Trojaner-Board
Seite 2 von 3 1 2 3
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Probleme nach Trojaner und Systemwiederherstellung (https://www.trojaner-board.de/96800-probleme-trojaner-systemwiederherstellung.html)

cosinus 24.03.2011 23:19
Nimm zum Entpacken von OSAM bitte WinRAR oder 7ZIP => http://filepony.de/download-7-zip/

Jana90 24.03.2011 23:28
okay danke, hat geklappt :) hoffe, dass ist das richtige

MBRCheck:

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows Vista Home Premium Edition
Windows Information: Service Pack 1 (build 6001), 32-bit
Base Board Manufacturer: FUJITSU SIEMENS
BIOS Manufacturer: Phoenix Technologies LTD
System Manufacturer: FUJITSU SIEMENS
System Product Name: AMILO Notebook Pa 3553
Logical Drives Mask: 0x0000001c

Kernel Drivers (total 138):
0x82047000 \SystemRoot\system32\ntkrnlpa.exe
0x82014000 \SystemRoot\system32\hal.dll
0x8040B000 \SystemRoot\system32\kdcom.dll
0x80413000 \SystemRoot\system32\PSHED.dll
0x80424000 \SystemRoot\system32\BOOTVID.dll
0x8042C000 \SystemRoot\system32\CLFS.SYS
0x8046D000 \SystemRoot\system32\CI.dll
0x8054D000 \SystemRoot\system32\drivers\Wdf01000.sys
0x805C9000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x80609000 \SystemRoot\system32\drivers\acpi.sys
0x8064F000 \SystemRoot\system32\drivers\WMILIB.SYS
0x80658000 \SystemRoot\system32\drivers\msisadrv.sys
0x80660000 \SystemRoot\system32\drivers\pci.sys
0x80687000 \SystemRoot\System32\drivers\partmgr.sys
0x80696000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x80699000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x806A3000 \SystemRoot\system32\drivers\volmgr.sys
0x806B2000 \SystemRoot\System32\drivers\volmgrx.sys
0x806FC000 \SystemRoot\System32\drivers\mountmgr.sys
0x8070C000 \SystemRoot\system32\drivers\fltmgr.sys
0x8073E000 \SystemRoot\system32\drivers\fileinfo.sys
0x8074E000 \SystemRoot\System32\Drivers\PxHelp20.sys
0x80757000 \SystemRoot\System32\Drivers\ksecdd.sys
0x82609000 \SystemRoot\system32\drivers\ndis.sys
0x82714000 \SystemRoot\system32\drivers\msrpc.sys
0x8273F000 \SystemRoot\system32\drivers\NETIO.SYS
0x88409000 \SystemRoot\System32\drivers\tcpip.sys
0x884F2000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x88603000 \SystemRoot\System32\Drivers\Ntfs.sys
0x88712000 \SystemRoot\system32\drivers\volsnap.sys
0x8874B000 \SystemRoot\System32\Drivers\spldr.sys
0x88753000 \SystemRoot\System32\Drivers\mup.sys
0x88762000 \SystemRoot\System32\drivers\ecache.sys
0x88789000 \SystemRoot\system32\drivers\disk.sys
0x8879A000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x887BB000 \SystemRoot\system32\DRIVERS\AtiPcie.sys
0x887C3000 \SystemRoot\system32\drivers\crcdisk.sys
0x8850D000 \SystemRoot\system32\drivers\ahcix86s.sys
0x8854D000 \SystemRoot\system32\drivers\storport.sys
0x887E3000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x887EE000 \SystemRoot\system32\DRIVERS\tunmp.sys
0x885CE000 \SystemRoot\system32\DRIVERS\processr.sys
0x887F7000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0x8C40B000 \SystemRoot\system32\DRIVERS\atikmdag.sys
0x8C91E000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x8C9BD000 \SystemRoot\System32\drivers\watchdog.sys
0x8C9CA000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x8CA01000 \SystemRoot\system32\DRIVERS\athr.sys
0x8CAE3000 \SystemRoot\system32\DRIVERS\Rtlh86.sys
0x8CB04000 \SystemRoot\system32\DRIVERS\ohci1394.sys
0x8CB14000 \SystemRoot\system32\DRIVERS\1394BUS.SYS
0x8CB22000 \SystemRoot\system32\DRIVERS\jmcr.sys
0x8CB37000 \SystemRoot\system32\DRIVERS\SCSIPORT.SYS
0x8CB5D000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x8CB75000 \SystemRoot\system32\DRIVERS\usbohci.sys
0x8CB7F000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x8CBBD000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x8CBCC000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x8CBD0000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x8CBE3000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x82779000 \SystemRoot\system32\DRIVERS\SynTP.sys
0x8CBEE000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x8CBF0000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x827A6000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0x8C9DC000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x8C9E7000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x8C400000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x885DD000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x827D4000 \SystemRoot\system32\DRIVERS\raspppoe.sys




OSAM:


OSAM Logfile:
Code:
Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 23:25:12 on 24.03.2011

OS: Windows Vista Home Premium Edition Service Pack 1 (Build 6001), 32-bit
Default Browser: Mozilla Corporation Firefox 4.0

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[AppInit DLLs]
-----( HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows )-----
"AppInit_DLLs" - "Google" - C:\PROGRA~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll

[Common]
-----( %SystemRoot%\Tasks )-----
"GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe

[Control Panel Objects]
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"Nero BurnRights" - "Nero AG" - C:\Program Files\Nero\Nero8\Nero Toolkit\NeroBurnRights.cpl
"Pando" - "Pando Networks" - C:\Program Files\Pando Networks\Media Booster\PMB.cpl

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"catchme" (catchme) - ? - C:\Users\Ani\AppData\Local\Temp\catchme.sys  (File not found)
"EagleNT" (EagleNT) - ? - C:\Windows\system32\drivers\EagleNT.sys  (File not found)
"Hotkey" (Hotkey) - ? - C:\Windows\system32\drivers\Hotkey.sys  (File found, but it contains no detailed information)
"IP in IP Tunnel Driver" (IpInIp) - ? - C:\Windows\System32\DRIVERS\ipinip.sys  (File not found)
"IPX Traffic Filter Driver" (NwlnkFlt) - ? - C:\Windows\System32\DRIVERS\nwlnkflt.sys  (File not found)
"IPX Traffic Forwarder Driver" (NwlnkFwd) - ? - C:\Windows\System32\DRIVERS\nwlnkfwd.sys  (File not found)
"PxHelp20" (PxHelp20) - "Sonic Solutions" - C:\Windows\System32\Drivers\PxHelp20.sys
"XDva375" (XDva375) - ? - C:\Windows\system32\XDva375.sys  (File not found)

[Explorer]
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
-----( HKLM\Software\Classes\Protocols\Filter )-----
{807563E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
-----( HKLM\Software\Classes\Protocols\Handler )-----
{314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
{828030A1-22C1-4009-854F-8E305202313F} "livecall" - "Microsoft Corporation" - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
{0A9007C0-4076-11D3-8789-0000F8105754} "Microsoft Infotech Storage Protocol for IE 4.0" - "Microsoft Corporation" - c:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll
{828030A1-22C1-4009-854F-8E305202313F} "msnim" - "Microsoft Corporation" - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )-----
{AEB6717E-7E19-11d0-97EE-00C04FD91972} "{AEB6717E-7E19-11d0-97EE-00C04FD91972}" - ? -  (File not found | COM-object registry key not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{911051fa-c21c-4246-b470-070cd8df6dc4} ".cab or .zip files" - ? -  (File not found | COM-object registry key not found)
{23170F69-40C1-278A-1000-000100020000} "7-Zip Shell Extension" - "Igor Pavlov" - C:\Program Files\7-Zip\7-zip.dll
{1b24a030-9b20-49bc-97ac-1be4426f9e59} "ActiveDirectory Folder" - ? -  (File not found | COM-object registry key not found)
{34449847-FD14-4fc8-A75A-7432F5181EFB} "ActiveDirectory Folder" - ? -  (File not found | COM-object registry key not found)
{0F8604A5-4ECE-4DE1-BA7D-CF10F8AA4F48} "Contacts folder" - ? -  (File not found | COM-object registry key not found)
{2C2577C2-63A7-40e3-9B7F-586602617ECB} "Explorer Query Band" - ? -  (File not found | COM-object registry key not found)
{00020d75-0000-0000-c000-000000000046} "lnkfile" - ? -  (File not found | COM-object registry key not found)
{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\msohevi.dll
{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C} "Microsoft Office OneNote Namespace Extension for Windows Desktop Search" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\ONFILTER.DLL
{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{97F68CE3-7146-45FF-BE24-D9A7DD7CB8A2} "NeroCoverEdLiveIcons Class" - "Nero AG" - C:\Program Files\Nero\Nero8\Nero CoverDesigner\CoverEdExtension.dll
{C8494E42-ACDD-4739-B0FB-217361E4894F} "Sam Account Folder" - ? -  (File not found | COM-object registry key not found)
{E29F9716-5C08-4FCD-955A-119FDB5A522D} "Sam Account Folder" - ? -  (File not found | COM-object registry key not found)
{5E2121EE-0300-11D4-8D3B-444553540000} "SimpleShlExt Class" - ? - c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\atiacmxx.dll
{da67b8ad-e81b-4c70-9b91b417b5e33527} "Windows Search Shell Service" - ? -  (File not found | COM-object registry key not found)

[Internet Explorer]
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
<binary data> "Google Toolbar" - "Google Inc." - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
<binary data> "ITBar7Layout" - ? -  (File not found | COM-object registry key not found)
-----( HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks )-----
{855F3B16-6D32-4fe6-8A56-BBB695989046} "ICQToolBar" - "ICQ" - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
 "{855F3B16-6D32-4fe6-8A56-BBB695989046}" - ? -  (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_11" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} "Java Plug-in 1.6.0_11" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_11" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_11.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
{D27CDB6E-AE6D-11CF-96B8-444553540000} "Shockwave Flash Object" - "Adobe Systems, Inc." - C:\Windows\system32\Macromed\Flash\Flash10c.ocx / hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
{17492023-C23A-453E-A040-C7C580BBF700} "Windows Genuine Advantage Validation Tool" - "Microsoft Corporation" - C:\Windows\system32\LegitCheckControl.DLL / hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab
{8FFBE65D-2C9C-4669-84BD-5829DC0B603C} "{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}" - ? -  (File not found | COM-object registry key not found) / hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
{48E73304-E1D6-4330-914C-F5F514E3486C} "An OneNote senden" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
"ICQ7.4" - "ICQ, LLC." - C:\Program Files\ICQ7.4\ICQ.exe
"PartyPoker.com" - ? - C:\Programs\PartyGaming\PartyPoker\RunApp.exe  (File not found)
"PokerStars" - "PokerStars" - C:\Program Files\PokerStars\PokerStarsUpdate.exe
{FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Research" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )-----
{9421DD08-935F-4701-A9CA-22DF90AC4EA6} "Easy Photo Print" - "SEIKO EPSON CORPORATION / CyCom Technology Corp." - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll
<binary data> "Google Toolbar" - "Google Inc." - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
{855F3B16-6D32-4fe6-8A56-BBB695989046} "ICQToolBar" - "ICQ" - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
{9421DD08-935F-4701-A9CA-22DF90AC4EA6} "Easy Photo Print" - "SEIKO EPSON CORPORATION / CyCom Technology Corp." - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll
{AA58ED58-01DD-4d91-8333-CF10577473F7} "Google Toolbar Helper" - "Google Inc." - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} "Google Toolbar Notifier BHO" - "Google Inc." - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2ssv.dll
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} "Java(tm) Plug-In SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\ssv.dll
{9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live Anmelde-Hilfsprogramm" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
{5C255C8A-E604-49b4-9D64-90988571CECB} "{5C255C8A-E604-49b4-9D64-90988571CECB}" - ? -  (File not found | COM-object registry key not found)

[Logon]
-----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\Users\Ani\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----
"fsc-reg" - "Fujitsu Siemens" - C:\fsc-reg\fscreg.exe 20110313
"ICQ" - "ICQ, LLC." - "C:\Program Files\ICQ7.4\ICQ.exe" silent loginmode=4
"swg" - "Google Inc." - "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
-----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )-----
"StartupPrograms" - ? - rdpclip  (File not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"Adobe Reader Speed Launcher" - "Adobe Systems Incorporated" - "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"FSCRecovery" - "Fujitsu Siemens Computers GmbH" - c:\Program Files\Fujitsu Siemens Computers\Fujitsu Siemens Computers Recovery\FSCRecoveryReminder.exe
"Google Desktop Search" - "Google" - "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
"Google EULA Launcher" - " " - c:\Program Files\Google\Google EULA\GoogleEULALauncher.exe IE PA
"HotkeyApp" - "Wistron" - "C:\Program Files\Launch Manager\HotkeyApp.exe"
"LMgrOSD" - ? - "C:\Program Files\Launch Manager\OSDCtrl.exe"
"LMgrVolOSD" - "Wistron Corp." - "C:\Program Files\Launch Manager\OSD.exe"
"NeroFilterCheck" - "Nero AG" - C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
"StartCCC" - "Advanced Micro Devices, Inc." - "c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
"SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Program Files\Java\jre6\bin\jusched.exe"
"WinampAgent" - ? - "C:\Program Files\Winamp\winampa.exe"  (File found, but it contains no detailed information)
"WisKeyState" - "Wistron Corp." - "C:\Program Files\Launch Manager\WisKeyState.exe"

[Print Monitors]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----
"Send To Microsoft OneNote Monitor" - "Microsoft Corporation" - C:\Windows\system32\msonpmon.dll

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"@C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100" (WPFFontCache_v0400) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
"Fujitsu Siemens Computers Diagnostic Testhandler" (TestHandler) - "Fujitsu Siemens Computers" - C:\Program Files\Fujitsu Siemens Computers\SystemDiagnostics\OnlineDiagnostic\TestManager\TestHandler.exe
"Google Desktop Manager 5.9.1005.12335" (GoogleDesktopManager-051210-111108) - "Google" - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
"Google Software Updater" (gusvc) - "Google" - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
"Google Update Service (gupdate1ca605e1da063c1)" (gupdate1ca605e1da063c1) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"ICQ Service" (ICQ Service) - ? - C:\Program Files\ICQ6Toolbar\ICQ Service.exe
"Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
"Microsoft Office Diagnostics Service" (odserv) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
"Nero BackItUp Scheduler 3" (Nero BackItUp Scheduler 3) - "Nero AG" - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
"NMIndexingService" (NMIndexingService) - "Nero AG" - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
"Office Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
"WisLMSvc" (WisLMSvc) - "Wistron Corp." - C:\Program Files\Launch Manager\WisLMSvc.exe

===[ Logfile end ]=========================================[ Logfile end ]===
--- --- ---

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru

cosinus 24.03.2011 23:30
Log von mbrcheck ist unvollständig

Jana90 24.03.2011 23:39
MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows Vista Home Premium Edition
Windows Information: Service Pack 1 (build 6001), 32-bit
Base Board Manufacturer: FUJITSU SIEMENS
BIOS Manufacturer: Phoenix Technologies LTD
System Manufacturer: FUJITSU SIEMENS
System Product Name: AMILO Notebook Pa 3553
Logical Drives Mask: 0x0000001c

Kernel Drivers (total 138):
0x82047000 \SystemRoot\system32\ntkrnlpa.exe
0x82014000 \SystemRoot\system32\hal.dll
0x8040B000 \SystemRoot\system32\kdcom.dll
0x80413000 \SystemRoot\system32\PSHED.dll
0x80424000 \SystemRoot\system32\BOOTVID.dll
0x8042C000 \SystemRoot\system32\CLFS.SYS
0x8046D000 \SystemRoot\system32\CI.dll
0x8054D000 \SystemRoot\system32\drivers\Wdf01000.sys
0x805C9000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x80609000 \SystemRoot\system32\drivers\acpi.sys
0x8064F000 \SystemRoot\system32\drivers\WMILIB.SYS
0x80658000 \SystemRoot\system32\drivers\msisadrv.sys
0x80660000 \SystemRoot\system32\drivers\pci.sys
0x80687000 \SystemRoot\System32\drivers\partmgr.sys
0x80696000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x80699000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x806A3000 \SystemRoot\system32\drivers\volmgr.sys
0x806B2000 \SystemRoot\System32\drivers\volmgrx.sys
0x806FC000 \SystemRoot\System32\drivers\mountmgr.sys
0x8070C000 \SystemRoot\system32\drivers\fltmgr.sys
0x8073E000 \SystemRoot\system32\drivers\fileinfo.sys
0x8074E000 \SystemRoot\System32\Drivers\PxHelp20.sys
0x80757000 \SystemRoot\System32\Drivers\ksecdd.sys
0x82609000 \SystemRoot\system32\drivers\ndis.sys
0x82714000 \SystemRoot\system32\drivers\msrpc.sys
0x8273F000 \SystemRoot\system32\drivers\NETIO.SYS
0x88409000 \SystemRoot\System32\drivers\tcpip.sys
0x884F2000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x88603000 \SystemRoot\System32\Drivers\Ntfs.sys
0x88712000 \SystemRoot\system32\drivers\volsnap.sys
0x8874B000 \SystemRoot\System32\Drivers\spldr.sys
0x88753000 \SystemRoot\System32\Drivers\mup.sys
0x88762000 \SystemRoot\System32\drivers\ecache.sys
0x88789000 \SystemRoot\system32\drivers\disk.sys
0x8879A000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x887BB000 \SystemRoot\system32\DRIVERS\AtiPcie.sys
0x887C3000 \SystemRoot\system32\drivers\crcdisk.sys
0x8850D000 \SystemRoot\system32\drivers\ahcix86s.sys
0x8854D000 \SystemRoot\system32\drivers\storport.sys
0x887E3000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x887EE000 \SystemRoot\system32\DRIVERS\tunmp.sys
0x885CE000 \SystemRoot\system32\DRIVERS\processr.sys
0x887F7000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0x8C40B000 \SystemRoot\system32\DRIVERS\atikmdag.sys
0x8C91E000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x8C9BD000 \SystemRoot\System32\drivers\watchdog.sys
0x8C9CA000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x8CA01000 \SystemRoot\system32\DRIVERS\athr.sys
0x8CAE3000 \SystemRoot\system32\DRIVERS\Rtlh86.sys
0x8CB04000 \SystemRoot\system32\DRIVERS\ohci1394.sys
0x8CB14000 \SystemRoot\system32\DRIVERS\1394BUS.SYS
0x8CB22000 \SystemRoot\system32\DRIVERS\jmcr.sys
0x8CB37000 \SystemRoot\system32\DRIVERS\SCSIPORT.SYS
0x8CB5D000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x8CB75000 \SystemRoot\system32\DRIVERS\usbohci.sys
0x8CB7F000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x8CBBD000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x8CBCC000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x8CBD0000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x8CBE3000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x82779000 \SystemRoot\system32\DRIVERS\SynTP.sys
0x8CBEE000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x8CBF0000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x827A6000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0x8C9DC000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x8C9E7000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x8C400000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x885DD000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x827D4000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x827E3000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x807C8000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x807DD000 \SystemRoot\system32\DRIVERS\termdd.sys
0x8CBFB000 \SystemRoot\system32\DRIVERS\swenum.sys
0x805D6000 \SystemRoot\system32\DRIVERS\ks.sys
0x807ED000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x8CE0F000 \SystemRoot\system32\DRIVERS\umbus.sys

cosinus 25.03.2011 09:13
Leider immer noch unvollständig. Lass es doch mal etwas länger durchlaufen!

Jana90 25.03.2011 12:55
Sorry...diesmal aber:


MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows Vista Home Premium Edition
Windows Information: Service Pack 1 (build 6001), 32-bit
Base Board Manufacturer: FUJITSU SIEMENS
BIOS Manufacturer: Phoenix Technologies LTD
System Manufacturer: FUJITSU SIEMENS
System Product Name: AMILO Notebook Pa 3553
Logical Drives Mask: 0x0000001c

Kernel Drivers (total 138):
0x8203D000 \SystemRoot\system32\ntkrnlpa.exe
0x8200A000 \SystemRoot\system32\hal.dll
0x8040B000 \SystemRoot\system32\kdcom.dll
0x80413000 \SystemRoot\system32\PSHED.dll
0x80424000 \SystemRoot\system32\BOOTVID.dll
0x8042C000 \SystemRoot\system32\CLFS.SYS
0x8046D000 \SystemRoot\system32\CI.dll
0x8054D000 \SystemRoot\system32\drivers\Wdf01000.sys
0x805C9000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x8060D000 \SystemRoot\system32\drivers\acpi.sys
0x80653000 \SystemRoot\system32\drivers\WMILIB.SYS
0x8065C000 \SystemRoot\system32\drivers\msisadrv.sys
0x80664000 \SystemRoot\system32\drivers\pci.sys
0x8068B000 \SystemRoot\System32\drivers\partmgr.sys
0x8069A000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x8069D000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x806A7000 \SystemRoot\system32\drivers\volmgr.sys
0x806B6000 \SystemRoot\System32\drivers\volmgrx.sys
0x80700000 \SystemRoot\System32\drivers\mountmgr.sys
0x80710000 \SystemRoot\system32\drivers\fltmgr.sys
0x80742000 \SystemRoot\system32\drivers\fileinfo.sys
0x80752000 \SystemRoot\System32\Drivers\PxHelp20.sys
0x8075B000 \SystemRoot\System32\Drivers\ksecdd.sys
0x8260B000 \SystemRoot\system32\drivers\ndis.sys
0x82716000 \SystemRoot\system32\drivers\msrpc.sys
0x82741000 \SystemRoot\system32\drivers\NETIO.SYS
0x88403000 \SystemRoot\System32\drivers\tcpip.sys
0x884EC000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x88603000 \SystemRoot\System32\Drivers\Ntfs.sys
0x88712000 \SystemRoot\system32\drivers\volsnap.sys
0x8874B000 \SystemRoot\System32\Drivers\spldr.sys
0x88753000 \SystemRoot\System32\Drivers\mup.sys
0x88762000 \SystemRoot\System32\drivers\ecache.sys
0x88789000 \SystemRoot\system32\drivers\disk.sys
0x8879A000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x887BB000 \SystemRoot\system32\DRIVERS\AtiPcie.sys
0x887C3000 \SystemRoot\system32\drivers\crcdisk.sys
0x88507000 \SystemRoot\system32\drivers\ahcix86s.sys
0x88547000 \SystemRoot\system32\drivers\storport.sys
0x887E3000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x887EE000 \SystemRoot\system32\DRIVERS\tunmp.sys
0x885C8000 \SystemRoot\system32\DRIVERS\processr.sys
0x887F7000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0x8C209000 \SystemRoot\system32\DRIVERS\atikmdag.sys
0x8C71C000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x8C7BB000 \SystemRoot\System32\drivers\watchdog.sys
0x8C7C8000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x8CA00000 \SystemRoot\system32\DRIVERS\athr.sys
0x8CAE2000 \SystemRoot\system32\DRIVERS\Rtlh86.sys
0x8CB03000 \SystemRoot\system32\DRIVERS\ohci1394.sys
0x8CB13000 \SystemRoot\system32\DRIVERS\1394BUS.SYS
0x8CB21000 \SystemRoot\system32\DRIVERS\jmcr.sys
0x8CB36000 \SystemRoot\system32\DRIVERS\SCSIPORT.SYS
0x8CB5C000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x8CB74000 \SystemRoot\system32\DRIVERS\usbohci.sys
0x8CB7E000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x8CBBC000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x8CBCB000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x8CBCF000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x8CBE2000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x8277B000 \SystemRoot\system32\DRIVERS\SynTP.sys
0x8CBED000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x8CBEF000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x827A8000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0x8C7DA000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x8C7E5000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x885D7000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x827D6000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x885E2000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x807CC000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x807E0000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x805D6000 \SystemRoot\system32\DRIVERS\termdd.sys
0x8CBFA000 \SystemRoot\system32\DRIVERS\swenum.sys
0x8CC00000 \SystemRoot\system32\DRIVERS\ks.sys
0x8CC2A000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x8CC34000 \SystemRoot\system32\DRIVERS\umbus.sys
0x8CC41000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x8CC75000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x8CC86000 \SystemRoot\system32\drivers\HdAudio.sys
0x8CCC5000 \SystemRoot\system32\drivers\portcls.sys
0x8CCF2000 \SystemRoot\system32\drivers\drmk.sys
0x8CE08000 \SystemRoot\system32\drivers\RTKVHDA.sys
0x8D015000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x8D01E000 \SystemRoot\System32\Drivers\Null.SYS
0x8D025000 \SystemRoot\System32\Drivers\Beep.SYS
0x8D035000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x8D03C000 \SystemRoot\System32\drivers\vga.sys
0x8D048000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x8D069000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x8D071000 \SystemRoot\system32\drivers\rdpencdd.sys
0x8D079000 \SystemRoot\System32\Drivers\Msfs.SYS
0x8D084000 \SystemRoot\System32\Drivers\Npfs.SYS
0x8D092000 \SystemRoot\System32\DRIVERS\rasacd.sys
0x8D09B000 \SystemRoot\system32\DRIVERS\tdx.sys
0x8D0B1000 \SystemRoot\system32\DRIVERS\smb.sys
0x8D0C5000 \SystemRoot\system32\drivers\afd.sys
0x8D10D000 \SystemRoot\System32\DRIVERS\netbt.sys
0x8D13F000 \SystemRoot\system32\DRIVERS\pacer.sys
0x8D155000 \SystemRoot\system32\DRIVERS\netbios.sys
0x8D163000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x8D176000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x8D1B2000 \SystemRoot\system32\drivers\nsiproxy.sys
0x8D1BC000 \SystemRoot\System32\Drivers\Hotkey.SYS
0x8D1BF000 \SystemRoot\System32\Drivers\dfsc.sys
0x8D1D6000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x8D1DF000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x8D1EF000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x8CD17000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x8CD2E000 \SystemRoot\System32\Drivers\usbvideo.sys
0x8CD4F000 \SystemRoot\System32\Drivers\crashdmp.sys
0x8CD5C000 \SystemRoot\System32\Drivers\dump_diskdump.sys
0x8CD66000 \SystemRoot\System32\Drivers\dump_ahcix86s.sys
0x95040000 \SystemRoot\System32\win32k.sys
0x8CDA6000 \SystemRoot\System32\drivers\Dxapi.sys
0x8CDB0000 \SystemRoot\system32\DRIVERS\monitor.sys
0x95260000 \SystemRoot\System32\TSDDD.dll
0x95280000 \SystemRoot\System32\cdd.dll
0x8CDBF000 \SystemRoot\system32\drivers\luafv.sys
0x98206000 \SystemRoot\system32\drivers\spsys.sys
0x982B5000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x982C5000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x982EF000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x982F9000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x9830C000 \SystemRoot\system32\drivers\HTTP.sys
0x98379000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x98396000 \SystemRoot\system32\DRIVERS\bowser.sys
0x983AF000 \SystemRoot\System32\drivers\mpsdrv.sys
0x983C4000 \SystemRoot\system32\drivers\mrxdav.sys
0x8CDDA000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x88588000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x983E4000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x98C02000 \SystemRoot\System32\DRIVERS\srv2.sys
0x98C2A000 \SystemRoot\System32\DRIVERS\srv.sys
0x98C78000 \SystemRoot\system32\drivers\peauth.sys
0x98D56000 \SystemRoot\System32\Drivers\secdrv.SYS
0x98D60000 \SystemRoot\System32\drivers\tcpipreg.sys
0x98D6C000 \SystemRoot\system32\DRIVERS\cdfs.sys
0x77240000 \Windows\System32\ntdll.dll

Processes (total 65):
0 System Idle Process
4 System
508 C:\Windows\System32\smss.exe
580 csrss.exe
652 C:\Windows\System32\wininit.exe
660 csrss.exe
696 C:\Windows\System32\services.exe
716 C:\Windows\System32\lsass.exe
724 C:\Windows\System32\lsm.exe
856 C:\Windows\System32\svchost.exe
920 C:\Windows\System32\svchost.exe
956 C:\Windows\System32\svchost.exe
1008 C:\Windows\System32\Ati2evxx.exe
1044 C:\Windows\System32\svchost.exe
1056 C:\Windows\System32\winlogon.exe
1148 C:\Windows\System32\svchost.exe
1168 C:\Windows\System32\svchost.exe
1284 C:\Windows\System32\audiodg.exe
1348 C:\Windows\System32\SLsvc.exe
1396 C:\Windows\System32\svchost.exe
1516 C:\Windows\System32\svchost.exe
1552 C:\Windows\System32\Ati2evxx.exe
1776 C:\Windows\System32\spoolsv.exe
1832 C:\Windows\System32\svchost.exe
560 C:\Program Files\ICQ6Toolbar\ICQ Service.exe
644 C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
1864 C:\Windows\System32\svchost.exe
1996 C:\Windows\System32\svchost.exe
1772 C:\Program Files\Fujitsu Siemens Computers\SystemDiagnostics\OnlineDiagnostic\TestManager\TestHandler.exe
2140 C:\Windows\System32\svchost.exe
2200 C:\Windows\System32\SearchIndexer.exe
2668 C:\Windows\System32\taskeng.exe
2704 C:\Windows\System32\dwm.exe
2756 C:\Windows\System32\taskeng.exe
2784 C:\Windows\explorer.exe
2984 C:\Windows\RtHDVCpl.exe
3008 C:\Program Files\Synaptics\SynTP\SynTPStart.exe
3020 C:\Program Files\Launch Manager\HotkeyApp.exe
3028 C:\Program Files\Launch Manager\WisKeyState.exe
3036 C:\Program Files\Launch Manager\OSD.exe
3052 C:\Program Files\Launch Manager\OSDCtrl.exe
3220 C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
3276 C:\Program Files\Java\jre6\bin\jusched.exe
3284 C:\Program Files\Launch Manager\WisLMSvc.exe
3308 C:\Program Files\Winamp\winampa.exe
3324 C:\Program Files\Windows Sidebar\sidebar.exe
3404 WmiPrvSE.exe
3580 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
3588 C:\Program Files\ICQ7.4\ICQ.exe
3604 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
3628 C:\Program Files\Mozilla Firefox\firefox.exe
3968 C:\Program Files\Mozilla Firefox\plugin-container.exe
2844 C:\Windows\servicing\TrustedInstaller.exe
3500 C:\Windows\System32\VSSVC.exe
1944 C:\Program Files\Internet Explorer\ieuser.exe
3544 C:\Program Files\Internet Explorer\iexplore.exe
2420 C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
3624 C:\Windows\System32\svchost.exe
3388 C:\ProgramData\Google\Google Toolbar\Update\GoogleToolbarInstaller_updater_signed.exe
3964 C:\Windows\System32\conime.exe
3676 C:\Program Files\Java\jre6\bin\jucheck.exe
156 C:\Windows\System32\SearchProtocolHost.exe
844 C:\Windows\System32\SearchFilterHost.exe
3072 C:\Windows\System32\wuauclt.exe
3116 C:\Users\Ani\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000002`32900000 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000019`bcc00000 (NTFS)

PhysicalDrive0 Model Number: FUJITSUMHZ2320BH G2, Rev:

Size Device Name MBR Status
--------------------------------------------
298 GB \\.\PhysicalDrive0 RE: Windows 2008 MBR code detected
SHA1: 8DF43F2BDE2D9451948FA14B5279969C777A7979

cosinus 25.03.2011 14:12
Ok.
Zitat:
"EagleNT" (EagleNT) - ? - C:\Windows\system32\drivers\EagleNT.sys (File not found)
"XDva375" (XDva375) - ? - C:\Windows\system32\XDva375.sys (File not found)
Bitte mit OSAM deaktivieren und löschen (delete from storage)

Jana90 25.03.2011 14:27
"delete from storage" lässt sich nicht anklicken...

cosinus 25.03.2011 15:18
Bitte die Anleitung zuz OSAM bachten

Jana90 25.03.2011 15:46
Habe ausversehen den 1. Report weggeklickt, hier ist das Endergebnis:

OSAM Logfile:
Code:
Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 15:43:33 on 25.03.2011

OS: Windows Vista Home Premium Edition Service Pack 1 (Build 6001), 32-bit
Default Browser: Mozilla Corporation Firefox 4.0

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[AppInit DLLs]
-----( HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows )-----
"AppInit_DLLs" - "Google" - C:\PROGRA~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll

[Common]
-----( %SystemRoot%\Tasks )-----
"GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe

[Control Panel Objects]
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"Nero BurnRights" - "Nero AG" - C:\Program Files\Nero\Nero8\Nero Toolkit\NeroBurnRights.cpl
"Pando" - "Pando Networks" - C:\Program Files\Pando Networks\Media Booster\PMB.cpl

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"catchme" (catchme) - ? - C:\Users\Ani\AppData\Local\Temp\catchme.sys  (File not found)
"Hotkey" (Hotkey) - ? - C:\Windows\system32\drivers\Hotkey.sys  (File found, but it contains no detailed information)
"IP in IP Tunnel Driver" (IpInIp) - ? - C:\Windows\System32\DRIVERS\ipinip.sys  (File not found)
"IPX Traffic Filter Driver" (NwlnkFlt) - ? - C:\Windows\System32\DRIVERS\nwlnkflt.sys  (File not found)
"IPX Traffic Forwarder Driver" (NwlnkFwd) - ? - C:\Windows\System32\DRIVERS\nwlnkfwd.sys  (File not found)
"PxHelp20" (PxHelp20) - "Sonic Solutions" - C:\Windows\System32\Drivers\PxHelp20.sys
(Disabled) "EagleNT" (EagleNT) - ? - C:\Windows\system32\drivers\EagleNT.sys  (File not found)
(Disabled) "XDva375" (XDva375) - ? - C:\Windows\system32\XDva375.sys  (File not found)

[Explorer]
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
-----( HKLM\Software\Classes\Protocols\Filter )-----
{807563E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
-----( HKLM\Software\Classes\Protocols\Handler )-----
{314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
{828030A1-22C1-4009-854F-8E305202313F} "livecall" - "Microsoft Corporation" - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
{0A9007C0-4076-11D3-8789-0000F8105754} "Microsoft Infotech Storage Protocol for IE 4.0" - "Microsoft Corporation" - c:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll
{828030A1-22C1-4009-854F-8E305202313F} "msnim" - "Microsoft Corporation" - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )-----
{AEB6717E-7E19-11d0-97EE-00C04FD91972} "{AEB6717E-7E19-11d0-97EE-00C04FD91972}" - ? -  (File not found | COM-object registry key not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{911051fa-c21c-4246-b470-070cd8df6dc4} ".cab or .zip files" - ? -  (File not found | COM-object registry key not found)
{23170F69-40C1-278A-1000-000100020000} "7-Zip Shell Extension" - "Igor Pavlov" - C:\Program Files\7-Zip\7-zip.dll
{1b24a030-9b20-49bc-97ac-1be4426f9e59} "ActiveDirectory Folder" - ? -  (File not found | COM-object registry key not found)
{34449847-FD14-4fc8-A75A-7432F5181EFB} "ActiveDirectory Folder" - ? -  (File not found | COM-object registry key not found)
{0F8604A5-4ECE-4DE1-BA7D-CF10F8AA4F48} "Contacts folder" - ? -  (File not found | COM-object registry key not found)
{2C2577C2-63A7-40e3-9B7F-586602617ECB} "Explorer Query Band" - ? -  (File not found | COM-object registry key not found)
{00020d75-0000-0000-c000-000000000046} "lnkfile" - ? -  (File not found | COM-object registry key not found)
{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\msohevi.dll
{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C} "Microsoft Office OneNote Namespace Extension for Windows Desktop Search" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\ONFILTER.DLL
{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{97F68CE3-7146-45FF-BE24-D9A7DD7CB8A2} "NeroCoverEdLiveIcons Class" - "Nero AG" - C:\Program Files\Nero\Nero8\Nero CoverDesigner\CoverEdExtension.dll
{C8494E42-ACDD-4739-B0FB-217361E4894F} "Sam Account Folder" - ? -  (File not found | COM-object registry key not found)
{E29F9716-5C08-4FCD-955A-119FDB5A522D} "Sam Account Folder" - ? -  (File not found | COM-object registry key not found)
{5E2121EE-0300-11D4-8D3B-444553540000} "SimpleShlExt Class" - ? - c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\atiacmxx.dll
{da67b8ad-e81b-4c70-9b91b417b5e33527} "Windows Search Shell Service" - ? -  (File not found | COM-object registry key not found)

[Internet Explorer]
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
<binary data> "Google Toolbar" - "Google Inc." - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
<binary data> "ITBar7Layout" - ? -  (File not found | COM-object registry key not found)
-----( HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks )-----
{855F3B16-6D32-4fe6-8A56-BBB695989046} "ICQToolBar" - "ICQ" - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
 "{855F3B16-6D32-4fe6-8A56-BBB695989046}" - ? -  (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_11" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} "Java Plug-in 1.6.0_11" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_11" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_11.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
{D27CDB6E-AE6D-11CF-96B8-444553540000} "Shockwave Flash Object" - "Adobe Systems, Inc." - C:\Windows\system32\Macromed\Flash\Flash10c.ocx / hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
{17492023-C23A-453E-A040-C7C580BBF700} "Windows Genuine Advantage Validation Tool" - "Microsoft Corporation" - C:\Windows\system32\LegitCheckControl.DLL / hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab
{8FFBE65D-2C9C-4669-84BD-5829DC0B603C} "{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}" - ? -  (File not found | COM-object registry key not found) / hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
{48E73304-E1D6-4330-914C-F5F514E3486C} "An OneNote senden" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
"ICQ7.4" - "ICQ, LLC." - C:\Program Files\ICQ7.4\ICQ.exe
"PartyPoker.com" - ? - C:\Programs\PartyGaming\PartyPoker\RunApp.exe  (File not found)
"PokerStars" - "PokerStars" - C:\Program Files\PokerStars\PokerStarsUpdate.exe
{FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Research" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )-----
{9421DD08-935F-4701-A9CA-22DF90AC4EA6} "Easy Photo Print" - "SEIKO EPSON CORPORATION / CyCom Technology Corp." - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll
<binary data> "Google Toolbar" - "Google Inc." - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
{855F3B16-6D32-4fe6-8A56-BBB695989046} "ICQToolBar" - "ICQ" - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
{9421DD08-935F-4701-A9CA-22DF90AC4EA6} "Easy Photo Print" - "SEIKO EPSON CORPORATION / CyCom Technology Corp." - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll
{AA58ED58-01DD-4d91-8333-CF10577473F7} "Google Toolbar Helper" - "Google Inc." - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} "Google Toolbar Notifier BHO" - "Google Inc." - C:\Program Files\Google\GoogleToolbarNotifier\5.6.6209.1142\swg.dll
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2ssv.dll
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} "Java(tm) Plug-In SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\ssv.dll
{9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live Anmelde-Hilfsprogramm" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
{5C255C8A-E604-49b4-9D64-90988571CECB} "{5C255C8A-E604-49b4-9D64-90988571CECB}" - ? -  (File not found | COM-object registry key not found)

[Logon]
-----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\Users\Ani\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----
"fsc-reg" - "Fujitsu Siemens" - C:\fsc-reg\fscreg.exe 20110313
"ICQ" - "ICQ, LLC." - "C:\Program Files\ICQ7.4\ICQ.exe" silent loginmode=4
"swg" - "Google Inc." - "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
-----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )-----
"StartupPrograms" - ? - rdpclip  (File not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"Adobe Reader Speed Launcher" - "Adobe Systems Incorporated" - "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"FSCRecovery" - "Fujitsu Siemens Computers GmbH" - c:\Program Files\Fujitsu Siemens Computers\Fujitsu Siemens Computers Recovery\FSCRecoveryReminder.exe
"Google Desktop Search" - "Google" - "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
"Google EULA Launcher" - " " - c:\Program Files\Google\Google EULA\GoogleEULALauncher.exe IE PA
"HotkeyApp" - "Wistron" - "C:\Program Files\Launch Manager\HotkeyApp.exe"
"LMgrOSD" - ? - "C:\Program Files\Launch Manager\OSDCtrl.exe"
"LMgrVolOSD" - "Wistron Corp." - "C:\Program Files\Launch Manager\OSD.exe"
"NeroFilterCheck" - "Nero AG" - C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
"StartCCC" - "Advanced Micro Devices, Inc." - "c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
"SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Program Files\Java\jre6\bin\jusched.exe"
"WinampAgent" - ? - "C:\Program Files\Winamp\winampa.exe"  (File found, but it contains no detailed information)
"WisKeyState" - "Wistron Corp." - "C:\Program Files\Launch Manager\WisKeyState.exe"

[Print Monitors]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----
"Send To Microsoft OneNote Monitor" - "Microsoft Corporation" - C:\Windows\system32\msonpmon.dll

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"@C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100" (WPFFontCache_v0400) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
"Fujitsu Siemens Computers Diagnostic Testhandler" (TestHandler) - "Fujitsu Siemens Computers" - C:\Program Files\Fujitsu Siemens Computers\SystemDiagnostics\OnlineDiagnostic\TestManager\TestHandler.exe
"Google Desktop Manager 5.9.1005.12335" (GoogleDesktopManager-051210-111108) - "Google" - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
"Google Software Updater" (gusvc) - "Google" - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
"Google Update Service (gupdate1ca605e1da063c1)" (gupdate1ca605e1da063c1) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"ICQ Service" (ICQ Service) - ? - C:\Program Files\ICQ6Toolbar\ICQ Service.exe
"Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
"Microsoft Office Diagnostics Service" (odserv) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
"Nero BackItUp Scheduler 3" (Nero BackItUp Scheduler 3) - "Nero AG" - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
"NMIndexingService" (NMIndexingService) - "Nero AG" - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
"Office Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
"WisLMSvc" (WisLMSvc) - "Wistron Corp." - C:\Program Files\Launch Manager\WisLMSvc.exe

===[ Logfile end ]=========================================[ Logfile end ]===
--- --- ---

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru

cosinus 25.03.2011 16:04
Nagut, deaktivieren geht auch.

Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SASW und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!

Jana90 25.03.2011 19:08
SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com

Generated 03/25/2011 at 06:59 PM

Application Version : 4.50.1002

Core Rules Database Version : 6673
Trace Rules Database Version: 4485

Scan type : Complete Scan
Total Scan Time : 01:45:28

Memory items scanned : 643
Memory threats detected : 0
Registry items scanned : 8932
Registry threats detected : 0
File items scanned : 125266
File threats detected : 23

Adware.Tracking Cookie
C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\***@ar.atwola[1].txt
C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\***@advertising[2].txt
C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\***@content.yieldmanager[1].txt
C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\***@cdn.at.atwola[1].txt
C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\***@zedo[2].txt
C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\***@atdmt[2].txt
C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\***@partypoker[1].txt
C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\***@ad.yieldmanager[1].txt
C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\***@tacoda[1].txt
C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\***@atwola[1].txt
C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\***@adtech[1].txt
C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\***[1].txt
C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\***@doubleclick[1].txt
C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\***@earlyexperience.partyaccount[1].txt
C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\***@de.partypoker[2].txt
C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\***@at.atwola[2].txt
C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\***@bs.serving-sys[1].txt
C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\***@adcentriconline[1].txt
C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\***@adfarm1.adition[2].txt
C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\***@serving-sys[1].txt
C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\***@content.yieldmanager[3].txt
C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\***@tradedoubler[2].txt
C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\XT3VABRU ]







Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Datenbank Version: 6169

Windows 6.0.6001 Service Pack 1
Internet Explorer 7.0.6001.18000

25.03.2011 16:55:16
mbam-log-2011-03-25 (16-55-16).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 270621
Laufzeit: 46 Minute(n), 47 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)

cosinus 26.03.2011 17:41
Sieht ok aus, da wurden nur Cookies gefunden.
Noch Probleme oder weitere Funde in der Zwischenzeit?

Jana90 26.03.2011 18:08
Okay, hört sich schonmal gut an :) aber habe noch das Probleme:

-Lieder und Bilder werden nicht angezeigt(wie am Anfang), habe aber bei einem Scan gesehen, dass die Bilder durchsucht worden sind, also müssten sie doch noch da sein?Warum kann ich sie nicht sehen?

cosinus 26.03.2011 20:24
Geht das auch genauer?
Kann kein Lies mehr abgespielt werden? Auch über Youtube etc. nicht?


Alle Zeitangaben in WEZ +1. Es ist jetzt 16:09 Uhr.
Seite 2 von 3 1 2 3
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27