Trojaner-Board
Seite 2 von 3 1 2 3
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Internet verbindet nicht mehr nach malwarebytes anti-malware Bereinigung (https://www.trojaner-board.de/97093-internet-verbindet-mehr-malwarebytes-anti-malware-bereinigung.html)

Agent_UG8 08.04.2011 13:59
ComboFix.txt

Combofix Logfile:
Code:
ComboFix 11-04-07.08 - *** 08.04.2011  14:41:55.2.2 - x86
Microsoft Windows XP Home Edition  5.1.2600.3.1252.49.1031.18.958.575 [GMT 2:00]
ausgeführt von:: c:\dokumente und einstellungen\***\Desktop\cofi.exe
Benutzte Befehlsschalter :: c:\dokumente und einstellungen\***\Desktop\CFScript.txt
AV: AntiVir Desktop *Disabled/Outdated* {AD166499-45F9-482A-A743-FDD3350758C7}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
FILE ::
"c:\windows\system32\drivers\mapledxp.SYS"
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
--------------- FCopy ---------------
.
c:\windows\system32\dllcache\wuauclt.exe --> c:\windows\system32\wuauclt.exe
.
(((((((((((((((((((((((((((((((((((((((  Treiber/Dienste  )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_MAPLEDXP
-------\Service_mapledxp
.
.
(((((((((((((((((((((((  Dateien erstellt von 2011-03-08 bis 2011-04-08  ))))))))))))))))))))))))))))))
.
.
2011-04-03 19:09 . 2011-04-03 19:09        --------        d-----w-        C:\_OTL
2011-04-03 14:42 . 2010-12-20 16:09        38224        ----a-w-        c:\windows\system32\drivers\mbamswissarmy.sys
2011-04-03 14:42 . 2011-04-03 14:42        --------        d-----w-        c:\programme\Malwarebytes' Anti-Malware
2011-04-03 14:42 . 2010-12-20 16:08        20952        ----a-w-        c:\windows\system32\drivers\mbam.sys
2011-03-28 17:39 . 1998-06-30 12:28        19968        ----a-r-        c:\windows\system32\sfvmr.dll
2011-03-28 17:39 . 1998-06-30 12:28        11584        ----a-r-        c:\windows\system32\drivers\sfvmr.sys
2011-03-28 17:28 . 2011-03-28 17:49        --------        d-----w-        c:\programme\Bome's Mouse Keyboard
2011-03-28 16:19 . 2011-03-28 16:19        673546        ----a-w-        c:\windows\unins000.exe
2011-03-28 13:00 . 2011-03-28 13:00        173        ----a-w-        c:\dokumente und einstellungen\Zeynep\Anwendungsdaten\Microsoft\gb_1996046.bat
2011-03-28 12:28 . 2011-03-28 12:28        173        ----a-w-        c:\dokumente und einstellungen\Zeynep\Anwendungsdaten\Microsoft\gb_104453.bat
2011-03-24 22:45 . 2011-03-24 22:45        --------        d-----r-        c:\dokumente und einstellungen\LocalService\Favoriten
2011-03-13 22:57 . 2011-03-13 22:57        --------        d-----w-        c:\dokumente und einstellungen\Zeynep\Anwendungsdaten\FVZilla
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-24 22:01 . 2009-03-18 18:26        61960        ----a-w-        c:\windows\system32\drivers\avgntflt.sys
2011-03-24 22:01 . 2009-03-18 18:26        137656        ----a-w-        c:\windows\system32\drivers\avipbb.sys
2011-02-09 13:53 . 2006-05-17 10:58        270848        ----a-w-        c:\windows\system32\sbe.dll
2011-02-09 13:53 . 2006-05-17 10:58        186880        ----a-w-        c:\windows\system32\encdec.dll
2011-02-02 07:58 . 2006-05-17 11:10        2067456        ----a-w-        c:\windows\system32\mstscax.dll
2011-01-27 11:57 . 2006-05-17 11:10        677888        ----a-w-        c:\windows\system32\mstsc.exe
2011-01-21 14:44 . 2006-05-17 10:58        440832        ----a-w-        c:\windows\system32\shimgvw.dll
2006-05-03 10:06        163328        --sh--r-        c:\windows\system32\flvDX.dll
2007-02-21 11:47        31232        --sh--r-        c:\windows\system32\msfDX.dll
2007-12-17 13:43        27648        --sh--w-        c:\windows\system32\Smab0.dll
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Microsoft Works Update Detection"="c:\programme\Microsoft Works\WkDetect.exe" [2000-07-21 28739]
"swg"="c:\programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-09-07 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\programme\Avira\AntiVir Desktop\avgnt.exe" [2011-03-24 281768]
"hpqSRMon"="c:\programme\HP\Digital Imaging\bin\hpqSRMon.exe" [2007-08-22 80896]
"Freecorder FLV Service"="c:\programme\Freecorder\FLVSrvc.exe" [2010-06-26 167936]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"midi5"=mapledxp.dll
"midi6"=sfvmr.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Erinnerungen in Microsoft Works-Kalender.lnk]
path=c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\Erinnerungen in Microsoft Works-Kalender.lnk
backup=c:\windows\pss\Erinnerungen in Microsoft Works-Kalender.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^HP Digital Imaging Monitor.lnk]
path=c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Microsoft Office.lnk]
path=c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Nokia Nseries PC Suite.lnk]
path=c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\Nokia Nseries PC Suite.lnk
backup=c:\windows\pss\Nokia Nseries PC Suite.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Smart Wizard Wireless Settings.lnk]
path=c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\Smart Wizard Wireless Settings.lnk
backup=c:\windows\pss\Smart Wizard Wireless Settings.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^***^Startmenü^Programme^Autostart^DesktopVideoPlayer.LNK]
path=c:\dokumente und einstellungen\***\Startmenü\Programme\Autostart\DesktopVideoPlayer.LNK
backup=c:\windows\pss\DesktopVideoPlayer.LNKStartup
.
[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^***^Startmenü^Programme^Autostart^TUMessenger.lnk]
path=c:\dokumente und einstellungen\***\Startmenü\Programme\Autostart\TUMessenger.lnk
backup=c:\windows\pss\TUMessenger.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaMServer]
c:\programme\Gemeinsame Dateien\Nokia\MPlatform\NokiaMServer [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-09-20 22:07        932288        ----a-r-        c:\programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-09-23 03:47        35760        ----a-w-        c:\programme\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonMyPrinter]
2009-07-27 02:10        1983816        ----a-w-        c:\programme\Canon\MyPrinter\BJMYPRT.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Creative WebCam Tray]
2005-10-27 10:00        299008        ------w-        c:\programme\Creative\Shared Files\CamTray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2010-09-01 06:39        1164584        ----a-w-        c:\programme\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Freecorder FLV Service]
2010-06-26 18:09        167936        ----a-w-        c:\programme\Freecorder\FLVSrvc.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2008-11-13 20:21        133104        ----atw-        c:\dokumente und einstellungen\***\Lokale Einstellungen\Anwendungsdaten\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]
2003-12-22 06:38        241664        ----a-w-        c:\programme\HP\hpcoretech\hpcmpmgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2007-05-08 14:24        54840        ----a-w-        c:\programme\Hewlett-Packard\HP Software Update\hpwuSchd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility]
2004-03-04 15:46        172032        ----a-w-        c:\windows\system32\spool\drivers\w32x86\3\hpztsb10.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-01-25 14:08        421160        ----a-w-        c:\programme\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Portfolio]
2000-07-12 20:30        311350        ----a-w-        c:\programme\Microsoft Works\wkssb.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Update Detection]
2000-07-21 22:55        28739        ----a-w-        c:\programme\Microsoft Works\WkDetect.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
2010-04-16 21:12        3872080        ----a-w-        c:\programme\Windows Live\Messenger\msnmsgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Netlog 24]
2008-09-07 21:06        1380352        ----a-w-        c:\programme\Netlog 24\Notifier\Netlog24Notifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Netlog Music Tool]
2010-03-29 21:27        1728456        ----a-w-        c:\programme\Netlog Music Tool\NetlogMusicTool.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2008-10-07 12:33        13574144        ----a-w-        c:\windows\system32\nvcpl.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2008-10-07 12:33        86016        ----a-w-        c:\windows\system32\nvmctray.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2008-10-07 12:33        1630208        ----a-w-        c:\windows\system32\nwiz.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
2009-06-12 10:34        1414144        ----a-w-        c:\programme\Nokia\Nokia PC Suite 7\PCSuite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-29 16:38        421888        ----a-w-        c:\programme\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
2006-03-01 14:22        577536        ----a-w-        c:\windows\soundman.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-03-09 03:19        148888        ----a-w-        c:\programme\Java\jre6\bin\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2008-09-07 22:23        39408        ----a-w-        c:\programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTimer]
2005-03-08 01:33        53248        ----a-w-        c:\windows\system32\VTTimer.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTrayp]
2005-11-01 02:15        163840        ----a-w-        c:\windows\system32\VTTrayp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2006-10-24 18:05        204288        ------w-        c:\programme\Windows Media Player\wmpnscfg.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WorksFUD]
2000-07-12 19:15        24576        ----a-w-        c:\programme\Microsoft Works\wkfud.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Bonjour Service"=2 (0x2)
"Apple Mobile Device"=2 (0x2)
"JavaQuickStarterService"=2 (0x2)
"IDriverT"=3 (0x3)
"gusvc"=2 (0x2)
"gupdate1c9129af1c66286"=2 (0x2)
"Adobe LM Service"=3 (0x3)
"PnkBstrB"=2 (0x2)
"PnkBstrA"=2 (0x2)
"HTTPFilter"=3 (0x3)
"FontCache3.0.0.0"=3 (0x3)
"Fax"=2 (0x2)
"Zwangie Service"=2 (0x2)
"ServiceLayer"=3 (0x3)
"idsvc"=3 (0x3)
"FLEXnet Licensing Service"=3 (0x3)
"NVSvc"=2 (0x2)
"WZCSVC"=2 (0x2)
"TapiSrv"=3 (0x3)
"Eventlog"=2 (0x2)
"ERSvc"=2 (0x2)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Programme\\FlashGet\\flashget.exe"=
"c:\\Programme\\Free Music Zilla\\FMZilla.exe"=
"c:\\Programme\\MessengerDiscovery\\MessengerDiscovery Live.exe"=
"c:\\Programme\\Steam\\steamapps\\common\\fear2spdemo\\FEAR2SPDemo.exe"=
"c:\\Programme\\Gemeinsame Dateien\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
"c:\\Programme\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=
"c:\\Programme\\LimeWire\\LimeWire.exe"=
"c:\\Programme\\Sierra\\FEAR\\FEARMP.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Programme\\Sierra\\FEAR\\FEARServer.exe"=
"c:\\Programme\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Programme\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Programme\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Programme\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Programme\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Programme\\HP\\Digital Imaging\\bin\\Lager\\hpiscnapp.exe"=
"c:\\Programme\\HP\\Digital Imaging\\bin\\Lager\\hpqkygrp.exe"=
"c:\\Programme\\Free Video Zilla\\FVZilla.exe"=
"c:\\Programme\\ICQ6.5\\ICQ.exe"=
"c:\\Programme\\Mozilla Firefox\\firefox.exe"=
"c:\\Programme\\Unreal Tournament 3\\Binaries\\UT3.exe"=
"c:\\Programme\\Messenger\\Msmsgs.exe"=
"c:\\Programme\\Miranda IM\\miranda32.exe"=
"c:\\Programme\\Opera\\opera.exe"=
"c:\\Programme\\Skype\\Phone\\Skype.exe"=
"c:\\Programme\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Programme\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programme\\Bonjour\\mDNSResponder.exe"=
"c:\\Programme\\iTunes\\iTunes.exe"=
"c:\\Programme\\TeamViewer\\Version6\\TeamViewer.exe"=
"c:\\Programme\\TeamViewer\\Version6\\TeamViewer_Service.exe"=
"c:\\WINDOWS\\network diagnostic\\xpnetdiag.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
.
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [17.02.2009 16:41 717296]
R1 sfvmr;sfvmr;c:\windows\system32\drivers\sfvmr.sys [28.03.2011 19:39 11584]
R2 AntiVirSchedulerService;Avira AntiVir Planer;c:\programme\Avira\AntiVir Desktop\sched.exe [18.03.2009 20:26 135336]
R3 Amps2prt;Trust Ami PS/2 Port Mouse Driver (6);c:\windows\system32\drivers\Amps2prt.sys [19.10.2001 14:57 9056]
R3 P1370Aud;Creative WebCam Audio Control;c:\windows\system32\drivers\P1370Aud.sys [07.09.2008 23:07 93056]
R3 P1370Aul;PD1370 Lower Filter Driver;c:\windows\system32\drivers\P1370Aul.sys [07.09.2008 23:07 4992]
R3 P1370VID;Live! Cam Voice;c:\windows\system32\drivers\P1370Vid.sys [07.09.2008 23:07 179040]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [15.02.2011 01:40 137344]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [15.02.2011 01:40 8320]
S4 gupdate1c9129af1c66286;Google Update Service (gupdate1c9129af1c66286);c:\programme\Google\Update\GoogleUpdate.exe [09.09.2008 18:41 133104]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12        REG_MULTI_SZ          Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt        REG_MULTI_SZ          hpqcxs08 hpqddsvc
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.com
mSearch Bar = hxxp://www.google.com
uInternet Settings,ProxyOverride = *.local
uInternet Settings,ProxyServer = http=127.0.0.1:57152
IE: &Alles mit FlashGet laden - c:\programme\FlashGet\jc_all.htm
IE: &Mit FlashGet laden - c:\programme\FlashGet\jc_link.htm
IE: Free YouTube Download - c:\dokumente und einstellungen\***\Anwendungsdaten\DVDVideoSoftIEHelpers\youtubedownload.htm
IE: Free YouTube to MP3 Converter - c:\dokumente und einstellungen\***\Anwendungsdaten\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Google Sidewiki... - c:\programme\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
Trusted Zone: team-ulm.de\www
FF - ProfilePath - c:\dokumente und einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\0j430vou.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=IEFM1&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/firefox
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?FORM=IEFM1&q=
FF - prefs.js: network.proxy.http -
FF - prefs.js: network.proxy.http_port -
FF - prefs.js: network.proxy.type -
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\programme\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - c:\programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - c:\programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - Ext: RedShift V3.6: redshift_V2@shift-themes.com - %profile%\extensions\redshift_V2@shift-themes.com
FF - Ext: Silvermel: silvermel@pardal.de - %profile%\extensions\silvermel@pardal.de
FF - Ext: Silvermel and Charamel XT: silvermelxt@pardal.de - %profile%\extensions\silvermelxt@pardal.de
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Walnut for Firefox: {5A170DD3-63CA-4c58-93B7-DE9FF536C2FF} - %profile%\extensions\{5A170DD3-63CA-4c58-93B7-DE9FF536C2FF}
FF - Ext: eBay Sidebar for Firefox: {62760FD6-B943-48C9-AB09-F99C6FE96088} - %profile%\extensions\{62760FD6-B943-48C9-AB09-F99C6FE96088}
FF - Ext: DVDVideoSoft Menu: {ACAA314B-EEBA-48e4-AD47-84E31C44796C} - %profile%\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\programme\Java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Google Gears: {000a9d1c-beef-4f90-9363-039d445309b8} - c:\programme\Google\Google Gears\Firefox
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2011-04-08 14:51
Windows 5.1.2600 Service Pack 3 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-2279412749-2558116402-30164335-1006\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:81,d5,62,a8,8a,bf,2f,e0,6e,61,47,a4,06,aa,0b,85,76,14,4c,65,12,75,4d,
  a3,5d,56,06,50,7a,6b,07,b8,32,63,45,28,24,f3,d4,a2,24,e8,37,7e,c0,25,ca,d7,\
"??"=hex:67,12,4c,e4,78,16,da,a1,45,e0,30,ca,8f,fa,38,ec
.
[HKEY_USERS\S-1-5-21-2279412749-2558116402-30164335-1006\Software\SecuROM\License information*]
"datasecu"=hex:24,80,6f,8a,1e,4d,e2,0a,ba,23,36,d0,1c,81,d8,2a,aa,71,7c,64,3c,
  d0,c7,c8,5a,9b,45,3c,c6,38,65,23,62,7f,4a,17,d8,15,b9,e8,13,42,84,dc,ae,cb,\
"rkeysecu"=hex:f2,a0,aa,fb,a5,02,4a,07,03,a4,74,97,68,7d,14,7c
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\h–€|ÿÿÿÿ¤•€|ù•6~*]
"AB141C35E9F4BF344B9FC010BB17F68A"=""
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'explorer.exe'(3352)
c:\dokumente und einstellungen\***\Lokale Einstellungen\Anwendungsdaten\FLVService\lib\FLVSrvLib.dll
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\programme\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
c:\programme\Nokia\Nokia PC Suite 7\NGSCM.DLL
c:\programme\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_ger.nlr
c:\programme\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\programme\Avira\AntiVir Desktop\avguard.exe
c:\programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\programme\Bonjour\mDNSResponder.exe
c:\programme\Canon\IJPLM\IJPLMSVC.EXE
c:\programme\Avira\AntiVir Desktop\avshadow.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2011-04-08  14:57:59 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2011-04-08 12:57
ComboFix2.txt  2011-04-06 18:53
.
Vor Suchlauf: 20 Verzeichnis(se), 110.957.645.824 Bytes frei
Nach Suchlauf: 21 Verzeichnis(se), 110.801.813.504 Bytes frei
.
- - End Of File - - F9EC3058E503DE7912395BF051D6F824[/QUOTE]
--- --- ---

cosinus 08.04.2011 14:54
Bitte nun dieses Tool von Kaspersky ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

Agent_UG8 08.04.2011 15:26
Funde mit Skip, Copy to quarantine oder Delete behandeln?

cosinus 08.04.2011 17:18
Kommt drauf an welche. SPTD so belassen, alles andere löschen! Vergiss das Log nicht!

Agent_UG8 09.04.2011 13:43
Okay. es gab 1 sptd Fund. Habe Ihn belassen.

TDSSKiller Log

Zitat:
2011/04/09 14:43:53.0468 3052 TDSS rootkit removing tool 2.4.21.0 Mar 10 2011 12:26:28
2011/04/09 14:43:53.0718 3052 ================================================================================
2011/04/09 14:43:53.0718 3052 SystemInfo:
2011/04/09 14:43:53.0718 3052
2011/04/09 14:43:53.0718 3052 OS Version: 5.1.2600 ServicePack: 3.0
2011/04/09 14:43:53.0718 3052 Product type: Workstation
2011/04/09 14:43:53.0718 3052 ComputerName: HEIM-PC
2011/04/09 14:43:53.0718 3052 UserName: ***
2011/04/09 14:43:53.0718 3052 Windows directory: C:\WINDOWS
2011/04/09 14:43:53.0718 3052 System windows directory: C:\WINDOWS
2011/04/09 14:43:53.0718 3052 Processor architecture: Intel x86
2011/04/09 14:43:53.0718 3052 Number of processors: 2
2011/04/09 14:43:53.0718 3052 Page size: 0x1000
2011/04/09 14:43:53.0718 3052 Boot type: Normal boot
2011/04/09 14:43:53.0718 3052 ================================================================================
2011/04/09 14:43:54.0484 3052 Initialize success
2011/04/09 14:43:55.0937 3088 ================================================================================
2011/04/09 14:43:55.0937 3088 Scan started
2011/04/09 14:43:55.0937 3088 Mode: Manual;
2011/04/09 14:43:55.0937 3088 ================================================================================
2011/04/09 14:43:56.0812 3088 ACPI (ac407f1a62c3a300b4f2b5a9f1d55b2c) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/04/09 14:43:56.0859 3088 ACPIEC (9e1ca3160dafb159ca14f83b1e317f75) C:\WINDOWS\system32\drivers\ACPIEC.sys
2011/04/09 14:43:56.0921 3088 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/04/09 14:43:56.0984 3088 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
2011/04/09 14:43:57.0203 3088 ALCXWDM (8bce7d9b7b56b75b5ea5028c1ffa50ab) C:\WINDOWS\system32\drivers\ALCXWDM.SYS
2011/04/09 14:43:57.0375 3088 Amps2prt (537c6c32ea891fed3ff7eb1e05a4ff03) C:\WINDOWS\system32\DRIVERS\Amps2prt.sys
2011/04/09 14:43:57.0453 3088 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
2011/04/09 14:43:57.0562 3088 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/04/09 14:43:57.0593 3088 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/04/09 14:43:57.0640 3088 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/04/09 14:43:57.0671 3088 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/04/09 14:43:57.0781 3088 avgio (0b497c79824f8e1bf22fa6aacd3de3a0) C:\Programme\Avira\AntiVir Desktop\avgio.sys
2011/04/09 14:43:57.0812 3088 avgntflt (47b879406246ffdced59e18d331a0e7d) C:\WINDOWS\system32\DRIVERS\avgntflt.sys
2011/04/09 14:43:57.0859 3088 avipbb (5fedef54757b34fb611b9ec8fb399364) C:\WINDOWS\system32\DRIVERS\avipbb.sys
2011/04/09 14:43:57.0906 3088 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/04/09 14:43:57.0984 3088 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/04/09 14:43:58.0062 3088 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2011/04/09 14:43:58.0125 3088 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/04/09 14:43:58.0156 3088 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/04/09 14:43:58.0187 3088 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/04/09 14:43:58.0375 3088 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/04/09 14:43:58.0437 3088 dmboot (0dcfc8395a99fecbb1ef771cec7fe4ea) C:\WINDOWS\system32\drivers\dmboot.sys
2011/04/09 14:43:58.0515 3088 dmio (53720ab12b48719d00e327da470a619a) C:\WINDOWS\system32\drivers\dmio.sys
2011/04/09 14:43:58.0562 3088 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/04/09 14:43:58.0609 3088 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2011/04/09 14:43:58.0703 3088 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/04/09 14:43:58.0750 3088 EL90XBC (6e883bf518296a40959131c2304af714) C:\WINDOWS\system32\DRIVERS\el90xbc5.sys
2011/04/09 14:43:58.0796 3088 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/04/09 14:43:59.0125 3088 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2011/04/09 14:43:59.0140 3088 Fips (b0678a548587c5f1967b0d70bacad6c1) C:\WINDOWS\system32\drivers\Fips.sys
2011/04/09 14:43:59.0203 3088 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
2011/04/09 14:43:59.0265 3088 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2011/04/09 14:43:59.0296 3088 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/04/09 14:43:59.0328 3088 Ftdisk (8f1955ce42e1484714b542f341647778) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/04/09 14:43:59.0375 3088 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
2011/04/09 14:43:59.0437 3088 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/04/09 14:43:59.0546 3088 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/04/09 14:43:59.0640 3088 HPZid412 (d03d10f7ded688fecf50f8fbf1ea9b8a) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
2011/04/09 14:43:59.0687 3088 HPZipr12 (89f41658929393487b6b7d13c8528ce3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
2011/04/09 14:43:59.0750 3088 HPZius12 (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
2011/04/09 14:43:59.0796 3088 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/04/09 14:43:59.0875 3088 i8042prt (e283b97cfbeb86c1d86baed5f7846a92) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/04/09 14:43:59.0906 3088 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/04/09 14:44:00.0015 3088 intelppm (4c7d2750158ed6e7ad642d97bffae351) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/04/09 14:44:00.0046 3088 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2011/04/09 14:44:00.0093 3088 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/04/09 14:44:00.0125 3088 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/04/09 14:44:00.0171 3088 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/04/09 14:44:00.0203 3088 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/04/09 14:44:00.0234 3088 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/04/09 14:44:00.0281 3088 isapnp (6dfb88f64135c525433e87648bda30de) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/04/09 14:44:00.0312 3088 Kbdclass (1704d8c4c8807b889e43c649b478a452) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/04/09 14:44:00.0343 3088 kbdhid (b6d6c117d771c98130497265f26d1882) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2011/04/09 14:44:00.0375 3088 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/04/09 14:44:00.0421 3088 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/04/09 14:44:00.0484 3088 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/04/09 14:44:00.0546 3088 Modem (6fb74ebd4ec57a6f1781de3852cc3362) C:\WINDOWS\system32\drivers\Modem.sys
2011/04/09 14:44:00.0625 3088 Mouclass (b24ce8005deab254c0251e15cb71d802) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/04/09 14:44:00.0656 3088 mouhid (66a6f73c74e1791464160a7065ce711a) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/04/09 14:44:00.0687 3088 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/04/09 14:44:00.0718 3088 MPE (c0f8e0c2c3c0437cf37c6781896dc3ec) C:\WINDOWS\system32\DRIVERS\MPE.sys
2011/04/09 14:44:00.0781 3088 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/04/09 14:44:00.0828 3088 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/04/09 14:44:00.0859 3088 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/04/09 14:44:00.0906 3088 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/04/09 14:44:00.0937 3088 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/04/09 14:44:00.0953 3088 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/04/09 14:44:01.0000 3088 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/04/09 14:44:01.0031 3088 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
2011/04/09 14:44:01.0062 3088 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2011/04/09 14:44:01.0078 3088 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2011/04/09 14:44:01.0109 3088 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2011/04/09 14:44:01.0140 3088 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
2011/04/09 14:44:01.0171 3088 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/04/09 14:44:01.0203 3088 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/04/09 14:44:01.0234 3088 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/04/09 14:44:01.0265 3088 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/04/09 14:44:01.0296 3088 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/04/09 14:44:01.0312 3088 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/04/09 14:44:01.0375 3088 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
2011/04/09 14:44:01.0421 3088 nmwcd (c3963d85b721a7f80d8a55f4e2867a3a) C:\WINDOWS\system32\drivers\ccdcmb.sys
2011/04/09 14:44:01.0468 3088 nmwcdc (3859c69a77793180548802dac9f34a38) C:\WINDOWS\system32\drivers\ccdcmbo.sys
2011/04/09 14:44:01.0531 3088 nmwcdnsu (338f83ee9cb9e15eeacf0cbb90218cbf) C:\WINDOWS\system32\drivers\nmwcdnsu.sys
2011/04/09 14:44:01.0562 3088 nmwcdnsuc (d15bac979144fb69ed28f97b2dd84d48) C:\WINDOWS\system32\drivers\nmwcdnsuc.sys
2011/04/09 14:44:01.0609 3088 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2011/04/09 14:44:01.0625 3088 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/04/09 14:44:01.0703 3088 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/04/09 14:44:01.0921 3088 nv (83780f3a86d2804912f22f6e37cd2254) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2011/04/09 14:44:02.0312 3088 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/04/09 14:44:02.0343 3088 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/04/09 14:44:02.0390 3088 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
2011/04/09 14:44:02.0437 3088 P1370Aud (8f550b88da86a7f242f4c2bd0de857b8) C:\WINDOWS\system32\Drivers\P1370Aud.sys
2011/04/09 14:44:02.0468 3088 P1370Aul (62a17b532461e03b9f0d4d55861a2ddb) C:\WINDOWS\system32\Drivers\P1370Aul.sys
2011/04/09 14:44:02.0531 3088 P1370VID (27ae9243f3bec1c5b60a95845c9eb372) C:\WINDOWS\system32\DRIVERS\P1370Vid.sys
2011/04/09 14:44:02.0562 3088 Parport (f84785660305b9b903fb3bca8ba29837) C:\WINDOWS\system32\DRIVERS\parport.sys
2011/04/09 14:44:02.0593 3088 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/04/09 14:44:02.0640 3088 ParVdm (c2bf987829099a3eaa2ca6a0a90ecb4f) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/04/09 14:44:02.0687 3088 PCANDIS5 (58c5ea3de400fe1d08cfeca6d5c14ebd) C:\WINDOWS\system32\PCANDIS5.SYS
2011/04/09 14:44:02.0734 3088 pccsmcfd (fd2041e9ba03db7764b2248f02475079) C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys
2011/04/09 14:44:02.0750 3088 PCI (387e8dedc343aa2d1efbc30580273acd) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/04/09 14:44:02.0812 3088 PCIIde (59ba86d9a61cbcf4df8e598c331f5b82) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/04/09 14:44:02.0843 3088 Pcmcia (a2a966b77d61847d61a3051df87c8c97) C:\WINDOWS\system32\drivers\Pcmcia.sys
2011/04/09 14:44:03.0046 3088 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/04/09 14:44:03.0093 3088 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/04/09 14:44:03.0140 3088 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\DRIVERS\PxHelp20.sys
2011/04/09 14:44:03.0281 3088 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/04/09 14:44:03.0312 3088 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/04/09 14:44:03.0343 3088 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/04/09 14:44:03.0390 3088 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/04/09 14:44:03.0437 3088 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/04/09 14:44:03.0531 3088 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/04/09 14:44:03.0578 3088 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/04/09 14:44:03.0640 3088 redbook (ed761d453856f795a7fe056e42c36365) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/04/09 14:44:03.0718 3088 RTL8023xp (8e34400ffc7d647946d9c820678775af) C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys
2011/04/09 14:44:03.0765 3088 rtl8139 (d507c1400284176573224903819ffda3) C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
2011/04/09 14:44:03.0828 3088 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/04/09 14:44:03.0859 3088 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2011/04/09 14:44:03.0906 3088 Serial (cf24eb4f0412c82bcd1f4f35a025e31d) C:\WINDOWS\system32\DRIVERS\serial.sys
2011/04/09 14:44:03.0953 3088 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/04/09 14:44:03.0984 3088 sfvmr (525abfe0b82e70402ca5867021cd8442) C:\WINDOWS\System32\drivers\sfvmr.SYS
2011/04/09 14:44:04.0046 3088 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
2011/04/09 14:44:04.0125 3088 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2011/04/09 14:44:04.0203 3088 sptd (71e276f6d189413266ea22171806597b) C:\WINDOWS\system32\Drivers\sptd.sys
2011/04/09 14:44:04.0203 3088 Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: 71e276f6d189413266ea22171806597b
2011/04/09 14:44:04.0203 3088 sptd - detected Locked file (1)
2011/04/09 14:44:04.0250 3088 sr (50fa898f8c032796d3b1b9951bb5a90f) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/04/09 14:44:04.0281 3088 Srv (0f6aefad3641a657e18081f52d0c15af) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/04/09 14:44:04.0328 3088 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
2011/04/09 14:44:04.0375 3088 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
2011/04/09 14:44:04.0406 3088 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/04/09 14:44:04.0437 3088 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2011/04/09 14:44:04.0562 3088 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/04/09 14:44:04.0625 3088 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/04/09 14:44:04.0687 3088 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/04/09 14:44:04.0703 3088 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/04/09 14:44:04.0750 3088 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/04/09 14:44:04.0828 3088 uagp35 (d85938f272d1bcf3db3a31fc0a048928) C:\WINDOWS\system32\DRIVERS\uagp35.sys
2011/04/09 14:44:04.0859 3088 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2011/04/09 14:44:04.0984 3088 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2011/04/09 14:44:05.0062 3088 upperdev (0ccadc7391021376edbb8aa649d04e68) C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys
2011/04/09 14:44:05.0109 3088 USBAAPL (5c2bdc152bbab34f36473deaf7713f22) C:\WINDOWS\system32\Drivers\usbaapl.sys
2011/04/09 14:44:05.0171 3088 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
2011/04/09 14:44:05.0203 3088 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/04/09 14:44:05.0250 3088 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/04/09 14:44:05.0265 3088 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/04/09 14:44:05.0328 3088 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2011/04/09 14:44:05.0390 3088 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/04/09 14:44:05.0437 3088 usbser (1c888b000c2f9492f4b15b5b6b84873e) C:\WINDOWS\system32\drivers\usbser.sys
2011/04/09 14:44:05.0484 3088 UsbserFilt (68b4f83cccf70a2ff32ee142c234332a) C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys
2011/04/09 14:44:05.0515 3088 usbstor (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/04/09 14:44:05.0546 3088 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/04/09 14:44:05.0593 3088 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2011/04/09 14:44:05.0640 3088 viagfx (5dbffb9a41da40c8d77c5cdeb98a55b8) C:\WINDOWS\system32\DRIVERS\vtmini.sys
2011/04/09 14:44:05.0687 3088 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
2011/04/09 14:44:05.0718 3088 VolSnap (a5a712f4e880874a477af790b5186e1d) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/04/09 14:44:05.0781 3088 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/04/09 14:44:05.0859 3088 Wdf01000 (d918617b46457b9ac28027722e30f647) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
2011/04/09 14:44:05.0984 3088 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/04/09 14:44:06.0093 3088 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
2011/04/09 14:44:06.0125 3088 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2011/04/09 14:44:06.0171 3088 WudfPf (6ff66513d372d479ef1810223c8d20ce) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2011/04/09 14:44:06.0203 3088 WudfRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2011/04/09 14:44:06.0375 3088 ================================================================================
2011/04/09 14:44:06.0375 3088 Scan finished
2011/04/09 14:44:06.0375 3088 ================================================================================
2011/04/09 14:44:06.0390 3080 Detected object count: 1
2011/04/09 14:44:40.0812 3080 Locked file(sptd) - User select action: Skip

cosinus 09.04.2011 15:07
Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.


Downloade Dir danach bitte MBRCheck (by a_d_13) und speichere die Datei auf dem Desktop.
  • Doppelklick auf die MBRCheck.exe.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Das Tool braucht nur wenige Sekunden.
  • Danach solltest du eine MBRCheck_<Datum>_<Uhrzeit>.txt auf dem Desktop finden.
Poste mir bitte den Inhalt des .txt Dokumentes

Agent_UG8 09.04.2011 21:40
GMER Log:
GMER Logfile:
Code:
GMER 1.0.15.15570 - GMER - Rootkit Detector and Remover
Rootkit scan 2011-04-09 22:06:47
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 WDC_WD2500JS-00NCB1 rev.10.02E02
Running: 5xw6znk2.exe; Driver: C:\DOKUME~1\UMUTGC~1\LOKALE~1\Temp\pwtdipod.sys


---- System - GMER 1.0.15 ----

SSDT      F7C53136                                                                                                            ZwCreateKey
SSDT      F7C5312C                                                                                                            ZwCreateThread
SSDT      F7C5313B                                                                                                            ZwDeleteKey
SSDT      F7C53145                                                                                                            ZwDeleteValueKey
SSDT      spnk.sys                                                                                                            ZwEnumerateKey [0xF738ECA2]
SSDT      spnk.sys                                                                                                            ZwEnumerateValueKey [0xF738F030]
SSDT      F7C5314A                                                                                                            ZwLoadKey
SSDT      spnk.sys                                                                                                            ZwOpenKey [0xF73700C0]
SSDT      F7C53118                                                                                                            ZwOpenProcess
SSDT      F7C5311D                                                                                                            ZwOpenThread
SSDT      spnk.sys                                                                                                            ZwQueryKey [0xF738F108]
SSDT      spnk.sys                                                                                                            ZwQueryValueKey [0xF738EF88]
SSDT      F7C53154                                                                                                            ZwReplaceKey
SSDT      F7C5314F                                                                                                            ZwRestoreKey
SSDT      F7C53140                                                                                                            ZwSetValueKey

INT 0x62  ?                                                                                                                    85969BF8
INT 0x63  ?                                                                                                                    857E5BF8
INT 0x63  ?                                                                                                                    857E5BF8
INT 0x63  ?                                                                                                                    857E5BF8
INT 0x63  ?                                                                                                                    857E5BF8
INT 0x63  ?                                                                                                                    857E5BF8
INT 0x63  ?                                                                                                                    857E5BF8
INT 0x82  ?                                                                                                                    85969BF8
INT 0x83  ?                                                                                                                    85969BF8

---- Kernel code sections - GMER 1.0.15 ----

?        spnk.sys                                                                                                            Das System kann die angegebene Datei nicht finden. !
.text    USBPORT.SYS!DllUnload                                                                                                F6C238AC 5 Bytes  JMP 857E51D8
.text    at2n4fvq.SYS                                                                                                        F67E9386 35 Bytes  [00, 00, 00, 00, 00, 00, 20, ...]
.text    at2n4fvq.SYS                                                                                                        F67E93AA 24 Bytes  [00, 00, 00, 00, 00, 00, 00, ...]
.text    at2n4fvq.SYS                                                                                                        F67E93C4 3 Bytes  [00, 70, 02] {ADD [EAX+0x2], DH}
.text    at2n4fvq.SYS                                                                                                        F67E93C9 1 Byte  [2E]
.text    at2n4fvq.SYS                                                                                                        F67E93C9 11 Bytes  [2E, 00, 00, 00, 5C, 02, 00, ...] {ADD CS:[EAX], AL; ADD [EDX+EAX+0x0], BL; ADD [EAX], AL; ADD [EAX], AL}
.text    ...                                                                                                                 

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT      atapi.sys[HAL.dll!READ_PORT_UCHAR]                                                                                  [F7371040] spnk.sys
IAT      atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT]                                                                          [F737113C] spnk.sys
IAT      atapi.sys[HAL.dll!READ_PORT_USHORT]                                                                                  [F73710BE] spnk.sys
IAT      atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT]                                                                          [F73717FC] spnk.sys
IAT      atapi.sys[HAL.dll!WRITE_PORT_UCHAR]                                                                                  [F73716D2] spnk.sys
IAT      \SystemRoot\System32\Drivers\at2n4fvq.SYS[HAL.dll!KfAcquireSpinLock]                                                4B8BDF8B
IAT      \SystemRoot\System32\Drivers\at2n4fvq.SYS[HAL.dll!READ_PORT_UCHAR]                                                  8D3F0304
IAT      \SystemRoot\System32\Drivers\at2n4fvq.SYS[HAL.dll!KeGetCurrentIrql]                                                  CB033043
IAT      \SystemRoot\System32\Drivers\at2n4fvq.SYS[HAL.dll!KfRaiseIrql]                                                      0673C13B
IAT      \SystemRoot\System32\Drivers\at2n4fvq.SYS[HAL.dll!KfLowerIrql]                                                      C13B0003
IAT      \SystemRoot\System32\Drivers\at2n4fvq.SYS[HAL.dll!HalGetInterruptVector]                                            8366FA72
IAT      \SystemRoot\System32\Drivers\at2n4fvq.SYS[HAL.dll!HalTranslateBusAddress]                                            75000E7B
IAT      \SystemRoot\System32\Drivers\at2n4fvq.SYS[HAL.dll!KeStallExecutionProcessor]                                        0B7D80E3
IAT      \SystemRoot\System32\Drivers\at2n4fvq.SYS[HAL.dll!KfReleaseSpinLock]                                                307B8D00
IAT      \SystemRoot\System32\Drivers\at2n4fvq.SYS[HAL.dll!READ_PORT_BUFFER_USHORT]                                          00AA840F
IAT      \SystemRoot\System32\Drivers\at2n4fvq.SYS[HAL.dll!READ_PORT_USHORT]                                                  83660000
IAT      \SystemRoot\System32\Drivers\at2n4fvq.SYS[HAL.dll!WRITE_PORT_BUFFER_USHORT]                                          6A000E7A
IAT      \SystemRoot\System32\Drivers\at2n4fvq.SYS[HAL.dll!WRITE_PORT_UCHAR]                                                  C6647400
IAT      \SystemRoot\System32\Drivers\at2n4fvq.SYS[WMILIB.SYS!WmiSystemControl]                                              4F8B0200
IAT      \SystemRoot\System32\Drivers\at2n4fvq.SYS[WMILIB.SYS!WmiCompleteRequest]                                            968D5140
IAT      \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR]                                                  [F7381048] spnk.sys

---- Devices - GMER 1.0.15 ----

Device    \FileSystem\Ntfs \Ntfs                                                                                              859681F8
Device    \Driver\sptd \Device\3366952412                                                                                      spnk.sys
Device    \Driver\PCI_PNP2412 \Device\00000043                                                                                spnk.sys
Device    \Driver\usbuhci \Device\USBPDO-0                                                                                    857E41F8
Device    \Driver\usbuhci \Device\USBPDO-1                                                                                    857E41F8
Device    \Driver\usbuhci \Device\USBPDO-2                                                                                    857E41F8
Device    \Driver\usbuhci \Device\USBPDO-3                                                                                    857E41F8
Device    \Driver\usbehci \Device\USBPDO-4                                                                                    8572A1F8
Device    \Driver\Ftdisk \Device\HarddiskVolume1                                                                              859DA1F8
Device    \Driver\usbstor \Device\00000071                                                                                    85582500
Device    \Driver\usbstor \Device\00000072                                                                                    85582500
Device    \Driver\Ftdisk \Device\HarddiskVolume2                                                                              859DA1F8
Device    \Driver\Cdrom \Device\CdRom0                                                                                        85750500
Device    \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3                                                                          [F72E9B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device    \Driver\atapi \Device\Ide\IdePort0                                                                                  [F72E9B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device    \Driver\atapi \Device\Ide\IdePort1                                                                                  [F72E9B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device    \Driver\atapi \Device\Ide\IdePort2                                                                                  [F72E9B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device    \Driver\atapi \Device\Ide\IdePort3                                                                                  [F72E9B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device    \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-12                                                                        [F72E9B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device    \Driver\usbstor \Device\00000073                                                                                    85582500
Device    \Driver\usbstor \Device\00000074                                                                                    85582500
Device    \Driver\NetBT \Device\NetBt_Wins_Export                                                                              854EB500
Device    \Driver\NetBT \Device\NetbiosSmb                                                                                    854EB500
Device    \Driver\usbstor \Device\0000006a                                                                                    85582500
Device    \Driver\usbstor \Device\0000006b                                                                                    85582500
Device    \Driver\usbuhci \Device\USBFDO-0                                                                                    857E41F8
Device    \Driver\usbuhci \Device\USBFDO-1                                                                                    857E41F8
Device    \FileSystem\MRxSmb \Device\LanmanDatagramReceiver                                                                    854E4500
Device    \Driver\usbuhci \Device\USBFDO-2                                                                                    857E41F8
Device    \FileSystem\MRxSmb \Device\LanmanRedirector                                                                          854E4500
Device    \Driver\usbuhci \Device\USBFDO-3                                                                                    857E41F8
Device    \Driver\usbehci \Device\USBFDO-4                                                                                    8572A1F8
Device    \Driver\Ftdisk \Device\FtControl                                                                                    859DA1F8
Device    \Driver\at2n4fvq \Device\Scsi\at2n4fvq1                                                                              85713500
Device    \FileSystem\Cdfs \Cdfs                                                                                              85593500

---- Registry - GMER 1.0.15 ----

Reg      HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1                                                                  566511147
Reg      HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2                                                                  -35395895
Reg      HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0                                                                  1
Reg      HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4                                   
Reg      HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0                                  0
Reg      HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh                              0x2A 0xFF 0x65 0xDA ...
Reg      HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0                                  C:\Programme\DAEMON Tools\
Reg      HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001                           
Reg      HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh                      0x7C 0xC1 0xFC 0x60 ...
Reg      HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0                        0x20 0x01 0x00 0x00 ...
Reg      HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40                     
Reg      HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh                0xC0 0x89 0xAA 0x63 ...
Reg      HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41                     
Reg      HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh                0xC4 0x07 0x9C 0x7C ...
Reg      HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42                     
Reg      HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42@khjeh                0x14 0xF7 0x2C 0x5D ...
Reg      HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43                     
Reg      HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43@khjeh                0xBE 0x98 0x12 0x8C ...
Reg      HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)               
Reg      HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0                                      0
Reg      HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh                                  0x2A 0xFF 0x65 0xDA ...
Reg      HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0                                      C:\Programme\DAEMON Tools\
Reg      HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)       
Reg      HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh                          0x7C 0xC1 0xFC 0x60 ...
Reg      HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0                            0x20 0x01 0x00 0x00 ...
Reg      HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet) 
Reg      HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh                    0xC0 0x89 0xAA 0x63 ...
Reg      HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41 (not active ControlSet) 
Reg      HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh                    0xC4 0x07 0x9C 0x7C ...
Reg      HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42 (not active ControlSet) 
Reg      HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42@khjeh                    0x14 0xF7 0x2C 0x5D ...
Reg      HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43 (not active ControlSet) 
Reg      HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43@khjeh                    0xBE 0x98 0x12 0x8C ...
Reg      HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)               
Reg      HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0                                      C:\Programme\DAEMON Tools\
Reg      HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0                                      0
Reg      HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh                                  0x45 0x42 0x89 0x33 ...
Reg      HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)       
Reg      HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0                            0x20 0x01 0x00 0x00 ...
Reg      HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh                          0x85 0x3B 0x31 0xCC ...
Reg      HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet) 
Reg      HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh                    0x85 0x5F 0x30 0x53 ...
Reg      HKLM\SOFTWARE\Classes\CLSID\{B6A930A0-A4F5-43A5-9B4E-6189A6C2B9E8}@j!s!i!`!r!`!e!d!\30!\30!t!e!s!m!s!y!              71230

---- EOF - GMER 1.0.15 ----[/QUOTE]
--- --- ---
Osam Logfile:
OSAM Logfile:
Code:
Report of OSAM: Autorun Manager v5.0.11926.0
Online Solutions. Complex Protection for Information Systems
Saved at 22:38:11 on 09.04.2011

OS: Windows XP Home Edition Service Pack 3 (Build 2600)
Default Browser: Microsoft Corporation Internet Explorer 8.00.6001.18702

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"alsndmgr.cpl" - ? - C:\WINDOWS\system32\alsndmgr.cpl  (File signed by Microsoft | File found, but it contains no detailed information)
"DivXControlPanelApplet.cpl" - "DivX, Inc." - C:\WINDOWS\system32\DivXControlPanelApplet.cpl
"infocardcpl.cpl" - "Microsoft Corporation" - C:\WINDOWS\system32\infocardcpl.cpl
"javacpl.cpl" - "Sun Microsystems, Inc." - C:\WINDOWS\system32\javacpl.cpl
"nvcpl.cpl" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvcpl.cpl
"nvtuicpl.cpl" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvtuicpl.cpl
"PhysX.cpl" - "NVIDIA Corporation" - C:\WINDOWS\system32\PhysX.cpl
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"Avira AntiVir Personal - Free Antivirus " - "Avira GmbH" - C:\PROGRA~1\Avira\ANTIVI~1\avconfig.cpl
"Avira AntiVir PersonalEdition Classic" - ? - C:\PROGRA~1\ANTIVI~1\avconfig.cpl  (File not found)
"NokiaConnectionManager" - "Nokia" - C:\PROGRA~1\Nokia\NOKIAP~3\CONNEC~1.CPL
"QuickTime" - "Apple Inc." - C:\Programme\QuickTime\QTSystem\QuickTime.cpl

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"at2n4fvq" (at2n4fvq) - "Microsoft Corporation" - C:\WINDOWS\system32\drivers\at2n4fvq.sys  (Hidden registry entry, rootkit activity | File signed by Microsoft)
"avgio" (avgio) - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\avgio.sys
"avgntflt" (avgntflt) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\avgntflt.sys
"avipbb" (avipbb) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\avipbb.sys
"catchme" (catchme) - ? - C:\cofi\catchme.sys  (File not found)
"Changer" (Changer) - ? - C:\WINDOWS\system32\drivers\Changer.sys  (File not found)
"i2omgmt" (i2omgmt) - ? - C:\WINDOWS\system32\drivers\i2omgmt.sys  (File not found)
"lbrtfdc" (lbrtfdc) - ? - C:\WINDOWS\system32\drivers\lbrtfdc.sys  (File not found)
"PCANDIS5 Protocol Driver" (PCANDIS5) - "Printing Communications Assoc., Inc. (PCAUSA)" - C:\WINDOWS\system32\PCANDIS5.SYS
"PCIDump" (PCIDump) - ? - C:\WINDOWS\system32\drivers\PCIDump.sys  (File not found)
"PDCOMP" (PDCOMP) - ? - C:\WINDOWS\system32\drivers\PDCOMP.sys  (File not found)
"PDFRAME" (PDFRAME) - ? - C:\WINDOWS\system32\drivers\PDFRAME.sys  (File not found)
"PDRELI" (PDRELI) - ? - C:\WINDOWS\system32\drivers\PDRELI.sys  (File not found)
"PDRFRAME" (PDRFRAME) - ? - C:\WINDOWS\system32\drivers\PDRFRAME.sys  (File not found)
"pwtdipod" (pwtdipod) - ? - C:\DOKUME~1\UMUTGC~1\LOKALE~1\Temp\pwtdipod.sys  (Hidden registry entry, rootkit activity | File not found)
"PxHelp20" (PxHelp20) - "Sonic Solutions" - C:\WINDOWS\System32\DRIVERS\PxHelp20.sys
"sfvmr" (sfvmr) - "Sonic Foundry, Inc." - C:\WINDOWS\System32\drivers\sfvmr.SYS
"sptd" (sptd) - "Duplex Secure Ltd." - C:\WINDOWS\System32\Drivers\sptd.sys  (File is exclusively opened, access blocked)
"ssmdrv" (ssmdrv) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\ssmdrv.sys
"Trust Ami PS/2 Port Mouse Driver (6)" (Amps2prt) - "(Standard Mouse Types)" - C:\WINDOWS\System32\DRIVERS\Amps2prt.sys
"WAN Miniport (ATW)" (wanatw) - ? - C:\WINDOWS\System32\DRIVERS\wanatw4.sys  (File not found)
"WDICA" (WDICA) - ? - C:\WINDOWS\system32\drivers\WDICA.sys  (File not found)

[Explorer]
-----( HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{BDEADF00-C265-11d0-BCED-00A0C90AB50F} "Webordner" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
-----( HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components )-----
{89B4C1CD-B018-4511-B0A1-5476DBF70820} "StubPath" - "Microsoft Corporation" - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.dll
-----( HKLM\Software\Classes\Protocols\Filter )-----
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
-----( HKLM\Software\Classes\Protocols\Handler )-----
{CF184AD3-CDCB-4168-A3F7-8E447D129300} "CZipHandler Object" - "Hewlett-Packard Company" - C:\Programme\HP\hpcoretech\comp\hpuiprot.dll
{828030A1-22C1-4009-854F-8E305202313F} "livecall" - "Microsoft Corporation" - C:\PROGRA~1\WINDOW~3\MESSEN~1\MSGRAP~1.DLL
{828030A1-22C1-4009-854F-8E305202313F} "msnim" - "Microsoft Corporation" - C:\PROGRA~1\WINDOW~3\MESSEN~1\MSGRAP~1.DLL
{91774881-D725-4E58-B298-07617B9B86A8} "Skype IE add-on Pluggable Protocol" - "Skype Technologies S.A." - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{42071714-76d4-11d1-8b24-00a0c9068ff3} "CPL-Erweiterung für Anzeigeverschiebung" - ? - deskpan.dll  (File not found)
{FED7043D-346A-414D-ACD7-550D052499A7} "dBpShell Class" - ? - C:\Programme\Illustrate\dBpowerAMP\dBShell.dll
{1CDB2949-8F65-4355-8456-263E7C208A5D} "Desktop Explorer" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvshell.dll
{1E9B04FB-F9E5-4718-997B-B8DA88302A47} "Desktop Explorer Menu" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvshell.dll
{2C49B5D0-ACE7-4D17-9DF0-A254A6C5A0C5} "dMCIShell Class" - ? - C:\Programme\Illustrate\dBpowerAMP\dMCShell.dll
{1D2680C9-0E2A-469d-B787-065558BC7D43} "Fusion Cache" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} "iTunes" - "Apple Inc." - C:\Programme\iTunes\iTunesMiniPlayer.dll
{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} "Kontextmenü für die Verschlüsselung" - ? -  (File not found | COM-object registry key not found)
{416651E4-9C3C-11D9-8BDE-F66BAD1E3F3A} "Nokia Phone Browser" - "Nokia" - C:\Programme\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
{1E9B04FB-F9E5-4718-997B-B8DA88302A48} "nView Desktop Context Menu" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvshell.dll
{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} "RealOne Player Context Menu Class" - "RealNetworks, Inc." - C:\Programme\Real\RealPlayer\rpshell.dll
{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\shlext.dll
{E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} "Shell Icon Handler for Application References" - "Microsoft Corporation" - C:\WINDOWS\system32\dfshim.dll
{764BF0E1-F219-11ce-972D-00AA00A14F56} "Shellerweiterungen für die Dateikomprimierung" - ? -  (File not found | COM-object registry key not found)
{e82a2d71-5b2f-43a0-97b8-81be15854de8} "ShellLink for Application References" - "Microsoft Corporation" - C:\WINDOWS\system32\dfshim.dll
{B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - ? - C:\Programme\WinRAR\rarext.dll  (File found, but it contains no detailed information)

[Internet Explorer]
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
ITBar7Height "ITBar7Height" - ? -  (File not found | COM-object registry key not found)
<binary data> "ITBar7Layout" - ? -  (File not found | COM-object registry key not found)
<binary data> "{C55BBCD6-41AD-48AD-9953-3609C48EACC7}" - ? -  (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{F6ACF75C-C32C-447B-9BEF-46B766368D29} "Creative Software AutoUpdate Support Package" - "Creative Technology Ltd" - C:\PROGRA~1\Creative\SHARED~1\SOFTWA~1\CTPID.ocx / hxxp://www.creative.com/softwareupdate/su2/ocx/15105/CTPID.cab
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_13" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_13.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} "Java Plug-in 1.6.0_13" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_13.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_13" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_13.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
{15B782AF-55D8-11D1-B477-006097098764} "Macromedia Authorware Web Player Control" - "Macromedia, Inc." - C:\WINDOWS\system32\macromed\authorwa\awswax.ocx / hxxp://fpdownload.macromedia.com/get/shockwave/cabs/authorware/awswaxd.cab
{C3F79A2B-B9B4-4A66-B012-3EE46475B072} "MessengerStatsClient Class" - "Microsoft Corporation" - C:\WINDOWS\Downloaded Program Files\MessengerStatsPAClient.dll / hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
{4F1E5B1A-2A80-42CA-8532-2D05CB959537} "MSN Photo Upload Tool" - "Microsoft® Corporation" - C:\WINDOWS\Downloaded Program Files\MsnPUpld.dll / hxxp://gfx2.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab
{1E54D648-B804-468d-BC78-4AFFED8E262E} "System Requirements Lab Class" - "Husdawg, LLC" - C:\WINDOWS\Downloaded Program Files\sysreqlab_srl.dll / hxxp://www.srtest.com/srl_bin/sysreqlab_srl.cab
{17492023-C23A-453E-A040-C7C580BBF700} "Windows Genuine Advantage Validation Tool" - "Microsoft Corporation" - C:\WINDOWS\system32\legitcheckcontrol.dll / hxxp://go.microsoft.com/fwlink/?linkid=39204
{00000055-9980-0010-8000-00AA00389B71} "{00000055-9980-0010-8000-00AA00389B71}" - ? -  (File not found | COM-object registry key not found) / hxxp://codecs.microsoft.com/codecs/i386/fhg.CAB
{CAFEEFAC-0015-0000-0008-ABCDEFFEDCBA} "{CAFEEFAC-0015-0000-0008-ABCDEFFEDCBA}" - ? -  (File not found | COM-object registry key not found) / hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_08-windows-i586.cab
{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} "{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}" - ? -  (File not found | COM-object registry key not found) / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
{17A84966-F1E9-4645-AA9E-5E771EE1C859} "Add to VideoGet" - "Nuclear Coffee Software" - C:\PROGRA~1\NUCLEA~1\VideoGet\Plugins\VIDEOG~1.DLL
{0B4350D1-055F-47A3-B112-5F2F2B0D6F08} "ClsidExtension" - "Google Inc." - C:\Programme\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll
"FlashGet" - "FlashGet.com" - C:\Programme\FlashGet\FlashGet.exe
{DDE87865-83C5-48c4-8357-2F5B1AA84522} "HP Intelligente Auswahl" - "Hewlett-Packard Co." - C:\Programme\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
"ICQ6" - "ICQ, LLC." - C:\Programme\ICQ6.5\ICQ.exe
{898EA8C8-E7FF-479B-8935-AEC46303B9E5} "Skype Plug-In" - "Skype Technologies S.A." - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
{E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} "Google Gears Helper" - "Google Inc." - C:\Programme\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} "Google Toolbar Notifier BHO" - "Google Inc." - C:\Programme\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll
{0347C33E-8762-4905-BF09-768834316C61} "HP Print Enhancer" - "Hewlett-Packard Co." - C:\Programme\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} "HP Smart BHO Class" - "Hewlett-Packard Co." - C:\Programme\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jp2ssv.dll
{E7E6F031-17CE-4C07-BC86-EABFE594F69C} "JQSIEStartDetectorImpl Class" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} "Skype Plug-In" - "Skype Technologies S.A." - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
{9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live Anmelde-Hilfsprogramm" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

[Logon]
-----( %AllUsersProfile%\Startmenü\Programme\Autostart )-----
"desktop.ini" - ? - C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\desktop.ini
-----( %UserProfile%\Startmenü\Programme\Autostart )-----
"desktop.ini" - ? - C:\Dokumente und Einstellungen\***\Startmenü\Programme\Autostart\desktop.ini
-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----
"Microsoft Works Update Detection" - "Microsoft® Corporation" - C:\Programme\Microsoft Works\WkDetect.exe
"swg" - "Google Inc." - "C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"avgnt" - "Avira GmbH" - "C:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min
"Freecorder FLV Service" - "Applian Technologies, Inc." - "C:\Programme\Freecorder\FLVSrvc.exe" /run
"hpqSRMon" - "Hewlett-Packard" - C:\Programme\HP\Digital Imaging\bin\hpqSRMon.exe

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
".NET Runtime Optimization Service v2.0.50727_X86" (clr_optimization_v2.0.50727_32) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
"Anwendungsverwaltung" (AppMgmt) - ? - C:\WINDOWS\System32\appmgmts.dll  (File not found)
"Apple Mobile Device" (Apple Mobile Device) - "Apple Inc." - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe
"ASP.NET-Zustandsdienst" (aspnet_state) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
"Avira AntiVir Guard" (AntiVirService) - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\avguard.exe
"Avira AntiVir Planer" (AntiVirSchedulerService) - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\sched.exe
"Canon Inkjet Printer/Scanner/Fax Extended Survey Program" (IJPLMSVC) - ? - C:\Programme\Canon\IJPLM\IJPLMSVC.EXE
"Dienst "Bonjour"" (Bonjour Service) - "Apple Inc." - C:\Programme\Bonjour\mDNSResponder.exe
"HP CUE DeviceDiscovery Service" (hpqddsvc) - "Hewlett-Packard Co." - C:\Programme\HP\Digital Imaging\bin\hpqddsvc.dll
"hpqcxs08" (hpqcxs08) - "Hewlett-Packard Co." - C:\Programme\HP\Digital Imaging\bin\hpqcxs08.dll
"iPod-Dienst" (iPod Service) - "Apple Inc." - C:\Programme\iPod\bin\iPodService.exe
"Net Driver HPZ12" (Net Driver HPZ12) - "Hewlett-Packard" - C:\WINDOWS\system32\HPZinw12.dll
"Pml Driver HPZ12" (Pml Driver HPZ12) - "Hewlett-Packard" - C:\WINDOWS\system32\HPZipm12.dll
"ServiceLayer" (ServiceLayer) - "Nokia" - C:\Programme\PC Connectivity Solution\ServiceLayer.exe
"Systemereignisbenachrichtigung" (SENS) - "Microsoft Corporation" - C:\WINDOWS\system32\sens.dll

[Winlogon]
-----( HKCU\Control Panel\IOProcs )-----
"MVB" - ? - mvfs32.dll  (File not found)
-----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions )-----
{c6dc5466-785a-11d2-84d0-00c04fb169f7} "Softwareinstallation" - ? - appmgmts.dll  (File not found)
-----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify )-----
"WgaLogon" - "Microsoft Corporation" - C:\WINDOWS\system32\WgaLogon.dll

[Winsock Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )-----
"mdnsNSP" - "Apple Inc." - C:\Programme\Bonjour\mdnsNSP.dll

===[ Logfile end ]=========================================[ Logfile end ]===
--- --- ---
If You have questions or want to get some help, You can visit Online Solutions :: Index[/QUOTE]

MBRCheck Logfile:
Zitat:
MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows XP Home Edition
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x00000ccc

Kernel Drivers (total 130):
0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
0x806E6000 \WINDOWS\system32\hal.dll
0xF7A70000 \WINDOWS\system32\KDCOM.DLL
0xF7980000 \WINDOWS\system32\BOOTVID.dll
0xF736F000 spnk.sys
0xF7A72000 \WINDOWS\System32\Drivers\WMILIB.SYS
0xF7357000 \WINDOWS\System32\Drivers\SCSIPORT.SYS
0xF7328000 ACPI.sys
0xF7317000 pci.sys
0xF7570000 isapnp.sys
0xF7B38000 pciide.sys
0xF77F0000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xF7A74000 viaide.sys
0xF7580000 MountMgr.sys
0xF72F8000 ftdisk.sys
0xF77F8000 PartMgr.sys
0xF7590000 VolSnap.sys
0xF72E0000 atapi.sys
0xF75A0000 disk.sys
0xF75B0000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xF72C0000 fltmgr.sys
0xF72AE000 sr.sys
0xF75C0000 PxHelp20.sys
0xF7297000 KSecDD.sys
0xF7284000 WudfPf.sys
0xF71F7000 Ntfs.sys
0xF71CA000 NDIS.sys
0xF75D0000 uagp35.sys
0xF75E0000 ohci1394.sys
0xF75F0000 \WINDOWS\system32\DRIVERS\1394BUS.SYS
0xF71B0000 Mup.sys
0xF77C0000 \SystemRoot\system32\DRIVERS\intelppm.sys
0xF6C7A000 \SystemRoot\system32\DRIVERS\vtmini.sys
0xF6C66000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xF77D0000 \SystemRoot\system32\DRIVERS\imapi.sys
0xF77E0000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xF7620000 \SystemRoot\system32\DRIVERS\redbook.sys
0xF6C2F000 \SystemRoot\system32\DRIVERS\ks.sys
0xF7920000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0xF7928000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0xF6C0B000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xF7930000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xF6843000 \SystemRoot\system32\drivers\ALCXWDM.SYS
0xF681F000 \SystemRoot\system32\drivers\portcls.sys
0xF6D47000 \SystemRoot\system32\drivers\drmk.sys
0xF67E9000 \SystemRoot\System32\Drivers\at2n4fvq.SYS
0xF7840000 \SystemRoot\system32\DRIVERS\fdc.sys
0xF6D37000 \SystemRoot\system32\DRIVERS\serial.sys
0xF6EBD000 \SystemRoot\system32\DRIVERS\serenum.sys
0xF67D5000 \SystemRoot\system32\DRIVERS\parport.sys
0xF6D27000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0xF6EB9000 \SystemRoot\system32\DRIVERS\Amps2prt.sys
0xF7848000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xF7850000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xF7B4C000 \SystemRoot\system32\DRIVERS\audstub.sys
0xF6D17000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xF6EB5000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xF67BE000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xF6D07000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xF6CF7000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xF7858000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xF7860000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xF7868000 \SystemRoot\system32\DRIVERS\raspti.sys
0xF6CE7000 \SystemRoot\system32\DRIVERS\termdd.sys
0xF7ABE000 \SystemRoot\system32\DRIVERS\swenum.sys
0xF6760000 \SystemRoot\system32\DRIVERS\update.sys
0xF6EA9000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xF6CD7000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xF6CC7000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xF7AC2000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xF7AC6000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xF7B6C000 \SystemRoot\System32\Drivers\Null.SYS
0xF7AC8000 \SystemRoot\System32\Drivers\Beep.SYS
0xF7A44000 \SystemRoot\System32\drivers\sfvmr.SYS
0xF7888000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0xF7890000 \SystemRoot\System32\drivers\vga.sys
0xF7ACA000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xF7ACC000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xF7898000 \SystemRoot\System32\Drivers\Msfs.SYS
0xF78A0000 \SystemRoot\System32\Drivers\Npfs.SYS
0xF7A4C000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xF520E000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xF7630000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xF51B5000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xF518D000 \SystemRoot\system32\DRIVERS\netbt.sys
0xF5167000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xF7640000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xF5145000 \SystemRoot\System32\drivers\afd.sys
0xF7650000 \SystemRoot\system32\DRIVERS\netbios.sys
0xF78A8000 \SystemRoot\system32\DRIVERS\ssmdrv.sys
0xF50F2000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xF5082000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xF7660000 \SystemRoot\System32\Drivers\Fips.SYS
0xF505C000 \SystemRoot\system32\DRIVERS\avipbb.sys
0xF78B8000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0xF7AD8000 \??\C:\Programme\Avira\AntiVir Desktop\avgio.sys
0xF76C0000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xF78E0000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0xF6EC1000 \SystemRoot\system32\DRIVERS\usbscan.sys
0xF78E8000 \SystemRoot\system32\DRIVERS\usbprint.sys
0xF78F0000 \SystemRoot\system32\DRIVERS\HPZius12.sys
0xF4F90000 \SystemRoot\system32\DRIVERS\P1370Vid.sys
0xF4C74000 \SystemRoot\system32\DRIVERS\P1370EVX.SYS
0xF7720000 \SystemRoot\system32\DRIVERS\HPZid412.sys
0xF7B22000 \??\C:\WINDOWS\system32\Drivers\P1370Aul.sys
0xF7730000 \SystemRoot\system32\drivers\usbaudio.sys
0xF4C5D000 \??\C:\WINDOWS\system32\Drivers\P1370Aud.sys
0xF7170000 \SystemRoot\system32\DRIVERS\HPZipr12.sys
0xF4C45000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xF7AAA000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xF5259000 \SystemRoot\System32\drivers\Dxapi.sys
0xF7808000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xF7B60000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF012000 \SystemRoot\System32\vtdisp.dll
0xBF367000 \SystemRoot\System32\ATMFD.DLL
0xF06D0000 \SystemRoot\system32\DRIVERS\avgntflt.sys
0xF044B000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0xF040E000 \SystemRoot\system32\drivers\wdmaud.sys
0xF76A0000 \SystemRoot\system32\drivers\sysaudio.sys
0xF00AD000 \SystemRoot\System32\Drivers\HTTP.sys
0xEFF65000 \SystemRoot\system32\DRIVERS\srv.sys
0xEF922000 \??\C:\DOKUME~1\UMUTGC~1\LOKALE~1\Temp\pwtdipod.sys
0xF04C0000 \SystemRoot\system32\DRIVERS\wpdusb.sys
0xEF8CD000 \SystemRoot\system32\DRIVERS\wudfrd.sys
0xEF8B9000 \SystemRoot\system32\DRIVERS\Rtnicxp.sys
0xEF825000 \SystemRoot\system32\drivers\kmixer.sys
0x7C910000 \WINDOWS\system32\ntdll.dll
0x10000000 \Programme\DAEMON Tools\daemon.dll

Processes (total 34):
0 System Idle Process
4 System
312 C:\WINDOWS\system32\smss.exe
372 csrss.exe
396 C:\WINDOWS\system32\winlogon.exe
440 C:\WINDOWS\system32\services.exe
452 C:\WINDOWS\system32\lsass.exe
640 C:\WINDOWS\system32\svchost.exe
720 svchost.exe
760 C:\WINDOWS\system32\svchost.exe
808 C:\WINDOWS\system32\svchost.exe
884 svchost.exe
932 svchost.exe
984 C:\WINDOWS\system32\spoolsv.exe
1028 C:\Programme\Avira\AntiVir Desktop\sched.exe
1092 svchost.exe
1320 C:\WINDOWS\explorer.exe
1400 C:\Programme\Avira\AntiVir Desktop\avguard.exe
1416 C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe
1440 C:\Programme\Bonjour\mDNSResponder.exe
1480 C:\WINDOWS\system32\svchost.exe
1496 C:\Programme\Avira\AntiVir Desktop\avshadow.exe
1540 C:\Programme\Canon\IJPLM\ijplmsvc.exe
1608 C:\WINDOWS\system32\svchost.exe
1732 C:\Programme\Avira\AntiVir Desktop\avgnt.exe
1740 C:\Programme\HP\Digital Imaging\bin\HpqSRmon.exe
1748 C:\Programme\Freecorder\FLVSrvc.exe
1776 C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
1832 C:\WINDOWS\system32\svchost.exe
1880 C:\WINDOWS\system32\svchost.exe
2200 alg.exe
3364 WudfHost.exe
2800 C:\WINDOWS\system32\wscntfy.exe
3632 C:\DOKUME~1\UMUTGC~1\LOKALE~1\temp\WPDNSE\Internal Memory\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)
\\.\L: --> \\.\PhysicalDrive1 at offset 0x00000000`00007e00 (NTFS)

PhysicalDrive0 Model Number: WDCWD2500JS-00NCB1, Rev: 10.02E02
PhysicalDrive1 Model Number: Ext HardDisk, Rev:

Size Device Name MBR Status
--------------------------------------------
232 GB \\.\PhysicalDrive0 Unknown MBR code
SHA1: 028C0C3CCCAFBDD8640B9E4EB8F59D083A90A3B8
465 GB \\.\PhysicalDrive1 RE: Windows XP MBR code detected
SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:

cosinus 09.04.2011 21:45
Bitte mal den Avenger anwenden:

1.) Lade Dir von hier Avenger:
Swandog46's Public Anti-Malware Tools (Download, linksseitig)

2.) Entpack das zip-Archiv, führe die Datei "avenger.exe" aus (unter Vista per Rechtsklick => als Administrator ausführen). Die Haken unten wie abgebildet setzen:

http://mitglied.lycos.de/efunction/tb123/avenger.png

3.) Kopiere Dir exakt die Zeilen aus dem folgenden Code-Feld:
Code:
Registry keys to delete:
HKLM\SOFTWARE\Classes\CLSID\{B6A930A0-A4F5-43A5-9B4E-6189A6C2B9E8}
4.) Geh in "The Avenger" nun oben auf "Load Script", dort auf "Paste from Clipboard".

5.) Der Code-Text hier aus meinem Beitrag müsste nun unter "Input Script here" in "The Avenger" zu sehen sein.

6.) Falls dem so ist, klick unten rechts auf "Execute". Bestätige die nächste Abfrage mit "Ja", die Frage zu "Reboot now" (Neustart des Systems) ebenso.

7.) Nach dem Neustart erhältst Du ein LogFile von Avenger eingeblendet. Kopiere dessen Inhalt und poste ihn hier.

8.) Die Datei c:\avenger\backup.zip bei File-Upload.net - Ihr kostenloser File Hoster! hochladen und hier verlinken

Agent_UG8 10.04.2011 00:16
Avenger Logfile:

Zitat:
Logfile of The Avenger Version 2.0, (c) by Swandog46
Swandog46's Public Anti-Malware Tools

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!

Registry key "HKLM\SOFTWARE\Classes\CLSID\{B6A930A0-A4F5-43A5-9B4E-6189A6C2B9E8}" deleted successfully.

Completed script processing.

*******************

Finished! Terminate.
#

hxxp://www.file-upload.net/download-3348320/backup-1-.html

cosinus 10.04.2011 00:24
Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SASW und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!

Agent_UG8 10.04.2011 00:57
okay bin gerade dabei

aber an meinem Problem hat sich immernoch nichts geändert.

Nochmal zur Erinnerung:

Das Internet verbindet nicht mehr (Grund: Quickscan mit Malwarebytes (nicht aktualisierte Version))

Die Logfile von dem besagten Quickscan nachdem das Internet nicht mehr ging ist die im ersten Post auf Seite 1.

cosinus 10.04.2011 03:09
Und du hast auch ganz sicher das hier beachtet => http://www.trojaner-board.de/94344-p...n-pruefen.html

Agent_UG8 11.04.2011 14:36
Ah super ja das mit der Proxyeinstellung wars.

Ich hab dir hier jetzt noch die Vollscans:

Zitat:
Malwarebytes' Anti-Malware 1.50.1.1100
Malwarebytes

Datenbank Version: 6321

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

10.04.2011 03:07:56
mbam-log-2011-04-10 (03-07-56).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Durchsuchte Objekte: 294980
Laufzeit: 1 Stunde(n), 6 Minute(n), 12 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
Zitat:
SUPERAntiSpyware Scan Log
SUPERAntiSpyware.com | Remove Malware | Remove Spyware - AntiMalware, AntiSpyware, AntiAdware!

Generated 04/10/2011 at 04:32 PM

Application Version : 4.50.1002

Core Rules Database Version : 6799
Trace Rules Database Version: 4611

Scan type : Complete Scan
Total Scan Time : 02:16:19

Memory items scanned : 431
Memory threats detected : 0
Registry items scanned : 7614
Registry threats detected : 5
File items scanned : 141519
File threats detected : 12

Adware.Tracking Cookie
C:\Dokumente und Einstellungen\***\Cookies\umut_göcek@ww251.smartadserver[2].txt
C:\Dokumente und Einstellungen\***\Cookies\umut_göcek@apmebf[1].txt
C:\Dokumente und Einstellungen\***\Cookies\umut_göcek@ad1.adfarm1.adition[1].txt
C:\Dokumente und Einstellungen\***\Cookies\umut_göcek@mediaplex[2].txt
C:\Dokumente und Einstellungen\***\Cookies\umut_göcek@atdmt[1].txt
C:\Dokumente und Einstellungen\***\Cookies\umut_göcek@atdmt.combing[3].txt
C:\Dokumente und Einstellungen\***\Cookies\umut_göcek@ads.sportwerk[1].txt
C:\Dokumente und Einstellungen\***\Cookies\umut_göcek@adtech[1].txt
C:\Dokumente und Einstellungen\***\Cookies\umut_göcek@adform[1].txt
C:\Dokumente und Einstellungen\***\Cookies\umut_göcek@track.adform[2].txt
C:\Dokumente und Einstellungen\***\Cookies\umut_göcek@doubleclick[1].txt
C:\Dokumente und Einstellungen\***\Cookies\umut_göcek@adfarm1.adition[1].txt

Rogue.Component/Trace
HKLM\Software\Microsoft\ECF58EA8
HKLM\Software\Microsoft\ECF58EA8#ecf58ea8
HKLM\Software\Microsoft\ECF58EA8#Version
HKLM\Software\Microsoft\ECF58EA8#ecf52328
HKLM\Software\Microsoft\ECF58EA8#ecf54acd

cosinus 11.04.2011 15:17
Sieht ok aus, da wurden nur Cookies und Überreste gefunden.
Noch Probleme oder weitere Funde in der Zwischenzeit?

Agent_UG8 11.04.2011 21:31
nope, scheint alles wieder clean zu sein :daumenhoc


Alle Zeitangaben in WEZ +1. Es ist jetzt 07:23 Uhr.
Seite 2 von 3 1 2 3
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19