Trojaner-Board
Seite 1 von 2 1 2
100 Beitr鋑e dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bek鋗pfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Java-Virus JAVA/OpenConnect.DD + TR/Kazy.akcqd (https://www.trojaner-board.de/96508-java-virus-java-openconnect-dd-tr-kazy-akcqd.html)

Andi1111 13.03.2011 22:17
Java-Virus JAVA/OpenConnect.DD + TR/Kazy.akcqd
 
Hallo,
Der Vorfall liegt schon ein paar Tage zur點k als pl鰐zlich eine Warnmeldung im IE erschien, dass der Rechner infiziert sei und der IE aus Sicherheitsgr黱den geschlossen wird. Auch in der Taskleiste erschien die Meldung dass der Rechner infiziert sei. Der IE wurde automatisch geschlossen und auf dem Desktop wurde eine neue Wallpaper dargestellt mit 鋒nlicher Aussage.
Ich habe das Netzwerkkabel gezogen und den Rechner ausgeschaltet. Leider war er auch gerade damit besch鋐tigt ein Windows update zu installieren, was darin resultierte dass Dateien wie system, security, etc. besch鋎igt wurden. Die konnte ich aus einem 鋖teren Image wieder herstellen, musste aber diverses nachinstallieren und reparieren. Viel Arbeit mit Haken und 謘en.
Im Lauf dieser Aktion hat Antivir folgendes gefunden:
C:\Dokumente und Einstellungen\***\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\57\70beba39-60391325
[FUND] Enth鋖t Erkennungsmuster des Java-Virus JAVA/OpenConnect.DD
[HINWEIS] Die Datei wurde ins Quarant鋘everzeichnis unter dem Namen '4f68f21a.qua' verschoben!

C:\System Volume Information\_restore{E27FF955-C497-40DC-83F6-0506B32C1CC2}\RP37\
C:\System Volume Information\_restore{E27FF955-C497-40DC-83F6-0506B32C1CC2}\RP37\A0051515.exe
[FUND] Ist das Trojanische Pferd TR/Kazy.akcqd
[HINWEIS] Die Datei wurde ins Quarant鋘everzeichnis unter dem Namen '4f03d097.qua' verschoben!

Jetzt l鋟ft der Computer wieder ohne Anzeichen einer Infektion. Andere Tools wie SuperAntispyware, MBAM, Spybot S&D finden nichts.
Aber ich kann nicht wirklich nachvollziehen was da genau passiert ist.

W黵de da bitte mal jemand dr黚er schauen, ob da wirklich alles in Ordnung ist?

Gr黶se,
Andi

Nachfolgend die Logfiles:
(Die Extras.txt wurde nicht erstellt)

Code:
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6041

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

13.03.2011 11:13:22
mbam-log-2011-03-13 (11-13-22).txt

Scan type: Quick scan
Objects scanned: 169738
Time elapsed: 4 minute(s), 9 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
Code:
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 11:14 on 13/03/2011 (Admin)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Code:
GMER 1.0.15.15530 - hxxp://www.gmer.net
Rootkit scan 2011-03-13 11:21:30
Windows 5.1.2600 Service Pack 3
Running: g2m3e4r.exe; Driver: C:\DOKUME~1\Admin\LOKALE~1\Temp\fxtdypow.sys


---- System - GMER 1.0.15 ----

SSDT            F7AABF0E                                                            ZwCreateKey
SSDT            F7AABF04                                                            ZwCreateThread
SSDT            F7AABF13                                                            ZwDeleteKey
SSDT            F7AABF1D                                                            ZwDeleteValueKey
SSDT            F7AABF3B                                                            ZwLoadDriver
SSDT            F7AABF22                                                            ZwLoadKey
SSDT            F7AABEF0                                                            ZwOpenProcess
SSDT            F7AABEF5                                                            ZwOpenThread
SSDT            F7AABF2C                                                            ZwReplaceKey
SSDT            F7AABF27                                                            ZwRestoreKey
SSDT            F7AABF40                                                            ZwSetSystemInformation
SSDT            F7AABF18                                                            ZwSetValueKey
SSDT            F7AABEFF                                                            ZwTerminateProcess

---- Kernel code sections - GMER 1.0.15 ----

.text          C:\WINDOWS\system32\DRIVERS\nv4_mini.sys                            section is writeable [0xF66B1360, 0x221CFD, 0xE8000020]

---- User code sections - GMER 1.0.15 ----

.text          C:\WINDOWS\system32\SearchIndexer.exe[2136] kernel32.dll!WriteFile  7C810E27 7 Bytes  JMP 00585C0C C:\WINDOWS\system32\MSSRCH.DLL (mssrch.dll/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

Device          \Driver\atapi \Device\Ide\IdePort0                                  dvd43llh.sys (dvd43llh.sys/RIF)
Device          \Driver\atapi \Device\Ide\IdePort1                                  dvd43llh.sys (dvd43llh.sys/RIF)
Device          \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4                        dvd43llh.sys (dvd43llh.sys/RIF)
Device          \Driver\atapi \Device\Ide\IdePort2                                  dvd43llh.sys (dvd43llh.sys/RIF)
Device          \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c                        dvd43llh.sys (dvd43llh.sys/RIF)
Device          \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-2b                        dvd43llh.sys (dvd43llh.sys/RIF)
Device          \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18                        dvd43llh.sys (dvd43llh.sys/RIF)
Device          \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20                        dvd43llh.sys (dvd43llh.sys/RIF)

AttachedDevice  \FileSystem\Fastfat \Fat                                            fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----


Checking for services/drivers...


-=E.O.F=-
Code:
OTL logfile created on: 13.03.2011 11:22:08 - Run 7
OTL by OldTimer - Version 3.2.22.3    Folder = C:\Dokumente und Einstellungen\Admin\Desktop\MFTools
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1.022,00 Mb Total Physical Memory | 633,00 Mb Available Physical Memory | 62,00% Memory free
2,00 Gb Paging File | 2,00 Gb Available in Paging File | 86,00% Paging File free
Paging file location(s): c:\pagefile.sys 1536 3072 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 226,04 Gb Total Space | 70,20 Gb Free Space | 31,06% Space Free | Partition Type: NTFS
Drive D: | 6,83 Gb Total Space | 1,65 Gb Free Space | 24,11% Space Free | Partition Type: FAT32
Drive E: | 232,88 Gb Total Space | 91,05 Gb Free Space | 39,10% Space Free | Partition Type: NTFS
Drive F: | 931,51 Gb Total Space | 48,52 Gb Free Space | 5,21% Space Free | Partition Type: NTFS
 
Computer Name: MD8800 | User Name: Admin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2011.03.13 11:03:47 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Admin\Desktop\MFTools\OTL.exe
PRC - [2010.12.13 08:39:27 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2010.12.13 08:39:19 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010.12.13 08:39:19 | 000,267,944 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2010.10.16 00:40:40 | 000,037,664 | ---- | M] (Apple Inc.) -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010.01.14 21:10:53 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2008.04.14 03:22:45 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
 
 
========== Modules (SafeList) ==========
 
MOD - [2011.03.13 11:03:47 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Admin\Desktop\MFTools\OTL.exe
MOD - [2010.08.23 17:11:46 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - File not found [On_Demand | Stopped] --  -- (AppMgmt)
SRV - [2010.12.13 08:39:27 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010.12.13 08:39:19 | 000,267,944 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010.10.16 00:40:40 | 000,037,664 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010.08.21 07:22:08 | 000,455,784 | ---- | M] (VMLite, Inc.) [Auto | Stopped] -- C:\Programme\VMLite\VMLite Workstation\VMLiteService.exe -- (VMLiteService)
SRV - [2006.02.22 14:07:30 | 000,266,338 | ---- | M] () [Auto | Stopped] -- C:\Programme\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe -- (CLCapSvc) CyberLink Background Capture Service (CBCS)
SRV - [2006.02.22 14:07:30 | 000,118,880 | ---- | M] () [Auto | Stopped] -- C:\Programme\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe -- (CLSched) CyberLink Task Scheduler (CTS)
SRV - [2006.02.22 14:06:46 | 001,073,152 | ---- | M] (Cyberlink) [Auto | Stopped] -- C:\Programme\Home Cinema\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe -- (CyberLink Media Library Service)
SRV - [2006.01.20 10:20:00 | 000,073,728 | ---- | M] (Hewlett-Packard Company) [Auto | Stopped] -- C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe -- (LightScribeService)
SRV - [2005.10.06 17:13:10 | 000,856,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Media Connect 2\wmccds.exe -- (WMConnectCDS)
SRV - [2005.04.03 23:41:10 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2001.11.12 13:31:48 | 000,020,480 | ---- | M] (X10) [Auto | Stopped] -- C:\Programme\Common Files\X10\Common\X10nets.exe -- (x10nets)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2010.12.13 08:39:39 | 000,135,096 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2010.12.13 08:39:38 | 000,061,960 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010.08.18 12:28:56 | 000,127,080 | ---- | M] (VMLite, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\vmliteusbmon.sys -- (VMLiteUSBMon)
DRV - [2010.08.18 11:54:16 | 000,127,080 | ---- | M] (VMLite, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\vmlitediskmp.sys -- (vmlitediskmp)
DRV - [2010.08.18 11:54:12 | 000,135,272 | ---- | M] (VMLite, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\VMLiteUSB.sys -- (VMLiteUSB)
DRV - [2010.08.11 11:05:00 | 000,111,208 | ---- | M] (VMLite, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\VBoxNetFlt.sys -- (VBoxNetFlt)
DRV - [2010.08.11 11:05:00 | 000,100,264 | ---- | M] (VMLite, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\VBoxNetAdp.sys -- (VBoxNetAdp)
DRV - [2010.08.11 11:04:54 | 000,143,848 | ---- | M] (VMLite, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\VBoxDrv.sys -- (VBoxDrv)
DRV - [2010.06.29 10:20:02 | 000,015,464 | ---- | M] (VMLite, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\vmlitedrv.sys -- (vmlitedrv)
DRV - [2010.06.17 14:27:02 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010.05.10 19:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Programme\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010.02.17 19:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Programme\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2009.02.13 11:35:01 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Programme\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2008.10.30 14:10:48 | 000,117,120 | ---- | M] (Realtek Semiconductor Corporation                          ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2008.06.01 20:59:46 | 000,223,424 | ---- | M] (TrueCrypt Foundation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\truecrypt.sys -- (truecrypt)
DRV - [2008.04.13 19:46:22 | 000,015,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mpe.sys -- (MPE)
DRV - [2006.04.28 16:34:00 | 000,882,688 | ---- | M] (Philips Semiconductors GmbH) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\3xHybrid.sys -- (3xHybrid)
DRV - [2006.01.13 18:13:18 | 004,137,984 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2005.10.04 18:37:53 | 000,072,320 | ---- | M] (C-Media Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\cmiucr.SYS -- (CMISTOR)
DRV - [2005.07.14 19:58:38 | 000,241,536 | ---- | M] (Ralink Technology Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rt2500usb.sys -- (RT2500USB)
DRV - [2005.06.30 12:15:59 | 001,094,848 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2005.05.19 14:52:57 | 000,017,792 | ---- | M] (X10 Wireless Technology, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\x10ufx2.sys -- (XUIF)
DRV - [2003.01.10 22:13:03 | 000,033,588 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - [2002.11.18 13:34:08 | 000,240,288 | ---- | M] (DeTeWe Berlin) [Kernel | Auto | Running] -- C:\WINDOWS\System32\Drivers\CAPI20.SYS -- (CAPI20)
DRV - [2002.09.16 16:14:32 | 000,004,228 | ---- | M] (PowerQuest Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\PQNTDRV.sys -- (PQNTDrv)
DRV - [2001.09.18 16:46:56 | 000,038,480 | ---- | M] (DeTeWe Berlin) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\detewecp.sys -- (DETEWECP)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {dc572301-7619-498c-a57d-39143191b318}:0.3.8.5
FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20100908
FF - prefs.js..extensions.enabledItems: {0b457cAA-602d-484a-8fe7-c1d894a011ba}:0.88
FF - prefs.js..network.proxy.type: 0
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.15\extensions\\Components: C:\Programme\Mozilla Firefox\components [2011.03.05 15:18:59 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.15\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2011.03.05 15:18:55 | 000,000,000 | ---D | M]
 
[2011.03.03 16:49:33 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Mozilla\Extensions
[2011.03.05 20:14:53 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Mozilla\Firefox\Profiles\68qn9hhk.default\extensions
[2011.03.05 15:43:29 | 000,000,000 | ---D | M] (FireShot) -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Mozilla\Firefox\Profiles\68qn9hhk.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}
[2011.03.04 07:28:36 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Mozilla\Firefox\Profiles\68qn9hhk.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011.03.05 15:22:00 | 000,000,000 | ---D | M] (WOT) -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Mozilla\Firefox\Profiles\68qn9hhk.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2011.03.05 15:20:36 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Mozilla\Firefox\Profiles\68qn9hhk.default\extensions\{dc572301-7619-498c-a57d-39143191b318}
[2011.03.05 15:20:36 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Mozilla\Firefox\Profiles\68qn9hhk.default\extensions\{dc572301-7619-498c-a57d-39143191b318}\modules\extensions
[2011.03.05 15:19:07 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2011.03.03 16:34:15 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAMME\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011.03.03 19:06:04 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2011.03.03 19:06:04 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2011.03.03 19:06:04 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2011.03.03 19:06:04 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2011.03.03 19:06:04 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.02.28 12:59:59 | 000,229,900 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O1 - Hosts: 127.0.0.1        www.007guard.com
O1 - Hosts: 127.0.0.1        007guard.com
O1 - Hosts: 127.0.0.1        008i.com
O1 - Hosts: 127.0.0.1        www.008k.com
O1 - Hosts: 127.0.0.1        008k.com
O1 - Hosts: 127.0.0.1        www.00hq.com
O1 - Hosts: 127.0.0.1        00hq.com
O1 - Hosts: 127.0.0.1        010402.com
O1 - Hosts: 127.0.0.1        www.032439.com
O1 - Hosts: 127.0.0.1        032439.com
O1 - Hosts: 127.0.0.1        www.1001-search.info
O1 - Hosts: 127.0.0.1        1001-search.info
O1 - Hosts: 127.0.0.1        www.100888290cs.com
O1 - Hosts: 127.0.0.1        100888290cs.com
O1 - Hosts: 127.0.0.1        www.100sexlinks.com
O1 - Hosts: 127.0.0.1        100sexlinks.com
O1 - Hosts: 127.0.0.1        www.10sek.com
O1 - Hosts: 127.0.0.1        10sek.com
O1 - Hosts: 127.0.0.1        www.123topsearch.com
O1 - Hosts: 127.0.0.1        123topsearch.com
O1 - Hosts: 127.0.0.1        www.132.com
O1 - Hosts: 127.0.0.1        132.com
O1 - Hosts: 127.0.0.1        www.136136.net
O1 - Hosts: 127.0.0.1        136136.net
O1 - Hosts: 8059 more lines...
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O4 - HKLM..\Run: [Adobe]  File not found
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [CHotkey] C:\WINDOWS\mHotkey.exe ()
O4 - HKLM..\Run: [CmUCRRun] C:\WINDOWS\system32\CmUCREye.exe ()
O4 - HKLM..\Run: [dvd43] C:\Programme\dvd43\DVD43_Tray.exe ()
O4 - HKLM..\Run: [InstantOn] C:\Programme\CyberLink\PowerCinema Linux\ion_install.exe ()
O4 - HKLM..\Run: [ledpointer] C:\WINDOWS\CNYHKey.exe (Chicony)
O4 - HKLM..\Run: [MedionVFD] C:\Programme\Medion Info Display\MdionLCM.exe (Dritek System Inc.)
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [PCMService] C:\Programme\Home Cinema\PowerCinema\PCMService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [routcnf]  File not found
O4 - HKLM..\Run: [Showwnd] C:\WINDOWS\ShowWnd.exe ()
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmen黒Programme\Autostart\tclock.lnk = C:\Programme\tclocklight-040702-3\tclock.exe (Kazubon)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} https://wimpro3.cce.hp.com/ChatEntry/downloads/sysinfo.cab (SysData Class)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1150982010296 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1298218260890 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 217.237.148.70 217.237.150.115
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Programme\SUPERAntiSpyware\SASWINLO.DLL - C:\Programme\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Programme\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Programme\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.06.21 05:36:01 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2006.11.02 12:52:16 | 000,000,120 | ---- | M] () - D:\autoexec.bat -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
NetSvcs: 6to4 -  File not found
NetSvcs: AppMgmt -  File not found
NetSvcs: Ias -  File not found
NetSvcs: Iprip -  File not found
NetSvcs: Irmon -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: WmdmPmSp -  File not found
 
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point (16902109354000384)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.03.13 11:03:32 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Admin\Desktop\MFTools
[2011.03.07 20:55:01 | 000,000,000 | R--D | C] -- C:\Dokumente und Einstellungen\Admin\Startmen黒Programme\Verwaltung
[2011.03.06 19:04:44 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Admin\Lokale Einstellungen\Anwendungsdaten\HP
[2011.03.06 19:02:20 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\HP Product Assistant
[2011.03.06 19:00:59 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmen黒Programme\HP
[2011.03.06 18:17:27 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\HP
[2011.03.06 13:50:57 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\Admin\Recent
[2011.03.06 13:46:42 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmen黒Programme\CCleaner
[2011.03.06 13:46:40 | 000,000,000 | ---D | C] -- C:\Programme\CCleaner
[2011.03.05 16:39:08 | 000,000,000 | ---D | C] -- C:\Programme\MozBackup-1.4.10-DE
[2011.03.05 15:51:21 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Admin\Eigene Dateien\Downloads
[2011.03.05 15:18:53 | 000,000,000 | ---D | C] -- C:\Programme\Mozilla Firefox
[2011.03.05 12:25:10 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Admin\VMLites
[2011.03.03 23:35:19 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SUPERAntiSpyware.com
[2011.03.03 23:35:19 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\SUPERAntiSpyware.com
[2011.03.03 23:35:12 | 000,000,000 | ---D | C] -- C:\Programme\SUPERAntiSpyware
[2011.03.03 22:59:25 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Avira
[2011.03.03 21:41:12 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Admin\Lokale Einstellungen\Anwendungsdaten\Apple
[2011.03.03 17:03:12 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Foxit Software
[2011.03.03 17:03:05 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmen黒Programme\Foxit Reader
[2011.03.03 17:02:40 | 000,000,000 | ---D | C] -- C:\Programme\Foxit Software
[2011.03.03 16:49:17 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Admin\Lokale Einstellungen\Anwendungsdaten\Mozilla
[2011.03.03 16:49:17 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Mozilla
[2011.03.03 16:35:32 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Sun
[2011.03.03 13:07:48 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen\Admin\IECompatCache
[2011.03.03 12:53:09 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Windows Search
[2011.03.03 12:18:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011.03.03 12:17:59 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmen黒Programme\ERUNT
[2011.03.03 12:17:57 | 000,000,000 | ---D | C] -- C:\Programme\ERUNT
[2011.03.03 11:51:33 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Apple Computer
[2011.03.03 11:46:33 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Malwarebytes
[2011.02.24 08:58:52 | 000,127,080 | ---- | C] (VMLite, Inc.) -- C:\WINDOWS\System32\drivers\vmliteusbmon.sys
[2011.02.24 08:57:40 | 000,015,464 | ---- | C] (VMLite, Inc.) -- C:\WINDOWS\System32\drivers\vmlitedrv.sys
[2011.02.24 08:57:39 | 000,143,848 | ---- | C] (VMLite, Inc.) -- C:\WINDOWS\System32\drivers\VBoxDrv.sys
[2011.02.24 08:57:29 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmen黒Programme\VMLite Workstation
[2011.02.24 08:57:12 | 000,000,000 | ---D | C] -- C:\Programme\VMLite
[2011.02.20 18:56:33 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2011.02.17 22:06:10 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Admin\Eigene Dateien\Virusproblem_110216
[2011.02.17 00:10:45 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Application Data
[2011.02.16 23:49:27 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\BitDefender
[2011.02.16 23:47:36 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\BitDefender
[2011.02.13 13:36:05 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmen黒Programme\TeamViewer 6
[2011.02.13 13:36:02 | 000,025,088 | ---- | C] (TeamViewer GmbH) -- C:\WINDOWS\System32\drivers\teamviewervpn.sys
[2011.02.13 13:35:59 | 000,000,000 | ---D | C] -- C:\Programme\TeamViewer
[2007.11.01 21:25:12 | 000,102,400 | ---- | C] (Installshield Software Corporation                          ) -- C:\Programme\setup.exe
 
========== Files - Modified Within 30 Days ==========
 
[2011.03.13 11:04:31 | 000,296,448 | ---- | M] () -- C:\Dokumente und Einstellungen\Admin\Desktop\g2m3e4r.exe
[2011.03.13 11:04:24 | 000,050,477 | ---- | M] () -- C:\Dokumente und Einstellungen\Admin\Desktop\defogger.exe
[2011.03.13 11:01:10 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011.03.13 10:59:23 | 000,051,048 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2011.03.13 10:57:50 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011.03.13 10:57:48 | 1072,156,672 | -HS- | M] () -- C:\hiberfil.sys
[2011.03.12 14:32:25 | 000,000,436 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{2917A911-98C5-4D1E-B588-BFA81F8AE1B3}.job
[2011.03.12 09:47:39 | 000,000,973 | ---- | M] () -- C:\Dokumente und Einstellungen\Admin\Desktop\Spybot - Search & Destroy.lnk
[2011.03.11 17:52:02 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011.03.10 05:45:46 | 000,000,659 | ---- | M] () -- C:\Dokumente und Einstellungen\Admin\Desktop\NTREGOPT.lnk
[2011.03.10 05:45:46 | 000,000,640 | ---- | M] () -- C:\Dokumente und Einstellungen\Admin\Desktop\ERUNT.lnk
[2011.03.09 19:56:49 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011.03.06 21:39:58 | 000,001,086 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\HP Solution Center.lnk
[2011.03.06 19:03:34 | 000,206,661 | ---- | M] () -- C:\WINDOWS\hpwins14.dat
[2011.03.06 19:01:48 | 000,001,856 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Startmen黒Programme\Autostart\HP Digital Imaging Monitor.lnk
[2011.03.06 13:46:42 | 000,000,722 | ---- | M] () -- C:\Dokumente und Einstellungen\Admin\Desktop\CCleaner.lnk
[2011.03.05 20:03:56 | 000,121,429 | ---- | M] () -- C:\WINDOWS\hpqins05.dat
[2011.03.05 17:32:41 | 000,000,734 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\MozBackup.lnk
[2011.03.05 15:19:01 | 000,001,634 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Mozilla Firefox.lnk
[2011.03.03 23:35:15 | 000,001,710 | ---- | M] () -- C:\Dokumente und Einstellungen\Admin\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011.03.03 21:16:05 | 000,023,316 | ---- | M] () -- C:\WINDOWS\hpqins15.dat
[2011.03.03 15:32:08 | 000,000,785 | ---- | M] () -- C:\Dokumente und Einstellungen\Admin\Desktop\Verkn黳fung mit Software.lnk
[2011.03.03 13:02:44 | 000,000,400 | ---- | M] () -- C:\WINDOWS\ODBC.INI
[2011.03.03 12:28:12 | 000,000,000 | ---- | M] () -- C:\Dokumente und Einstellungen\Admin\defogger_reenable
[2011.03.03 11:51:53 | 000,000,000 | ---- | M] () -- C:\Dokumente und Einstellungen\Admin\񀿉
[2011.03.03 11:41:02 | 000,472,080 | ---- | M] () -- C:\Dokumente und Einstellungen\Admin\Desktop\Load.exe
[2011.02.28 11:20:34 | 000,081,984 | ---- | M] () -- C:\WINDOWS\System32\bdod.bin
[2011.02.27 16:55:28 | 000,026,448 | ---- | M] () -- C:\WINDOWS\diagwrn.xml
[2011.02.27 16:55:28 | 000,001,908 | ---- | M] () -- C:\WINDOWS\diagerr.xml
[2011.02.21 09:00:00 | 000,000,316 | ---- | M] () -- C:\WINDOWS\tasks\Spybot - Search & Destroy -  Scheduled Task.job
[2011.02.21 00:40:16 | 000,484,034 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat
[2011.02.21 00:40:16 | 000,465,570 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011.02.21 00:40:16 | 000,093,828 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat
[2011.02.21 00:40:16 | 000,080,252 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011.02.20 21:51:41 | 000,137,256 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011.02.20 18:58:39 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2011.02.20 18:32:25 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\spdwnwxp.exe
[2011.02.13 13:36:05 | 000,000,855 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\TeamViewer 6.lnk
 
========== Files Created - No Company Name ==========
 
[2011.03.13 11:04:25 | 000,296,448 | ---- | C] () -- C:\Dokumente und Einstellungen\Admin\Desktop\g2m3e4r.exe
[2011.03.13 11:04:23 | 000,050,477 | ---- | C] () -- C:\Dokumente und Einstellungen\Admin\Desktop\defogger.exe
[2011.03.12 09:47:39 | 000,000,973 | ---- | C] () -- C:\Dokumente und Einstellungen\Admin\Desktop\Spybot - Search & Destroy.lnk
[2011.03.10 05:45:46 | 000,000,659 | ---- | C] () -- C:\Dokumente und Einstellungen\Admin\Desktop\NTREGOPT.lnk
[2011.03.10 05:45:46 | 000,000,640 | ---- | C] () -- C:\Dokumente und Einstellungen\Admin\Desktop\ERUNT.lnk
[2011.03.09 19:56:43 | 000,001,355 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2011.03.06 19:02:31 | 000,001,086 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\HP Solution Center.lnk
[2011.03.06 19:01:48 | 000,001,856 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Startmen黒Programme\Autostart\HP Digital Imaging Monitor.lnk
[2011.03.06 18:54:51 | 000,206,661 | ---- | C] () -- C:\WINDOWS\hpwins14.dat
[2011.03.06 18:54:51 | 000,001,108 | R--- | C] () -- C:\WINDOWS\hpwmdl14.dat
[2011.03.06 13:46:42 | 000,000,722 | ---- | C] () -- C:\Dokumente und Einstellungen\Admin\Desktop\CCleaner.lnk
[2011.03.05 20:01:15 | 000,121,429 | ---- | C] () -- C:\WINDOWS\hpqins05.dat
[2011.03.05 17:32:41 | 000,000,734 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\MozBackup.lnk
[2011.03.05 15:19:01 | 000,001,634 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Mozilla Firefox.lnk
[2011.03.03 23:35:15 | 000,001,710 | ---- | C] () -- C:\Dokumente und Einstellungen\Admin\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011.03.03 23:09:14 | 000,002,050 | ---- | C] () -- C:\Dokumente und Einstellungen\Admin\Startmen黒Programme\Microsoft Word.lnk
[2011.03.03 21:16:03 | 000,023,686 | ---- | C] () -- C:\WINDOWS\hpqins15.dat.temp
[2011.03.03 15:32:08 | 000,000,785 | ---- | C] () -- C:\Dokumente und Einstellungen\Admin\Desktop\Verkn黳fung mit Software.lnk
[2011.03.03 12:28:12 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\Admin\defogger_reenable
[2011.03.03 11:51:53 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\Admin\񀿉
[2011.03.03 11:42:24 | 000,472,080 | ---- | C] () -- C:\Dokumente und Einstellungen\Admin\Desktop\Load.exe
[2011.02.27 16:22:04 | 000,026,448 | ---- | C] () -- C:\WINDOWS\diagwrn.xml
[2011.02.27 16:22:04 | 000,001,908 | ---- | C] () -- C:\WINDOWS\diagerr.xml
[2011.02.20 17:25:21 | 000,081,984 | ---- | C] () -- C:\WINDOWS\System32\bdod.bin
[2011.02.13 13:36:05 | 000,000,855 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\TeamViewer 6.lnk
[2011.01.23 17:31:19 | 000,023,232 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2010.09.08 19:54:07 | 000,023,316 | ---- | C] () -- C:\WINDOWS\hpqins15.dat
[2009.07.03 15:40:49 | 000,119,460 | ---- | C] () -- C:\WINDOWS\hpqins00.dat
[2009.07.01 14:16:13 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2009.02.06 22:09:04 | 000,000,000 | ---- | C] () -- C:\WINDOWS\hpqEmlSz.INI
[2009.02.06 21:32:26 | 000,206,678 | ---- | C] () -- C:\WINDOWS\hpwins14.dat.temp
[2009.02.06 21:32:26 | 000,001,108 | ---- | C] () -- C:\WINDOWS\hpwmdl14.dat.temp
[2009.02.06 20:49:24 | 000,013,041 | R--- | C] () -- C:\WINDOWS\hpwscr14.dat
[2008.10.23 23:12:30 | 000,044,544 | ---- | C] () -- C:\WINDOWS\System32\Gif89.dll
[2008.09.25 16:55:06 | 000,241,664 | ---- | C] () -- C:\WINDOWS\System32\CmUCREye.exe
[2008.08.18 19:44:12 | 000,002,508 | ---- | C] () -- C:\Dokumente und Einstellungen\NetworkService\Anwendungsdaten\$_hpcst$.hpc
[2008.07.23 17:50:52 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008.07.23 17:46:38 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
[2008.07.13 20:31:16 | 000,002,508 | ---- | C] () -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\$_hpcst$.hpc
[2008.07.13 20:29:29 | 000,000,141 | ---- | C] () -- C:\Dokumente und Einstellungen\Admin\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat
[2008.05.26 21:59:42 | 000,018,904 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschematrivial.bin
[2008.05.26 21:59:40 | 000,106,605 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschema.bin
[2008.04.14 03:23:01 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\spdwnwxp.exe
[2007.11.01 21:28:35 | 000,000,059 | ---- | C] () -- C:\WINDOWS\WINPHONE.INI
[2007.11.01 21:25:12 | 001,759,570 | ---- | C] () -- C:\Programme\Data.Cab
[2007.11.01 21:25:12 | 000,492,016 | ---- | C] () -- C:\Programme\Eumex 504PC USB.msi
[2007.11.01 21:25:12 | 000,062,693 | ---- | C] () -- C:\Programme\setup.ini
[2007.10.07 14:12:23 | 000,000,002 | ---- | C] () -- C:\WINDOWS\tm.ini
[2007.09.27 10:51:02 | 000,024,188 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007.09.27 10:48:48 | 000,016,568 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007.09.27 10:48:28 | 000,016,834 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2007.09.02 22:15:12 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\pdfcmnnt.dll
[2007.08.31 11:51:27 | 000,001,140 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2007.08.11 21:00:14 | 000,554,496 | ---- | C] () -- C:\WINDOWS\System32\dvmsg.dll
[2007.06.05 19:33:56 | 000,002,711 | ---- | C] () -- C:\WINDOWS\DevMgr.ini
[2007.06.05 17:29:41 | 000,000,020 | ---- | C] () -- C:\WINDOWS\Hposcv07.INI
[2007.05.30 17:08:05 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2007.05.24 10:16:21 | 000,000,202 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2007.05.23 22:07:57 | 000,000,400 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007.05.16 22:48:46 | 000,004,212 | -H-- | C] () -- C:\WINDOWS\System32\zllictbl.dat
[2007.05.16 20:51:36 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2007.05.16 19:59:52 | 000,000,305 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\addr_file.html
[2006.06.22 15:26:31 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006.06.22 13:47:09 | 000,003,776 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2006.06.22 13:34:19 | 000,198,144 | ---- | C] () -- C:\WINDOWS\System32\_psisdecd.dll
[2006.06.22 13:18:00 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2006.06.22 12:20:12 | 000,127,184 | ---- | C] () -- C:\WINDOWS\Unwise.exe
[2006.06.22 11:47:11 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\Install2500USB.dll
[2006.06.22 11:47:11 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\DEDriverDLL.dll
[2006.06.22 11:47:11 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\WRLSetup.exe
[2006.06.22 11:44:48 | 000,550,912 | ---- | C] () -- C:\WINDOWS\mHotkey.exe
[2006.06.22 11:44:48 | 000,532,544 | ---- | C] () -- C:\WINDOWS\PIC.dll
[2006.06.22 11:44:48 | 000,049,152 | ---- | C] () -- C:\WINDOWS\CNYUSB.dll
[2006.06.22 11:44:48 | 000,036,864 | ---- | C] () -- C:\WINDOWS\ShowWnd.exe
[2006.06.22 11:44:48 | 000,024,576 | ---- | C] () -- C:\WINDOWS\HKNTDLL.dll
[2006.06.22 11:44:48 | 000,011,776 | ---- | C] () -- C:\WINDOWS\HIDMNT.dll
[2006.06.22 11:44:48 | 000,005,120 | ---- | C] () -- C:\WINDOWS\HKCYDLL.dll
[2006.06.22 11:44:48 | 000,000,360 | ---- | C] () -- C:\WINDOWS\CNYHKey.ini
[2006.06.22 11:41:59 | 000,241,664 | ---- | C] () -- C:\WINDOWS\System32\CmUCRRm.exe
[2006.06.22 11:41:59 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\CmUCRRm.Dll
[2006.06.22 11:41:59 | 000,024,576 | ---- | C] () -- C:\WINDOWS\CmiUCRUninstall.exe
[2006.06.22 11:41:59 | 000,000,052 | ---- | C] () -- C:\WINDOWS\CMICARDREADER.INI
[2006.06.22 11:31:36 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2006.06.22 11:27:11 | 001,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2006.06.22 11:27:11 | 001,519,616 | ---- | C] () -- C:\WINDOWS\System32\nwiz.exe
[2006.06.22 11:27:11 | 001,466,368 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2006.06.22 11:27:11 | 001,339,392 | ---- | C] () -- C:\WINDOWS\System32\nvdspsch.exe
[2006.06.22 11:27:11 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2006.06.22 11:27:11 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2006.06.22 11:27:10 | 000,442,368 | ---- | C] () -- C:\WINDOWS\System32\nvappbar.exe
[2006.06.22 11:27:10 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
[2006.06.21 14:24:58 | 000,000,872 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2006.06.21 14:24:54 | 000,484,034 | ---- | C] () -- C:\WINDOWS\System32\perfh007.dat
[2006.06.21 14:24:54 | 000,093,828 | ---- | C] () -- C:\WINDOWS\System32\perfc007.dat
[2006.06.21 14:24:47 | 000,465,570 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2006.06.21 14:24:47 | 000,080,252 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2006.06.21 14:24:45 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2006.06.21 06:30:15 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2006.06.21 06:29:38 | 000,137,256 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2006.06.21 05:39:11 | 000,000,863 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2006.06.21 05:37:28 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2006.06.21 05:34:24 | 000,023,604 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2006.01.30 12:57:03 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\34CoInstaller.dll
[2004.08.04 13:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004.08.04 13:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004.08.04 13:00:00 | 000,269,480 | ---- | C] () -- C:\WINDOWS\System32\perfi007.dat
[2004.08.04 13:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004.08.04 13:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004.08.04 13:00:00 | 000,034,478 | ---- | C] () -- C:\WINDOWS\System32\perfd007.dat
[2004.08.04 13:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004.08.04 13:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004.08.04 13:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004.08.04 01:57:34 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2001.09.04 14:12:28 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2001.09.04 14:10:20 | 000,004,518 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
 
========== LOP Check ==========
 
[2011.03.03 17:03:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Foxit Software
[2010.11.03 08:45:21 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Windows Desktop Search
[2011.03.03 12:53:09 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Windows Search
[2009.12.05 14:54:06 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AAV
[2011.02.17 22:06:07 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\BitDefender
[2009.01.31 15:35:41 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\MP3Find
[2008.08.19 08:37:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Team MediaPortal
[2009.02.18 07:04:06 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\X10 Settings
[2010.12.22 21:50:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2011.03.12 14:32:25 | 000,000,436 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{2917A911-98C5-4D1E-B588-BFA81F8AE1B3}.job
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %SYSTEMDRIVE%\*. >
[2011.03.11 14:57:17 | 000,000,000 | -H-D | M] -- C:\Config.Msi
[2011.02.19 13:14:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen
[2008.08.18 20:08:36 | 000,000,000 | ---D | M] -- C:\dvbfix
[2011.03.06 13:46:40 | 000,000,000 | R--D | M] -- C:\Programme
[2010.12.28 11:20:08 | 000,000,000 | -HSD | M] -- C:\RECYCLER
[2011.01.14 17:43:36 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2009.02.06 22:08:41 | 000,000,000 | ---D | M] -- C:\temp
[2011.02.26 11:30:08 | 000,000,000 | ---D | M] -- C:\UBCD4Winsmall
[2011.03.10 10:42:35 | 000,000,000 | ---D | M] -- C:\WINDOWS
[2011.02.24 00:09:41 | 000,000,000 | -H-D | M] -- C:\{2426F42A-20BE-4F19-A8A5-640920671123}
 
< %PROGRAMFILES%\*.exe >
[2000.11.06 10:16:44 | 000,102,400 | ---- | M] (Installshield Software Corporation                          ) -- C:\Programme\setup.exe
 
Invalid Environment Variable: LOCALAPPDATA
 
< %systemroot%\*. /mp /s >
 
 
< MD5 for: EXPLORER.EXE  >
[2004.08.04 13:00:00 | 001,035,264 | ---- | M] (Microsoft Corporation) MD5=22FE1BE02EADDE1632E478E4125639E0 -- C:\UBCD4Winsmall\BartPE\I386\EXPLORER.EXE
[2004.08.04 13:00:00 | 001,035,264 | ---- | M] (Microsoft Corporation) MD5=22FE1BE02EADDE1632E478E4125639E0 -- C:\UBCD4Winsmall\BartPE_110226\I386\EXPLORER.EXE
[2006.02.28 13:00:00 | 001,035,264 | ---- | M] (Microsoft Corporation) MD5=22FE1BE02EADDE1632E478E4125639E0 -- C:\WINDOWS\$NtUninstallKB938828$\explorer.exe
[2007.06.13 14:10:08 | 001,036,288 | ---- | M] (Microsoft Corporation) MD5=331ED93570BAF3CFE30340298762CD56 -- C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
[2008.04.14 03:22:45 | 001,036,800 | ---- | M] (Microsoft Corporation) MD5=418045A93CD87A352098AB7DABE1B53E -- C:\WINDOWS\explorer.exe
[2008.04.14 03:22:45 | 001,036,800 | ---- | M] (Microsoft Corporation) MD5=418045A93CD87A352098AB7DABE1B53E -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2008.04.14 03:22:45 | 001,036,800 | ---- | M] (Microsoft Corporation) MD5=418045A93CD87A352098AB7DABE1B53E -- C:\WINDOWS\SoftwareDistribution\Download\7d084ddd2c07c476a226e31c4ef032ff\explorer.exe
 
< MD5 for: USERINIT.EXE  >
[2008.04.14 03:23:03 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008.04.14 03:23:03 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\SoftwareDistribution\Download\7d084ddd2c07c476a226e31c4ef032ff\userinit.exe
[2008.04.14 03:23:03 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\system32\userinit.exe
[2004.08.04 13:00:00 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=D1E53DC57143F2584B1DD53B036C0633 -- C:\UBCD4Winsmall\BartPE\I386\SYSTEM32\USERINIT.EXE
[2004.08.04 13:00:00 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=D1E53DC57143F2584B1DD53B036C0633 -- C:\UBCD4Winsmall\BartPE_110226\I386\SYSTEM32\USERINIT.EXE
 
< MD5 for: WINLOGON.EXE  >
[2004.08.04 13:00:00 | 000,507,392 | ---- | M] (Microsoft Corporation) MD5=2B6A0BAF33A9918F09442D873848FF72 -- C:\UBCD4Winsmall\BartPE\I386\SYSTEM32\WINLOGON.EXE
[2004.08.04 13:00:00 | 000,507,392 | ---- | M] (Microsoft Corporation) MD5=2B6A0BAF33A9918F09442D873848FF72 -- C:\UBCD4Winsmall\BartPE_110226\I386\SYSTEM32\WINLOGON.EXE
[2008.04.14 03:23:05 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008.04.14 03:23:05 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\SoftwareDistribution\Download\7d084ddd2c07c476a226e31c4ef032ff\winlogon.exe
[2008.04.14 03:23:05 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\system32\winlogon.exe
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2011-03-09 19:04:55

< End of report >

cosinus 14.03.2011 11:06
Zitat:
Art des Suchlaufs: Quick-Scan
Hallo und :hallo:

Bitte routinem溥ig einen Vollscan mit malwarebytes machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Falls Logs aus 鋖teren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!

Andi1111 14.03.2011 15:15
Hallo,
Nachfolgend der MBAM Full scan Logfile:

Code:
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6048

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

14.03.2011 14:50:54
mbam-log-2011-03-14 (14-50-44).txt

Scan type: Full scan (C:\|D:\|E:\|F:\|)
Objects scanned: 601491
Time elapsed: 2 hour(s), 58 minute(s), 23 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\dokumente und einstellungen\***\lokale einstellungen\anwendungsdaten\vmlite workstation\VM2 XP\cpp\keyfinder-changer v1.41.exe (RiskWare.Tool.CK) -> No action taken.
Gr黶se,
Andi

cosinus 14.03.2011 16:18
Zitat:
c:\dokumente und einstellungen\***\lokale einstellungen\anwendungsdaten\vmlite workstation\VM2 XP\cpp\keyfinder-changer v1.41.exe
Ist das der Keyfinder um einen CD-Key aus Windows herauszulesen?

Andi1111 14.03.2011 17:21
Ja, eine 鋖tere Version von "magicaljellybean".
Mir war/ist nicht ganz deutlich welcher Key bei der Original Installation von XP von Medion genommen wurde.

Gr黶se,
Andi

cosinus 14.03.2011 18:41
Beende alle Programme, starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:
:OTL
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.06.21 05:36:01 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2006.11.02 12:52:16 | 000,000,120 | ---- | M] () - D:\autoexec.bat -- [ FAT32 ]
O4 - HKLM..\Run: [routcnf]  File not found
O4 - HKLM..\Run: [Showwnd] C:\WINDOWS\ShowWnd.exe ()
:Commands
[purity]
[resethosts]
[emptytemp]
Klick dann oben links auf den Button Fix!
Das Logfile m黶ste ge鰂fnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Andi1111 14.03.2011 20:30
Hier der Logfile:
Code:
All processes killed
========== OTL ==========
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\AUTOEXEC.BAT moved successfully.
D:\autoexec.bat moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\routcnf deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Showwnd deleted successfully.
C:\WINDOWS\ShowWnd.exe moved successfully.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
[EMPTYTEMP]
 
User: Admin
->Temp folder emptied: 294166 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: All Users
 
User: ***
->Temp folder emptied: 788368 bytes
->Temporary Internet Files folder emptied: 481930 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 92506194 bytes
->Flash cache emptied: 738 bytes
 
User: Besitzer
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 338463 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 90,00 mb
 
 
OTL by OldTimer - Version 3.2.22.3 log created on 03142011_191051

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...
Gr黶se,
Andi

cosinus 14.03.2011 20:40
Dann bitte jetzt CF ausf黨ren:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Lade dir ComboFix hier herunter auf deinen Desktop. Benenne es beim Runterladen um in cofi.exe.
http://saved.im/mtm0nzyzmzd5/cofi.jpg
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundw鋍hter sowie deinen Internetbrowser.
  • Starte cofi.exe von deinem Desktop aus, best鋞ige die Warnmeldungen, f黨re die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch w鋒rend Combofix l鋟ft die Maus und Tastatur zu benutzen.
  • Im Anschluss 鰂fnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einf黦en ([Strg]v). Die Datei findest du au遝rdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschlie遧ich ausgef黨rt werden, wenn ein Kompetenzler dies ausdr點klich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgef黨rt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Andi1111 14.03.2011 21:28
Hallo,
Nachfolgend der

Combofix Logfile:
Code:
ComboFix 11-03-13.02 - Admin 14.03.2011  21:02:22.1.2 - x86
Microsoft Windows XP Home Edition  5.1.2600.3.1252.49.1031.18.1022.541 [GMT 1:00]
ausgef黨rt von:: c:\dokumente und einstellungen\Admin\Desktop\CoFi.exe
AV: AntiVir Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
.
((((((((((((((((((((((((((((((((((((  Weitere L鰏chungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programme\Setup.exe
c:\windows\system32\spdwnwxp.exe
c:\windows\system32\Thumbs.db
.
.
(((((((((((((((((((((((  Dateien erstellt von 2011-02-14 bis 2011-03-14  ))))))))))))))))))))))))))))))
.
.
2011-03-14 18:10 . 2011-03-14 18:10        --------        d-----w-        C:\_OTL
2011-03-06 18:04 . 2011-03-06 18:04        --------        d-----w-        c:\dokumente und einstellungen\Admin\Lokale Einstellungen\Anwendungsdaten\HP
2011-03-06 18:02 . 2011-03-06 18:02        --------        d-----w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\HP Product Assistant
2011-03-06 17:59 . 2007-11-07 02:10        271704        ----a-r-        c:\windows\system32\hpzids01.dll
2011-03-06 17:58 . 2007-10-31 12:19        729088        ----a-r-        c:\windows\system32\hpwwiax3.dll
2011-03-06 17:58 . 2007-10-31 12:19        970752        ----a-r-        c:\windows\system32\hpwtiop3.dll
2011-03-06 17:58 . 2007-01-17 16:37        364544        ----a-r-        c:\windows\system32\hppldcoi.dll
2011-03-06 17:58 . 2007-01-17 16:37        309760        ----a-r-        c:\windows\system32\difxapi.dll
2011-03-06 17:58 . 2007-01-17 16:31        294912        ----a-r-        c:\windows\system32\hpovst11.dll
2011-03-06 17:17 . 2011-03-06 17:17        --------        d-----w-        c:\dokumente und einstellungen\Admin\Anwendungsdaten\HP
2011-03-06 12:46 . 2011-03-06 12:46        --------        d-----w-        c:\programme\CCleaner
2011-03-05 15:39 . 2011-03-05 16:32        --------        d-----w-        c:\programme\MozBackup-1.4.10-DE
2011-03-05 11:25 . 2011-03-05 11:25        --------        d-----w-        c:\dokumente und einstellungen\Admin\VMLites
2011-03-03 22:35 . 2011-03-03 22:35        --------        d-----w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\SUPERAntiSpyware.com
2011-03-03 22:35 . 2011-03-03 22:35        --------        d-----w-        c:\dokumente und einstellungen\Admin\Anwendungsdaten\SUPERAntiSpyware.com
2011-03-03 22:35 . 2011-03-03 22:35        --------        d-----w-        c:\programme\SUPERAntiSpyware
2011-03-03 21:59 . 2011-03-03 21:59        --------        d-----w-        c:\dokumente und einstellungen\Admin\Anwendungsdaten\Avira
2011-03-03 20:41 . 2011-03-03 20:41        --------        d-----w-        c:\dokumente und einstellungen\Admin\Lokale Einstellungen\Anwendungsdaten\Apple
2011-03-03 16:03 . 2011-03-03 16:03        --------        d-----w-        c:\dokumente und einstellungen\Admin\Anwendungsdaten\Foxit Software
2011-03-03 16:02 . 2011-03-03 16:02        --------        d-----w-        c:\programme\Foxit Software
2011-03-03 15:49 . 2011-03-03 15:49        --------        d-----w-        c:\dokumente und einstellungen\Admin\Lokale Einstellungen\Anwendungsdaten\Mozilla
2011-03-03 15:34 . 2011-03-03 15:34        472808        ----a-w-        c:\windows\system32\deployJava1.dll
2011-03-03 12:07 . 2011-03-03 12:07        --------        d-sh--w-        c:\dokumente und einstellungen\Admin\IECompatCache
2011-03-03 11:53 . 2011-03-03 11:53        --------        d-----w-        c:\dokumente und einstellungen\Admin\Anwendungsdaten\Windows Search
2011-03-03 11:17 . 2011-03-10 04:45        --------        d-----w-        c:\programme\ERUNT
2011-03-03 10:51 . 2011-03-03 20:41        --------        d-----w-        c:\dokumente und einstellungen\Admin\Anwendungsdaten\Apple Computer
2011-03-03 10:46 . 2011-03-03 10:46        --------        d-----w-        c:\dokumente und einstellungen\Admin\Anwendungsdaten\Malwarebytes
2011-02-24 08:04 . 2011-03-08 23:31        --------        d-----w-        c:\dokumente und einstellungen\***\VMLites
2011-02-24 07:58 . 2010-08-18 11:28        127080        ----a-w-        c:\windows\system32\drivers\vmliteusbmon.sys
2011-02-24 07:57 . 2010-06-29 09:20        15464        ----a-w-        c:\windows\system32\drivers\vmlitedrv.sys
2011-02-24 07:57 . 2010-08-11 10:04        143848        ----a-w-        c:\windows\system32\drivers\VBoxDrv.sys
2011-02-24 07:57 . 2011-02-24 07:57        --------        d-----w-        c:\programme\VMLite
2011-02-21 20:21 . 2009-08-06 18:23        274288        ----a-w-        c:\windows\system32\mucltui.dll
2011-02-20 16:25 . 2011-02-28 10:20        81984        ----a-w-        c:\windows\system32\bdod.bin
2011-02-16 22:49 . 2011-02-17 21:06        --------        d-----w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\BitDefender
2011-02-16 22:47 . 2011-02-28 10:21        --------        d-----w-        c:\programme\Gemeinsame Dateien\BitDefender
2011-02-13 12:36 . 2011-01-12 09:42        25088        ----a-w-        c:\windows\system32\drivers\teamviewervpn.sys
2011-02-13 12:35 . 2011-02-13 12:35        --------        d-----w-        c:\programme\TeamViewer
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-03 15:34 . 2008-10-05 21:10        73728        ----a-w-        c:\windows\system32\javacpl.cpl
2011-02-17 19:49 . 2008-08-09 17:17        18816        ----a-w-        c:\windows\system32\drivers\dvd43llh.sys
2011-02-09 13:53 . 2004-08-04 12:00        270848        ----a-w-        c:\windows\system32\sbe.dll
2011-02-09 13:53 . 2004-08-04 12:00        186880        ----a-w-        c:\windows\system32\encdec.dll
2011-02-02 07:58 . 2006-06-21 04:33        2067456        ----a-w-        c:\windows\system32\mstscax.dll
2011-01-27 11:57 . 2006-06-21 04:33        677888        ----a-w-        c:\windows\system32\mstsc.exe
2011-01-21 14:44 . 2004-08-04 12:00        440832        ----a-w-        c:\windows\system32\shimgvw.dll
2011-01-07 14:09 . 2004-08-04 12:00        290048        ----a-w-        c:\windows\system32\atmfd.dll
2010-12-31 14:03 . 2004-08-04 12:00        1855104        ----a-w-        c:\windows\system32\win32k.sys
2010-12-22 20:32 . 2010-12-22 20:32        1409        ----a-w-        c:\windows\QTFont.for
2010-12-22 12:34 . 2004-08-04 12:00        301568        ----a-w-        c:\windows\system32\kerberos.dll
2010-12-20 23:52 . 2004-08-04 12:00        916480        ----a-w-        c:\windows\system32\wininet.dll
2010-12-20 23:52 . 2004-08-04 12:00        43520        ----a-w-        c:\windows\system32\licmgr10.dll
2010-12-20 23:52 . 2004-08-04 12:00        1469440        ------w-        c:\windows\system32\inetcpl.cpl
2010-12-20 17:25 . 2004-08-04 12:00        737792        ----a-w-        c:\windows\system32\lsasrv.dll
2010-12-20 17:09 . 2010-12-29 15:37        38224        ----a-w-        c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-20 17:08 . 2010-12-29 15:37        20952        ----a-w-        c:\windows\system32\drivers\mbam.sys
2010-12-20 12:55 . 2004-08-04 12:00        385024        ----a-w-        c:\windows\system32\html.iec
2004-04-28 10:57 . 2007-11-01 20:25        492016        ----a-w-        c:\programme\Eumex 504PC USB.msi
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Eintr鋑e & legitime Standardeintr鋑e werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nwiz"="nwiz.exe" [2006-04-27 1519616]
"CHotkey"="mHotkey.exe" [2004-12-08 550912]
"ledpointer"="CNYHKey.exe" [2005-11-10 5585408]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-04-27 7573504]
"MedionVFD"="c:\programme\Medion Info Display\MdionLCM.exe" [2006-01-27 176128]
"InstantOn"="c:\programme\CyberLink\PowerCinema Linux\ion_install.exe" [2005-09-22 93640]
"SkyTel"="SkyTel.EXE" [2006-05-16 2879488]
"PCMService"="c:\programme\Home Cinema\PowerCinema\PCMService.exe" [2006-02-22 143360]
"dvd43"="c:\programme\dvd43\dvd43_tray.exe" [2008-04-09 826880]
"CmUCRRun"="c:\windows\system32\CmUCReye.exe" [2005-10-12 241664]
"avgnt"="c:\programme\Avira\AntiVir Desktop\avgnt.exe" [2010-12-13 281768]
"QuickTime Task"="c:\programme\QuickTime\qttask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\programme\iTunes\iTunesHelper.exe" [2010-12-13 421160]
"RTHDCPL"="RTHDCPL.EXE" [2006-01-11 15961088]
"SunJavaUpdateSched"="c:\programme\Gemeinsame Dateien\Java\Java Update\jusched.exe" [2010-10-29 249064]
"HP Software Update"="c:\programme\HP\HP Software Update\HPWuSchd2.exe" [2007-10-14 49152]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"tscuninstall"="c:\windows\system32\tscupgrd.exe" [2006-02-28 44544]
.
c:\dokumente und einstellungen\All Users\Startmen乗Programme\Autostart\
HP Digital Imaging Monitor.lnk - c:\programme\HP\Digital Imaging\bin\hpqtra08.exe [2007-10-14 214360]
Microsoft Office.lnk - c:\programme\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
tclock.lnk - c:\programme\tclocklight-040702-3\tclock.exe [2008-8-31 44544]
Windows Search.lnk - c:\programme\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\programme\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\programme\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21        548352        ----a-w-        c:\programme\SUPERAntiSpyware\SASWINLO.DLL
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Programme\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Programme\\HP\\Digital Imaging\\bin\\hpofxs08.exe"=
"c:\\Programme\\HP\\Digital Imaging\\bin\\hpqfxt08.exe"=
"c:\\Programme\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"=
"c:\\Programme\\HP\\HP Software Update\\HPWUCli.exe"=
"c:\\Programme\\Skype\\Phone\\Skype.exe"=
"c:\\Programme\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Programme\\Bonjour\\mDNSResponder.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programme\\iTunes\\iTunes.exe"=
"c:\\Programme\\SuperSync\\SuperSync.exe"=
"c:\\Programme\\TeamViewer\\Version6\\TeamViewer.exe"=
"c:\\Programme\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Programme\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Programme\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Programme\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Programme\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Programme\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Programme\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Programme\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
.
R1 SASDIFSV;SASDIFSV;c:\programme\SUPERAntiSpyware\sasdifsv.sys [17.02.2010 19:25 12872]
R1 SASKUTIL;SASKUTIL;c:\programme\SUPERAntiSpyware\SASKUTIL.SYS [10.05.2010 19:41 67656]
R1 VBoxDrv;VBoxDrv;c:\windows\system32\drivers\VBoxDrv.sys [24.02.2011 08:57 143848]
R1 vmlitedrv;vmlitedrv;c:\windows\system32\drivers\vmlitedrv.sys [24.02.2011 08:57 15464]
R1 VMLiteUSBMon;VMLiteUSBMon;c:\windows\system32\drivers\vmliteusbmon.sys [24.02.2011 08:58 127080]
R2 AntiVirSchedulerService;Avira AntiVir Planer;c:\programme\Avira\AntiVir Desktop\sched.exe [05.09.2009 20:26 135336]
R2 CAPI20;Eumex 504PC USB;c:\windows\system32\drivers\Capi20.sys [02.11.2007 15:33 240288]
R2 DETEWECP;Telekom ISDN Port;c:\windows\system32\drivers\detewecp.sys [02.11.2007 15:33 38480]
R2 VMLiteService;VMLiteService;c:\programme\VMLite\VMLite Workstation\VMLiteService.exe [21.08.2010 07:22 455784]
R3 3xHybrid;Philips SAA713x PCI Card;c:\windows\system32\drivers\3xHybrid.sys [30.01.2006 12:57 882688]
R3 CMISTOR;CMIUCR.SYS CM220 Card Reader Driver;c:\windows\system32\drivers\cmiucr.SYS [22.06.2006 11:41 72320]
R3 VBoxNetAdp;VMLite Host-Only Ethernet Adapter;c:\windows\system32\drivers\VBoxNetAdp.sys [11.08.2010 11:05 100264]
R3 VBoxNetFlt;VBoxNetFlt Service;c:\windows\system32\drivers\VBoxNetFlt.sys [11.08.2010 11:05 111208]
R3 vmlitediskmp;vmlitediskmp;c:\windows\system32\drivers\vmlitediskmp.sys [18.08.2010 11:54 127080]
S0 rseb;rseb; [x]
S3 dtwmnic5;Telekom Eumex 504PC SE;c:\windows\system32\DRIVERS\dtwmnic5.sys --> c:\windows\system32\DRIVERS\dtwmnic5.sys [?]
S3 ulisa;Telekom ISDN-Adapter (USB);c:\windows\system32\Drivers\ulisa.sys --> c:\windows\system32\Drivers\ulisa.sys [?]
S3 VMLiteUSB;VMLite USB;c:\windows\system32\drivers\VMLiteUSB.sys [18.08.2010 11:54 135272]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12        REG_MULTI_SZ          Pml Driver HPZ12 Net Driver HPZ12
HPService        REG_MULTI_SZ          HPSLPSVC
hpdevmgmt        REG_MULTI_SZ          hpqcxs08 hpqddsvc
.
Inhalt des "geplante Tasks" Ordners
.
2011-03-11 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programme\Apple Software Update\SoftwareUpdate.exe [2009-10-22 10:50]
.
2011-03-13 c:\windows\Tasks\User_Feed_Synchronization-{2917A911-98C5-4D1E-B588-BFA81F8AE1B3}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 03:31]
.
.
------- Zus鋞zlicher Suchlauf -------
.
uStart Page = hxxp://www.google.de/
IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
FF - ProfilePath - c:\dokumente und einstellungen\Admin\Anwendungsdaten\Mozilla\Firefox\Profiles\68qn9hhk.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/
FF - prefs.js: network.proxy.type - 0
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\programme\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\programme\Java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: WOT: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} - %profile%\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
FF - Ext: FireShot: {0b457cAA-602d-484a-8fe7-c1d894a011ba} - %profile%\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}
.
- - - - Entfernte verwaiste Registrierungseintr鋑e - - - -
.
AddRemove-navigating.de POI-Warner GoPal Edition - c:\windows\suinsta4001.exe
AddRemove-navigating.de POI-Warner POI-Daten - c:\windows\suinsta4001.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2011-03-14 21:08
Windows 5.1.2600 Service Pack 3 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteintr鋑e...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, hxxp://www.gmer.net
Windows 5.1.2600 Disk: WDC_WD2500JD-00HBB0 rev.08.02D08 -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-2b
.
device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user != kernel MBR !!!
sectors 488397166 (+255): user != kernel
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10n_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10n_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'winlogon.exe'(1272)
c:\programme\SUPERAntiSpyware\SASWINLO.DLL
.
Zeit der Fertigstellung: 2011-03-14  21:11:44
ComboFix-quarantined-files.txt  2011-03-14 20:11
.
Vor Suchlauf: 8 Verzeichnis(se), 75.182.227.456 Bytes frei
Nach Suchlauf: 11 Verzeichnis(se), 75.178.467.328 Bytes frei
.
WindowsXP-KB310994-SP2-Home-BootDisk-DEU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
.
- - End Of File - - DAE07B462A2E8A2C7C6188B54315B677
--- --- ---



Gr黶se,
Andi

cosinus 15.03.2011 10:57
Bitte nun dieses Tool von Kaspersky ausf黨ren und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

Andi1111 15.03.2011 12:18
Sieht aus als ob nichts gefunden wurde:

Code:
2011/03/15 12:08:05.0859 1672        TDSS rootkit removing tool 2.4.21.0 Mar 10 2011 12:26:28
2011/03/15 12:08:06.0250 1672        ================================================================================
2011/03/15 12:08:06.0250 1672        SystemInfo:
2011/03/15 12:08:06.0250 1672       
2011/03/15 12:08:06.0250 1672        OS Version: 5.1.2600 ServicePack: 3.0
2011/03/15 12:08:06.0250 1672        Product type: Workstation
2011/03/15 12:08:06.0250 1672        ComputerName: MD8800
2011/03/15 12:08:06.0250 1672        UserName: Admin
2011/03/15 12:08:06.0250 1672        Windows directory: C:\WINDOWS
2011/03/15 12:08:06.0250 1672        System windows directory: C:\WINDOWS
2011/03/15 12:08:06.0250 1672        Processor architecture: Intel x86
2011/03/15 12:08:06.0250 1672        Number of processors: 2
2011/03/15 12:08:06.0250 1672        Page size: 0x1000
2011/03/15 12:08:06.0250 1672        Boot type: Normal boot
2011/03/15 12:08:06.0250 1672        ================================================================================
2011/03/15 12:08:06.0437 1672        Initialize success
2011/03/15 12:08:09.0828 2772        ================================================================================
2011/03/15 12:08:09.0828 2772        Scan started
2011/03/15 12:08:09.0828 2772        Mode: Manual;
2011/03/15 12:08:09.0828 2772        ================================================================================
2011/03/15 12:08:10.0828 2772        3xHybrid        (4393b673d29a0d118e9730b67ab7d959) C:\WINDOWS\system32\DRIVERS\3xHybrid.sys
2011/03/15 12:08:10.0937 2772        ACPI            (ac407f1a62c3a300b4f2b5a9f1d55b2c) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/03/15 12:08:10.0968 2772        ACPIEC          (9e1ca3160dafb159ca14f83b1e317f75) C:\WINDOWS\system32\drivers\ACPIEC.sys
2011/03/15 12:08:11.0031 2772        aec            (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/03/15 12:08:11.0093 2772        AegisP          (8d155386b3b032ea7513e19f8c8f80a7) C:\WINDOWS\system32\DRIVERS\AegisP.sys
2011/03/15 12:08:11.0140 2772        AFD            (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
2011/03/15 12:08:11.0218 2772        AgereSoftModem  (34f27c7d71f1c49c7d3857f28b42f544) C:\WINDOWS\system32\DRIVERS\AGRSM.sys
2011/03/15 12:08:11.0406 2772        Arp1394        (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
2011/03/15 12:08:11.0500 2772        AsyncMac        (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/03/15 12:08:11.0531 2772        atapi          (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/03/15 12:08:11.0578 2772        Atmarpc        (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/03/15 12:08:11.0625 2772        audstub        (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/03/15 12:08:11.0718 2772        avgio          (0b497c79824f8e1bf22fa6aacd3de3a0) C:\Programme\Avira\AntiVir Desktop\avgio.sys
2011/03/15 12:08:11.0765 2772        avgntflt        (47b879406246ffdced59e18d331a0e7d) C:\WINDOWS\system32\DRIVERS\avgntflt.sys
2011/03/15 12:08:11.0812 2772        avipbb          (da39805e2bad99d37fce9477dd94e7f2) C:\WINDOWS\system32\DRIVERS\avipbb.sys
2011/03/15 12:08:11.0875 2772        Beep            (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/03/15 12:08:11.0953 2772        CAPI20          (2b6cc617c56580b126108d1902e024bb) C:\WINDOWS\System32\Drivers\CAPI20.SYS
2011/03/15 12:08:12.0093 2772        cbidf2k        (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/03/15 12:08:12.0140 2772        CCDECODE        (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2011/03/15 12:08:12.0218 2772        Cdaudio        (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/03/15 12:08:12.0234 2772        Cdfs            (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/03/15 12:08:12.0265 2772        Cdrom          (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/03/15 12:08:12.0375 2772        CMISTOR        (bbdd16b65f669f8d62d12fbc47289897) C:\WINDOWS\system32\DRIVERS\cmiucr.SYS
2011/03/15 12:08:13.0031 2772        DETEWECP        (d24bab151777f35f24651ae40005510b) C:\WINDOWS\System32\drivers\detewecp.sys
2011/03/15 12:08:13.0078 2772        Disk            (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/03/15 12:08:13.0140 2772        dmboot          (0dcfc8395a99fecbb1ef771cec7fe4ea) C:\WINDOWS\system32\drivers\dmboot.sys
2011/03/15 12:08:13.0218 2772        dmio            (53720ab12b48719d00e327da470a619a) C:\WINDOWS\system32\drivers\dmio.sys
2011/03/15 12:08:13.0250 2772        dmload          (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/03/15 12:08:13.0296 2772        DMusic          (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2011/03/15 12:08:13.0343 2772        drmkaud        (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/03/15 12:08:13.0406 2772        dvd43llh        (1fc1eed3ea0c3a0ecf8a95b97e1b4831) C:\WINDOWS\system32\DRIVERS\dvd43llh.sys
2011/03/15 12:08:13.0437 2772        Fastfat        (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/03/15 12:08:13.0468 2772        Fdc            (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2011/03/15 12:08:13.0500 2772        Fips            (b0678a548587c5f1967b0d70bacad6c1) C:\WINDOWS\system32\drivers\Fips.sys
2011/03/15 12:08:13.0515 2772        Flpydisk        (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
2011/03/15 12:08:13.0562 2772        FltMgr          (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2011/03/15 12:08:13.0609 2772        Fs_Rec          (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/03/15 12:08:13.0640 2772        Ftdisk          (8f1955ce42e1484714b542f341647778) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/03/15 12:08:13.0671 2772        GEARAspiWDM    (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
2011/03/15 12:08:13.0703 2772        Gpc            (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/03/15 12:08:13.0750 2772        HDAudBus        (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2011/03/15 12:08:13.0781 2772        HidUsb          (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/03/15 12:08:13.0906 2772        HPZius12        (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
2011/03/15 12:08:13.0953 2772        HTTP            (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/03/15 12:08:14.0015 2772        i8042prt        (e283b97cfbeb86c1d86baed5f7846a92) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/03/15 12:08:14.0062 2772        Imapi          (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/03/15 12:08:14.0296 2772        IntcAzAudAddService (90e1b42e49d9e91e5accaaaaefa10ce8) C:\WINDOWS\system32\drivers\RtkHDAud.sys
2011/03/15 12:08:14.0421 2772        intelppm        (4c7d2750158ed6e7ad642d97bffae351) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/03/15 12:08:14.0453 2772        Ip6Fw          (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2011/03/15 12:08:14.0484 2772        IpFilterDriver  (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/03/15 12:08:14.0515 2772        IpInIp          (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/03/15 12:08:14.0531 2772        IpNat          (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/03/15 12:08:14.0562 2772        IPSec          (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/03/15 12:08:14.0593 2772        IRENUM          (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/03/15 12:08:14.0625 2772        isapnp          (6dfb88f64135c525433e87648bda30de) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/03/15 12:08:14.0656 2772        Kbdclass        (1704d8c4c8807b889e43c649b478a452) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/03/15 12:08:14.0671 2772        kbdhid          (b6d6c117d771c98130497265f26d1882) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2011/03/15 12:08:14.0703 2772        kmixer          (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/03/15 12:08:14.0734 2772        KSecDD          (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/03/15 12:08:14.0812 2772        mnmdd          (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/03/15 12:08:14.0859 2772        Modem          (6fb74ebd4ec57a6f1781de3852cc3362) C:\WINDOWS\system32\drivers\Modem.sys
2011/03/15 12:08:14.0875 2772        Mouclass        (b24ce8005deab254c0251e15cb71d802) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/03/15 12:08:14.0937 2772        mouhid          (66a6f73c74e1791464160a7065ce711a) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/03/15 12:08:14.0953 2772        MountMgr        (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/03/15 12:08:15.0000 2772        MPE            (c0f8e0c2c3c0437cf37c6781896dc3ec) C:\WINDOWS\system32\DRIVERS\MPE.sys
2011/03/15 12:08:15.0031 2772        MRxDAV          (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/03/15 12:08:15.0093 2772        MRxSmb          (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/03/15 12:08:15.0125 2772        Msfs            (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/03/15 12:08:15.0171 2772        MSKSSRV        (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/03/15 12:08:15.0203 2772        MSPCLOCK        (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/03/15 12:08:15.0234 2772        MSPQM          (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/03/15 12:08:15.0296 2772        mssmbios        (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/03/15 12:08:15.0328 2772        MSTEE          (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
2011/03/15 12:08:15.0375 2772        Mup            (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2011/03/15 12:08:15.0406 2772        NABTSFEC        (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2011/03/15 12:08:15.0468 2772        NDIS            (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2011/03/15 12:08:15.0484 2772        NdisIP          (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
2011/03/15 12:08:15.0531 2772        NdisTapi        (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/03/15 12:08:15.0578 2772        Ndisuio        (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/03/15 12:08:15.0937 2772        NdisWan        (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/03/15 12:08:16.0250 2772        NDProxy        (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/03/15 12:08:16.0375 2772        NetBIOS        (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/03/15 12:08:16.0390 2772        NetBT          (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/03/15 12:08:16.0453 2772        NIC1394        (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
2011/03/15 12:08:16.0468 2772        Npfs            (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2011/03/15 12:08:16.0515 2772        Ntfs            (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/03/15 12:08:16.0609 2772        Null            (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/03/15 12:08:16.0781 2772        nv              (dc0b33c6c7321714be4e6c1a005a75d9) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2011/03/15 12:08:16.0843 2772        NwlnkFlt        (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/03/15 12:08:16.0875 2772        NwlnkFwd        (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/03/15 12:08:16.0906 2772        ohci1394        (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
2011/03/15 12:08:16.0937 2772        Parport        (f84785660305b9b903fb3bca8ba29837) C:\WINDOWS\system32\DRIVERS\parport.sys
2011/03/15 12:08:16.0953 2772        PartMgr        (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/03/15 12:08:17.0000 2772        ParVdm          (c2bf987829099a3eaa2ca6a0a90ecb4f) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/03/15 12:08:17.0015 2772        PCI            (387e8dedc343aa2d1efbc30580273acd) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/03/15 12:08:17.0078 2772        PCIIde          (59ba86d9a61cbcf4df8e598c331f5b82) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/03/15 12:08:17.0109 2772        Pcmcia          (a2a966b77d61847d61a3051df87c8c97) C:\WINDOWS\system32\drivers\Pcmcia.sys
2011/03/15 12:08:17.0281 2772        PptpMiniport    (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/03/15 12:08:17.0343 2772        PQNTDrv        (4228630829c0e521c43d882a00533374) C:\WINDOWS\system32\drivers\PQNTDrv.sys
2011/03/15 12:08:17.0359 2772        PSched          (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/03/15 12:08:17.0406 2772        Ptilink        (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/03/15 12:08:17.0437 2772        PxHelp20        (d86b4a68565e444d76457f14172c875a) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2011/03/15 12:08:17.0562 2772        RasAcd          (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/03/15 12:08:17.0578 2772        Rasl2tp        (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/03/15 12:08:17.0625 2772        RasPppoe        (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/03/15 12:08:17.0640 2772        Raspti          (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/03/15 12:08:17.0671 2772        Rdbss          (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/03/15 12:08:17.0687 2772        RDPCDD          (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/03/15 12:08:17.0734 2772        RDPWD          (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/03/15 12:08:17.0765 2772        redbook        (ed761d453856f795a7fe056e42c36365) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/03/15 12:08:17.0828 2772        ROOTMODEM      (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys
2011/03/15 12:08:17.0906 2772        RT2500USB      (b2a5e9d580a61b57ad91fa64a4789aba) C:\WINDOWS\system32\DRIVERS\rt2500usb.sys
2011/03/15 12:08:17.0953 2772        RTL8023xp      (62287f3ec4b4948e815a74eddd323843) C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys
2011/03/15 12:08:18.0078 2772        SASDIFSV        (a3281aec37e0720a2bc28034c2df2a56) C:\Programme\SUPERAntiSpyware\SASDIFSV.SYS
2011/03/15 12:08:18.0093 2772        SASKUTIL        (61db0d0756a99506207fd724e3692b25) C:\Programme\SUPERAntiSpyware\SASKUTIL.SYS
2011/03/15 12:08:18.0156 2772        Secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/03/15 12:08:18.0171 2772        serenum        (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2011/03/15 12:08:18.0218 2772        Serial          (cf24eb4f0412c82bcd1f4f35a025e31d) C:\WINDOWS\system32\DRIVERS\serial.sys
2011/03/15 12:08:18.0265 2772        Sfloppy        (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\DRIVERS\sfloppy.sys
2011/03/15 12:08:18.0312 2772        SLIP            (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
2011/03/15 12:08:18.0375 2772        splitter        (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2011/03/15 12:08:18.0406 2772        sr              (50fa898f8c032796d3b1b9951bb5a90f) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/03/15 12:08:18.0468 2772        Srv            (0f6aefad3641a657e18081f52d0c15af) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/03/15 12:08:18.0546 2772        ssmdrv          (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
2011/03/15 12:08:18.0593 2772        StillCam        (a2dbcc4c8860449df1ab758ea28b4de0) C:\WINDOWS\system32\DRIVERS\serscan.sys
2011/03/15 12:08:18.0656 2772        streamip        (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
2011/03/15 12:08:18.0687 2772        swenum          (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/03/15 12:08:18.0703 2772        swmidi          (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2011/03/15 12:08:18.0812 2772        sysaudio        (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/03/15 12:08:18.0875 2772        Tcpip          (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/03/15 12:08:18.0937 2772        TDPIPE          (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/03/15 12:08:18.0953 2772        TDTCP          (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/03/15 12:08:19.0000 2772        TermDD          (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/03/15 12:08:19.0109 2772        truecrypt      (1592a0c126cf28b6d22d16ffe15a8a0d) C:\WINDOWS\system32\drivers\truecrypt.sys
2011/03/15 12:08:19.0140 2772        Udfs            (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2011/03/15 12:08:19.0234 2772        Update          (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2011/03/15 12:08:19.0281 2772        usbccgp        (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/03/15 12:08:19.0328 2772        usbehci        (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/03/15 12:08:19.0390 2772        usbhub          (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/03/15 12:08:19.0437 2772        usbprint        (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2011/03/15 12:08:19.0468 2772        usbscan        (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/03/15 12:08:19.0500 2772        USBSTOR        (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/03/15 12:08:19.0531 2772        usbuhci        (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/03/15 12:08:19.0578 2772        usb_rndisx      (b6cc50279d6cd28e090a5d33244adc9a) C:\WINDOWS\system32\DRIVERS\usb8023x.sys
2011/03/15 12:08:19.0625 2772        VBoxDrv        (78e34aaa6939fb0ece3afa5fd356f540) C:\WINDOWS\system32\drivers\VBoxDrv.sys
2011/03/15 12:08:19.0687 2772        VBoxNetAdp      (b39fecb3b506660c4942c906e5362a58) C:\WINDOWS\system32\DRIVERS\VBoxNetAdp.sys
2011/03/15 12:08:19.0703 2772        VBoxNetFlt      (0d26330db08bce43deace125bbf3bb01) C:\WINDOWS\system32\DRIVERS\VBoxNetFlt.sys
2011/03/15 12:08:19.0734 2772        VgaSave        (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2011/03/15 12:08:19.0796 2772        vmlitediskmp    (639b911889969fe2dc729bbad8caa2b1) C:\WINDOWS\system32\DRIVERS\vmlitediskmp.sys
2011/03/15 12:08:19.0828 2772        vmlitedrv      (50af24ed984db1f285972d1fca592c74) C:\WINDOWS\system32\drivers\vmlitedrv.sys
2011/03/15 12:08:19.0875 2772        VMLiteUSB      (d30f168f2a0511e1ecd7155ee9b918e5) C:\WINDOWS\system32\Drivers\VMLiteUSB.sys
2011/03/15 12:08:19.0921 2772        VMLiteUSBMon    (60916b5da67ccb81b20bf135fac026a8) C:\WINDOWS\system32\drivers\vmliteusbmon.sys
2011/03/15 12:08:19.0968 2772        VolSnap        (a5a712f4e880874a477af790b5186e1d) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/03/15 12:08:19.0984 2772        Wanarp          (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/03/15 12:08:20.0046 2772        wanatw          (0a716c08cb13c3a8f4f51e882dbf7416) C:\WINDOWS\system32\DRIVERS\wanatw4.sys
2011/03/15 12:08:20.0078 2772        wceusbsh        (b2e899062723723b3f150023b5a123ad) C:\WINDOWS\system32\DRIVERS\wceusbsh.sys
2011/03/15 12:08:20.0140 2772        wdmaud          (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/03/15 12:08:20.0250 2772        WS2IFSL        (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
2011/03/15 12:08:20.0296 2772        WSTCODEC        (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2011/03/15 12:08:20.0343 2772        WudfPf          (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2011/03/15 12:08:20.0359 2772        WudfRd          (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2011/03/15 12:08:20.0421 2772        XUIF            (41cf36a3cc7786575247ed456918e112) C:\WINDOWS\system32\Drivers\x10ufx2.sys
2011/03/15 12:08:20.0656 2772        ================================================================================
2011/03/15 12:08:20.0656 2772        Scan finished
2011/03/15 12:08:20.0656 2772        ================================================================================

cosinus 15.03.2011 15:43
Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER st黵zt h鋟figer ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und f黨r nur OSAM aus - die Online-Abfrage durch OSAM bitte 黚erspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.


Downloade Dir danach bitte MBRCheck (by a_d_13) und speichere die Datei auf dem Desktop.
  • Doppelklick auf die MBRCheck.exe.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Das Tool braucht nur wenige Sekunden.
  • Danach solltest du eine MBRCheck_<Datum>_<Uhrzeit>.txt auf dem Desktop finden.
Poste mir bitte den Inhalt des .txt Dokumentes

Andi1111 15.03.2011 20:46
Hier die 3 files:

GMER Logfile:
Code:
GMER 1.0.15.15530 - hxxp://www.gmer.net
Rootkit scan 2011-03-15 20:22:35
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-18 WDC_WD2500JD-00HBB0 rev.08.02D08
Running: mgc04zxd.exe; Driver: C:\DOKUME~1\Admin\LOKALE~1\Temp\fxtdypoc.sys


---- System - GMER 1.0.15 ----

SSDT            F7B7CCEE                                                            ZwCreateKey
SSDT            F7B7CCE4                                                            ZwCreateThread
SSDT            F7B7CCF3                                                            ZwDeleteKey
SSDT            F7B7CCFD                                                            ZwDeleteValueKey
SSDT            F7B7CD1B                                                            ZwLoadDriver
SSDT            F7B7CD02                                                            ZwLoadKey
SSDT            F7B7CCD0                                                            ZwOpenProcess
SSDT            F7B7CCD5                                                            ZwOpenThread
SSDT            F7B7CD0C                                                            ZwReplaceKey
SSDT            F7B7CD07                                                            ZwRestoreKey
SSDT            F7B7CD20                                                            ZwSetSystemInformation
SSDT            F7B7CCF8                                                            ZwSetValueKey
SSDT            F7B7CCDF                                                            ZwTerminateProcess

---- Kernel code sections - GMER 1.0.15 ----

.text          C:\WINDOWS\system32\DRIVERS\nv4_mini.sys                            section is writeable [0xF6834360, 0x221CFD, 0xE8000020]

---- User code sections - GMER 1.0.15 ----

.text          C:\WINDOWS\system32\SearchIndexer.exe[3052] kernel32.dll!WriteFile  7C810E27 7 Bytes  JMP 00585C0C C:\WINDOWS\system32\MSSRCH.DLL (mssrch.dll/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice  \FileSystem\Fastfat \Fat                                            fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----
--- --- ---

OSAM Logfile:
Code:
Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 20:27:04 on 15.03.2011

OS: Windows XP Home Edition Service Pack 3 (Build 2600)
Default Browser: Microsoft Corporation Internet Explorer 8.00.6001.18702

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Common]
-----( %SystemRoot%\Tasks )-----
"AppleSoftwareUpdate.job" - "Apple Inc." - C:\Programme\Apple Software Update\SoftwareUpdate.exe

[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"infocardcpl.cpl" - "Microsoft Corporation" - C:\WINDOWS\system32\infocardcpl.cpl
"javacpl.cpl" - "Sun Microsystems, Inc." - C:\WINDOWS\system32\javacpl.cpl
"NeroBurnRights.cpl" - "Ahead Software AG" - C:\WINDOWS\system32\NeroBurnRights.cpl
"nvtuicpl.cpl" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvtuicpl.cpl
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"Avira AntiVir Personal - Free Antivirus " - "Avira GmbH" - C:\PROGRA~1\Avira\ANTIVI~1\avconfig.cpl
"Avira AntiVir PersonalEdition Classic" - ? - C:\PROGRA~1\ANTIVI~1\avconfig.cpl  (File not found)
"QuickTime" - "Apple Inc." - C:\Programme\QuickTime\QTSystem\QuickTime.cpl
"Windows Media Connect" - "Microsoft Corporation" - C:\Programme\Windows Media Connect 2\wmccpl.dll

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"AEGIS Protocol (IEEE 802.1x) v3.4.0.1" (AegisP) - "Meetinghouse Data Communications" - C:\WINDOWS\System32\DRIVERS\AegisP.sys
"avgio" (avgio) - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\avgio.sys
"avgntflt" (avgntflt) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\avgntflt.sys
"avipbb" (avipbb) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\avipbb.sys
"catchme" (catchme) - ? - C:\DOKUME~1\Admin\LOKALE~1\Temp\catchme.sys  (File not found)
"Changer" (Changer) - ? - C:\WINDOWS\system32\drivers\Changer.sys  (File not found)
"dvd43llh" (dvd43llh) - "RIF" - C:\WINDOWS\System32\DRIVERS\dvd43llh.sys
"Eumex 504PC USB" (CAPI20) - "DeTeWe Berlin" - C:\WINDOWS\System32\Drivers\CAPI20.SYS
"fxtdypoc" (fxtdypoc) - ? - C:\DOKUME~1\Admin\LOKALE~1\Temp\fxtdypoc.sys  (Hidden registry entry, rootkit activity | File not found)
"i2omgmt" (i2omgmt) - ? - C:\WINDOWS\system32\drivers\i2omgmt.sys  (File not found)
"IEEE-1284.4 Driver HPZid412" (HPZid412) - ? - C:\WINDOWS\System32\DRIVERS\HPZid412.sys  (File not found)
"lbrtfdc" (lbrtfdc) - ? - C:\WINDOWS\system32\drivers\lbrtfdc.sys  (File not found)
"NT-Treiber f黵 Realtek RTL8139(A/B/C)-basierten PCI-Fast Ethernet-Adapter" (rtl8139) - ? - C:\WINDOWS\System32\DRIVERS\RTL8139.SYS  (File not found)
"PCIDump" (PCIDump) - ? - C:\WINDOWS\system32\drivers\PCIDump.sys  (File not found)
"PDCOMP" (PDCOMP) - ? - C:\WINDOWS\system32\drivers\PDCOMP.sys  (File not found)
"PDFRAME" (PDFRAME) - ? - C:\WINDOWS\system32\drivers\PDFRAME.sys  (File not found)
"PDRELI" (PDRELI) - ? - C:\WINDOWS\system32\drivers\PDRELI.sys  (File not found)
"PDRFRAME" (PDRFRAME) - ? - C:\WINDOWS\system32\drivers\PDRFRAME.sys  (File not found)
"PQNTDrv" (PQNTDrv) - "PowerQuest Corporation" - C:\WINDOWS\system32\drivers\PQNTDrv.sys
"Print Class Driver for IEEE-1284.4 HPZipr12" (HPZipr12) - ? - C:\WINDOWS\System32\DRIVERS\HPZipr12.sys  (File not found)
"PxHelp20" (PxHelp20) - "Sonic Solutions" - C:\WINDOWS\System32\Drivers\PxHelp20.sys
"rseb" (rseb) - ? - C:\WINDOWS\system32\drivers\rseb.sys  (File not found)
"SASDIFSV" (SASDIFSV) - "SUPERAdBlocker.com and SUPERAntiSpyware.com" - C:\Programme\SUPERAntiSpyware\SASDIFSV.SYS
"SASKUTIL" (SASKUTIL) - "SUPERAdBlocker.com and SUPERAntiSpyware.com" - C:\Programme\SUPERAntiSpyware\SASKUTIL.SYS
"ssmdrv" (ssmdrv) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\ssmdrv.sys
"Telekom Eumex 504PC SE" (dtwmnic5) - ? - C:\WINDOWS\System32\DRIVERS\dtwmnic5.sys  (File not found)
"Telekom ISDN Port" (DETEWECP) - "DeTeWe Berlin" - C:\WINDOWS\System32\drivers\detewecp.sys
"Telekom ISDN-Adapter (USB)" (ulisa) - ? - C:\WINDOWS\System32\Drivers\ulisa.sys  (File not found)
"truecrypt" (truecrypt) - "TrueCrypt Foundation" - C:\WINDOWS\System32\drivers\truecrypt.sys
"VBoxDrv" (VBoxDrv) - "VMLite, Inc." - C:\WINDOWS\System32\drivers\VBoxDrv.sys
"VBoxNetFlt Service" (VBoxNetFlt) - "VMLite, Inc." - C:\WINDOWS\System32\DRIVERS\VBoxNetFlt.sys
"VMLite Host-Only Ethernet Adapter" (VBoxNetAdp) - "VMLite, Inc." - C:\WINDOWS\System32\DRIVERS\VBoxNetAdp.sys
"VMLite USB" (VMLiteUSB) - "VMLite, Inc." - C:\WINDOWS\System32\Drivers\VMLiteUSB.sys
"vmlitediskmp" (vmlitediskmp) - "VMLite, Inc." - C:\WINDOWS\System32\DRIVERS\vmlitediskmp.sys
"vmlitedrv" (vmlitedrv) - "VMLite, Inc." - C:\WINDOWS\System32\drivers\vmlitedrv.sys
"VMLiteUSBMon" (VMLiteUSBMon) - "VMLite, Inc." - C:\WINDOWS\System32\drivers\vmliteusbmon.sys
"WDICA" (WDICA) - ? - C:\WINDOWS\system32\drivers\WDICA.sys  (File not found)

[Explorer]
-----( HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components )-----
{89B4C1CD-B018-4511-B0A1-5476DBF70820} "StubPath" - "Microsoft Corporation" - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{7D4D6379-F301-4311-BEBA-E26EB0561882} "NeroDigitalColumnHandler Class" - "Nero AG" - C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroDigitalExt.dll
-----( HKLM\Software\Classes\Protocols\Filter )-----
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
-----( HKLM\Software\Classes\Protocols\Handler )-----
{3D9F03FA-7A94-11D3-BE81-0050048385D1} "Data Page Pluggable Protocol mso-offdap Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\WEBCOM~1\10\OWC10.DLL
{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL
{0A9007C0-4076-11D3-8789-0000F8105754} "Microsoft Infotech Storage Protocol for IE 4.0" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\msitss.dll
{91774881-D725-4E58-B298-07617B9B86A8} "Skype IE add-on Pluggable Protocol" - "Skype Technologies S.A." - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )-----
{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} "SABShellExecuteHook Class" - "SuperAdBlocker.com" - C:\Programme\SUPERAntiSpyware\SASSEH.DLL
{56F9679E-7826-4C84-81F3-532071A8BCC5} "Windows Desktop Search Namespace Manager" - "Microsoft Corporation" - C:\Programme\Windows Desktop Search\MSNLNamespaceMgr.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{42071714-76d4-11d1-8b24-00a0c9068ff3} "CPL-Erweiterung f黵 Anzeigeverschiebung" - ? - deskpan.dll  (File not found)
{1CDB2949-8F65-4355-8456-263E7C208A5D} "Desktop Explorer" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvshell.dll
{1E9B04FB-F9E5-4718-997B-B8DA88302A47} "Desktop Explorer Menu" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvshell.dll
{28465D9A-DE2F-4627-B520-29968CC3C372} "FaJo XP File Security Extension" - "FaJo" - C:\Programme\FaJo\XP File Security Extension\FJXPFileSecExt.dll
{1D2680C9-0E2A-469d-B787-065558BC7D43} "Fusion Cache" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} "iTunes" - "Apple Inc." - C:\Programme\iTunes\iTunesMiniPlayer.dll
{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} "Kontextmen f黵 die Verschl黶selung" - ? -  (File not found | COM-object registry key not found)
{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Programme\Microsoft Office\Office10\msohev.dll
{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\OFFICE12\msoshext.dll
{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\OFFICE12\msoshext.dll
{49BF5420-FA7F-11cf-8011-00A0C90A8F78} "Mobiles Ger鋞" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~4\Wcesview.dll
{B327765E-D724-4347-8B16-78AE18552FC3} "NeroDigitalIconHandler Class" - "Nero AG" - C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroDigitalExt.dll
{7F1CF152-04F8-453A-B34C-E609530A9DC8} "NeroDigitalPropSheetHandler Class" - "Nero AG" - C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroDigitalExt.dll
{1E9B04FB-F9E5-4718-997B-B8DA88302A48} "nView Desktop Context Menu" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvshell.dll
{0006F045-0000-0000-C000-000000000046} "Outlook-Dateisymbolerweiterung" - "Microsoft Corporation" - C:\Programme\Microsoft Office\Office10\OLKFSTUB.DLL
{35786D3C-B075-49b9-88DD-029876E11C01} "Portable Devices" - "Microsoft Corporation" - C:\WINDOWS\system32\wpdshext.dll
{D6791A63-E7E2-4fee-BF52-5DED8E86E9B8} "Portable Devices Menu" - "Microsoft Corporation" - C:\WINDOWS\system32\wpdshext.dll
{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} "RealOne Player Context Menu Class" - "RealNetworks, Inc." - C:\Programme\Real\RealPlayer\rpshell.dll
{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\shlext.dll
{E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} "Shell Icon Handler for Application References" - "Microsoft Corporation" - C:\WINDOWS\system32\dfshim.dll
{764BF0E1-F219-11ce-972D-00AA00A14F56} "Shellerweiterungen f黵 die Dateikomprimierung" - ? -  (File not found | COM-object registry key not found)
{e82a2d71-5b2f-43a0-97b8-81be15854de8} "ShellLink for Application References" - "Microsoft Corporation" - C:\WINDOWS\system32\dfshim.dll
{AD392E40-428C-459F-961E-9B147782D099} "UIContextMenu Class" - "EZB Systems, Inc." - C:\Programme\UltraISO\isoshell.dll
{BDEADF00-C265-11D0-BCED-00A0C90AB50F} "Webordner" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
{8FF88D27-7BD0-11D1-BFB7-00AA00262A11} "WinAceContext Menu (Add) Extension" - "e-merge GmbH" - C:\Programme\WinAce\arcext.dll
{8FF88D21-7BD0-11D1-BFB7-00AA00262A11} "WinAceContext Menu Extension" - "e-merge GmbH" - C:\Programme\WinAce\arcext.dll
{8FF88D25-7BD0-11D1-BFB7-00AA00262A11} "WinAceDrag-Drop Extension" - "e-merge GmbH" - C:\Programme\WinAce\arcext.dll
{8FF88D23-7BD0-11D1-BFB7-00AA00262A11} "WinAceProperty Sheet Extension" - "e-merge GmbH" - C:\Programme\WinAce\arcext.dll
{13E7F612-F261-4391-BEA2-39DF4F3FA311} "Windows Desktop Search" - "Microsoft Corporation" - C:\Programme\Windows Desktop Search\msnlExt.dll
{da67b8ad-e81b-4c70-9b91b417b5e33527} "Windows Search Shell Service" - ? -  (File not found | COM-object registry key not found)
{45670FA8-ED97-4F44-BC93-305082590BFB} "Windows XPS Document Metadata Handler" - "Microsoft Corporation" - C:\WINDOWS\System32\XPSSHHDR.DLL
{44121072-A222-48f2-A58A-6D9AD51EBBE9} "Windows XPS Document Thumbnail Handler" - "Microsoft Corporation" - C:\WINDOWS\System32\XPSSHHDR.DLL
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad )-----
{AAA288BA-9A4C-45B0-95D7-94D524869DB5} "WPDShServiceObj Class" - "Microsoft Corporation" - C:\WINDOWS\system32\WPDShServiceObj.dll

[Internet Explorer]
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
ITBar7Height "ITBar7Height" - ? -  (File not found | COM-object registry key not found)
<binary data> "ITBar7Layout" - ? -  (File not found | COM-object registry key not found)
<binary data> "ITBarLayout" - ? -  (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_24" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_24.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} "Java Plug-in 1.6.0_24" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_24.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_24" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_24.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
{166B1BCA-3F9C-11CF-8075-444553540000} "Shockwave ActiveX Control" - "Macromedia, Inc." - C:\WINDOWS\system32\macromed\Director\SwDir.dll / hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab
{49232000-16E4-426C-A231-62846947304B} "SysData Class" - "Hewlett-Packard" - C:\WINDOWS\DOWNLO~1\SysInfo.dll / https://wimpro3.cce.hp.com/ChatEntry/downloads/sysinfo.cab
{17492023-C23A-453E-A040-C7C580BBF700} "Windows Genuine Advantage Validation Tool" - "Microsoft Corporation" - C:\WINDOWS\system32\LegitCheckControl.DLL / hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
{2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} "ClsidExtension" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~4\INetRepl.dll
{2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} "Create Mobile Favorite" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~4\INetRepl.dll
{898EA8C8-E7FF-479B-8935-AEC46303B9E5} "Skype add-on for Internet Explorer" - "Skype Technologies S.A." - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jp2ssv.dll
{E7E6F031-17CE-4C07-BC86-EABFE594F69C} "JQSIEStartDetectorImpl Class" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} "Skype add-on for Internet Explorer" - "Skype Technologies S.A." - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

[Logon]
-----( %AllUsersProfile%\Startmen黒Programme\Autostart )-----
"desktop.ini" - ? - C:\Dokumente und Einstellungen\All Users\Startmen黒Programme\Autostart\desktop.ini
"HP Digital Imaging Monitor.lnk" - "Hewlett-Packard Co." - C:\Programme\HP\Digital Imaging\bin\hpqtra08.exe  (Shortcut exists | File exists)
"Microsoft Office.lnk" - "Microsoft Corporation" - C:\Programme\Microsoft Office\Office10\OSA.EXE  (Shortcut exists | File exists)
"tclock.lnk" - "Kazubon" - C:\Programme\tclocklight-040702-3\tclock.exe  (Shortcut exists | File exists)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"avgnt" - "Avira GmbH" - "C:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min
"CHotkey" - ? - mHotkey.exe
"dvd43" - ? - C:\Programme\dvd43\dvd43_tray.exe
"HP Software Update" - "Hewlett-Packard" - C:\Programme\HP\HP Software Update\HPWuSchd2.exe
"InstantOn" - ? - "C:\Programme\CyberLink\PowerCinema Linux\ion_install.exe /c "  (File not found)
"iTunesHelper" - "Apple Inc." - "C:\Programme\iTunes\iTunesHelper.exe"
"ledpointer" - "Chicony" - CNYHKey.exe
"MedionVFD" - "Dritek System Inc." - "C:\Programme\Medion Info Display\MdionLCM.exe"
"NeroFilterCheck" - "Ahead Software Gmbh" - C:\WINDOWS\system32\NeroCheck.exe
"nwiz" - "NVIDIA Corporation" - nwiz.exe /install
"PCMService" - "CyberLink Corp." - "C:\Programme\Home Cinema\PowerCinema\PCMService.exe"
"QuickTime Task" - "Apple Inc." - "C:\Programme\QuickTime\qttask.exe" -atboottime
"SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe"

[Print Monitors]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----
"PDFCreator" - ? - C:\WINDOWS\system32\pdfcmnnt.dll  (File found, but it contains no detailed information)

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
".NET Runtime Optimization Service v2.0.50727_X86" (clr_optimization_v2.0.50727_32) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
"Anwendungsverwaltung" (AppMgmt) - ? - C:\WINDOWS\System32\appmgmts.dll  (File not found)
"Apple Mobile Device" (Apple Mobile Device) - "Apple Inc." - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe
"ASP.NET-Zustandsdienst" (aspnet_state) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
"Avira AntiVir Guard" (AntiVirService) - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\avguard.exe
"Avira AntiVir Planer" (AntiVirSchedulerService) - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\sched.exe
"CyberLink Background Capture Service (CBCS)" (CLCapSvc) - ? - C:\Programme\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe
"CyberLink Media Library Service" (CyberLink Media Library Service) - "Cyberlink" - C:\Programme\Home Cinema\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
"Cyberlink RichVideo Service(CRVS)" (RichVideo) - ? - C:\Programme\Cyberlink\Shared files\RichVideo.exe
"CyberLink Task Scheduler (CTS)" (CLSched) - ? - C:\Programme\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe
"Dienst "Bonjour"" (Bonjour Service) - "Apple Inc." - C:\Programme\Bonjour\mDNSResponder.exe
"HP CUE DeviceDiscovery Service" (hpqddsvc) - "Hewlett-Packard Co." - C:\Programme\HP\Digital Imaging\bin\hpqddsvc.dll
"HP Network Devices Support" (HPSLPSVC) - "Hewlett-Packard Co." - C:\Programme\HP\Digital Imaging\bin\HPSLPSVC32.DLL
"hpqcxs08" (hpqcxs08) - "Hewlett-Packard Co." - C:\Programme\HP\Digital Imaging\bin\hpqcxs08.dll
"InstallDriver Table Manager" (IDriverT) - "Macrovision Corporation" - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
"iPod-Dienst" (iPod Service) - "Apple Inc." - C:\Programme\iPod\bin\iPodService.exe
"Java Quick Starter" (JavaQuickStarterService) - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jqs.exe
"LightScribeService Direct Disc Labeling Service" (LightScribeService) - "Hewlett-Packard Company" - C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe
"Net Driver HPZ12" (Net Driver HPZ12) - "Hewlett-Packard" - C:\WINDOWS\system32\HPZinw12.dll
"Pml Driver HPZ12" (Pml Driver HPZ12) - "Hewlett-Packard" - C:\WINDOWS\system32\HPZipm12.dll
"VMLiteService" (VMLiteService) - "VMLite, Inc." - C:\Programme\VMLite\VMLite Workstation\VMLiteService.exe
"Windows CardSpace" (idsvc) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
"Windows Media Connect-Dienst" (WMConnectCDS) - "Microsoft Corporation" - C:\Programme\Windows Media Connect 2\wmccds.exe
"Windows Presentation Foundation Font Cache 3.0.0.0" (FontCache3.0.0.0) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
"X10 Device Network Service" (x10nets) - "X10" - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

[Winlogon]
-----( HKCU\Control Panel\IOProcs )-----
"MVB" - ? - mvfs32.dll  (File not found)
-----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions )-----
{c6dc5466-785a-11d2-84d0-00c04fb169f7} "Softwareinstallation" - ? - appmgmts.dll  (File not found)
-----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify )-----
"!SASWinLogon" - "SUPERAntiSpyware.com" - C:\Programme\SUPERAntiSpyware\SASWINLO.DLL
"WgaLogon" - "Microsoft Corporation" - C:\WINDOWS\system32\WgaLogon.dll

[Winsock Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )-----
"mdnsNSP" - "Apple Inc." - C:\Programme\Bonjour\mdnsNSP.dll

===[ Logfile end ]=========================================[ Logfile end ]===
--- --- ---

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru


Code:
MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:                       
Windows Version:                Windows XP Home Edition
Windows Information:                Service Pack 3 (build 2600)
Logical Drives Mask:                0x01c001fc

Kernel Drivers (total 137):
  0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
  0x806E6000 \WINDOWS\system32\hal.dll
  0xF79D0000 \WINDOWS\system32\KDCOM.DLL
  0xF78E0000 \WINDOWS\system32\BOOTVID.dll
  0xF73A0000 ACPI.sys
  0xF79D2000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
  0xF738F000 pci.sys
  0xF74D0000 isapnp.sys
  0xF74E0000 ohci1394.sys
  0xF74F0000 \WINDOWS\system32\DRIVERS\1394BUS.SYS
  0xF7A98000 pciide.sys
  0xF7750000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
  0xF7500000 MountMgr.sys
  0xF7370000 ftdisk.sys
  0xF7758000 PartMgr.sys
  0xF7510000 VolSnap.sys
  0xF7358000 atapi.sys
  0xF7520000 disk.sys
  0xF7530000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
  0xF7338000 fltmgr.sys
  0xF7326000 sr.sys
  0xF7540000 PxHelp20.sys
  0xF730F000 KSecDD.sys
  0xF7282000 Ntfs.sys
  0xF7255000 NDIS.sys
  0xF723B000 Mup.sys
  0xF7630000 \SystemRoot\system32\DRIVERS\intelppm.sys
  0xF6834000 \SystemRoot\system32\DRIVERS\nv4_mini.sys
  0xF6820000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
  0xF67F8000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
  0xF7850000 \SystemRoot\system32\DRIVERS\usbuhci.sys
  0xF67D4000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
  0xF7858000 \SystemRoot\system32\DRIVERS\usbehci.sys
  0xF66FC000 \SystemRoot\system32\DRIVERS\3xHybrid.sys
  0xF66D9000 \SystemRoot\system32\DRIVERS\ks.sys
  0xF71F7000 \SystemRoot\system32\DRIVERS\BdaSup.SYS
  0xF66BC000 \SystemRoot\system32\DRIVERS\Rtnicxp.sys
  0xF65B0000 \SystemRoot\system32\DRIVERS\AGRSM.sys
  0xF7860000 \SystemRoot\System32\Drivers\Modem.SYS
  0xF7868000 \SystemRoot\system32\DRIVERS\fdc.sys
  0xF7640000 \SystemRoot\system32\DRIVERS\serial.sys
  0xF7964000 \SystemRoot\system32\DRIVERS\serenum.sys
  0xF659C000 \SystemRoot\system32\DRIVERS\parport.sys
  0xF7650000 \SystemRoot\system32\DRIVERS\imapi.sys
  0xF7870000 \SystemRoot\System32\DRIVERS\dvd43llh.sys
  0xF7660000 \SystemRoot\system32\DRIVERS\cdrom.sys
  0xF7670000 \SystemRoot\system32\DRIVERS\redbook.sys
  0xF7878000 \SystemRoot\System32\Drivers\GEARAspiWDM.sys
  0xF7B70000 \SystemRoot\system32\DRIVERS\audstub.sys
  0xF7680000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
  0xF7970000 \SystemRoot\system32\DRIVERS\ndistapi.sys
  0xF655D000 \SystemRoot\system32\DRIVERS\ndiswan.sys
  0xF7690000 \SystemRoot\system32\DRIVERS\raspppoe.sys
  0xF76A0000 \SystemRoot\system32\DRIVERS\raspptp.sys
  0xF7880000 \SystemRoot\system32\DRIVERS\TDI.SYS
  0xF654C000 \SystemRoot\system32\DRIVERS\psched.sys
  0xF76B0000 \SystemRoot\system32\DRIVERS\msgpc.sys
  0xF7888000 \SystemRoot\system32\DRIVERS\ptilink.sys
  0xF7890000 \SystemRoot\system32\DRIVERS\raspti.sys
  0xF6535000 \SystemRoot\system32\DRIVERS\VBoxNetAdp.sys
  0xF76C0000 \SystemRoot\system32\DRIVERS\termdd.sys
  0xF7898000 \SystemRoot\system32\DRIVERS\kbdclass.sys
  0xF78A0000 \SystemRoot\system32\DRIVERS\mouclass.sys
  0xF6514000 \SystemRoot\system32\DRIVERS\vmlitediskmp.sys
  0xF64FC000 \SystemRoot\system32\DRIVERS\SCSIPORT.SYS
  0xF64E2000 \SystemRoot\system32\DRIVERS\VBoxNetFlt.sys
  0xF7A22000 \SystemRoot\system32\DRIVERS\swenum.sys
  0xF6484000 \SystemRoot\system32\DRIVERS\update.sys
  0xF7984000 \SystemRoot\system32\DRIVERS\mssmbios.sys
  0xF76D0000 \SystemRoot\System32\Drivers\NDProxy.SYS
  0xF3B8A000 \SystemRoot\system32\drivers\RtkHDAud.sys
  0xF3B66000 \SystemRoot\system32\drivers\portcls.sys
  0xF76E0000 \SystemRoot\system32\drivers\drmk.sys
  0xF76F0000 \SystemRoot\system32\DRIVERS\usbhub.sys
  0xF7A34000 \SystemRoot\system32\DRIVERS\USBD.SYS
  0xF7A3A000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
  0xF7B68000 \SystemRoot\System32\Drivers\Null.SYS
  0xF7A3C000 \SystemRoot\System32\Drivers\Beep.SYS
  0xF7768000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
  0xF7790000 \SystemRoot\System32\drivers\vga.sys
  0xF7A3E000 \SystemRoot\System32\Drivers\mnmdd.SYS
  0xF7A40000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
  0xF7798000 \SystemRoot\System32\Drivers\Msfs.SYS
  0xF77A0000 \SystemRoot\System32\Drivers\Npfs.SYS
  0xF6470000 \SystemRoot\system32\DRIVERS\rasacd.sys
  0xF3AE3000 \SystemRoot\system32\DRIVERS\ipsec.sys
  0xF3A8A000 \SystemRoot\system32\DRIVERS\tcpip.sys
  0xF3A62000 \SystemRoot\system32\DRIVERS\netbt.sys
  0xF3A3C000 \SystemRoot\system32\DRIVERS\ipnat.sys
  0xF6464000 \SystemRoot\System32\drivers\ws2ifsl.sys
  0xF3A1A000 \SystemRoot\System32\drivers\afd.sys
  0xF7720000 \SystemRoot\system32\DRIVERS\netbios.sys
  0xF39FA000 \SystemRoot\system32\drivers\vmliteusbmon.sys
  0xF7730000 \SystemRoot\system32\DRIVERS\wanarp.sys
  0xF77A8000 \SystemRoot\system32\drivers\vmlitedrv.sys
  0xF39D8000 \SystemRoot\system32\drivers\VBoxDrv.sys
  0xF39A3000 \SystemRoot\System32\drivers\truecrypt.sys
  0xF3981000 \??\C:\Programme\SUPERAntiSpyware\SASKUTIL.SYS
  0xF77B0000 \??\C:\Programme\SUPERAntiSpyware\SASDIFSV.SYS
  0xF3956000 \SystemRoot\system32\DRIVERS\rdbss.sys
  0xF7B72000 \SystemRoot\System32\Drivers\PQNTDrv.SYS
  0xF38E6000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
  0xF7740000 \SystemRoot\System32\Drivers\Fips.SYS
  0xF77B8000 \SystemRoot\system32\DRIVERS\usbccgp.sys
  0xF38D4000 \SystemRoot\system32\DRIVERS\cmiucr.SYS
  0xF38AE000 \SystemRoot\system32\DRIVERS\avipbb.sys
  0xF7A48000 \??\C:\Programme\Avira\AntiVir Desktop\avgio.sys
  0xF79AC000 \SystemRoot\system32\DRIVERS\hidusb.sys
  0xF6C33000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
  0xF388A000 \SystemRoot\System32\Drivers\Fastfat.SYS
  0xF384F000 \SystemRoot\system32\DRIVERS\rt2500usb.sys
  0xF77C8000 \SystemRoot\System32\Drivers\x10ufx2.sys
  0xF3B46000 \SystemRoot\system32\DRIVERS\kbdhid.sys
  0xF3B42000 \SystemRoot\system32\DRIVERS\mouhid.sys
  0xF380F000 \SystemRoot\System32\Drivers\dump_atapi.sys
  0xF7A82000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
  0xBF800000 \SystemRoot\System32\win32k.sys
  0xF658C000 \SystemRoot\System32\drivers\Dxapi.sys
  0xF77E8000 \SystemRoot\System32\watchdog.sys
  0xBF000000 \SystemRoot\System32\drivers\dxg.sys
  0xF7BA5000 \SystemRoot\System32\drivers\dxgthk.sys
  0xBF012000 \SystemRoot\System32\nv4_disp.dll
  0xBF3E0000 \SystemRoot\System32\ATMFD.DLL
  0xBA573000 \SystemRoot\system32\DRIVERS\avgntflt.sys
  0xF7810000 \SystemRoot\system32\DRIVERS\AegisP.sys
  0xBA58C000 \SystemRoot\system32\DRIVERS\ndisuio.sys
  0xB9A4E000 \SystemRoot\system32\DRIVERS\mrxdav.sys
  0xB9199000 \SystemRoot\system32\drivers\wdmaud.sys
  0xF6C13000 \SystemRoot\system32\drivers\sysaudio.sys
  0xB9ACB000 \SystemRoot\System32\Drivers\Cdfs.SYS
  0xB9A9B000 \SystemRoot\System32\drivers\detewecp.sys
  0xB807E000 \SystemRoot\System32\Drivers\CAPI20.SYS
  0xB7F36000 \SystemRoot\system32\DRIVERS\srv.sys
  0xB7445000 \SystemRoot\System32\Drivers\HTTP.sys
  0xADAA2000 \??\C:\DOKUME~1\Admin\LOKALE~1\Temp\fxtdypoc.sys
  0xB38A3000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
  0x7C910000 \WINDOWS\system32\ntdll.dll

Processes (total 53):
      0 System Idle Process
      4 System
    896 C:\WINDOWS\system32\smss.exe
    1276 csrss.exe
    1300 C:\WINDOWS\system32\winlogon.exe
    1344 C:\WINDOWS\system32\services.exe
    1356 C:\WINDOWS\system32\lsass.exe
    1552 C:\WINDOWS\system32\svchost.exe
    1600 svchost.exe
    1900 C:\WINDOWS\system32\svchost.exe
    248 svchost.exe
    468 svchost.exe
    948 C:\WINDOWS\system32\spoolsv.exe
    1032 C:\Programme\Avira\AntiVir Desktop\sched.exe
    1064 C:\Programme\Avira\AntiVir Desktop\avguard.exe
    1208 svchost.exe
    1692 C:\Programme\Avira\AntiVir Desktop\avshadow.exe
    656 C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    1648 C:\Programme\Bonjour\mDNSResponder.exe
    1772 C:\Programme\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe
    1016 C:\Programme\Home Cinema\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
    1280 C:\WINDOWS\system32\svchost.exe
    1156 C:\Programme\Java\jre6\bin\jqs.exe
    1984 C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe
    2496 C:\WINDOWS\system32\nvsvc32.exe
    2540 C:\Programme\Cyberlink\Shared files\RichVideo.exe
    2764 C:\WINDOWS\system32\svchost.exe
    2832 C:\Programme\VMLite\VMLite Workstation\VMLiteService.exe
    3052 C:\WINDOWS\system32\searchindexer.exe
    3132 C:\PROGRA~1\COMMON~1\X10\Common\X10nets.exe
    3192 C:\Programme\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe
    2600 C:\Programme\iPod\bin\iPodService.exe
    2720 C:\WINDOWS\system32\wbem\wmiapsrv.exe
    560 alg.exe
    816 C:\WINDOWS\system32\svchost.exe
    3004 C:\WINDOWS\system32\svchost.exe
    2108 C:\WINDOWS\system32\svchost.exe
    2144 C:\WINDOWS\explorer.exe
    3560 C:\WINDOWS\mHotkey.exe
    4092 C:\WINDOWS\CNYHKey.exe
    3880 C:\Programme\Medion Info Display\MdionLCM.exe
    2820 C:\Programme\Home Cinema\PowerCinema\PCMService.exe
    3320 C:\Programme\Avira\AntiVir Desktop\avgnt.exe
    420 C:\Programme\iTunes\iTunesHelper.exe
    448 C:\WINDOWS\RTHDCPL.EXE
    568 C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe
    3352 C:\Programme\HP\HP Software Update\hpwuSchd2.exe
    3412 C:\Programme\tclocklight-040702-3\tclock.exe
    3840 C:\Programme\HP\Digital Imaging\bin\hpqste08.exe
    540 C:\Programme\HP\Digital Imaging\bin\hpqbam08.exe
    312 C:\Programme\HP\Digital Imaging\bin\hpqgpc01.exe
    2784 C:\WINDOWS\system32\wscntfy.exe
    392 C:\Dokumente und Einstellungen\Admin\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00  (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000038`82bd0600  (FAT32)
\\.\E: --> \\.\PhysicalDrive1 at offset 0x00000000`007e0000  (NTFS)
\\.\F: --> \\.\PhysicalDrive2 at offset 0x00000000`00007e00  (NTFS)

PhysicalDrive0 Model Number: WDCWD2500JD-00HBB0, Rev: 08.02D08
PhysicalDrive1 Model Number: WDCWD2500JD-00HBB0, Rev: 08.02D08
PhysicalDrive2 Model Number: SAMSUNGHD103UJ, Rev: 1AA01113

      Size  Device Name          MBR Status
  --------------------------------------------
    232 GB  \\.\PhysicalDrive0  Windows XP MBR code detected
            SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A
    232 GB  \\.\PhysicalDrive1  Windows XP MBR code detected
            SHA1: ADFE55CD0C6ED2E00B22375835E4C2736CE9AD11
    931 GB  \\.\PhysicalDrive2  Windows XP MBR code detected
            SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A


Done!
Gr黶se,
Andi

cosinus 15.03.2011 21:25
Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SASW und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!

Andi1111 16.03.2011 14:24
Hier die beiden Logs:

Code:
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Datenbank Version: 6067

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

16.03.2011 07:26:49
mbam-log-2011-03-16 (07-26-40).txt

Art des Suchlaufs: Vollst鋘diger Suchlauf (C:\|D:\|E:\|F:\|)
Durchsuchte Objekte: 602199
Laufzeit: 3 Stunde(n), 0 Minute(n), 29 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschl黶sel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 1

Infizierte Speicherprozesse:
(Keine b鰏artigen Objekte gefunden)

Infizierte Speichermodule:
(Keine b鰏artigen Objekte gefunden)

Infizierte Registrierungsschl黶sel:
(Keine b鰏artigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine b鰏artigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine b鰏artigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine b鰏artigen Objekte gefunden)

Infizierte Dateien:
c:\dokumente und einstellungen\***\lokale einstellungen\anwendungsdaten\vmlite workstation\VM2 XP\cpp\keyfinder-changer v1.41.exe (RiskWare.Tool.CK) -> No action taken.
Code:
SUPERAntiSpyware Scann-Protokoll
hxxp://www.superantispyware.com

Generiert 03/16/2011 bei 02:00 PM

Version der Applikation : 4.49.1000

Version der Kern-Datenbank : 6605
Version der Spur-Datenbank : 4417

Scan Art      : kompletter Scann
Totale Scann-Zeit : 06:29:05

Gescannte Speicherelemente  : 647
Erfasste Speicher-Bedrohungen  : 0
Gescannte Register-Elemente  : 7961
Erfasste Register-Bedrohungen  : 0
Gescannte Datei-Elemente    : 461531
Erfasste Datei-Elemente  : 0
Gr黶se,
Andi


Alle Zeitangaben in WEZ +1. Es ist jetzt 20:12 Uhr.
Seite 1 von 2 1 2
100 Beitr鋑e dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131