Trojaner-Board - PUM.Hijack.taskmanager

Alles gemacht und hier die Logs dazu

1. Gmer

Code:

GMER 1.0.15.15640 - hxxp://www.gmer.net

Rootkit scan 2011-06-06 13:28:16

Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-e WDC_WD1600JS-00MHB0 rev.02.01C03

Running: pmv8sbdz.exe; Driver: C:\DOKUME~1\MS\LOKALE~1\Temp\uwlyapog.sys
 
 

---- System - GMER 1.0.15 ----
 

SSDT    F7C6986E                                                                                                             ZwCreateKey

SSDT    F7C69864                                                                                                             ZwCreateThread

SSDT    F7C69873                                                                                                             ZwDeleteKey

SSDT    F7C6987D                                                                                                             ZwDeleteValueKey

SSDT    F7C69882                                                                                                             ZwLoadKey

SSDT    F7C69850                                                                                                             ZwOpenProcess

SSDT    F7C69855                                                                                                             ZwOpenThread

SSDT    F7C6988C                                                                                                             ZwReplaceKey

SSDT    F7C69887                                                                                                             ZwRestoreKey

SSDT    F7C69878                                                                                                             ZwSetValueKey

SSDT    F7C6985F                                                                                                             ZwTerminateProcess
 

---- Kernel code sections - GMER 1.0.15 ----
 

.text   C:\WINDOWS\system32\DRIVERS\nv4_mini.sys                                                                             section is writeable [0xF69133A0, 0x5FE082, 0xE8000020]

init    C:\WINDOWS\system32\drivers\Senfilt.sys                                                                              entry point in "init" section [0xF452AA80]
 

---- Devices - GMER 1.0.15 ----
 

Device  \Driver\atapi \Device\Ide\IdePort0                                                                                   sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)

Device  \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3                                                                          sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)

Device  \Driver\atapi \Device\Ide\IdePort1                                                                                   sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)

Device  \Driver\atapi \Device\Ide\IdePort2                                                                                   sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)

Device  \Driver\atapi \Device\Ide\IdePort3                                                                                   sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)

Device  \Driver\atapi \Device\Ide\IdePort4                                                                                   sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)

Device  \Driver\atapi \Device\Ide\IdePort5                                                                                   sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)

Device  \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-e                                                                          sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
 

---- Registry - GMER 1.0.15 ----
 

Reg     HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)                 

Reg     HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0                                      C:\Programme\DAEMON Tools\

Reg     HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0                                      0

Reg     HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh                                   0xBF 0x6A 0x12 0x21 ...

Reg     HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)        

Reg     HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0                             0x20 0x01 0x00 0x00 ...

Reg     HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh                          0xD2 0xCA 0xCB 0x77 ...

Reg     HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)  

Reg     HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh                    0xFD 0x12 0x2D 0x88 ...

Reg     HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4                                     

Reg     HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0                                  C:\Programme\DAEMON Tools\

Reg     HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0                                  0

Reg     HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh                               0xBF 0x6A 0x12 0x21 ...

Reg     HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001                            

Reg     HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0                         0x20 0x01 0x00 0x00 ...

Reg     HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh                      0xD2 0xCA 0xCB 0x77 ...

Reg     HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40                      

Reg     HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh                0xFD 0x12 0x2D 0x88 ...

Reg     HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)                 

Reg     HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0                                      C:\Programme\DAEMON Tools\

Reg     HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0                                      0

Reg     HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh                                   0xBF 0x6A 0x12 0x21 ...

Reg     HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)        

Reg     HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0                             0x20 0x01 0x00 0x00 ...

Reg     HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh                          0xD2 0xCA 0xCB 0x77 ...

Reg     HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)  

Reg     HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh                    0xFD 0x12 0x2D 0x88 ...

Reg     HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)                 

Reg     HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0                                      C:\Programme\DAEMON Tools\

Reg     HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0                                      0

Reg     HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh                                   0xBF 0x6A 0x12 0x21 ...

Reg     HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)        

Reg     HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0                             0x20 0x01 0x00 0x00 ...

Reg     HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh                          0xD2 0xCA 0xCB 0x77 ...

Reg     HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)  

Reg     HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh                    0xFD 0x12 0x2D 0x88 ...
 

---- EOF - GMER 1.0.15 ----

2. Osam

Code:

Report of OSAM: Autorun Manager v5.0.11926.0

hxxp://www.online-solutions.ru/en/

Saved at 13:37:10 on 06.06.2011
 

OS: Windows XP Home Edition Service Pack 3 (Build 2600)

Default Browser: Microsoft Corporation Internet Explorer 8.00.6001.18702
 

Scanner Settings

[x] Rootkits detection (hidden registry)

[x] Rootkits detection (hidden files)

[x] Retrieve files information

[x] Check Microsoft signatures
 

Filters

[ ] Trusted entries

[ ] Empty entries

[x] Hidden registry entries (rootkit activity)

[x] Exclusively opened files

[x] Not found files

[x] Files without detailed information

[x] Existing files

[ ] Non-startable services

[ ] Non-startable drivers

[x] Active entries

[x] Disabled entries
 
 

[Common]

-----( %SystemRoot%\Tasks )-----

"AppleSoftwareUpdate.job" - "Apple Inc." - C:\Programme\Apple Software Update\SoftwareUpdate.exe

"GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Programme\Google\Update\GoogleUpdate.exe

"GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Programme\Google\Update\GoogleUpdate.exe
 

[Control Panel Objects]

-----( %SystemRoot%\system32 )-----

"DivXControlPanelApplet.cpl" - "DivX, Inc." - C:\WINDOWS\system32\DivXControlPanelApplet.cpl

"FlashPlayerCPLApp.cpl" - "Adobe Systems Incorporated" - C:\WINDOWS\system32\FlashPlayerCPLApp.cpl

"infocardcpl.cpl" - "Microsoft Corporation" - C:\WINDOWS\system32\infocardcpl.cpl

"javacpl.cpl" - "Sun Microsystems, Inc." - C:\WINDOWS\system32\javacpl.cpl

"nvcpl.cpl" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvcpl.cpl

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----

"Avira AntiVir Personal - Free Antivirus " - "Avira GmbH" - C:\PROGRA~1\Avira\ANTIVI~1\avconfig.cpl

"Avira AntiVir PersonalEdition Classic" - ? - C:\PROGRA~1\ANTIVI~1\avconfig.cpl  (File not found)

"Avira AntiVir PersonalEdition Classic Konfiguration" - ? - C:\PROGRA~1\ANTIVI~1\avconfig.cpl  (File not found)

"QuickTime" - "Apple Inc." - C:\Programme\QuickTime\QTSystem\QuickTime.cpl

"SMAX4CP" - "Analog Devices, Inc." - C:\Programme\Analog Devices\SoundMAX\SMax4.cpl
 

[Drivers]

-----( HKLM\SYSTEM\CurrentControlSet\Services )-----

"ASFWHide" (ASFWHide) - ? - C:\DOKUME~1\MS\LOKALE~1\Temp\ASFWHide  (File not found)

"avgio" (avgio) - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\avgio.sys

"avgntflt" (avgntflt) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\avgntflt.sys

"avipbb" (avipbb) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\avipbb.sys

"camfilt2" (camfilt2) - ? - C:\WINDOWS\System32\DRIVERS\camfilt2.sys  (File not found)

"catchme" (catchme) - ? - C:\DOKUME~1\MS\LOKALE~1\Temp\catchme.sys  (File not found)

"Changer" (Changer) - ? - C:\WINDOWS\system32\drivers\Changer.sys  (File not found)

"ENTECH" (ENTECH) - "EnTech Taiwan" - C:\WINDOWS\system32\DRIVERS\ENTECH.sys

"Hercules Deluxe Optical Glass" (SNPSTD3) - ? - C:\WINDOWS\System32\DRIVERS\snpstd3.sys  (File not found)

"i2omgmt" (i2omgmt) - ? - C:\WINDOWS\system32\drivers\i2omgmt.sys  (File not found)

"lbrtfdc" (lbrtfdc) - ? - C:\WINDOWS\system32\drivers\lbrtfdc.sys  (File not found)

"MIINPazX NDIS Protocol Driver" (MIINPazX) - "Deutsche Telekom AG, Marmiko IT-Solutions GmbH" - C:\PROGRA~1\GEMEIN~1\MARMIK~1\MInfraIS\MIINPazX.SYS

"MTOnlPktAlyX NDIS Protocol Driver" (MTOnlPktAlyX) - "T-Online International AG, Marmiko IT-Solutions GmbH" - C:\PROGRA~1\T-Online\T-ONLI~1\BASIS-~1\Basis1\MTOnlPktAlyX.SYS

"NPPTNT2" (NPPTNT2) - "INCA Internet Co., Ltd." - C:\WINDOWS\system32\npptNT2.sys

"PCIDump" (PCIDump) - ? - C:\WINDOWS\system32\drivers\PCIDump.sys  (File not found)

"PDCOMP" (PDCOMP) - ? - C:\WINDOWS\system32\drivers\PDCOMP.sys  (File not found)

"PDFRAME" (PDFRAME) - ? - C:\WINDOWS\system32\drivers\PDFRAME.sys  (File not found)

"PDRELI" (PDRELI) - ? - C:\WINDOWS\system32\drivers\PDRELI.sys  (File not found)

"PDRFRAME" (PDRFRAME) - ? - C:\WINDOWS\system32\drivers\PDRFRAME.sys  (File not found)

"PSI" (PSI) - "Secunia" - C:\WINDOWS\System32\DRIVERS\psi_mf.sys

"PxHelp20" (PxHelp20) - "Sonic Solutions" - C:\WINDOWS\System32\Drivers\PxHelp20.sys

"SASDIFSV" (SASDIFSV) - "SUPERAdBlocker.com and SUPERAntiSpyware.com" - C:\Programme\SUPERAntiSpyware\SASDIFSV.SYS

"SASKUTIL" (SASKUTIL) - "SUPERAdBlocker.com and SUPERAntiSpyware.com" - C:\Programme\SUPERAntiSpyware\SASKUTIL.SYS

"sptd" (sptd) - ? - C:\WINDOWS\System32\Drivers\sptd.sys  (File not found)

"ssmdrv" (ssmdrv) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\ssmdrv.sys

"StarForce Protection Environment Driver (version 1.x)" (sfdrv01) - "Protection Technology" - C:\WINDOWS\System32\drivers\sfdrv01.sys

"StarForce Protection Helper Driver (version 2.x)" (sfhlp02) - "Protection Technology" - C:\WINDOWS\System32\drivers\sfhlp02.sys

"StarForce Protection Synchronization Driver (version 2.x)" (sfsync02) - "Protection Technology" - C:\WINDOWS\System32\drivers\sfsync02.sys

"uwlyapog" (uwlyapog) - ? - C:\DOKUME~1\MS\LOKALE~1\Temp\uwlyapog.sys  (Hidden registry entry, rootkit activity | File not found)

"WDICA" (WDICA) - ? - C:\WINDOWS\system32\drivers\WDICA.sys  (File not found)
 

[Explorer]

-----( HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----

{BDEADF00-C265-11d0-BCED-00A0C90AB50F} "Webordner" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL

-----( HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components )-----

{89B4C1CD-B018-4511-B0A1-5476DBF70820} "StubPath" - "Microsoft Corporation" - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install

-----( HKLM\Software\Classes\Protocols\Filter )-----

{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll

{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll

{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll

-----( HKLM\Software\Classes\Protocols\Handler )-----

{9462A756-7B47-47BC-8C80-C34B9B80B32B} "BackWeb GA Pluggable Protocol" - "Logitech Inc." - C:\Programme\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll

{828030A1-22C1-4009-854F-8E305202313F} "livecall" - "Microsoft Corporation" - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL

{828030A1-22C1-4009-854F-8E305202313F} "msnim" - "Microsoft Corporation" - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )-----

{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} "SABShellExecuteHook Class" - "SuperAdBlocker.com" - C:\Programme\SUPERAntiSpyware\SASSEH.DLL

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----

{42071714-76d4-11d1-8b24-00a0c9068ff3} "CPL-Erweiterung für Anzeigeverschiebung" - ? - deskpan.dll  (File not found)

{2C49B5D0-ACE7-4D17-9DF0-A254A6C5A0C5} "dBpoweramp Music Converter" - ? -   (File not found | COM-object registry key not found)

{1CDB2949-8F65-4355-8456-263E7C208A5D} "Desktop Explorer" - "NVIDIA Corporation" - C:\Programme\NVIDIA Corporation\nView\nvshell.dll

{1E9B04FB-F9E5-4718-997B-B8DA88302A47} "Desktop Explorer Menu" - "NVIDIA Corporation" - C:\Programme\NVIDIA Corporation\nView\nvshell.dll

{A70C977A-BF00-412C-90B7-034C51DA2439} "DesktopContext Class" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvcpl.dll

{1D2680C9-0E2A-469d-B787-065558BC7D43} "Fusion Cache" - "Microsoft Corporation" - c:\WINDOWS\system32\mscoree.dll

{FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} "IE User Assist" - ? -   (File not found | COM-object registry key not found)

{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} "Kontextmenü für die Verschlüsselung" - ? -   (File not found | COM-object registry key not found)

{73B24247-042E-4EF5-ADC2-42F62E6FD654} "MCLiteShellExt Class" - ? - C:\Programme\ICQLite\ICQLiteShell.dll  (File not found)

{BC476F4C-D9D7-4100-8D4E-E043F6DEC409} "Microsoft Browser Architecture" - ? -   (File not found | COM-object registry key not found)

{D9872D13-7651-4471-9EEE-F0A00218BEBB} "Multiscan" - ? -   (File not found | COM-object registry key not found)

{FFB699E0-306A-11d3-8BD1-00104B6F7516} "NVIDIA CPL Extension" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvcpl.dll

{1E9B04FB-F9E5-4718-997B-B8DA88302A48} "nView Desktop Context Menu" - "NVIDIA Corporation" - C:\Programme\NVIDIA Corporation\nView\nvshell.dll

{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\shlext.dll

{E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} "Shell Icon Handler for Application References" - "Microsoft Corporation" - c:\WINDOWS\system32\dfshim.dll

{764BF0E1-F219-11ce-972D-00AA00A14F56} "Shellerweiterungen für die Dateikomprimierung" - ? -   (File not found | COM-object registry key not found)

{e82a2d71-5b2f-43a0-97b8-81be15854de8} "ShellLink for Application References" - "Microsoft Corporation" - c:\WINDOWS\system32\dfshim.dll

{B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - "Alexander Roshal" - C:\Programme\WinRAR\rarext.dll
 

[Internet Explorer]

-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----

ITBar7Height "ITBar7Height" - ? -   (File not found | COM-object registry key not found)

<binary data> "ITBar7Layout" - ? -   (File not found | COM-object registry key not found)

<binary data> "ITBarLayout" - ? -   (File not found | COM-object registry key not found)

-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----

{2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} "CMediaMix Object" - "Microsoft Corp." - C:\WINDOWS\system32\MediaLogic.dll / hxxp://musicmix.messenger.msn.com/Medialogic.CAB

{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_24" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_24.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_24" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_24.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

{166B1BCA-3F9C-11CF-8075-444553540000} "Shockwave ActiveX Control" - ? - C:\WINDOWS\system32\macromed\Director\SwDir.dll  (File not found) / hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

{233C1507-6A77-46A4-9443-F871F945D258} "Shockwave ActiveX Control" - "Adobe Systems, Inc." - C:\WINDOWS\system32\Adobe\Director\SwDir.dll / hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

{D27CDB6E-AE6D-11CF-96B8-444553540000} "Shockwave Flash Object" - "Adobe Systems, Inc." - C:\WINDOWS\system32\Macromed\Flash\Flash10r.ocx / hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

{17492023-C23A-453E-A040-C7C580BBF700} "Windows Genuine Advantage Validation Tool" - "Microsoft Corporation" - C:\WINDOWS\system32\legitcheckcontrol.dll / hxxp://go.microsoft.com/fwlink/?linkid=39204

{7530BFB8-7293-4D34-9923-61A11451AFC5} "{7530BFB8-7293-4D34-9923-61A11451AFC5}" - ? -   (File not found | COM-object registry key not found) / hxxp://download.eset.com/special/eos/OnlineScanner.cab

{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} "{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}" - ? -   (File not found | COM-object registry key not found) / 

{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} "{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA}" - ? -   (File not found | COM-object registry key not found) / 

{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} "{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}" - ? -   (File not found | COM-object registry key not found) / 

{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} "{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}" - ? -   (File not found | COM-object registry key not found) / 

{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} "{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}" - ? -   (File not found | COM-object registry key not found) / 

{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} "{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}" - ? -   (File not found | COM-object registry key not found) / 

{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA} "{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}" - ? -   (File not found | COM-object registry key not found) / 

{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} "{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}" - ? -   (File not found | COM-object registry key not found) / 

-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----

{53707962-6F74-2D53-2644-206D7942484F} "ClsidExtension" - "Safer Networking Limited" - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----

{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jp2ssv.dll

{E7E6F031-17CE-4C07-BC86-EABFE594F69C} "JQSIEStartDetectorImpl Class" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

{53707962-6F74-2D53-2644-206D7942484F} "Spybot-S&D IE Protection" - "Safer Networking Limited" - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

{9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live Anmelde-Hilfsprogramm" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
 

[Logon]

-----( %UserProfile%\Startmenü\Programme\Autostart )-----

"desktop.ini" - ? - C:\Dokumente und Einstellungen\MS\Startmenü\Programme\Autostart\desktop.ini

-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----

"LDM" - "Logitech Inc." - C:\Programme\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

"NBJ" - "Ahead Software AG" - "C:\Programme\Ahead\Nero BackItUp\NBJ.exe"

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----

"avgnt" - "Avira GmbH" - "C:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min

"ClocX" - "BonSoft" - C:\Programme\ClocX\ClocX.exe

"DivXUpdate" - ? - "C:\Programme\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW

"NvCplDaemon" - "NVIDIA Corporation" - RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

"NvMediaCenter" - "NVIDIA Corporation" - RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

"QuickTime Task" - "Apple Inc." - "C:\Programme\QuickTime\QTTask.exe" -atboottime

"SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe"
 

[Print Monitors]

-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----

"CutePDF Writer Monitor" - ? - C:\WINDOWS\system32\cpwmon2k.dll  (File found, but it contains no detailed information)
 

[Services]

-----( HKLM\SYSTEM\CurrentControlSet\Services )-----

".NET Runtime Optimization Service v2.0.50727_X86" (clr_optimization_v2.0.50727_32) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

"Anwendungsverwaltung" (AppMgmt) - ? - C:\WINDOWS\System32\appmgmts.dll  (File not found)

"ASP.NET State Service" (aspnet_state) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe

"Avira AntiVir Guard" (AntiVirService) - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\avguard.exe

"Avira AntiVir Planer" (AntiVirSchedulerService) - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\sched.exe

"Google Update Service (gupdate)" (gupdate) - "Google Inc." - C:\Programme\Google\Update\GoogleUpdate.exe

"Google Update-Dienst (gupdatem)" (gupdatem) - "Google Inc." - C:\Programme\Google\Update\GoogleUpdate.exe

"Java Quick Starter" (JavaQuickStarterService) - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jqs.exe

"NVIDIA Display Driver Service" (NVSvc) - "NVIDIA Corporation" - C:\WINDOWS\system32\nvsvc32.exe

"Secunia PSI Agent" (Secunia PSI Agent) - "Secunia" - C:\Programme\Secunia\PSI\PSIA.exe

"Secunia Update Agent" (Secunia Update Agent) - "Secunia" - C:\Programme\Secunia\PSI\sua.exe

"ServiceLayer" (ServiceLayer) - "Nokia." - C:\Programme\Nokia\PC Connectivity Solution\ServiceLayer.exe

"Steam Client Service" (Steam Client Service) - "Valve Corporation" - C:\Programme\Gemeinsame Dateien\Steam\SteamService.exe

"TomTomHOMEService" (TomTomHOMEService) - "TomTom" - C:\Programme\TomTom HOME 2\TomTomHOMEService.exe

"Windows CardSpace" (idsvc) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe

"Windows Presentation Foundation Font Cache 3.0.0.0" (FontCache3.0.0.0) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
 

[Winlogon]

-----( HKCU\Control Panel\IOProcs )-----

"MVB" - ? - mvfs32.dll  (File not found)

-----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify )-----

"!SASWinLogon" - "SUPERAntiSpyware.com" - C:\Programme\SUPERAntiSpyware\SASWINLO.DLL

"WgaLogon" - "Microsoft Corporation" - C:\WINDOWS\system32\WgaLogon.dll
 

===[ Logfile end ]=========================================[ Logfile end ]===
 

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru

3. MBRCheck

Code:

MBRCheck, version 1.2.3

(c) 2010, AD
 

Command-line:                        

Windows Version:                Windows XP Home Edition

Windows Information:                Service Pack 3 (build 2600)

Logical Drives Mask:                0x0000000d
 

Kernel Drivers (total 124):

  0x804D7000 \WINDOWS\system32\ntkrnlpa.exe

  0x806D1000 \WINDOWS\system32\hal.dll

  0xF7A9C000 \WINDOWS\system32\KDCOM.DLL

  0xF79AC000 \WINDOWS\system32\BOOTVID.dll

  0xF746C000 ACPI.sys

  0xF7A9E000 \WINDOWS\system32\DRIVERS\WMILIB.SYS

  0xF745B000 pci.sys

  0xF759C000 isapnp.sys

  0xF7B64000 pciide.sys

  0xF781C000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS

  0xF75AC000 MountMgr.sys

  0xF743C000 ftdisk.sys

  0xF7824000 PartMgr.sys

  0xF75BC000 sfsync02.sys

  0xF75CC000 VolSnap.sys

  0xF7424000 atapi.sys

  0xF740B000 nvata.sys

  0xF75DC000 disk.sys

  0xF75EC000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS

  0xF73EB000 fltmgr.sys

  0xF73D9000 sr.sys

  0xF75FC000 PxHelp20.sys

  0xF73C2000 KSecDD.sys

  0xF73AF000 WudfPf.sys

  0xF7322000 Ntfs.sys

  0xF72F5000 NDIS.sys

  0xF782C000 sfhlp02.sys

  0xF72E4000 sfdrv01.sys

  0xF72CA000 Mup.sys

  0xF6913000 \SystemRoot\system32\DRIVERS\nv4_mini.sys

  0xF68FF000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS

  0xF7884000 \SystemRoot\system32\DRIVERS\fdc.sys

  0xF68EB000 \SystemRoot\system32\DRIVERS\parport.sys

  0xF763C000 \SystemRoot\system32\DRIVERS\i8042prt.sys

  0xF7A30000 \SystemRoot\system32\DRIVERS\L8042Kbd.sys

  0xF789C000 \SystemRoot\system32\DRIVERS\kbdclass.sys

  0xF764C000 \SystemRoot\system32\DRIVERS\L8042mou.Sys

  0xF68DA000 \SystemRoot\system32\DRIVERS\LMouKE.Sys

  0xF78AC000 \SystemRoot\system32\DRIVERS\mouclass.sys

  0xF765C000 \SystemRoot\system32\DRIVERS\serial.sys

  0xF7A38000 \SystemRoot\system32\DRIVERS\serenum.sys

  0xF78BC000 \SystemRoot\system32\DRIVERS\usbohci.sys

  0xF68B6000 \SystemRoot\system32\DRIVERS\USBPORT.SYS

  0xF78C4000 \SystemRoot\system32\DRIVERS\usbehci.sys

  0xF766C000 \SystemRoot\system32\DRIVERS\imapi.sys

  0xF767C000 \SystemRoot\system32\DRIVERS\cdrom.sys

  0xF768C000 \SystemRoot\system32\DRIVERS\redbook.sys

  0xF6893000 \SystemRoot\system32\DRIVERS\ks.sys

  0xF686B000 \SystemRoot\system32\DRIVERS\HDAudBus.sys

  0xF7A4C000 \SystemRoot\system32\DRIVERS\nvnetbus.sys

  0xF6821000 \SystemRoot\system32\DRIVERS\NVNRM.SYS

  0xF67EA000 \SystemRoot\system32\DRIVERS\NVSNPU.SYS

  0xF769C000 \SystemRoot\system32\DRIVERS\processr.sys

  0xF7C03000 \SystemRoot\system32\DRIVERS\audstub.sys

  0xF76AC000 \SystemRoot\system32\DRIVERS\rasl2tp.sys

  0xF7A54000 \SystemRoot\system32\DRIVERS\ndistapi.sys

  0xF67D3000 \SystemRoot\system32\DRIVERS\ndiswan.sys

  0xF76BC000 \SystemRoot\system32\DRIVERS\raspppoe.sys

  0xF76CC000 \SystemRoot\system32\DRIVERS\raspptp.sys

  0xF78F4000 \SystemRoot\system32\DRIVERS\TDI.SYS

  0xF67C2000 \SystemRoot\system32\DRIVERS\psched.sys

  0xF76DC000 \SystemRoot\system32\DRIVERS\msgpc.sys

  0xF7904000 \SystemRoot\system32\DRIVERS\ptilink.sys

  0xF7914000 \SystemRoot\system32\DRIVERS\raspti.sys

  0xF76EC000 \SystemRoot\system32\DRIVERS\termdd.sys

  0xF7AA6000 \SystemRoot\system32\DRIVERS\swenum.sys

  0xF66C4000 \SystemRoot\system32\DRIVERS\update.sys

  0xF7A68000 \SystemRoot\system32\DRIVERS\mssmbios.sys

  0xF770C000 \SystemRoot\System32\Drivers\NDProxy.SYS

  0xF771C000 \SystemRoot\system32\DRIVERS\usbhub.sys

  0xF7AAA000 \SystemRoot\system32\DRIVERS\USBD.SYS

  0xF4576000 \SystemRoot\system32\drivers\ADIHdAud.sys

  0xF4552000 \SystemRoot\system32\drivers\portcls.sys

  0xF773C000 \SystemRoot\system32\drivers\drmk.sys

  0xF4532000 \SystemRoot\system32\drivers\AEAudio.sys

  0xF44D2000 \SystemRoot\system32\drivers\Senfilt.sys

  0xF7944000 \SystemRoot\system32\DRIVERS\flpydisk.sys

  0xF7AB0000 \SystemRoot\System32\Drivers\Fs_Rec.SYS

  0xF7C43000 \SystemRoot\System32\Drivers\Null.SYS

  0xF7AB4000 \SystemRoot\System32\Drivers\Beep.SYS

  0xF795C000 \SystemRoot\System32\drivers\vga.sys

  0xF7AB8000 \SystemRoot\System32\Drivers\mnmdd.SYS

  0xF7ABC000 \SystemRoot\System32\DRIVERS\RDPCDD.sys

  0xF796C000 \SystemRoot\System32\Drivers\Msfs.SYS

  0xF797C000 \SystemRoot\System32\Drivers\Npfs.SYS

  0xF72A2000 \SystemRoot\system32\DRIVERS\rasacd.sys

  0xF449F000 \SystemRoot\system32\DRIVERS\ipsec.sys

  0xF4446000 \SystemRoot\system32\DRIVERS\tcpip.sys

  0xF441E000 \SystemRoot\system32\DRIVERS\netbt.sys

  0xF43F8000 \SystemRoot\system32\DRIVERS\ipnat.sys

  0xF775C000 \SystemRoot\system32\DRIVERS\wanarp.sys

  0xF7292000 \SystemRoot\System32\drivers\ws2ifsl.sys

  0xF43AE000 \SystemRoot\System32\drivers\afd.sys

  0xF776C000 \SystemRoot\system32\DRIVERS\netbios.sys

  0xF7994000 \SystemRoot\system32\DRIVERS\ssmdrv.sys

  0xF438C000 \??\C:\Programme\SUPERAntiSpyware\SASKUTIL.SYS

  0xF799C000 \??\C:\Programme\SUPERAntiSpyware\SASDIFSV.SYS

  0xF4361000 \SystemRoot\system32\DRIVERS\rdbss.sys

  0xF79A4000 \??\C:\WINDOWS\system32\npptNT2.sys

  0xF42F1000 \SystemRoot\system32\DRIVERS\mrxsmb.sys

  0xF777C000 \SystemRoot\System32\Drivers\Fips.SYS

  0xF42D5000 \SystemRoot\system32\DRIVERS\avipbb.sys

  0xF7AC6000 \??\C:\Programme\Avira\AntiVir Desktop\avgio.sys

  0xF77AC000 \SystemRoot\System32\Drivers\Cdfs.SYS

  0xF41F5000 \SystemRoot\System32\Drivers\dump_atapi.sys

  0xF7ACA000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS

  0xBF800000 \SystemRoot\System32\win32k.sys

  0xF45A0000 \SystemRoot\System32\drivers\Dxapi.sys

  0xF78DC000 \SystemRoot\System32\watchdog.sys

  0xBD000000 \SystemRoot\System32\drivers\dxg.sys

  0xF7B7A000 \SystemRoot\System32\drivers\dxgthk.sys

  0xBD012000 \SystemRoot\System32\nv4_disp.dll

  0xBD62C000 \SystemRoot\System32\ATMFD.DLL

  0xB7D7E000 \SystemRoot\system32\DRIVERS\avgntflt.sys

  0xB7E86000 \SystemRoot\system32\DRIVERS\ndisuio.sys

  0xB7B11000 \SystemRoot\system32\drivers\wdmaud.sys

  0xF42A5000 \SystemRoot\system32\drivers\sysaudio.sys

  0xB79CE000 \SystemRoot\system32\DRIVERS\mrxdav.sys

  0xB7826000 \SystemRoot\system32\DRIVERS\secdrv.sys

  0xB767E000 \SystemRoot\system32\DRIVERS\srv.sys

  0xB736D000 \SystemRoot\System32\Drivers\HTTP.sys

  0xB32B8000 \??\C:\DOKUME~1\MS\LOKALE~1\Temp\uwlyapog.sys

  0xB7E62000 \SystemRoot\system32\DRIVERS\NVENETFD.sys

  0x7C910000 \WINDOWS\system32\ntdll.dll
 

Processes (total 36):

       0 System Idle Process

       4 System

     632 C:\WINDOWS\system32\smss.exe

     680 csrss.exe

     704 C:\WINDOWS\system32\winlogon.exe

     748 C:\WINDOWS\system32\services.exe

     760 C:\WINDOWS\system32\lsass.exe

     920 C:\WINDOWS\system32\nvsvc32.exe

    1028 C:\WINDOWS\system32\svchost.exe

    1076 svchost.exe

    1172 C:\WINDOWS\system32\svchost.exe

    1208 C:\WINDOWS\system32\svchost.exe

    1300 svchost.exe

    1440 svchost.exe

    1564 C:\WINDOWS\system32\spoolsv.exe

    1644 C:\Programme\Avira\AntiVir Desktop\sched.exe

    1776 C:\WINDOWS\explorer.exe

    1952 svchost.exe

     288 C:\Programme\Analog Devices\Core\smax4pnp.exe

     320 C:\Programme\ClocX\ClocX.exe

     332 C:\Programme\Avira\AntiVir Desktop\avgnt.exe

     300 C:\Programme\DivX\DivX Update\DivXUpdate.exe

     456 C:\WINDOWS\system32\rundll32.exe

     492 C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe

     560 C:\Programme\Avira\AntiVir Desktop\avguard.exe

     608 C:\Programme\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

    1140 C:\Programme\Java\jre6\bin\jqs.exe

    1148 C:\Programme\Google\Update\GoogleUpdate.exe

    1480 C:\Programme\Secunia\PSI\sua.exe

    1988 C:\WINDOWS\system32\svchost.exe

     200 C:\Programme\TomTom HOME 2\TomTomHOMEService.exe

    2508 alg.exe

     564 C:\PROGRA~1\T-Online\T-ONLI~1\BASIS-~1\Basis2\PROFIL~1.EXE

    3668 C:\Programme\Mozilla Firefox\firefox.exe

    3284 C:\DOKUME~1\MS\LOKALE~1\temp\Rar$EX52.248\osam.exe

    3968 C:\Dokumente und Einstellungen\MS\Desktop\MBRCheck.exe
 

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00  (NTFS)
 

PhysicalDrive0 Model Number: WDCWD1600JS-00MHB0, Rev: 02.01C03
 

      Size  Device Name          MBR Status

  --------------------------------------------

    149 GB  \\.\PhysicalDrive0   Windows XP MBR code detected

            SHA1: ADFE55CD0C6ED2E00B22375835E4C2736CE9AD11
 
 

Done!