe" = S:\World_of_Warcraft\WoW-3.2.2.10482-to-3.2.2.10505-deDE-downloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{00140407-78E1-11D2-B60F-006097C998E7}" = Microsoft Publisher 2000
"{01501EBA-EC35-4F9F-8889-3BE346E5DA13}" = MSXML4 Parser
"{03ED6584-5A5A-4CA3-B61D-741618E510DF}" = Steuer 2008
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{0D410F4D-9009-43F8-9DF1-BDADCE7FC43F}" = AAVUpdateManager
"{1023383E-D9F6-478C-A965-23A4657B3C9A}" = Sacred 2
"{24D753CA-6AE9-4E30-8F5F-EFC93E08BF3D}" = Skype™ 4.0
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java(TM) 6 Update 13
"{31A57C3E-30DD-421F-B5C7-974DACB0D05F}" = Canon Camera WIA Driver
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{49FC50FC-F965-40D9-89B4-CBFF80941031}" = Windows Movie Maker 2.0
"{5791B7D3-8B34-4218-9750-6A8E45D0AD32}" = pdfforge Toolbar v1.1.2
"{58BAA8D0-404E-4585-9FD3-ED1BB72AC2EE}" = Adobe Flash Player 9 ActiveX
"{6181E138-C21C-471C-9238-F2F59C314C6C}" = Steuer 2008
"{67DABCB4-239C-4E02-805E-DEA0DDCB1926}" = Steuer Hilfesammlung
"{69496452-FAF3-43BC-9907-BA9CEC65FC10}" = Lexware Info Service
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{7E3F4E29-823B-440A-9219-011452AAE502}" = Steuerprogramm2009
"{7F3AD00A-1819-4B15-BB7D-08B3586336D7}" = 3DMark06
"{821DABD6-26F2-49E5-AE55-40A589ADBE6D}" = DER ERSTE KAISER: Aufstieg des Reichs der Mitte
"{8A8F8391-4C2C-4BE1-A984-CD4A5A546467}" = EPSON Easy Photo Print
"{8DC42D05-680B-41B0-8878-6C14D24602DB}" = QuickTime
"{8E35083D-B04F-4823-A260-C07FDD3D40FD}" = Tools\Olympus DSS Player Pro
"{91110407-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{AC76BA86-7AD7-1031-7B44-A91000000001}" = Adobe Reader 9.1 - Deutsch
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C151CE54-E7EA-4804-854B-F515368B0798}" = Athlon 64 Processor Driver
"{C2C284D2-6BD7-3B34-B0C5-B2CAED168DF7}" = Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - DEU
"{C314CE45-3392-3B73-B4E1-139CD41CA933}" = Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - DEU
"{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B}" = NVIDIA PhysX
"{C950420B-4182-49EA-850A-A6A2ABF06C6B}" = Marvell Miniport Driver
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D341C705-A763-4DC0-A3B6-EA13E34ADE9E}" = USB Flachbettscanner
"{D5C8E140-6E6F-11DD-9AA9-0050560400B1}" = Haufe iDesk-Service
"{D6DE02C7-1F47-11D4-9515-00105AE4B89A}" = Paint Shop Pro 7 Anniversary Edition
"{E1C7EF5E-3A7B-4ED4-A48B-F70F1B36EAB4}" = Corel Paint Shop Pro Photo XI
"{F48AAE0F-52F4-11DD-B1F7-0050560400B1}" = Haufe iDesk-Browser
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"7-Zip" = 7-Zip 4.65
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Age of Mythology 1.0" = Age of Mythology
"Age of Mythology Expansion Pack 1.0" = Age of Mythology - The Titans Expansion
"Ant Movie Catalog_is1" = Ant Movie Catalog
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"BackUp Maker_is1" = BackUp Maker v6.0
"CAL" = Canon Camera Access Library
"CameraWindowDC" = Canon Utilities CameraWindow DC
"CameraWindowDVC5" = Canon Utilities CameraWindow DC_DV 5 for ZoomBrowser EX
"CameraWindowDVC6" = Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
"CameraWindowLauncher" = Canon Utilities CameraWindow
"Canon G.726 WMP-Decoder" = Canon G.726 WMP-Decoder
"Canon MOV Decoder" = Canon MOV Decoder
"Canon MOV Encoder" = Canon MOV Encoder
"CCleaner" = CCleaner
"CSCLIB" = Canon Camera Support Core Library
"EOS Utility" = Canon Utilities EOS Utility
"EPSON Printer and Utilities" = EPSON-Drucker-Software
"Foxit Reader" = Foxit Reader
"HijackThis" = HijackThis 2.0.2
"ie8" = Windows Internet Explorer 8
"ImgBurn" = ImgBurn
"InstallShield_{31A57C3E-30DD-421F-B5C7-974DACB0D05F}" = Canon EOS Kiss REBEL 300D WIA-Treiber
"IrfanView" = IrfanView (remove only)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MobMap_is1" = MobMap 3.31
"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
"MyCamera" = Canon Utilities MyCamera
"MyCameraDC" = Canon Utilities MyCamera DC
"nLite_is1" = nLite 1.4.9.1
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager
"Picasa 3" = Picasa 3
"RAW Image Task" = Canon RAW Image Task for ZoomBrowser EX
"RemoteCaptureDC" = Canon Utilities RemoteCapture DC
"RemoteCaptureTask" = Canon Utilities RemoteCapture Task for ZoomBrowser EX
"SystemRequirementsLab" = System Requirements Lab
"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2
"The Bat!" = The Bat!
"TopStyle Lite (Version 2)" = TopStyle Lite (Version 2)
"Winamp" = Winamp
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows XP Service Pack" = Windows XP Service Pack 3
"World of Warcraft" = World of Warcraft
"xp-AntiSpy" = xp-AntiSpy 3.96-8
"XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0
"Zoo Tycoon 1.0" = Zoo Tycoon: Complete Collection
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"HomeSite 4.5" = HomeSite 4.5
Den Rest dieses Logs versuche ich gleich noch zu speichern aber hier bricht er mir dauernd ab.

Una 28.04.2010 19:38
Ich bekomme ständig die Meldung, dass die Verbindung unterbrochen ist, sobald ich versuche, das Log zu posten - sei es in Code-Tags oder einfach nur so im Text. Ich weiß jetzt nicht genau, was ich anders machen kann?

Editieren geht auch nicht, es sei denn es ist normaler Text wie hier jetzt. Hilfe, was soll ich tun?

cosinus 28.04.2010 20:33
Lad das OTL-Log hier hoch und verlinke es => File-Upload.net

Una 28.04.2010 21:01
Hallo Arne,

vielen Dank für den Tipp.

h..p://www.file-upload.net/download-2473608/OTL.Txt.html
h..p://www.file-upload.net/download-2473625/Extras.Txt.html

Das mit dem kleinen Linkbutton hat auch irgendwie nicht funktioniert aber so geht es.

cosinus 29.04.2010 09:13
Sieht auch okay aus. Mach bitte noch einen Durchgang mit CF:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Lade dir ComboFix hier herunter auf deinen Desktop. Benenne es beim Runterladen um in cofi.exe.
http://saved.im/mtm0nzyzmzd5/cofi.jpg
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Una 29.04.2010 18:53
ComboFix Log

Code:
ComboFix 10-04-29.01 - ..... 29.04.2010  19:40:52.1.1 - x86
ausgeführt von:: c:\dokumente und einstellungen\.....\Desktop\cofi.exe
.

((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\dokumente und einstellungen\.....\Anwendungsdaten\2D5C43747779ED51A3D56F4DF9DF64D5
c:\dokumente und einstellungen\.....\Anwendungsdaten\2D5C43747779ED51A3D56F4DF9DF64D5\enemies-names.txt
c:\programme\pdfforge Toolbar\SearchSettings.dll

Infizierte Kopie von c:\windows\system32\drivers\ssmdrv.sys wurde gefunden und desinfiziert
Kopie von - Kitty had a snack :p wurde wiederhergestellt
.
(((((((((((((((((((((((  Dateien erstellt von 2010-03-28 bis 2010-04-29  ))))))))))))))))))))))))))))))
.

2010-04-24 21:58 . 2010-04-24 21:58        --------        d-----w-        c:\programme\CCleaner
2010-04-24 21:41 . 2010-04-24 21:41        --------        d-----w-        c:\dokumente und einstellungen\.....\Anwendungsdaten\Malwarebytes
2010-04-24 21:41 . 2010-03-29 13:24        38224        ----a-w-        c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-24 21:41 . 2010-04-24 21:41        --------        d-----w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\Malwarebytes
2010-04-24 21:41 . 2010-04-24 21:41        --------        d-----w-        c:\programme\Malwarebytes' Anti-Malware
2010-04-24 21:41 . 2010-03-29 13:24        20824        ----a-w-        c:\windows\system32\drivers\mbam.sys
2010-04-11 16:24 . 2010-04-11 16:24        --------        d-----w-        c:\dokumente und einstellungen\.....\Anwendungsdaten\Search Settings
2010-04-11 16:24 . 2010-04-11 16:24        --------        d-----w-        c:\dokumente und einstellungen\.....\Anwendungsdaten\pdfforge
2010-04-11 10:46 . 2010-04-11 10:46        --------        d-----w-        c:\programme\Application Updater
2010-04-11 10:46 . 2010-04-29 17:44        --------        d-----w-        c:\programme\pdfforge Toolbar
2010-04-11 10:46 . 2001-10-28 14:42        116224        ----a-w-        c:\windows\system32\pdfcmnnt.dll
2010-04-11 10:46 . 1998-07-06 15:56        125712        ----a-w-        c:\windows\system32\VB6DE.DLL
2010-04-11 10:46 . 1998-07-06 15:55        158208        ----a-w-        c:\windows\system32\MSCMCDE.DLL
2010-04-11 10:46 . 1998-07-06 15:55        64512        ----a-w-        c:\windows\system32\MSCC2DE.DLL
2010-04-11 10:46 . 1998-07-05 22:00        23552        ----a-w-        c:\windows\system32\MSMPIDE.DLL
2010-03-31 17:15 . 2010-03-31 17:15        --------        d-sh--w-        c:\dokumente und einstellungen\.....\PrivacIE
2010-03-31 17:13 . 2010-03-31 17:13        --------        d-sh--w-        c:\dokumente und einstellungen\.....\IETldCache
2010-03-31 17:11 . 2010-03-31 17:11        --------        dc-h--w-        c:\windows\ie8

.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-28 19:05 . 2004-12-31 22:29        --------        d-----w-        c:\dokumente und einstellungen\.....\Anwendungsdaten\BatMail
2010-04-26 17:50 . 2008-11-10 18:42        --------        d-----w-        c:\dokumente und einstellungen\.....\Anwendungsdaten\Corel
2010-04-26 17:45 . 2008-11-10 18:42        848        --sha-w-        c:\windows\system32\KGyGaAvL.sys
2010-04-26 17:37 . 2008-12-08 19:04        --------        d-----w-        c:\dokumente und einstellungen\.....\Anwendungsdaten\ZoomBrowser EX
2010-04-26 17:36 . 2009-05-25 13:58        --------        d-----w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\ZoomBrowser
2010-03-28 17:44 . 2001-08-23 12:00        80290        ----a-w-        c:\windows\system32\perfc007.dat
2010-03-28 17:44 . 2001-08-23 12:00        448726        ----a-w-        c:\windows\system32\perfh007.dat
2010-03-20 10:06 . 2010-03-20 10:06        --------        d-----w-        c:\dokumente und einstellungen\.....\Anwendungsdaten\ASCOMP Software
2010-03-07 10:54 . 2010-03-07 10:54        --------        d-----w-        c:\dokumente und einstellungen\.....\Anwendungsdaten\ImgBurn
.

((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{B922D405-6D13-4A2B-AE89-08A030DA4402}"= "c:\programme\pdfforge Toolbar\IE\1.1.2\pdfforgeToolbarIE.dll" [2010-01-08 700416]

[HKEY_CLASSES_ROOT\clsid\{b922d405-6d13-4a2b-ae89-08a030da4402}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2004-11-15 77824]
"WinampAgent"="p:\media\Winamp\winampa.exe" [2008-08-03 36352]
"QuickTime Task"="p:\media\QuickTime\QTTask.exe" [2008-09-06 413696]
"avgnt"="p:\tools\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"SunJavaUpdateSched"="c:\programme\Java\jre6\bin\jusched.exe" [2009-04-05 148888]
"LexwareInfoService"="c:\programme\Gemeinsame Dateien\Lexware\Update Manager\LxUpdateManager.exe" [2008-09-11 339240]
"Adobe Reader Speed Launcher"="c:\programme\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-11-20 12669544]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-11-20 110184]
"SearchSettings"="c:\programme\pdfforge Toolbar\SearchSettings.exe" [2010-01-07 974848]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]

c:\dokumente und einstellungen\All Users\Startmen\Programme\Autostart\
BackUp Maker.lnk - p:\sicherheit\BackUp Maker\bkmaker.exe [2010-3-20 5958432]
Microsoft Office.lnk - c:\programme\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLinkedConnections"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2009-03-16 17:47        24095528        ----a-r-        c:\programme\Skype\Phone\Skype.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"p:\\inet\\WS_FTP\\ftp95pro.exe"=
"s:\\World_of_Warcraft\\Launcher.exe"=
"s:\\World_of_Warcraft\\WoW-3.1.1.9835-to-3.1.2.9901-deDE-downloader.exe"=
"s:\\World_of_Warcraft\\WoW-3.1.3.9947-to-3.2.0.10192-deDE-downloader.exe"=
"s:\\World_of_Warcraft\\WoW-3.2.0.10192-to-3.2.0.10314-deDE-downloader.exe"=
"s:\\Sacred 2 - Fallen Angel\\system\\s2gs.exe"=
"s:\\Sacred 2 - Fallen Angel\\system\\sacred2.exe"=
"s:\\World_of_Warcraft\\WoW-3.2.0.10314-to-3.2.2.10482-deDE-downloader.exe"=
"s:\\World_of_Warcraft\\WoW-3.2.2.10482-to-3.2.2.10505-deDE-downloader.exe"=
"c:\\Programme\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724

R2 AAV UpdateService;AAV UpdateService;c:\programme\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe [24.10.2008 16:35 128296]
R2 AntiVirSchedulerService;Avira AntiVir Planer;p:\tools\Avira\AntiVir Desktop\sched.exe [22.03.2009 11:43 108289]
R2 Application Updater;Application Updater;c:\programme\Application Updater\ApplicationUpdater.exe [08.01.2010 00:51 380928]
S0 djpwsmps;djpwsmps; [x]
S3 DSSUSBF;DSSUSBF Device;c:\windows\system32\drivers\DSSUSBF.sys [08.11.2008 19:31 25381]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.de/
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
FF - ProfilePath - c:\dokumente und einstellungen\.....\Anwendungsdaten\Mozilla\Firefox\Profiles\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/
FF - component: c:\programme\pdfforge Toolbar\SSFF\components\SearchSettingsFF.dll
FF - plugin: p:\graphik\Picasa3\npPicasa3.dll
FF - plugin: p:\media\QuickTime\Plugins\npqtplugin.dll
FF - plugin: p:\media\QuickTime\Plugins\npqtplugin2.dll
FF - plugin: p:\media\QuickTime\Plugins\npqtplugin3.dll
FF - plugin: p:\media\QuickTime\Plugins\npqtplugin4.dll
FF - plugin: p:\media\QuickTime\Plugins\npqtplugin5.dll
FF - plugin: p:\media\QuickTime\Plugins\npqtplugin6.dll
FF - plugin: p:\media\QuickTime\Plugins\npqtplugin7.dll

---- FIREFOX Richtlinien ----
p:\inet\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
p:\inet\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
p:\inet\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
p:\inet\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
p:\inet\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
p:\inet\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency",  1600);
p:\inet\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
p:\inet\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
p:\inet\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
p:\inet\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug",            false);
p:\inet\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight",      2);
p:\inet\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize",      1);
p:\inet\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
p:\inet\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
p:\inet\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight",  25);
p:\inet\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight",    5);
p:\inet\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
p:\inet\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
p:\inet\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
p:\inet\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
p:\inet\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation",  false);
p:\inet\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
p:\inet\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "h..p://www.firefox.com");
p:\inet\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
p:\inet\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
p:\inet\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
p:\inet\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
p:\inet\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
p:\inet\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
p:\inet\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
p:\inet\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
p:\inet\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
p:\inet\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
p:\inet\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
p:\inet\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
p:\inet\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -

HKLM-Run-nwiz - nwiz.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, h..p://www.gmer.net
Rootkit scan 2010-04-29 19:44
Windows 5.1.2600 Service Pack 3 NTFS

Scanne versteckte Prozesse...

Scanne versteckte Autostarteinträge...

Scanne versteckte Dateien...

Scan erfolgreich abgeschlossen
versteckte Dateien: 0

**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------

[HKEY_USERS\S-1-5-21-1454471165-1220945662-839522115-1003\Software\SecuROM\License information*]
"datasecu"=hex:ba,6d,53,cf,0b,8e,8a,77,be,64,db,d8,d1,6b,5b,59,cd,63,e8,f4,a5,
  0a,79,b6,90,5a,1e,91,1d,3d,42,c3,9c,ee,32,04,4a,f3,1e,85,fd,06,a3,14,e5,fc,\
"rkeysecu"=hex:82,03,83,ac,20,29,56,a8,15,d4,f0,41,52,46,60,de
.
Zeit der Fertigstellung: 2010-04-29  19:46:10
ComboFix-quarantined-files.txt  2010-04-29 17:45

Vor Suchlauf: 8 Verzeichnis(se), 17.469.652.992 Bytes frei
Nach Suchlauf: 9 Verzeichnis(se), 17.533.218.816 Bytes frei

WindowsXP-KB310994-SP2-Home-BootDisk-DEU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn

- - End Of File - - ABAAFC29C193DD0A1D02363FD5B91E59

cosinus 29.04.2010 19:43
Ok. Mach bitte mal um noch evtl. aktive Rootkits zu sehen Logs mit GMER und OSAM

Una 29.04.2010 20:32
GMER-Log

Code:
GMER 1.0.15.15281 - h..p://www.gmer.net
Rootkit scan 2010-04-29 21:21:11
Windows 5.1.2600 Service Pack 3
Running: ls7w2bwu.exe; Driver: C:\DOKUME~1\.....\LOKALE~1\Temp\kxtdqpod.sys


---- System - GMER 1.0.15 ----

SSDT  B871A6BE                                                                                                                                                    ZwCreateKey
SSDT  B871A6B4                                                                                                                                                    ZwCreateThread
SSDT  B871A6C3                                                                                                                                                    ZwDeleteKey
SSDT  B871A6CD                                                                                                                                                    ZwDeleteValueKey
SSDT  B871A6D2                                                                                                                                                    ZwLoadKey
SSDT  B871A6A0                                                                                                                                                    ZwOpenProcess
SSDT  B871A6A5                                                                                                                                                    ZwOpenThread
SSDT  B871A6DC                                                                                                                                                    ZwReplaceKey
SSDT  B871A6D7                                                                                                                                                    ZwRestoreKey
SSDT  B871A6C8                                                                                                                                                    ZwSetValueKey
SSDT  B871A6AF                                                                                                                                                    ZwTerminateProcess

---- Kernel code sections - GMER 1.0.15 ----

.text  C:\WINDOWS\system32\DRIVERS\nv4_mini.sys                                                                                                                    section is writeable [0xB462B380, 0x5414D5, 0xE8000020]

---- User code sections - GMER 1.0.15 ----

.text  P:\sicherheit\BackUp Maker\bkmaker.exe[956] kernel32.dll!CreateThread + 1A                                                                                  7C8106E1 4 Bytes  CALL 00456BC9 P:\sicherheit\BackUp Maker\bkmaker.exe (Backup Software/ASCOMP Software GmbH)

---- Files - GMER 1.0.15 ----

File  C:\Dokumente und Einstellungen\.....\Anwendungsdaten\Macromedia\Flash Player\#SharedObjects\E8TWUVHY\www.kochbar.de.\video                                  0 bytes
File  C:\Dokumente und Einstellungen\.....\Anwendungsdaten\Macromedia\Flash Player\#SharedObjects\E8TWUVHY\www.kochbar.de.\video\kochbar_player.swf                0 bytes
File  C:\Dokumente und Einstellungen\.....\Anwendungsdaten\Macromedia\Flash Player\#SharedObjects\E8TWUVHY\www.kochbar.de.\video\kochbar_player.swf\rtl.sol        35 bytes
File  C:\Dokumente und Einstellungen\.....\Anwendungsdaten\Macromedia\Flash Player\#SharedObjects\E8TWUVHY\www.kochbar.de.\video\kochbar_player.swf\userinfo6.sol  50 bytes
File  C:\Dokumente und Einstellungen\.....\Anwendungsdaten\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.kochbar.de.\settings.sol            85 bytes

---- EOF - GMER 1.0.15 ----
OSAM-Log

Code:
Report of OSAM: Autorun Manager v5.0.11926.0
h..p://www.online-solutions.ru/en/
Saved at 21:33:11 on 29.04.2010

OS: Windows XP Professional Service Pack 3 (Build 2600)
Default Browser: Microsoft Corporation Internet Explorer 8.00.6001.18702

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"DSSFSSET.cpl" - "OLYMPUS CORPORATION" - C:\WINDOWS\system32\DSSFSSET.cpl
"infocardcpl.cpl" - "Microsoft Corporation" - C:\WINDOWS\system32\infocardcpl.cpl
"javacpl.cpl" - "Sun Microsystems, Inc." - C:\WINDOWS\system32\javacpl.cpl
"nvcpl.cpl" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvcpl.cpl
"PhysX.cpl" - "NVIDIA Corporation" - C:\WINDOWS\system32\PhysX.cpl
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"Avira AntiVir Personal - Free Antivirus " - "Avira GmbH" - P:\tools\Avira\ANTIVI~1\avconfig.cpl
"QuickTime" - "Apple Inc." - P:\media\QuickTime\QTSystem\QuickTime.cpl

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"avgio" (avgio) - "Avira GmbH" - P:\tools\Avira\AntiVir Desktop\avgio.sys
"avgntflt" (avgntflt) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\avgntflt.sys
"avipbb" (avipbb) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\avipbb.sys
"catchme" (catchme) - ? - C:\DOKUME~1\.....\LOKALE~1\Temp\catchme.sys  (File not found)
"Changer" (Changer) - ? - C:\WINDOWS\system32\drivers\Changer.sys  (File not found)
"djpwsmps" (djpwsmps) - ? - C:\WINDOWS\system32\drivers\djpwsmps.sys  (File not found)
"DSSUSBF Device" (DSSUSBF) - "OLYMPUS OPTICAL CO.,LTD." - C:\WINDOWS\System32\DRIVERS\DSSUSBF.sys
"ENTECH" (ENTECH) - "EnTech Taiwan" - C:\WINDOWS\system32\DRIVERS\ENTECH.sys
"i2omgmt" (i2omgmt) - ? - C:\WINDOWS\system32\drivers\i2omgmt.sys  (File not found)
"kxtdqpod" (kxtdqpod) - ? - C:\DOKUME~1\.....\LOKALE~1\Temp\kxtdqpod.sys  (Hidden registry entry, rootkit activity | File not found)
"lbrtfdc" (lbrtfdc) - ? - C:\WINDOWS\system32\drivers\lbrtfdc.sys  (File not found)
"PCIDump" (PCIDump) - ? - C:\WINDOWS\system32\drivers\PCIDump.sys  (File not found)
"PDCOMP" (PDCOMP) - ? - C:\WINDOWS\system32\drivers\PDCOMP.sys  (File not found)
"PDFRAME" (PDFRAME) - ? - C:\WINDOWS\system32\drivers\PDFRAME.sys  (File not found)
"PDRELI" (PDRELI) - ? - C:\WINDOWS\system32\drivers\PDRELI.sys  (File not found)
"PDRFRAME" (PDRFRAME) - ? - C:\WINDOWS\system32\drivers\PDRFRAME.sys  (File not found)
"PxHelp20" (PxHelp20) - "Sonic Solutions" - C:\WINDOWS\System32\Drivers\PxHelp20.sys
"ssmdrv" (ssmdrv) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\ssmdrv.sys
"WDICA" (WDICA) - ? - C:\WINDOWS\system32\drivers\WDICA.sys  (File not found)

[Explorer]
-----( HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{BDEADF00-C265-11d0-BCED-00A0C90AB50F} "Webordner" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
-----( HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components )-----
{89B4C1CD-B018-4511-B0A1-5476DBF70820} "StubPath" - "Microsoft Corporation" - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.dll
-----( HKLM\Software\Classes\Protocols\Filter )-----
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
-----( HKLM\Software\Classes\Protocols\Handler )-----
{3D9F03FA-7A94-11D3-BE81-0050048385D1} "Data Page Pluggable Protocol mso-offdap Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\WEBCOM~1\10\OWC10.DLL
{CD00020A-8B95-11D1-82DB-00C04FB1625D} "Microsoft PKM KnowledgePluggable Class" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Folders\PKMCDO.DLL
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{23170F69-40C1-278A-1000-000100020000} "7-Zip Shell Extension" - "Igor Pavlov" - P:\tools\7-Zip\7-zip.dll
{0AC6C6C5-F7A8-11D2-BEF4-00C04F990001} "Allaire FTP & RDS" - "##COMPANY_NAME##" - C:\WINDOWS\system32\cfshellftprds.dll
{42071714-76d4-11d1-8b24-00a0c9068ff3} "CPL-Erweiterung für Anzeigeverschiebung" - ? - deskpan.dll  (File not found)
{1CDB2949-8F65-4355-8456-263E7C208A5D} "Desktop Explorer" - "NVIDIA Corporation" - C:\Programme\NVIDIA Corporation\nView\nvshell.dll
{1E9B04FB-F9E5-4718-997B-B8DA88302A47} "Desktop Explorer Menu" - "NVIDIA Corporation" - C:\Programme\NVIDIA Corporation\nView\nvshell.dll
{A70C977A-BF00-412C-90B7-034C51DA2439} "DesktopContext Class" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvcpl.dll
{FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} "IE User Assist" - ? -  (File not found | COM-object registry key not found)
{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} "Kontextmenü für die Verschlüsselung" - ? -  (File not found | COM-object registry key not found)
{32683183-48a0-441b-a342-7c2a440a9478} "Media Band" - ? -  (File not found | COM-object registry key not found)
{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Programme\Microsoft Office\Office10\msohev.dll
{FFB699E0-306A-11d3-8BD1-00104B6F7516} "NVIDIA CPL Extension" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvcpl.dll
{1E9B04FB-F9E5-4718-997B-B8DA88302A48} "nView Desktop Context Menu" - "NVIDIA Corporation" - C:\Programme\NVIDIA Corporation\nView\nvshell.dll
{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira GmbH" - P:\tools\Avira\AntiVir Desktop\shlext.dll
{E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} "Shell Icon Handler for Application References" - "Microsoft Corporation" - C:\WINDOWS\system32\dfshim.dll
{764BF0E1-F219-11ce-972D-00AA00A14F56} "Shellerweiterungen für die Dateikomprimierung" - ? -  (File not found | COM-object registry key not found)
{e82a2d71-5b2f-43a0-97b8-81be15854de8} "ShellLink for Application References" - "Microsoft Corporation" - C:\WINDOWS\system32\dfshim.dll
{BDEADF00-C265-11D0-BCED-00A0C90AB50F} "Webordner" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL

[Internet Explorer]
-----( HKCU\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars )-----
{32683183-48a0-441b-a342-7c2a440a9478} "{32683183-48a0-441b-a342-7c2a440a9478}" - ? -  (File not found | COM-object registry key not found)
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
ITBar7Height "ITBar7Height" - ? -  (File not found | COM-object registry key not found)
<binary data> "ITBar7Layout" - ? -  (File not found | COM-object registry key not found)
<binary data> "ITBarLayout" - ? -  (File not found | COM-object registry key not found)
-----( HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks )-----
{E312764E-7706-43F1-8DAB-FCDD2B1E416D} "{E312764E-7706-43F1-8DAB-FCDD2B1E416D}" - ? -  (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_13" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_13.dll / h..p://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} "Java Plug-in 1.6.0_13" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_13.dll / h..p://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_13" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_13.dll / h..p://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
{1E54D648-B804-468d-BC78-4AFFED8E262E} "System Requirements Lab Class" - "Husdawg, LLC" - C:\WINDOWS\Downloaded Program Files\sysreqlab3.dll / h..p://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab
{17492023-C23A-453E-A040-C7C580BBF700} "Windows Genuine Advantage Validation Tool" - "Microsoft Corporation" - C:\WINDOWS\system32\LegitCheckControl.DLL / h..p://go.microsoft.com/fwlink/?linkid=39204
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )-----
{B922D405-6D13-4A2B-AE89-08A030DA4402} "pdfforge Toolbar" - "Spigot, Inc." - C:\Programme\pdfforge Toolbar\IE\1.1.2\pdfforgeToolbarIE.dll

[Logon]
-----( %AllUsersProfile%\Startmenü\Programme\Autostart )-----
"BackUp Maker.lnk" - "ASCOMP Software GmbH" - P:\sicherheit\BackUp Maker\bkmaker.exe  (Shortcut exists | File exists)
"desktop.ini" - ? - C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\desktop.ini
"Microsoft Office.lnk" - "Microsoft Corporation" - C:\Programme\Microsoft Office\Office10\OSA.EXE  (Shortcut exists | File exists)
-----( %UserProfile%\Startmenü\Programme\Autostart )-----
"desktop.ini" - ? - C:\Dokumente und Einstellungen\.....\Startmenü\Programme\Autostart\desktop.ini
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"Adobe Reader Speed Launcher" - "Adobe Systems Incorporated" - "C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"avgnt" - "Avira GmbH" - "P:\tools\Avira\AntiVir Desktop\avgnt.exe" /min
"LexwareInfoService" - "Lexware GmbH & Co. KG" - C:\Programme\Gemeinsame Dateien\Lexware\Update Manager\LxUpdateManager.exe /autostart
"NvCplDaemon" - "NVIDIA Corporation" - RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
"NvMediaCenter" - "NVIDIA Corporation" - RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
"QuickTime Task" - "Apple Inc." - "P:\media\QuickTime\QTTask.exe" -atboottime
"SearchSettings" - "Spigot, Inc." - C:\Programme\pdfforge Toolbar\SearchSettings.exe
"SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Programme\Java\jre6\bin\jusched.exe"
"WinampAgent" - ? - P:\media\Winamp\winampa.exe  (File found, but it contains no detailed information)

[Print Monitors]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----
"EPSON V6 2KMonitor" - "SEIKO EPSON CORPORATION" - C:\WINDOWS\system32\EBPMON24.DLL
"PDFCreator" - ? - C:\WINDOWS\system32\pdfcmnnt.dll  (File found, but it contains no detailed information)

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
".NET Runtime Optimization Service v2.0.50727_X86" (clr_optimization_v2.0.50727_32) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
"AAV UpdateService" (AAV UpdateService) - ? - C:\Programme\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe
"Application Updater" (Application Updater) - "Spigot, Inc." - C:\Programme\Application Updater\ApplicationUpdater.exe
"ASP.NET-Zustandsdienst" (aspnet_state) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
"Avira AntiVir Guard" (AntiVirService) - "Avira GmbH" - P:\tools\Avira\AntiVir Desktop\avguard.exe
"Avira AntiVir Planer" (AntiVirSchedulerService) - "Avira GmbH" - P:\tools\Avira\AntiVir Desktop\sched.exe
"Canon Camera Access Library 8" (CCALib8) - "Canon Inc." - C:\Programme\Canon\CAL\CALMAIN.exe
"DM1Service" (DM1Service) - "OLYMPUS Corporation" - C:\Programme\Olympus\DeviceDetector\DM1Service.exe
"Google Updater Service" (gusvc) - "Google" - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe
"InstallDriver Table Manager" (IDriverT) - "Macrovision Corporation" - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe
"Java Quick Starter" (JavaQuickStarterService) - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jqs.exe
"NMSAccessU" (NMSAccessU) - ? - C:\WINDOWS\system32\drivers\NMSAccessU.sys  (File not found)
"NVIDIA Display Driver Service" (NVSvc) - "NVIDIA Corporation" - C:\WINDOWS\system32\nvsvc32.exe
"Windows CardSpace" (idsvc) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
"Windows Presentation Foundation Font Cache 3.0.0.0" (FontCache3.0.0.0) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe

[Winlogon]
-----( HKCU\Control Panel\IOProcs )-----
"MVB" - ? - mvfs32.dll  (File not found)

===[ Logfile end ]=========================================[ Logfile end ]===

If You have questions or want to get some help, You can visit h..p://forum.online-solutions.ru

cosinus 29.04.2010 20:34
Zitat:
"djpwsmps" (djpwsmps) - ? - C:\WINDOWS\system32\drivers\djpwsmps.sys (File not found)
Diesen Eintrag bitte wie in der OSAM Anleitung beschrieben deaktivieren/löschen.

Una 29.04.2010 21:14
Neues OSAM-Log

Code:
Report of OSAM: Autorun Manager v5.0.11926.0
h..p://www.online-solutions.ru/en/
Saved at 22:14:05 on 29.04.2010

OS: Windows XP Professional Service Pack 3 (Build 2600)
Default Browser: Microsoft Corporation Internet Explorer 8.00.6001.18702

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"DSSFSSET.cpl" - "OLYMPUS CORPORATION" - C:\WINDOWS\system32\DSSFSSET.cpl
"infocardcpl.cpl" - "Microsoft Corporation" - C:\WINDOWS\system32\infocardcpl.cpl
"javacpl.cpl" - "Sun Microsystems, Inc." - C:\WINDOWS\system32\javacpl.cpl
"nvcpl.cpl" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvcpl.cpl
"PhysX.cpl" - "NVIDIA Corporation" - C:\WINDOWS\system32\PhysX.cpl
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"Avira AntiVir Personal - Free Antivirus " - "Avira GmbH" - P:\tools\Avira\ANTIVI~1\avconfig.cpl
"QuickTime" - "Apple Inc." - P:\media\QuickTime\QTSystem\QuickTime.cpl

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"avgio" (avgio) - "Avira GmbH" - P:\tools\Avira\AntiVir Desktop\avgio.sys
"avgntflt" (avgntflt) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\avgntflt.sys
"avipbb" (avipbb) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\avipbb.sys
"catchme" (catchme) - ? - C:\DOKUME~1\.....\LOKALE~1\Temp\catchme.sys  (File not found)
"Changer" (Changer) - ? - C:\WINDOWS\system32\drivers\Changer.sys  (File not found)
"DSSUSBF Device" (DSSUSBF) - "OLYMPUS OPTICAL CO.,LTD." - C:\WINDOWS\System32\DRIVERS\DSSUSBF.sys
"ENTECH" (ENTECH) - "EnTech Taiwan" - C:\WINDOWS\system32\DRIVERS\ENTECH.sys
"i2omgmt" (i2omgmt) - ? - C:\WINDOWS\system32\drivers\i2omgmt.sys  (File not found)
"lbrtfdc" (lbrtfdc) - ? - C:\WINDOWS\system32\drivers\lbrtfdc.sys  (File not found)
"PCIDump" (PCIDump) - ? - C:\WINDOWS\system32\drivers\PCIDump.sys  (File not found)
"PDCOMP" (PDCOMP) - ? - C:\WINDOWS\system32\drivers\PDCOMP.sys  (File not found)
"PDFRAME" (PDFRAME) - ? - C:\WINDOWS\system32\drivers\PDFRAME.sys  (File not found)
"PDRELI" (PDRELI) - ? - C:\WINDOWS\system32\drivers\PDRELI.sys  (File not found)
"PDRFRAME" (PDRFRAME) - ? - C:\WINDOWS\system32\drivers\PDRFRAME.sys  (File not found)
"PxHelp20" (PxHelp20) - "Sonic Solutions" - C:\WINDOWS\System32\Drivers\PxHelp20.sys
"ssmdrv" (ssmdrv) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\ssmdrv.sys
"WDICA" (WDICA) - ? - C:\WINDOWS\system32\drivers\WDICA.sys  (File not found)

[Explorer]
-----( HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{BDEADF00-C265-11d0-BCED-00A0C90AB50F} "Webordner" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
-----( HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components )-----
{89B4C1CD-B018-4511-B0A1-5476DBF70820} "StubPath" - "Microsoft Corporation" - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.dll
-----( HKLM\Software\Classes\Protocols\Filter )-----
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
-----( HKLM\Software\Classes\Protocols\Handler )-----
{3D9F03FA-7A94-11D3-BE81-0050048385D1} "Data Page Pluggable Protocol mso-offdap Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\WEBCOM~1\10\OWC10.DLL
{CD00020A-8B95-11D1-82DB-00C04FB1625D} "Microsoft PKM KnowledgePluggable Class" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Folders\PKMCDO.DLL
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{23170F69-40C1-278A-1000-000100020000} "7-Zip Shell Extension" - "Igor Pavlov" - P:\tools\7-Zip\7-zip.dll
{0AC6C6C5-F7A8-11D2-BEF4-00C04F990001} "Allaire FTP & RDS" - "##COMPANY_NAME##" - C:\WINDOWS\system32\cfshellftprds.dll
{42071714-76d4-11d1-8b24-00a0c9068ff3} "CPL-Erweiterung für Anzeigeverschiebung" - ? - deskpan.dll  (File not found)
{1CDB2949-8F65-4355-8456-263E7C208A5D} "Desktop Explorer" - "NVIDIA Corporation" - C:\Programme\NVIDIA Corporation\nView\nvshell.dll
{1E9B04FB-F9E5-4718-997B-B8DA88302A47} "Desktop Explorer Menu" - "NVIDIA Corporation" - C:\Programme\NVIDIA Corporation\nView\nvshell.dll
{A70C977A-BF00-412C-90B7-034C51DA2439} "DesktopContext Class" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvcpl.dll
{FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} "IE User Assist" - ? -  (File not found | COM-object registry key not found)
{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} "Kontextmenü für die Verschlüsselung" - ? -  (File not found | COM-object registry key not found)
{32683183-48a0-441b-a342-7c2a440a9478} "Media Band" - ? -  (File not found | COM-object registry key not found)
{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Programme\Microsoft Office\Office10\msohev.dll
{FFB699E0-306A-11d3-8BD1-00104B6F7516} "NVIDIA CPL Extension" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvcpl.dll
{1E9B04FB-F9E5-4718-997B-B8DA88302A48} "nView Desktop Context Menu" - "NVIDIA Corporation" - C:\Programme\NVIDIA Corporation\nView\nvshell.dll
{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira GmbH" - P:\tools\Avira\AntiVir Desktop\shlext.dll
{E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} "Shell Icon Handler for Application References" - "Microsoft Corporation" - C:\WINDOWS\system32\dfshim.dll
{764BF0E1-F219-11ce-972D-00AA00A14F56} "Shellerweiterungen für die Dateikomprimierung" - ? -  (File not found | COM-object registry key not found)
{e82a2d71-5b2f-43a0-97b8-81be15854de8} "ShellLink for Application References" - "Microsoft Corporation" - C:\WINDOWS\system32\dfshim.dll
{BDEADF00-C265-11D0-BCED-00A0C90AB50F} "Webordner" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL

[Internet Explorer]
-----( HKCU\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars )-----
{32683183-48a0-441b-a342-7c2a440a9478} "{32683183-48a0-441b-a342-7c2a440a9478}" - ? -  (File not found | COM-object registry key not found)
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
ITBar7Height "ITBar7Height" - ? -  (File not found | COM-object registry key not found)
<binary data> "ITBar7Layout" - ? -  (File not found | COM-object registry key not found)
<binary data> "ITBarLayout" - ? -  (File not found | COM-object registry key not found)
-----( HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks )-----
{E312764E-7706-43F1-8DAB-FCDD2B1E416D} "{E312764E-7706-43F1-8DAB-FCDD2B1E416D}" - ? -  (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_13" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_13.dll / h..p://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} "Java Plug-in 1.6.0_13" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_13.dll / h..p://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_13" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_13.dll / h..p://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
{1E54D648-B804-468d-BC78-4AFFED8E262E} "System Requirements Lab Class" - "Husdawg, LLC" - C:\WINDOWS\Downloaded Program Files\sysreqlab3.dll / h..p://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab
{17492023-C23A-453E-A040-C7C580BBF700} "Windows Genuine Advantage Validation Tool" - "Microsoft Corporation" - C:\WINDOWS\system32\LegitCheckControl.DLL / h..p://go.microsoft.com/fwlink/?linkid=39204
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )-----
{B922D405-6D13-4A2B-AE89-08A030DA4402} "pdfforge Toolbar" - "Spigot, Inc." - C:\Programme\pdfforge Toolbar\IE\1.1.2\pdfforgeToolbarIE.dll

[Logon]
-----( %AllUsersProfile%\Startmenü\Programme\Autostart )-----
"BackUp Maker.lnk" - "ASCOMP Software GmbH" - P:\sicherheit\BackUp Maker\bkmaker.exe  (Shortcut exists | File exists)
"desktop.ini" - ? - C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\desktop.ini
"Microsoft Office.lnk" - "Microsoft Corporation" - C:\Programme\Microsoft Office\Office10\OSA.EXE  (Shortcut exists | File exists)
-----( %UserProfile%\Startmenü\Programme\Autostart )-----
"desktop.ini" - ? - C:\Dokumente und Einstellungen\.....\Startmenü\Programme\Autostart\desktop.ini
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"Adobe Reader Speed Launcher" - "Adobe Systems Incorporated" - "C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"avgnt" - "Avira GmbH" - "P:\tools\Avira\AntiVir Desktop\avgnt.exe" /min
"LexwareInfoService" - ? - C:\Programme\Gemeinsame Dateien\Lexware\Update Manager\LxUpdateManager.exe /autostart  (File found, but it contains no detailed information)
"NvCplDaemon" - "NVIDIA Corporation" - RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
"NvMediaCenter" - "NVIDIA Corporation" - RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
"QuickTime Task" - "Apple Inc." - "P:\media\QuickTime\QTTask.exe" -atboottime
"SearchSettings" - "Spigot, Inc." - C:\Programme\pdfforge Toolbar\SearchSettings.exe
"SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Programme\Java\jre6\bin\jusched.exe"
"WinampAgent" - ? - P:\media\Winamp\winampa.exe  (File found, but it contains no detailed information)

[Print Monitors]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----
"EPSON V6 2KMonitor" - "SEIKO EPSON CORPORATION" - C:\WINDOWS\system32\EBPMON24.DLL
"PDFCreator" - ? - C:\WINDOWS\system32\pdfcmnnt.dll  (File found, but it contains no detailed information)

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
".NET Runtime Optimization Service v2.0.50727_X86" (clr_optimization_v2.0.50727_32) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
"AAV UpdateService" (AAV UpdateService) - ? - C:\Programme\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe
"Application Updater" (Application Updater) - "Spigot, Inc." - C:\Programme\Application Updater\ApplicationUpdater.exe
"ASP.NET-Zustandsdienst" (aspnet_state) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
"Avira AntiVir Guard" (AntiVirService) - "Avira GmbH" - P:\tools\Avira\AntiVir Desktop\avguard.exe
"Avira AntiVir Planer" (AntiVirSchedulerService) - "Avira GmbH" - P:\tools\Avira\AntiVir Desktop\sched.exe
"Canon Camera Access Library 8" (CCALib8) - "Canon Inc." - C:\Programme\Canon\CAL\CALMAIN.exe
"DM1Service" (DM1Service) - "OLYMPUS Corporation" - C:\Programme\Olympus\DeviceDetector\DM1Service.exe
"Google Updater Service" (gusvc) - "Google" - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe
"InstallDriver Table Manager" (IDriverT) - "Macrovision Corporation" - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe
"Java Quick Starter" (JavaQuickStarterService) - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jqs.exe
"NMSAccessU" (NMSAccessU) - ? - C:\WINDOWS\system32\drivers\NMSAccessU.sys  (File not found)
"NVIDIA Display Driver Service" (NVSvc) - "NVIDIA Corporation" - C:\WINDOWS\system32\nvsvc32.exe
"Windows CardSpace" (idsvc) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
"Windows Presentation Foundation Font Cache 3.0.0.0" (FontCache3.0.0.0) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe

[Winlogon]
-----( HKCU\Control Panel\IOProcs )-----
"MVB" - ? - mvfs32.dll  (File not found)

===[ Logfile end ]=========================================[ Logfile end ]===

If You have questions or want to get some help, You can visit h..p://forum.online-solutions.ru
Dass mit dem Report hab ich Dussel irgendwie übersehen. Ich hoffe, es geht auch ohne und wenn nicht, kann man den sich nochmal anzeigen lassen? :-(

cosinus 30.04.2010 09:39
Nö, ist ok so. Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SASW und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!


Alle Zeitangaben in WEZ +1. Es ist jetzt 06:56 Uhr.
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27