Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Ordner "Internet Explorer Updater" unter Programme, nicht löschbar, vermutlich Malware

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 21.06.2010, 18:01   #1
Maddin92
 
Ordner "Internet Explorer Updater" unter Programme, nicht löschbar, vermutlich Malware - Standard

Ordner "Internet Explorer Updater" unter Programme, nicht löschbar, vermutlich Malware



Hallo,

ich habe mir gestern durch Download einer EXE-Datei vermutlich Malware eingefangen. Beim Versuch die Datei zu öffnen geschah nichts am PC, es erschien auch keine Fehlermeldung.
Jedoch fand sich seitdem der Ordner "Internet Explorer Updater" unter C:/Programme, dieser erschien nach dem Löschen nach wenigen Sekunden wieder.
Nach dem Durchlaufen von CCleaner und Malwarebytes-Anti-Malware ließ sich der Ordner löschen und erschien auch nach Neustart nicht wieder.

Ich habe beigefügt:
  • Malwarebytes-Anti-Malware-Report
  • RSIT-Report
  • HijackThis-Log

Vielen Dank für eure Hilfe!

Gruß
Martin

Alt 21.06.2010, 18:03   #2
Maddin92
 
Ordner "Internet Explorer Updater" unter Programme, nicht löschbar, vermutlich Malware - Standard

Ordner "Internet Explorer Updater" unter Programme, nicht löschbar, vermutlich Malware



MBAM-Report:

Code:
ATTFilter
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 4218

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

20.06.2010 18:53:32
mbam-log-2010-06-20 (18-53-32).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 148613
Laufzeit: 14 Minute(n), 28 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschl�ssel: 1
Infizierte Registrierungswerte: 2
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 6

Infizierte Speicherprozesse:
(Keine b�sartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine b�sartigen Objekte gefunden)

Infizierte Registrierungsschl�ssel:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{jd8xb30s-lo87-h842-1l2o-4vqt2ms058a6} (Generic.Bot.H) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\internet explorer updater (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\internet explorer updater (Trojan.Agent) -> Quarantined and deleted successfully.

Infizierte Dateiobjekte der Registrierung:
(Keine b�sartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine b�sartigen Objekte gefunden)

Infizierte Dateien:
c:\Internet Explorer Updater\IEUpdater\Internet Explorer Updater.exe (Generic.Bot.H) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\***\Anwendungsdaten\cglogs.dat (Malware.Trace) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Temp\MSN.abc (Malware.Trace) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Temp\UuU.uUu (Malware.Trace) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Temp\XxX.xXx (Malware.Trace) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Temp\xxxyyyzzz.dat (Malware.Trace) -> Quarantined and deleted successfully.
         
__________________


Alt 21.06.2010, 18:06   #3
Maddin92
 
Ordner "Internet Explorer Updater" unter Programme, nicht löschbar, vermutlich Malware - Standard

Ordner "Internet Explorer Updater" unter Programme, nicht löschbar, vermutlich Malware



log.txt von RSIT

Code:
ATTFilter
Logfile of random's system information tool 1.07 (written by random/random)
Run by Kowsko at 2010-06-20 18:56:42
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 56 GB (49%) free of 114 GB
Total RAM: 1023 MB (62% free)

HijackThis download failed

======Scheduled tasks folder======

C:\WINDOWS\tasks\Google Software Updater.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\tasks\GoogleUpdateTaskUser.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-04-04 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer - C:\Programme\Real\RealPlayer\rpbrowserrecordplugin.dll [2008-04-09 370296]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Anmelde-Hilfsprogramm - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Programme\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll [2009-03-24 668656]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B164E929-A1B6-4A06-B104-2CD0E90A88FF}]
McAfee SiteAdvisor BHO - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll [2010-02-01 251416]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Programme\Java\jre6\bin\jp2ssv.dll [2009-03-09 35840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-03-09 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - McAfee SiteAdvisor Toolbar - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll [2010-02-01 251416]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2006-10-22 7700480]
"nwiz"=nwiz.exe /install []
"NvMediaCenter"=NvMCTray.dll,NvTaskbarInit []
"avgnt"=C:\Programme\Avira\AntiVir Desktop\avgnt.exe [2009-03-02 209153]
"zinit32"=C:\WINDOWS\ZInit32.exe [2008-03-07 4281344]
"SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2007-04-16 577536]
"Adobe Reader Speed Launcher"=C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe [2010-04-04 36272]
"Adobe ARM"=C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe [2010-03-24 952768]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
"Internet Explorer Updater"=c:\Internet Explorer Updater\IEUpdater\Internet Explorer Updater.exe []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"H/PC Connection Agent"=C:\Programme\Microsoft ActiveSync\wcescomm.exe [2006-11-13 1289000]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
"Internet Explorer Updater"=c:\Internet Explorer Updater\IEUpdater\Internet Explorer Updater.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acronis Scheduler2 Service]
C:\Programme\Gemeinsame Dateien\Seagate\Schedule2\schedhlp.exe [2007-08-20 148760]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AcronisTimounterMonitor]
C:\Programme\Seagate\DiscWizard\TimounterMonitor.exe [2007-08-20 1966264]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ad-Watch]
C:\Programme\Lavasoft\Ad-Aware\AAWTray.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
C:\Programme\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe [2005-06-23 57344]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe [2010-04-04 36272]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\basicsmssmenu]
C:\Programme\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTSyncU.exe]
C:\Programme\Creative\Sync Manager Unicode\CTSyncU.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
C:\Programme\DAEMON Tools Lite\daemon.exe [2008-04-01 486856]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DiscWizardMonitor.exe]
C:\Programme\Seagate\DiscWizard\DiscWizardMonitor.exe [2007-08-20 1194768]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
C:\Dokumente und Einstellungen\Kowsko\Lokale Einstellungen\Anwendungsdaten\Google\Update\GoogleUpdate.exe [2008-09-03 133104]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HDDHealth]
C:\Programme\HDD Health\HDDHealth.exe [2008-04-12 1687552]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe [2006-09-27 81920]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Programme\iTunes\iTunesHelper.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MBM 5]
C:\Programme\Motherboard Monitor 5\MBM5.EXE []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
C:\Programme\Windows Live\Messenger\msnmsgr.exe [2009-02-06 3885408]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nokia FastStart]
C:\Programme\Nokia\Nokia Music\NokiaMusic.exe /command:faststart []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nokia.PCSync]
C:\Programme\Nokia\Nokia PC Suite 7\PCSync2.exe /NoDialog []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaMServer]
C:\Programme\Gemeinsame Dateien\Nokia\MPlatform\NokiaMServer /watchfiles []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication]
C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PcSync]
C:\Programme\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Programme\QuickTime\QTTask.exe [2009-01-05 413696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RivaTuner]
C:\Programme\RivaTuner v2.09\RivaTuner.exe /T []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Programme\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe [2008-04-09 185896]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VolPanel]
C:\Programme\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe /r []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
C:\Programme\Winamp\winampa.exe [2008-08-04 36352]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmen�^Programme^Autostart^Kanzlei-Start.lnk]
C:\AGENDA\KANZLE~1\KANZLE~1.EXE [2007-12-03 454656]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmen�^Programme^Autostart^Server4PC.lnk]
C:\PROGRA~1\TECHNI~1\bin\SERVER~1.EXE [2007-10-01 328968]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmen�^Programme^Autostart^Sonic CinePlayer Quick Launch.lnk]
C:\PROGRA~1\GEMEIN~1\SONICS~1\cinetray.exe [2002-09-18 98304]

C:\Dokumente und Einstellungen\Kowsko\Startmen�\Programme\Autostart
CAPIControl.lnk - C:\Programme\DeTeWe\OpenDimension\driver\Capictrl.exe
FRITZ!DSL Protect.lnk - C:\Programme\FRITZ!DSL\FwebProt.exe
HomeNet Control.lnk - C:\Programme\DeTeWe\OpenDimension\driver\HNetCtrl.exe
WinFlip.lnk - C:\Dokumente und Einstellungen\Kowsko\Desktop\Installationsdateien\WFlip050\WinFlip.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2008-04-14 239616]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"authentication packages"=msv1_0
relog_ap

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=0x91000000

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Programme\QIP\qip.exe"="C:\Programme\QIP\qip.exe:*:Enabled:Quiet Internet Pager"
"C:\Programme\imageN\imageN.exe"="C:\Programme\imageN\imageN.exe:*:Enabled:imageN"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Programme\TmNationsForever\TmForever.exe"="C:\Programme\TmNationsForever\TmForever.exe:*:Enabled:TmForever"
"C:\Programme\TeamViewer3\TeamViewer.exe"="C:\Programme\TeamViewer3\TeamViewer.exe:*:Enabled:TeamViewer Remote Control Application"
"C:\Dokumente und Einstellungen\Kowsko\Lokale Einstellungen\Apps\2.0\LNEL6MGP.8CV\ZH5GTZNR.8MH\frit..tion_f8d772dfbb3f7453_0002.0001_0db5bf0f9b5c5281\fritzbox-usb-fernanschluss.exe"="C:\Dokumente und Einstellungen\Kowsko\Lokale Einstellungen\Apps\2.0\LNEL6MGP.8CV\ZH5GTZNR.8MH\frit..tion_f8d772dfbb3f7453_0002.0001_0db5bf0f9b5c5281\fritzbox-usb-fernanschluss.exe:*:Enabled:FRITZ!Box USB-Fernanschluss"
"C:\Programme\FRITZ!Box Monitor\FRITZBoxMonitor.exe"="C:\Programme\FRITZ!Box Monitor\FRITZBoxMonitor.exe:*:Enabled:FRITZ!Box Monitor"
"C:\Programme\Tobit ClipInc\Server\ClipInc-Server.exe"="C:\Programme\Tobit ClipInc\Server\ClipInc-Server.exe:*:Enabled:ClipInc Server"
"C:\Programme\Tobit ClipInc\Player\ClipInc-Player.exe"="C:\Programme\Tobit ClipInc\Player\ClipInc-Player.exe:*:Enabled:ClipInc Player"
"C:\Programme\SiSoftware\SiSoftware Sandra Lite 2009.SP2\WNt500x86\RpcSandraSrv.exe"="C:\Programme\SiSoftware\SiSoftware Sandra Lite 2009.SP2\WNt500x86\RpcSandraSrv.exe:*:Enabled:SiSoftware Sandra Agent Service"
"C:\Dokumente und Einstellungen\***\Anwendungsdaten\U3\173871141200354A\0DE4F643-C398-46ec-9339-2362F2311932\Exec\skype.exe"="C:\Dokumente und Einstellungen\***\Anwendungsdaten\U3\173871141200354A\0DE4F643-C398-46ec-9339-2362F2311932\Exec\skype.exe:*:Enabled:skype"
"C:\Programme\Windows Live\Messenger\wlcsdk.exe"="C:\Programme\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Programme\Windows Live\Messenger\msnmsgr.exe"="C:\Programme\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Programme\Skype\Phone\Skype.exe"="C:\Programme\Skype\Phone\Skype.exe:*:Enabled:Skype. Take a deep breath "
"C:\Programme\Skype\Plugin Manager\skypePM.exe"="C:\Programme\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"C:\Programme\Microsoft ActiveSync\rapimgr.exe"="C:\Programme\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\Programme\Microsoft ActiveSync\wcescomm.exe"="C:\Programme\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\Programme\Microsoft ActiveSync\WCESMgr.exe"="C:\Programme\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"
"C:\Dokumente und Einstellungen\***\Desktop\My Mobile\MyMobiler\MyMobiler.exe"="C:\Dokumente und Einstellungen\Kowsko\Desktop\My Mobile\MyMobiler\MyMobiler.exe:*:Enabled:My Mobiler"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Programme\Windows Live\Messenger\wlcsdk.exe"="C:\Programme\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Programme\Windows Live\Messenger\msnmsgr.exe"="C:\Programme\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Programme\Microsoft ActiveSync\rapimgr.exe"="C:\Programme\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\Programme\Microsoft ActiveSync\wcescomm.exe"="C:\Programme\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\Programme\Microsoft ActiveSync\WCESMgr.exe"="C:\Programme\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H]
shell\AutoRun\command - H:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ee1f1cc0-68d6-11de-b293-001c4af66951}]
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RUNdLl32.ExE  .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn


======List of files/folders created in the last 1 months======

2010-06-20 18:56:42 ----D---- C:\rsit
2010-06-20 18:36:14 ----D---- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Malwarebytes
2010-06-20 18:36:01 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
2010-06-20 18:36:00 ----D---- C:\Programme\Malwarebytes' Anti-Malware
2010-06-20 18:16:04 ----D---- C:\Programme\CCleaner
2010-06-20 17:39:03 ----D---- C:\Internet Explorer Updater
2010-06-17 20:57:13 ----A---- C:\ASLog.txt
2010-06-12 12:13:05 ----D---- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Facebook
2010-06-11 12:49:49 ----HDC---- C:\WINDOWS\$NtUninstallKB980218$
2010-06-11 12:49:17 ----SHD---- C:\Config.Msi
2010-06-11 12:47:29 ----HDC---- C:\WINDOWS\$NtUninstallKB980195$
2010-06-11 12:45:20 ----HDC---- C:\WINDOWS\$NtUninstallKB979559$
2010-06-11 12:40:51 ----HDC---- C:\WINDOWS\$NtUninstallKB978695_WM9$
2010-06-11 12:40:44 ----HDC---- C:\WINDOWS\$NtUninstallKB979482$
2010-06-11 12:40:26 ----HDC---- C:\WINDOWS\$NtUninstallKB975562$
2010-06-07 15:58:37 ----D---- C:\Programme\PocketRAR
2010-06-06 01:39:28 ----D---- C:\Programme\Microsoft ActiveSync
2010-06-04 11:36:44 ----A---- C:\WINDOWS\system32\pdfcmnnt.dll
2010-06-04 11:36:42 ----A---- C:\WINDOWS\system32\MSMPIDE.DLL
2010-06-04 11:36:42 ----A---- C:\WINDOWS\system32\MSCMCDE.DLL
2010-06-04 11:36:42 ----A---- C:\WINDOWS\system32\MSCC2DE.DLL
2010-06-04 11:36:41 ----D---- C:\Programme\PDFCreator
2010-05-26 14:59:06 ----HDC---- C:\WINDOWS\$NtUninstallKB981793$

======List of files/folders modified in the last 1 months======

2010-06-20 18:56:35 ----D---- C:\WINDOWS\Temp
2010-06-20 18:56:10 ----A---- C:\WINDOWS\AROEY95.INI
2010-06-20 18:56:01 ----D---- C:\WINDOWS\system32\CatRoot2
2010-06-20 18:55:56 ----D---- C:\WINDOWS
2010-06-20 18:55:45 ----SD---- C:\WINDOWS\Tasks
2010-06-20 18:55:04 ----D---- C:\WINDOWS\system32\drivers
2010-06-20 18:54:24 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-06-20 18:54:06 ----HDC---- C:\WINDOWS\$NtUninstallKB890859$
2010-06-20 18:53:31 ----D---- C:\WINDOWS\Prefetch
2010-06-20 18:36:00 ----RD---- C:\Programme
2010-06-20 18:31:26 ----D---- C:\Dokumente und Einstellungen\Kowsko\Anwendungsdaten\Media Player Classic
2010-06-20 18:29:38 ----D---- C:\WINDOWS\Debug
2010-06-20 18:29:37 ----D---- C:\WINDOWS\Minidump
2010-06-20 14:53:18 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Google Updater
2010-06-16 08:20:42 ----SHD---- C:\WINDOWS\Installer
2010-06-12 12:19:30 ----HD---- C:\WINDOWS\inf
2010-06-12 12:13:20 ----D---- C:\WINDOWS\system32\wbem
2010-06-12 12:13:20 ----D---- C:\WINDOWS\system32
2010-06-12 12:13:19 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-06-12 11:44:24 ----D---- C:\WINDOWS\Microsoft.NET
2010-06-12 11:44:19 ----RSD---- C:\WINDOWS\assembly
2010-06-11 12:49:55 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-06-11 12:48:39 ----A---- C:\WINDOWS\win.ini
2010-06-11 12:47:27 ----HD---- C:\WINDOWS\$hf_mig$
2010-06-11 12:44:58 ----D---- C:\Programme\Internet Explorer
2010-06-11 12:44:43 ----D---- C:\WINDOWS\ie8updates
2010-06-11 12:37:49 ----D---- C:\WINDOWS\WinSxS
2010-06-06 18:34:03 ----D---- C:\WINDOWS\system32\LogFiles
2010-06-06 01:44:47 ----SD---- C:\Dokumente und Einstellungen\Kowsko\Anwendungsdaten\Microsoft
2010-06-06 01:39:29 ----D---- C:\WINDOWS\Help
2010-06-06 01:39:29 ----D---- C:\Programme\Gemeinsame Dateien\Microsoft Shared
2010-06-02 13:37:57 ----D---- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla
2010-06-01 21:48:22 ----A---- C:\WINDOWS\.ini
2010-05-28 21:37:34 ----A---- C:\WINDOWS\system32\MRT.exe
2010-05-27 07:37:18 ----D---- C:\Programme\McAfee
2010-05-23 02:23:30 ----D---- C:\Programme\Google

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 avgio;avgio; \??\C:\Programme\Avira\AntiVir Desktop\avgio.sys []
R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2009-04-27 96104]
R1 Cinemsup;Cinemsup; C:\WINDOWS\system32\drivers\Cinemsup.sys [2002-07-19 6656]
R1 intelppm;Intel-Prozessortreiber; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2008-04-14 40448]
R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2009-06-09 28520]
R1 truecrypt;truecrypt; C:\WINDOWS\System32\drivers\truecrypt.sys [2008-09-29 235840]
R1 vmm;Virtual Machine Monitor; \??\C:\WINDOWS\system32\Drivers\vmm.sys []
R2 avgntflt;avgntflt; C:\WINDOWS\system32\DRIVERS\avgntflt.sys [2009-12-09 56816]
R2 BrPar;BrPar; C:\WINDOWS\System32\drivers\BrPar.sys [2000-07-24 19537]
R2 Prvflder;Prvflder; C:\WINDOWS\system32\DRIVERS\prvflder.sys [2006-04-21 70912]
R2 rspndr;Antwort f�r Verbindungsschicht-Topologieerkennung; C:\WINDOWS\system32\DRIVERS\rspndr.sys [2006-11-08 62336]
R2 tifsfilter;Acronis True Image FS Filter; C:\WINDOWS\system32\DRIVERS\tifsfilt.sys [2008-04-02 32768]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2008-09-24 4122368]
R3 Arp1394;1394-ARP-Clientprotokoll; C:\WINDOWS\System32\DRIVERS\arp1394.sys [2008-04-14 60800]
R3 avmaura;AVM USB-Fernanschluss; C:\WINDOWS\system32\DRIVERS\avmaura.sys [2008-07-10 100864]
R3 HidUsb;Microsoft HID Class-Treiber; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 mouhid;Maus-HID-Treiber; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-18 12288]
R3 ms_mpu401;Microsoft MPU-401 MIDI UART-Treiber; C:\WINDOWS\system32\drivers\msmpu401.sys [2001-08-17 2944]
R3 NIC1394;1394-Netzwerktreiber; C:\WINDOWS\System32\DRIVERS\nic1394.sys [2008-04-14 61824]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2006-10-22 3994624]
R3 SISNIC;SiS-PCI-Fast Ethernet- Adaptertreiber; C:\WINDOWS\System32\DRIVERS\sisnic.sys [2004-08-03 32768]
R3 usbehci;Miniporttreiber f�r erweiterten Microsoft USB 2.0-Hostcontroller; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2008-04-14 30208]
R3 usbhub;Microsoft USB-Standardhubtreiber; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-14 59520]
R3 usbohci;Miniporttreiber f�r Microsoft USB Open Host-Controller; C:\WINDOWS\System32\DRIVERS\usbohci.sys [2008-04-14 17152]
R3 VPCNetS2;Virtual Machine Network Services Driver; C:\WINDOWS\system32\DRIVERS\VMNetSrv.sys [2003-09-19 45056]
R3 WmBEnum;Logitech Virtual Bus Enumerator Driver; C:\WINDOWS\system32\drivers\WmBEnum.sys [2004-05-13 10144]
R3 WmXlCore;Logitech WingMan Translation Layer Driver; C:\WINDOWS\system32\drivers\WmXlCore.sys [2004-05-13 44384]
S1 ATITool;ATITool Overclocking Utility; C:\WINDOWS\system32\DRIVERS\ATITool.sys [2005-12-30 24064]
S1 kbdhid;Tastatur-HID-Treiber; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14720]
S3 akpc1mx7;akpc1mx7; C:\WINDOWS\system32\drivers\akpc1mx7.sys []
S3 avmeject;AVM Eject; C:\WINDOWS\system32\drivers\avmeject.sys [2008-09-05 4352]
S3 BthEnum;Bluetooth-Anforderungsblocktreiber; C:\WINDOWS\system32\DRIVERS\BthEnum.sys [2008-04-14 17024]
S3 BTHMODEM;Bluetooth-Modemkommunikationstreiber; C:\WINDOWS\system32\DRIVERS\bthmodem.sys [2008-04-14 37888]
S3 BthPan;Bluetooth-Ger�t (PAN); C:\WINDOWS\system32\DRIVERS\bthpan.sys [2008-04-14 101120]
S3 BTHPORT;Bluetooth-Porttreiber; C:\WINDOWS\System32\Drivers\BTHport.sys [2008-06-14 273024]
S3 BTHUSB;USB-Treiber f�r Bluetooth-Funkger�t; C:\WINDOWS\System32\Drivers\BTHUSB.sys [2008-04-14 18944]
S3 CCDECODE;Untertiteldecoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-14 17024]
S3 CT20XUT.SYS;CT20XUT.SYS; C:\WINDOWS\System32\drivers\CT20XUT.SYS []
S3 CT20XUT;CT20XUT; C:\WINDOWS\system32\drivers\CT20XUT.SYS []
S3 ctac32k;Creative AC3 Software Decoder; C:\WINDOWS\system32\drivers\ctac32k.sys []
S3 ctaud2k;Creative Audio Driver (WDM); C:\WINDOWS\system32\drivers\ctaud2k.sys []
S3 ctdvda2k;Creative DVD-Audio Device Driver; C:\WINDOWS\system32\drivers\ctdvda2k.sys [2008-10-08 347080]
S3 CTEXFIFX.SYS;CTEXFIFX.SYS; C:\WINDOWS\System32\drivers\CTEXFIFX.SYS []
S3 CTEXFIFX;CTEXFIFX; C:\WINDOWS\system32\drivers\CTEXFIFX.SYS []
S3 CTHWIUT.SYS;CTHWIUT.SYS; C:\WINDOWS\System32\drivers\CTHWIUT.SYS []
S3 CTHWIUT;CTHWIUT; C:\WINDOWS\system32\drivers\CTHWIUT.SYS []
S3 ctprxy2k;Creative Proxy Driver; C:\WINDOWS\system32\drivers\ctprxy2k.sys []
S3 ctsfm2k;Creative SoundFont Management Device Driver; C:\WINDOWS\system32\drivers\ctsfm2k.sys [2008-10-08 158744]
S3 dot4;MS IEEE-1284.4-Treiber; C:\WINDOWS\system32\DRIVERS\Dot4.sys [2008-04-14 206976]
S3 Dot4Print;Druckerklassentreiber f�r IEEE-1284.4; C:\WINDOWS\system32\DRIVERS\Dot4Prt.sys [2001-08-17 12928]
S3 Dot4Scan;Scannerklassentreiber f�r IEEE-1284.4; C:\WINDOWS\system32\DRIVERS\Dot4Scan.sys [2001-08-17 8704]
S3 dot4usb;Dot4USB-Filter Dot4USB Filter; C:\WINDOWS\system32\DRIVERS\dot4usb.sys [2001-08-18 23936]
S3 dtwmnic5;DeTeWe OpenCom 30 plus; C:\WINDOWS\system32\DRIVERS\dtwmnic5.sys []
S3 emupia;E-mu Plug-in Architecture Driver; C:\WINDOWS\system32\drivers\emupia2k.sys []
S3 FWLANUSB;AVM FRITZ!WLAN; C:\WINDOWS\system32\DRIVERS\fwlanusb.sys [2008-09-05 265088]
S3 ha20x2k;Creative 20X HAL Driver; C:\WINDOWS\system32\drivers\ha20x2k.sys []
S3 jfdcd;jfdcd; \??\C:\DOKUME~1\Kowsko\LOKALE~1\Temp\jfdcd.sys []
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink-Konvertierung; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-14 5504]
S3 NABTSFEC;NABTS/FEC VBI-Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-14 85248]
S3 NdisIP;Microsoft TV-/Videoverbindung; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-14 10880]
S3 NSNDIS5;NSNDIS5 NDIS Protocol Driver; \??\C:\WINDOWS\system32\NSNDIS5.SYS []
S3 ossrv;Creative OS Services Driver; C:\WINDOWS\system32\drivers\ctoss2k.sys [2008-10-08 130072]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys []
S3 QCDonner;Logitech QuickCam Express; C:\WINDOWS\system32\DRIVERS\OVCD.sys [2001-08-17 28032]
S3 RFCOMM;Bluetooth-Ger�t (RFCOMM-Protokoll-TDI); C:\WINDOWS\system32\DRIVERS\rfcomm.sys [2008-04-14 59136]
S3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2002-08-29 5888]
S3 SANDRA;SANDRA; \??\C:\Programme\SiSoftware\SiSoftware Sandra Lite 2009.SP2\WNt500x86\Sandra.sys []
S3 SKYNET;TechniSat DVB-PC TV Star PCI; C:\WINDOWS\system32\DRIVERS\SkyNET.SYS [2007-10-01 419344]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-14 11136]
S3 streamip;BDA-IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-14 15232]
S3 tosporte;Bluetooth COM Port; C:\WINDOWS\system32\DRIVERS\tosporte.sys []
S3 tosrfbd;Bluetooth RFBUS; C:\WINDOWS\system32\DRIVERS\tosrfbd.sys []
S3 tosrfbnp;Bluetooth RFBNEP; C:\WINDOWS\System32\Drivers\tosrfbnp.sys []
S3 Tosrfcom;Bluetooth RFCOMM; C:\WINDOWS\System32\Drivers\tosrfcom.sys []
S3 Tosrfhid;Bluetooth RFHID; C:\WINDOWS\system32\DRIVERS\Tosrfhid.sys []
S3 tosrfnds;Bluetooth Personal Area Network; C:\WINDOWS\system32\DRIVERS\tosrfnds.sys []
S3 TosRfSnd;Bluetooth Audio; C:\WINDOWS\system32\drivers\tosrfsnd.sys []
S3 Tosrfusb;Bluetooth USB Controller; C:\WINDOWS\system32\DRIVERS\tosrfusb.sys []
S3 ulisa;DeTeWe ISDN-Adapter (USB); C:\WINDOWS\System32\Drivers\ulisa.sys []
S3 upperdev;upperdev; C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys []
S3 usb_rndisx;USB-RNDIS-Adapter; C:\WINDOWS\system32\DRIVERS\usb8023x.sys [2008-04-14 12800]
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys []
S3 usbaudio;USB-Audiotreiber (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-14 60032]
S3 usbccgp;Microsoft Standard-USB-Haupttreiber; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
S3 usbprint;Microsoft USB-Druckerklasse; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-14 25856]
S3 usbscan;USB-Scannertreiber; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-14 15104]
S3 USBSTOR;USB-Massenspeichertreiber; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
S3 wceusbsh;Windows CE USB Serial Host Driver; C:\WINDOWS\system32\DRIVERS\wceusbsh.sys [2006-11-06 28672]
S3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2008-03-27 503008]
S3 WmFilter;Logitech WingMan HID Filter Driver; C:\WINDOWS\system32\drivers\WmFilter.sys [2004-05-13 21440]
S3 WmHidLo;Logitech WingMan USB Filter Driver; C:\WINDOWS\system32\drivers\WmHidLo.sys [2004-05-13 14720]
S3 WmVirHid;Logitech Virtual Hid Device Driver; C:\WINDOWS\system32\drivers\WmVirHid.sys [2004-05-13 5600]
S3 WpdUsb;WpdUsb; C:\WINDOWS\System32\Drivers\wpdusb.sys [2005-01-28 18944]
S3 WSTCODEC;World Standard Teletext-Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-14 19200]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-15 82688]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
S4 WS2IFSL;Windows Socket 2.0 Non-IFS-Dienstanbieter-Unterst�tzungsumgebung; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2002-08-29 12032]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AcrSch2Svc;Acronis Scheduler2 Service; C:\Programme\Gemeinsame Dateien\Seagate\Schedule2\schedul2.exe [2007-08-20 410904]
R2 AntiVirSchedulerService;Avira AntiVir Planer; C:\Programme\Avira\AntiVir Desktop\sched.exe [2009-06-09 108289]
R2 AntiVirService;Avira AntiVir Guard; C:\Programme\Avira\AntiVir Desktop\avguard.exe [2009-08-10 185089]
R2 Brother XP spl Service;BrSplService; C:\WINDOWS\system32\brsvc01a.exe [2002-04-11 57344]
R2 BthServ;Bluetooth Support Service; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 JavaQuickStarterService;Java Quick Starter; C:\Programme\Java\jre6\bin\jqs.exe [2009-03-09 152984]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service; C:\Programme\McAfee\SiteAdvisor\McSACore.exe [2010-03-26 93320]
R2 NMSAccessU;NMSAccessU; C:\Programme\CDBurnerXP\NMSAccessU.exe [2008-03-09 71096]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2006-10-22 159810]
R2 OOD2000;O&O Defrag 2000; C:\WINDOWS\system32\OOD2000.exe [2001-04-06 238080]
R2 prfldsvc;Private Folder Service; C:\Programme\Microsoft Private Folder 1.0\PrfldSvc.exe [2006-04-21 69632]
R2 ProtexisLicensing;ProtexisLicensing; C:\WINDOWS\system32\PSIService.exe [2006-11-02 174656]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S2 gupdate1c9856e576f0e44;Google Update Service (gupdate1c9856e576f0e44); C:\Programme\Google\Update\GoogleUpdate.exe [2009-02-02 133104]
S2 gusvc;Google Software Updater; C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-03-24 183280]
S3 aspnet_state;ASP.NET-Zustandsdienst; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 ose;Office Source Engine; C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 WMPNetworkSvc;Windows Media Player-Netzwerkfreigabedienst; C:\Programme\Windows Media Player\WMPNetwk.exe [2006-11-03 920576]
S4 NetTcpPortSharing;Net.Tcp-Portfreigabedienst; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------
         
__________________

Alt 21.06.2010, 18:10   #4
Maddin92
 
Ordner "Internet Explorer Updater" unter Programme, nicht löschbar, vermutlich Malware - Standard

Ordner "Internet Explorer Updater" unter Programme, nicht löschbar, vermutlich Malware



info.txt von RSIT:
[CODE]
info.txtRSIT Logfile:
Code:
ATTFilter
logfile of random's system information tool 1.06 2010-06-20 18:56:56

======Uninstall list======

-->C:\Programme\Gemeinsame Dateien\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
7-Zip 4.65-->"C:\Programme\7-Zip\Uninstall.exe"
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 9.3.2 - Deutsch-->MsiExec.exe /I{AC76BA86-7AD7-1031-7B44-A93000000001}
Adobe SVG Viewer 3.0-->C:\Programme\Gemeinsame Dateien\Adobe\SVG Viewer 3.0\Uninstall\Winstall.exe -u -fC:\Programme\Gemeinsame Dateien\Adobe\SVG Viewer 3.0\Uninstall\Install.log
Adobe� Photoshop� Album Starter Edition 3.0-->MsiExec.exe /I{4BDFD2CE-6329-42E4-9801-9B3D1F10D79B}
Avira AntiVir Personal - Free Antivirus-->C:\Programme\Avira\AntiVir Desktop\setup.exe /REMOVE
AVM FRITZ!Box Dokumentation-->C:\Programme\FRITZ!Box\install.exe -d
AVM FRITZ!Box Druckeranschluss-->C:\Programme\FRITZ!BoxPrint\install.exe -d
Banana Buchhaltung 3 - CashBook-->C:\PROGRA~1\Banana3.cb\UNWISE.EXE C:\PROGRA~1\Banana3.cb\INSTALL.LOG
Brother HL-1430-->"C:\Programme\Brother\BRHL1430\IsUn0407.exe" -f"C:\Programme\Brother\BRHL1430\DeIsL1.isu" -cbruninst.dll
CCleaner-->"C:\Programme\CCleaner\uninst.exe"
CDBurnerXP-->"C:\Programme\CDBurnerXP\unins000.exe"
Choice Guard-->MsiExec.exe /I{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}
ElsterFormular 2008/2009-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{04830D0F-F980-4EC0-89F1-594F2FD2A1B5}\setup.exe" -l0x7  -removeonly
EVEREST Home Edition v2.20-->"C:\Programme\Lavalys\EVEREST Home Edition\unins000.exe"
Fragen-Lern-CD-->C:\Programme\Wendel-Verlag\Fragen-Lern-CD\uninst.exe
Google Earth-->MsiExec.exe /X{F7B0939E-58DF-11DF-B3A6-005056806466}
Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
Google Updater-->"C:\Programme\Google\Google Updater\GoogleUpdater.exe" -uninstall
GTR-->C:\Programme\GTR\Support\unins000.exe
HD Tune 2.55-->"C:\Programme\HD Tune\unins000.exe"
HDD Health v3.3 Beta-->"C:\Programme\HDD Health\unins000.exe"
HijackThis 2.0.2-->"C:\Programme\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall  /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB915800-v4)-->"C:\WINDOWS\$NtUninstallKB915800-v4$\spuninst\spuninst.exe"
Hotfix f�r Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"
Hotfix f�r Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix f�r Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Hotfix f�r Windows XP (KB961118)-->"C:\WINDOWS\$NtUninstallKB961118$\spuninst\spuninst.exe"
Hotfix f�r Windows XP (KB970653-v3)-->"C:\WINDOWS\$NtUninstallKB970653-v3$\spuninst\spuninst.exe"
Hotfix f�r Windows XP (KB976098-v2)-->"C:\WINDOWS\$NtUninstallKB976098-v2$\spuninst\spuninst.exe"
Hotfix f�r Windows XP (KB979306)-->"C:\WINDOWS\$NtUninstallKB979306$\spuninst\spuninst.exe"
Hotfix f�r Windows XP (KB981793)-->"C:\WINDOWS\$NtUninstallKB981793$\spuninst\spuninst.exe"
IrfanView (remove only)-->C:\Programme\IrfanView\iv_uninstall.exe
Java(TM) 6 Update 13-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216010FF}
Java(TM) 6 Update 3-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java(TM) 6 Update 5-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Java(TM) 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
Logitech Gaming Software-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{648F9C94-EC44-487B-9DA4-44ED72A082CC}\setup.exe" -l0x7 
Malwarebytes' Anti-Malware-->"C:\Programme\Malwarebytes' Anti-Malware\unins000.exe"
Mathe Klasse 8-10-->MsiExec.exe /I{3D24A762-F5A2-41C1-9F0A-300B4D8D5A2B}
McAfee SiteAdvisor-->C:\Programme\McAfee\SiteAdvisor\Uninstall.exe
Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - DEU-->MsiExec.exe /I{C314CE45-3392-3B73-B4E1-139CD41CA933}
Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
Microsoft .NET Framework 3.0 German Language Pack-->c:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0 German Language Pack\setup.exe
Microsoft .NET Framework 3.0 German Language Pack-->MsiExec.exe /X{F2A7F421-1679-48D5-B918-96999014ED53}
Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - DEU-->MsiExec.exe /I{C2C284D2-6BD7-3B34-B0C5-B2CAED168DF7}
Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU-->c:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 Language Pack SP1 - deu\setup.exe
Microsoft .NET Framework 3.5 Language Pack SP1 - deu-->MsiExec.exe /I{052FDD78-A6EA-3187-8386-C82F4CA3A929}
Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft ActiveSync-->MsiExec.exe /I{99052DB7-9592-4522-A558-5417BBAD48EE}
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5-->"C:\WINDOWS\$NtUninstallWdf01005$\spuninst\spuninst.exe"
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7-->"C:\WINDOWS\$NtUninstallWdf01007$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office Professional Edition 2003-->MsiExec.exe /I{90110407-6000-11D3-8CFE-0150048383C9}
Microsoft Private Folder 1.0-->MsiExec.exe /I{644EA08F-87D2-48C0-AE94-B327D1C85A97}
Microsoft User-Mode Driver Framework Feature Pack 1.5-->"C:\WINDOWS\$NtUninstallWudf01005$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148-->MsiExec.exe /X{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
Microsoft Windows CE 5.0 Emulator-->MsiExec.exe /X{6C7DDE5A-6A22-4D65-BA0F-AB41289A1E70}
Motherboard Monitor 5 Languages-->"C:\Programme\Motherboard Monitor 5\Language\unins000.exe"
Mozilla Firefox (3.6.3)-->C:\Programme\Mozilla Firefox\uninstall\helper.exe
MSVC80_x86-->MsiExec.exe /I{212748BB-0DA5-46DE-82A1-403736DC9F27}
MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
MSXML 6.0 Parser (KB933579)-->MsiExec.exe /I{C4A230B7-518F-4224-A5A3-27F06CC57111}
Network Stumbler 0.4.0 (remove only)-->"C:\Programme\Network Stumbler\uninst.exe"
NVIDIA Drivers-->C:\WINDOWS\system32\nvudisp.exe UninstallGUI
O&O Defrag 2000 Freeware Edition-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{E86E5246-AA7E-11D4-88C9-00105ADBE398}\Setup.exe" 
OpenAL-->"C:\Programme\OpenAL\OALInst.exe" /U
PantsOff 2.0-->C:\Programme\PantsOff\unins000.exe
PDFCreator-->C:\Programme\PDFCreator\unins000.exe
Pocket RAR documentation-->C:\Programme\PocketRAR\uninstall.exe
QIP 2005 8090-->"C:\Programme\QIP\unins000.exe"
QIP 2005 Uninstall-->"C:\Programme\QIP\unqip.exe"
QuickTime-->MsiExec.exe /I{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}
RealPlayer-->C:\Programme\Gemeinsame Dateien\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Realtek AC'97 Audio-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" -l0x7  -removeonly
Seagate�DiscWizard-->MsiExec.exe /X{81A60A13-224D-4637-8203-3EAC03B121A4}
Segoe UI-->MsiExec.exe /I{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}
Sicherheitsupdate f�r Step by Step Interactive Training (KB923723)-->"C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Sicherheitsupdate f�r Windows Internet Explorer 7 (KB928090)-->"C:\WINDOWS\ie7updates\KB928090-IE7\spuninst\spuninst.exe"
Sicherheitsupdate f�r Windows Internet Explorer 7 (KB929969)-->"C:\WINDOWS\ie7updates\KB929969\spuninst\spuninst.exe"
Sicherheitsupdate f�r Windows Internet Explorer 7 (KB937143)-->"C:\WINDOWS\ie7updates\KB937143-IE7\spuninst\spuninst.exe"
Sicherheitsupdate f�r Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Sicherheitsupdate f�r Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"
Sicherheitsupdate f�r Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
Sicherheitsupdate f�r Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Sicherheitsupdate f�r Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Sicherheitsupdate f�r Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"
Sicherheitsupdate f�r Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe"
Sicherheitsupdate f�r Windows Internet Explorer 7 (KB961260)-->"C:\WINDOWS\ie7updates\KB961260-IE7\spuninst\spuninst.exe"
Sicherheitsupdate f�r Windows Internet Explorer 7 (KB963027)-->"C:\WINDOWS\ie7updates\KB963027-IE7\spuninst\spuninst.exe"
Sicherheitsupdate f�r Windows Internet Explorer 8 (KB969897)-->"C:\WINDOWS\ie8updates\KB969897-IE8\spuninst\spuninst.exe"
Sicherheitsupdate f�r Windows Internet Explorer 8 (KB971961)-->"C:\WINDOWS\ie8updates\KB971961-IE8\spuninst\spuninst.exe"
Sicherheitsupdate f�r Windows Internet Explorer 8 (KB972260)-->"C:\WINDOWS\ie8updates\KB972260-IE8\spuninst\spuninst.exe"
Sicherheitsupdate f�r Windows Internet Explorer 8 (KB974455)-->"C:\WINDOWS\ie8updates\KB974455-IE8\spuninst\spuninst.exe"
Sicherheitsupdate f�r Windows Internet Explorer 8 (KB976325)-->"C:\WINDOWS\ie8updates\KB976325-IE8\spuninst\spuninst.exe"
Sicherheitsupdate f�r Windows Internet Explorer 8 (KB978207)-->"C:\WINDOWS\ie8updates\KB978207-IE8\spuninst\spuninst.exe"
Sicherheitsupdate f�r Windows Internet Explorer 8 (KB981332)-->"C:\WINDOWS\ie8updates\KB981332-IE8\spuninst\spuninst.exe"
Sicherheitsupdate f�r Windows Internet Explorer 8 (KB982381)-->"C:\WINDOWS\ie8updates\KB982381-IE8\spuninst\spuninst.exe"
Sicherheitsupdate f�r Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Sicherheitsupdate f�r Windows Media Player (KB954155)-->"C:\WINDOWS\$NtUninstallKB954155_WM9$\spuninst\spuninst.exe"
Sicherheitsupdate f�r Windows Media Player (KB968816)-->"C:\WINDOWS\$NtUninstallKB968816_WM9$\spuninst\spuninst.exe"
Sicherheitsupdate f�r Windows Media Player (KB973540)-->"C:\WINDOWS\$NtUninstallKB973540_WM9$\spuninst\spuninst.exe"
Sicherheitsupdate f�r Windows Media Player (KB978695)-->"C:\WINDOWS\$NtUninstallKB978695_WM9$\spuninst\spuninst.exe"
Sicherheitsupdate f�r Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Sicherheitsupdate f�r Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Sicherheitsupdate f�r Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Sicherheitsupdate f�r Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Sicherheitsupdate f�r Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Sicherheitsupdate f�r Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Sicherheitsupdate f�r Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Sicherheitsupdate f�r Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Sicherheitsupdate f�r Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Sicherheitsupdate f�r Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Sicherheitsupdate f�r Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Sicherheitsupdate f�r Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Sicherheitsupdate f�r Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Sicherheitsupdate f�r Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Sicherheitsupdate f�r Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Sicherheitsupdate f�r Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Sicherheitsupdate f�r Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Sicherheitsupdate f�r Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Sicherheitsupdate f�r Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Sicherheitsupdate f�r Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Sicherheitsupdate f�r Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Sicherheitsupdate f�r Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Sicherheitsupdate f�r Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Sicherheitsupdate f�r Windows XP (KB956744)-->"C:\WINDOWS\$NtUninstallKB956744$\spuninst\spuninst.exe"
Sicherheitsupdate f�r Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Sicherheitsupdate f�r Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Sicherheitsupdate f�r Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Sicherheitsupdate f�r Windows XP (KB956844)-->"C:\WINDOWS\$NtUninstallKB956844$\spuninst\spuninst.exe"
Sicherheitsupdate f�r Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Sicherheitsupdate f�r Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Sicherheitsupdate f�r Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Sicherheitsupdate f�r Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Sicherheitsupdate f�r Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"
Sicherheitsupdate f�r Windows XP (KB958869)-->"C:\WINDOWS\$NtUninstallKB958869$\spuninst\spuninst.exe"
Sicherheitsupdate f�r Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Sicherheitsupdate f�r Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Sicherheitsupdate f�r Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
Sicherheitsupdate f�r Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Sicherheitsupdate f�r Windows XP (KB960859)-->"C:\WINDOWS\$NtUninstallKB960859$\spuninst\spuninst.exe"
Sicherheitsupdate f�r Windows XP (KB961371)-->"C:\WINDOWS\$NtUninstallKB961371$\spuninst\spuninst.exe"
Sicherheitsupdate f�r Windows XP (KB961373)-->"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe"
Sicherheitsupdate f�r Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"
Sicherheitsupdate f�r Windows XP (KB968537)-->"C:\WINDOWS\$NtUninstallKB968537$\spuninst\spuninst.exe"
Sicherheitsupdate f�r Windows XP (KB969059)-->"C:\WINDOWS\$NtUninstallKB969059$\spuninst\spuninst.exe"
Sicherheitsupdate f�r Windows XP (KB969898)-->"C:\WINDOWS\$NtUninstallKB969898$\spuninst\spuninst.exe"
Sicherheitsupdate f�r Windows XP (KB969947)-->"C:\WINDOWS\$NtUninstallKB969947$\spuninst\spuninst.exe"
Sicherheitsupdate f�r Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"
Sicherheitsupdate f�r Windows XP (KB970430)-->"C:\WINDOWS\$NtUninstallKB970430$\spuninst\spuninst.exe"
Sicherheitsupdate f�r Windows XP (KB971468)-->"C:\WINDOWS\$NtUninstallKB971468$\spuninst\spuninst.exe"
Sicherheitsupdate f�r Windows XP (KB971486)-->"C:\WINDOWS\$NtUninstallKB971486$\spuninst\spuninst.exe"
Sicherheitsupdate f�r Windows XP (KB971557)-->"C:\WINDOWS\$NtUninstallKB971557$\spuninst\spuninst.exe"
Sicherheitsupdate f�r Windows XP (KB971633)-->"C:\WINDOWS\$NtUninstallKB971633$\spuninst\spuninst.exe"
Sicherheitsupdate f�r Windows XP (KB971657)-->"C:\WINDOWS\$NtUninstallKB971657$\spuninst\spuninst.exe"
Sicherheitsupdate f�r Windows XP (KB972270)-->"C:\WINDOWS\$NtUninstallKB972270$\spuninst\spuninst.exe"
Sicherheitsupdate f�r Windows XP (KB973346)-->"C:\WINDOWS\$NtUninstallKB973346$\spuninst\spuninst.exe"
Sicherheitsupdate f�r Windows XP (KB973354)-->"C:\WINDOWS\$NtUninstallKB973354$\spuninst\spuninst.exe"
Sicherheitsupdate f�r Windows XP (KB973507)-->"C:\WINDOWS\$NtUninstallKB973507$\spuninst\spuninst.exe"
Sicherheitsupdate f�r Windows XP (KB973525)-->"C:\WINDOWS\$NtUninstallKB973525$\spuninst\spuninst.exe"
Sicherheitsupdate f�r Windows XP (KB973869)-->"C:\WINDOWS\$NtUninstallKB973869$\spuninst\spuninst.exe"
Sicherheitsupdate f�r Windows XP (KB973904)-->"C:\WINDOWS\$NtUninstallKB973904$\spuninst\spuninst.exe"
Sicherheitsupdate f�r Windows XP (KB974112)-->"C:\WINDOWS\$NtUninstallKB974112$\spuninst\spuninst.exe"
Sicherheitsupdate f�r Windows XP (KB974318)-->"C:\WINDOWS\$NtUninstallKB974318$\spuninst\spuninst.exe"
Sicherheitsupdate f�r Windows XP (KB974392)-->"C:\WINDOWS\$NtUninstallKB974392$\spuninst\spuninst.exe"
Sicherheitsupdate f�r Windows XP (KB974571)-->"C:\WINDOWS\$NtUninstallKB974571$\spuninst\spuninst.exe"
Sicherheitsupdate f�r Windows XP (KB975025)-->"C:\WINDOWS\$NtUninstallKB975025$\spuninst\spuninst.exe"
Sicherheitsupdate f�r Windows XP (KB975467)-->"C:\WINDOWS\$NtUninstallKB975467$\spuninst\spuninst.exe"
Sicherheitsupdate f�r Windows XP (KB975560)-->"C:\WINDOWS\$NtUninstallKB975560$\spuninst\spuninst.exe"
Sicherheitsupdate f�r Windows XP (KB975561)-->"C:\WINDOWS\$NtUninstallKB975561$\spuninst\spuninst.exe"
Sicherheitsupdate f�r Windows XP (KB975562)-->"C:\WINDOWS\$NtUninstallKB975562$\spuninst\spuninst.exe"
Sicherheitsupdate f�r Windows XP (KB975713)-->"C:\WINDOWS\$NtUninstallKB975713$\spuninst\spuninst.exe"
Sicherheitsupdate f�r Windows XP (KB977165)-->"C:\WINDOWS\$NtUninstallKB977165$\spuninst\spuninst.exe"
Sicherheitsupdate f�r Windows XP (KB977816)-->"C:\WINDOWS\$NtUninstallKB977816$\spuninst\spuninst.exe"
Sicherheitsupdate f�r Windows XP (KB977914)-->"C:\WINDOWS\$NtUninstallKB977914$\spuninst\spuninst.exe"
Sicherheitsupdate f�r Windows XP (KB978037)-->"C:\WINDOWS\$NtUninstallKB978037$\spuninst\spuninst.exe"
Sicherheitsupdate f�r Windows XP (KB978251)-->"C:\WINDOWS\$NtUninstallKB978251$\spuninst\spuninst.exe"
Sicherheitsupdate f�r Windows XP (KB978262)-->"C:\WINDOWS\$NtUninstallKB978262$\spuninst\spuninst.exe"
Sicherheitsupdate f�r Windows XP (KB978338)-->"C:\WINDOWS\$NtUninstallKB978338$\spuninst\spuninst.exe"
Sicherheitsupdate f�r Windows XP (KB978542)-->"C:\WINDOWS\$NtUninstallKB978542$\spuninst\spuninst.exe"
Sicherheitsupdate f�r Windows XP (KB978601)-->"C:\WINDOWS\$NtUninstallKB978601$\spuninst\spuninst.exe"
Sicherheitsupdate f�r Windows XP (KB978706)-->"C:\WINDOWS\$NtUninstallKB978706$\spuninst\spuninst.exe"
Sicherheitsupdate f�r Windows XP (KB979309)-->"C:\WINDOWS\$NtUninstallKB979309$\spuninst\spuninst.exe"
Sicherheitsupdate f�r Windows XP (KB979482)-->"C:\WINDOWS\$NtUninstallKB979482$\spuninst\spuninst.exe"
Sicherheitsupdate f�r Windows XP (KB979559)-->"C:\WINDOWS\$NtUninstallKB979559$\spuninst\spuninst.exe"
Sicherheitsupdate f�r Windows XP (KB979683)-->"C:\WINDOWS\$NtUninstallKB979683$\spuninst\spuninst.exe"
Sicherheitsupdate f�r Windows XP (KB980195)-->"C:\WINDOWS\$NtUninstallKB980195$\spuninst\spuninst.exe"
Sicherheitsupdate f�r Windows XP (KB980218)-->"C:\WINDOWS\$NtUninstallKB980218$\spuninst\spuninst.exe"
Sicherheitsupdate f�r Windows XP (KB980232)-->"C:\WINDOWS\$NtUninstallKB980232$\spuninst\spuninst.exe"
SiSAGP driver-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{DC226AC9-0314-496C-BE6A-B6A132628466}\setup.exe" -l0x7 
Skype� 4.2-->MsiExec.exe /X{D103C4BA-F905-437A-8049-DB24763BBE36}
Sonic CinePlayer DVD Pack-->MsiExec.exe /I{D4576E0D-2295-4B8E-B663-B68086B00EE5}
Spelling Dictionaries Support For Adobe Reader 9-->MsiExec.exe /I{AC76BA86-7AD7-5464-3428-900000000004}
SPG-Verein 2.8-->C:\WINDOWS\AKDeInstall.exe /x "C:\uninst_spg_verein.dat"
System Requirements Lab-->C:\Programme\SystemRequirementsLab\Uninstall.exe
TeamViewer 3-->C:\Programme\TeamViewer3\uninstall.exe
TechniSat DVB-PC TV Star-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{D032A7F0-8B5C-4603-8B46-235025D5F9C1}\Setup.exe" -l0x7 anything -removeonly
TrueCrypt-->"C:\Programme\TrueCrypt\TrueCrypt Setup.exe" /u
UltraVNC v1.0.2-->"C:\Programme\UltraVNC\unins000.exe"
Uniwell  PLM v2.22 (CD06)-->MsiExec.exe /I{4BD44C14-85A1-4EC2-94D3-2F8CC2B80EA4}
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
Update f�r Windows Internet Explorer 8 (KB968220)-->"C:\WINDOWS\ie8updates\KB968220-IE8\spuninst\spuninst.exe"
Update f�r Windows Internet Explorer 8 (KB976662)-->"C:\WINDOWS\ie8updates\KB976662-IE8\spuninst\spuninst.exe"
Update f�r Windows Internet Explorer 8 (KB976749)-->"C:\WINDOWS\ie8updates\KB976749-IE8\spuninst\spuninst.exe"
Update f�r Windows Internet Explorer 8 (KB980182)-->"C:\WINDOWS\ie8updates\KB980182-IE8\spuninst\spuninst.exe"
Update f�r Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update f�r Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update f�r Windows XP (KB955759)-->"C:\WINDOWS\$NtUninstallKB955759$\spuninst\spuninst.exe"
Update f�r Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Update f�r Windows XP (KB961503)-->"C:\WINDOWS\$NtUninstallKB961503$\spuninst\spuninst.exe"
Update f�r Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
Update f�r Windows XP (KB968389)-->"C:\WINDOWS\$NtUninstallKB968389$\spuninst\spuninst.exe"
Update f�r Windows XP (KB971737)-->"C:\WINDOWS\$NtUninstallKB971737$\spuninst\spuninst.exe"
Update f�r Windows XP (KB973687)-->"C:\WINDOWS\$NtUninstallKB973687$\spuninst\spuninst.exe"
Update f�r Windows XP (KB973815)-->"C:\WINDOWS\$NtUninstallKB973815$\spuninst\spuninst.exe"
Visual C++ 2008 x86 Runtime - (v9.0.30729)-->MsiExec.exe /X{F333A33D-125C-32A2-8DCE-5C5D14231E27}
Visual C++ 2008 x86 Runtime - v9.0.30729.01-->C:\WINDOWS\system32\msiexec.exe /x {F333A33D-125C-32A2-8DCE-5C5D14231E27} /qb+ REBOOTPROMPT=""
VLC media player 0.9.6-->C:\Programme\VideoLAN\VLC\uninstall.exe
Wichtiges Update f�r Windows Media Player 11 (KB959772)-->"C:\WINDOWS\$NtUninstallKB959772_WM11$\spuninst\spuninst.exe"
Winamp-->"C:\Programme\Winamp\UninstWA.exe"
Windows Internet Explorer 8-->"C:\WINDOWS\ie8\spuninst\spuninst.exe"
Windows Live Anmelde-Assistent-->MsiExec.exe /I{52B97218-98CB-4B8B-9283-D213C85E1AA4}
Windows Live Call-->MsiExec.exe /I{5FC68772-6D56-41C6-9DF1-24E868198AE6}
Windows Live Communications Platform-->MsiExec.exe /I{3B4E636E-9D65-4D67-BA61-189800823F52}
Windows Live Essentials-->C:\Programme\Windows Live\Installer\wlarp.exe
Windows Live Essentials-->MsiExec.exe /I{91E04CA7-0B13-4F8C-AA4D-2A573AC96D19}
Windows Live Messenger-->MsiExec.exe /X{837B6259-6FF5-4E66-87C1-A5A15ED36FF4}
Windows Live-Uploadtool-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
Windows Media Format 11 runtime-->"C:\Programme\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Format SDK Hotfix - KB891122-->"C:\WINDOWS\$NtUninstallKB891122$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Programme\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}
Windows Presentation Foundation Language Pack (DEU)-->MsiExec.exe /X{92DF2F1B-F63C-4D9A-B3E1-B2D11AE29790}
Windows Presentation Foundation-->MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840}
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinFunktion Mathematik + 16-->MsiExec.exe /I{213B996A-A55B-4F9F-B897-2F8C4397EF97}
XML Paper Specification Shared Components Language Pack 1.0-->"C:\WINDOWS\$NtUninstallXPSEPSCLP$\spuninst\spuninst.exe"

======Security center information======

AV: AntiVir Desktop

======System event log======

Computer Name: KOWSKO1
Event Code: 4201
Message: Netzwerkadapter "AVM FRITZ!WLAN USB Stick v1.1 - Paketplaner-Miniport" wurde mit dem Netzwerk verbunden, und das
System wurde �ber das Netzwerk im normalen Zustand gestartet.

Record Number: 40092
Source Name: Tcpip
Time Written: 20100427133059.000000+120
Event Type: Informationen
User: 

Computer Name: KOWSKO1
Event Code: 14103
Message: QoS [Adapter {D07A2AD6-34E5-4622-9F16-E956C2720362}]:
Die Abfrage des Netzwerkkartentreibers nach OID_GEN_LINK_SPEED ist fehlgeschlagen.

Record Number: 40091
Source Name: PSched
Time Written: 20100427133057.000000+120
Event Type: Fehler
User: 

Computer Name: KOWSKO1
Event Code: 7034
Message: Dienst "WMI-Leistungsadapter" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Record Number: 40090
Source Name: Service Control Manager
Time Written: 20100427110424.000000+120
Event Type: Fehler
User: 

Computer Name: KOWSKO1
Event Code: 7036
Message: Dienst "Google Software Updater" befindet sich jetzt im Status "Beendet".

Record Number: 40089
Source Name: Service Control Manager
Time Written: 20100427102001.000000+120
Event Type: Informationen
User: 

Computer Name: KOWSKO1
Event Code: 7036
Message: Dienst "Google Software Updater" befindet sich jetzt im Status "Ausgef�hrt".

Record Number: 40088
Source Name: Service Control Manager
Time Written: 20100427101900.000000+120
Event Type: Informationen
User: 

=====Application event log=====

Computer Name: KOWSKO1
Event Code: 0
Message: 
Record Number: 5935
Source Name: gusvc
Time Written: 20090619143732.000000+120
Event Type: Informationen
User: 

Computer Name: KOWSKO1
Event Code: 0
Message: 
Record Number: 5934
Source Name: gupdate1c9856e576f0e44
Time Written: 20090619143732.000000+120
Event Type: Informationen
User: 

Computer Name: KOWSKO1
Event Code: 20
Message: 
Record Number: 5933
Source Name: Google Update
Time Written: 20090618232212.000000+120
Event Type: Fehler
User: NT-AUTORIT�T\SYSTEM

Computer Name: KOWSKO1
Event Code: 11728
Message: Produkt: Adobe Reader 9.1.2 - Deutsch -- Configuration completed successfully.

Record Number: 5932
Source Name: MsiInstaller
Time Written: 20090618230816.000000+120
Event Type: Informationen
User: KOWSKO1\***

Computer Name: KOWSKO1
Event Code: 1022
Message: Produkt: Adobe Reader 9.1.2 - Deutsch - Update "Adobe Reader 9.1.2 - CPSID_49166" wurde installiert.

Record Number: 5931
Source Name: MsiInstaller
Time Written: 20090618230816.000000+120
Event Type: Informationen
User: KOWSKO1\***

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Programme\QuickTime\QTSystem\
"windir"=%SystemRoot%
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 2 Stepping 7, GenuineIntel
"PROCESSOR_REVISION"=0207
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"FP_NO_HOST_CHECK"=NO
"CLASSPATH"=.;C:\Programme\Java\jre6\lib\ext\QTJava.zip
"QTJAVA"=C:\Programme\Java\jre6\lib\ext\QTJava.zip

-----------------EOF-----------------
         
--- --- ---

Alt 21.06.2010, 18:12   #5
Maddin92
 
Ordner "Internet Explorer Updater" unter Programme, nicht löschbar, vermutlich Malware - Standard

Ordner "Internet Explorer Updater" unter Programme, nicht löschbar, vermutlich Malware



HJT-Log:

Code:
ATTFilter
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 18:45:13, on 21.06.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Avira\AntiVir Desktop\sched.exe
C:\Programme\Gemeinsame Dateien\Seagate\Schedule2\schedul2.exe
C:\Programme\Avira\AntiVir Desktop\avguard.exe
C:\Programme\Java\jre6\bin\jqs.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\McAfee\SiteAdvisor\McSACore.exe
C:\Programme\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\OOD2000.exe
C:\Programme\Microsoft Private Folder 1.0\PrfldSvc.exe
C:\WINDOWS\system32\PSIService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programme\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programme\Microsoft ActiveSync\wcescomm.exe
C:\PROGRA~1\MICROS~4\rapimgr.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\Dokumente und Einstellungen\***\Desktop\HiJackThis204.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = hxxp://go.microsoft.com/fwlink/?LinkId=74005
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = fritz.box;192.168.178.1
R3 - URLSearchHook: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Programme\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [avgnt] "C:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [zinit32] C:\WINDOWS\ZInit32.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Programme\Microsoft ActiveSync\wcescomm.exe"
O4 - HKLM\..\Policies\Explorer\Run: [Internet Explorer Updater] c:\Internet Explorer Updater\IEUpdater\Internet Explorer Updater.exe
O4 - HKCU\..\Policies\Explorer\Run: [Internet Explorer Updater] c:\Internet Explorer Updater\IEUpdater\Internet Explorer Updater.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: CAPIControl.lnk = ?
O4 - Startup: FRITZ!DSL Protect.lnk = C:\Programme\FRITZ!DSL\FwebProt.exe
O4 - Startup: HomeNet Control.lnk = ?
O4 - Startup: WinFlip.lnk = C:\Dokumente und Einstellungen\***\Desktop\Installationsdateien\WFlip050\WinFlip.exe
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra 'Tools' menuitem: Mobilen Favoriten erstellen... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.8.cab
O16 - DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} (WebSDev Control) - hxxp://liveupdate.msi.com.tw/autobios/LOnline/install.cab
O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Programme\Gemeinsame Dateien\Seagate\Schedule2\schedul2.exe
O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Programme\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Programme\Avira\AntiVir Desktop\avguard.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: Google Update Service (gupdate1c9856e576f0e44) (gupdate1c9856e576f0e44) - Google Inc. - C:\Programme\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programme\Java\jre6\bin\jqs.exe
O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - C:\Programme\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Programme\CDBurnerXP\NMSAccessU.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: O&O Defrag 2000 (OOD2000) - O&O Software GmbH - C:\WINDOWS\system32\OOD2000.exe
O23 - Service: Private Folder Service (prfldsvc) - Unknown owner - C:\Programme\Microsoft Private Folder 1.0\PrfldSvc.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe

--
End of file - 8573 bytes
         


Alt 28.06.2010, 13:46   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Ordner "Internet Explorer Updater" unter Programme, nicht löschbar, vermutlich Malware - Standard

Ordner "Internet Explorer Updater" unter Programme, nicht löschbar, vermutlich Malware



Hallo und

Bitte nen Vollscan mit Malwarebytes machen und Log posten. Denk daran, das Tool vorher zu aktualisieren.

Danach OTL:

Systemscan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles hier in den Thread.
__________________
--> Ordner "Internet Explorer Updater" unter Programme, nicht löschbar, vermutlich Malware

Alt 29.06.2010, 21:19   #7
Maddin92
 
Ordner "Internet Explorer Updater" unter Programme, nicht löschbar, vermutlich Malware - Standard

Ordner "Internet Explorer Updater" unter Programme, nicht löschbar, vermutlich Malware



Hallo,

danke für deine Antwort. Anbei die Logs. MBAM hat 3 Dateien gefunden, wovon 2 allerdings zu CryptLoad gehören, die andere habe ich gelöscht.

Gruß
Martin

Code:
ATTFilter
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 4258

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

29.06.2010 21:38:30
mbam-log-2010-06-29 (21-38-30).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Durchsuchte Objekte: 227653
Laufzeit: 1 Stunde(n), 49 Minute(n), 6 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 3

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
C:\System Volume Information\_restore{F2FE938B-A755-4FC6-80EC-148EA957A80F}\RP509\A0113562.exe (Malware.Packer) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\Kowsko\Desktop\CryptLoad_1.1.8\ocr\netload.in\asmCaptcha\test.exe (Malware.Packer) -> Not selected for removal.
C:\Dokumente und Einstellungen\Kowsko\Desktop\CryptLoad_1.1.8\router\FRITZ!Box\nc.exe (PUP.KeyLogger) -> Not selected for removal.
         





Code:
ATTFilter
OTL logfile created on: 29.06.2010 21:45:09 - Run 1
OTL by OldTimer - Version 3.2.7.0     Folder = C:\Dokumente und Einstellungen\***\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1.023,00 Mb Total Physical Memory | 595,00 Mb Available Physical Memory | 58,00% Memory free
2,00 Gb Paging File | 2,00 Gb Available in Paging File | 86,00% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 111,79 Gb Total Space | 54,39 Gb Free Space | 48,66% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: ***1
Current User Name: ***
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Processes (SafeList) ==========
 
PRC - C:\Dokumente und Einstellungen\***\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Programme\McAfee\SiteAdvisor\McSACore.exe (McAfee, Inc.)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\CDBurnerXP\NMSAccessU.exe ()
PRC - C:\Programme\Gemeinsame Dateien\Seagate\Schedule2\schedul2.exe (Acronis)
PRC - C:\WINDOWS\soundman.exe (Realtek Semiconductor Corp.)
PRC - C:\Programme\Microsoft ActiveSync\wcescomm.exe (Microsoft Corporation)
PRC - C:\Programme\Microsoft ActiveSync\rapimgr.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\PSIService.exe ()
PRC - C:\Programme\Microsoft Private Folder 1.0\PrfldSvc.exe ()
PRC - C:\WINDOWS\system32\BRSVC01A.EXE (brother Industries Ltd)
PRC - C:\WINDOWS\system32\BRSS01A.EXE (brother Industries Ltd)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Dokumente und Einstellungen\***\Desktop\OTL.exe (OldTimer Tools)
MOD - c:\Programme\McAfee\SiteAdvisor\sahook.dll (McAfee, Inc.)
MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation)
MOD - C:\WINDOWS\system32\nview.dll ()
MOD - C:\WINDOWS\system32\nvwimg.dll ()
MOD - C:\WINDOWS\system32\nvwrsde.dll (NVIDIA Corporation)
MOD - C:\WINDOWS\system32\nvwddi.dll (NVIDIA Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (McAfee SiteAdvisor Service) -- C:\Programme\McAfee\SiteAdvisor\McSACore.exe (McAfee, Inc.)
SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (NMSAccessU) -- C:\Programme\CDBurnerXP\NMSAccessU.exe ()
SRV - (AcrSch2Svc) -- C:\Programme\Gemeinsame Dateien\Seagate\Schedule2\schedul2.exe (Acronis)
SRV - (ProtexisLicensing) -- C:\WINDOWS\system32\PSIService.exe ()
SRV - (prfldsvc) -- C:\Programme\Microsoft Private Folder 1.0\PrfldSvc.exe ()
SRV - (ose) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (Brother XP spl Service) -- C:\WINDOWS\system32\BRSVC01A.EXE (brother Industries Ltd)
SRV - (OOD2000) -- C:\WINDOWS\System32\OOD2000.exe (O&O Software GmbH)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH)
DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (Lbd) -- C:\WINDOWS\system32\DRIVERS\Lbd.sys (Lavasoft AB)
DRV - (ctsfm2k) -- C:\WINDOWS\system32\drivers\ctsfm2k.sys (Creative Technology Ltd)
DRV - (ossrv) -- C:\WINDOWS\system32\drivers\ctoss2k.sys (Creative Technology Ltd.)
DRV - (ctdvda2k) -- C:\WINDOWS\system32\drivers\ctdvda2k.sys (Creative Technology Ltd)
DRV - (truecrypt) -- C:\WINDOWS\system32\drivers\truecrypt.sys (TrueCrypt Foundation)
DRV - (ALCXWDM) Service for Realtek AC97 Audio (WDM) -- C:\WINDOWS\system32\drivers\alcxwdm.sys (Realtek Semiconductor Corp.)
DRV - (FWLANUSB) -- C:\WINDOWS\system32\drivers\fwlanusb.sys (AVM GmbH)
DRV - (avmeject) -- C:\WINDOWS\system32\drivers\avmeject.sys (AVM Berlin)
DRV - (avmaura) -- C:\WINDOWS\system32\drivers\avmaura.sys (AVM Berlin)
DRV - (gameenum) -- C:\WINDOWS\system32\drivers\gameenum.sys (Microsoft Corporation)
DRV - (usbaudio) USB-Audiotreiber (WDM) -- C:\WINDOWS\system32\drivers\USBAUDIO.sys (Microsoft Corporation)
DRV - (sptd) -- C:\WINDOWS\System32\Drivers\sptd.sys ()
DRV - (timounter) -- C:\WINDOWS\system32\DRIVERS\timntr.sys (Acronis)
DRV - (tifsfilter) -- C:\WINDOWS\system32\drivers\tifsfilt.sys (Acronis)
DRV - (snapman) -- C:\WINDOWS\system32\DRIVERS\snapman.sys (Acronis)
DRV - (SKYNET) -- C:\WINDOWS\system32\drivers\SkyNET.sys (TechniSat Digital, S.A.)
DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation)
DRV - (Prvflder) -- C:\WINDOWS\system32\drivers\prvflder.sys (Windows (R) 2000 DDK provider)
DRV - (ATITool) -- C:\WINDOWS\system32\drivers\ATITool.sys ()
DRV - (sfdrv01) StarForce Protection Environment Driver (version 1.x) -- C:\WINDOWS\System32\drivers\sfdrv01.sys (Protection Technology)
DRV - (sfhlp02) StarForce Protection Helper Driver (version 2.x) -- C:\WINDOWS\System32\drivers\sfhlp02.sys (Protection Technology)
DRV - (sfsync02) StarForce Protection Synchronization Driver (version 2.x) -- C:\WINDOWS\System32\drivers\sfsync02.sys (Protection Technology)
DRV - (SISNIC) -- C:\WINDOWS\system32\drivers\sisnic.sys (SiS Corporation)
DRV - (WmHidLo) -- C:\WINDOWS\system32\drivers\WmHidLo.sys (Logitech Inc.)
DRV - (WmFilter) -- C:\WINDOWS\system32\drivers\WmFilter.sys (Logitech Inc.)
DRV - (WmBEnum) -- C:\WINDOWS\system32\drivers\WmBEnum.sys (Logitech Inc.)
DRV - (WmVirHid) -- C:\WINDOWS\system32\drivers\WmVirHid.sys (Logitech Inc.)
DRV - (WmXlCore) -- C:\WINDOWS\system32\drivers\WmXlCore.sys (Logitech Inc.)
DRV - (NSNDIS5) -- C:\WINDOWS\system32\nsndis5.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (vmm) -- C:\WINDOWS\system32\drivers\VMM.sys (Microsoft Corporation)
DRV - (VPCNetS2) -- C:\WINDOWS\system32\drivers\VMNetSrv.sys (Microsoft Corporation)
DRV - (sisagp) -- C:\WINDOWS\system32\DRIVERS\SISAGPX.sys (Silicon Integrated Systems Corporation)
DRV - (jfdcd) -- C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Temp\jfdcd.sys ()
DRV - (Cinemsup) -- C:\WINDOWS\system32\drivers\cinemsup.sys (Sonic Solutions)
DRV - (ms_mpu401) -- C:\WINDOWS\system32\drivers\msmpu401.sys (Microsoft Corporation)
DRV - (QCDonner) -- C:\WINDOWS\system32\drivers\OVCD.sys (Microsoft Corporation)
DRV - (BrPar) -- C:\WINDOWS\System32\drivers\BrPar.sys (Brother Industries Ltd.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/
IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Programme\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = fritz.box;192.168.178.1
 
========== FireFox ==========
 
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2
FF - prefs.js..extensions.enabledItems: {1018e4d6-728f-4b20-ad56-37578a4de76b}:4.0.5
FF - prefs.js..extensions.enabledItems: {df4e4df5-5cb7-46b0-9aef-6c784c3249f8}:1.0.8
FF - prefs.js..extensions.enabledItems: {EF522540-89F5-46b9-B6FE-1829E2B572C6}:4.3
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: locationbar2@design-noir.de:1.0.5
FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.1
 
FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Programme\Real\RealPlayer\browserrecord [2008.04.09 15:34:51 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Programme\McAfee\SiteAdvisor [2010.06.04 22:40:51 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Programme\Mozilla Firefox\components [2010.04.12 16:05:03 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2010.05.04 14:56:03 | 000,000,000 | ---D | M]
 
[2009.03.16 17:57:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Extensions
[2009.02.22 22:08:19 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Extensions\{a23983c0-fd0e-11dc-95ff-0800200c9a66}
[2009.03.16 17:57:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Extensions\songbird@songbirdnest.com
[2009.02.22 22:08:19 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Fennec\Profiles\94gd9dro.default\extensions
[2010.06.20 17:06:07 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\r0ofb9bm.default\extensions
[2010.05.17 15:42:27 | 000,000,000 | ---D | M] (Flagfox) -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\r0ofb9bm.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}
[2010.06.03 18:08:06 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\r0ofb9bm.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.05.17 15:42:27 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\r0ofb9bm.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010.05.17 15:42:26 | 000,000,000 | ---D | M] (Fox!Box [de]) -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\r0ofb9bm.default\extensions\{df4e4df5-5cb7-46b0-9aef-6c784c3249f8}
[2009.07.27 14:46:49 | 000,000,000 | ---D | M] (User Agent Switcher) -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\r0ofb9bm.default\extensions\{e968fc70-8f95-4ab9-9e79-304de2a71ee1}
[2010.05.17 15:42:40 | 000,000,000 | ---D | M] (SearchPreview) -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\r0ofb9bm.default\extensions\{EF522540-89F5-46b9-B6FE-1829E2B572C6}
[2009.03.23 20:22:16 | 000,000,000 | ---D | M] (Mouse Gestures Redox) -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\r0ofb9bm.default\extensions\{FFA36170-80B1-4535-B0E3-A4569E497DD0}
[2010.05.17 15:42:29 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\r0ofb9bm.default\extensions\locationbar2@design-noir.de
[2009.06.25 20:59:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\r0ofb9bm.default\extensions\longurlplease@darragh.curran
[2009.05.24 15:36:38 | 000,000,916 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\r0ofb9bm.default\searchplugins\pons-englisch--deutsch.xml
[2010.06.20 17:06:07 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions
[2010.01.24 19:46:15 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.01.24 19:46:16 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.01.24 19:46:16 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.01.24 19:46:16 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.01.24 19:46:16 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2002.08.29 14:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Programme\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Programme\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Programme\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\nvmctray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\soundman.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [zinit32] C:\WINDOWS\Zinit32.exe (Agenda Informationssysteme GmbH)
O4 - HKCU..\Run: [H/PC Connection Agent] C:\Programme\Microsoft ActiveSync\wcescomm.exe (Microsoft Corporation)
O4 - Startup: C:\Dokumente und Einstellungen\***\Startmenü\Programme\Autostart\CAPIControl.lnk = C:\Programme\DeTeWe\OpenDimension\driver\Capictrl.exe File not found
O4 - Startup: C:\Dokumente und Einstellungen\***\Startmenü\Programme\Autostart\FRITZ!DSL Protect.lnk = C:\Programme\FRITZ!DSL\FwebProt.exe File not found
O4 - Startup: C:\Dokumente und Einstellungen\***\Startmenü\Programme\Autostart\HomeNet Control.lnk = C:\Programme\DeTeWe\OpenDimension\driver\HNetCtrl.exe File not found
O4 - Startup: C:\Dokumente und Einstellungen\***\Startmenü\Programme\Autostart\WinFlip.lnk = C:\Dokumente und Einstellungen\***\Desktop\Installationsdateien\WFlip050\WinFlip.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: Internet Explorer Updater = c:\Internet Explorer Updater\IEUpdater\Internet Explorer Updater.exe File not found
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 91 00 00 00  [binary data]
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: Internet Explorer Updater = c:\Internet Explorer Updater\IEUpdater\Internet Explorer Updater.exe File not found
O9 - Extra Button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Programme\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Mobilen Favoriten erstellen... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Programme\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O15 - HKCU\..Trusted Domains: fritz.box ([]* in Local intranet)
O15 - HKCU\..Trusted Ranges: Range1 ([*] in Local intranet)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.8.cab (DLM Control)
O16 - DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} hxxp://liveupdate.msi.com.tw/autobios/LOnline/install.cab (WebSDev Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file:///C:/WINDOWS/Java/classes/xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Programme\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Programme\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O30 - LSA: Authentication Packages - (relog_ap) - C:\WINDOWS\System32\relog_ap.dll (Acronis)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008.04.02 15:52:21 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2007.08.17 14:48:16 | 000,000,040 | ---- | M] () - C:\autorun.inf -- [ NTFS ]
O33 - MountPoints2\{ee1f1cc0-68d6-11de-b293-001c4af66951}\Shell - "" = AutoRun
O33 - MountPoints2\{ee1f1cc0-68d6-11de-b293-001c4af66951}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\H\Shell - "" = AutoRun
O33 - MountPoints2\H\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\H\Shell\AutoRun\command - "" = H:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2010.06.29 21:44:24 | 000,574,464 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\***\Desktop\OTL.exe
[2010.06.20 18:56:42 | 000,000,000 | ---D | C] -- C:\rsit
[2010.06.20 18:36:14 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Malwarebytes
[2010.06.20 18:36:03 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010.06.20 18:36:01 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010.06.20 18:36:01 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
[2010.06.20 18:36:00 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2010.06.20 18:29:29 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\***\Recent
[2010.06.20 18:16:04 | 000,000,000 | ---D | C] -- C:\Programme\CCleaner
[2010.06.20 18:14:30 | 006,153,648 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Dokumente und Einstellungen\***\Desktop\mbam-setup.exe
[2010.06.20 17:54:38 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Dokumente und Einstellungen\***\Desktop\HiJackThis204.exe
[2010.06.16 19:44:07 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Desktop\Weidi Forrest Gump
[2010.06.16 18:14:35 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Desktop\CryptLoad_1.1.8
[2010.06.16 08:20:02 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\Temp
[2010.06.15 19:25:23 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Desktop\usb stick pfälzer klang
[2010.06.12 12:13:05 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Facebook
[2010.06.11 12:49:17 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2010.06.11 10:56:00 | 000,743,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iedvtool.dll
[2010.06.09 20:29:11 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Desktop\bilder und videos
[2010.06.09 17:03:46 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Desktop\m
[2010.06.08 18:35:21 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Desktop\bk weinblatt
[2010.06.07 16:54:42 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Desktop\Rom Flashen
[2010.06.07 15:58:37 | 000,000,000 | ---D | C] -- C:\Programme\PocketRAR
[2010.06.06 13:16:02 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Desktop\WM Programme
[2010.06.06 12:29:15 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Desktop\My Mobile
[2010.06.06 01:39:28 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft ActiveSync
[2010.06.04 11:36:44 | 000,137,000 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MSMAPI32.OCX
[2010.06.04 11:36:42 | 000,158,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MSCMCDE.DLL
[2010.06.04 11:36:42 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MSCC2DE.DLL
[2010.06.04 11:36:42 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MSMPIDE.DLL
[2010.06.04 11:36:41 | 000,000,000 | ---D | C] -- C:\Programme\PDFCreator
[2010.06.03 15:45:18 | 000,060,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\USBAUDIO.sys
[2010.06.03 15:45:18 | 000,060,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbaudio.sys
[2008.10.07 23:42:42 | 000,060,928 | ---- | C] ( ) -- C:\WINDOWS\System32\a3d.dll
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[3 C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\*.tmp files -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2010.06.29 21:44:24 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\***\Desktop\OTL.exe
[2010.06.29 21:43:17 | 000,000,032 | ---- | M] () -- C:\WINDOWS\AROEY95.INI
[2010.06.29 21:43:10 | 000,088,566 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2010.06.29 21:43:02 | 000,001,084 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010.06.29 21:40:49 | 000,001,044 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2010.06.29 21:40:36 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010.06.29 21:40:32 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010.06.29 21:40:30 | 1073,274,880 | -HS- | M] () -- C:\hiberfil.sys
[2010.06.29 21:39:24 | 007,340,032 | ---- | M] () -- C:\Dokumente und Einstellungen\***\ntuser.dat
[2010.06.29 21:39:24 | 000,000,300 | -HS- | M] () -- C:\Dokumente und Einstellungen\***\ntuser.ini
[2010.06.29 21:25:06 | 000,001,088 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010.06.29 21:14:39 | 000,001,220 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUser.job
[2010.06.29 19:30:41 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010.06.20 18:36:06 | 000,000,676 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.06.20 18:16:10 | 000,001,512 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Desktop\CCleaner.lnk
[2010.06.20 18:15:04 | 006,153,648 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Dokumente und Einstellungen\***\Desktop\mbam-setup.exe
[2010.06.20 18:14:47 | 000,824,681 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Desktop\RSIT.exe
[2010.06.20 17:54:43 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Dokumente und Einstellungen\***\Desktop\HiJackThis204.exe
[2010.06.19 20:21:47 | 000,002,509 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Desktop\Microsoft Office Word 2003.lnk
[2010.06.19 17:29:26 | 000,020,992 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Desktop\vvl 1und1.doc
[2010.06.16 20:41:00 | 000,075,239 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Desktop\EV_Fehlende_Teile.pdf
[2010.06.16 19:40:14 | 000,004,705 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Desktop\19413612874be2ed78f197d.ccf
[2010.06.15 22:24:51 | 000,060,416 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\ALCFDRTM.VER
[2010.06.14 01:28:57 | 000,020,992 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Desktop\Review of Jerzy Kosinskis book.doc
[2010.06.13 12:32:26 | 000,050,628 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Desktop\maddingoddiyannick#.jpg
[2010.06.12 14:05:14 | 000,301,549 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Desktop\IMAG0019.jpg
[2010.06.12 12:13:20 | 000,452,832 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat
[2010.06.12 12:13:20 | 000,435,530 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010.06.12 12:13:20 | 000,081,208 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat
[2010.06.12 12:13:20 | 000,068,426 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010.06.12 12:13:19 | 001,044,938 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010.06.11 21:07:36 | 013,683,542 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Desktop\VIDEO0010.mp4
[2010.06.11 19:13:54 | 000,228,000 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010.06.11 12:48:39 | 000,000,634 | ---- | M] () -- C:\WINDOWS\win.ini
[2010.06.10 22:46:17 | 000,520,459 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Desktop\astra st.jpg
[2010.06.09 16:49:12 | 002,037,702 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Desktop\e3c.jpg
[2010.06.09 16:42:40 | 003,254,056 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Desktop\e3.jpg
[2010.06.09 16:38:38 | 002,881,975 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Desktop\e2.jpg
[2010.06.09 16:35:51 | 001,678,360 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Desktop\e.jpg
[2010.06.07 20:55:00 | 000,347,096 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Desktop\mymobiler screenshot.jpg
[2010.06.07 19:07:29 | 000,071,115 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Desktop\800from1.jpg
[2010.06.07 19:00:54 | 000,002,187 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Desktop\Microsoft ActiveSync.lnk
[2010.06.06 01:43:54 | 000,002,528 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\$_hpcst$.hpc
[2010.06.05 13:23:15 | 000,007,709 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Desktop\leppel sau voll.jpg
[2010.06.04 10:28:21 | 000,006,279 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Desktop\bookmarks-2010-06-04 vor ref akt
[2010.06.01 21:48:22 | 000,000,258 | ---- | M] () -- C:\WINDOWS\.ini
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[3 C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\*.tmp files -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2010.06.20 18:36:06 | 000,000,676 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.06.20 18:16:09 | 000,001,512 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Desktop\CCleaner.lnk
[2010.06.20 18:14:41 | 000,824,681 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Desktop\RSIT.exe
[2010.06.19 17:29:26 | 000,020,992 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Desktop\vvl 1und1.doc
[2010.06.16 20:41:00 | 000,075,239 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Desktop\EV_Fehlende_Teile.pdf
[2010.06.16 19:40:12 | 000,004,705 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Desktop\19413612874be2ed78f197d.ccf
[2010.06.14 00:28:49 | 000,020,992 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Desktop\Review of Jerzy Kosinskis book.doc
[2010.06.13 12:32:25 | 000,050,628 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Desktop\maddingoddiyannick#.jpg
[2010.06.12 15:14:21 | 013,683,542 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Desktop\VIDEO0010.mp4
[2010.06.12 14:16:43 | 000,301,549 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Desktop\IMAG0019.jpg
[2010.06.10 22:46:16 | 000,520,459 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Desktop\astra st.jpg
[2010.06.09 16:49:11 | 002,037,702 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Desktop\e3c.jpg
[2010.06.09 16:42:39 | 003,254,056 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Desktop\e3.jpg
[2010.06.09 16:38:38 | 002,881,975 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Desktop\e2.jpg
[2010.06.09 16:35:50 | 001,678,360 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Desktop\e.jpg
[2010.06.07 20:55:00 | 000,347,096 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Desktop\mymobiler screenshot.jpg
[2010.06.07 19:07:29 | 000,071,115 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Desktop\800from1.jpg
[2010.06.06 13:01:47 | 000,002,187 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Desktop\Microsoft ActiveSync.lnk
[2010.06.06 01:43:54 | 000,002,528 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\$_hpcst$.hpc
[2010.06.05 13:23:15 | 000,007,709 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Desktop\leppel sau voll.jpg
[2010.06.04 11:36:44 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\pdfcmnnt.dll
[2010.06.04 10:28:21 | 000,006,279 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Desktop\bookmarks-2010-06-04 vor ref akt
[2010.02.03 22:04:33 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2010.02.01 21:54:20 | 000,000,032 | ---- | C] () -- C:\WINDOWS\AROEY95.INI
[2009.08.10 15:58:44 | 000,000,667 | ---- | C] () -- C:\WINDOWS\Banana3.ini
[2009.05.25 20:52:08 | 000,000,029 | ---- | C] () -- C:\WINDOWS\sfbm.INI
[2009.05.25 20:46:08 | 000,000,152 | ---- | C] () -- C:\WINDOWS\CoolPlay.ini
[2009.03.12 17:31:14 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll
[2009.03.10 17:03:57 | 000,000,000 | ---- | C] () -- C:\WINDOWS\tosOBEX.INI
[2008.10.18 13:00:40 | 000,000,258 | ---- | C] () -- C:\WINDOWS\.ini
[2008.10.11 13:04:49 | 000,554,496 | ---- | C] () -- C:\WINDOWS\System32\dvmsg.dll
[2008.09.16 18:15:13 | 000,001,037 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2008.09.06 21:15:45 | 000,000,123 | ---- | C] () -- C:\WINDOWS\Winchat.ini
[2008.08.27 21:49:20 | 000,024,580 | ---- | C] () -- C:\WINDOWS\System32\wsfaxmon.dll
[2008.08.27 21:48:54 | 000,000,000 | ---- | C] () -- C:\WINDOWS\OAISetup.INI
[2008.08.27 21:48:45 | 000,000,059 | ---- | C] () -- C:\WINDOWS\WINPHONE.INI
[2008.08.04 18:35:38 | 000,000,039 | ---- | C] () -- C:\WINDOWS\BRDIAG.INI
[2008.08.04 18:35:38 | 000,000,023 | ---- | C] () -- C:\WINDOWS\Brownie.ini
[2008.08.04 18:35:38 | 000,000,000 | ---- | C] () -- C:\WINDOWS\BROHL143.INI
[2008.08.04 18:35:23 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\BROSNMP.DLL
[2008.08.04 18:35:23 | 000,026,624 | ---- | C] () -- C:\WINDOWS\System32\BRGSRC32.DLL
[2008.08.04 18:35:23 | 000,004,608 | ---- | C] () -- C:\WINDOWS\System32\BRGSRC16.DLL
[2008.08.04 18:35:21 | 000,013,110 | ---- | C] () -- C:\WINDOWS\HL-1430.INI
[2008.08.03 19:23:07 | 000,000,040 | ---- | C] () -- C:\WINDOWS\opt_1430.ini
[2008.08.03 18:58:57 | 000,000,040 | ---- | C] () -- C:\WINDOWS\opt_1470.ini
[2008.08.03 18:58:56 | 000,000,030 | ---- | C] () -- C:\WINDOWS\System32\brss01a.ini
[2008.08.03 18:58:55 | 000,000,052 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI
[2008.08.03 14:32:36 | 000,000,057 | ---- | C] () -- C:\WINDOWS\brmx2001.ini
[2008.08.03 14:32:36 | 000,000,040 | ---- | C] () -- C:\WINDOWS\opt_1440.ini
[2008.08.03 14:31:50 | 000,000,502 | ---- | C] () -- C:\WINDOWS\brwmark.ini
[2008.06.28 12:44:28 | 000,000,916 | ---- | C] () -- C:\WINDOWS\GTA-SA_Trn_Settings.ini
[2008.04.25 09:11:45 | 000,244,984 | ---- | C] () -- C:\WINDOWS\TUTIL32.DLL
[2008.04.25 09:11:44 | 000,000,000 | ---- | C] () -- C:\WINDOWS\tm.ini
[2008.04.25 09:11:09 | 001,573,888 | ---- | C] () -- C:\WINDOWS\System32\WertZu80.dll
[2008.04.22 17:10:54 | 000,016,384 | ---- | C] () -- C:\WINDOWS\System32\ood2kmsg.dll
[2008.04.22 17:10:53 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\OODCSPRO.dll
[2008.04.07 14:50:11 | 000,000,400 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008.04.06 19:14:44 | 000,717,296 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2008.01.31 17:18:14 | 000,009,216 | ---- | C] () -- C:\WINDOWS\System32\drivers\FlashSys.sys
[2006.11.10 15:08:50 | 000,024,064 | ---- | C] () -- C:\WINDOWS\System32\drivers\ATITool.sys
[2006.10.22 13:22:00 | 001,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2006.10.22 13:22:00 | 001,470,464 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2006.10.22 13:22:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2006.10.22 13:22:00 | 000,581,632 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2006.10.22 13:22:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2006.10.22 13:22:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2006.10.22 13:22:00 | 000,212,992 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
[2006.06.09 15:20:04 | 000,003,072 | ---- | C] () -- C:\WINDOWS\CTXFIGER.DLL
[2003.02.20 17:53:42 | 000,005,702 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[1999.09.20 10:05:32 | 000,013,387 | ---- | C] () -- C:\WINDOWS\System32\CinemSup.sys
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 498 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:05EE1EEF
< End of report >
         
--- --- ---








Code:
ATTFilter
OTL Extras logfile created on: 29.06.2010 21:45:09 - Run 1
OTL by OldTimer - Version 3.2.7.0     Folder = C:\Dokumente und Einstellungen\***\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1.023,00 Mb Total Physical Memory | 595,00 Mb Available Physical Memory | 58,00% Memory free
2,00 Gb Paging File | 2,00 Gb Available in Paging File | 86,00% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 111,79 Gb Total Space | 54,39 Gb Free Space | 48,66% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: ***1
Current User Name: ***
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
http [open] -- "C:\Programme\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Programme\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- C:\Programme\VideoLAN\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- C:\Programme\VideoLAN\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Programme\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Programme\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Programme\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Programme\Windows Live\Messenger\wlcsdk.exe" = C:\Programme\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Programme\Microsoft ActiveSync\rapimgr.exe" = C:\Programme\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager -- (Microsoft Corporation)
"C:\Programme\Microsoft ActiveSync\wcescomm.exe" = C:\Programme\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager -- (Microsoft Corporation)
"C:\Programme\Microsoft ActiveSync\WCESMgr.exe" = C:\Programme\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application -- (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Programme\QIP\qip.exe" = C:\Programme\QIP\qip.exe:*:Enabled:Quiet Internet Pager -- (The Author of QIP)
"C:\Programme\imageN\imageN.exe" = C:\Programme\imageN\imageN.exe:*:Enabled:imageN -- File not found
"C:\Programme\TmNationsForever\TmForever.exe" = C:\Programme\TmNationsForever\TmForever.exe:*:Enabled:TmForever -- File not found
"C:\Programme\TeamViewer3\TeamViewer.exe" = C:\Programme\TeamViewer3\TeamViewer.exe:*:Enabled:TeamViewer Remote Control Application -- (TeamViewer GmbH)
"C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Apps\2.0\LNEL6MGP.8CV\ZH5GTZNR.8MH\frit..tion_f8d772dfbb3f7453_0002.0001_0db5bf0f9b5c5281\fritzbox-usb-fernanschluss.exe" = C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Apps\2.0\LNEL6MGP.8CV\ZH5GTZNR.8MH\frit..tion_f8d772dfbb3f7453_0002.0001_0db5bf0f9b5c5281\fritzbox-usb-fernanschluss.exe:*:Enabled:FRITZ!Box USB-Fernanschluss -- (AVM Berlin)
"C:\Programme\FRITZ!Box Monitor\FRITZBoxMonitor.exe" = C:\Programme\FRITZ!Box Monitor\FRITZBoxMonitor.exe:*:Enabled:FRITZ!Box Monitor -- File not found
"C:\Programme\Tobit ClipInc\Server\ClipInc-Server.exe" = C:\Programme\Tobit ClipInc\Server\ClipInc-Server.exe:*:Enabled:ClipInc Server -- File not found
"C:\Programme\Tobit ClipInc\Player\ClipInc-Player.exe" = C:\Programme\Tobit ClipInc\Player\ClipInc-Player.exe:*:Enabled:ClipInc Player -- File not found
"C:\Programme\SiSoftware\SiSoftware Sandra Lite 2009.SP2\WNt500x86\RpcSandraSrv.exe" = C:\Programme\SiSoftware\SiSoftware Sandra Lite 2009.SP2\WNt500x86\RpcSandraSrv.exe:*:Enabled:SiSoftware Sandra Agent Service -- File not found
"C:\Dokumente und Einstellungen\***\Anwendungsdaten\U3\173871141200354A\0DE4F643-C398-46ec-9339-2362F2311932\Exec\skype.exe" = C:\Dokumente und Einstellungen\***\Anwendungsdaten\U3\173871141200354A\0DE4F643-C398-46ec-9339-2362F2311932\Exec\skype.exe:*:Enabled:skype -- File not found
"C:\Programme\Windows Live\Messenger\wlcsdk.exe" = C:\Programme\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Programme\Microsoft ActiveSync\rapimgr.exe" = C:\Programme\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager -- (Microsoft Corporation)
"C:\Programme\Microsoft ActiveSync\wcescomm.exe" = C:\Programme\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager -- (Microsoft Corporation)
"C:\Programme\Microsoft ActiveSync\WCESMgr.exe" = C:\Programme\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application -- (Microsoft Corporation)
"C:\Dokumente und Einstellungen\***\Desktop\My Mobile\MyMobiler\MyMobiler.exe" = C:\Dokumente und Einstellungen\***\Desktop\My Mobile\MyMobiler\MyMobiler.exe:*:Enabled:My Mobiler -- (MTUX Corp)
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{04830D0F-F980-4EC0-89F1-594F2FD2A1B5}" = ElsterFormular 2008/2009
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86
"{213B996A-A55B-4F9F-B897-2F8C4397EF97}" = WinFunktion Mathematik + 16
"{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}" = QuickTime
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216010FF}" = Java(TM) 6 Update 13
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java(TM) 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}" = McAfee SiteAdvisor
"{3AE8FC9B-0784-4ACB-92FE-69683FB905CA}_is1" = GTR
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3D24A762-F5A2-41C1-9F0A-300B4D8D5A2B}" = Mathe Klasse 8-10
"{4BD44C14-85A1-4EC2-94D3-2F8CC2B80EA4}" = Uniwell  PLM v2.22 (CD06)
"{4BDFD2CE-6329-42E4-9801-9B3D1F10D79B}" = Adobe® Photoshop® Album Starter Edition 3.0
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{644EA08F-87D2-48C0-AE94-B327D1C85A97}" = Microsoft Private Folder 1.0
"{648F9C94-EC44-487B-9DA4-44ED72A082CC}" = Logitech Gaming Software
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6C7DDE5A-6A22-4D65-BA0F-AB41289A1E70}" = Microsoft Windows CE 5.0 Emulator
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{81A60A13-224D-4637-8203-3EAC03B121A4}" = Seagate*DiscWizard
"{837B6259-6FF5-4E66-87C1-A5A15ED36FF4}" = Windows Live Messenger
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{91E04CA7-0B13-4F8C-AA4D-2A573AC96D19}" = Windows Live Essentials
"{92DF2F1B-F63C-4D9A-B3E1-B2D11AE29790}" = Windows Presentation Foundation Language Pack (DEU)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{99052DB7-9592-4522-A558-5417BBAD48EE}" = Microsoft ActiveSync
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A8AD990E-355A-4413-8647-A9B168978423}_is1" = UltraVNC v1.0.2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-A93000000001}" = Adobe Reader 9.3.2 - Deutsch
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C2C284D2-6BD7-3B34-B0C5-B2CAED168DF7}" = Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - DEU
"{C314CE45-3392-3B73-B4E1-139CD41CA933}" = Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - DEU
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D032A7F0-8B5C-4603-8B46-235025D5F9C1}" = TechniSat DVB-PC TV Star
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D4576E0D-2295-4B8E-B663-B68086B00EE5}" = Sonic CinePlayer DVD Pack
"{DC226AC9-0314-496C-BE6A-B6A132628466}" = SiSAGP driver
"{E86E5246-AA7E-11D4-88C9-00105ADBE398}" = O&O Defrag 2000 Freeware Edition
"{EC1F15E1-F3CC-46EE-B7A5-849A08ED60DC}}_is1" = PantsOff 2.0
"{F2A7F421-1679-48D5-B918-96999014ED53}" = Microsoft .NET Framework 3.0 German Language Pack
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F7B0939E-58DF-11DF-B3A6-005056806466}" = Google Earth
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"7-Zip" = 7-Zip 4.65
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe SVG Viewer" = Adobe SVG Viewer 3.0
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"AVMFBox" = AVM FRITZ!Box Dokumentation
"AVMFBoxPrinter" = AVM FRITZ!Box Druckeranschluss
"Banana Buchhaltung 3 - CashBook" = Banana Buchhaltung 3 - CashBook
"Brother HL-1430" = Brother HL-1430
"CCleaner" = CCleaner
"EVEREST Home Edition_is1" = EVEREST Home Edition v2.20
"Fragen-Lern-CD" = Fragen-Lern-CD
"Google Updater" = Google Updater
"HD Tune_is1" = HD Tune 2.55
"HDD Health_is1" = HDD Health v3.3 Beta
"HijackThis" = HijackThis 2.0.2
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"IrfanView" = IrfanView (remove only)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.0 German Language Pack" = Microsoft .NET Framework 3.0 German Language Pack
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Motherboard Monitor 5.3.7.0 Languages_is1" = Motherboard Monitor 5 Languages
"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
"Network Stumbler" = Network Stumbler 0.4.0 (remove only)
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"OpenAL" = OpenAL
"PocketRAR" = Pocket RAR documentation
"QIP 2005_is1" = QIP 2005 8090
"QIP2005" = QIP 2005 Uninstall
"RealPlayer 6.0" = RealPlayer
"SPG-Verein-28" = SPG-Verein 2.8
"SystemRequirementsLab" = System Requirements Lab
"TeamViewer 3" = TeamViewer 3
"TrueCrypt" = TrueCrypt
"VLC media player" = VLC media player 0.9.6
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"Winamp" = Winamp
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01005" = Microsoft User-Mode Driver Framework Feature Pack 1.5
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"f6791b188d8f3ff8" = AVM FRITZ!Box USB-Fernanschluss
"Facebook Plug-In" = Facebook Plug-In
"QIP 2005" = QIP 2005 8092
"QIP Infium" = QIP Infium 2.0.9030 RC4
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 20.06.2010 12:26:53 | Computer Name = ***1 | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung firefox.exe, Version 1.9.2.3743, fehlgeschlagenes
 Modul unknown, Version 0.0.0.0, Fehleradresse 0x10417c22.
 
Error - 20.06.2010 12:26:53 | Computer Name = ***1 | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung firefox.exe, Version 1.9.2.3743, fehlgeschlagenes
 Modul unknown, Version 0.0.0.0, Fehleradresse 0x10417c22.
 
Error - 20.06.2010 12:26:53 | Computer Name = ***1 | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung firefox.exe, Version 1.9.2.3743, fehlgeschlagenes
 Modul unknown, Version 0.0.0.0, Fehleradresse 0x10417c22.
 
Error - 20.06.2010 12:26:53 | Computer Name = ***1 | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung firefox.exe, Version 1.9.2.3743, fehlgeschlagenes
 Modul unknown, Version 0.0.0.0, Fehleradresse 0x10417c22.
 
Error - 20.06.2010 12:26:53 | Computer Name = ***1 | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung firefox.exe, Version 1.9.2.3743, fehlgeschlagenes
 Modul unknown, Version 0.0.0.0, Fehleradresse 0x10417c22.
 
Error - 20.06.2010 12:26:53 | Computer Name = ***1 | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung firefox.exe, Version 1.9.2.3743, fehlgeschlagenes
 Modul unknown, Version 0.0.0.0, Fehleradresse 0x10417c22.
 
Error - 20.06.2010 16:25:06 | Computer Name = ***1 | Source = Google Update | ID = 20
Description = 
 
Error - 20.06.2010 17:25:05 | Computer Name = ***1 | Source = Google Update | ID = 20
Description = 
 
Error - 29.06.2010 14:25:09 | Computer Name = ***1 | Source = Google Update | ID = 20
Description = 
 
Error - 29.06.2010 15:25:06 | Computer Name = ***1 | Source = Google Update | ID = 20
Description = 
 
[ System Events ]
Error - 05.06.2010 19:33:14 | Computer Name = ***1 | Source = Service Control Manager | ID = 7034
Description = Dienst "NVIDIA Display Driver Service" wurde unerwartet beendet. Dies
 ist bereits 1 Mal passiert.
 
Error - 06.06.2010 12:34:03 | Computer Name = ***1 | Source = PSched | ID = 14103
Description = QoS [Adapter {F16BF5AF-49A1-49BC-AD8C-CA2F688FD9C0}]:  Die Abfrage des
 Netzwerkkartentreibers nach OID_GEN_LINK_SPEED ist fehlgeschlagen.
 
Error - 07.06.2010 01:44:02 | Computer Name = ***1 | Source = Service Control Manager | ID = 7034
Description = Dienst "NVIDIA Display Driver Service" wurde unerwartet beendet. Dies
 ist bereits 1 Mal passiert.
 
Error - 09.06.2010 09:02:42 | Computer Name = ***1 | Source = Service Control Manager | ID = 7034
Description = Dienst "NVIDIA Display Driver Service" wurde unerwartet beendet. Dies
 ist bereits 1 Mal passiert.
 
Error - 11.06.2010 04:44:40 | Computer Name = ***1 | Source = Service Control Manager | ID = 7011
Description = Zeitüberschreitung (30000 ms) beim Warten auf eine Transaktionsrückmeldung
 von Dienst Netman.
 
Error - 13.06.2010 06:01:14 | Computer Name = ***1 | Source = Service Control Manager | ID = 7034
Description = Dienst "NVIDIA Display Driver Service" wurde unerwartet beendet. Dies
 ist bereits 1 Mal passiert.
 
Error - 14.06.2010 06:18:25 | Computer Name = ***1 | Source = MRxSmb | ID = 8003
Description = Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "RECHNER01",
der
 der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{6ED714CE-B4D3-441C-Transport
 zu sein scheint.  Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen.
 
Error - 17.06.2010 16:25:32 | Computer Name = ***1 | Source = Service Control Manager | ID = 7011
Description = Zeitüberschreitung (30000 ms) beim Warten auf eine Transaktionsrückmeldung
 von Dienst AntiVirSchedulerService.
 
Error - 20.06.2010 12:56:53 | Computer Name = ***1 | Source = Service Control Manager | ID = 7016
Description = Der Dienst "BrSplService" hat einen ungültigen aktuellen Status gemeldet:
 0
 
Error - 29.06.2010 13:31:49 | Computer Name = ***1 | Source = Windows Update Agent | ID = 16
Description = Verbindung nicht möglich: Es konnte keine Verbindung mit dem Dienst
 "Automatische Updates" hergestellt werden, daher können Updates nicht nach dem 
angegebenen Zeitplan heruntergeladen und installiert werden. Es wird weiterhin versucht,
 eine Verbindung herzustellen.
 
 
< End of report >
         
--- --- ---



EDIT: Soll ich diese beiden Einträge mit HijackThis fixen?
Code:
ATTFilter
O4 - HKLM\..\Policies\Explorer\Run: [Internet Explorer Updater] c:\Internet Explorer Updater\IEUpdater\Internet Explorer Updater.exe
O4 - HKCU\..\Policies\Explorer\Run: [Internet Explorer Updater] c:\Internet Explorer Updater\IEUpdater\Internet Explorer Updater.exe
         

Geändert von Maddin92 (29.06.2010 um 22:13 Uhr)

Alt 29.06.2010, 22:27   #8
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Ordner "Internet Explorer Updater" unter Programme, nicht löschbar, vermutlich Malware - Standard

Ordner "Internet Explorer Updater" unter Programme, nicht löschbar, vermutlich Malware



Beende alle Programme, starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Außerdem musst Du das Ausgesternte in Deinen richtigen Benutzernamen wieder verwandeln, sonst funktioniert das Script nicht!!

Code:
ATTFilter
:OTL
DRV - (jfdcd) -- C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Temp\jfdcd.sys ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: Internet Explorer Updater = c:\Internet Explorer Updater\IEUpdater\Internet Explorer Updater.exe File not found
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 91 00 00 00  [binary data]
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: Internet Explorer Updater = c:\Internet Explorer Updater\IEUpdater\Internet Explorer Updater.exe File not found
@Alternate Data Stream - 498 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:05EE1EEF

:Files
C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Temp\jfdcd.sys

:Commands
[purity]
[resethosts]
[emptytemp]
         
Klick dann auf den Button Run Fixes!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 30.06.2010, 11:40   #9
Maddin92
 
Ordner "Internet Explorer Updater" unter Programme, nicht löschbar, vermutlich Malware - Standard

Ordner "Internet Explorer Updater" unter Programme, nicht löschbar, vermutlich Malware



Hallo,

hier das Logfile von OTL.

Gruß
Martin

Code:
ATTFilter
All processes killed
========== OTL ==========
Service jfdcd stopped successfully!
Service jfdcd deleted successfully!
C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Temp\jfdcd.sys moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\\Internet Explorer Updater deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\\Internet Explorer Updater deleted successfully.
ADS C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:05EE1EEF deleted successfully.
========== FILES ==========
File\Folder C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Temp\jfdcd.sys not found.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
[EMPTYTEMP]
 
User: All Users
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 41 bytes
 
User: ***
->Temp folder emptied: 52760975 bytes
->Temporary Internet Files folder emptied: 6193077 bytes
->Java cache emptied: 56205260 bytes
->FireFox cache emptied: 36274183 bytes
->Flash cache emptied: 22741 bytes
 
User: ***
->Temp folder emptied: 346693 bytes
->Temporary Internet Files folder emptied: 1899231 bytes
->FireFox cache emptied: 73644669 bytes
->Flash cache emptied: 1098 bytes
 
User: ***
->Temp folder emptied: 1685210827 bytes
->Temporary Internet Files folder emptied: 59794 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 42146306 bytes
->Google Chrome cache emptied: 18841049 bytes
->Opera cache emptied: 2103406 bytes
->Flash cache emptied: 3473 bytes
 
User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 8885464 bytes
 
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 1139177 bytes
%systemroot%\System32 .tmp files removed: 2951 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 278439111 bytes
RecycleBin emptied: 3466934 bytes
 
Total Files Cleaned = 2.163,00 mb
         

Alt 30.06.2010, 12:24   #10
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Ordner "Internet Explorer Updater" unter Programme, nicht löschbar, vermutlich Malware - Standard

Ordner "Internet Explorer Updater" unter Programme, nicht löschbar, vermutlich Malware



Ok, dann mal jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Lade dir ComboFix hier herunter auf deinen Desktop. Benenne es beim Runterladen um in cofi.exe.
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 30.06.2010, 13:26   #11
Maddin92
 
Ordner "Internet Explorer Updater" unter Programme, nicht löschbar, vermutlich Malware - Standard

Ordner "Internet Explorer Updater" unter Programme, nicht löschbar, vermutlich Malware



Hallo,

hier das ComboFix Logfile:

Code:
ATTFilter
ComboFix 10-06-29.04 - *** 30.06.2010  14:06:32.1.1 - x86
Microsoft Windows XP Home Edition  5.1.2600.3.1252.49.1031.18.1023.686 [GMT 2:00]
ausgeführt von:: c:\dokumente und einstellungen\***\Desktop\cofi.exe
AV: AntiVir Desktop *On-access scanning disabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7}
.

((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Autorun.inf

.
(((((((((((((((((((((((   Dateien erstellt von 2010-05-28 bis 2010-06-30  ))))))))))))))))))))))))))))))
.

2010-06-30 10:32 . 2010-06-30 10:32	--------	d-----w-	C:\_OTL
2010-06-20 16:56 . 2010-06-20 16:56	--------	d-----w-	C:\rsit
2010-06-20 16:36 . 2010-06-20 16:36	--------	d-----w-	c:\dokumente und einstellungen\***\Anwendungsdaten\Malwarebytes
2010-06-20 16:36 . 2010-04-29 10:19	38224	----a-w-	c:\windows\system32\drivers\mbamswissarmy.sys
2010-06-20 16:36 . 2010-06-20 16:36	--------	d-----w-	c:\dokumente und einstellungen\All Users\Anwendungsdaten\Malwarebytes
2010-06-20 16:36 . 2010-04-29 10:19	20952	----a-w-	c:\windows\system32\drivers\mbam.sys
2010-06-20 16:36 . 2010-06-20 16:36	--------	d-----w-	c:\programme\Malwarebytes' Anti-Malware
2010-06-20 16:16 . 2010-06-20 16:16	--------	d-----w-	c:\programme\CCleaner
2010-06-16 06:20 . 2010-06-16 06:20	--------	d-----w-	c:\dokumente und einstellungen\***\Lokale Einstellungen\Anwendungsdaten\Temp
2010-06-14 08:35 . 2010-06-14 08:35	--------	d-sh--w-	c:\dokumente und einstellungen\***\IECompatCache
2010-06-12 10:13 . 2010-06-12 10:13	50354	----a-w-	c:\dokumente und einstellungen\***\Anwendungsdaten\Facebook\uninstall.exe
2010-06-12 10:13 . 2010-06-12 10:13	--------	d-----w-	c:\dokumente und einstellungen\***\Anwendungsdaten\Facebook
2010-06-11 08:56 . 2010-05-06 10:31	743424	-c----w-	c:\windows\system32\dllcache\iedvtool.dll
2010-06-09 10:45 . 2010-06-09 10:45	5591040	----a-w-	c:\dokumente und einstellungen\***\Anwendungsdaten\Facebook\npfbplugin_1_0_3.dll
2010-06-07 13:58 . 2010-06-07 18:34	--------	d-----w-	c:\programme\PocketRAR
2010-06-05 23:39 . 2010-06-05 23:39	--------	d-----w-	c:\programme\Microsoft ActiveSync
2010-06-04 09:36 . 2001-10-28 15:42	116224	----a-w-	c:\windows\system32\pdfcmnnt.dll
2010-06-04 09:36 . 1998-07-06 16:55	158208	----a-w-	c:\windows\system32\MSCMCDE.DLL
2010-06-04 09:36 . 1998-07-06 16:55	64512	----a-w-	c:\windows\system32\MSCC2DE.DLL
2010-06-04 09:36 . 1998-07-05 23:00	23552	----a-w-	c:\windows\system32\MSMPIDE.DLL
2010-06-04 09:36 . 2010-06-04 09:37	--------	d-----w-	c:\programme\PDFCreator
2010-06-03 13:45 . 2008-04-13 22:15	60032	-c--a-w-	c:\windows\system32\dllcache\usbaudio.sys
2010-06-03 13:45 . 2008-04-13 22:15	60032	----a-w-	c:\windows\system32\drivers\USBAUDIO.sys

.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-30 10:44 . 2002-08-29 12:00	81208	----a-w-	c:\windows\system32\perfc007.dat
2010-06-30 10:44 . 2002-08-29 12:00	452832	----a-w-	c:\windows\system32\perfh007.dat
2010-06-29 17:31 . 2008-06-13 16:29	--------	d-----w-	c:\dokumente und einstellungen\All Users\Anwendungsdaten\Google Updater
2010-06-20 16:31 . 2009-04-16 22:03	--------	d-----w-	c:\dokumente und einstellungen\***\Anwendungsdaten\Media Player Classic
2010-05-27 05:37 . 2009-06-01 10:47	--------	d-----w-	c:\programme\McAfee
2010-05-23 00:23 . 2008-06-13 16:29	--------	d-----w-	c:\programme\Google
2010-05-06 10:31 . 2002-08-29 12:00	916480	----a-w-	c:\windows\system32\wininet.dll
2010-05-02 08:05 . 2002-08-29 12:00	1851392	----a-w-	c:\windows\system32\win32k.sys
2010-04-20 05:29 . 2002-08-29 12:00	285696	----a-w-	c:\windows\system32\atmfd.dll
.

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-22 7700480]
"nwiz"="nwiz.exe" [2006-10-22 1622016]
"NvMediaCenter"="NvMCTray.dll" [2006-10-22 86016]
"avgnt"="c:\programme\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"zinit32"="c:\windows\ZInit32.exe" [2008-03-07 4281344]
"SoundMan"="SOUNDMAN.EXE" [2007-04-16 577536]
"Adobe Reader Speed Launcher"="c:\programme\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272]
"Adobe ARM"="c:\programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Kanzlei-Start.lnk]
path=c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\Kanzlei-Start.lnk
backup=c:\windows\pss\Kanzlei-Start.lnkCommon Startup

[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Server4PC.lnk]
path=c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\Server4PC.lnk
backup=c:\windows\pss\Server4PC.lnkCommon Startup

[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Sonic CinePlayer Quick Launch.lnk]
path=c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\Sonic CinePlayer Quick Launch.lnk
backup=c:\windows\pss\Sonic CinePlayer Quick Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaMServer]
c:\programme\Gemeinsame Dateien\Nokia\MPlatform\NokiaMServer [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acronis Scheduler2 Service]
2007-08-20 16:20	148760	----a-w-	c:\programme\Gemeinsame Dateien\Seagate\Schedule2\schedhlp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AcronisTimounterMonitor]
2007-08-20 17:12	1966264	----a-w-	c:\programme\Seagate\DiscWizard\TimounterMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
2005-06-23 18:33	57344	----a-w-	c:\programme\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-04-04 05:42	36272	----a-w-	c:\programme\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2008-04-01 09:39	486856	----a-w-	c:\programme\DAEMON Tools Lite\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DiscWizardMonitor.exe]
2007-08-20 17:01	1194768	----a-w-	c:\programme\Seagate\DiscWizard\DiscWizardMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2008-09-03 14:14	133104	----atw-	c:\dokumente und einstellungen\***\Lokale Einstellungen\Anwendungsdaten\Google\Update\GoogleUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HDDHealth]
2008-04-12 16:48	1687552	----a-w-	c:\programme\HDD Health\hddhealth.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
2006-09-27 09:05	81920	----a-w-	c:\programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2009-02-06 16:51	3885408	----a-w-	c:\programme\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-01-05 15:18	413696	----a-w-	c:\programme\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2008-06-10 02:27	144784	----a-w-	c:\programme\Java\jre1.6.0_07\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2008-04-09 13:34	185896	----a-w-	c:\programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2008-08-03 23:02	36352	----a-w-	c:\programme\Winamp\winampa.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programme\\QIP\\qip.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programme\\TeamViewer3\\TeamViewer.exe"=
"c:\\Dokumente und Einstellungen\\***\\Lokale Einstellungen\\Apps\\2.0\\LNEL6MGP.8CV\\ZH5GTZNR.8MH\\frit..tion_f8d772dfbb3f7453_0002.0001_0db5bf0f9b5c5281\\fritzbox-usb-fernanschluss.exe"=
"c:\\Programme\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Programme\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programme\\Skype\\Phone\\Skype.exe"=
"c:\\Programme\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\programme\Microsoft ActiveSync\rapimgr.exe"= c:\programme\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\programme\Microsoft ActiveSync\wcescomm.exe"= c:\programme\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\programme\Microsoft ActiveSync\WCESMgr.exe"= c:\programme\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Dokumente und Einstellungen\\***\\Desktop\\My Mobile\\MyMobiler\\MyMobiler.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [12.02.2009 18:52 64160]
R2 AntiVirSchedulerService;Avira AntiVir Planer;c:\programme\Avira\AntiVir Desktop\sched.exe [18.03.2009 15:38 108289]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\programme\McAfee\SiteAdvisor\McSACore.exe [01.06.2009 12:48 93320]
R2 Prvflder;Prvflder;c:\windows\system32\drivers\prvflder.sys [21.04.2006 08:22 70912]
R3 avmaura;AVM USB-Fernanschluss;c:\windows\system32\drivers\avmaura.sys [10.07.2008 13:52 100864]
S2 gupdate1c9856e576f0e44;Google Update Service (gupdate1c9856e576f0e44);c:\programme\Google\Update\GoogleUpdate.exe [02.02.2009 21:42 133104]
S3 avmeject;AVM Eject;c:\windows\system32\drivers\avmeject.sys [02.04.2008 17:38 4352]
S3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\system32\drivers\CT20XUT.SYS --> c:\windows\system32\drivers\CT20XUT.SYS [?]
S3 CT20XUT;CT20XUT;c:\windows\system32\drivers\CT20XUT.SYS --> c:\windows\system32\drivers\CT20XUT.SYS [?]
S3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\system32\drivers\CTEXFIFX.SYS --> c:\windows\system32\drivers\CTEXFIFX.SYS [?]
S3 CTEXFIFX;CTEXFIFX;c:\windows\system32\drivers\CTEXFIFX.SYS --> c:\windows\system32\drivers\CTEXFIFX.SYS [?]
S3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\system32\drivers\CTHWIUT.SYS --> c:\windows\system32\drivers\CTHWIUT.SYS [?]
S3 CTHWIUT;CTHWIUT;c:\windows\system32\drivers\CTHWIUT.SYS --> c:\windows\system32\drivers\CTHWIUT.SYS [?]
S3 dtwmnic5;DeTeWe OpenCom 30 plus;c:\windows\system32\DRIVERS\dtwmnic5.sys --> c:\windows\system32\DRIVERS\dtwmnic5.sys [?]
S3 FWLANUSB;AVM FRITZ!WLAN;c:\windows\system32\drivers\fwlanusb.sys [02.04.2008 17:37 265088]
S3 SKYNET;TechniSat DVB-PC TV Star PCI;c:\windows\system32\drivers\SkyNET.sys [02.04.2008 19:53 419344]
S3 ulisa;DeTeWe ISDN-Adapter (USB);c:\windows\system32\Drivers\ulisa.sys --> c:\windows\system32\Drivers\ulisa.sys [?]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [06.04.2008 19:14 717296]
.
Inhalt des "geplante Tasks" Ordners

2010-06-30 c:\windows\Tasks\Google Software Updater.job
- c:\programme\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-06-13 10:29]

2010-06-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\programme\Google\Update\GoogleUpdate.exe [2009-02-02 19:42]

2010-06-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programme\Google\Update\GoogleUpdate.exe [2009-02-02 19:42]

2010-06-29 c:\windows\Tasks\GoogleUpdateTaskUser.job
- c:\dokumente und einstellungen\***\Lokale Einstellungen\Anwendungsdaten\Google\Update\GoogleUpdate.exe [2008-09-03 14:14]
.
.
------- Zusätzlicher Suchlauf -------
.
uInternet Settings,ProxyOverride = fritz.box;192.168.178.1
IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} - hxxp://liveupdate.msi.com.tw/autobios/LOnline/install.cab
FF - ProfilePath - c:\dokumente und einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\r0ofb9bm.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de
FF - component: c:\programme\McAfee\SiteAdvisor\components\McFFPlg.dll
FF - plugin: c:\dokumente und einstellungen\***\Anwendungsdaten\Facebook\npfbplugin_1_0_3.dll
FF - plugin: c:\programme\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\programme\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\programme\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\programme\Mozilla Firefox\plugins\np-mswmp.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX Richtlinien ----
c:\programme\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\programme\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\programme\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\programme\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\programme\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation",  false);
c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -

MSConfigStartUp-Ad-Watch - c:\programme\Lavasoft\Ad-Aware\AAWTray.exe
MSConfigStartUp-basicsmssmenu - c:\programme\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe
MSConfigStartUp-CTSyncU - c:\programme\Creative\Sync Manager Unicode\CTSyncU.exe
MSConfigStartUp-iTunesHelper - c:\programme\iTunes\iTunesHelper.exe
MSConfigStartUp-MBM 5 - c:\programme\Motherboard Monitor 5\MBM5.EXE
MSConfigStartUp-Nokia FastStart - c:\programme\Nokia\Nokia Music\NokiaMusic.exe
MSConfigStartUp-Nokia - c:\programme\Nokia\Nokia PC Suite 7\PCSync2.exe
MSConfigStartUp-PCSuiteTrayApplication - c:\progra~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
MSConfigStartUp-PcSync - c:\programme\Nokia\Nokia PC Suite 6\PcSync2.exe
MSConfigStartUp-RivaTuner - c:\programme\RivaTuner v2.09\RivaTuner.exe
MSConfigStartUp-VolPanel - c:\programme\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe
AddRemove-{F850707C-B6A0-4B56-8709-F89CF8F9AC6D} - c:\dokumente und einstellungen\***\Lokale Einstellungen\Anwendungsdaten\{A25FEDC1-F6D7-440C-BCE2-B71F595F6646}\EraserSetup32.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2010-06-30 14:13
Windows 5.1.2600 Service Pack 3 NTFS

Scanne versteckte Prozesse... 

Scanne versteckte Autostarteinträge... 

Scanne versteckte Dateien... 

Scan erfolgreich abgeschlossen
versteckte Dateien: 0

**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\€–€|ÿÿÿÿÀ•€|ù•6~*]
"7040110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------

- - - - - - - > 'lsass.exe'(792)
c:\windows\system32\relog_ap.dll
.
Zeit der Fertigstellung: 2010-06-30  14:15:58
ComboFix-quarantined-files.txt  2010-06-30 12:15

Vor Suchlauf: 24 Verzeichnis(se), 60.387.196.928 Bytes frei
Nach Suchlauf: 27 Verzeichnis(se), 60.477.489.152 Bytes frei

WindowsXP-KB310994-SP2-Home-BootDisk-DEU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn

- - End Of File - - 42E68C64AF5C72E0FEC640B980A60C41
         

Alt 01.07.2010, 09:48   #12
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Ordner "Internet Explorer Updater" unter Programme, nicht löschbar, vermutlich Malware - Standard

Ordner "Internet Explorer Updater" unter Programme, nicht löschbar, vermutlich Malware



Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 03.07.2010, 14:01   #13
Maddin92
 
Ordner "Internet Explorer Updater" unter Programme, nicht löschbar, vermutlich Malware - Standard

Ordner "Internet Explorer Updater" unter Programme, nicht löschbar, vermutlich Malware



Hallo,

GMER lief zwar problemlos durch, jedoch enthält das Logfile sehr viele persönliche Informationen, weswegen ich dieses ungern posten möchte.
Hier das OSAM-Logfile:

Code:
ATTFilter
Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 14:56:35 on 03.07.2010

OS: Windows XP Home Edition Service Pack 3 (Build 2600)
Default Browser: Mozilla Corporation Firefox 3.6.3

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Common]
-----( %SystemRoot%\Tasks )-----
"GoogleUpdateTaskUser.job" - "Google Inc." - C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\Google\Update\GoogleUpdate.exe
"GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Programme\Google\Update\GoogleUpdate.exe
"GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Programme\Google\Update\GoogleUpdate.exe
"Google Software Updater.job" - "Google" - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe

[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"alsndmgr.cpl" - ? - C:\WINDOWS\system32\alsndmgr.cpl  (File signed by Microsoft | File found, but it contains no detailed information)
"CMDVDPak.cpl" - "Sonic Solutions" - C:\WINDOWS\system32\CMDVDPak.cpl
"infocardcpl.cpl" - "Microsoft Corporation" - C:\WINDOWS\system32\infocardcpl.cpl
"ISUSPM.cpl" - "InstallShield Software Corporation" - C:\WINDOWS\system32\ISUSPM.cpl
"javacpl.cpl" - "Sun Microsystems, Inc." - C:\WINDOWS\system32\javacpl.cpl
"nvcpl.cpl" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvcpl.cpl
"nvtuicpl.cpl" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvtuicpl.cpl
"Startup.cpl" - ? - C:\WINDOWS\system32\Startup.cpl  (File found, but it contains no detailed information)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"Avira AntiVir Personal - Free Antivirus " - "Avira GmbH" - C:\PROGRA~1\Avira\ANTIVI~1\avconfig.cpl
"Avira AntiVir PersonalEdition Classic " - "Avira GmbH" - C:\PROGRA~1\Avira\ANTIVI~1\avconfig.cpl
"QuickTime" - "Apple Inc." - C:\Programme\QuickTime\QTSystem\QuickTime.cpl

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"aaumqqvu" (aaumqqvu) - "Microsoft Corporation" - C:\WINDOWS\system32\drivers\aaumqqvu.sys  (Hidden registry entry, rootkit activity | File signed by Microsoft)
"Acronis Snapshots Manager" (snapman) - "Acronis" - C:\WINDOWS\System32\DRIVERS\snapman.sys
"Acronis True Image Backup Archive Explorer" (timounter) - "Acronis" - C:\WINDOWS\System32\DRIVERS\timntr.sys
"Acronis True Image FS Filter" (tifsfilter) - "Acronis" - C:\WINDOWS\System32\DRIVERS\tifsfilt.sys
"Antwort für Verbindungsschicht-Topologieerkennung" (rspndr) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\rspndr.sys
"Apple Mobile USB Driver" (USBAAPL) - ? - C:\WINDOWS\System32\Drivers\usbaapl.sys  (File not found)
"ATITool Overclocking Utility" (ATITool) - ? - C:\WINDOWS\System32\DRIVERS\ATITool.sys
"avgio" (avgio) - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\avgio.sys
"avgntflt" (avgntflt) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\avgntflt.sys
"avipbb" (avipbb) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\avipbb.sys
"AVM Eject" (avmeject) - "AVM Berlin" - C:\WINDOWS\System32\drivers\avmeject.sys
"AVM USB-Fernanschluss" (avmaura) - "AVM Berlin" - C:\WINDOWS\System32\DRIVERS\avmaura.sys
"Bluetooth Audio" (TosRfSnd) - ? - C:\WINDOWS\System32\drivers\tosrfsnd.sys  (File not found)
"Bluetooth COM Port" (tosporte) - ? - C:\WINDOWS\System32\DRIVERS\tosporte.sys  (File not found)
"Bluetooth Personal Area Network" (tosrfnds) - ? - C:\WINDOWS\System32\DRIVERS\tosrfnds.sys  (File not found)
"Bluetooth RFBNEP" (tosrfbnp) - ? - C:\WINDOWS\System32\Drivers\tosrfbnp.sys  (File not found)
"Bluetooth RFBUS" (tosrfbd) - ? - C:\WINDOWS\System32\DRIVERS\tosrfbd.sys  (File not found)
"Bluetooth RFCOMM" (Tosrfcom) - ? - C:\WINDOWS\System32\Drivers\tosrfcom.sys  (File not found)
"Bluetooth RFHID" (Tosrfhid) - ? - C:\WINDOWS\System32\DRIVERS\Tosrfhid.sys  (File not found)
"Bluetooth USB Controller" (Tosrfusb) - ? - C:\WINDOWS\System32\DRIVERS\tosrfusb.sys  (File not found)
"BrPar" (BrPar) - "Brother Industries Ltd." - C:\WINDOWS\System32\drivers\BrPar.sys
"catchme" (catchme) - ? - C:\DOKUME~1\***\LOKALE~1\Temp\catchme.sys  (File not found)
"Changer" (Changer) - ? - C:\WINDOWS\system32\drivers\Changer.sys  (File not found)
"Cinemsup" (Cinemsup) - "Sonic Solutions" - C:\WINDOWS\system32\drivers\Cinemsup.sys
"Creative 20X HAL Driver" (ha20x2k) - ? - C:\WINDOWS\System32\drivers\ha20x2k.sys  (File not found)
"Creative AC3 Software Decoder" (ctac32k) - ? - C:\WINDOWS\System32\drivers\ctac32k.sys  (File not found)
"Creative Audio Driver (WDM)" (ctaud2k) - ? - C:\WINDOWS\System32\drivers\ctaud2k.sys  (File not found)
"Creative DVD-Audio Device Driver" (ctdvda2k) - "Creative Technology Ltd" - C:\WINDOWS\System32\drivers\ctdvda2k.sys
"Creative OS Services Driver" (ossrv) - "Creative Technology Ltd." - C:\WINDOWS\System32\drivers\ctoss2k.sys
"Creative Proxy Driver" (ctprxy2k) - ? - C:\WINDOWS\System32\drivers\ctprxy2k.sys  (File not found)
"Creative SoundFont Management Device Driver" (ctsfm2k) - "Creative Technology Ltd" - C:\WINDOWS\System32\drivers\ctsfm2k.sys
"CT20XUT" (CT20XUT) - ? - C:\WINDOWS\System32\drivers\CT20XUT.SYS  (File not found)
"CT20XUT.SYS" (CT20XUT.SYS) - ? - C:\WINDOWS\System32\drivers\CT20XUT.SYS  (File not found)
"CTEXFIFX" (CTEXFIFX) - ? - C:\WINDOWS\System32\drivers\CTEXFIFX.SYS  (File not found)
"CTEXFIFX.SYS" (CTEXFIFX.SYS) - ? - C:\WINDOWS\System32\drivers\CTEXFIFX.SYS  (File not found)
"CTHWIUT" (CTHWIUT) - ? - C:\WINDOWS\System32\drivers\CTHWIUT.SYS  (File not found)
"CTHWIUT.SYS" (CTHWIUT.SYS) - ? - C:\WINDOWS\System32\drivers\CTHWIUT.SYS  (File not found)
"DeTeWe ISDN-Adapter (USB)" (ulisa) - ? - C:\WINDOWS\System32\Drivers\ulisa.sys  (File not found)
"DeTeWe OpenCom 30 plus" (dtwmnic5) - ? - C:\WINDOWS\System32\DRIVERS\dtwmnic5.sys  (File not found)
"E-mu Plug-in Architecture Driver" (emupia) - ? - C:\WINDOWS\System32\drivers\emupia2k.sys  (File not found)
"i2omgmt" (i2omgmt) - ? - C:\WINDOWS\system32\drivers\i2omgmt.sys  (File not found)
"Lbd" (Lbd) - "Lavasoft AB" - C:\WINDOWS\System32\DRIVERS\Lbd.sys
"lbrtfdc" (lbrtfdc) - ? - C:\WINDOWS\system32\drivers\lbrtfdc.sys  (File not found)
"NSNDIS5 NDIS Protocol Driver" (NSNDIS5) - "Printing Communications Assoc., Inc. (PCAUSA)" - C:\WINDOWS\system32\NSNDIS5.SYS
"PCCS Mode Change Filter Driver" (pccsmcfd) - ? - C:\WINDOWS\System32\DRIVERS\pccsmcfd.sys  (File not found)
"PCIDump" (PCIDump) - ? - C:\WINDOWS\system32\drivers\PCIDump.sys  (File not found)
"PDCOMP" (PDCOMP) - ? - C:\WINDOWS\system32\drivers\PDCOMP.sys  (File not found)
"PDFRAME" (PDFRAME) - ? - C:\WINDOWS\system32\drivers\PDFRAME.sys  (File not found)
"PDRELI" (PDRELI) - ? - C:\WINDOWS\system32\drivers\PDRELI.sys  (File not found)
"PDRFRAME" (PDRFRAME) - ? - C:\WINDOWS\system32\drivers\PDRFRAME.sys  (File not found)
"PxHelp20" (PxHelp20) - "Sonic Solutions" - C:\WINDOWS\System32\Drivers\PxHelp20.sys
"SANDRA" (SANDRA) - ? - C:\Programme\SiSoftware\SiSoftware Sandra Lite 2009.SP2\WNt500x86\Sandra.sys  (File not found)
"sptd" (sptd) - "Duplex Secure Ltd." - C:\WINDOWS\System32\Drivers\sptd.sys  (File is exclusively opened, access blocked)
"ssmdrv" (ssmdrv) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\ssmdrv.sys
"StarForce Protection Environment Driver (version 1.x)" (sfdrv01) - "Protection Technology" - C:\WINDOWS\System32\drivers\sfdrv01.sys
"StarForce Protection Helper Driver (version 2.x)" (sfhlp02) - "Protection Technology" - C:\WINDOWS\System32\drivers\sfhlp02.sys
"StarForce Protection Synchronization Driver (version 2.x)" (sfsync02) - "Protection Technology" - C:\WINDOWS\System32\drivers\sfsync02.sys
"TechniSat DVB-PC TV Star PCI" (SKYNET) - "TechniSat Digital, S.A." - C:\WINDOWS\System32\DRIVERS\SkyNET.SYS
"upperdev" (upperdev) - ? - C:\WINDOWS\System32\DRIVERS\usbser_lowerflt.sys  (File not found)
"WDICA" (WDICA) - ? - C:\WINDOWS\system32\drivers\WDICA.sys  (File not found)

[Explorer]
-----( HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components )-----
{89B4C1CD-B018-4511-B0A1-5476DBF70820} "StubPath" - "Microsoft Corporation" - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.dll
-----( HKLM\Software\Classes\Protocols\Filter )-----
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
{807553E5-5146-11D5-A672-00B0D022E945} "text/xml" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL
-----( HKLM\Software\Classes\Protocols\Handler )-----
{32505114-5902-49B2-880A-1F7738E5A384} "Data Page Plugable Protocal mso-offdap11 Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\WEBCOM~1\11\OWC11.DLL
{3D9F03FA-7A94-11D3-BE81-0050048385D1} "Data Page Pluggable Protocol mso-offdap Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\WEBCOM~1\10\OWC10.DLL
{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL
{828030A1-22C1-4009-854F-8E305202313F} "livecall" - "Microsoft Corporation" - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
{5513F07E-936B-4E52-9B00-067394E91CC5} "McAfee SACore Protocol Handler" - "McAfee, Inc." - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
{5513F07E-936B-4E52-9B00-067394E91CC5} "McAfee SACore Protocol Handler" - "McAfee, Inc." - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
{828030A1-22C1-4009-854F-8E305202313F} "msnim" - "Microsoft Corporation" - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{23170F69-40C1-278A-1000-000100020000} "7-Zip Shell Extension" - "Igor Pavlov" - C:\Programme\7-Zip\7-zip.dll
{C539A15A-3AF9-4c92-B771-50CB78F5C751} "Acronis True Image Shell Context Menu Extension" - "Seagate" - C:\Programme\Seagate\DiscWizard\tishell.dll
{C539A15B-3AF9-4c92-B771-50CB78F5C751} "Acronis True Image Shell Extension" - "Seagate" - C:\Programme\Seagate\DiscWizard\tishell.dll
{42071714-76d4-11d1-8b24-00a0c9068ff3} "CPL-Erweiterung für Anzeigeverschiebung" - ? - deskpan.dll  (File not found)
{1CDB2949-8F65-4355-8456-263E7C208A5D} "Desktop Explorer" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvshell.dll
{1E9B04FB-F9E5-4718-997B-B8DA88302A47} "Desktop Explorer Menu" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvshell.dll
{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} "Kontextmenü für die Verschlüsselung" - ? -   (File not found | COM-object registry key not found)
{32683183-48a0-441b-a342-7c2a440a9478} "Media Band" - ? -   (File not found | COM-object registry key not found)
{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Programme\Microsoft Office\OFFICE11\msohev.dll
{00020D75-0000-0000-C000-000000000046} "Microsoft Office Outlook" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\OFFICE11\MLSHEXT.DLL
{49BF5420-FA7F-11cf-8011-00A0C90A8F78} "Mobiles Gerät" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~4\Wcesview.dll
{78237F62-8EC8-438C-83B0-1DECB4303076} "My Private Folder" - "Microsoft Corporation" - C:\Programme\Microsoft Private Folder 1.0\ShellExt.dll
{B0FAF2DA-13EA-41CA-A62F-850DC01D1C01} "My Private Folder" - "Microsoft Corporation" - C:\Programme\Microsoft Private Folder 1.0\ShellExt.dll
{1E9B04FB-F9E5-4718-997B-B8DA88302A48} "nView Desktop Context Menu" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvshell.dll
{0006F045-0000-0000-C000-000000000046} "Outlook-Dateisymbolerweiterung" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\OFFICE11\OLKFSTUB.DLL
{3B153CB3-A551-4fe6-A68B-F5C96650FF39} "Private Folder" - "Microsoft Corporation" - C:\Programme\Microsoft Private Folder 1.0\ShellExt.dll
{A02DEEEB-DD87-4a4f-8F2E-B633A59BA18A} "Private Folder" - "Microsoft Corporation" - C:\Programme\Microsoft Private Folder 1.0\ShellExt.dll
{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} "RealOne Player Context Menu Class" - "RealNetworks, Inc." - C:\Programme\Real\RealPlayer\rpshell.dll
{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\shlext.dll
{E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} "Shell Icon Handler for Application References" - "Microsoft Corporation" - c:\WINDOWS\system32\dfshim.dll
{764BF0E1-F219-11ce-972D-00AA00A14F56} "Shellerweiterungen für die Dateikomprimierung" - ? -   (File not found | COM-object registry key not found)
{e82a2d71-5b2f-43a0-97b8-81be15854de8} "ShellLink for Application References" - "Microsoft Corporation" - c:\WINDOWS\system32\dfshim.dll
{BDEADF00-C265-11D0-BCED-00A0C90AB50F} "Webordner" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL

[Internet Explorer]
-----( HKCU\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars )-----
{32683183-48a0-441b-a342-7c2a440a9478} "{32683183-48a0-441b-a342-7c2a440a9478}" - ? -   (File not found | COM-object registry key not found)
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
ITBar7Height "ITBar7Height" - ? -   (File not found | COM-object registry key not found)
<binary data> "ITBar7Layout" - ? -   (File not found | COM-object registry key not found)
-----( HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks )-----
{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} "McAfee SiteAdvisor Toolbar" - "McAfee, Inc." - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
DirectAnimation Java Classes "DirectAnimation Java Classes" - ? -   (File not found | COM-object registry key not found) / file://C:\WINDOWS\Java\classes\dajava.cab
{4871A87A-BFDD-4106-8153-FFDE2BAC2967} "DLM Control" - "Akamai Technologies, Inc." - C:\WINDOWS\DOWNLO~1\DOWNLO~1.OCX / hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.8.cab
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_13" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_13.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} "Java Plug-in 1.6.0_13" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_13.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_13" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_13.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
Microsoft XML Parser for Java "Microsoft XML Parser for Java" - ? -   (File not found | COM-object registry key not found) / file:///C:/WINDOWS/Java/classes/xmldso.cab
{8167C273-DF59-4416-B647-C8BB2C7EE83E} "WebSDev Control" - "MICRO-STAR INT'L CO., LTD." - C:\PROGRA~2\MSI\MSIWDev\WebSDev.ocx / hxxp://liveupdate.msi.com.tw/autobios/LOnline/install.cab
{8FFBE65D-2C9C-4669-84BD-5829DC0B603C} "{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}" - ? -   (File not found | COM-object registry key not found) / hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} "{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}" - ? -   (File not found | COM-object registry key not found) / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} "{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}" - ? -   (File not found | COM-object registry key not found) / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} "{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}" - ? -   (File not found | COM-object registry key not found) / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
{2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} "ClsidExtension" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~4\INetRepl.dll
{2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} "Create Mobile Favorite" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~4\INetRepl.dll
{FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Recherchieren" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )-----
{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} "McAfee SiteAdvisor Toolbar" - "McAfee, Inc." - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} "Google Toolbar Notifier BHO" - "Google Inc." - C:\Programme\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jp2ssv.dll
{E7E6F031-17CE-4C07-BC86-EABFE594F69C} "JQSIEStartDetectorImpl Class" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
{B164E929-A1B6-4A06-B104-2CD0E90A88FF} "McAfee SiteAdvisor BHO" - "McAfee, Inc." - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
{3049C3E9-B461-4BC5-8870-4C09146192CA} "RealPlayer Download and Record Plugin for Internet Explorer" - "RealPlayer" - C:\Programme\Real\RealPlayer\rpbrowserrecordplugin.dll
{9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live Anmelde-Hilfsprogramm" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
{5C255C8A-E604-49b4-9D64-90988571CECB} "{5C255C8A-E604-49b4-9D64-90988571CECB}" - ? -   (File not found | COM-object registry key not found)

[LSA Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Lsa )-----
"Authentication packages" - "Acronis" - C:\WINDOWS\system32\relog_ap.dll

[Logon]
-----( %AllUsersProfile%\Startmenü\Programme\Autostart )-----
"desktop.ini" - ? - C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\desktop.ini
-----( %UserProfile%\Startmenü\Programme\Autostart )-----
"CAPIControl.lnk" - ? - C:\Dokumente und Einstellungen\***\Startmenü\Programme\Autostart\CAPIControl.lnk  (Shortcut exists | File not found)
"desktop.ini" - ? - C:\Dokumente und Einstellungen\***\Startmenü\Programme\Autostart\desktop.ini
"FRITZ!DSL Protect.lnk" - ? - C:\Dokumente und Einstellungen\***\Startmenü\Programme\Autostart\FRITZ!DSL Protect.lnk  (Shortcut exists | File not found)
"HomeNet Control.lnk" - ? - C:\Dokumente und Einstellungen\***\Startmenü\Programme\Autostart\HomeNet Control.lnk  (Shortcut exists | File not found)
"WinFlip.lnk" - ? - C:\Dokumente und Einstellungen\***\Startmenü\Programme\Autostart\WinFlip.lnk  (Shortcut exists | File not found)
-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----
"H/PC Connection Agent" - "Microsoft Corporation" - "C:\Programme\Microsoft ActiveSync\wcescomm.exe"
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"Adobe ARM" - "Adobe Systems Incorporated" - "C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe"
"Adobe Reader Speed Launcher" - "Adobe Systems Incorporated" - "C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"avgnt" - "Avira GmbH" - "C:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min
"nwiz" - "NVIDIA Corporation" - nwiz.exe /install
"zinit32" - ? - C:\WINDOWS\ZInit32.exe

[Print Monitors]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----
"avm:" - "AVM Berlin GmbH" - C:\WINDOWS\system32\avmprmon.dll
"Microsoft Document Imaging Writer Monitor" - "Microsoft Corporation" - C:\WINDOWS\system32\mdimon.dll
"PDFCreator" - ? - C:\WINDOWS\system32\pdfcmnnt.dll  (File found, but it contains no detailed information)
"WinSuite Fax Monitor" - ? - C:\WINDOWS\system32\wsfaxmon.dll  (File found, but it contains no detailed information)

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
".NET Runtime Optimization Service v2.0.50727_X86" (clr_optimization_v2.0.50727_32) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
"Acronis Scheduler2 Service" (AcrSch2Svc) - "Acronis" - C:\Programme\Gemeinsame Dateien\Seagate\Schedule2\schedul2.exe
"Anwendungsverwaltung" (AppMgmt) - ? - C:\WINDOWS\System32\appmgmts.dll  (File not found)
"ASP.NET-Zustandsdienst" (aspnet_state) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
"Avira AntiVir Guard" (AntiVirService) - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\avguard.exe
"Avira AntiVir Planer" (AntiVirSchedulerService) - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\sched.exe
"Google Software Updater" (gusvc) - "Google" - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe
"Google Update Service (gupdate1c9856e576f0e44)" (gupdate1c9856e576f0e44) - "Google Inc." - C:\Programme\Google\Update\GoogleUpdate.exe
"Java Quick Starter" (JavaQuickStarterService) - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jqs.exe
"McAfee SiteAdvisor Service" (McAfee SiteAdvisor Service) - "McAfee, Inc." - C:\Programme\McAfee\SiteAdvisor\McSACore.exe
"NMSAccessU" (NMSAccessU) - ? - C:\Programme\CDBurnerXP\NMSAccessU.exe  (File found, but it contains no detailed information)
"O&O Defrag 2000" (OOD2000) - "O&O Software GmbH" - C:\WINDOWS\system32\OOD2000.exe
"Office Source Engine" (ose) - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE
"Private Folder Service" (prfldsvc) - ? - C:\Programme\Microsoft Private Folder 1.0\PrfldSvc.exe  (File found, but it contains no detailed information)
"ProtexisLicensing" (ProtexisLicensing) - ? - C:\WINDOWS\system32\PSIService.exe
"Windows CardSpace" (idsvc) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
"Windows Presentation Foundation Font Cache 3.0.0.0" (FontCache3.0.0.0) - "Microsoft Corporation" - c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe

[Winlogon]
-----( HKCU\Control Panel\IOProcs )-----
"MVB" - ? - mvfs32.dll  (File not found)
-----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions )-----
{c6dc5466-785a-11d2-84d0-00c04fb169f7} "Softwareinstallation" - ? - appmgmts.dll  (File not found)

===[ Logfile end ]=========================================[ Logfile end ]===
         
--- --- ---

Alt 03.07.2010, 14:43   #14
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Ordner "Internet Explorer Updater" unter Programme, nicht löschbar, vermutlich Malware - Standard

Ordner "Internet Explorer Updater" unter Programme, nicht löschbar, vermutlich Malware



Die persönlichen Informationen bitte unkenntlich machen zB mit ***
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 06.07.2010, 16:26   #15
Maddin92
 
Ordner "Internet Explorer Updater" unter Programme, nicht löschbar, vermutlich Malware - Standard

Ordner "Internet Explorer Updater" unter Programme, nicht löschbar, vermutlich Malware



Hallo,

hier das GMER-Logfile.


GMER Logfile:
GMER Logfile:
Code:
ATTFilter
GMER 1.0.15.15281 - hxxp://www.gmer.net
Rootkit scan 2010-07-01 18:49:50
Windows 5.1.2600 Service Pack 3
Running: m8g2qcm3.exe; Driver: C:\DOKUME~1\***\LOKALE~1\Temp\uxtdqpoc.sys


---- System - GMER 1.0.15 ----

SSDT            F7BA0206                                                                                                                                                                                                                                                                                                           ZwCreateKey
SSDT            F7BA01FC                                                                                                                                                                                                                                                                                                           ZwCreateThread
SSDT            F7BA020B                                                                                                                                                                                                                                                                                                           ZwDeleteKey
SSDT            F7BA0215                                                                                                                                                                                                                                                                                                           ZwDeleteValueKey
SSDT            spll.sys                                                                                                                                                                                                                                                                                                           ZwEnumerateKey [0xF73ECCA2]
SSDT            spll.sys                                                                                                                                                                                                                                                                                                           ZwEnumerateValueKey [0xF73ED030]
SSDT            F7BA021A                                                                                                                                                                                                                                                                                                           ZwLoadKey
SSDT            spll.sys                                                                                                                                                                                                                                                                                                           ZwOpenKey [0xF73CE0C0]
SSDT            F7BA01E8                                                                                                                                                                                                                                                                                                           ZwOpenProcess
SSDT            F7BA01ED                                                                                                                                                                                                                                                                                                           ZwOpenThread
SSDT            spll.sys                                                                                                                                                                                                                                                                                                           ZwQueryKey [0xF73ED108]
SSDT            spll.sys                                                                                                                                                                                                                                                                                                           ZwQueryValueKey [0xF73ECF88]
SSDT            F7BA0224                                                                                                                                                                                                                                                                                                           ZwReplaceKey
SSDT            F7BA021F                                                                                                                                                                                                                                                                                                           ZwRestoreKey
SSDT            F7BA0210                                                                                                                                                                                                                                                                                                           ZwSetValueKey
SSDT            F7BA01F7                                                                                                                                                                                                                                                                                                           ZwTerminateProcess

INT 0x62        ?                                                                                                                                                                                                                                                                                                                  86FDBBF8
INT 0x82        ?                                                                                                                                                                                                                                                                                                                  86FDBBF8
INT 0x84        ?                                                                                                                                                                                                                                                                                                                  86D42BF8
INT 0x94        ?                                                                                                                                                                                                                                                                                                                  86D42BF8
INT 0xA4        ?                                                                                                                                                                                                                                                                                                                  86D42BF8
INT 0xB4        ?                                                                                                                                                                                                                                                                                                                  86D42BF8

---- Kernel code sections - GMER 1.0.15 ----

.text           ntoskrnl.exe!_abnormal_termination + 234                                                                                                                                                                                                                                                                           804E28A0 4 Bytes  CALL 4E45E2A6 
?               spll.sys                                                                                                                                                                                                                                                                                                           Das System kann die angegebene Datei nicht finden. !
.text           C:\WINDOWS\system32\DRIVERS\nv4_mini.sys                                                                                                                                                                                                                                                                           section is writeable [0xF633E360, 0x24BB1D, 0xE8000020]
.text           USBPORT.SYS!DllUnload                                                                                                                                                                                                                                                                                              F5EE88AC 5 Bytes  JMP 86D421D8 
.text           agu3srl7.SYS                                                                                                                                                                                                                                                                                                       F5E6B384 1 Byte  [20]
.text           agu3srl7.SYS                                                                                                                                                                                                                                                                                                       F5E6B384 37 Bytes  [20, 00, 00, 68, 00, 00, 00, ...]
.text           agu3srl7.SYS                                                                                                                                                                                                                                                                                                       F5E6B3AA 24 Bytes  [00, 00, 20, 00, 00, E0, 00, ...]
.text           agu3srl7.SYS                                                                                                                                                                                                                                                                                                       F5E6B3C4 3 Bytes  [00, 00, 00]
.text           agu3srl7.SYS                                                                                                                                                                                                                                                                                                       F5E6B3C9 1 Byte  [00]
.text           ...                                                                                                                                                                                                                                                                                                                

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT             \WINDOWS\System32\Drivers\SCSIPORT.SYS[ntoskrnl.exe!DbgBreakPoint]                                                                                                                                                                                                                                                 86F6D2D8
IAT             pci.sys[ntoskrnl.exe!IoDetachDevice]                                                                                                                                                                                                                                                                               [F73FFC4C] spll.sys
IAT             pci.sys[ntoskrnl.exe!IoAttachDeviceToDeviceStack]                                                                                                                                                                                                                                                                  [F73FFCA0] spll.sys
IAT             atapi.sys[HAL.dll!READ_PORT_UCHAR]                                                                                                                                                                                                                                                                                 [F73CF040] spll.sys
IAT             atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT]                                                                                                                                                                                                                                                                         [F73CF13C] spll.sys
IAT             atapi.sys[HAL.dll!READ_PORT_USHORT]                                                                                                                                                                                                                                                                                [F73CF0BE] spll.sys
IAT             atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT]                                                                                                                                                                                                                                                                        [F73CF7FC] spll.sys
IAT             atapi.sys[HAL.dll!WRITE_PORT_UCHAR]                                                                                                                                                                                                                                                                                [F73CF6D2] spll.sys
IAT             \SystemRoot\System32\DRIVERS\USBPORT.SYS[ntoskrnl.exe!DbgBreakPoint]                                                                                                                                                                                                                                               86D422D8
IAT             \SystemRoot\System32\Drivers\agu3srl7.SYS[ntoskrnl.exe!RtlInitUnicodeString]                                                                                                                                                                                                                                       000000A5
IAT             \SystemRoot\System32\Drivers\agu3srl7.SYS[ntoskrnl.exe!swprintf]                                                                                                                                                                                                                                                   000000E5
IAT             \SystemRoot\System32\Drivers\agu3srl7.SYS[ntoskrnl.exe!KeSetEvent]                                                                                                                                                                                                                                                 000000F1
IAT             \SystemRoot\System32\Drivers\agu3srl7.SYS[ntoskrnl.exe!IoCreateSymbolicLink]                                                                                                                                                                                                                                       00000071
IAT             \SystemRoot\System32\Drivers\agu3srl7.SYS[ntoskrnl.exe!IoGetConfigurationInformation]                                                                                                                                                                                                                              000000D8
IAT             \SystemRoot\System32\Drivers\agu3srl7.SYS[ntoskrnl.exe!IoDeleteSymbolicLink]                                                                                                                                                                                                                                       00000031
IAT             \SystemRoot\System32\Drivers\agu3srl7.SYS[ntoskrnl.exe!MmFreeMappingAddress]                                                                                                                                                                                                                                       00000015
IAT             \SystemRoot\System32\Drivers\agu3srl7.SYS[ntoskrnl.exe!IoFreeErrorLogEntry]                                                                                                                                                                                                                                        00000004
IAT             \SystemRoot\System32\Drivers\agu3srl7.SYS[ntoskrnl.exe!IoDisconnectInterrupt]                                                                                                                                                                                                                                      000000C7
IAT             \SystemRoot\System32\Drivers\agu3srl7.SYS[ntoskrnl.exe!MmUnmapIoSpace]                                                                                                                                                                                                                                             00000023
IAT             \SystemRoot\System32\Drivers\agu3srl7.SYS[ntoskrnl.exe!ObReferenceObjectByPointer]                                                                                                                                                                                                                                 000000C3
IAT             \SystemRoot\System32\Drivers\agu3srl7.SYS[ntoskrnl.exe!IofCompleteRequest]                                                                                                                                                                                                                                         00000018
IAT             \SystemRoot\System32\Drivers\agu3srl7.SYS[ntoskrnl.exe!RtlCompareUnicodeString]                                                                                                                                                                                                                                    00000096
IAT             \SystemRoot\System32\Drivers\agu3srl7.SYS[ntoskrnl.exe!IofCallDriver]                                                                                                                                                                                                                                              00000005
IAT             \SystemRoot\System32\Drivers\agu3srl7.SYS[ntoskrnl.exe!MmAllocateMappingAddress]                                                                                                                                                                                                                                   0000009A
IAT             \SystemRoot\System32\Drivers\agu3srl7.SYS[ntoskrnl.exe!IoAllocateErrorLogEntry]                                                                                                                                                                                                                                    00000007
IAT             \SystemRoot\System32\Drivers\agu3srl7.SYS[ntoskrnl.exe!IoConnectInterrupt]                                                                                                                                                                                                                                         00000012
IAT             \SystemRoot\System32\Drivers\agu3srl7.SYS[ntoskrnl.exe!IoDetachDevice]                                                                                                                                                                                                                                             00000080
IAT             \SystemRoot\System32\Drivers\agu3srl7.SYS[ntoskrnl.exe!KeWaitForSingleObject]                                                                                                                                                                                                                                      000000E2
IAT             \SystemRoot\System32\Drivers\agu3srl7.SYS[ntoskrnl.exe!KeInitializeEvent]                                                                                                                                                                                                                                          000000EB
IAT             \SystemRoot\System32\Drivers\agu3srl7.SYS[ntoskrnl.exe!KeCancelTimer]                                                                                                                                                                                                                                              00000027
IAT             \SystemRoot\System32\Drivers\agu3srl7.SYS[ntoskrnl.exe!RtlAnsiStringToUnicodeString]                                                                                                                                                                                                                               000000B2
IAT             \SystemRoot\System32\Drivers\agu3srl7.SYS[ntoskrnl.exe!RtlInitAnsiString]                                                                                                                                                                                                                                          00000075
IAT             \SystemRoot\System32\Drivers\agu3srl7.SYS[ntoskrnl.exe!IoBuildDeviceIoControlRequest]                                                                                                                                                                                                                              00000009
IAT             \SystemRoot\System32\Drivers\agu3srl7.SYS[ntoskrnl.exe!IoQueueWorkItem]                                                                                                                                                                                                                                            00000083
IAT             \SystemRoot\System32\Drivers\agu3srl7.SYS[ntoskrnl.exe!MmMapIoSpace]                                                                                                                                                                                                                                               0000002C
IAT             \SystemRoot\System32\Drivers\agu3srl7.SYS[ntoskrnl.exe!IoInvalidateDeviceRelations]                                                                                                                                                                                                                                0000001A
IAT             \SystemRoot\System32\Drivers\agu3srl7.SYS[ntoskrnl.exe!IoReportDetectedDevice]                                                                                                                                                                                                                                     0000001B
IAT             \SystemRoot\System32\Drivers\agu3srl7.SYS[ntoskrnl.exe!IoReportResourceForDetection]                                                                                                                                                                                                                               0000006E
IAT             \SystemRoot\System32\Drivers\agu3srl7.SYS[ntoskrnl.exe!RtlxAnsiStringToUnicodeSize]                                                                                                                                                                                                                                0000005A
IAT             \SystemRoot\System32\Drivers\agu3srl7.SYS[ntoskrnl.exe!NlsMbCodePageTag]                                                                                                                                                                                                                                           000000A0
IAT             \SystemRoot\System32\Drivers\agu3srl7.SYS[ntoskrnl.exe!PoRequestPowerIrp]                                                                                                                                                                                                                                          00000052
IAT             \SystemRoot\System32\Drivers\agu3srl7.SYS[ntoskrnl.exe!KeInsertByKeyDeviceQueue]                                                                                                                                                                                                                                   0000003B
IAT             \SystemRoot\System32\Drivers\agu3srl7.SYS[ntoskrnl.exe!PoRegisterDeviceForIdleDetection]                                                                                                                                                                                                                           000000D6
IAT             \SystemRoot\System32\Drivers\agu3srl7.SYS[ntoskrnl.exe!sprintf]                                                                                                                                                                                                                                                    000000B3
IAT             \SystemRoot\System32\Drivers\agu3srl7.SYS[ntoskrnl.exe!MmMapLockedPagesSpecifyCache]                                                                                                                                                                                                                               00000029
IAT             \SystemRoot\System32\Drivers\agu3srl7.SYS[ntoskrnl.exe!ObfDereferenceObject]                                                                                                                                                                                                                                       000000E3
IAT             \SystemRoot\System32\Drivers\agu3srl7.SYS[ntoskrnl.exe!IoGetAttachedDeviceReference]                                                                                                                                                                                                                               0000002F
IAT             \SystemRoot\System32\Drivers\agu3srl7.SYS[ntoskrnl.exe!IoInvalidateDeviceState]                                                                                                                                                                                                                                    00000084
IAT             \SystemRoot\System32\Drivers\agu3srl7.SYS[ntoskrnl.exe!ZwClose]                                                                                                                                                                                                                                                    00000053
IAT             \SystemRoot\System32\Drivers\agu3srl7.SYS[ntoskrnl.exe!ObReferenceObjectByHandle]                                                                                                                                                                                                                                  000000D1
IAT             \SystemRoot\System32\Drivers\agu3srl7.SYS[ntoskrnl.exe!ZwCreateDirectoryObject]                                                                                                                                                                                                                                    00000000
IAT             \SystemRoot\System32\Drivers\agu3srl7.SYS[ntoskrnl.exe!IoBuildSynchronousFsdRequest]                                                                                                                                                                                                                               000000ED
IAT             \SystemRoot\System32\Drivers\agu3srl7.SYS[ntoskrnl.exe!PoStartNextPowerIrp]                                                                                                                                                                                                                                        00000020
IAT             \SystemRoot\System32\Drivers\agu3srl7.SYS[ntoskrnl.exe!IoCreateDevice]                                                                                                                                                                                                                                             000000FC
IAT             \SystemRoot\System32\Drivers\agu3srl7.SYS[ntoskrnl.exe!RtlCopyUnicodeString]                                                                                                                                                                                                                                       000000B1
IAT             \SystemRoot\System32\Drivers\agu3srl7.SYS[ntoskrnl.exe!IoAllocateDriverObjectExtension]                                                                                                                                                                                                                            0000005B
IAT             \SystemRoot\System32\Drivers\agu3srl7.SYS[ntoskrnl.exe!RtlQueryRegistryValues]                                                                                                                                                                                                                                     0000006A
IAT             \SystemRoot\System32\Drivers\agu3srl7.SYS[ntoskrnl.exe!ZwOpenKey]                                                                                                                                                                                                                                                  000000CB
IAT             \SystemRoot\System32\Drivers\agu3srl7.SYS[ntoskrnl.exe!RtlFreeUnicodeString]                                                                                                                                                                                                                                       000000BE
IAT             \SystemRoot\System32\Drivers\agu3srl7.SYS[ntoskrnl.exe!IoStartTimer]                                                                                                                                                                                                                                               00000039
IAT             \SystemRoot\System32\Drivers\agu3srl7.SYS[ntoskrnl.exe!KeInitializeTimer]                                                                                                                                                                                                                                          0000004A
IAT             \SystemRoot\System32\Drivers\agu3srl7.SYS[ntoskrnl.exe!IoInitializeTimer]                                                                                                                                                                                                                                          0000004C
IAT             \SystemRoot\System32\Drivers\agu3srl7.SYS[ntoskrnl.exe!KeInitializeDpc]                                                                                                                                                                                                                                            00000058
IAT             \SystemRoot\System32\Drivers\agu3srl7.SYS[ntoskrnl.exe!KeInitializeSpinLock]                                                                                                                                                                                                                                       000000CF
IAT             \SystemRoot\System32\Drivers\agu3srl7.SYS[ntoskrnl.exe!IoInitializeIrp]                                                                                                                                                                                                                                            000000D0
IAT             \SystemRoot\System32\Drivers\agu3srl7.SYS[ntoskrnl.exe!ZwCreateKey]                                                                                                                                                                                                                                                000000EF
IAT             \SystemRoot\System32\Drivers\agu3srl7.SYS[ntoskrnl.exe!RtlAppendUnicodeStringToString]                                                                                                                                                                                                                             000000AA
IAT             \SystemRoot\System32\Drivers\agu3srl7.SYS[ntoskrnl.exe!RtlIntegerToUnicodeString]                                                                                                                                                                                                                                  000000FB
IAT             \SystemRoot\System32\Drivers\agu3srl7.SYS[ntoskrnl.exe!ZwSetValueKey]                                                                                                                                                                                                                                              00000043
IAT             \SystemRoot\System32\Drivers\agu3srl7.SYS[ntoskrnl.exe!KeInsertQueueDpc]                                                                                                                                                                                                                                           0000004D
IAT             \SystemRoot\System32\Drivers\agu3srl7.SYS[ntoskrnl.exe!KefAcquireSpinLockAtDpcLevel]                                                                                                                                                                                                                               00000033
IAT             \SystemRoot\System32\Drivers\agu3srl7.SYS[ntoskrnl.exe!IoStartPacket]                                                                                                                                                                                                                                              00000085
IAT             \SystemRoot\System32\Drivers\agu3srl7.SYS[ntoskrnl.exe!KefReleaseSpinLockFromDpcLevel]                                                                                                                                                                                                                             00000045
IAT             \SystemRoot\System32\Drivers\agu3srl7.SYS[ntoskrnl.exe!IoBuildAsynchronousFsdRequest]                                                                                                                                                                                                                              000000F9
IAT             \SystemRoot\System32\Drivers\agu3srl7.SYS[ntoskrnl.exe!IoFreeMdl]                                                                                                                                                                                                                                                  00000002
IAT             \SystemRoot\System32\Drivers\agu3srl7.SYS[ntoskrnl.exe!MmUnlockPages]                                                                                                                                                                                                                                              0000007F
IAT             \SystemRoot\System32\Drivers\agu3srl7.SYS[ntoskrnl.exe!IoWriteErrorLogEntry]                                                                                                                                                                                                                                       00000050
IAT             \SystemRoot\System32\Drivers\agu3srl7.SYS[ntoskrnl.exe!KeRemoveByKeyDeviceQueue]                                                                                                                                                                                                                                   0000003C
IAT             \SystemRoot\System32\Drivers\agu3srl7.SYS[ntoskrnl.exe!MmMapLockedPagesWithReservedMapping]                                                                                                                                                                                                                        0000009F
IAT             \SystemRoot\System32\Drivers\agu3srl7.SYS[ntoskrnl.exe!MmUnmapReservedMapping]                                                                                                                                                                                                                                     000000A8
IAT             \SystemRoot\System32\Drivers\agu3srl7.SYS[ntoskrnl.exe!KeSynchronizeExecution]                                                                                                                                                                                                                                     00000051
IAT             \SystemRoot\System32\Drivers\agu3srl7.SYS[ntoskrnl.exe!IoStartNextPacket]                                                                                                                                                                                                                                          000000A3
IAT             \SystemRoot\System32\Drivers\agu3srl7.SYS[ntoskrnl.exe!KeBugCheckEx]                                                                                                                                                                                                                                               00000040
IAT             \SystemRoot\System32\Drivers\agu3srl7.SYS[ntoskrnl.exe!KeRemoveDeviceQueue]                                                                                                                                                                                                                                        0000008F
IAT             \SystemRoot\System32\Drivers\agu3srl7.SYS[ntoskrnl.exe!KeSetTimer]                                                                                                                                                                                                                                                 00000092
IAT             \SystemRoot\System32\Drivers\agu3srl7.SYS[ntoskrnl.exe!_allmul]                                                                                                                                                                                                                                                    0000009D
IAT             \SystemRoot\System32\Drivers\agu3srl7.SYS[ntoskrnl.exe!MmProbeAndLockPages]                                                                                                                                                                                                                                        00000038
IAT             \SystemRoot\System32\Drivers\agu3srl7.SYS[ntoskrnl.exe!_except_handler3]                                                                                                                                                                                                                                           000000F5
IAT             \SystemRoot\System32\Drivers\agu3srl7.SYS[ntoskrnl.exe!PoSetPowerState]                                                                                                                                                                                                                                            000000BC
IAT             \SystemRoot\System32\Drivers\agu3srl7.SYS[ntoskrnl.exe!IoOpenDeviceRegistryKey]                                                                                                                                                                                                                                    000000B6
IAT             \SystemRoot\System32\Drivers\agu3srl7.SYS[ntoskrnl.exe!RtlWriteRegistryValue]                                                                                                                                                                                                                                      000000DA
IAT             \SystemRoot\System32\Drivers\agu3srl7.SYS[ntoskrnl.exe!RtlDeleteRegistryValue]                                                                                                                                                                                                                                     00000021
IAT             \SystemRoot\System32\Drivers\agu3srl7.SYS[ntoskrnl.exe!_aulldiv]                                                                                                                                                                                                                                                   00000010
IAT             \SystemRoot\System32\Drivers\agu3srl7.SYS[ntoskrnl.exe!strstr]                                                                                                                                                                                                                                                     000000FF
IAT             \SystemRoot\System32\Drivers\agu3srl7.SYS[ntoskrnl.exe!_strupr]                                                                                                                                                                                                                                                    000000F3
IAT             \SystemRoot\System32\Drivers\agu3srl7.SYS[ntoskrnl.exe!KeQuerySystemTime]                                                                                                                                                                                                                                          000000D2
IAT             \SystemRoot\System32\Drivers\agu3srl7.SYS[ntoskrnl.exe!IoWMIRegistrationControl]                                                                                                                                                                                                                                   000000CD
IAT             \SystemRoot\System32\Drivers\agu3srl7.SYS[ntoskrnl.exe!KeTickCount]                                                                                                                                                                                                                                                0000000C
IAT             \SystemRoot\System32\Drivers\agu3srl7.SYS[ntoskrnl.exe!IoAttachDeviceToDeviceStack]                                                                                                                                                                                                                                00000013
IAT             \SystemRoot\System32\Drivers\agu3srl7.SYS[ntoskrnl.exe!IoDeleteDevice]                                                                                                                                                                                                                                             000000EC
IAT             \SystemRoot\System32\Drivers\agu3srl7.SYS[ntoskrnl.exe!ExAllocatePoolWithTag]                                                                                                                                                                                                                                      0000005F
IAT             \SystemRoot\System32\Drivers\agu3srl7.SYS[ntoskrnl.exe!IoAllocateWorkItem]                                                                                                                                                                                                                                         00000097
IAT             \SystemRoot\System32\Drivers\agu3srl7.SYS[ntoskrnl.exe!IoAllocateIrp]                                                                                                                                                                                                                                              00000044
IAT             \SystemRoot\System32\Drivers\agu3srl7.SYS[ntoskrnl.exe!IoAllocateMdl]                                                                                                                                                                                                                                              00000017
IAT             \SystemRoot\System32\Drivers\agu3srl7.SYS[ntoskrnl.exe!MmBuildMdlForNonPagedPool]                                                                                                                                                                                                                                  000000C4
IAT             \SystemRoot\System32\Drivers\agu3srl7.SYS[ntoskrnl.exe!MmLockPagableDataSection]                                                                                                                                                                                                                                   000000A7
IAT             \SystemRoot\System32\Drivers\agu3srl7.SYS[ntoskrnl.exe!IoGetDriverObjectExtension]                                                                                                                                                                                                                                 0000007E
IAT             \SystemRoot\System32\Drivers\agu3srl7.SYS[ntoskrnl.exe!MmUnlockPagableImageSection]                                                                                                                                                                                                                                0000003D
IAT             \SystemRoot\System32\Drivers\agu3srl7.SYS[ntoskrnl.exe!ExFreePoolWithTag]                                                                                                                                                                                                                                          00000064
IAT             \SystemRoot\System32\Drivers\agu3srl7.SYS[ntoskrnl.exe!IoFreeIrp]                                                                                                                                                                                                                                                  0000005D
IAT             \SystemRoot\System32\Drivers\agu3srl7.SYS[ntoskrnl.exe!IoFreeWorkItem]                                                                                                                                                                                                                                             00000019
IAT             \SystemRoot\System32\Drivers\agu3srl7.SYS[ntoskrnl.exe!InitSafeBootMode]                                                                                                                                                                                                                                           00000073
IAT             \SystemRoot\System32\Drivers\agu3srl7.SYS[ntoskrnl.exe!RtlCompareMemory]                                                                                                                                                                                                                                           00000060
IAT             \SystemRoot\System32\Drivers\agu3srl7.SYS[ntoskrnl.exe!PoCallDriver]                                                                                                                                                                                                                                               00000081
IAT             \SystemRoot\System32\Drivers\agu3srl7.SYS[ntoskrnl.exe!memmove]                                                                                                                                                                                                                                                    0000004F
IAT             \SystemRoot\System32\Drivers\agu3srl7.SYS[ntoskrnl.exe!MmHighestUserAddress]                                                                                                                                                                                                                                       000000DC
IAT             \SystemRoot\System32\Drivers\agu3srl7.SYS[HAL.dll!KfAcquireSpinLock]                                                                                                                                                                                                                                               000000AD
IAT             \SystemRoot\System32\Drivers\agu3srl7.SYS[HAL.dll!READ_PORT_UCHAR]                                                                                                                                                                                                                                                 000000D4
IAT             \SystemRoot\System32\Drivers\agu3srl7.SYS[HAL.dll!KeGetCurrentIrql]                                                                                                                                                                                                                                                000000A2
IAT             \SystemRoot\System32\Drivers\agu3srl7.SYS[HAL.dll!KfRaiseIrql]                                                                                                                                                                                                                                                     000000AF
IAT             \SystemRoot\System32\Drivers\agu3srl7.SYS[HAL.dll!KfLowerIrql]                                                                                                                                                                                                                                                     0000009C
IAT             \SystemRoot\System32\Drivers\agu3srl7.SYS[HAL.dll!HalGetInterruptVector]                                                                                                                                                                                                                                           000000A4
IAT             \SystemRoot\System32\Drivers\agu3srl7.SYS[HAL.dll!HalTranslateBusAddress]                                                                                                                                                                                                                                          00000072
IAT             \SystemRoot\System32\Drivers\agu3srl7.SYS[HAL.dll!KeStallExecutionProcessor]                                                                                                                                                                                                                                       000000C0
IAT             \SystemRoot\System32\Drivers\agu3srl7.SYS[HAL.dll!KfReleaseSpinLock]                                                                                                                                                                                                                                               000000B7
IAT             \SystemRoot\System32\Drivers\agu3srl7.SYS[HAL.dll!READ_PORT_BUFFER_USHORT]                                                                                                                                                                                                                                         000000FD
IAT             \SystemRoot\System32\Drivers\agu3srl7.SYS[HAL.dll!READ_PORT_USHORT]                                                                                                                                                                                                                                                00000093
IAT             \SystemRoot\System32\Drivers\agu3srl7.SYS[HAL.dll!WRITE_PORT_BUFFER_USHORT]                                                                                                                                                                                                                                        00000026
IAT             \SystemRoot\System32\Drivers\agu3srl7.SYS[HAL.dll!WRITE_PORT_UCHAR]                                                                                                                                                                                                                                                00000036
IAT             \SystemRoot\System32\Drivers\agu3srl7.SYS[WMILIB.SYS!WmiSystemControl]                                                                                                                                                                                                                                             000000F7
IAT             \SystemRoot\System32\Drivers\agu3srl7.SYS[WMILIB.SYS!WmiCompleteRequest]                                                                                                                                                                                                                                           000000CC
IAT             \SystemRoot\System32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR]                                                                                                                                                                                                                                                 [F73DF048] spll.sys

---- Devices - GMER 1.0.15 ----

Device          \FileSystem\Ntfs \Ntfs                                                                                                                                                                                                                                                                                             86FDA1F8
Device          \Driver\usbohci \Device\USBPDO-0                                                                                                                                                                                                                                                                                   86DD01F8
Device          \Driver\usbohci \Device\USBPDO-1                                                                                                                                                                                                                                                                                   86DD01F8
Device          \Driver\usbohci \Device\USBPDO-2                                                                                                                                                                                                                                                                                   86DD01F8
Device          \Driver\usbehci \Device\USBPDO-3                                                                                                                                                                                                                                                                                   86D331F8
Device          \Driver\Ftdisk \Device\HarddiskVolume1                                                                                                                                                                                                                                                                             86F6B1F8

AttachedDevice  \Driver\Ftdisk \Device\HarddiskVolume1                                                                                                                                                                                                                                                                             snapman.sys (Acronis Snapshot API/Acronis)

Device          \Driver\Cdrom \Device\CdRom0                                                                                                                                                                                                                                                                                       86DE21F8
Device          \Driver\Cdrom \Device\CdRom1                                                                                                                                                                                                                                                                                       86DE21F8
Device          \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17                                                                                                                                                                                                                                                                       [F7347B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device          \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17                                                                                                                                                                                                                                                                       sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device          \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3                                                                                                                                                                                                                                                                        [F7347B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device          \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3                                                                                                                                                                                                                                                                        sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device          \Driver\atapi \Device\Ide\IdePort0                                                                                                                                                                                                                                                                                 [F7347B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device          \Driver\atapi \Device\Ide\IdePort0                                                                                                                                                                                                                                                                                 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device          \Driver\atapi \Device\Ide\IdePort1                                                                                                                                                                                                                                                                                 [F7347B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device          \Driver\atapi \Device\Ide\IdePort1                                                                                                                                                                                                                                                                                 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device          \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-f                                                                                                                                                                                                                                                                        [F7347B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device          \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-f                                                                                                                                                                                                                                                                        sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device          \Driver\sptd \Device\3417686458                                                                                                                                                                                                                                                                                    spll.sys
Device          \Driver\NetBT \Device\NetBt_Wins_Export                                                                                                                                                                                                                                                                            867441F8
Device          \Driver\NetBT \Device\NetbiosSmb                                                                                                                                                                                                                                                                                   867441F8
Device          \Driver\PCI_PNP2708 \Device\0000005b                                                                                                                                                                                                                                                                               spll.sys
Device          \Driver\PCI_PNP2708 \Device\0000005b                                                                                                                                                                                                                                                                               spll.sys
Device          \Driver\usbohci \Device\USBFDO-0                                                                                                                                                                                                                                                                                   86DD01F8
Device          \Driver\usbohci \Device\USBFDO-1                                                                                                                                                                                                                                                                                   86DD01F8
Device          \FileSystem\MRxSmb \Device\LanmanDatagramReceiver                                                                                                                                                                                                                                                                  867101F8
Device          \Driver\usbohci \Device\USBFDO-2                                                                                                                                                                                                                                                                                   86DD01F8
Device          \FileSystem\MRxSmb \Device\LanmanRedirector                                                                                                                                                                                                                                                                        867101F8
Device          \Driver\usbehci \Device\USBFDO-3                                                                                                                                                                                                                                                                                   86D331F8
Device          \Driver\Ftdisk \Device\FtControl                                                                                                                                                                                                                                                                                   86F6B1F8
Device          \Driver\NetBT \Device\NetBT_Tcpip_{6ED714CE-B4D3-441C-8952-3A617F698C37}                                                                                                                                                                                                                                           867441F8
Device          \Driver\agu3srl7 \Device\Scsi\agu3srl71                                                                                                                                                                                                                                                                            86D261F8
Device          \FileSystem\Cdfs \Cdfs                                                                                                                                                                                                                                                                                             86B0E500

---- Registry - GMER 1.0.15 ----

Reg             HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0009dd506b1f                                                                                                                                                                                                                                        
Reg             HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0009dd506b1f@00247dd30a89                                                                                                                                                                                                                           0x61 0x3D 0x13 0x6E ...
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1                                                                                                                                                                                                                                                                 771343423
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2                                                                                                                                                                                                                                                                 285507792
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0                                                                                                                                                                                                                                                                 1
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4                                                                                                                                                                                                                                   
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0                                                                                                                                                                                                                                C:\Programme\DAEMON Tools Lite\
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0                                                                                                                                                                                                                                0
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh                                                                                                                                                                                                                             0x0D 0x88 0x15 0xE6 ...
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001                                                                                                                                                                                                                          
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0                                                                                                                                                                                                                       0x20 0x01 0x00 0x00 ...
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh                                                                                                                                                                                                                    0xFC 0xCE 0x1C 0x47 ...
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40                                                                                                                                                                                                                    
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh                                                                                                                                                                                                              0xF9 0x40 0xD2 0xDE ...
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41                                                                                                                                                                                                                    
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh                                                                                                                                                                                                              0xF9 0x40 0xD2 0xDE ...
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42                                                                                                                                                                                                                    
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42@khjeh                                                                                                                                                                                                              0xDF 0x45 0x29 0x3E ...
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43                                                                                                                                                                                                                    
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43@khjeh                                                                                                                                                                                                              0xDF 0x45 0x29 0x3E ...
Reg             HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\0009dd506b1f (not active ControlSet)                                                                                                                                                                                                                    
Reg             HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\0009dd506b1f@00247dd30a89                                                                                                                                                                                                                               0x61 0x3D 0x13 0x6E ...
Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)                                                                                                                                                                                                               
Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0                                                                                                                                                                                                                                    C:\Programme\DAEMON Tools Lite\
Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0                                                                                                                                                                                                                                    0
Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh                                                                                                                                                                                                                                 0x0D 0x88 0x15 0xE6 ...
Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)                                                                                                                                                                                                      
Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0                                                                                                                                                                                                                           0x20 0x01 0x00 0x00 ...
Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh                                                                                                                                                                                                                        0xFC 0xCE 0x1C 0x47 ...
Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)                                                                                                                                                                                                
Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh                                                                                                                                                                                                                  0xF9 0x40 0xD2 0xDE ...
Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41 (not active ControlSet)                                                                                                                                                                                                
Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh                                                                                                                                                                                                                  0xF9 0x40 0xD2 0xDE ...
Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42 (not active ControlSet)                                                                                                                                                                                                
Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42@khjeh                                                                                                                                                                                                                  0xDF 0x45 0x29 0x3E ...
Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43 (not active ControlSet)                                                                                                                                                                                                
Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43@khjeh                                                                                                                                                                                                                  0xDF 0x45 0x29 0x3E ...
Reg             HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)                                                                                                                                                                                                               
Reg             HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0                                                                                                                                                                                                                                    C:\Programme\DAEMON Tools Lite\
Reg             HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0                                                                                                                                                                                                                                    0
Reg             HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh                                                                                                                                                                                                                                 0x31 0xB2 0x7B 0xF9 ...
Reg             HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)                                                                                                                                                                                                      
Reg             HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0                                                                                                                                                                                                                           0x20 0x01 0x00 0x00 ...
Reg             HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh                                                                                                                                                                                                                        0x0A 0xB7 0x05 0x0E ...
Reg             HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)                                                                                                                                                                                                
Reg             HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh                                                                                                                                                                                                                  0x41 0x72 0xFF 0x8D ...
Reg             HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41 (not active ControlSet)                                                                                                                                                                                                
Reg             HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh                                                                                                                                                                                                                  0xDF 0x45 0x29 0x3E ...
Reg             HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42 (not active ControlSet)                                                                                                                                                                                                
Reg             HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42@khjeh                                                                                                                                                                                                                  0xDF 0x45 0x29 0x3E ...
Reg             HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43 (not active ControlSet)                                                                                                                                                                                                
Reg             HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43@khjeh                                                                                                                                                                                                                  0xDF 0x45 0x29 0x3E ...

---- Files - GMER 1.0.15 ----

[Hier standen diverse Dateien von mir, größtenteils JPG-Bilder und einige Word-Dokumente. Die Dateien sind mir alle bekannt, es war nichts auffälliges dabei.]                                                                                                                                                                                                                                          512 bytes

---- EOF - GMER 1.0.15 ----
         
[/CODE]
--- --- ---
--- --- ---

Antwort

Themen zu Ordner "Internet Explorer Updater" unter Programme, nicht löschbar, vermutlich Malware
ccleaner, download, exe-datei, explorer, gestern, hijack, inter, interne, internet, internet explorer, löschbar, löschen, malwar, malware, neustart, nicht löschbar, nichts, ordner, programme, seitdem, sekunden, vermutlich, versuch, wenige, wenigen, öffnen



Ähnliche Themen: Ordner "Internet Explorer Updater" unter Programme, nicht löschbar, vermutlich Malware


  1. Diverse Malware ("CoolSaleCoupon", "ddownlloaditkeep", "omiga-plus", "SaveSense", "SaleItCoupon"); lahmer PC & viel Werbung!
    Plagegeister aller Art und deren Bekämpfung - 11.01.2015 (16)
  2. Windows 8.1 : Vermutlich mit ZBOT infiziert. Meldung: "Ihr Computer wird in unter einer Minute heruntergefahren"
    Plagegeister aller Art und deren Bekämpfung - 12.12.2014 (7)
  3. Internet Explorer öffnet Pup ups von "lpcloudbox" nach Installation von FreeYoutubeDownloader "update"
    Log-Analyse und Auswertung - 07.09.2014 (5)
  4. Foxit Reader erstellt Ordner unter "User"?
    Überwachung, Datenschutz und Spam - 10.06.2014 (2)
  5. Unter "Programme und Features" werden fast keine Programme mehr angezeigt!
    Alles rund um Windows - 22.04.2014 (19)
  6. Programme scheinen in Ordner "Program Data" verschoben zu sein - außerdem: Shared key to keep this from being removed with install/uninstall
    Log-Analyse und Auswertung - 16.04.2014 (9)
  7. Windows7: Datei "dwm.exe" im Ordner "iswizard05" lässt sich nicht löschen
    Log-Analyse und Auswertung - 20.02.2014 (19)
  8. addon internet explorer 11 suchanbieter "search the web (softonic)" lässt sich nicht entfernen
    Plagegeister aller Art und deren Bekämpfung - 07.01.2014 (2)
  9. SPAM-Vorwurf durch Internet-Anbieter / "Malwarebytes Anti-Malware"-Abstürze / Nachfrage zu "Secunia PSI"
    Log-Analyse und Auswertung - 30.08.2013 (17)
  10. Infektion "Internet Security Pro"/ "wmdefender.exe" unter Vista; Keine Erkennung mit MBAM
    Log-Analyse und Auswertung - 22.08.2013 (19)
  11. "Internet Explorer funktioniert nicht mehr" schließt alles bis auf das Internet
    Plagegeister aller Art und deren Bekämpfung - 11.05.2013 (45)
  12. Ordner wie "Anwendungsdaten" oder "Lokale Einstellungen" werden im Explorer nicht angezeigt
    Plagegeister aller Art und deren Bekämpfung - 08.02.2013 (5)
  13. Data Recovery Problem keine Programme mehr unter "Start"
    Log-Analyse und Auswertung - 27.09.2011 (18)
  14. Programme aus "Programme"-Ordner öffnen nicht mehr
    Plagegeister aller Art und deren Bekämpfung - 20.03.2011 (1)
  15. Habe "TrojanDownloader:Win32/Renos.jm" auf Rechner.Trotz Programme nicht löschbar
    Plagegeister aller Art und deren Bekämpfung - 17.02.2010 (31)
  16. "Internet Explorer funktioniert nicht mehr" Hilfe...:(
    Plagegeister aller Art und deren Bekämpfung - 07.01.2008 (7)
  17. "E:\Programme\Internet Explorer\iexplore.exe" -Embedding
    Plagegeister aller Art und deren Bekämpfung - 08.04.2005 (1)

Zum Thema Ordner "Internet Explorer Updater" unter Programme, nicht löschbar, vermutlich Malware - Hallo, ich habe mir gestern durch Download einer EXE-Datei vermutlich Malware eingefangen. Beim Versuch die Datei zu öffnen geschah nichts am PC, es erschien auch keine Fehlermeldung. Jedoch fand sich - Ordner "Internet Explorer Updater" unter Programme, nicht löschbar, vermutlich Malware...
Archiv
Du betrachtest: Ordner "Internet Explorer Updater" unter Programme, nicht löschbar, vermutlich Malware auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.