Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: TR/Fakealert.kit1

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 07.05.2010, 20:10   #16
new-commer
 
TR/Fakealert.kit1 - Standard

TR/Fakealert.kit1



Geschaft, hier ist der Osam Scan.
Gruß


Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 21:08:52 on 07.05.2010

OS: Windows XP Home Edition Service Pack 3 (Build 2600)
Default Browser: Mozilla Corporation Firefox 3.6.3

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"CMDVDPak.cpl" - "Sonic Solutions" - D:\WINDOWS\system32\CMDVDPak.cpl
"infocardcpl.cpl" - "Microsoft Corporation" - D:\WINDOWS\system32\infocardcpl.cpl
"jpicpl32.cpl" - "Sun Microsystems, Inc." - D:\WINDOWS\system32\jpicpl32.cpl
"pmxusb.cpl" - ? - D:\WINDOWS\system32\pmxusb.cpl (File signed by Microsoft | File found, but it contains no detailed information)
"QuickTime.cpl" - "Apple Computer, Inc." - D:\WINDOWS\system32\QuickTime.cpl
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"Avira AntiVir Personal - Free Antivirus " - "Avira GmbH" - D:\PROGRA~1\Avira\ANTIVI~1\avconfig.cpl
"Avira AntiVir PersonalEdition Classic " - "Avira GmbH" - D:\PROGRA~1\Avira\ANTIVI~1\avconfig.cpl
"Avira AntiVir PersonalEdition Classic Konfiguration" - ? - C:\ANTIVI~1\avconfig.cpl (File not found)
"Nero BurnRights" - "Nero AG" - D:\Programme\Nero\Nero 7\Nero Toolkit\NeroBurnRights.cpl

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"a7mb0ste" (a7mb0ste) - "Microsoft Corporation" - D:\WINDOWS\system32\drivers\a7mb0ste.sys (Hidden registry entry, rootkit activity | File signed by Microsoft)
"Acronis Snapshots Manager" (snapman) - "Acronis" - D:\WINDOWS\System32\DRIVERS\snapman.sys
"Acronis True Image Backup Archive Explorer" (timounter) - "Acronis" - D:\WINDOWS\System32\DRIVERS\timntr.sys
"Acronis True Image FS Filter" (tifsfilter) - "Acronis" - D:\WINDOWS\System32\DRIVERS\tifsfilt.sys
"avgio" (avgio) - "Avira GmbH" - D:\Programme\Avira\AntiVir Desktop\avgio.sys
"avgntflt" (avgntflt) - "Avira GmbH" - D:\WINDOWS\System32\DRIVERS\avgntflt.sys
"avipbb" (avipbb) - "Avira GmbH" - D:\WINDOWS\System32\DRIVERS\avipbb.sys
"AVM ISDN-Controller A1" (a1base) - "AVM GmbH" - D:\WINDOWS\System32\DRIVERS\fbase.sys
"AVM NDIS WAN CAPI Treiber" (AVMWAN) - "AVM Berlin" - D:\WINDOWS\System32\DRIVERS\avmwan.sys
"AVMPORT" (AVMPORT) - "AVM Berlin" - D:\WINDOWS\System32\drivers\avmport.sys
"catchme" (catchme) - ? - D:\cofi\catchme.sys (File not found)
"Changer" (Changer) - ? - D:\WINDOWS\system32\drivers\Changer.sys (File not found)
"fixustor" (fixustor) - "Genesys Logic" - D:\WINDOWS\System32\drivers\fixustor.sys
"i2omgmt" (i2omgmt) - ? - D:\WINDOWS\system32\drivers\i2omgmt.sys (File not found)
"lbrtfdc" (lbrtfdc) - ? - D:\WINDOWS\system32\drivers\lbrtfdc.sys (File not found)
"MEMSWEEP2" (MEMSWEEP2) - ? - D:\WINDOWS\system32\6.tmp (File not found)
"PCIDump" (PCIDump) - ? - D:\WINDOWS\system32\drivers\PCIDump.sys (File not found)
"PDCOMP" (PDCOMP) - ? - D:\WINDOWS\system32\drivers\PDCOMP.sys (File not found)
"PDFRAME" (PDFRAME) - ? - D:\WINDOWS\system32\drivers\PDFRAME.sys (File not found)
"PDRELI" (PDRELI) - ? - D:\WINDOWS\system32\drivers\PDRELI.sys (File not found)
"PDRFRAME" (PDRFRAME) - ? - D:\WINDOWS\system32\drivers\PDRFRAME.sys (File not found)
"PPdus ASPI Shell" (Afc) - "Arcsoft, Inc." - D:\WINDOWS\System32\drivers\Afc.sys
"PQNTDrv" (PQNTDrv) - "PowerQuest Corporation" - D:\WINDOWS\system32\drivers\PQNTDrv.sys
"rvsport" (rvsport) - "RVS Datentechnik GmbH, München" - D:\WINDOWS\System32\drivers\rvsport.sys
"SANDRA" (SANDRA) - ? - D:\Programme\SiSoftware\SiSoftware Sandra Lite 2010.SP1d\WNt500x86\Sandra.sys (File not found)
"sptd" (sptd) - "Duplex Secure Ltd." - D:\WINDOWS\System32\Drivers\sptd.sys (File is exclusively opened, access blocked)
"ssmdrv" (ssmdrv) - "Avira GmbH" - D:\WINDOWS\System32\DRIVERS\ssmdrv.sys
"SVKP" (SVKP) - "AntiCracking" - D:\WINDOWS\system32\SVKP.sys
"Telekom Eumex 504PC SE" (dtwmnic5) - ? - D:\WINDOWS\System32\DRIVERS\dtwmnic5.sys (File not found)
"ulisa" (ulisa) - ? - D:\WINDOWS\System32\Drivers\ulisa.sys (File not found)
"VIA PCI 10/100-MBit/s-Fast Ethernetadapter-NT-Treiber" (FETNDIS) - ? - D:\WINDOWS\System32\DRIVERS\fetnd5.sys (File not found)
"WDICA" (WDICA) - ? - D:\WINDOWS\system32\drivers\WDICA.sys (File not found)

[Explorer]
-----( HKCU\Software\Microsoft\Internet Explorer\Desktop\Components )-----
"(0) Source" - ? - hxxp://i7.ebayimg.com/03/i/001/17/df/72bc_12.JPG (HTTP value)
-----( HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components )-----
{89B4C1CD-B018-4511-B0A1-5476DBF70820} "StubPath" - "Microsoft Corporation" - D:\WINDOWS\system32\Rundll32.exe D:\WINDOWS\system32\mscories.dll,Install
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - D:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.dll
{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" - ? - D:\Programme\OpenOffice.org 2.0\program\shlxthdl.dll
-----( HKLM\Software\Classes\Protocols\Filter )-----
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - D:\WINDOWS\system32\mscoree.dll
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - D:\WINDOWS\system32\mscoree.dll
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - D:\WINDOWS\system32\mscoree.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{C539A15A-3AF9-4c92-B771-50CB78F5C751} "Acronis True Image Shell Context Menu Extension" - "Acronis" - D:\Programme\Acronis\TrueImageHome\tishell.dll
{C539A15B-3AF9-4c92-B771-50CB78F5C751} "Acronis True Image Shell Extension" - "Acronis" - D:\Programme\Acronis\TrueImageHome\tishell.dll
{42071714-76d4-11d1-8b24-00a0c9068ff3} "CPL-Erweiterung für Anzeigeverschiebung" - ? - deskpan.dll (File not found)
{73B24247-042E-4EF5-ADC2-42F62E6FD654} "ICQ Lite Shell Extension" - ? - (File not found | COM-object registry key not found)
{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} "Kontextmenü für die Verschlüsselung" - ? - (File not found | COM-object registry key not found)
{32A9D769-5B55-4a25-9A62-86B5683FE50A} "NikonView Drop Extension" - "Nikon Corporation" - D:\Programme\Nikon\NkView6\NkvDropExt.dll
{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "OpenOffice.org Column Handler" - ? - D:\Programme\OpenOffice.org 2.0\program\shlxthdl.dll
{087B3AE3-E237-4467-B8DB-5A38AB959AC9} "OpenOffice.org Infotip Handler" - ? - D:\Programme\OpenOffice.org 2.0\program\shlxthdl.dll
{63542C48-9552-494A-84F7-73AA6A7C99C1} "OpenOffice.org Property Sheet Handler" - ? - D:\Programme\OpenOffice.org 2.0\program\shlxthdl.dll
{3B092F0C-7696-40E3-A80F-68D74DA84210} "OpenOffice.org Thumbnail Viewer" - ? - D:\Programme\OpenOffice.org 2.0\program\shlxthdl.dll
{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira GmbH" - D:\Programme\Avira\AntiVir Desktop\shlext.dll
{E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} "Shell Icon Handler for Application References" - "Microsoft Corporation" - D:\WINDOWS\system32\dfshim.dll
{764BF0E1-F219-11ce-972D-00AA00A14F56} "Shellerweiterungen für die Dateikomprimierung" - ? - (File not found | COM-object registry key not found)
{e82a2d71-5b2f-43a0-97b8-81be15854de8} "ShellLink for Application References" - "Microsoft Corporation" - D:\WINDOWS\system32\dfshim.dll
{B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - ? - D:\Programme\WinRAR\rarext.dll (File found, but it contains no detailed information)
{E0D79304-84BE-11CE-9641-444553540000} "WinZip" - "WinZip Computing LP" - D:\PROGRA~1\WINZIP\WZSHLSTB.DLL
{E0D79305-84BE-11CE-9641-444553540000} "WinZip" - "WinZip Computing LP" - D:\PROGRA~1\WINZIP\WZSHLSTB.DLL
{E0D79306-84BE-11CE-9641-444553540000} "WinZip" - "WinZip Computing LP" - D:\PROGRA~1\WINZIP\WZSHLSTB.DLL
{E0D79307-84BE-11CE-9641-444553540000} "WinZip" - "WinZip Computing LP" - D:\PROGRA~1\WINZIP\WZSHLSTB.DLL

[Internet Explorer]
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
<binary data> "ITBarLayout" - ? - (File not found | COM-object registry key not found)
<binary data> "PDFCreator Toolbar" - ? - D:\Programme\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA} "Java Plug-in 1.4.1_02" - ? - C:\Programme\Java\j2re1.4.1_02\bin\npjpi141_02.dll (File not found) / hxxp://java.sun.com/products/plugin/1.4/jinstall-14_02-windows-i586.cab
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.5.0_06" - "Sun Microsystems, Inc." - D:\Programme\Java\jre1.5.0_06\bin\npjpi150_06.dll / hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} "Java Plug-in 1.5.0_06" - "Sun Microsystems, Inc." - D:\Programme\Java\jre1.5.0_06\bin\npjpi150_06.dll / hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.5.0_06" - "Sun Microsystems, Inc." - D:\Programme\Java\jre1.5.0_06\bin\npjpi150_06.dll / hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
{53707962-6F74-2D53-2644-206D7942484F} "ClsidExtension" - "Safer Networking Limited" - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
"ICQ6" - "ICQ, LLC." - D:\Programme\ICQ6.5\ICQ.exe
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Plugins\Extension )-----
"Location" - "InterTrust Technologies Corporation, Inc." - D:\Programme\Internet Explorer\Plugins\NPDocBox.dll
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )-----
{855F3B16-6D32-4fe6-8A56-BBB695989046} "ICQToolBar" - ? - (File not found | COM-object registry key not found)
{31CF9EBE-5755-4A1D-AC25-2834D952D9B4} "PDFCreator Toolbar" - ? - D:\Programme\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - D:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} "Adobe PDF Reader" - "Adobe Systems Incorporated" - D:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
{C451C08A-EC37-45DF-AAAD-18B51AB5E837} "PDFCreator Toolbar Helper" - ? - D:\Programme\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll
{53707962-6F74-2D53-2644-206D7942484F} "Spybot-S&D IE Protection" - "Safer Networking Limited" - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} "SSVHelper Class" - "Sun Microsystems, Inc." - D:\Programme\Java\jre1.5.0_06\bin\ssv.dll

[LSA Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Lsa )-----
"Authentication packages" - "Acronis" - D:\WINDOWS\system32\relog_ap.dll

[Logon]
-----( %AllUsersProfile%\Startmenü\Programme\Autostart )-----
"desktop.ini" - ? - D:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\desktop.ini
"NkvMon.exe.lnk.disabled" - ? - D:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\NkvMon.exe.lnk.disabled
"Sonic CinePlayer Quick Launch.lnk" - "Sonic Solutions" - D:\Programme\Gemeinsame Dateien\Sonic Shared\CineTray.exe (Shortcut exists | File exists)
-----( %UserProfile%\Startmenü\Programme\Autostart )-----
"desktop.ini" - ? - D:\Dokumente und Einstellungen\M&S Weber\Startmenü\Programme\Autostart\desktop.ini
"Verknüpfung mit Arcor.lnk" - ? - D:\Dokumente und Einstellungen\M&S Weber\Startmenü\Programme\Autostart\Verknüpfung mit Arcor.lnk (Shortcut exists | File not found)
-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----
"DAEMON Tools Lite" - "DT Soft Ltd" - "D:\Programme\DAEMON Tools Lite\DTLite.exe" -autorun
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"Acronis Scheduler2 Service" - "Acronis" - "D:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedhlp.exe"
"avgnt" - "Avira GmbH" - "D:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min
"UMonit" - "General" - D:\WINDOWS\system32\umonit.exe

[Print Monitors]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----
"PDFCreator" - "internet-support foehr.com" - D:\WINDOWS\system32\pdfcmnnt.dll

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
".NET Runtime Optimization Service v2.0.50727_X86" (clr_optimization_v2.0.50727_32) - "Microsoft Corporation" - D:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
"Acronis Scheduler2 Service" (AcrSch2Svc) - "Acronis" - D:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedul2.exe
"Anwendungsverwaltung" (AppMgmt) - ? - D:\WINDOWS\System32\appmgmts.dll (File not found)
"ASP.NET State Service" (aspnet_state) - "Microsoft Corporation" - D:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
"Automatische Updates" (wuauserv) - ? - C:\WINDOWS\system32\wuauserv.dll (File not found)
"Avira AntiVir Guard" (AntiVirService) - "Avira GmbH" - D:\Programme\Avira\AntiVir Desktop\avguard.exe
"Avira AntiVir Planer" (AntiVirSchedulerService) - "Avira GmbH" - D:\Programme\Avira\AntiVir Desktop\sched.exe
"NBService" (NBService) - "Nero AG" - D:\Programme\Nero\Nero 7\Nero BackItUp\NBService.exe
"NMIndexingService" (NMIndexingService) - "Nero AG" - D:\Programme\Gemeinsame Dateien\Ahead\Lib\NMIndexingService.exe
"PLFlash DeviceIoControl Service" (PLFlash DeviceIoControl Service) - "Prolific Technology Inc." - D:\WINDOWS\system32\IoctlSvc.exe
"Windows CardSpace" (idsvc) - "Microsoft Corporation" - D:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
"Windows Presentation Foundation Font Cache 3.0.0.0" (FontCache3.0.0.0) - "Microsoft Corporation" - D:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe

[Winlogon]
-----( HKCU\Control Panel\IOProcs )-----
"MVB" - ? - mvfs32.dll (File not found)
-----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions )-----
{c6dc5466-785a-11d2-84d0-00c04fb169f7} "Softwareinstallation" - ? - appmgmts.dll (File not found)
-----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify )-----
"WgaLogon" - "Microsoft Corporation" - D:\WINDOWS\system32\WgaLogon.dll

===[ Logfile end ]=========================================[ Logfile end ]===

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru

Alt 07.05.2010, 21:22   #17
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
TR/Fakealert.kit1 - Standard

TR/Fakealert.kit1



GMER Log ist schonmal ok.

Zitat:
"MEMSWEEP2" (MEMSWEEP2) - ? - D:\WINDOWS\system32\6.tmp (File not found)
Sieht nach einem Überbleibsel aus. Bitte mit OSAM deaktivieren + löschen.
__________________

__________________

Alt 08.05.2010, 07:21   #18
new-commer
 
TR/Fakealert.kit1 - Standard

TR/Fakealert.kit1



Hallo
ich verstehe leider nicht so richtig, wie ich das mit osam machen kann.
Bitte mal kurz erläutern oder screenshoz.
Danke
__________________

Alt 09.05.2010, 12:52   #19
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
TR/Fakealert.kit1 - Standard

TR/Fakealert.kit1



Das ist alles da beschrieben => http://www.trojaner-board.de/85306-anleitung-osam.html
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 19.05.2010, 08:27   #20
new-commer
 
TR/Fakealert.kit1 - Standard

TR/Fakealert.kit1



Hallo Arne,
habe jetzt erst Zeit gefunde.
Hier der erste Logfile nach deaktivieren:

Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 09:25:05 on 19.05.2010

OS: Windows XP Home Edition Service Pack 3 (Build 2600)
Default Browser: Mozilla Corporation Firefox 3.6.3

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"CMDVDPak.cpl" - "Sonic Solutions" - D:\WINDOWS\system32\CMDVDPak.cpl
"infocardcpl.cpl" - "Microsoft Corporation" - D:\WINDOWS\system32\infocardcpl.cpl
"jpicpl32.cpl" - "Sun Microsystems, Inc." - D:\WINDOWS\system32\jpicpl32.cpl
"pmxusb.cpl" - ? - D:\WINDOWS\system32\pmxusb.cpl (File signed by Microsoft | File found, but it contains no detailed information)
"QuickTime.cpl" - "Apple Computer, Inc." - D:\WINDOWS\system32\QuickTime.cpl
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"Avira AntiVir Personal - Free Antivirus " - "Avira GmbH" - D:\PROGRA~1\Avira\ANTIVI~1\avconfig.cpl
"Avira AntiVir PersonalEdition Classic " - "Avira GmbH" - D:\PROGRA~1\Avira\ANTIVI~1\avconfig.cpl
"Avira AntiVir PersonalEdition Classic Konfiguration" - ? - C:\ANTIVI~1\avconfig.cpl (File not found)
"Nero BurnRights" - "Nero AG" - D:\Programme\Nero\Nero 7\Nero Toolkit\NeroBurnRights.cpl

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"Acronis Snapshots Manager" (snapman) - "Acronis" - D:\WINDOWS\System32\DRIVERS\snapman.sys
"Acronis True Image Backup Archive Explorer" (timounter) - "Acronis" - D:\WINDOWS\System32\DRIVERS\timntr.sys
"Acronis True Image FS Filter" (tifsfilter) - "Acronis" - D:\WINDOWS\System32\DRIVERS\tifsfilt.sys
"aqdvwtc5" (aqdvwtc5) - "Microsoft Corporation" - D:\WINDOWS\system32\drivers\aqdvwtc5.sys (Hidden registry entry, rootkit activity | File signed by Microsoft)
"avgio" (avgio) - "Avira GmbH" - D:\Programme\Avira\AntiVir Desktop\avgio.sys
"avgntflt" (avgntflt) - "Avira GmbH" - D:\WINDOWS\System32\DRIVERS\avgntflt.sys
"avipbb" (avipbb) - "Avira GmbH" - D:\WINDOWS\System32\DRIVERS\avipbb.sys
"AVM ISDN-Controller A1" (a1base) - "AVM GmbH" - D:\WINDOWS\System32\DRIVERS\fbase.sys
"AVM NDIS WAN CAPI Treiber" (AVMWAN) - "AVM Berlin" - D:\WINDOWS\System32\DRIVERS\avmwan.sys
"AVMPORT" (AVMPORT) - "AVM Berlin" - D:\WINDOWS\System32\drivers\avmport.sys
"catchme" (catchme) - ? - D:\cofi\catchme.sys (File not found)
"Changer" (Changer) - ? - D:\WINDOWS\system32\drivers\Changer.sys (File not found)
"fixustor" (fixustor) - "Genesys Logic" - D:\WINDOWS\System32\drivers\fixustor.sys
"i2omgmt" (i2omgmt) - ? - D:\WINDOWS\system32\drivers\i2omgmt.sys (File not found)
"lbrtfdc" (lbrtfdc) - ? - D:\WINDOWS\system32\drivers\lbrtfdc.sys (File not found)
"PCIDump" (PCIDump) - ? - D:\WINDOWS\system32\drivers\PCIDump.sys (File not found)
"PDCOMP" (PDCOMP) - ? - D:\WINDOWS\system32\drivers\PDCOMP.sys (File not found)
"PDFRAME" (PDFRAME) - ? - D:\WINDOWS\system32\drivers\PDFRAME.sys (File not found)
"PDRELI" (PDRELI) - ? - D:\WINDOWS\system32\drivers\PDRELI.sys (File not found)
"PDRFRAME" (PDRFRAME) - ? - D:\WINDOWS\system32\drivers\PDRFRAME.sys (File not found)
"PPdus ASPI Shell" (Afc) - "Arcsoft, Inc." - D:\WINDOWS\System32\drivers\Afc.sys
"PQNTDrv" (PQNTDrv) - "PowerQuest Corporation" - D:\WINDOWS\system32\drivers\PQNTDrv.sys
"rvsport" (rvsport) - "RVS Datentechnik GmbH, München" - D:\WINDOWS\System32\drivers\rvsport.sys
"SANDRA" (SANDRA) - ? - D:\Programme\SiSoftware\SiSoftware Sandra Lite 2010.SP1d\WNt500x86\Sandra.sys (File not found)
"sptd" (sptd) - "Duplex Secure Ltd." - D:\WINDOWS\System32\Drivers\sptd.sys (File is exclusively opened, access blocked)
"ssmdrv" (ssmdrv) - "Avira GmbH" - D:\WINDOWS\System32\DRIVERS\ssmdrv.sys
"SVKP" (SVKP) - "AntiCracking" - D:\WINDOWS\system32\SVKP.sys
"Telekom Eumex 504PC SE" (dtwmnic5) - ? - D:\WINDOWS\System32\DRIVERS\dtwmnic5.sys (File not found)
"ulisa" (ulisa) - ? - D:\WINDOWS\System32\Drivers\ulisa.sys (File not found)
"VIA PCI 10/100-MBit/s-Fast Ethernetadapter-NT-Treiber" (FETNDIS) - ? - D:\WINDOWS\System32\DRIVERS\fetnd5.sys (File not found)
"WDICA" (WDICA) - ? - D:\WINDOWS\system32\drivers\WDICA.sys (File not found)
(Disabled) "MEMSWEEP2" (MEMSWEEP2) - ? - D:\WINDOWS\system32\6.tmp (File not found)

[Explorer]
-----( HKCU\Software\Microsoft\Internet Explorer\Desktop\Components )-----
"(0) Source" - ? - hxxp://i7.ebayimg.com/03/i/001/17/df/72bc_12.JPG (HTTP value)
-----( HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components )-----
{89B4C1CD-B018-4511-B0A1-5476DBF70820} "StubPath" - "Microsoft Corporation" - D:\WINDOWS\system32\Rundll32.exe D:\WINDOWS\system32\mscories.dll,Install
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - D:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.dll
{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" - ? - D:\Programme\OpenOffice.org 2.0\program\shlxthdl.dll
-----( HKLM\Software\Classes\Protocols\Filter )-----
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - D:\WINDOWS\system32\mscoree.dll
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - D:\WINDOWS\system32\mscoree.dll
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - D:\WINDOWS\system32\mscoree.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{C539A15A-3AF9-4c92-B771-50CB78F5C751} "Acronis True Image Shell Context Menu Extension" - "Acronis" - D:\Programme\Acronis\TrueImageHome\tishell.dll
{C539A15B-3AF9-4c92-B771-50CB78F5C751} "Acronis True Image Shell Extension" - "Acronis" - D:\Programme\Acronis\TrueImageHome\tishell.dll
{42071714-76d4-11d1-8b24-00a0c9068ff3} "CPL-Erweiterung für Anzeigeverschiebung" - ? - deskpan.dll (File not found)
{73B24247-042E-4EF5-ADC2-42F62E6FD654} "ICQ Lite Shell Extension" - ? - (File not found | COM-object registry key not found)
{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} "Kontextmenü für die Verschlüsselung" - ? - (File not found | COM-object registry key not found)
{32A9D769-5B55-4a25-9A62-86B5683FE50A} "NikonView Drop Extension" - "Nikon Corporation" - D:\Programme\Nikon\NkView6\NkvDropExt.dll
{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "OpenOffice.org Column Handler" - ? - D:\Programme\OpenOffice.org 2.0\program\shlxthdl.dll
{087B3AE3-E237-4467-B8DB-5A38AB959AC9} "OpenOffice.org Infotip Handler" - ? - D:\Programme\OpenOffice.org 2.0\program\shlxthdl.dll
{63542C48-9552-494A-84F7-73AA6A7C99C1} "OpenOffice.org Property Sheet Handler" - ? - D:\Programme\OpenOffice.org 2.0\program\shlxthdl.dll
{3B092F0C-7696-40E3-A80F-68D74DA84210} "OpenOffice.org Thumbnail Viewer" - ? - D:\Programme\OpenOffice.org 2.0\program\shlxthdl.dll
{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira GmbH" - D:\Programme\Avira\AntiVir Desktop\shlext.dll
{E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} "Shell Icon Handler for Application References" - "Microsoft Corporation" - D:\WINDOWS\system32\dfshim.dll
{764BF0E1-F219-11ce-972D-00AA00A14F56} "Shellerweiterungen für die Dateikomprimierung" - ? - (File not found | COM-object registry key not found)
{e82a2d71-5b2f-43a0-97b8-81be15854de8} "ShellLink for Application References" - "Microsoft Corporation" - D:\WINDOWS\system32\dfshim.dll
{B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - ? - D:\Programme\WinRAR\rarext.dll (File found, but it contains no detailed information)
{E0D79304-84BE-11CE-9641-444553540000} "WinZip" - "WinZip Computing LP" - D:\PROGRA~1\WINZIP\WZSHLSTB.DLL
{E0D79305-84BE-11CE-9641-444553540000} "WinZip" - "WinZip Computing LP" - D:\PROGRA~1\WINZIP\WZSHLSTB.DLL
{E0D79306-84BE-11CE-9641-444553540000} "WinZip" - "WinZip Computing LP" - D:\PROGRA~1\WINZIP\WZSHLSTB.DLL
{E0D79307-84BE-11CE-9641-444553540000} "WinZip" - "WinZip Computing LP" - D:\PROGRA~1\WINZIP\WZSHLSTB.DLL

[Internet Explorer]
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
<binary data> "ITBarLayout" - ? - (File not found | COM-object registry key not found)
<binary data> "PDFCreator Toolbar" - ? - D:\Programme\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA} "Java Plug-in 1.4.1_02" - ? - C:\Programme\Java\j2re1.4.1_02\bin\npjpi141_02.dll (File not found) / hxxp://java.sun.com/products/plugin/1.4/jinstall-14_02-windows-i586.cab
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.5.0_06" - "Sun Microsystems, Inc." - D:\Programme\Java\jre1.5.0_06\bin\npjpi150_06.dll / hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} "Java Plug-in 1.5.0_06" - "Sun Microsystems, Inc." - D:\Programme\Java\jre1.5.0_06\bin\npjpi150_06.dll / hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.5.0_06" - "Sun Microsystems, Inc." - D:\Programme\Java\jre1.5.0_06\bin\npjpi150_06.dll / hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
{53707962-6F74-2D53-2644-206D7942484F} "ClsidExtension" - "Safer Networking Limited" - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
"ICQ6" - "ICQ, LLC." - D:\Programme\ICQ6.5\ICQ.exe
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Plugins\Extension )-----
"Location" - "InterTrust Technologies Corporation, Inc." - D:\Programme\Internet Explorer\Plugins\NPDocBox.dll
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )-----
{855F3B16-6D32-4fe6-8A56-BBB695989046} "ICQToolBar" - ? - (File not found | COM-object registry key not found)
{31CF9EBE-5755-4A1D-AC25-2834D952D9B4} "PDFCreator Toolbar" - ? - D:\Programme\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - D:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} "Adobe PDF Reader" - "Adobe Systems Incorporated" - D:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
{C451C08A-EC37-45DF-AAAD-18B51AB5E837} "PDFCreator Toolbar Helper" - ? - D:\Programme\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll
{53707962-6F74-2D53-2644-206D7942484F} "Spybot-S&D IE Protection" - "Safer Networking Limited" - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} "SSVHelper Class" - "Sun Microsystems, Inc." - D:\Programme\Java\jre1.5.0_06\bin\ssv.dll

[LSA Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Lsa )-----
"Authentication packages" - "Acronis" - D:\WINDOWS\system32\relog_ap.dll

[Logon]
-----( %AllUsersProfile%\Startmenü\Programme\Autostart )-----
"desktop.ini" - ? - D:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\desktop.ini
"NkvMon.exe.lnk.disabled" - ? - D:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\NkvMon.exe.lnk.disabled
"Sonic CinePlayer Quick Launch.lnk" - "Sonic Solutions" - D:\Programme\Gemeinsame Dateien\Sonic Shared\CineTray.exe (Shortcut exists | File exists)
-----( %UserProfile%\Startmenü\Programme\Autostart )-----
"desktop.ini" - ? - D:\Dokumente und Einstellungen\M&S Weber\Startmenü\Programme\Autostart\desktop.ini
"Verknüpfung mit Arcor.lnk" - ? - D:\Dokumente und Einstellungen\M&S Weber\Startmenü\Programme\Autostart\Verknüpfung mit Arcor.lnk (Shortcut exists | File not found)
-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----
"DAEMON Tools Lite" - "DT Soft Ltd" - "D:\Programme\DAEMON Tools Lite\DTLite.exe" -autorun
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"Acronis Scheduler2 Service" - "Acronis" - "D:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedhlp.exe"
"avgnt" - "Avira GmbH" - "D:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min
"UMonit" - "General" - D:\WINDOWS\system32\umonit.exe

[Print Monitors]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----
"PDFCreator" - "internet-support foehr.com" - D:\WINDOWS\system32\pdfcmnnt.dll

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
".NET Runtime Optimization Service v2.0.50727_X86" (clr_optimization_v2.0.50727_32) - "Microsoft Corporation" - D:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
"Acronis Scheduler2 Service" (AcrSch2Svc) - "Acronis" - D:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedul2.exe
"Anwendungsverwaltung" (AppMgmt) - ? - D:\WINDOWS\System32\appmgmts.dll (File not found)
"ASP.NET State Service" (aspnet_state) - "Microsoft Corporation" - D:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
"Automatische Updates" (wuauserv) - ? - C:\WINDOWS\system32\wuauserv.dll (File not found)
"Avira AntiVir Guard" (AntiVirService) - "Avira GmbH" - D:\Programme\Avira\AntiVir Desktop\avguard.exe
"Avira AntiVir Planer" (AntiVirSchedulerService) - "Avira GmbH" - D:\Programme\Avira\AntiVir Desktop\sched.exe
"NBService" (NBService) - "Nero AG" - D:\Programme\Nero\Nero 7\Nero BackItUp\NBService.exe
"NMIndexingService" (NMIndexingService) - "Nero AG" - D:\Programme\Gemeinsame Dateien\Ahead\Lib\NMIndexingService.exe
"PLFlash DeviceIoControl Service" (PLFlash DeviceIoControl Service) - "Prolific Technology Inc." - D:\WINDOWS\system32\IoctlSvc.exe
"Windows CardSpace" (idsvc) - "Microsoft Corporation" - D:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
"Windows Presentation Foundation Font Cache 3.0.0.0" (FontCache3.0.0.0) - "Microsoft Corporation" - D:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe

[Winlogon]
-----( HKCU\Control Panel\IOProcs )-----
"MVB" - ? - mvfs32.dll (File not found)
-----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions )-----
{c6dc5466-785a-11d2-84d0-00c04fb169f7} "Softwareinstallation" - ? - appmgmts.dll (File not found)
-----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify )-----
"WgaLogon" - "Microsoft Corporation" - D:\WINDOWS\system32\WgaLogon.dll

===[ Logfile end ]=========================================[ Logfile end ]===

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru


Alt 19.05.2010, 08:54   #21
new-commer
 
TR/Fakealert.kit1 - Standard

TR/Fakealert.kit1



Hallo,
keine Arnung ob das jetzt alles richtig war.
Sag mal bitte was dazu.


Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 09:52:07 on 19.05.2010

OS: Windows XP Home Edition Service Pack 3 (Build 2600)
Default Browser: Mozilla Corporation Firefox 3.6.3

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"CMDVDPak.cpl" - "Sonic Solutions" - D:\WINDOWS\system32\CMDVDPak.cpl
"infocardcpl.cpl" - "Microsoft Corporation" - D:\WINDOWS\system32\infocardcpl.cpl
"jpicpl32.cpl" - "Sun Microsystems, Inc." - D:\WINDOWS\system32\jpicpl32.cpl
"pmxusb.cpl" - ? - D:\WINDOWS\system32\pmxusb.cpl (File signed by Microsoft | File found, but it contains no detailed information)
"QuickTime.cpl" - "Apple Computer, Inc." - D:\WINDOWS\system32\QuickTime.cpl
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"Avira AntiVir Personal - Free Antivirus " - "Avira GmbH" - D:\PROGRA~1\Avira\ANTIVI~1\avconfig.cpl
"Avira AntiVir PersonalEdition Classic " - "Avira GmbH" - D:\PROGRA~1\Avira\ANTIVI~1\avconfig.cpl
"Avira AntiVir PersonalEdition Classic Konfiguration" - ? - C:\ANTIVI~1\avconfig.cpl (File not found)
"Nero BurnRights" - "Nero AG" - D:\Programme\Nero\Nero 7\Nero Toolkit\NeroBurnRights.cpl

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"a8wjd169" (a8wjd169) - "Microsoft Corporation" - D:\WINDOWS\system32\drivers\a8wjd169.sys (Hidden registry entry, rootkit activity | File signed by Microsoft)
"Acronis Snapshots Manager" (snapman) - "Acronis" - D:\WINDOWS\System32\DRIVERS\snapman.sys
"Acronis True Image Backup Archive Explorer" (timounter) - "Acronis" - D:\WINDOWS\System32\DRIVERS\timntr.sys
"Acronis True Image FS Filter" (tifsfilter) - "Acronis" - D:\WINDOWS\System32\DRIVERS\tifsfilt.sys
"avgio" (avgio) - "Avira GmbH" - D:\Programme\Avira\AntiVir Desktop\avgio.sys
"avgntflt" (avgntflt) - "Avira GmbH" - D:\WINDOWS\System32\DRIVERS\avgntflt.sys
"avipbb" (avipbb) - "Avira GmbH" - D:\WINDOWS\System32\DRIVERS\avipbb.sys
"AVM ISDN-Controller A1" (a1base) - "AVM GmbH" - D:\WINDOWS\System32\DRIVERS\fbase.sys
"AVM NDIS WAN CAPI Treiber" (AVMWAN) - "AVM Berlin" - D:\WINDOWS\System32\DRIVERS\avmwan.sys
"AVMPORT" (AVMPORT) - "AVM Berlin" - D:\WINDOWS\System32\drivers\avmport.sys
"catchme" (catchme) - ? - D:\cofi\catchme.sys (File not found)
"Changer" (Changer) - ? - D:\WINDOWS\system32\drivers\Changer.sys (File not found)
"fixustor" (fixustor) - "Genesys Logic" - D:\WINDOWS\System32\drivers\fixustor.sys
"i2omgmt" (i2omgmt) - ? - D:\WINDOWS\system32\drivers\i2omgmt.sys (File not found)
"lbrtfdc" (lbrtfdc) - ? - D:\WINDOWS\system32\drivers\lbrtfdc.sys (File not found)
"PCIDump" (PCIDump) - ? - D:\WINDOWS\system32\drivers\PCIDump.sys (File not found)
"PDCOMP" (PDCOMP) - ? - D:\WINDOWS\system32\drivers\PDCOMP.sys (File not found)
"PDFRAME" (PDFRAME) - ? - D:\WINDOWS\system32\drivers\PDFRAME.sys (File not found)
"PDRELI" (PDRELI) - ? - D:\WINDOWS\system32\drivers\PDRELI.sys (File not found)
"PDRFRAME" (PDRFRAME) - ? - D:\WINDOWS\system32\drivers\PDRFRAME.sys (File not found)
"PPdus ASPI Shell" (Afc) - "Arcsoft, Inc." - D:\WINDOWS\System32\drivers\Afc.sys
"PQNTDrv" (PQNTDrv) - "PowerQuest Corporation" - D:\WINDOWS\system32\drivers\PQNTDrv.sys
"rvsport" (rvsport) - "RVS Datentechnik GmbH, München" - D:\WINDOWS\System32\drivers\rvsport.sys
"SANDRA" (SANDRA) - ? - D:\Programme\SiSoftware\SiSoftware Sandra Lite 2010.SP1d\WNt500x86\Sandra.sys (File not found)
"sptd" (sptd) - "Duplex Secure Ltd." - D:\WINDOWS\System32\Drivers\sptd.sys (File is exclusively opened, access blocked)
"ssmdrv" (ssmdrv) - "Avira GmbH" - D:\WINDOWS\System32\DRIVERS\ssmdrv.sys
"SVKP" (SVKP) - "AntiCracking" - D:\WINDOWS\system32\SVKP.sys
"Telekom Eumex 504PC SE" (dtwmnic5) - ? - D:\WINDOWS\System32\DRIVERS\dtwmnic5.sys (File not found)
"ulisa" (ulisa) - ? - D:\WINDOWS\System32\Drivers\ulisa.sys (File not found)
"VIA PCI 10/100-MBit/s-Fast Ethernetadapter-NT-Treiber" (FETNDIS) - ? - D:\WINDOWS\System32\DRIVERS\fetnd5.sys (File not found)
"WDICA" (WDICA) - ? - D:\WINDOWS\system32\drivers\WDICA.sys (File not found)

[Explorer]
-----( HKCU\Software\Microsoft\Internet Explorer\Desktop\Components )-----
"(0) Source" - ? - hxxp://i7.ebayimg.com/03/i/001/17/df/72bc_12.JPG (HTTP value)
-----( HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components )-----
{89B4C1CD-B018-4511-B0A1-5476DBF70820} "StubPath" - "Microsoft Corporation" - D:\WINDOWS\system32\Rundll32.exe D:\WINDOWS\system32\mscories.dll,Install
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - D:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.dll
{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" - ? - D:\Programme\OpenOffice.org 2.0\program\shlxthdl.dll
-----( HKLM\Software\Classes\Protocols\Filter )-----
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - D:\WINDOWS\system32\mscoree.dll
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - D:\WINDOWS\system32\mscoree.dll
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - D:\WINDOWS\system32\mscoree.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{C539A15A-3AF9-4c92-B771-50CB78F5C751} "Acronis True Image Shell Context Menu Extension" - "Acronis" - D:\Programme\Acronis\TrueImageHome\tishell.dll
{C539A15B-3AF9-4c92-B771-50CB78F5C751} "Acronis True Image Shell Extension" - "Acronis" - D:\Programme\Acronis\TrueImageHome\tishell.dll
{42071714-76d4-11d1-8b24-00a0c9068ff3} "CPL-Erweiterung für Anzeigeverschiebung" - ? - deskpan.dll (File not found)
{73B24247-042E-4EF5-ADC2-42F62E6FD654} "ICQ Lite Shell Extension" - ? - (File not found | COM-object registry key not found)
{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} "Kontextmenü für die Verschlüsselung" - ? - (File not found | COM-object registry key not found)
{32A9D769-5B55-4a25-9A62-86B5683FE50A} "NikonView Drop Extension" - "Nikon Corporation" - D:\Programme\Nikon\NkView6\NkvDropExt.dll
{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "OpenOffice.org Column Handler" - ? - D:\Programme\OpenOffice.org 2.0\program\shlxthdl.dll
{087B3AE3-E237-4467-B8DB-5A38AB959AC9} "OpenOffice.org Infotip Handler" - ? - D:\Programme\OpenOffice.org 2.0\program\shlxthdl.dll
{63542C48-9552-494A-84F7-73AA6A7C99C1} "OpenOffice.org Property Sheet Handler" - ? - D:\Programme\OpenOffice.org 2.0\program\shlxthdl.dll
{3B092F0C-7696-40E3-A80F-68D74DA84210} "OpenOffice.org Thumbnail Viewer" - ? - D:\Programme\OpenOffice.org 2.0\program\shlxthdl.dll
{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira GmbH" - D:\Programme\Avira\AntiVir Desktop\shlext.dll
{E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} "Shell Icon Handler for Application References" - "Microsoft Corporation" - D:\WINDOWS\system32\dfshim.dll
{764BF0E1-F219-11ce-972D-00AA00A14F56} "Shellerweiterungen für die Dateikomprimierung" - ? - (File not found | COM-object registry key not found)
{e82a2d71-5b2f-43a0-97b8-81be15854de8} "ShellLink for Application References" - "Microsoft Corporation" - D:\WINDOWS\system32\dfshim.dll
{B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - ? - D:\Programme\WinRAR\rarext.dll (File found, but it contains no detailed information)
{E0D79304-84BE-11CE-9641-444553540000} "WinZip" - "WinZip Computing LP" - D:\PROGRA~1\WINZIP\WZSHLSTB.DLL
{E0D79305-84BE-11CE-9641-444553540000} "WinZip" - "WinZip Computing LP" - D:\PROGRA~1\WINZIP\WZSHLSTB.DLL
{E0D79306-84BE-11CE-9641-444553540000} "WinZip" - "WinZip Computing LP" - D:\PROGRA~1\WINZIP\WZSHLSTB.DLL
{E0D79307-84BE-11CE-9641-444553540000} "WinZip" - "WinZip Computing LP" - D:\PROGRA~1\WINZIP\WZSHLSTB.DLL

[Internet Explorer]
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
<binary data> "ITBarLayout" - ? - (File not found | COM-object registry key not found)
<binary data> "PDFCreator Toolbar" - ? - D:\Programme\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA} "Java Plug-in 1.4.1_02" - ? - C:\Programme\Java\j2re1.4.1_02\bin\npjpi141_02.dll (File not found) / hxxp://java.sun.com/products/plugin/1.4/jinstall-14_02-windows-i586.cab
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.5.0_06" - "Sun Microsystems, Inc." - D:\Programme\Java\jre1.5.0_06\bin\npjpi150_06.dll / hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} "Java Plug-in 1.5.0_06" - "Sun Microsystems, Inc." - D:\Programme\Java\jre1.5.0_06\bin\npjpi150_06.dll / hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.5.0_06" - "Sun Microsystems, Inc." - D:\Programme\Java\jre1.5.0_06\bin\npjpi150_06.dll / hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
{53707962-6F74-2D53-2644-206D7942484F} "ClsidExtension" - "Safer Networking Limited" - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
"ICQ6" - "ICQ, LLC." - D:\Programme\ICQ6.5\ICQ.exe
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Plugins\Extension )-----
"Location" - "InterTrust Technologies Corporation, Inc." - D:\Programme\Internet Explorer\Plugins\NPDocBox.dll
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )-----
{855F3B16-6D32-4fe6-8A56-BBB695989046} "ICQToolBar" - ? - (File not found | COM-object registry key not found)
{31CF9EBE-5755-4A1D-AC25-2834D952D9B4} "PDFCreator Toolbar" - ? - D:\Programme\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - D:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} "Adobe PDF Reader" - "Adobe Systems Incorporated" - D:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
{C451C08A-EC37-45DF-AAAD-18B51AB5E837} "PDFCreator Toolbar Helper" - ? - D:\Programme\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll
{53707962-6F74-2D53-2644-206D7942484F} "Spybot-S&D IE Protection" - "Safer Networking Limited" - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} "SSVHelper Class" - "Sun Microsystems, Inc." - D:\Programme\Java\jre1.5.0_06\bin\ssv.dll

[LSA Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Lsa )-----
"Authentication packages" - "Acronis" - D:\WINDOWS\system32\relog_ap.dll

[Logon]
-----( %AllUsersProfile%\Startmenü\Programme\Autostart )-----
"desktop.ini" - ? - D:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\desktop.ini
"NkvMon.exe.lnk.disabled" - ? - D:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\NkvMon.exe.lnk.disabled
"Sonic CinePlayer Quick Launch.lnk" - "Sonic Solutions" - D:\Programme\Gemeinsame Dateien\Sonic Shared\CineTray.exe (Shortcut exists | File exists)
-----( %UserProfile%\Startmenü\Programme\Autostart )-----
"desktop.ini" - ? - D:\Dokumente und Einstellungen\M&S Weber\Startmenü\Programme\Autostart\desktop.ini
"Verknüpfung mit Arcor.lnk" - ? - D:\Dokumente und Einstellungen\M&S Weber\Startmenü\Programme\Autostart\Verknüpfung mit Arcor.lnk (Shortcut exists | File not found)
-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----
"DAEMON Tools Lite" - "DT Soft Ltd" - "D:\Programme\DAEMON Tools Lite\DTLite.exe" -autorun
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"Acronis Scheduler2 Service" - "Acronis" - "D:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedhlp.exe"
"avgnt" - "Avira GmbH" - "D:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min
"UMonit" - "General" - D:\WINDOWS\system32\umonit.exe

[Print Monitors]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----
"PDFCreator" - "internet-support foehr.com" - D:\WINDOWS\system32\pdfcmnnt.dll

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
".NET Runtime Optimization Service v2.0.50727_X86" (clr_optimization_v2.0.50727_32) - "Microsoft Corporation" - D:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
"Acronis Scheduler2 Service" (AcrSch2Svc) - "Acronis" - D:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedul2.exe
"Anwendungsverwaltung" (AppMgmt) - ? - D:\WINDOWS\System32\appmgmts.dll (File not found)
"ASP.NET State Service" (aspnet_state) - "Microsoft Corporation" - D:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
"Automatische Updates" (wuauserv) - ? - C:\WINDOWS\system32\wuauserv.dll (File not found)
"Avira AntiVir Guard" (AntiVirService) - "Avira GmbH" - D:\Programme\Avira\AntiVir Desktop\avguard.exe
"Avira AntiVir Planer" (AntiVirSchedulerService) - "Avira GmbH" - D:\Programme\Avira\AntiVir Desktop\sched.exe
"NBService" (NBService) - "Nero AG" - D:\Programme\Nero\Nero 7\Nero BackItUp\NBService.exe
"NMIndexingService" (NMIndexingService) - "Nero AG" - D:\Programme\Gemeinsame Dateien\Ahead\Lib\NMIndexingService.exe
"PLFlash DeviceIoControl Service" (PLFlash DeviceIoControl Service) - "Prolific Technology Inc." - D:\WINDOWS\system32\IoctlSvc.exe
"Windows CardSpace" (idsvc) - "Microsoft Corporation" - D:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
"Windows Presentation Foundation Font Cache 3.0.0.0" (FontCache3.0.0.0) - "Microsoft Corporation" - D:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe

[Winlogon]
-----( HKCU\Control Panel\IOProcs )-----
"MVB" - ? - mvfs32.dll (File not found)
-----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions )-----
{c6dc5466-785a-11d2-84d0-00c04fb169f7} "Softwareinstallation" - ? - appmgmts.dll (File not found)
-----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify )-----
"WgaLogon" - "Microsoft Corporation" - D:\WINDOWS\system32\WgaLogon.dll

===[ Logfile end ]=========================================[ Logfile end ]===

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru

Alt 19.05.2010, 12:09   #22
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
TR/Fakealert.kit1 - Standard

TR/Fakealert.kit1



Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 19.05.2010, 12:52   #23
new-commer
 
TR/Fakealert.kit1 - Standard

TR/Fakealert.kit1



Was mache ich dann eigendlich mit den ganzen Programmen?
Einfach auf dem Rechner lassen?
Ohne Anleitung soll man sie doch eh nicht benutzen, oder?
Könnte ich eins davon nutzen, um mich generell besser zu schützen?

Alt 19.05.2010, 13:09   #24
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
TR/Fakealert.kit1 - Standard

TR/Fakealert.kit1



Vorsichtig sein musst Du besonders bei CF. Aber ansonsten können die Programme runter. Malwarebytes kannst Du ja drauf lassen und regelmäßig aktualisieren, evtl mal auch 1x Monat das System vollscannen!

Zitat:
Könnte ich eins davon nutzen, um mich generell besser zu schützen?
Siehe Malwarebytes. Du solltest aber besser darauf achten, dass Malware auf Dein System erst garnicht mehr ausgeführt wird. Halte Dich am besten grob an diese fünf Regeln:

1) Sei misstrauisch im Internet und v.a. bei unbekannten E-Mails, sei vorsichtig bei der Herausgabe persönlicher Daten!!
2) Halte Windows und alle verwendeten Programme immer aktuell
3) Führe regelmäßig Backups auf externe Medien durch
4) Arbeite mit eingeschränkten Rechten
5) Nutze sichere Programme wie zB Opera oder Firefox zum Surfen statt den IE, zum Mailen Thunderbird statt Outlook Express - E-Mails nur als reinen text anzeigen lassen

Alles noch genauer erklärt steht hier => Kompromittierung unvermeidbar?
__________________
Logfiles bitte immer in CODE-Tags posten

Antwort

Themen zu TR/Fakealert.kit1
administrator, auswerten, avira, avira antivir, beendet, befall, bericht, dateien, dvd, ergebnis, forum, free, home, local disk, meldung, navipromo, programme, scan, total, tr/fakealert.kit.1, usb, version, virus, warnmeldung, windows, windows xp, xp home



Ähnliche Themen: TR/Fakealert.kit1


  1. Problem mit Fakealert
    Plagegeister aller Art und deren Bekämpfung - 21.05.2013 (12)
  2. HTML/FakeAlert.AP
    Log-Analyse und Auswertung - 03.04.2012 (7)
  3. tr/fakealert.grb.440
    Log-Analyse und Auswertung - 19.02.2012 (2)
  4. FakeAlert!grb
    Log-Analyse und Auswertung - 29.10.2011 (8)
  5. FakeAlert!fakealert-REP in C:\Windows\Downloaded Program Files\FP_AX_CAB_INSTALLER.exe
    Plagegeister aller Art und deren Bekämpfung - 02.09.2011 (45)
  6. FakeAlert!grb entdeckt
    Plagegeister aller Art und deren Bekämpfung - 10.06.2011 (31)
  7. FakeAlert! gbr Trojan!
    Plagegeister aller Art und deren Bekämpfung - 10.06.2011 (1)
  8. FakeAlert!fakealert-REP virus
    Plagegeister aller Art und deren Bekämpfung - 06.06.2011 (22)
  9. Fakealert-REP Trojan
    Log-Analyse und Auswertung - 05.06.2011 (36)
  10. Fakealert-REP Trojan
    Log-Analyse und Auswertung - 24.05.2011 (25)
  11. FakeAlert!grb - Problem
    Plagegeister aller Art und deren Bekämpfung - 18.04.2011 (20)
  12. DR/FakeAlert.SE' [dropper] - Wer ist das?
    Plagegeister aller Art und deren Bekämpfung - 23.08.2009 (17)
  13. TR/Fakealert.auf.2 Virenbefall!!!
    Log-Analyse und Auswertung - 16.01.2009 (4)
  14. TR/Fakealert.QF, TR/FakeAV.bak.2
    Log-Analyse und Auswertung - 28.10.2008 (5)
  15. TR/Fakealert.QE und XP Antispy
    Plagegeister aller Art und deren Bekämpfung - 20.10.2008 (4)
  16. Habe TR/Fakealert.QE auf dem PC
    Plagegeister aller Art und deren Bekämpfung - 18.10.2008 (2)
  17. TR/Fakealert.AAF
    Mülltonne - 22.09.2008 (0)

Zum Thema TR/Fakealert.kit1 - Geschaft, hier ist der Osam Scan. Gruß Report of OSAM : Autorun Manager v5.0.11926.0 hxxp://www.online-solutions.ru/en/ Saved at 21:08:52 on 07.05.2010 OS: Windows XP Home Edition Service Pack 3 (Build 2600) - TR/Fakealert.kit1...
Archiv
Du betrachtest: TR/Fakealert.kit1 auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.