Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: rundll32.exe bei Browserstart

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 24.08.2011, 13:35   #16
neverlein
 
rundll32.exe bei Browserstart - Standard

rundll32.exe bei Browserstart



Also, GMER lief eigentlich bei mir Problemlos, allerdings habe ich nach 21(!) Stunden abgebrochen.
GMER:
Code:
ATTFilter
GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2011-08-24 13:16:46
Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 ST3500830AS rev.3.AAD
Running: t672xop1.exe; Driver: C:\Users\WALTER~1\AppData\Local\Temp\uxlyypob.sys


---- System - GMER 1.0.15 ----

SSDT            8744F3A0                                                                                                                                                                                       ZwAlertResumeThread
SSDT            8744F480                                                                                                                                                                                       ZwAlertThread
SSDT            8744FD90                                                                                                                                                                                       ZwAllocateVirtualMemory
SSDT            86D46398                                                                                                                                                                                       ZwAlpcConnectPort
SSDT            87450AC0                                                                                                                                                                                       ZwAssignProcessToJobObject
SSDT            8744F0F0                                                                                                                                                                                       ZwCreateMutant
SSDT            874507E0                                                                                                                                                                                       ZwCreateSymbolicLinkObject
SSDT            8744E678                                                                                                                                                                                       ZwCreateThread
SSDT            874508D0                                                                                                                                                                                       ZwCreateThreadEx
SSDT            87450C20                                                                                                                                                                                       ZwDebugActiveProcess
SSDT            8744FF60                                                                                                                                                                                       ZwDuplicateObject
SSDT            8744FBB0                                                                                                                                                                                       ZwFreeVirtualMemory
SSDT            8744F1E0                                                                                                                                                                                       ZwImpersonateAnonymousToken
SSDT            8744F2C0                                                                                                                                                                                       ZwImpersonateThread
SSDT            86B0C048                                                                                                                                                                                       ZwLoadDriver
SSDT            8744FAB0                                                                                                                                                                                       ZwMapViewOfSection
SSDT            8744F050                                                                                                                                                                                       ZwOpenEvent
SSDT            8744E520                                                                                                                                                                                       ZwOpenProcess
SSDT            8744FE80                                                                                                                                                                                       ZwOpenProcessToken
SSDT            87450E48                                                                                                                                                                                       ZwOpenSection
SSDT            8744E430                                                                                                                                                                                       ZwOpenThread
SSDT            874509D0                                                                                                                                                                                       ZwProtectVirtualMemory
SSDT            8744F560                                                                                                                                                                                       ZwResumeThread
SSDT            8744F800                                                                                                                                                                                       ZwSetContextThread
SSDT            8744F8E0                                                                                                                                                                                       ZwSetInformationProcess
SSDT            87450D00                                                                                                                                                                                       ZwSetSystemInformation
SSDT            87450F28                                                                                                                                                                                       ZwSuspendProcess
SSDT            8744F640                                                                                                                                                                                       ZwSuspendThread
SSDT            8744E778                                                                                                                                                                                       ZwTerminateProcess
SSDT            8744F720                                                                                                                                                                                       ZwTerminateThread
SSDT            8744F9D0                                                                                                                                                                                       ZwUnmapViewOfSection
SSDT            8744FCA0                                                                                                                                                                                       ZwWriteVirtualMemory

Code            \??\C:\Windows\system32\drivers\hidym4jz.sys                                                                                                                                                   ZwResumeThread [0x92789226]

---- Kernel code sections - GMER 1.0.15 ----

.text           ntkrnlpa.exe!ZwSaveKey + 13D1                                                                                                                                                                  83082349 1 Byte  [06]
.text           ntkrnlpa.exe!KiDispatchInterrupt + 5A2                                                                                                                                                         830BBD52 19 Bytes  [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text           ntkrnlpa.exe!KeRemoveQueueEx + 10DB                                                                                                                                                            830C2D90 8 Bytes  [A0, F3, 44, 87, 80, F4, 44, ...]
.text           ntkrnlpa.exe!KeRemoveQueueEx + 10F3                                                                                                                                                            830C2DA8 4 Bytes  [90, FD, 44, 87]
.text           ntkrnlpa.exe!KeRemoveQueueEx + 10FF                                                                                                                                                            830C2DB4 4 Bytes  [98, 63, D4, 86]
.text           ntkrnlpa.exe!KeRemoveQueueEx + 1153                                                                                                                                                            830C2E08 4 Bytes  [C0, 0A, 45, 87]
.text           ntkrnlpa.exe!KeRemoveQueueEx + 11CF                                                                                                                                                            830C2E84 4 Bytes  [F0, F0, 44, 87]
.text           ...                                                                                                                                                                                            
PAGE            ntkrnlpa.exe!ZwResumeThread                                                                                                                                                                    832B53F3 7 Bytes  JMP 9278922A \??\C:\Windows\system32\drivers\hidym4jz.sys
?               C:\Windows\system32\Drivers\PROCEXP113.SYS                                                                                                                                                     Das System kann die angegebene Datei nicht finden. !
?               C:\Users\WALTER~1\AppData\Local\Temp\catchme.sys                                                                                                                                               Das System kann die angegebene Datei nicht finden. !
.text           autochk.exe                                                                                                                                                                                    003411D1 3 Bytes  [61, 74, 35] {POPA ; JZ 0x38}
.text           autochk.exe                                                                                                                                                                                    003411D7 4 Bytes  [88, 80, A3, 39]
.text           autochk.exe                                                                                                                                                                                    003411DC 2 Bytes  [FF, FF]
.text           autochk.exe                                                                                                                                                                                    003411E0 4 Bytes  [FC, 61, 74, 35] {CLD ; POPA ; JZ 0x39}
.text           autochk.exe                                                                                                                                                                                    003411E7 4 Bytes  [88, A8, A3, 39]
.text           ...                                                                                                                                                                                            

---- User IAT/EAT - GMER 1.0.15 ----

IAT             C:\Program Files\Fighters\SPAMfighter\sfus.exe[2116] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress]                                                                          [7550FFF6] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT             C:\Program Files\Fighters\SPAMfighter\sfus.exe[2116] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!GetProcAddress]                                                                           [7550FFF6] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT             C:\Program Files\Fighters\SPAMfighter\sfus.exe[2116] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress]                                                                           [7550FFF6] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT             C:\Program Files\Fighters\SPAMfighter\sfus.exe[2116] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress]                                                                             [7550FFF6] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT             C:\Program Files\Fighters\SPAMfighter\sfus.exe[2116] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress]                                                                            [7550FFF6] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT             C:\Program Files\Fighters\SPAMfighter\sfus.exe[2116] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress]                                                                           [7550FFF6] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT             C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[2520] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress]                                                                [7550FFF6] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT             C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[2520] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress]                                                                  [7550FFF6] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT             C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[2520] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress]                                                                 [7550FFF6] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT             C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[2520] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress]                                                               [7550FFF6] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT             C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[2520] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!GetProcAddress]                                                                [7550FFF6] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT             C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[2520] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress]                                                                [7550FFF6] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT             C:\Windows\explorer.exe[6900] @ C:\Windows\explorer.exe [gdiplus.dll!GdipAlloc]                                                                                                                [73F32437] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\explorer.exe[6900] @ C:\Windows\explorer.exe [gdiplus.dll!GdiplusStartup]                                                                                                           [73F15600] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\explorer.exe[6900] @ C:\Windows\explorer.exe [gdiplus.dll!GdiplusShutdown]                                                                                                          [73F156BE] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\explorer.exe[6900] @ C:\Windows\explorer.exe [gdiplus.dll!GdipFree]                                                                                                                 [73F324B2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\explorer.exe[6900] @ C:\Windows\explorer.exe [gdiplus.dll!GdipDeleteGraphics]                                                                                                       [73F28514] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\explorer.exe[6900] @ C:\Windows\explorer.exe [gdiplus.dll!GdipDisposeImage]                                                                                                         [73F24CC8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\explorer.exe[6900] @ C:\Windows\explorer.exe [gdiplus.dll!GdipGetImageWidth]                                                                                                        [73F2506F] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\explorer.exe[6900] @ C:\Windows\explorer.exe [gdiplus.dll!GdipGetImageHeight]                                                                                                       [73F25144] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\explorer.exe[6900] @ C:\Windows\explorer.exe [gdiplus.dll!GdipCreateBitmapFromHBITMAP]                                                                                              [73F26671] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\explorer.exe[6900] @ C:\Windows\explorer.exe [gdiplus.dll!GdipCreateFromHDC]                                                                                                        [73F2826B] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\explorer.exe[6900] @ C:\Windows\explorer.exe [gdiplus.dll!GdipSetCompositingMode]                                                                                                   [73F287BA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\explorer.exe[6900] @ C:\Windows\explorer.exe [gdiplus.dll!GdipSetInterpolationMode]                                                                                                 [73F2901B] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\explorer.exe[6900] @ C:\Windows\explorer.exe [gdiplus.dll!GdipDrawImageRectI]                                                                                                       [73F2E1BE] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\explorer.exe[6900] @ C:\Windows\explorer.exe [gdiplus.dll!GdipCloneImage]                                                                                                           [73F24BFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

Device          \Driver\ACPI_HAL \Device\00000052                                                                                                                                                              halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

AttachedDevice  \Driver\volmgr \Device\HarddiskVolume1                                                                                                                                                         fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume2                                                                                                                                                         fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume3                                                                                                                                                         fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume4                                                                                                                                                         fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume5                                                                                                                                                         fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume6                                                                                                                                                         fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume7                                                                                                                                                         fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume8                                                                                                                                                         fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg             HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\001bdc0fb20c                                                                                                                    
Reg             HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\001bdc0fb20c@5c57c851dafc                                                                                                       0xC4 0x75 0x85 0x99 ...
Reg             HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\001bdc0fb20c (not active ControlSet)                                                                                                
Reg             HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\001bdc0fb20c@5c57c851dafc                                                                                                           0xC4 0x75 0x85 0x99 ...
Reg             HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\5D3DC1E4EE4D6424EA420FDFA50693D0\Usage@Product                                                             1058512737
Reg             HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32                                                                                                              
Reg             HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ThreadingModel                                                                                               Apartment
Reg             HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@                                                                                                             C:\Windows\system32\OLE32.DLL
Reg             HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@cd042efbbd7f7af1647644e76e06692b                                                                             0xC8 0x28 0x51 0xAF ...
Reg             HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32                                                                                                              
Reg             HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ThreadingModel                                                                                               Apartment
Reg             HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@                                                                                                             C:\Windows\system32\OLE32.DLL
Reg             HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@bca643cdc5c2726b20d2ecedcc62c59b                                                                             0x71 0x3B 0x04 0x66 ...
Reg             HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32                                                                                                              
Reg             HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ThreadingModel                                                                                               Apartment
Reg             HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@                                                                                                             C:\Windows\system32\OLE32.DLL
Reg             HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@2c81e34222e8052573023a60d06dd016                                                                             0xFF 0x7C 0x85 0xE0 ...
Reg             HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32                                                                                                              
Reg             HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ThreadingModel                                                                                               Apartment
Reg             HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@                                                                                                             C:\Windows\system32\OLE32.DLL
Reg             HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@2582ae41fb52324423be06337561aa48                                                                             0x3E 0x1E 0x9E 0xE0 ...
Reg             HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32                                                                                                              
Reg             HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ThreadingModel                                                                                               Apartment
Reg             HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@                                                                                                             C:\Windows\system32\OLE32.DLL
Reg             HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@caaeda5fd7a9ed7697d9686d4b818472                                                                             0xCD 0x44 0xCD 0xB9 ...
Reg             HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32                                                                                                              
Reg             HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ThreadingModel                                                                                               Apartment
Reg             HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@                                                                                                             C:\Windows\system32\OLE32.DLL
Reg             HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@a4a1bcf2cc2b8bc3716b74b2b4522f5d                                                                             0xDF 0x20 0x58 0x62 ...
Reg             HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32                                                                                                              
Reg             HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ThreadingModel                                                                                               Apartment
Reg             HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@                                                                                                             C:\Windows\system32\OLE32.DLL
Reg             HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@4d370831d2c43cd13623e232fed27b7b                                                                             0x31 0x77 0xE1 0xBA ...
Reg             HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32                                                                                                              
Reg             HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ThreadingModel                                                                                               Apartment
Reg             HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@                                                                                                             C:\Windows\system32\OLE32.DLL
Reg             HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@1d68fe701cdea33e477eb204b76f993d                                                                             0x83 0x6C 0x56 0x8B ...
Reg             HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32                                                                                                              
Reg             HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ThreadingModel                                                                                               Apartment
Reg             HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@                                                                                                             C:\Windows\system32\OLE32.DLL
Reg             HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@1fac81b91d8e3c5aa4b0a51804d844a3                                                                             0x51 0xFA 0x6E 0x91 ...
Reg             HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32                                                                                                              
Reg             HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ThreadingModel                                                                                               Apartment
Reg             HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@                                                                                                             C:\Windows\system32\OLE32.DLL
Reg             HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@f5f62a6129303efb32fbe080bb27835b                                                                             0x37 0xA4 0xAA 0xC3 ...
Reg             HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32                                                                                                              
Reg             HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ThreadingModel                                                                                               Apartment
Reg             HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@                                                                                                             C:\Windows\system32\OLE32.DLL
Reg             HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@fd4e2e1a3940b94dceb5a6a021f2e3c6                                                                             0x2A 0xB7 0xCC 0xB5 ...
Reg             HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32                                                                                                              
Reg             HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ThreadingModel                                                                                               Apartment
Reg             HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@                                                                                                             C:\Windows\system32\OLE32.DLL
Reg             HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@8a8aec57dd6508a385616fbc86791ec2                                                                             0x05 0x73 0x21 0xDD ...
Reg             HKCU\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Persisted@C:\Program Files\City Interactive\Die Kunst des Mordens \x2013 Geheimakte FBI\unins000.exe  1
         
Und hier OSAM:
Code:
ATTFilter
Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 13:28:36 on 24.08.2011

OS: Windows 7 Home Premium Edition Service Pack 1 (Build 7601), 32-bit
Default Browser: Mozilla Corporation Firefox 3.6.20

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Common]
-----( %SystemRoot%\Tasks )-----
"DMEPeriodicTask.job" - "Hewlett-Packard" - C:\Program Files\HP\Digital Imaging\bin\warrantyextension\HPPromo.exe
"GoogleUpdateTaskUserS-1-5-21-2874436808-2678824559-3807171550-1001Core.job" - "Google Inc." - C:\Users\Walter Franetzki\AppData\Local\Google\Update\GoogleUpdate.exe
"GoogleUpdateTaskUserS-1-5-21-2874436808-2678824559-3807171550-1001UA.job" - "Google Inc." - C:\Users\Walter Franetzki\AppData\Local\Google\Update\GoogleUpdate.exe

[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"DivXControlPanelApplet.cpl" - "DivX, Inc." - C:\Windows\system32\DivXControlPanelApplet.cpl
"FlashPlayerCPLApp.cpl" - "Adobe Systems Incorporated" - C:\Windows\system32\FlashPlayerCPLApp.cpl
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"mlcfg32.cpl" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\MLCFG32.CPL
"Nero BurnRights 10" - "Nero AG" - C:\Program Files\Nero\Nero 10\Nero BurnRights\NeroBurnRights_10.cpl
"QuickTime" - "Apple Inc." - C:\Program Files\QuickTime\QTSystem\QuickTime.cpl

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"BHDrvx86" (BHDrvx86) - "Symantec Corporation" - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20110812.001\BHDrvx86.sys
"catchme" (catchme) - ? - C:\Users\WALTER~1\AppData\Local\Temp\catchme.sys  (File not found)
"CdaC15BA" (CdaC15BA) - "Macrovision Europe Ltd" - C:\Windows\system32\drivers\CdaC15BA.SYS
"EraserUtilRebootDrv" (EraserUtilRebootDrv) - "Symantec Corporation" - C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
"hidym4jz" (hidym4jz) - "Bluw (Hong Kong) Limited" - C:\Windows\system32\drivers\hidym4jz.sys
"IDMWFP" (IDMWFP) - "Tonec Inc." - C:\Windows\System32\DRIVERS\idmwfp.sys
"IDSVix86" (IDSVix86) - "Symantec Corporation" - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20110822.031\IDSvix86.sys
"Ldisaspia" (Ldisaspia) - ? - C:\Windows\system32\drivers\Ldisaspia.sys  (File not found)
"MBAMProtector" (MBAMProtector) - "Malwarebytes Corporation" - C:\Windows\system32\drivers\mbam.sys
"mbr" (mbr) - ? - C:\ComboFix\mbr.sys  (Hidden registry entry, rootkit activity | File not found)
"NAVENG" (NAVENG) - "Symantec Corporation" - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20110823.081\NAVENG.SYS
"NAVEX15" (NAVEX15) - "Symantec Corporation" - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20110823.081\NAVEX15.SYS
"SASDIFSV" (SASDIFSV) - "SUPERAdBlocker.com and SUPERAntiSpyware.com" - C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
"SASKUTIL" (SASKUTIL) - "SUPERAdBlocker.com and SUPERAntiSpyware.com" - C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
"Symantec Data Store" (SymDS) - "Symantec Corporation" - C:\Windows\System32\drivers\N360\0501000.01D\SYMDS.SYS
"Symantec Eraser Control driver" (eeCtrl) - "Symantec Corporation" - C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
"Symantec Extended File Attributes" (SymEFA) - "Symantec Corporation" - C:\Windows\System32\drivers\N360\0501000.01D\SYMEFA.SYS
"Symantec Iron Driver" (SymIRON) - "Symantec Corporation" - C:\Windows\system32\drivers\N360\0501000.01D\Ironx86.SYS
"Symantec Network Filter Driver" (SYMFW) - ? - C:\Windows\System32\Drivers\N360\0308000.029\SYMFW.SYS  (File not found)
"Symantec Network Filter Driver" (SYMNDISV) - ? - C:\Windows\System32\Drivers\N360\0308000.029\SYMNDISV.SYS  (File not found)
"Symantec Network Security WFP Driver" (SymNetS) - "Symantec Corporation" - C:\Windows\System32\Drivers\N360\0501000.01D\SYMNETS.SYS
"Symantec Real Time Storage Protection" (SRTSP) - "Symantec Corporation" - C:\Windows\System32\Drivers\N360\0501000.01D\SRTSP.SYS
"Symantec Real Time Storage Protection (PEL)" (SRTSPX) - "Symantec Corporation" - C:\Windows\system32\drivers\N360\0501000.01D\SRTSPX.SYS
"SymEvent" (SymEvent) - "Symantec Corporation" - C:\Windows\system32\Drivers\SYMEVENT.SYS
"TuneUpUtilitiesDrv" (TuneUpUtilitiesDrv) - "TuneUp Software" - C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys
"uxlyypob" (uxlyypob) - ? - C:\Users\WALTER~1\AppData\Local\Temp\uxlyypob.sys  (Hidden registry entry, rootkit activity | File not found)

[Explorer]
-----( HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components )-----
{B2C3BB6B-E005-4246-B8E5-DF0A4D073CDC} "PixiePack Codec Pack 1.0.100.0" - ? - C:\Program Files\PixiePack Codec Pack\InstallerHelper.exe
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
{7D4D6379-F301-4311-BEBA-E26EB0561882} "{7D4D6379-F301-4311-BEBA-E26EB0561882}" - ? -   (File not found | COM-object registry key not found)
-----( HKLM\Software\Classes\Protocols\Filter )-----
{807563E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
-----( HKLM\Software\Classes\Protocols\Handler )-----
{314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
{03C514A3-1EFB-4856-9F99-10D7BE1653C0} "Windows Live Mail HTML Asynchronous Pluggable Protocol Handler" - "Microsoft Corporation" - C:\Program Files\Windows Live\Mail\mailcomm.dll
{8E2D00A0-82C6-4821-90BC-07F290841BB6} "XEB Navigation Filter" - ? - C:\Program Files\Common Files\fluxDVD\Lib\XEB\xebnavigation.ax
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{79BC0345-1015-11D2-A299-006008312725} "blue.shell" - ? -   (File not found | COM-object registry key not found)
{0563DB41-F538-4B37-A92D-4659049B7766} "CLSID_WLMCMimeFilter" - "Microsoft Corporation" - C:\Program Files\Windows Live\Mail\mailcomm.dll
{A70C977A-BF00-412C-90B7-034C51DA2439} "DesktopContext Class" - "NVIDIA Corporation" - C:\Program Files\NVIDIA Corporation\Display\nvui.dll
{D8D1CE8C-B1EB-4E95-B63B-1531BA60E992} "DivX Property Handler" - "DivX, Inc." - C:\Program Files\DivX\DivX Plus Media Foundation Components\DivXPropertyHandler.dll
{83238FAE-D346-4E12-8734-D42F7554B3E6} "DivX Thumbnail Provider" - "DivX, Inc." - C:\Program Files\DivX\DivX Plus Media Foundation Components\DivXThumbnailProvider.dll
{C9CF278C-460E-4917-BC43-3F75E6E47D3D} "fluxDVD Shell Information Extractor" - "ACE GmbH" - C:\PROGRA~1\COMMON~1\fluxDVD\Lib\XEB\xebshell.dll
{CDC95B92-E27C-4745-A8C5-64A52A78855D} "IDM Shell Extension" - "Tonec Inc." - C:\Program Files\Internet Download Manager\IDMShellExt.dll
{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} "iTunes" - "Apple Inc." - C:\Program Files\iTunes\iTunesMiniPlayer.dll
{DC70C4A5-2044-4c59-B806-DEFB9AE0DF7C} "KbLogiExt Class" - "Logitech, Inc." - C:\Program Files\Logitech\SetPointP\kbcplext.dll
{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\msohevi.dll
{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C} "Microsoft Office OneNote Namespace Extension for Windows Desktop Search" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\ONFILTER.DLL
{00020D75-0000-0000-C000-000000000046} "Microsoft Office Outlook" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\MLSHEXT.DLL
{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{B327765E-D724-4347-8B16-78AE18552FC3} "NeroDigitalIconHandler" - ? -   (File not found | COM-object registry key not found)
{7F1CF152-04F8-453A-B34C-E609530A9DC8} "NeroDigitalPropSheetHandler" - ? -   (File not found | COM-object registry key not found)
{F764812A-132C-4013-9960-5CBBEB408A0E} "NeroShellExt Class" - "Nero AG" - C:\Program Files\Common Files\Nero\NeroShellExt\NeroShellExt.dll
{3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} "NVIDIA CPL Context Menu Extension" - "NVIDIA Corporation" - C:\Windows\system32\nvshext.dll
{0006F045-0000-0000-C000-000000000046} "Outlook File Icon Extension" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\OLKFSTUB.DLL
{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} "RealOne Player Context Menu Class" - "RealNetworks, Inc." - C:\Program Files\Real\RealPlayer\rpshell.dll
{4838CD50-7E5D-4811-9B17-C47A85539F28} "TuneUp Disk Space Explorer Shell Extension" - "TuneUp Software" - C:\Program Files\TuneUp Utilities 2011\DseShExt-x86.dll
{4858E7D9-8E12-45a3-B6A3-1CD128C9D403} "TuneUp Shredder Shell Extension" - "TuneUp Software" - C:\Program Files\TuneUp Utilities 2011\SDShelEx-win32.dll
{44440D00-FF19-4AFC-B765-9A0970567D97} "TuneUp Theme Extension" - "TuneUp Software" - C:\Windows\System32\uxtuneup.dll
{2BE99FD4-A181-4996-BFA9-58C5FFD11F6C} "Windows Live Photo Gallery Autoplay Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe
{00F30F64-AC33-42F5-8FD1-5DC2D3FDE06C} "Windows Live Photo Gallery Editor Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe
{00F3712A-CA79-45B4-9E4D-D7891E7F8B9D} "Windows Live Photo Gallery Editor Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll
{00F30F90-3E96-453B-AFCD-D71989ECC2C7} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll
{00F33137-EE26-412F-8D71-F84E4C2C6625} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll
{00F374B7-B390-4884-B372-2FC349F2172B} "Windows Live Photo Gallery Viewer Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe
{00F346CB-35A4-465B-8B8F-65A29DBAB1F6} "Windows Live Photo Gallery Viewer Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll
{B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - ? - C:\Program Files\WinRAR\rarext.dll  (File found, but it contains no detailed information)
{E0D79304-84BE-11CE-9641-444553540000} "WinZip" - "WinZip Computing, Inc." - C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
{E0D79305-84BE-11CE-9641-444553540000} "WinZip" - "WinZip Computing, Inc." - C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
{E0D79306-84BE-11CE-9641-444553540000} "WinZip" - "WinZip Computing, Inc." - C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
{E0D79307-84BE-11CE-9641-444553540000} "WinZip" - "WinZip Computing, Inc." - C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
{06A2568A-CED6-4187-BB20-400B8C02BE5A} "{06A2568A-CED6-4187-BB20-400B8C02BE5A}" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoAcquireWizard.exe
Logitech Setpoint Extension "{B9B9F083-2B04-452A-8691-83694AC1037B}" - ? -   (File not found | COM-object registry key not found)

[Internet Explorer]
-----( HKCU\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars )-----
{555D4D79-4BD2-4094-A395-CFC534424A05} "{555D4D79-4BD2-4094-A395-CFC534424A05}" - ? -   (File not found | COM-object registry key not found)
{717308E4-2400-4F8E-A163-189272CC2004} "Übersetzung des Textes" - ? - C:\Program Files\PRMT9\PRMTIE\prmtie.dll  (File not found)
-----( HKCU\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
"Klicke hier um das Projekt xp-AntiSpy zu unterstützen" - ? - C:\Program Files\xp-AntiSpy\sponsoring\sponsor.html
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
ITBar7Height "ITBar7Height" - ? -   (File not found | COM-object registry key not found)
<binary data> "ITBar7Layout" - ? -   (File not found | COM-object registry key not found)
<binary data> "ITBarLayout" - ? -   (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} "BDSCANONLINE Control" - "BitDefender" - C:\Windows\DOWNLO~1\oscan82.ocx / hxxp://download.bitdefender.com/resources/scanner/sources/de/scan8/oscan8.cab
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_26" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} "Java Plug-in 1.6.0_26" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_26" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_26.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
{166B1BCA-3F9C-11CF-8075-444553540000} "Shockwave ActiveX Control" - "Adobe Systems, Inc." - C:\Windows\system32\Adobe\Director\SwDir.dll / hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
{2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} "@C:\Windows\WindowsMobile\INetRepl.dll,-222" - "Microsoft Corporation" - C:\Windows\WindowsMobile\INetRepl.dll
{48E73304-E1D6-4330-914C-F5F514E3486C} "An OneNote senden" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
{2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} "ClsidExtension" - "Microsoft Corporation" - C:\Windows\WindowsMobile\INetRepl.dll
{53707962-6F74-2D53-2644-206D7942484F} "ClsidExtension" - ? -   (File not found | COM-object registry key not found)
"Exec" - ? - C:\Windows\bdoscandel.exe  (File found, but it contains no detailed information)
{FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Research" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )-----
{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} "Norton Toolbar" - ? - C:\Program Files\Norton 360\Engine\5.1.0.29\coIEPlg.dll  (File not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2ssv.dll
{6D53EC84-6AAE-4787-AEEE-F4628F01010C} "Symantec Intrusion Prevention" - ? - C:\Program Files\Norton 360\Engine\5.1.0.29\IPS\IPSBHO.DLL  (File not found)
{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} "Symantec NCO BHO" - ? - C:\Program Files\Norton 360\Engine\5.1.0.29\coIEPlg.dll  (File not found)
{0055C089-8582-441B-A0BF-17B458C2A3A8} "{0055C089-8582-441B-A0BF-17B458C2A3A8}" - ? -   (File not found | COM-object registry key not found)

[Logon]
-----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\Users\Walter Franetzki\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
"HP Digital Imaging Monitor.lnk" - "Hewlett-Packard Co." - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe  (Shortcut exists | File exists)
"Printkey2000.lnk" - "Fred's Software" - C:\Program Files\PrintKey2000\Printkey2000.exe  (Shortcut exists | File exists)
-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----
"IDMan" - "Tonec Inc." - C:\Program Files\Internet Download Manager\IDMan.exe /onboot
"SpybotSD TeaTimer" - "Safer-Networking Ltd." - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
"SUPERAntiSpyware" - "SUPERAntiSpyware.com" - C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
-----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )-----
"StartupPrograms" - ? - rdpclip  (File not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"AdobeAAMUpdater-1.0" - "Adobe Systems Incorporated" - "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
"EvtMgr6" - "Logitech, Inc." - C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming
"Malwarebytes' Anti-Malware" - "Malwarebytes Corporation" - "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
"Malwarebytes' Anti-Malware (reboot)" - "Malwarebytes Corporation" - "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
"NBAgent" - "Nero AG" - "C:\Program Files\Nero\Nero 10\Nero BackItUp\NBAgent.exe" /WinStart
"PDFPrint" - "Geek Software GmbH" - C:\Program Files\pdf24\pdf24.exe
"sfagent" - "SPAMfighter ApS" - C:\Program Files\Fighters\SPAMfighter\sfagent.exe

[Print Monitors]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----
"Send To Microsoft OneNote Monitor" - "Microsoft Corporation" - C:\Windows\system32\msonpmon.dll

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"@%SystemRoot%\System32\uxtuneup.dll,-4096" (UxTuneUp) - "TuneUp Software" - C:\Windows\System32\uxtuneup.dll
"@C:\Program Files\Nero\Update\NASvc.exe,-200" (NAUpdate) - "Nero AG" - C:\Program Files\Nero\Update\NASvc.exe
"Adobe Active File Monitor V9" (AdobeActiveFileMonitor9.0) - "Adobe Systems Incorporated" - C:\Program Files\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe
"Apple Mobile Device" (Apple Mobile Device) - "Apple Inc." - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
"ArcSoft Connect Daemon" (ACDaemon) - "ArcSoft Inc." - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
"Dienst "Bonjour"" (Bonjour Service) - "Apple Inc." - C:\Program Files\Bonjour\mDNSResponder.exe
"Dragon Age: Origins - Inhaltsupdater" (DAUpdaterSvc) - "BioWare" - C:\Program Files\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe
"HP CUE DeviceDiscovery Service" (hpqddsvc) - "Hewlett-Packard Co." - C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll
"hpqcxs08" (hpqcxs08) - "Hewlett-Packard Co." - C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
"iPod-Dienst" (iPod Service) - "Apple Inc." - C:\Program Files\iPod\bin\iPodService.exe
"Logitech Bluetooth Service" (LBTServ) - "Logitech, Inc." - C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
"MBAMService" (MBAMService) - "Malwarebytes Corporation" - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
"Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
"Microsoft Office Diagnostics Service" (odserv) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
"Net Driver HPZ12" (Net Driver HPZ12) - "Hewlett-Packard" - C:\Windows\system32\HPZinw12.dll
"Norton 360" (N360) - "Symantec Corporation" - C:\Program Files\Norton 360\Engine\5.1.0.29\ccSvcHst.exe
"NVIDIA Display Driver Service" (nvsvc) - "NVIDIA Corporation" - C:\Windows\system32\nvvsvc.exe
"NVIDIA Stereoscopic 3D Driver Service" (Stereo Service) - "NVIDIA Corporation" - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
"NVIDIA Update Service Daemon" (nvUpdatusService) - "NVIDIA Corporation" - C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
"Office Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
"Pml Driver HPZ12" (Pml Driver HPZ12) - "Hewlett-Packard" - C:\Windows\system32\HPZipm12.dll
"SAS Core Service" (!SASCORE) - "SUPERAntiSpyware.com" - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
"SBSD Security Center Service" (SBSDWSCService) - "Safer Networking Ltd." - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
"ServiceLayer" (ServiceLayer) - "Nokia" - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
"SPAMfighter Update Service" (SPAMfighter Update Service) - "SPAMfighter ApS" - C:\Program Files\Fighters\SPAMfighter\sfus.exe
"StarMoney 8.0 OnlineUpdate" (StarMoney 8.0 OnlineUpdate) - "Star Finanz - Software Entwicklung und Vertriebs GmbH" - C:\Program Files\StarMoney 8.0\ouservice\StarMoneyOnlineUpdate.exe
"Suite Service" (Suite Service) - "SPAMfighter ApS" - C:\Program Files\Fighters\FighterSuiteService.exe
"TuneUp Utilities Service" (TuneUp.UtilitiesSvc) - "TuneUp Software" - C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe
"Yahoo! Updater" (YahooAUService) - "Yahoo! Inc." - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

[Winlogon]
-----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify )-----
"LBTWlgn" - "Logitech, Inc." - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll

[Winsock Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )-----
"mdnsNSP" - "Apple Inc." - C:\Program Files\Bonjour\mdnsNSP.dll

===[ Logfile end ]=========================================[ Logfile end ]===

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru
         

Alt 24.08.2011, 15:13   #17
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
rundll32.exe bei Browserstart - Standard

rundll32.exe bei Browserstart



Zitat:
"hidym4jz" (hidym4jz) - "Bluw (Hong Kong) Limited" - C:\Windows\system32\drivers\hidym4jz.sys
Bitte mit OSAM deaktivieren und löschen
__________________

__________________

Alt 24.08.2011, 16:21   #18
neverlein
 
rundll32.exe bei Browserstart - Standard

rundll32.exe bei Browserstart



Vielen Dank, werde ich machen (kann eventuell aber etwas dauern). Brauchst Du den Scan mit aswMBR dann noch?
Ich hätte dann noch einige Fragen bezüglich einiger Ordner, aber die möchte ich dann erst stellen, wenn das Ganze hier fertig ist.
__________________

Alt 24.08.2011, 17:12   #19
neverlein
 
rundll32.exe bei Browserstart - Standard

rundll32.exe bei Browserstart



Hier die mit Osam bearbeitete Datei:
Code:
ATTFilter
(Success)  HKLM\SYSTEM\CurrentControlSet\Services\hidym4jz  hidym4jz  Bluw (Hong Kong) Limited  C:\Windows\system32\drivers\hidym4jz.sys
         
Und hier der Scan nach dem Entfernen:
Code:
ATTFilter
Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 17:24:25 on 24.08.2011

OS: Windows 7 Home Premium Edition Service Pack 1 (Build 7601), 32-bit
Default Browser: Mozilla Corporation Firefox 3.6.20

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Common]
-----( %SystemRoot%\Tasks )-----
"DMEPeriodicTask.job" - "Hewlett-Packard" - C:\Program Files\HP\Digital Imaging\bin\warrantyextension\HPPromo.exe
"GoogleUpdateTaskUserS-1-5-21-2874436808-2678824559-3807171550-1001Core.job" - "Google Inc." - C:\Users\Walter Franetzki\AppData\Local\Google\Update\GoogleUpdate.exe
"GoogleUpdateTaskUserS-1-5-21-2874436808-2678824559-3807171550-1001UA.job" - "Google Inc." - C:\Users\Walter Franetzki\AppData\Local\Google\Update\GoogleUpdate.exe

[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"DivXControlPanelApplet.cpl" - "DivX, Inc." - C:\Windows\system32\DivXControlPanelApplet.cpl
"FlashPlayerCPLApp.cpl" - "Adobe Systems Incorporated" - C:\Windows\system32\FlashPlayerCPLApp.cpl
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"mlcfg32.cpl" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\MLCFG32.CPL
"Nero BurnRights 10" - "Nero AG" - C:\Program Files\Nero\Nero 10\Nero BurnRights\NeroBurnRights_10.cpl
"QuickTime" - "Apple Inc." - C:\Program Files\QuickTime\QTSystem\QuickTime.cpl

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"BHDrvx86" (BHDrvx86) - "Symantec Corporation" - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20110812.001\BHDrvx86.sys
"catchme" (catchme) - ? - C:\Users\WALTER~1\AppData\Local\Temp\catchme.sys  (File not found)
"CdaC15BA" (CdaC15BA) - "Macrovision Europe Ltd" - C:\Windows\system32\drivers\CdaC15BA.SYS
"EraserUtilRebootDrv" (EraserUtilRebootDrv) - "Symantec Corporation" - C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
"IDMWFP" (IDMWFP) - "Tonec Inc." - C:\Windows\System32\DRIVERS\idmwfp.sys
"IDSVix86" (IDSVix86) - "Symantec Corporation" - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20110822.031\IDSvix86.sys
"Ldisaspia" (Ldisaspia) - ? - C:\Windows\system32\drivers\Ldisaspia.sys  (File not found)
"MBAMProtector" (MBAMProtector) - "Malwarebytes Corporation" - C:\Windows\system32\drivers\mbam.sys
"NAVENG" (NAVENG) - "Symantec Corporation" - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20110823.085\NAVENG.SYS
"NAVEX15" (NAVEX15) - "Symantec Corporation" - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20110823.085\NAVEX15.SYS
"SASDIFSV" (SASDIFSV) - "SUPERAdBlocker.com and SUPERAntiSpyware.com" - C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
"SASKUTIL" (SASKUTIL) - "SUPERAdBlocker.com and SUPERAntiSpyware.com" - C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
"Symantec Data Store" (SymDS) - "Symantec Corporation" - C:\Windows\System32\drivers\N360\0501000.01D\SYMDS.SYS
"Symantec Eraser Control driver" (eeCtrl) - "Symantec Corporation" - C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
"Symantec Extended File Attributes" (SymEFA) - "Symantec Corporation" - C:\Windows\System32\drivers\N360\0501000.01D\SYMEFA.SYS
"Symantec Iron Driver" (SymIRON) - "Symantec Corporation" - C:\Windows\system32\drivers\N360\0501000.01D\Ironx86.SYS
"Symantec Network Filter Driver" (SYMFW) - ? - C:\Windows\System32\Drivers\N360\0308000.029\SYMFW.SYS  (File not found)
"Symantec Network Filter Driver" (SYMNDISV) - ? - C:\Windows\System32\Drivers\N360\0308000.029\SYMNDISV.SYS  (File not found)
"Symantec Network Security WFP Driver" (SymNetS) - "Symantec Corporation" - C:\Windows\System32\Drivers\N360\0501000.01D\SYMNETS.SYS
"Symantec Real Time Storage Protection" (SRTSP) - "Symantec Corporation" - C:\Windows\System32\Drivers\N360\0501000.01D\SRTSP.SYS
"Symantec Real Time Storage Protection (PEL)" (SRTSPX) - "Symantec Corporation" - C:\Windows\system32\drivers\N360\0501000.01D\SRTSPX.SYS
"SymEvent" (SymEvent) - "Symantec Corporation" - C:\Windows\system32\Drivers\SYMEVENT.SYS
"TuneUpUtilitiesDrv" (TuneUpUtilitiesDrv) - "TuneUp Software" - C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys

[Explorer]
-----( HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components )-----
{B2C3BB6B-E005-4246-B8E5-DF0A4D073CDC} "PixiePack Codec Pack 1.0.100.0" - ? - C:\Program Files\PixiePack Codec Pack\InstallerHelper.exe
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
{7D4D6379-F301-4311-BEBA-E26EB0561882} "{7D4D6379-F301-4311-BEBA-E26EB0561882}" - ? -   (File not found | COM-object registry key not found)
-----( HKLM\Software\Classes\Protocols\Filter )-----
{807563E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
-----( HKLM\Software\Classes\Protocols\Handler )-----
{314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
{03C514A3-1EFB-4856-9F99-10D7BE1653C0} "Windows Live Mail HTML Asynchronous Pluggable Protocol Handler" - "Microsoft Corporation" - C:\Program Files\Windows Live\Mail\mailcomm.dll
{8E2D00A0-82C6-4821-90BC-07F290841BB6} "XEB Navigation Filter" - ? - C:\Program Files\Common Files\fluxDVD\Lib\XEB\xebnavigation.ax
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{79BC0345-1015-11D2-A299-006008312725} "blue.shell" - ? -   (File not found | COM-object registry key not found)
{0563DB41-F538-4B37-A92D-4659049B7766} "CLSID_WLMCMimeFilter" - "Microsoft Corporation" - C:\Program Files\Windows Live\Mail\mailcomm.dll
{A70C977A-BF00-412C-90B7-034C51DA2439} "DesktopContext Class" - "NVIDIA Corporation" - C:\Program Files\NVIDIA Corporation\Display\nvui.dll
{D8D1CE8C-B1EB-4E95-B63B-1531BA60E992} "DivX Property Handler" - "DivX, Inc." - C:\Program Files\DivX\DivX Plus Media Foundation Components\DivXPropertyHandler.dll
{83238FAE-D346-4E12-8734-D42F7554B3E6} "DivX Thumbnail Provider" - "DivX, Inc." - C:\Program Files\DivX\DivX Plus Media Foundation Components\DivXThumbnailProvider.dll
{C9CF278C-460E-4917-BC43-3F75E6E47D3D} "fluxDVD Shell Information Extractor" - "ACE GmbH" - C:\PROGRA~1\COMMON~1\fluxDVD\Lib\XEB\xebshell.dll
{CDC95B92-E27C-4745-A8C5-64A52A78855D} "IDM Shell Extension" - "Tonec Inc." - C:\Program Files\Internet Download Manager\IDMShellExt.dll
{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} "iTunes" - "Apple Inc." - C:\Program Files\iTunes\iTunesMiniPlayer.dll
{DC70C4A5-2044-4c59-B806-DEFB9AE0DF7C} "KbLogiExt Class" - "Logitech, Inc." - C:\Program Files\Logitech\SetPointP\kbcplext.dll
{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\msohevi.dll
{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C} "Microsoft Office OneNote Namespace Extension for Windows Desktop Search" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\ONFILTER.DLL
{00020D75-0000-0000-C000-000000000046} "Microsoft Office Outlook" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\MLSHEXT.DLL
{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{B327765E-D724-4347-8B16-78AE18552FC3} "NeroDigitalIconHandler" - ? -   (File not found | COM-object registry key not found)
{7F1CF152-04F8-453A-B34C-E609530A9DC8} "NeroDigitalPropSheetHandler" - ? -   (File not found | COM-object registry key not found)
{F764812A-132C-4013-9960-5CBBEB408A0E} "NeroShellExt Class" - "Nero AG" - C:\Program Files\Common Files\Nero\NeroShellExt\NeroShellExt.dll
{3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} "NVIDIA CPL Context Menu Extension" - "NVIDIA Corporation" - C:\Windows\system32\nvshext.dll
{0006F045-0000-0000-C000-000000000046} "Outlook File Icon Extension" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\OLKFSTUB.DLL
{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} "RealOne Player Context Menu Class" - "RealNetworks, Inc." - C:\Program Files\Real\RealPlayer\rpshell.dll
{4838CD50-7E5D-4811-9B17-C47A85539F28} "TuneUp Disk Space Explorer Shell Extension" - "TuneUp Software" - C:\Program Files\TuneUp Utilities 2011\DseShExt-x86.dll
{4858E7D9-8E12-45a3-B6A3-1CD128C9D403} "TuneUp Shredder Shell Extension" - "TuneUp Software" - C:\Program Files\TuneUp Utilities 2011\SDShelEx-win32.dll
{44440D00-FF19-4AFC-B765-9A0970567D97} "TuneUp Theme Extension" - "TuneUp Software" - C:\Windows\System32\uxtuneup.dll
{2BE99FD4-A181-4996-BFA9-58C5FFD11F6C} "Windows Live Photo Gallery Autoplay Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe
{00F30F64-AC33-42F5-8FD1-5DC2D3FDE06C} "Windows Live Photo Gallery Editor Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe
{00F3712A-CA79-45B4-9E4D-D7891E7F8B9D} "Windows Live Photo Gallery Editor Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll
{00F30F90-3E96-453B-AFCD-D71989ECC2C7} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll
{00F33137-EE26-412F-8D71-F84E4C2C6625} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll
{00F374B7-B390-4884-B372-2FC349F2172B} "Windows Live Photo Gallery Viewer Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe
{00F346CB-35A4-465B-8B8F-65A29DBAB1F6} "Windows Live Photo Gallery Viewer Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll
{B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - ? - C:\Program Files\WinRAR\rarext.dll  (File found, but it contains no detailed information)
{E0D79304-84BE-11CE-9641-444553540000} "WinZip" - "WinZip Computing, Inc." - C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
{E0D79305-84BE-11CE-9641-444553540000} "WinZip" - "WinZip Computing, Inc." - C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
{E0D79306-84BE-11CE-9641-444553540000} "WinZip" - "WinZip Computing, Inc." - C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
{E0D79307-84BE-11CE-9641-444553540000} "WinZip" - "WinZip Computing, Inc." - C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
{06A2568A-CED6-4187-BB20-400B8C02BE5A} "{06A2568A-CED6-4187-BB20-400B8C02BE5A}" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoAcquireWizard.exe
Logitech Setpoint Extension "{B9B9F083-2B04-452A-8691-83694AC1037B}" - ? -   (File not found | COM-object registry key not found)

[Internet Explorer]
-----( HKCU\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars )-----
{555D4D79-4BD2-4094-A395-CFC534424A05} "{555D4D79-4BD2-4094-A395-CFC534424A05}" - ? -   (File not found | COM-object registry key not found)
{717308E4-2400-4F8E-A163-189272CC2004} "Übersetzung des Textes" - ? - C:\Program Files\PRMT9\PRMTIE\prmtie.dll  (File not found)
-----( HKCU\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
"Klicke hier um das Projekt xp-AntiSpy zu unterstützen" - ? - C:\Program Files\xp-AntiSpy\sponsoring\sponsor.html
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
ITBar7Height "ITBar7Height" - ? -   (File not found | COM-object registry key not found)
<binary data> "ITBar7Layout" - ? -   (File not found | COM-object registry key not found)
<binary data> "ITBarLayout" - ? -   (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} "BDSCANONLINE Control" - "BitDefender" - C:\Windows\DOWNLO~1\oscan82.ocx / hxxp://download.bitdefender.com/resources/scanner/sources/de/scan8/oscan8.cab
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_26" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} "Java Plug-in 1.6.0_26" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_26" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_26.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
{166B1BCA-3F9C-11CF-8075-444553540000} "Shockwave ActiveX Control" - "Adobe Systems, Inc." - C:\Windows\system32\Adobe\Director\SwDir.dll / hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
{2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} "@C:\Windows\WindowsMobile\INetRepl.dll,-222" - "Microsoft Corporation" - C:\Windows\WindowsMobile\INetRepl.dll
{48E73304-E1D6-4330-914C-F5F514E3486C} "An OneNote senden" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
{2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} "ClsidExtension" - "Microsoft Corporation" - C:\Windows\WindowsMobile\INetRepl.dll
{53707962-6F74-2D53-2644-206D7942484F} "ClsidExtension" - ? -   (File not found | COM-object registry key not found)
"Exec" - ? - C:\Windows\bdoscandel.exe  (File found, but it contains no detailed information)
{FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Research" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )-----
{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} "Norton Toolbar" - ? - C:\Program Files\Norton 360\Engine\5.1.0.29\coIEPlg.dll  (File not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2ssv.dll
{6D53EC84-6AAE-4787-AEEE-F4628F01010C} "Symantec Intrusion Prevention" - ? - C:\Program Files\Norton 360\Engine\5.1.0.29\IPS\IPSBHO.DLL  (File not found)
{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} "Symantec NCO BHO" - ? - C:\Program Files\Norton 360\Engine\5.1.0.29\coIEPlg.dll  (File not found)
{0055C089-8582-441B-A0BF-17B458C2A3A8} "{0055C089-8582-441B-A0BF-17B458C2A3A8}" - ? -   (File not found | COM-object registry key not found)

[Logon]
-----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\Users\Walter Franetzki\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
"HP Digital Imaging Monitor.lnk" - "Hewlett-Packard Co." - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe  (Shortcut exists | File exists)
"Printkey2000.lnk" - "Fred's Software" - C:\Program Files\PrintKey2000\Printkey2000.exe  (Shortcut exists | File exists)
-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----
"IDMan" - "Tonec Inc." - C:\Program Files\Internet Download Manager\IDMan.exe /onboot
"SpybotSD TeaTimer" - "Safer-Networking Ltd." - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
"SUPERAntiSpyware" - "SUPERAntiSpyware.com" - C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
-----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )-----
"StartupPrograms" - ? - rdpclip  (File not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"AdobeAAMUpdater-1.0" - "Adobe Systems Incorporated" - "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
"EvtMgr6" - "Logitech, Inc." - C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming
"Malwarebytes' Anti-Malware" - "Malwarebytes Corporation" - "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
"Malwarebytes' Anti-Malware (reboot)" - "Malwarebytes Corporation" - "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
"NBAgent" - "Nero AG" - "C:\Program Files\Nero\Nero 10\Nero BackItUp\NBAgent.exe" /WinStart
"PDFPrint" - "Geek Software GmbH" - C:\Program Files\pdf24\pdf24.exe
"sfagent" - "SPAMfighter ApS" - C:\Program Files\Fighters\SPAMfighter\sfagent.exe

[Print Monitors]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----
"Send To Microsoft OneNote Monitor" - "Microsoft Corporation" - C:\Windows\system32\msonpmon.dll

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"@%SystemRoot%\System32\uxtuneup.dll,-4096" (UxTuneUp) - "TuneUp Software" - C:\Windows\System32\uxtuneup.dll
"@C:\Program Files\Nero\Update\NASvc.exe,-200" (NAUpdate) - "Nero AG" - C:\Program Files\Nero\Update\NASvc.exe
"Adobe Active File Monitor V9" (AdobeActiveFileMonitor9.0) - "Adobe Systems Incorporated" - C:\Program Files\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe
"Apple Mobile Device" (Apple Mobile Device) - "Apple Inc." - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
"ArcSoft Connect Daemon" (ACDaemon) - "ArcSoft Inc." - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
"Dienst "Bonjour"" (Bonjour Service) - "Apple Inc." - C:\Program Files\Bonjour\mDNSResponder.exe
"Dragon Age: Origins - Inhaltsupdater" (DAUpdaterSvc) - "BioWare" - C:\Program Files\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe
"HP CUE DeviceDiscovery Service" (hpqddsvc) - "Hewlett-Packard Co." - C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll
"hpqcxs08" (hpqcxs08) - "Hewlett-Packard Co." - C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
"iPod-Dienst" (iPod Service) - "Apple Inc." - C:\Program Files\iPod\bin\iPodService.exe
"Logitech Bluetooth Service" (LBTServ) - "Logitech, Inc." - C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
"MBAMService" (MBAMService) - "Malwarebytes Corporation" - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
"Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
"Microsoft Office Diagnostics Service" (odserv) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
"Net Driver HPZ12" (Net Driver HPZ12) - "Hewlett-Packard" - C:\Windows\system32\HPZinw12.dll
"Norton 360" (N360) - "Symantec Corporation" - C:\Program Files\Norton 360\Engine\5.1.0.29\ccSvcHst.exe
"NVIDIA Display Driver Service" (nvsvc) - "NVIDIA Corporation" - C:\Windows\system32\nvvsvc.exe
"NVIDIA Stereoscopic 3D Driver Service" (Stereo Service) - "NVIDIA Corporation" - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
"NVIDIA Update Service Daemon" (nvUpdatusService) - "NVIDIA Corporation" - C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
"Office Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
"Pml Driver HPZ12" (Pml Driver HPZ12) - "Hewlett-Packard" - C:\Windows\system32\HPZipm12.dll
"SAS Core Service" (!SASCORE) - "SUPERAntiSpyware.com" - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
"SBSD Security Center Service" (SBSDWSCService) - "Safer Networking Ltd." - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
"ServiceLayer" (ServiceLayer) - "Nokia" - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
"SPAMfighter Update Service" (SPAMfighter Update Service) - "SPAMfighter ApS" - C:\Program Files\Fighters\SPAMfighter\sfus.exe
"StarMoney 8.0 OnlineUpdate" (StarMoney 8.0 OnlineUpdate) - "Star Finanz - Software Entwicklung und Vertriebs GmbH" - C:\Program Files\StarMoney 8.0\ouservice\StarMoneyOnlineUpdate.exe
"Suite Service" (Suite Service) - "SPAMfighter ApS" - C:\Program Files\Fighters\FighterSuiteService.exe
"TuneUp Utilities Service" (TuneUp.UtilitiesSvc) - "TuneUp Software" - C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe
"Yahoo! Updater" (YahooAUService) - "Yahoo! Inc." - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

[Winlogon]
-----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify )-----
"LBTWlgn" - "Logitech, Inc." - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll

[Winsock Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )-----
"mdnsNSP" - "Apple Inc." - C:\Program Files\Bonjour\mdnsNSP.dll

===[ Logfile end ]=========================================[ Logfile end ]===

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru
         

Geändert von neverlein (24.08.2011 um 17:27 Uhr)

Alt 24.08.2011, 20:33   #20
neverlein
 
rundll32.exe bei Browserstart - Standard

rundll32.exe bei Browserstart



Hier noch das von aswMBR. Wurde gemacht, nachdem ich die von Dir bezeichnete Datei mit Osam entfernt hatte:
Code:
ATTFilter
aswMBR version 0.9.8.978 Copyright(c) 2011 AVAST Software
Run date: 2011-08-24 20:03:19
-----------------------------
20:03:19.771    OS Version: Windows 6.1.7601 Service Pack 1
20:03:19.772    Number of processors: 4 586 0x202
20:03:19.775    ComputerName: SHARONA2  UserName: 
20:03:46.136    Initialize success
20:03:52.952    AVAST engine defs: 11082400
20:04:01.885    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
20:04:01.891    Disk 0 Vendor: ST3500830AS 3.AAD Size: 476940MB BusType: 3
20:04:03.932    Disk 0 MBR read successfully
20:04:03.937    Disk 0 MBR scan
20:04:03.948    Disk 0 Windows 7 default MBR code
20:04:03.960    Disk 0 scanning sectors +976771072
20:04:04.047    Disk 0 scanning C:\Windows\system32\drivers
20:04:14.294    Service scanning
20:04:15.530    Modules scanning
20:04:26.052    Disk 0 trace - called modules:
20:04:26.080    ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll ataport.SYS pciide.sys PCIIDEX.SYS atapi.sys 
20:04:26.090    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x866e1460]
20:04:26.100    3 CLASSPNP.SYS[8b80459e] -> nt!IofCallDriver -> [0x86196898]
20:04:26.451    5 ACPI.sys[837ba3d4] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x8589f908]
20:04:27.276    AVAST engine scan C:\Windows
20:04:30.143    AVAST engine scan C:\Windows\system32
20:06:44.783    AVAST engine scan C:\Windows\system32\drivers
20:06:54.386    AVAST engine scan C:\Users\Walter Franetzki
20:22:54.828    AVAST engine scan C:\ProgramData
20:28:13.880    Scan finished successfully
20:28:38.559    Disk 0 MBR has been saved successfully to "C:\Users\Public\Documents\MBR.dat"
20:28:38.559    The log file has been saved successfully to "C:\Users\Public\Documents\aswMBR.txt"
         


Alt 25.08.2011, 12:00   #21
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
rundll32.exe bei Browserstart - Standard

rundll32.exe bei Browserstart



Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!


Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt:


ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

__________________
--> rundll32.exe bei Browserstart

Alt 25.08.2011, 20:34   #22
neverlein
 
rundll32.exe bei Browserstart - Standard

rundll32.exe bei Browserstart



Hier einmal Malwarebytes. Das wird wohl stündlich erneuert, denn als ich den Rechner startete, holte es sich ein Update. Und dann nocheinmal, als ich es gestartet und manuell nach Updates gesucht hatte:
Code:
ATTFilter
Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org

Datenbank Version: 7563

Windows 6.1.7601 Service Pack 1
Internet Explorer 8.0.7601.17514

25.08.2011 14:13:52
mbam-log-2011-08-25 (14-13-51).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Durchsuchte Objekte: 521431
Laufzeit: 1 Stunde(n), 49 Minute(n), 6 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
         
Und hier SuperAntispyware. Gefunden wurden 17 Adware.Tracking Cookies, die ich mit dem Programm entfernt habe:
Code:
ATTFilter
SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com

Generated 08/25/2011 at 08:22 PM

Application Version : 5.0.1118

Core Rules Database Version : 7600
Trace Rules Database Version: 5412

Scan type       : Complete Scan
Total Scan Time : 04:05:57

Operating System Information
Windows 7 Home Premium 32-bit, Service Pack 1 (Build 6.01.7601)
UAC On - Limited User

Memory items scanned      : 761
Memory threats detected   : 0
Registry items scanned    : 42306
Registry threats detected : 0
File items scanned        : 294078
File threats detected     : 17

Adware.Tracking Cookie
	.im.banner.t-online.de [ C:\USERS\WALTER FRANETZKI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MVE5ZEBT.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\WALTER FRANETZKI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MVE5ZEBT.DEFAULT\COOKIES.SQLITE ]
	ad4.adfarm1.adition.com [ C:\USERS\WALTER FRANETZKI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MVE5ZEBT.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\WALTER FRANETZKI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MVE5ZEBT.DEFAULT\COOKIES.SQLITE ]
	.doubleclick.net [ C:\USERS\WALTER FRANETZKI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MVE5ZEBT.DEFAULT\COOKIES.SQLITE ]
	.xiti.com [ C:\USERS\WALTER FRANETZKI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MVE5ZEBT.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\WALTER FRANETZKI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MVE5ZEBT.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\WALTER FRANETZKI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MVE5ZEBT.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\WALTER FRANETZKI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MVE5ZEBT.DEFAULT\COOKIES.SQLITE ]
	.tracking.quisma.com [ C:\USERS\WALTER FRANETZKI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MVE5ZEBT.DEFAULT\COOKIES.SQLITE ]
	ad2.adfarm1.adition.com [ C:\USERS\WALTER FRANETZKI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MVE5ZEBT.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\WALTER FRANETZKI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MVE5ZEBT.DEFAULT\COOKIES.SQLITE ]
	.imrworldwide.com [ C:\USERS\WALTER FRANETZKI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MVE5ZEBT.DEFAULT\COOKIES.SQLITE ]
	.imrworldwide.com [ C:\USERS\WALTER FRANETZKI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MVE5ZEBT.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\WALTER FRANETZKI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MVE5ZEBT.DEFAULT\COOKIES.SQLITE ]
	media.antenne-bayern.de [ C:\USERS\WALTER FRANETZKI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MVE5ZEBT.DEFAULT\COOKIES.SQLITE ]
	.zanox.com [ C:\USERS\WALTER FRANETZKI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MVE5ZEBT.DEFAULT\COOKIES.SQLITE ]
         
Kann jetzt allerdings nicht sagen, ob ich heute noch zu dem Eset Online Scanner komme.

Alt 27.08.2011, 07:29   #23
neverlein
 
rundll32.exe bei Browserstart - Standard

rundll32.exe bei Browserstart



Hier das Eset Ergebnis:
Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6528
# api_version=3.0.2
# EOSSerial=9e65f5c05c6da648be25598860360aed
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-08-26 04:50:57
# local_time=2011-08-26 06:50:57 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=512 16777215 100 0 417466 417466 0 0
# compatibility_mode=3589 16777213 100 83 259579 64996744 0 0
# compatibility_mode=5893 16776573 100 94 0 65965439 0 0
# compatibility_mode=8192 67108863 100 0 234 234 0 0
# scanned=177
# found=0
# cleaned=0
# scan_time=9
ESETSmartInstaller@High as downloader log:
all ok
esets_scanner_update returned -1 esets_gle=53251
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6528
# api_version=3.0.2
# EOSSerial=9e65f5c05c6da648be25598860360aed
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-08-26 08:14:29
# local_time=2011-08-26 10:14:29 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=512 16777215 100 0 417517 417517 0 0
# compatibility_mode=3589 16777213 100 83 259630 64996795 0 0
# compatibility_mode=5893 16776573 100 94 0 65965490 0 0
# compatibility_mode=8192 67108863 100 0 285 285 0 0
# scanned=798155
# found=11
# cleaned=0
# scan_time=55371
E:\1_Programme_exe\registrybooster.exe	a variant of Win32/RegistryBooster application (unable to clean)	00000000000000000000000000000000	I
E:\1_Programme_exe\unlocker1.8.7.exe	Win32/Adware.ADON application (unable to clean)	00000000000000000000000000000000	I
E:\1_Programme_exe\any-video-converter\Setup_FreeVideoConverter.exe	Win32/Adware.Toolbar.Dealio application (unable to clean)	00000000000000000000000000000000	I
E:\1_Programme_exe\Nero 8\Nero-8.2.8.0_deu_trial.exe	Win32/Toolbar.AskSBar application (unable to clean)	00000000000000000000000000000000	I
E:\1_Programme_exe\Nero 8\Downloadversion\Nero-8.2.8.0_deu_update.exe	Win32/Toolbar.AskSBar application (unable to clean)	00000000000000000000000000000000	I
L:\EBoard\Erotic.Voyeur -GAME\Voyeur.exe	probably a variant of Win32/Inject.KFIWQLU trojan (unable to clean)	00000000000000000000000000000000	I
L:\ef\Programm Files\Nero-7.10.1.0_deu_trial.exe	Win32/Toolbar.AskSBar application (unable to clean)	00000000000000000000000000000000	I
M:\SHARONA2\Backup Set 2010-09-26 190002\Backup Files 2010-10-17 190011\Backup files 1.zip	multiple threats (unable to clean)	00000000000000000000000000000000	I
M:\SHARONA2\Backup Set 2010-12-05 190004\Backup Files 2010-12-05 190004\Backup files 22.zip	multiple threats (unable to clean)	00000000000000000000000000000000	I
M:\SHARONA2\Backup Set 2010-12-05 190004\Backup Files 2011-01-09 194202\Backup files 1.zip	HTML/Iframe.B.Gen virus (unable to clean)	00000000000000000000000000000000	I
M:\SHARONA2\Backup Set 2011-01-16 190003\Backup Files 2011-01-16 190003\Backup files 21.zip	HTML/Iframe.B.Gen virus (unable to clean)	00000000000000000000000000000000	I
         

Alt 27.08.2011, 11:33   #24
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
rundll32.exe bei Browserstart - Standard

rundll32.exe bei Browserstart



Nur Cookies. Die Funde von ESET kann man vernachlässigen, der Scanner ist leider sehr hysterisch wenn es im harmlose Setupdateien geht, die Toolbars mitinstallieren können.
Auch die Backupsets sollten keine Gefahr darstellen.

Rechner soweit wieder ok oder gibt es noch Probleme?
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 27.08.2011, 12:48   #25
neverlein
 
rundll32.exe bei Browserstart - Standard

rundll32.exe bei Browserstart



Als erstes möchte ich mich für die großartige und kompetente Hilfe bedanken.
Einige Fragen hätte ich allerdings doch noch.
Und zwar habe ich unter Benutzer - mein Name - Application Date, nur zwei Ordner. Eigentlich sollten es mehr sein, so wie ich das wärend des Scannens gesehen habe. In einem Deiner Beiträge hast das Programm 'unhide.exe' erwähnt. Sollte ich das rüberlaufen lassen, um die Ordner wieder 'sichtbar' zu machen?
Anscheinend habe ich einen neuen Ordner unter 'Benutzer', namens: UpdatusIser. Darin befinden sich die Ordner, die auch bei anderen Benutern vorhanden sind (Contacts, Desktop, Documents usw). Aller Ordner sind leer bis auf Desktop, darin befindet sich eine Verknüpfung zu HjackThis.
Als ich diesen Ordner (das passierte mir auch bei einigen anderen, zB den BackUp-Ordner) öffnen wollte, bekam ich eine Meldung, das ich keine Berechtigung hätte. Seltsamerweise öffneten sich diese Ordner aber dann doch.
Dann als letzes wäre noch die verschiedenen Programme, die ich installiert habe (Malwarebytes, SuperAntiSpyware, HjackThis). Vertragen die sich mit Norton 360? Ich habe nämlich gehört, dass man zwei oder mehrere Virenprogramme lieber nicht parallel laufen lassen sollte.

Alt 27.08.2011, 13:01   #26
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
rundll32.exe bei Browserstart - Standard

rundll32.exe bei Browserstart



Zitat:
Eigentlich sollten es mehr sein, so wie ich das wärend des Scannens gesehen habe. In einem Deiner Beiträge hast das Programm 'unhide.exe' erwähnt. Sollte ich das rüberlaufen lassen, um die Ordner wieder 'sichtbar' zu machen?
So, welche vermisst du denn?

Zitat:
Anscheinend habe ich einen neuen Ordner unter 'Benutzer', namens: UpdatusIser.
Dieser Benutzer wird offensichtlich vom NVIDIA-Treibersetup angelegt.


Dann wären wir durch!

Die Programme, die hier zum Einsatz kamen, können alle wieder runter. CF kann über Start, Ausführen mit combofix /uninstall entfernt werden. Melde dich falls es da Fehlermeldungen zu gibt.
Malwarebytes zu behalten ist kein Fehler. Kannst ja 1x im Monat damit scannen, aber immer vorher ans Update denken.

Bitte abschließend die Updates prüfen, unten mein Leitfaden dazu. Um in Zukunft die Aktualität der installierten Programme besser im Überblick zu halten, kannst du zB Secunia PSI verwenden.
Für noch mehr Sicherheit solltest Du nach der beseitigten Infektion auch möglichst alle Passwörter ändern.


Microsoftupdate

Windows XP: Besuch mit dem IE die MS-Updateseite und lass Dir alle wichtigen Updates installieren.

Windows Vista/7: Anleitung Windows-Update


PDF-Reader aktualisieren
Ein veralteter AdobeReader stellt ein großes Sicherheitsrisiko dar. Du solltest daher besser alte Versionen vom AdobeReader über Systemsteuerung => Software bzw. Programme und Funktionen deinstallieren, indem Du dort auf "Adobe Reader x.0" klickst und das Programm entfernst. (falls du AdobeReader installiert hast)

Ich empfehle einen alternativen PDF-Reader wie PDF Xchange Viewer, SumatraPDF oder Foxit PDF Reader, die sind sehr viel schlanker und flotter als der AdobeReader.

Bitte überprüf bei der Gelegenheit auch die Aktualität des Flashplayers, hier der direkte Downloadlink:

Mozilla und andere Browser => http://filepony.de/?q=Flash+Player
Internet Explorer => http://fpdownload.adobe.com/get/flas..._player_ax.exe

Natürlich auch darauf achten, dass andere installierte Browser wie zB Firefox, Opera oder Chrome aktuell sind.


Java-Update
Veraltete Java-Installationen sind ein Sicherheitsrisiko, daher solltest Du die alten Versionen löschen (falls vorhanden, am besten mit JavaRa) und auf die neuste aktualisieren. Beende dazu alle Programme (v.a. die Browser), klick danach auf Start, Systemsteuerung, Software und deinstalliere darüber alle aufgelisteten Java-Versionen. Lad Dir danach von hier das aktuelle Java SE Runtime Environment (JRE) herunter und installiere es.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 27.08.2011, 17:03   #27
neverlein
 
rundll32.exe bei Browserstart - Standard

rundll32.exe bei Browserstart



Was die Ordner betrifft (Application Data); ich will meine Hand da nicht in's Feuer legen, aber ich dachte, es waren vorher mehr. Na, ist auch egal.
Nochmals vielen, vielen Dank!!!

Alt 27.08.2011, 19:17   #28
neverlein
 
rundll32.exe bei Browserstart - Standard

rundll32.exe bei Browserstart



Combofix hab ich unten. Haben sich eventuell GMER und aswMBR auch irgendwo eingenistet? Bei den installierten Programmen (über Systemsteuerung) habe ich es nicht gefunden.
Und danke für die Links in Deinem letzten Beitrag.

Alt 28.08.2011, 07:19   #29
neverlein
 
rundll32.exe bei Browserstart - Standard

rundll32.exe bei Browserstart



Und was ich ganz vergessen hatte: was war es denn, was ich da oben hatte?

Alt 28.08.2011, 15:25   #30
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
rundll32.exe bei Browserstart - Standard

rundll32.exe bei Browserstart



GMER und aswMBR einfach löschen. Diese Tools sind nicht installiert.
Welcher Schädling das jetzt genau war, kann so garnicht sagen, du könntest aber mal die gefixte rundll32 aus dem Ordner C:\_OTL rausfischen und bei Virustotal auswerten lassen,
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Antwort

Themen zu rundll32.exe bei Browserstart
alle browser, anfang, browser, computer, computern, dll, download, eraser, erste mal, explorer, firefox, google, google chrome, hijack, hijackthis, installation, internet, internet explorer, microsoft, neu, nicht sicher, ordner, programme, quelldatei, rundll, scan, starten, superantispyware, temp, trojaner, update, virus, virustotal, zwei trojaner



Ähnliche Themen: rundll32.exe bei Browserstart


  1. Werbung beim Surfen, unangeforderter Browserstart, neue Programme, die ich nicht installiert habe
    Plagegeister aller Art und deren Bekämpfung - 11.11.2015 (28)
  2. Bei Browserstart Weiterleitung auf verdächtige Seite, langsame Ladezeiten
    Log-Analyse und Auswertung - 22.01.2015 (7)
  3. Sandboxie - Browserstart über Windows Startmenü
    Antiviren-, Firewall- und andere Schutzprogramme - 27.10.2013 (2)
  4. Trojaner C:\Windows\system32\rundll32.exe Folgender Eintrag fehlt: FQ10 Fehler in C:\Windows\system32\rundll32.exe Folgender Eintrag fehlt:
    Plagegeister aller Art und deren Bekämpfung - 06.10.2012 (19)
  5. U-Cash-Trojaner startet bei Browserstart und legt Vista lahm
    Log-Analyse und Auswertung - 25.09.2012 (36)
  6. rundll32.dll Virus
    Plagegeister aller Art und deren Bekämpfung - 25.07.2012 (2)
  7. Rundll32.exe fehler
    Plagegeister aller Art und deren Bekämpfung - 05.05.2011 (1)
  8. rundll32.exe bei Vista
    Alles rund um Windows - 25.03.2010 (9)
  9. Problem mit rundll32.exe
    Alles rund um Windows - 15.07.2009 (6)
  10. Rundll32.exe
    Plagegeister aller Art und deren Bekämpfung - 18.03.2009 (1)
  11. Zu viele Rundll32.exe ?
    Plagegeister aller Art und deren Bekämpfung - 09.03.2009 (5)
  12. Rundll32 problem
    Log-Analyse und Auswertung - 01.02.2009 (3)
  13. Ratlos mit rundll32
    Alles rund um Windows - 07.07.2007 (2)
  14. rundll32.exe infiziert!!!
    Plagegeister aller Art und deren Bekämpfung - 15.02.2007 (2)
  15. rundll32.exe
    Alles rund um Windows - 21.07.2005 (0)
  16. rundll32.exe
    Plagegeister aller Art und deren Bekämpfung - 22.01.2005 (5)
  17. rundll32.exe auf 97&
    Log-Analyse und Auswertung - 16.01.2005 (2)

Zum Thema rundll32.exe bei Browserstart - Also, GMER lief eigentlich bei mir Problemlos, allerdings habe ich nach 21(!) Stunden abgebrochen. GMER: Code: Alles auswählen Aufklappen ATTFilter GMER 1.0.15.15641 - hxxp://www.gmer.net Rootkit scan 2011-08-24 13:16:46 Windows 6.1.7601 - rundll32.exe bei Browserstart...
Archiv
Du betrachtest: rundll32.exe bei Browserstart auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.