Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Befall : Rootkit tdjzasdk, diverse Trojaner & monmvr32.exe

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 21.09.2010, 22:15   #1
luko
 
Befall : Rootkit tdjzasdk,  diverse Trojaner & monmvr32.exe - Standard

Befall : Rootkit tdjzasdk, diverse Trojaner & monmvr32.exe



Hallo,

heute habe ich bein scannen mit Malwarebytes einiges an frischem Unrat gefunden darunter hws. 2 trojaner und 1 rootkit
Google war bei monmvr32.exe und tdjzasdk nicht sehr hilfreich.

Bestätigung des Befalls durch Catchme und hijackthis


Logs wie folgt:
HiJackthis Logfile:
Code:
ATTFilter
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:44:10, on 21.09.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
 
Running processes:
F:\WINDOWS\System32\smss.exe
F:\WINDOWS\system32\winlogon.exe
F:\WINDOWS\system32\services.exe
F:\WINDOWS\system32\lsass.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\System32\svchost.exe
F:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
F:\WINDOWS\system32\spoolsv.exe
F:\Program Files\Avira\AntiVir Desktop\sched.exe
F:\Program Files\Avira\AntiVir Desktop\avguard.exe
F:\Program Files\Intel\Wireless\Bin\EvtEng.exe
F:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
F:\WINDOWS\system32\IFXSPMGT.exe
F:\WINDOWS\system32\IFXTCS.exe
F:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
F:\Program Files\Java\jre6\bin\jqs.exe
F:\PROGRAM FILES\UPS\WSTD\MSSQL$UPSWSDBSERVER\Binn\sqlservr.exe
F:\WINDOWS\system32\nvsvc32.exe
F:\WINDOWS\system32\oodag.exe
F:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
F:\WINDOWS\system32\slpservice.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\system32\MsPMSPSv.exe
F:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
F:\WINDOWS\system32\slpmonx.exe
F:\Program Files\Hewlett-Packard\IAM\bin\asghost.exe
F:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
F:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
F:\Program Files\Synaptics\SynTP\SynTPEnh.exe
F:\Program Files\Avira\AntiVir Desktop\avgnt.exe
F:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE
F:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
F:\WINDOWS\system32\RUNDLL32.EXE
F:\WINDOWS\system32\ctfmon.exe
F:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
F:\WINDOWS\Explorer.exe
F:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
F:\Program Files\Trend Micro\HijackThis\HijackThis.exe
 
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - F:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - F:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Credential Manager for HP ProtectTools - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - F:\Program Files\Hewlett-Packard\IAM\Bin\ItIEAddIn.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - F:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [IAAnotif] F:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [QlbCtrl.exe] F:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [SynTPEnh] F:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [avgnt] "F:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [PTHOSTTR] F:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE /Start
O4 - HKLM\..\Run: [CognizanceTS] rundll32.exe F:\PROGRA~1\HEWLET~1\IAM\Bin\ASTSVCC.dll,RegisterModule
O4 - HKLM\..\Run: [IntelZeroConfig] "F:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE F:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE F:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /nodetect
O4 - HKLM\..\Run: [Fvaliqexeji] rundll32.exe "F:\WINDOWS\abovekegubixudum.dll",Startup
O4 - HKCU\..\Run: [ctfmon.exe] F:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ISUSPM] "F:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] F:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] F:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] F:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] F:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://F:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - F:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - F:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {A3256902-51FA-45A0-8A97-FC1143C169D9} (Diagnostics ActiveX WebControl) - hxxp://support.microsoft.com/mats/DiagWebControl.cab
O16 - DPF: {D6E0B119-DCF2-4CD6-8DFB-7CFF1B70F7FF} (TeamOn Import Object) - https://bis.eu.blackberry.com/html/web/client_tools/TOImport.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O20 - AppInit_DLLs: APSHook.dll
O20 - Winlogon Notify: !SASWinLogon - F:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: OneCard - F:\Program Files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - F:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - F:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - F:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - F:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - F:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - F:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Security Platform Management Service (IFXSpMgtSrv) - Infineon Technologies AG - F:\WINDOWS\system32\IFXSPMGT.exe
O23 - Service: Trusted Platform Core Service (IFXTCS) - Infineon Technologies AG - F:\WINDOWS\system32\IFXTCS.exe
O23 - Service: IviRegMgr - InterVideo - F:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - F:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - F:\WINDOWS\system32\nvsvc32.exe
O23 - Service: O&O Defrag - O&O Software GmbH - F:\WINDOWS\system32\oodag.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - F:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - F:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SLPMONX - ProdEx Technologies - F:\WINDOWS\system32\slpservice.exe
 
--
End of file - 7671 bytes
         
--- --- ---



Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 4665

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

21.09.2010 18:49:18
mbam-log-2010-09-21 (18-49-18).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|F:\|)
Durchsuchte Objekte: 220456
Laufzeit: 1 Stunde(n), 27 Minute(n), 14 Sekunde(n)

Infizierte Speicherprozesse: 1
Infizierte Speichermodule: 1
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 1
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 4

Infizierte Speicherprozesse:
F:\Documents and Settings\admin\Start Menu\Programs\Startup\monmvr32.exe (Trojan.Downloader) -> No action taken.

Infizierte Speichermodule:
F:\WINDOWS\enmrfg.dll (Trojan.Hiloti) -> No action taken.

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mzozisohuniru (Trojan.Hiloti) -> No action taken.

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
F:\WINDOWS\enmrfg.dll (Trojan.Hiloti) -> No action taken.
F:\WINDOWS\system32\config\systemprofile\Application Data\apiqfw.dat (Malware.Trace) -> No action taken.
F:\Documents and Settings\admin\Start Menu\Programs\Startup\monmvr32.exe (Trojan.Downloader) -> No action taken.
F:\Documents and Settings\admin\Application Data\avdrn.dat (Malware.Trace) -> No action taken.




catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2010-09-21 19:05:15
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\tdjzasdk]
"Type"=dword:00000001
"Start"=dword:00000000
"ErrorControl"=dword:00000000
"Group"="Boot Bus Extender"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\tdjzasdk]
"Type"=dword:00000001
"Start"=dword:00000000
"ErrorControl"=dword:00000000
"Group"="Boot Bus Extender"

scanning hidden registry entries ...

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\System]
"OODEFRAG08.00.00.01WORKSTATION"="F9913F8294CC12911F1D1E2073E2B1AC1082BE49C335F616FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC 9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933A6171C11EC38DE3D9DB7CE019D40AA5CA6A0AC4980AC79337C866BEAF3C4D2ABCA18010F8ADDB3A8EBF76567B6F958D13913E45D4C DAAEB110E07961DD24554FA25FD3CE91BCF0BA64E4F9941B0509DEFAB36B3FAED8FE304AF1E23F9A688E2006D79B135D59616ADB4BADAFD53931A82931F7C588C8F73EBD9E9AD2E2893811 39D403FE23A7480F6A8C05CC4229BA894B16841D73F74EDD8341B27C32B2EEE8841AD54863D0CB56A67B25197D9AF6376A63320450EA996537A566B24A43B444B463873B5D3275C1B05DDA 52E90797B5170C455141D6D502770D117E2DCE6E9399DEAEB316DA36A5A76F134EAD9B35DD63F826EAAD26E4AF672D357BA39CE6990AAD03A55811DCAA3460E2F133B94BDE6507DE4E40F7 8A42B12D765D3B28C96DDC64E49630CA22CD7DD080B92877383A3704218BE89EEEE0FD2D1DE74222297D6E115421EE37A0DEB1DAC5B47E1E4045F8353F475AA01E867F3B98744E6CFA0721 AD78F3A9B5D4838387B186ECAA0AA94DD333B80CB70980E75E77EFB59F979ED72F99CF395AA2B42857E8E56ECE21E6598917ACB9D384736E8EEF5D1707BD2C7CFAA70CBBED51BED8BBB09D 3FF0754CC9F7AB836117C7D4CFB95A5051220EEA7BE83313116E89C1539C750FE2A95A014C325332C5D7EFEF4C40B37208240D6C45C9F2E25F0AD9B45AD444AA9EC786FE92C19840709F7D E326769D022475A5124EDD408E10A6B5DDB034D0F87D4A16935421A5CA2AAE542225A65B4F5130A4958F5C19BA4F5CF2DBA37CF116CD690960CBC0CA0003773E73968D56400026BB8185EE 9FA30EF8CB9EFE65A3B0A00EC0DAB8847C264E9FE570485B1CCC64D77F36B1B2199583FADEE9941A828BCBD487CD5C4551152201DC890E365E83767FE9E617BAEF74A5182E5939B9537EEB 1085D6FD4E06B8DA2B968140B6EF857207589BBE0D33B43538215747D5FCF45C44CC67E860F9121860EC6D3AE9CB08580F8CB0B72392E2B07801259DF70AED412B4E4569ADB234BB971B3A DB508D546D692B558EEA649BDDA97CD79C1928FB00B3640A5560D5C76DFBC025096075C6389FBD0EDB47A49146CF275829292C4842FE48A30194300A97E964C1A8816AD106EC33B1B40E6E 8B37A275E2AE0B0C0C76E09AD348D733CAEA75ECF62791F37AE5BFDAEB390806E3411043091995E297CFE4DD3109B0F0EDD9E4A7FE7360BFD92D3C6A3D08754F883AB8CEAE5C14ED4D43C7 79A32796A06C1B33446981359D9DF239FC79C586D5FA3A6F398D6BC413A68AFA396B0774A051A90E5797C9C7830714C30E489B61C6529F3E0BB0C1DBD7AD26234C18"

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0



Bitte sehr um Eure Unterstützung.
Info:
Das befallenen NB ist bis zur Reinigung ab vom LAN / WLAN
Datentransfer mit dem mini NB nur per USB stick.

Danke sehr

Luko

Alt 22.09.2010, 22:51   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Befall : Rootkit tdjzasdk,  diverse Trojaner & monmvr32.exe - Standard

Befall : Rootkit tdjzasdk, diverse Trojaner & monmvr32.exe



Hallo,

hast Du auch alle Funde mit Malwarebytes entfernt? Ich muss fragen, weil da no action taken steht!
__________________

__________________

Alt 23.09.2010, 00:42   #3
luko
 
Befall : Rootkit tdjzasdk,  diverse Trojaner & monmvr32.exe - Standard

Rootkit tdjzasd, buescreen crash mit GMER scan...



Hallo Arne,
Danke dass Du dich meiner Sorgen annimst!

Richtig, ich hatte mitlerweile mit MAB die Trojaner entfernen lassen >
MAB meldet derzeit keinen Befund.
Im Autostart steht noch einen Anwendung die da nicht hingehoert, und rootkit tdjzasdk bringt beim scannen mit GMER (nach eurer Anleitung) XP jedesmal zum Bluescreen Absturz.
Ich weiss nicht recht wie ich die veraenderten registry eintraege wieder hinbekommen und den tdjzasdk.sys aus den sysem32 drivern herausbekommen kann.
Kennst Du den Rootkit, der GMER zum abschmieren bringt ?
Ist eine ziemliche Sauerei, die mir wohl ueber gefakte Java Anwendungen hereingekommen ist.
Ich werde noch mehr Vorsicht, bei meinen Recherchen walten lassen ...
Sag mir bitte , welche Daten oder logfiles Du von mir benoetigst.
Ich mache so schnell wie es geht. Die Maschine muss alsbald wieder online gehen.....


Danke sehr fue Deine liebe Hilfe

Andreas (Luko)
__________________

Alt 23.09.2010, 00:52   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Befall : Rootkit tdjzasdk,  diverse Trojaner & monmvr32.exe - Standard

Befall : Rootkit tdjzasdk, diverse Trojaner & monmvr32.exe



Systemscan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles hier in den Thread.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 23.09.2010, 15:31   #5
luko
 
Befall : Rootkit tdjzasdk,  diverse Trojaner & monmvr32.exe - Standard

Befall : Rootkit tdjzasdk, diverse Trojaner & monmvr32.exe



Hallo Arne

anbei die reports. Habe alles Persoenliche gexxxxt oder ver*****OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 23.09.2010 12:27:13 - Run 2
OTL by OldTimer - Version 3.2.14.1     Folder = F:\Documents and Settings\***\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Germany | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 3,00 Gb Available Physical Memory | 84,00% Memory free
7,00 Gb Paging File | 7,00 Gb Available in Paging File | 93,00% Paging File free
Paging file location(s): E:\pagefile.sys 4092 4092 [binary data]
 
%SystemDrive% = F: | %SystemRoot% = F:\WINDOWS | %ProgramFiles% = F:\Program Files
Drive C: | 6,84 Gb Total Space | 5,01 Gb Free Space | 73,29% Space Free | Partition Type: NTFS
Drive D: | 6,84 Gb Total Space | 3,49 Gb Free Space | 50,98% Space Free | Partition Type: NTFS
Drive E: | 59,94 Gb Total Space | 13,35 Gb Free Space | 22,28% Space Free | Partition Type: NTFS
Drive F: | 19,53 Gb Total Space | 5,93 Gb Free Space | 30,35% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive K: | 3,79 Gb Total Space | 0,02 Gb Free Space | 0,51% Space Free | Partition Type: FAT32
 
Computer Name: xxxxxxx
Current User Name: ***
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = Opera.HTML] -- F:\Program Files\Opera\Opera.exe (Opera Software)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "F:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "F:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "F:\Program Files\Opera\opera.exe" (Opera Software)
https [open] -- "F:\Program Files\Opera\opera.exe" (Opera Software)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "F:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "F:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "F:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"6160:TCP" = 6160:TCP:*:Disabled:Seagull Driver Networking
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"F:\Program Files\Opera\opera.exe" = F:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser -- (Opera Software)
"F:\WINDOWS\system32\usmt\migwiz.exe" = F:\WINDOWS\system32\usmt\migwiz.exe:*:Disabled:Files and Settings Transfer Wizard -- (Microsoft Corporation)
"F:\WINDOWS\system32\javaw.exe" = F:\WINDOWS\system32\javaw.exe:*:Enabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.)
"F:\WINDOWS\system32\java.exe" = F:\WINDOWS\system32\java.exe:*:Enabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.)
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}" = mLogView
"{18E65799-76BD-46EF-9E53-972FE5A40736}" = Opera 10.62
"{205A5182-EFC8-4C25-B61D-C164F8FF4048}" = BlackBerry Desktop Software 5.0.1
"{23FB368F-1399-4EAC-817C-4B83ECBE3D83}" = mProSafe
"{2624B969-7135-4EB1-B0F6-2D8C397B45F7}_is1" = Media Player Classic - Home Cinema v. 1.3.1249.0
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java(TM) 6 Update 17
"{2A033A00-FE0D-4609-B0E8-2C49CC494FC8}" = WorldShip
"{2DB165DC-DDB4-403F-B985-19F3EC7D0357}" = HP ProtectTools Security Manager
"{33035862-543C-4405-9CC6-08593CF2C25F}" = ReportServer
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.30 J1
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{390160B4-D276-4A04-8002-8D3101A0D367}" = UPSICC
"{3912A629-0020-0005-3131-2FBA74D4DF0A}" = InterVideo WinDVD
"{3E9D596A-61D4-4239-BD19-2DB984D2A16F}" = mIWA
"{4422D20B-F530-4E65-8504-31396C9BC066}" = Google SketchUp 8
"{463A57EB-89CF-4B91-AD55-E4CC8456E0E6}" = StarMoney 6.0 
"{4AE3EAC8-FAD9-4ECC-A339-BBAD8C72DE71}" = UPSDB
"{4BA3DDD4-BC91-48B2-8896-7A02C34829D7}" = HP Embedded Security for ProtectTools
"{507C870C-C27E-4F53-A32A-23500AC62A46}" = Adobe GoLive CS (DEU)
"{53480370-6CA2-47EC-BC05-02B4B9271C31}" = O&O Defrag Professional Edition
"{56B59C2A-EFB8-44AC-88F5-3280171E4522}" = PolicyManager
"{5AE59A84-B2F3-42CC-A246-5AF80F6EE770}" = Reconciler
"{5D97A4A7-C274-4B63-86D9-07A33435F505}" = InterVideo DVD Check
"{60B81442-7AB5-49A2-BF90-02A2786587ED}" = USB-Flachbettscanner
"{68AF09E3-1167-4771-903C-CCCDCF7E171C}" = NRF
"{69333A04-5134-40A5-A055-9166A7AA1EC8}" = 
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{75ECB75A-522C-4312-8DE7-597CDA9D96A3}" = HP Mobile Data Protection System
"{7F362F06-A9A3-440F-8B19-6A01A72723C4}" = AuthenTec Fingerprint Sensor Minimum Install
"{829CD169-E692-48E8-9BDE-A3E8D8B65538}" = mSCfg
"{8927E07C-97F7-4A54-88FB-D976F50DD46E}" = Turbo Lister 2
"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
"{8C5BD501-AD5D-4A75-9321-076509B438FC}" = WebHelp
"{8C6BB412-D3A8-4AAE-A01B-35B681789D68}" = mHelp
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel Matrix Storage Manager
"{90B0D222-8C21-4B35-9262-53B042F18AF9}" = mPfWiz
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD
"{94658027-9F16-4509-BBD7-A59FE57C3023}" = mZConfig
"{95749C5B-BC37-41E3-8D39-EEF4C21A2825}" = CCC
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9DA12996-EB20-40AB-8D44-BA190C8634A8}" = Printer Utility
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A5181519-9F3D-4372-ABC6-C333C2F3A816}_is1" = RunAlyzer
"{A5763105-D1D5-4862-A3FE-EC058F9AA73E}" = ICCHelp
"{AA2E6BFE-4351-481C-A720-47CB3506570B}" = ACDSee 8
"{AC76BA86-7AD7-1031-7B44-A93000000001}" = Adobe Reader 9.3.4 - Deutsch
"{AC76BA86-7AD7-5760-0000-900000000003}" = Japanese Fonts Support For Adobe Reader 9
"{AE052EF7-2640-48D7-8915-69B810D975CB}" = HP BIOS Configuration for ProtectTools 2.00 E1
"{B7F54262-AB66-44B3-88BF-9FC69941B643}" = Broadcom NetXtreme Ethernet Controller
"{BB2F9840-531D-4C8E-9F19-A101ECD9ABC0}" = UPS Thermal Printer Plugin - Version 8.10
"{BC728F95-2D3F-4D05-9E1E-F2A3CEBF3FE8}" = FormsComponent
"{BE41F3D2-FC73-4C3E-A2C2-5D2B08A5B2D0}" = Credential Manager for HP ProtectTools
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C23415D8-FE94-4F52-B5C4-0FFA2202C6D9}" = UPSVCMM
"{C2C284D2-6BD7-3B34-B0C5-B2CAED168DF7}" = Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - DEU
"{C30E30A6-0AB5-470A-AB67-D322938F5429}" = SupportUtility
"{C314CE45-3392-3B73-B4E1-139CD41CA933}" = Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - DEU
"{C8645A63-4331-460A-ADD9-784985428D62}" = REFLEX Modellflugsimulator
"{C9D43B38-34AD-4EC2-B696-46F42D49D174}" = MSIChecker
"{C9E4932C-8417-4E4C-A0E3-EE534810AB4D}" = ClearType Tuning Control Panel Applet
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CF2962CB-E3E7-4AA5-B6CE-EE59A600ECBE}" = UnifiedPrinting
"{D44E7219-947E-4F1B-830E-66EF11ACC543}" = NA1Messenger
"{DB2C58E0-6284-4B48-97F2-22A980B6360B}" = System
"{DB780B85-B4B5-4864-A49C-9B706B169C93}" = TIPCI
"{E09B48B5-E141-427A-AB0C-D3605127224A}" = Microsoft SQL Server Desktop Engine (UPSWSDBSERVER)
"{E358CC1E-4953-4E27-ADEB-8B27D8BBC20E}" = UPSlinkHTTP
"{E81667C6-2856-46D6-ABEA-6A2F42166779}" = mCore
"{EA9629DA-5715-48BA-B054-28169702B176}" = FOSS
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
"{F18DB86D-BC16-4E01-BCCE-63F62B931D82}" = InterVideo Register Manager
"{F6090A17-0967-4A8A-B3C3-422A1B514D49}" = mDrWiFi
"{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}" = mWlsSafe
"{FFCB1B04-5B1C-4A17-AA60-CA6F00BA50F9}" = StarMoney
"AC3Filter_is1" = AC3Filter 1.63b
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Bass Audio Decoder" = Bass Audio Decoder (remove only)
"BlackBerry_{205A5182-EFC8-4C25-B61D-C164F8FF4048}" = BlackBerry Desktop Software 5.0.1
"CANONBJ_Deinstall_CNMCP5n.DLL" = Canon i965
"CCleaner" = CCleaner
"CD Audio Reader Filter" = CD Audio Reader Filter (remove only)
"CleanUp!" = CleanUp!
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA_hpq0033m" = HDAUDIO Soft Data Fax Modem with SmartCP
"CutePDF Writer Installation" = CutePDF Writer 2.7
"DScaler 5 Mpeg Decoders_is1" = DScaler 5 Mpeg Decoders
"ERUNT_is1" = ERUNT 1.1j
"EVEREST Home Edition_is1" = EVEREST Home Edition v2.20
"ffdshow_is1" = ffdshow [rev 3124] [2009-11-03]
"FFMPEG Core Files" = FFMPEG Core Files (remove only)
"Free FLV Converter_is1" = Free FLV Converter V 6.7.3
"Gabest MPEG Splitter" = Gabest MPEG Splitter (remove only)
"HaaliMkx" = Haali Media Splitter
"HijackThis" = HijackThis 2.0.2
"ie8" = Windows Internet Explorer 8
"ImgBurn" = ImgBurn
"InstallShield_{DB780B85-B4B5-4864-A49C-9B706B169C93}" = Texas Instruments PCIxx21/x515/xx12 drivers.
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Monkey's Audio_is1" = Monkey's Audio
"MONOGRAM AMR Splitter/Decoder" = MONOGRAM AMR Splitter/Decoder (remove only)
"Mozilla Firefox (3.5.5)" = Mozilla Firefox (3.5.5)
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager
"OpenSource AVI Splitter" = OpenSource AVI Splitter (remove only)
"OpenSource DTS/AC3/DD+ Source Filter" = OpenSource DTS/AC3/DD+ Source Filter (remove only)
"OpenSource Flash Video Splitter" = OpenSource Flash Video Splitter (remove only)
"ProInst" = Intel(R) PROSet/Wireless Software
"QuickTime" = QuickTime
"SHOUTcast Source" = SHOUTcast Source (remove only)
"Slp32V4" = Smart Label Printer
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Tweak UI 2.10" = Tweak UI
"UPS WorldShip" = UPS WorldShip
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Winamp" = Winamp
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR
"Winston_is1" = Winston Version 2010W
"XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0
"ZoomPlayer" = Zoom Player (remove only)
"ZoomPlayerLang" = Zoom Player deutsche Sprachdateien (entfernen)
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Winamp Detect" = Winamp Anwendungserkennung
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 07.09.2010 04:36:32 | Computer Name = xxxxx | Source = Application Error | ID = 1000
Description = Faulting application wmc.exe, version 1.0.0.0, faulting module wmc.exe,
 version 1.0.0.0, fault address 0x00004404.
 
Error - 07.09.2010 13:59:29 | Computer Name =xxxxx | Source = ThreadLib | ID = 0
Description = 
 
Error - 21.09.2010 11:15:50 | Computer Name = xxxxx | Source = Application Error | ID = 1000
Description = Faulting application flashutil10i_plugin.exe, version 10.1.82.76, 
faulting module unknown, version 0.0.0.0, fault address 0x7ca145a3.
 
Error - 21.09.2010 12:57:51 | Computer Name = xxxxx | Source = IFXWlxEN | ID = 2687344
Description = Failed to create instance of IWlxEvent interface.
 
Error - 21.09.2010 13:03:02 | Computer Name = xxxxx | Source = IFXWlxEN | ID = 2687344
Description = Failed to create instance of IWlxEvent interface.
 
Error - 21.09.2010 13:14:09 | Computer Name = xxxxxx | Source = IFXWlxEN | ID = 2687344
Description = Failed to create instance of IWlxEvent interface.
 
Error - 21.09.2010 13:17:27 | Computer Name = xxxxx | Source = IFXWlxEN | ID = 2687344
Description = Failed to create instance of IWlxEvent interface.
 
Error - 21.09.2010 14:41:04 | Computer Name = xxxx | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting
 module abovekegubixudum.dll, version 0.0.0.0, fault address 0x000126d7.
 
Error - 22.09.2010 06:42:30 | Computer Name = xxxxxx | Source = ThreadLib | ID = 0
Description = 
 
Error - 22.09.2010 09:00:55 | Computer Name = xxxxxx | Source = IFXWlxEN | ID = 2687344
Description = Failed to create instance of IWlxEvent interface.
 
[ Credential Manager Events ]
Error - 07.06.2010 04:27:32 | Computer Name = xxxxx| Source = AuthWiz | ID = 100796068
Description = The submitted credentials were rejected.    User: ***@xxxxxx Credentials:
 Password   Error: (0xC516020B) The system could not log you on.  Verify your user
 name and domain are correct and then type your password again.  Letters in passwords
 must be typed using the correct case.  Verify that Caps Lock is off.
 
Error - 10.06.2010 11:53:43 | Computer Name = xxxxxxxx | Source = AuthWiz | ID = 100796068
Description = The submitted credentials were rejected.    User: *****@xxxxxxxx Credentials:
 Fingerprints   Error: (0xC5161003) The requested biometrics operation could not 
be successfully completed.
 
Error - 30.06.2010 04:39:32 | Computer Name = xxxxxxx | Source = AuthWiz | ID = 100796068
Description = The submitted credentials were rejected.    User: *****@xxxxxxx Credentials:
 Password   Error: (0xC516020B) The system could not log you on.  Verify your user
 name and domain are correct and then type your password again.  Letters in passwords
 must be typed using the correct case.  Verify that Caps Lock is off.
 
Error - 06.07.2010 10:47:32 | Computer Name =xxxxxxx | Source = AuthWiz | ID = 100796068
Description = The submitted credentials were rejected.    User: *****@xxxxxxxx Credentials:
 Fingerprints   Error: (0xC5161001) The fingerprints provided do not match.
 
Error - 02.08.2010 04:36:20 | Computer Name = xxxxxxxx | Source = AuthWiz | ID = 100796068
Description = The submitted credentials were rejected.    User: *******@xxxxxxx Credentials:
 Fingerprints   Error: (0xC5161001) The fingerprints provided do not match.
 
Error - 02.08.2010 07:05:33 | Computer Name =xxxxxxxxx | Source = AuthWiz | ID = 100796068
Description = The submitted credentials were rejected.    User: *******@xxxxxxxxxx Credentials:
 Password   Error: (0xC516020B) The system could not log you on.  Verify your user
 name and domain are correct and then type your password again.  Letters in passwords
 must be typed using the correct case.  Verify that Caps Lock is off.
 
Error - 03.08.2010 17:24:24 | Computer Name = xxxxxxx | Source = AuthWiz | ID = 100796068
Description = The submitted credentials were rejected.    User: ****@xxxxxxxxxx Credentials:
 Password   Error: (0xC516020B) The system could not log you on.  Verify your user
 name and domain are correct and then type your password again.  Letters in passwords
 must be typed using the correct case.  Verify that Caps Lock is off.
 
Error - 05.08.2010 10:28:28 | Computer Name = xxxxxxx | Source = AuthWiz | ID = 100796068
Description = The submitted credentials were rejected.    User: *****@xxxxxxxxx Credentials:
 Password   Error: (0xC516020B) The system could not log you on.  Verify your user
 name and domain are correct and then type your password again.  Letters in passwords
 must be typed using the correct case.  Verify that Caps Lock is off.
 
Error - 13.08.2010 09:44:10 | Computer Name =xxxxxxxx | Source = AuthWiz | ID = 100796068
Description = The submitted credentials were rejected.    User: ********@xxxxxxxxx Credentials:
 Password   Error: (0xC516020B) The system could not log you on.  Verify your user
 name and domain are correct and then type your password again.  Letters in passwords
 must be typed using the correct case.  Verify that Caps Lock is off.
 
Error - 13.09.2010 11:11:21 | Computer Name = xxxxxxxx | Source = AuthWiz | ID = 100796068
Description = The submitted credentials were rejected.    User: ****@xxxxxxxx Credentials:
 Fingerprints   Error: (0xC5161003) The requested biometrics operation could not 
be successfully completed.
 
[ System Events ]
Error - 22.09.2010 09:32:57 | Computer Name = xxxxxxxx| Source = Service Control Manager | ID = 7034
Description = The MSSQL$UPSWSDBSERVER service terminated unexpectedly.  It has done
 this 1 time(s).
 
Error - 22.09.2010 09:32:57 | Computer Name = xxxxxxxxxx| Source = Service Control Manager | ID = 7034
Description = The NVIDIA Display Driver Service service terminated unexpectedly.
  It has done this 1 time(s).
 
Error - 22.09.2010 09:32:57 | Computer Name = xxxxxxxxxxxx| Source = Service Control Manager | ID = 7034
Description = The O&O Defrag service terminated unexpectedly.  It has done this 
1 time(s).
 
Error - 22.09.2010 09:32:57 | Computer Name = xxxxxxxxxx| Source = Service Control Manager | ID = 7034
Description = The Intel(R) PROSet/Wireless Registry Service service terminated unexpectedly.
  It has done this 1 time(s).
 
Error - 22.09.2010 09:32:57 | Computer Name = xxxxxxxxxxx| Source = Service Control Manager | ID = 7034
Description = The SLPMONX service terminated unexpectedly.  It has done this 1 time(s).
 
Error - 22.09.2010 09:32:57 | Computer Name = xxxxxxxxxxxx| Source = Service Control Manager | ID = 7034
Description = The hpqwmiex service terminated unexpectedly.  It has done this 1 
time(s).
 
Error - 22.09.2010 09:34:35 | Computer Name = xxxxxxxxxxxxx| Source = Service Control Manager | ID = 7000
Description = The USB-Flachbettscanner service failed to start due to the following
 error:   %%1058
 
Error - 22.09.2010 09:43:40 | Computer Name = xxxxxxxxxxxxxxx| Source = Service Control Manager | ID = 7000
Description = The USB-Flachbettscanner service failed to start due to the following
 error:   %%1058
 
Error - 22.09.2010 09:53:31 | Computer Name = xxxxxxxxxxxx| Source = Service Control Manager | ID = 7000
Description = The USB-Flachbettscanner service failed to start due to the following
 error:   %%1058
 
Error - 23.09.2010 05:41:41 | Computer Name = xxxxxxxxxx| Source = Service Control Manager | ID = 7000
Description = The USB-Flachbettscanner service failed to start due to the following
 error:   %%1058
 
 
< End of report >
         
--- --- ---
OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 23.09.2010 12:27:13 - Run 2
OTL by OldTimer - Version 3.2.14.1     Folder = F:\Documents and Settings\***\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Germany | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 3,00 Gb Available Physical Memory | 84,00% Memory free
7,00 Gb Paging File | 7,00 Gb Available in Paging File | 93,00% Paging File free
Paging file location(s): E:\pagefile.sys 4092 4092 [binary data]
 
%SystemDrive% = F: | %SystemRoot% = F:\WINDOWS | %ProgramFiles% = F:\Program Files
Drive C: | 6,84 Gb Total Space | 5,01 Gb Free Space | 73,29% Space Free | Partition Type: NTFS
Drive D: | 6,84 Gb Total Space | 3,49 Gb Free Space | 50,98% Space Free | Partition Type: NTFS
Drive E: | 59,94 Gb Total Space | 13,35 Gb Free Space | 22,28% Space Free | Partition Type: NTFS
Drive F: | 19,53 Gb Total Space | 5,93 Gb Free Space | 30,35% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive K: | 3,79 Gb Total Space | 0,02 Gb Free Space | 0,51% Space Free | Partition Type: FAT32
 
Computer Name: xxxxxxxx
Current User Name: ***
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Processes (SafeList) ==========
 
PRC - F:\Documents and Settings\***\Desktop\OTL.exe (OldTimer Tools)
PRC - F:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - F:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - F:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - F:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - F:\Program Files\Intel\Wireless\Bin\EvtEng.exe (Intel Corporation)
PRC - F:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe (Intel Corporation)
PRC - F:\Program Files\Intel\Wireless\Bin\S24EvMon.exe (Intel Corporation )
PRC - F:\Program Files\Intel\Wireless\Bin\RegSrvc.exe (Intel Corporation)
PRC - F:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (Macrovision Corporation)
PRC - F:\Program Files\Hewlett-Packard\IAM\Bin\asghost.exe (Cognizance Corporation)
PRC - F:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\pthosttr.exe (Hewlett-Packard Development Company, L.P.)
PRC - F:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)
PRC - F:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
PRC - F:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe (Intel Corporation)
PRC - F:\Program Files\UPS\WSTD\MSSQL$UPSWSDBSERVER\Binn\sqlservr.exe (Microsoft Corporation)
PRC - F:\WINDOWS\system32\oodag.exe (O&O Software GmbH)
PRC - F:\WINDOWS\system32\slpmonx.exe (Seiko Instruments USA, Inc.)
PRC - F:\WINDOWS\system32\slpservice.exe (ProdEx Technologies)
PRC - F:\Program Files\Medion\ScanPanel\ScnPanel.exe ()
 
 
========== Modules (SafeList) ==========
 
MOD - F:\Documents and Settings\***\Desktop\OTL.exe (OldTimer Tools)
MOD - F:\WINDOWS\system32\arpdump.dll ()
MOD - F:\WINDOWS\system32\msvcp60.dll (Microsoft Corporation)
MOD - F:\WINDOWS\system32\msscript.ocx (Microsoft Corporation)
MOD - F:\WINDOWS\system32\APSHook.dll (Bioscrypt Inc.)
MOD - F:\Program Files\Hewlett-Packard\IAM\Bin\ItClient.dll (Cognizance Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (HidServ) -- F:\WINDOWS\System32\hidserv.dll File not found
SRV - (AntiVirService) -- F:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- F:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (EvtEng) Intel(R) -- F:\Program Files\Intel\Wireless\Bin\EvtEng.exe (Intel Corporation)
SRV - (S24EventMonitor) Intel(R) -- F:\Program Files\Intel\Wireless\Bin\S24EvMon.exe (Intel Corporation )
SRV - (RegSrvc) Intel(R) -- F:\Program Files\Intel\Wireless\Bin\RegSrvc.exe (Intel Corporation)
SRV - (ASBroker) -- F:\Program Files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll (Cognizance Corporation)
SRV - (IviRegMgr) -- F:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)
SRV - (ASChannel) -- F:\Program Files\Hewlett-Packard\IAM\Bin\ASChnl.dll (Cognizance Corporation)
SRV - (IAANTMon) Intel(R) -- F:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe (Intel Corporation)
SRV - (MSSQL$UPSWSDBSERVER) -- F:\PROGRAM FILES\UPS\WSTD\MSSQL$UPSWSDBSERVER\Binn\sqlservr.exe (Microsoft Corporation)
SRV - (SQLAgent$UPSWSDBSERVER) -- F:\PROGRAM FILES\UPS\WSTD\MSSQL$UPSWSDBSERVER\Binn\sqlagent.EXE (Microsoft Corporation)
SRV - (O&O Defrag) -- F:\WINDOWS\system32\oodag.exe (O&O Software GmbH)
SRV - (SLPMONX) -- F:\WINDOWS\system32\slpservice.exe (ProdEx Technologies)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (UIUSys) -- F:\WINDOWS\System32\DRIVERS\UIUSYS.SYS File not found
DRV - (MEMSWEEP2) -- F:\WINDOWS\System32\1.tmp File not found
DRV - (avgntflt) -- F:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH)
DRV - (SASENUM) -- F:\Program Files\SUPERAntiSpyware\SASENUM.SYS ( SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASDIFSV) -- F:\Program Files\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASKUTIL) -- F:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (ssmdrv) -- F:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (Cdralw2k) -- F:\WINDOWS\System32\drivers\cdralw2k.sys (Sonic Solutions)
DRV - (Cdr4_xp) -- F:\WINDOWS\System32\drivers\cdr4_xp.sys (Sonic Solutions)
DRV - (avipbb) -- F:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgio) -- F:\Program Files\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (HDAudBus) -- F:\WINDOWS\system32\drivers\hdaudbus.sys (Windows (R) Server 2003 DDK provider)
DRV - (SynTP) -- F:\WINDOWS\system32\drivers\SynTP.sys (Synaptics, Inc.)
DRV - (NETw4x32) Intel(R) -- F:\WINDOWS\system32\drivers\NETw4x32.sys (Intel Corporation)
DRV - (ADIHdAudAddService) -- F:\WINDOWS\system32\drivers\ADIHdAud.sys (Analog Devices, Inc.)
DRV - (ATSWPDRV) AuthenTec TruePrint USB Driver (SwipeSensor) -- F:\WINDOWS\system32\drivers\atswpdrv.sys (AuthenTec, Inc.)
DRV - (s24trans) -- F:\WINDOWS\system32\drivers\s24trans.sys (Intel Corporation)
DRV - (nv) -- F:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation)
DRV - (HpqKbFiltr) -- F:\WINDOWS\system32\drivers\HpqKbFiltr.sys (Hewlett-Packard Development Company, L.P.)
DRV - (tifm21) -- F:\WINDOWS\system32\drivers\tifm21.sys (Texas Instruments)
DRV - (GTIPCI21) -- F:\WINDOWS\system32\drivers\gtipci21.sys (Texas Instruments)
DRV - (HBtnKey) -- F:\WINDOWS\system32\drivers\CPQBttn.sys (Hewlett-Packard Development Company, L.P.)
DRV - (HSF_DPV) -- F:\WINDOWS\system32\drivers\HSF_DPV.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- F:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.)
DRV - (HSFHWAZL) -- F:\WINDOWS\system32\drivers\HSFHWAZL.sys (Conexant Systems, Inc.)
DRV - (b57w2k) -- F:\WINDOWS\system32\drivers\b57xp32.sys (Broadcom Corporation)
DRV - (Accelerometer) -- F:\WINDOWS\system32\drivers\Accelerometer.sys (Hewlett-Packard Corporation)
DRV - (hpdskflt) -- F:\WINDOWS\system32\DRIVERS\hpdskflt.sys (Hewlett-Packard Corporation)
DRV - (IFXTPM) -- F:\WINDOWS\system32\drivers\ifxtpm.sys (Infineon Technologies AG)
DRV - (iaStor) -- F:\WINDOWS\system32\drivers\iaStor.sys (Intel Corporation)
DRV - (SampleScanner) -- F:\WINDOWS\system32\drivers\ArtecGT.sys (   )
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.update: false
FF - prefs.js..extensions.enabledItems: YoutubeDownloader@PeterOlayev.com:1.4
FF - prefs.js..extensions.enabledItems: {bee6eb20-01e0-ebd1-da83-080329fb9a3a}:0.1
FF - prefs.js..extensions.enabledItems: {CA98C7ED-AC2C-42F4-B531-6CDEB5DB2AAE}:1.9.1
 
FF - HKLM\software\mozilla\Firefox\extensions\\{CA98C7ED-AC2C-42F4-B531-6CDEB5DB2AAE}: F:\Documents and Settings\***\Local Settings\Application Data\{CA98C7ED-AC2C-42F4-B531-6CDEB5DB2AAE} [2010.09.21 12:33:57 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Components: F:\Program Files\Mozilla Firefox\components [2010.01.18 21:49:48 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Plugins: F:\Program Files\Mozilla Firefox\plugins [2010.08.23 16:12:43 | 000,000,000 | ---D | M]
 
[2010.01.15 20:59:46 | 000,000,000 | ---D | M] -- F:\Documents and Settings\***\Application Data\Mozilla\Extensions
[2010.09.21 18:04:46 | 000,000,000 | ---D | M] -- F:\Documents and Settings\***Application Data\Mozilla\Firefox\Profiles\mki35h49.default\extensions
[2010.08.28 12:54:27 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- F:\Documents and Settings\****\Application Data\Mozilla\Firefox\Profiles\mki35h49.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.01.25 21:26:09 | 000,000,000 | ---D | M] (Flash and Video Download) -- F:\Documents and Settings\***\Application Data\Mozilla\Firefox\Profiles\mki35h49.default\extensions\{bee6eb20-01e0-ebd1-da83-080329fb9a3a}
[2010.08.28 12:54:27 | 000,000,000 | ---D | M] -- F:\Documents and Settings\***\Application Data\Mozilla\Firefox\Profiles\mki35h49.default\extensions\YoutubeDownloader@PeterOlayev.com
[2010.09.21 18:04:46 | 000,000,000 | ---D | M] -- F:\Program Files\Mozilla Firefox\extensions
[2008.07.28 12:07:36 | 000,069,632 | ---- | M] (UPS) -- F:\Program Files\Mozilla Firefox\plugins\NPEltr32.dll
[2009.12.21 07:47:02 | 000,063,488 | ---- | M] (Nullsoft) -- F:\Program Files\Mozilla Firefox\plugins\npwachk.dll
[2009.11.03 04:14:39 | 000,001,392 | ---- | M] () -- F:\Program Files\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2009.11.03 04:14:39 | 000,002,344 | ---- | M] () -- F:\Program Files\Mozilla Firefox\searchplugins\eBay-de.xml
[2009.11.03 04:14:39 | 000,006,805 | ---- | M] () -- F:\Program Files\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2009.11.03 04:14:39 | 000,001,178 | ---- | M] () -- F:\Program Files\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2009.11.03 04:14:39 | 000,000,801 | ---- | M] () -- F:\Program Files\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2004.08.04 14:00:00 | 000,000,734 | ---- | M]) - F:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Credential Manager for HP ProtectTools) - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - F:\Program Files\Hewlett-Packard\IAM\Bin\ItIEAddIn.dll (Bioscrypt Inc.)
O4 - HKLM..\Run: [avgnt] F:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [CognizanceTS] F:\Program Files\Hewlett-Packard\IAM\Bin\ASTSVCC.dll (Cognizance Corporation)
O4 - HKLM..\Run: [IAAnotif] F:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [IntelZeroConfig] F:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe (Intel Corporation)
O4 - HKLM..\Run: [NvCplDaemon] F:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] F:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] F:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [PTHOSTTR] F:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE (Hewlett-Packard Development Company, L.P.)
O4 - HKCU..\Run: [ISUSPM] F:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (Macrovision Corporation)
O4 - Startup: F:\Documents and Settings\All Users\Start Menu\Programs\Startup\ScanPanel.lnk = F:\Program Files\Medion\ScanPanel\ScnPanel.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 01 00 00 00  [binary data]
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMMyPictures = 01 00 00 00  [binary data]
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoNetworkConnections = 01 00 00 00  [binary data]
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {A3256902-51FA-45A0-8A97-FC1143C169D9} hxxp://support.microsoft.com/mats/DiagWebControl.cab (Diagnostics ActiveX WebControl)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {D6E0B119-DCF2-4CD6-8DFB-7CFF1B70F7FF} https://bis.eu.blackberry.com/html/web/client_tools/TOImport.cab (TeamOn Import Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O20 - AppInit_DLLs: (APSHook.dll) - F:\WINDOWS\System32\APSHook.dll (Bioscrypt Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - F:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: GinaDLL - (F:\Program Files\Hewlett-Packard\IAM\bin\ocgina.dll) - F:\Program Files\Hewlett-Packard\IAM\Bin\OCGina.dll (Cognizance Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - F:\Program Files\SUPERAntiSpyware\SASWINLO.dll - F:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\IfxWlxEN: DllName - IfxWlxEN.dll - F:\WINDOWS\System32\IfxWlxEN.dll (Infineon Technologies AG)
O20 - Winlogon\Notify\OneCard: DllName - F:\Program Files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll - F:\Program Files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll (Cognizance Corporation)
O24 - Desktop WallPaper: F:\WINDOWS\Web\Wallpaper\HP Cityscape Wide.bmp
O24 - Desktop BackupWallPaper: F:\WINDOWS\Web\Wallpaper\HP Cityscape Wide.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - F:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010.01.11 13:07:50 | 000,000,000 | -H-- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O34 - HKLM BootExecute: (OODBS) - F:\WINDOWS\System32\OODBS.exe (O&O Software GmbH)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O36 - AppCertDlls: clicover - (F:\WINDOWS\system32\arpdump.dll) - F:\WINDOWS\system32\arpdump.dll ()
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2010.09.23 12:25:12 | 000,000,000 | RH-D | C] -- F:\Documents and Settings\***\Recent
[2010.09.23 12:06:11 | 000,575,488 | ---- | C] (OldTimer Tools) -- F:\Documents and Settings\***\Desktop\OTL.exe
[2010.09.22 18:02:49 | 000,045,056 | ---- | C] (ULTIMA ELECTRONICS CORP.) -- F:\WINDOWS\System32\RemovePlus.exe
[2010.09.22 18:02:33 | 000,000,000 | ---D | C] -- F:\Program Files\Medion
[2010.09.22 15:40:42 | 000,000,000 | ---D | C] -- F:\WINDOWS\ERDNT
[2010.09.22 15:37:14 | 000,000,000 | ---D | C] -- F:\Program Files\ERUNT
[2010.09.22 14:27:47 | 000,000,000 | ---D | C] -- F:\Program Files\Sophos
[2010.09.22 14:14:08 | 000,519,680 | ---- | C] (OldTimer Tools) -- F:\Documents and Settings\***\Desktop\OTM.exe
[2010.09.21 21:43:53 | 000,000,000 | ---D | C] -- F:\Program Files\Trend Micro
[2010.09.21 19:18:41 | 000,000,000 | ---D | C] -- F:\Program Files\Safer Networking
[2010.09.21 12:33:57 | 000,000,000 | ---D | C] -- F:\Documents and Settings\***\Local Settings\Application Data\{CA98C7ED-AC2C-42F4-B531-6CDEB5DB2AAE}
[2010.09.15 16:02:48 | 000,000,000 | ---D | C] -- F:\Documents and Settings\***\Application Data\Google
[2010.09.15 16:01:46 | 000,000,000 | ---D | C] -- F:\Documents and Settings\All Users\Application Data\Google
[2010.09.15 15:57:42 | 000,000,000 | ---D | C] -- F:\Program Files\Google
[2010.08.26 17:23:34 | 000,644,400 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\mscomct2.ocx
[2010.03.29 20:57:15 | 000,018,120 | ---- | C] (   ) -- F:\WINDOWS\System32\drivers\ArtecGT.sys
[2004.08.04 14:00:00 | 000,192,512 | ---- | C] ( ) -- F:\WINDOWS\abovekegubixudum.dll
 
========== Files - Modified Within 30 Days ==========
 
[2010.09.23 12:27:50 | 000,564,800 | ---- | M] () -- F:\WINDOWS\System32\drivers\tdjzasdk.sys
[2010.09.23 12:05:46 | 000,575,488 | ---- | M] (OldTimer Tools) -- F:\Documents and Settings\***\Desktop\OTL.exe
[2010.09.23 11:46:06 | 000,535,230 | ---- | M] () -- F:\WINDOWS\System32\PerfStringBackup.INI
[2010.09.23 11:46:06 | 000,450,520 | ---- | M] () -- F:\WINDOWS\System32\perfh009.dat
[2010.09.23 11:46:06 | 000,075,330 | ---- | M] () -- F:\WINDOWS\System32\perfc009.dat
[2010.09.23 11:42:16 | 000,001,202 | ---- | M] () -- F:\WINDOWS\ScnPanel.ini
[2010.09.23 11:41:51 | 000,002,206 | ---- | M] () -- F:\WINDOWS\System32\wpa.dbl
[2010.09.23 11:41:48 | 000,077,918 | ---- | M] () -- F:\WINDOWS\System32\nvModes.001
[2010.09.23 11:41:27 | 000,000,006 | -H-- | M] () -- F:\WINDOWS\tasks\SA.DAT
[2010.09.23 11:41:24 | 000,002,048 | --S- | M] () -- F:\WINDOWS\bootstat.dat
[2010.09.23 11:41:17 | 000,122,802 | ---- | M] () -- F:\WINDOWS\System32\OODBS.lor
[2010.09.22 19:05:19 | 005,767,168 | -H-- | M] () -- F:\Documents and Settings\***\NTUSER.DAT
[2010.09.22 19:04:58 | 000,000,531 | ---- | M] () -- F:\WINDOWS\win.ini
[2010.09.22 19:04:54 | 006,520,490 | -H-- | M] () -- F:\Documents and Settings\***\Local Settings\Application Data\IconCache.db
[2010.09.22 18:56:59 | 000,011,463 | ---- | M] () -- F:\WINDOWS\Dusb3ar.ini
[2010.09.22 18:56:59 | 000,002,662 | ---- | M] () -- F:\WINDOWS\Ausba3.INI
[2010.09.22 18:10:08 | 000,000,589 | ---- | M] () -- F:\Documents and Settings\***\Desktop\My.lnk
[2010.09.22 18:03:21 | 000,030,720 | ---- | M] () -- F:\WINDOWS\EWhiteu12.dat
[2010.09.22 18:03:21 | 000,000,004 | ---- | M] () -- F:\WINDOWS\AErroru3.dat
[2010.09.22 18:03:19 | 000,030,720 | ---- | M] () -- F:\WINDOWS\EDarku12.dat
[2010.09.22 18:03:16 | 000,000,006 | ---- | M] () -- F:\WINDOWS\EExpou.dat
[2010.09.22 18:03:16 | 000,000,003 | ---- | M] () -- F:\WINDOWS\EOffsetu.dat
[2010.09.22 18:03:16 | 000,000,003 | ---- | M] () -- F:\WINDOWS\EGain6.dat
[2010.09.22 18:02:49 | 000,001,614 | ---- | M] () -- F:\Documents and Settings\All Users\Start Menu\Programs\Startup\ScanPanel.lnk
[2010.09.22 15:37:14 | 000,000,617 | ---- | M] () -- F:\Documents and Settings\***\Desktop\NTREGOPT.lnk
[2010.09.22 15:37:14 | 000,000,598 | ---- | M] () -- F:\Documents and Settings\***\Desktop\ERUNT.lnk
[2010.09.22 14:58:29 | 000,000,681 | ---- | M] () -- F:\Documents and Settings\***\Desktop\Shortcut to Cleanup.exe.lnk
[2010.09.22 12:21:41 | 000,000,873 | ---- | M] () -- F:\Documents and Settings\***\Desktop\Shortcut to xxxxxxxx.xls.lnk
[2010.09.22 09:41:20 | 000,000,000 | ---- | M] () -- F:\WINDOWS\Ariqukaye.bin
[2010.09.22 07:51:02 | 000,293,376 | ---- | M] () -- F:\Documents and Settings\***\Desktop\52u8lxww.exe
[2010.09.21 21:43:53 | 000,001,740 | ---- | M] () -- F:\Documents and Settings\***\Desktop\HijackThis.lnk
[2010.09.21 21:41:04 | 000,519,680 | ---- | M] (OldTimer Tools) -- F:\Documents and Settings\***\Desktop\OTM.exe
[2010.09.21 19:16:29 | 000,000,178 | -HS- | M] () -- F:\Documents and Settings\***\ntuser.ini
[2010.09.21 18:51:32 | 000,020,992 | ---- | M] () -- F:\Documents and Settings\***\My Documents\Wunschzettel.doc
[2010.09.21 16:58:33 | 000,000,120 | ---- | M] () -- F:\WINDOWS\Gjimecahalevete.dat
[2010.09.21 12:25:53 | 000,050,176 | -H-- | M] () -- F:\WINDOWS\System32\arpdump.dll
[2010.09.20 20:43:13 | 000,002,181 | ---- | M] () -- F:\Documents and Settings\***\Desktop\REFLEX Modellflugsimulator.lnk
[2010.09.20 14:29:11 | 000,077,918 | ---- | M] () -- F:\WINDOWS\System32\nvModes.dat
[2010.09.20 11:40:03 | 000,112,128 | ---- | M] () -- F:\Documents and Settings\***\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.09.16 16:19:22 | 000,000,616 | ---- | M] () -- F:\Documents and Settings\***\Application Data\Microsoft\Internet Explorer\Quick Launch\Opera.lnk
[2010.09.15 15:57:51 | 000,001,768 | ---- | M] () -- F:\Documents and Settings\All Users\Desktop\Google SketchUp 8.lnk
[2010.09.14 21:55:10 | 000,028,622 | ---- | M] () -- F:\Documents and Settings\***\Desktop\Re_ Vent Window  Four Winns Liberator xxxxxxxxx.eml
[2010.09.14 12:37:00 | 000,083,841 | ---- | M] () -- F:\Documents and Settings\***\Desktop\Expedia  Reisebestätigung - xxxxx (Reiseplan-Nr. 000000000000).eml
[2010.09.14 08:45:36 | 002,125,423 | ---- | M] () -- F:\Documents and Settings\***\Desktop\plesk8.pdf
[2010.09.12 12:02:33 | 000,000,724 | ---- | M] () -- F:\Documents and Settings\***\Desktop\Bank***.lnk
[2010.09.10 16:48:11 | 000,000,275 | ---- | M] () -- F:\Documents and Settings\***\Desktop\Shortcut to *** xxx.xls.lnk
[2010.09.10 16:48:03 | 000,000,278 | ---- | M] () -- F:\Documents and Settings\***\Desktop\Shortcut to xxxxxxxxxxx.xls.lnk
[2010.08.29 13:26:34 | 000,951,440 | ---- | M] () -- F:\Documents and Settings\***\My Documents\small-block.pdf
[2010.08.26 17:23:34 | 000,644,400 | ---- | M] (Microsoft Corporation) -- F:\WINDOWS\System32\mscomct2.ocx
 
========== Files Created - No Company Name ==========
 
[2010.09.22 18:10:08 | 000,000,589 | ---- | C] () -- F:\Documents and Settings\***\Desktop\My.lnk
[2010.09.22 18:02:49 | 000,001,614 | ---- | C] () -- F:\Documents and Settings\All Users\Start Menu\Programs\Startup\ScanPanel.lnk
[2010.09.22 18:02:49 | 000,001,202 | ---- | C] () -- F:\WINDOWS\ScnPanel.ini
[2010.09.22 18:02:49 | 000,000,766 | ---- | C] () -- F:\WINDOWS\Uninstall.ico
[2010.09.22 18:02:29 | 000,001,704 | ---- | C] () -- F:\WINDOWS\ePlus.ini
[2010.09.22 15:37:14 | 000,000,617 | ---- | C] () -- F:\Documents and Settings\***\Desktop\NTREGOPT.lnk
[2010.09.22 15:37:14 | 000,000,598 | ---- | C] () -- F:\Documents and Settings\***\Desktop\ERUNT.lnk
[2010.09.22 14:58:29 | 000,000,681 | ---- | C] () -- F:\Documents and Settings\***\Desktop\Shortcut to Cleanup.exe.lnk
[2010.09.22 14:14:03 | 000,293,376 | ---- | C] () -- F:\Documents and Settings\***\Desktop\52u8lxww.exe
[2010.09.21 22:44:20 | 000,083,841 | ---- | C] () -- F:\Documents and Settings\***\Desktop\Expedia  Reisebestätigung - xxxxx- (Reiseplan-Nr. 000000).eml
[2010.09.21 21:43:53 | 000,001,740 | ---- | C] () -- F:\Documents and Settings\***\Desktop\HijackThis.lnk
[2010.09.21 18:51:32 | 000,020,992 | ---- | C] () -- F:\Documents and Settings\***\My Documents\Wunschzettel.doc
[2010.09.21 12:33:58 | 000,000,120 | ---- | C] () -- F:\WINDOWS\Gjimecahalevete.dat
[2010.09.21 12:33:58 | 000,000,000 | ---- | C] () -- F:\WINDOWS\Ariqukaye.bin
[2010.09.21 12:32:23 | 000,564,800 | ---- | C] () -- F:\WINDOWS\System32\drivers\tdjzasdk.sys
[2010.09.21 12:25:53 | 000,050,176 | -H-- | C] () -- F:\WINDOWS\System32\arpdump.dll
[2010.09.15 15:57:51 | 000,001,768 | ---- | C] () -- F:\Documents and Settings\All Users\Desktop\Google SketchUp 8.lnk
[2010.09.14 21:55:10 | 000,028,622 | ---- | C] () -- F:\Documents and Settings\***\Desktop\Re_ Vent Window  Four Winns Liberator xxxxxxx.eml
[2010.09.14 08:45:36 | 002,125,423 | ---- | C] () -- F:\Documents and Settings\***\Desktop\plesk8.pdf
[2010.09.12 12:02:33 | 000,000,724 | ---- | C] () -- F:\Documents and Settings\***\Desktop\Bank***.lnk
[2010.09.10 16:48:11 | 000,000,275 | ---- | C] () -- F:\Documents and Settings\***\Desktop\Shortcut to *** XXX.xls.lnk
[2010.09.10 16:48:03 | 000,000,278 | ---- | C] () -- F:\Documents and Settings\***\Desktop\Shortcut to XXXXXX.xls.lnk
[2010.08.29 13:26:34 | 000,951,440 | ---- | C] () -- F:\Documents and Settings\***\My Documents\xxxxxx.pdf
[2010.08.25 17:41:25 | 000,000,873 | ---- | C] () -- F:\Documents and Settings\***\Desktop\Shortcut to xxxxxxx.xls.lnk
[2010.05.17 20:23:17 | 000,000,241 | ---- | C] () -- F:\WINDOWS\wstdUPSWSHIP.INI
[2010.03.29 20:57:18 | 000,200,704 | ---- | C] () -- F:\WINDOWS\Ausba3.dll
[2010.03.29 20:57:18 | 000,011,463 | ---- | C] () -- F:\WINDOWS\Dusb3ar.ini
[2010.03.29 20:57:18 | 000,002,662 | ---- | C] () -- F:\WINDOWS\Ausba3.INI
[2010.03.08 17:44:17 | 000,024,576 | R--- | C] () -- F:\WINDOWS\System32\Arsetup.dll
[2010.03.08 17:44:17 | 000,000,282 | R--- | C] () -- F:\WINDOWS\System32\Arsetup.ini
[2010.02.08 17:06:36 | 000,000,040 | ---- | C] () -- F:\WINDOWS\ed3_programmer.ini
[2010.02.07 15:49:56 | 000,000,000 | ---- | C] () -- F:\Documents and Settings\***\Local Settings\Application Data\FnF4.txt
[2010.01.15 22:52:06 | 000,112,128 | ---- | C] () -- F:\Documents and Settings\***\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.01.15 21:27:03 | 000,085,504 | ---- | C] () -- F:\WINDOWS\System32\ff_vfw.dll
[2010.01.15 21:27:03 | 000,000,547 | ---- | C] () -- F:\WINDOWS\System32\ff_vfw.dll.manifest
[2010.01.15 21:21:52 | 000,001,298 | ---- | C] () -- F:\WINDOWS\MultiTimer.ini
[2010.01.15 20:07:58 | 000,000,166 | ---- | C] () -- F:\WINDOWS\hbcikrnl.ini
[2010.01.14 18:12:22 | 000,006,656 | ---- | C] () -- F:\WINDOWS\System32\CNMVS5n.DLL
[2010.01.14 17:59:08 | 000,001,406 | ---- | C] () -- F:\WINDOWS\ODBC.INI
[2010.01.12 19:58:00 | 000,036,864 | ---- | C] () -- F:\WINDOWS\System32\SlpApi42.dll
[2010.01.12 19:54:30 | 000,087,552 | ---- | C] () -- F:\WINDOWS\System32\cpwmon2k.dll
[2010.01.12 15:23:20 | 000,204,800 | ---- | C] () -- F:\WINDOWS\System32\IVIresizeW7.dll
[2010.01.12 15:23:20 | 000,200,704 | ---- | C] () -- F:\WINDOWS\System32\IVIresizeA6.dll
[2010.01.12 15:23:20 | 000,192,512 | ---- | C] () -- F:\WINDOWS\System32\IVIresizeP6.dll
[2010.01.12 15:23:20 | 000,192,512 | ---- | C] () -- F:\WINDOWS\System32\IVIresizeM6.dll
[2010.01.12 15:23:20 | 000,188,416 | ---- | C] () -- F:\WINDOWS\System32\IVIresizePX.dll
[2010.01.12 15:23:19 | 000,020,480 | ---- | C] () -- F:\WINDOWS\System32\IVIresize.dll
[2007.08.09 03:18:00 | 001,703,936 | ---- | C] () -- F:\WINDOWS\System32\nvwdmcpl.dll
[2007.08.09 03:18:00 | 001,474,560 | ---- | C] () -- F:\WINDOWS\System32\nview.dll
[2007.08.09 03:18:00 | 001,019,904 | ---- | C] () -- F:\WINDOWS\System32\nvwimg.dll
[2007.08.09 03:18:00 | 000,466,944 | ---- | C] () -- F:\WINDOWS\System32\nvshell.dll
[2007.03.16 14:13:44 | 000,012,547 | ---- | C] () -- F:\WINDOWS\System32\argomon.dll
[2003.04.08 13:41:20 | 000,180,224 | ---- | C] () -- F:\WINDOWS\System32\nssckbi.dll
[2002.03.21 16:39:02 | 000,073,728 | ---- | C] () -- F:\WINDOWS\System32\UNACEV2.DLL
[1998.05.07 03:10:00 | 000,069,632 | R--- | C] () -- F:\WINDOWS\System32\ODMA32.dll
[1980.01.04 02:17:16 | 000,000,000 | ---- | C] () -- F:\Documents and Settings\***\Local Settings\Application Data\QSwitch.txt
[1980.01.04 02:17:16 | 000,000,000 | ---- | C] () -- F:\Documents and Settings\***\Local Settings\Application Data\DSwitch.txt
[1980.01.04 02:17:16 | 000,000,000 | ---- | C] () -- F:\Documents and Settings\***\Local Settings\Application Data\AtStart.txt
[1980.01.04 02:00:13 | 000,039,859 | ---- | C] () -- F:\Documents and Settings\***\Local Settings\Application Data\FASTWiz.log
< End of report >
         
--- --- ---


Danke sehr ....

Gruss Andreas


Alt 23.09.2010, 17:02   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Befall : Rootkit tdjzasdk,  diverse Trojaner & monmvr32.exe - Standard

Befall : Rootkit tdjzasdk, diverse Trojaner & monmvr32.exe



Beende alle Programme, starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:
ATTFilter
:OTL
MOD - F:\WINDOWS\system32\arpdump.dll ()
DRV - (MEMSWEEP2) -- F:\WINDOWS\System32\1.tmp File not found
O36 - AppCertDlls: clicover - (F:\WINDOWS\system32\arpdump.dll) - F:\WINDOWS\system32\arpdump.dll ()
[2004.08.04 14:00:00 | 000,192,512 | ---- | C] ( ) -- F:\WINDOWS\abovekegubixudum.dll
[2010.09.23 12:27:50 | 000,564,800 | ---- | M] () -- F:\WINDOWS\System32\drivers\tdjzasdk.sys
[2010.09.22 09:41:20 | 000,000,000 | ---- | M] () -- F:\WINDOWS\Ariqukaye.bin
[2010.09.21 16:58:33 | 000,000,120 | ---- | M] () -- F:\WINDOWS\Gjimecahalevete.dat
[2010.09.21 12:25:53 | 000,050,176 | -H-- | M] () -- F:\WINDOWS\System32\arpdump.dll
:Commands
[purity]
[resethosts]
[emptytemp]
         
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.


Danach bitte folgendes machen, denn wir brauchen den Quarantäneordner:

1.) GANZ WICHTIG!! Virenscanner deaktivieren, der darf da nicht rummurksen!
2.) Ordner C:\_OTL in eine Datei zippen
3.) Die erstellte ZIP-Datei hier hochladen => http://www.trojaner-board.de/54791-a...ner-board.html
4.) Wenns erfolgreich war Bescheid sagen
5.) Erst dann wieder den Virenscanner einschalten
__________________
--> Befall : Rootkit tdjzasdk, diverse Trojaner & monmvr32.exe

Alt 23.09.2010, 20:11   #7
luko
 
Befall : Rootkit tdjzasdk,  diverse Trojaner & monmvr32.exe - Standard

Befall : Rootkit tdjzasdk, diverse Trojaner & monmvr32.exe



lief wie am Schnuerchen
Ist nun alles wieder gut auf meinem Pferdemarkt ???

Many Thanks
Luko



Logfile OTL

All processes killed
========== OTL ==========
Service MEMSWEEP2 stopped successfully!
Service MEMSWEEP2 deleted successfully!
File F:\WINDOWS\System32\1.tmp File not found not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\AppCertDlls\\clicover:F:\WINDOWS\system32\arpdump.dll deleted successfully.
F:\WINDOWS\system32\arpdump.dll moved successfully.
F:\WINDOWS\abovekegubixudum.dll moved successfully.
File move failed. F:\WINDOWS\system32\drivers\tdjzasdk.sys scheduled to be moved on reboot.
F:\WINDOWS\Ariqukaye.bin moved successfully.
F:\WINDOWS\Gjimecahalevete.dat moved successfully.
File F:\WINDOWS\System32\arpdump.dll not found.
========== COMMANDS ==========
F:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Luko
->Temp folder emptied: 167610 bytes
->Temporary Internet Files folder emptied: 33237 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Opera cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 483 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 537893 bytes

Total Files Cleaned = 1,00 mb


OTL by OldTimer - Version 3.2.14.1 log created on 09232010_195417

Files\Folders moved on Reboot...
File move failed. F:\WINDOWS\system32\drivers\tdjzasdk.sys scheduled to be moved on reboot.

Registry entries deleted on Reboot...

Alt 23.09.2010, 20:22   #8
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Befall : Rootkit tdjzasdk,  diverse Trojaner & monmvr32.exe - Standard

Befall : Rootkit tdjzasdk, diverse Trojaner & monmvr32.exe



Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Lade dir ComboFix hier herunter auf deinen Desktop. Benenne es beim Runterladen um in cofi.exe.
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 23.09.2010, 21:54   #9
luko
 
Befall : Rootkit tdjzasdk,  diverse Trojaner & monmvr32.exe - Standard

Befall : Rootkit tdjzasdk, diverse Trojaner & monmvr32.exe



HAllo Arne

URGENT

Mein NB verfügt über keine Wiederherstellungskonsole, CF verlangt nach Internetzugang zum herunterladen der Konsole.

Firewall, Avira, alle Sicherheit ist OFF.
NB ist seit dem Befall ebenso Offline und sollte es meiner Meinung nach auch bis zum OK deinerseits auch bleiben.

Soll ich nun Sicherheit herstellen und downloaden oder Alternative , bitte .

Alles steht und wartet -- Bitte schnelle Info

Danke sehr

Andreas

Alt 23.09.2010, 22:08   #10
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Befall : Rootkit tdjzasdk,  diverse Trojaner & monmvr32.exe - Standard

Befall : Rootkit tdjzasdk, diverse Trojaner & monmvr32.exe



Ja, bitte installieren.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 23.09.2010, 22:25   #11
luko
 
Befall : Rootkit tdjzasdk,  diverse Trojaner & monmvr32.exe - Standard

Befall : Rootkit tdjzasdk, diverse Trojaner & monmvr32.exe



Grand Malheur....
Wollte CF mit NO beenden, um die Sicheheit aktiviren zu können.
Aber dann hat es den Lauf ohne die Wiederherstellung mit Neustart durchgeführt. Sorry, das konnte ich nicht wissen.

DAs Log habe ich eben als CFlog.yip hochgeladen.

Hoffe Du bist nicht sauer, mir tut mein Fehler sehr leid....

Machst Du mit mir trotzdem weiter ...???

Andreashxxp://www.trojaner-board.de/images/smilies/headbang.gif

Alt 23.09.2010, 22:50   #12
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Befall : Rootkit tdjzasdk,  diverse Trojaner & monmvr32.exe - Standard

Befall : Rootkit tdjzasdk, diverse Trojaner & monmvr32.exe



Zitat:
Wollte CF mit NO beenden, um die Sicheheit aktiviren zu können.
Schädlinge fliegen nicht von allein auf den PC. Wenn mal vorübergehend die Windows-Firewall aus ist, ist das kein großes Risiko. Man kann auch gut komplett ohne Software-Firewall und Virenscanner auskommen. Mach erstmal das Log mit CF, die Wiederherstellungskonsole kann man notfalls auch über die Windows-CD erreichen/nachinstallieren oder auch manuell über CF.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 23.09.2010, 23:04   #13
luko
 
Befall : Rootkit tdjzasdk,  diverse Trojaner & monmvr32.exe - Standard

Befall : Rootkit tdjzasdk, diverse Trojaner & monmvr32.exe



Hallo Arne,

OK.

Das CFlog habe ich als CFlog.zip vor ca 20 min per upload gesendet.

...oder soll ich es extra anonymisieren und hierher posten`?

Danke
Luko

Alt 23.09.2010, 23:14   #14
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Befall : Rootkit tdjzasdk,  diverse Trojaner & monmvr32.exe - Standard

Befall : Rootkit tdjzasdk, diverse Trojaner & monmvr32.exe



Logs kannst und solltest Du ruhig hier direkt posten. Der UCh ist eigentlich nur für neue malware samples gedacht. Aber gut, ich komm da auch ran


Combofix - Scripten

1. Starte das Notepad (Start / Ausführen / notepad[Enter])

2. Jetzt füge mit copy/paste den ganzen Inhalt der untenstehenden Codebox in das Notepad Fenster ein.

Code:
ATTFilter
Registry::
[-HKEY_LOCAL_MACHINE\System\ControlSet001\Services\tdjzasdk]
         
3. Speichere im Notepad als CFScript.txt auf dem Desktop.

4. Deaktivere den Guard Deines Antivirenprogramms und eine eventuell vorhandene Software Firewall.
(Auch Guards von Ad-, Spyware Programmen und den Tea Timer (wenn vorhanden) !)

5. Dann ziehe die CFScript.txt auf die cofi.exe, so wie es im unteren Bild zu sehen ist. Damit wird Combofix neu gestartet.



6. Nach dem Neustart (es wird gefragt ob Du neustarten willst), poste bitte die folgenden Log Dateien:
Combofix.txt

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 23.09.2010, 23:51   #15
luko
 
Befall : Rootkit tdjzasdk,  diverse Trojaner & monmvr32.exe - Standard

Befall : Rootkit tdjzasdk, diverse Trojaner & monmvr32.exe



Hallo Arne,

CFlog2 wie folgt.

Danke und eine Gute Nacht



Combofix Logfile:
Code:
ATTFilter
ComboFix 10-09-23.01 - **** 23.09.2010  23:28:17.2.2 - x86
Microsoft Windows XP Professional  5.1.2600.3.1252.49.1033.18.3455.2941 [GMT 2:00]
ausgeführt von:: f:\documents and settings\****\Desktop\Cofi.exe
Benutzte Befehlsschalter :: f:\documents and settings\****\Desktop\CFScript.txt
AV: AntiVir Desktop *On-access scanning disabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7}

Achtung - Auf diesem PC ist keine Wiederherstellungskonsole installiert !!
.

(((((((((((((((((((((((   Dateien erstellt von 2010-08-23 bis 2010-09-23  ))))))))))))))))))))))))))))))
.

2010-09-23 19:46 . 2010-09-23 20:12	--------	d-----w-	F:\Cofi
2010-09-23 18:01 . 2010-09-23 18:01	214801	----a-w-	F:\_OTL.zip
2010-09-23 17:54 . 2010-09-23 17:54	--------	d-----w-	F:\_OTL
2010-09-22 16:02 . 2001-07-10 16:00	45056	----a-w-	f:\windows\system32\RemovePlus.exe
2010-09-22 16:02 . 2010-09-22 16:02	--------	d-----w-	f:\program files\Medion
2010-09-22 13:37 . 2010-09-22 13:37	--------	d-----w-	f:\program files\ERUNT
2010-09-22 12:27 . 2010-09-22 12:54	--------	d-----w-	f:\program files\Sophos
2010-09-21 19:43 . 2010-09-21 19:43	--------	d-----w-	f:\program files\Trend Micro
2010-09-21 17:18 . 2010-09-21 17:18	--------	d-----w-	f:\program files\Safer Networking
2010-09-21 10:32 . 2010-09-23 21:30	564800	----a-w-	f:\windows\system32\drivers\tdjzasdk.sys
2010-09-15 13:57 . 2010-09-15 13:57	--------	d-----w-	f:\program files\Google

.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-22 16:03 . 2010-03-08 16:05	4	----a-w-	f:\windows\AErroru3.dat
2010-09-22 16:03 . 2010-03-08 16:05	30720	----a-w-	f:\windows\EWhiteu12.dat
2010-09-22 16:03 . 2010-03-08 16:05	30720	----a-w-	f:\windows\EDarku12.dat
2010-09-22 16:03 . 2010-03-08 16:05	6	----a-w-	f:\windows\EExpou.dat
2010-09-22 16:03 . 2010-03-08 16:05	3	----a-w-	f:\windows\EOffsetu.dat
2010-09-22 16:03 . 2010-03-08 16:05	3	----a-w-	f:\windows\EGain6.dat
2010-09-22 16:02 . 1980-01-04 00:04	--------	d--h--w-	f:\program files\InstallShield Installation Information
2010-09-21 15:35 . 1980-01-04 00:26	117760	----a-w-	f:\documents and settings\****\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-09-21 15:32 . 2010-01-15 18:07	--------	d-----w-	f:\program files\StarMoney 6.0
2010-09-21 14:57 . 2010-05-17 18:19	--------	d-----w-	f:\program files\UPS
2010-09-20 20:52 . 2010-02-07 20:09	--------	d-----w-	f:\program files\REFLEX
2010-09-20 12:29 . 2010-05-01 12:37	77918	----a-w-	f:\windows\system32\nvModes.dat
2010-09-16 14:19 . 2010-01-15 16:57	--------	d-----w-	f:\program files\Opera
2010-08-17 13:17 . 2004-08-04 12:00	58880	----a-w-	f:\windows\system32\spoolsv.exe
2010-08-12 17:47 . 2010-03-18 11:29	256	----a-w-	f:\windows\system32\pool.bin
2010-07-22 15:49 . 2004-08-04 12:00	590848	----a-w-	f:\windows\system32\rpcrt4.dll
2010-07-22 05:57 . 2010-01-14 12:52	5120	----a-w-	f:\windows\system32\xpsp4res.dll
2010-06-30 12:31 . 2004-08-04 12:00	149504	----a-w-	f:\windows\system32\schannel.dll
.

(((((((((((((((((((((((((((((   SnapShot@2010-09-23_20.09.51   )))))))))))))))))))))))))))))))))))))))))
.
- 2004-08-04 12:00 . 2010-09-23 18:00	75330              f:\windows\system32\perfc009.dat
+ 2004-08-04 12:00 . 2010-09-23 20:13	75330              f:\windows\system32\perfc009.dat
+ 2004-08-04 12:00 . 2010-09-23 20:13	450520              f:\windows\system32\perfh009.dat
- 2004-08-04 12:00 . 2010-09-23 18:00	450520              f:\windows\system32\perfh009.dat
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM"="f:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2007-08-30 205480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="f:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2005-10-12 139264]
"QlbCtrl.exe"="f:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-10-19 177456]
"SynTPEnh"="f:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-01-18 1028096]
"avgnt"="f:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"PTHOSTTR"="f:\program files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE" [2007-01-09 145184]
"CognizanceTS"="f:\progra~1\HEWLET~1\IAM\Bin\ASTSVCC.dll" [2003-12-22 17920]
"IntelZeroConfig"="f:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2007-11-01 995328]
"NvCplDaemon"="f:\windows\system32\NvCpl.dll" [2007-08-09 8470528]
"NvMediaCenter"="f:\windows\system32\NvMcTray.dll" [2007-08-09 81920]
"nwiz"="nwiz.exe" [2007-08-09 1626112]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="f:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

f:\documents and settings\All Users\Start Menu\Programs\Startup\
ScanPanel.lnk - f:\program files\Medion\ScanPanel\ScnPanel.exe [2010-9-22 1732608]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"= 01000000
"NoSMMyPictures"= 01000000
"NoNetworkConnections"= 01000000

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "f:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 14:21	548352	------w-	f:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IfxWlxEN]
2006-03-03 14:08	434176	------w-	f:\windows\system32\IfxWlxEN.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OneCard]
2007-02-07 00:30	74240	------r-	f:\program files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=f:\windows\system32\APSHook.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute	REG_MULTI_SZ   	autocheck autochk *\0OODBS

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\startupfolder\F:^Documents and Settings^All Users^Start Menu^Programs^Startup^Service Manager.lnk]
path=f:\documents and settings\All Users\Start Menu\Programs\Startup\Service Manager.lnk
backup=f:\windows\pss\Service Manager.lnkCommon Startup

[HKLM\~\startupfolder\F:^Documents and Settings^All Users^Start Menu^Programs^Startup^UPS WorldShip Messaging Utility.lnk]
path=f:\documents and settings\All Users\Start Menu\Programs\Startup\UPS WorldShip Messaging Utility.lnk
backup=f:\windows\pss\UPS WorldShip Messaging Utility.lnkCommon Startup

[HKLM\~\startupfolder\F:^Documents and Settings^All Users^Start Menu^Programs^Startup^UPS WorldShip PLD Reminder Utility.lnk]
path=f:\documents and settings\All Users\Start Menu\Programs\Startup\UPS WorldShip PLD Reminder Utility.lnk
backup=f:\windows\pss\UPS WorldShip PLD Reminder Utility.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Seagull Drivers]
ssdal_nc.exe startup [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AccelerometerSysTrayApplet]
2006-01-16 21:01	53248	------w-	f:\windows\system32\accelerometerST.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-06-09 08:06	976832	----a-w-	f:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-06-20 02:04	35760	----a-w-	f:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BlackBerryAutoUpdate]
2009-11-19 21:29	623960	----a-w-	f:\program files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
2004-08-04 12:00	208952	----a-w-	f:\windows\ime\IMJP8_1\imjpmig.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelWireless]
2007-11-01 12:47	1101824	------w-	f:\program files\Intel\Wireless\Bin\iFrmewrk.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NA1Messenger]
2009-12-01 19:36	24576	----a-w-	f:\program files\UPS\WSTD\UPSNA1Msgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAX]
2006-07-13 07:12	729088	------w-	f:\program files\Analog Devices\SoundMAX\SMax4.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
2007-01-05 16:36	872448	------w-	f:\program files\Analog Devices\Core\smax4pnp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-01-20 14:31	149280	----a-w-	f:\program files\Java\jre6\bin\jusched.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"f:\\Program Files\\Opera\\opera.exe"=
"f:\\WINDOWS\\system32\\usmt\\migwiz.exe"=
"f:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
"f:\\WINDOWS\\system32\\sessmgr.exe"=
"f:\\WINDOWS\\system32\\javaw.exe"=
"f:\\WINDOWS\\system32\\java.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"6160:TCP"= 6160:TCP:*:Disabled:Seagull Driver Networking

R1 SASDIFSV;SASDIFSV;f:\program files\SUPERAntiSpyware\sasdifsv.sys [04.09.2009 15:50 9968]
R1 SASKUTIL;SASKUTIL;f:\program files\SUPERAntiSpyware\SASKUTIL.SYS [04.09.2009 15:49 74480]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;f:\program files\Avira\AntiVir Desktop\sched.exe [04.01.1980 02:23 108289]
R2 ASChannel;Local Communication Channel;f:\windows\System32\svchost.exe -k Cognizance [04.08.2004 14:00 14336]
R2 MSSQL$UPSWSDBSERVER;MSSQL$UPSWSDBSERVER;f:\program files\UPS\WSTD\MSSQL$UPSWSDBSERVER\Binn\sqlservr.exe [04.05.2005 00:04 9150464]
R3 GTIPCI21;GTIPCI21;f:\windows\system32\drivers\gtipci21.sys [13.01.2010 22:16 88192]
R3 IFXTPM;IFXTPM;f:\windows\system32\drivers\ifxtpm.sys [21.10.2005 12:19 36352]
S2 ASBroker;Logon Session Broker;f:\windows\System32\svchost.exe -k Cognizance [04.08.2004 14:00 14336]
S2 SampleScanner;USB-Flachbettscanner;f:\windows\system32\drivers\ArtecGT.sys [29.03.2010 20:57 18120]
S3 SASENUM;SASENUM;f:\program files\SUPERAntiSpyware\SASENUM.SYS [04.09.2009 15:50 7408]
S3 SQLAgent$UPSWSDBSERVER;SQLAgent$UPSWSDBSERVER;f:\program files\UPS\WSTD\MSSQL$UPSWSDBSERVER\Binn\sqlagent.EXE [03.05.2005 21:42 323584]

--- Andere Dienste/Treiber im Speicher ---

*Deregistered* - tdjzasdk

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Cognizance	REG_MULTI_SZ   	ASBroker ASChannel
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = about:blank
IE: E&xport to Microsoft Excel - f:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - f:\documents and settings\****\Application Data\Mozilla\Firefox\Profiles\mki35h49.default\
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - f:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2010-09-23 23:30
Windows 5.1.2600 Service Pack 3 NTFS

Scanne versteckte Prozesse... 

Scanne versteckte Autostarteinträge... 

Scanne versteckte Dateien... 

Scan erfolgreich abgeschlossen
versteckte Dateien: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\tdjzasdk]

.
--------------------- Gesperrte Registrierungsschluessel ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG08.00.00.01WORKSTATION"="F9913F8294CC12911F1D1E2073E2B1AC1082BE49C335F616FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933A6171C11EC38DE3D9DB7CE019D40AA5CA6A0AC4980AC79337C866BEAF3C4D2ABCA18010F8ADDB3A8EBF76567B6F958D13913E45D4CDAAEB110E07961DD24554FA25FD3CE91BCF0BA64E4F9941B0509DEFAB36B3FAED8FE304AF1E23F9A688E2006D79B135D59616ADB4BADAFD53931A82931F7C588C8F73EBD9E9AD2E289381139D403FE23A7480F6A8C05CC4229BA894B16841D73F74EDD8341B27C32B2EEE8841AD54863D0CB56A67B25197D9AF6376A63320450EA996537A566B24A43B444B463873B5D3275C1B05DDA52E90797B5170C455141D6D502770D117E2DCE6E9399DEAEB316DA36A5A76F134EAD9B35DD63F826EAAD26E4AF672D357BA39CE6990AAD03A55811DCAA3460E2F133B94BDE6507DE4E40F78A42B12D765D3B28C96DDC64E49630CA22CD7DD080B92877383A3704218BE89EEEE0FD2D1DE74222297D6E115421EE37A0DEB1DAC5B47E1E4045F8353F475AA01E867F3B98744E6CFA0721AD78F3A9B5D4838387B186ECAA0AA94DD333B80CB70980E75E77EFB59F979ED72F99CF395AA2B42857E8E56ECE21E6598917ACB9D384736E8EEF5D1707BD2C7CFAA70CBBED51BED8BBB09D3FF0754CC9F7AB836117C7D4CFB95A5051220EEA7BE83313116E89C1539C750FE2A95A014C325332C5D7EFEF4C40B37208240D6C45C9F2E25F0AD9B45AD444AA9EC786FE92C19840709F7DE326769D022475A5124EDD408E10A6B5DDB034D0F87D4A16935421A5CA2AAE542225A65B4F5130A4958F5C19BA4F5CF2DBA37CF116CD690960CBC0CA0003773E73968D56400026BB8185EE9FA30EF8CB9EFE65A3B0A00EC0DAB8847C264E9FE570485B1CCC64D77F36B1B2199583FADEE9941A828BCBD487CD5C4551152201DC890E365E83767FE9E617BAEF74A5182E5939B9537EEB1085D6FD4E06B8DA2B968140B6EF857207589BBE0D33B43538215747D5FCF45C44CC67E860F9121860EC6D3AE9CB08580F8CB0B72392E2B07801259DF70AED412B4E4569ADB234BB971B3ADB508D546D692B558EEA649BDDA97CD79C1928FB00B3640A5560D5C76DFBC025096075C6389FBD0EDB47A49146CF275829292C4842FE48A30194300A97E964C1A8816AD106EC33B1B40E6E8B37A275E2AE0B0C0C76E09AD348D733CAEA75ECF62791F37AE5BFDAEB390806E3411043091995E297CFE4DD3109B0F0EDD9E4A7FE7360BFD92D3C6A3D08754F883AB8CEAE5C14ED4D43C779A32796A06C1B33446981359D9DF239FC79C586D5FA3A6F398D6BC413A68AFA396B0774A051A90E5797C9C7830714C30E489B61C6529F3E0BB0C1DBD7AD26234C18"
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------

- - - - - - - > 'winlogon.exe'(752)
f:\program files\Hewlett-Packard\IAM\bin\ocgina.dll
f:\program files\Hewlett-Packard\IAM\bin\ItMsg.dll
f:\program files\Hewlett-Packard\IAM\bin\HPBrand.dll
f:\program files\Hewlett-Packard\IAM\bin\ItTal.dll
f:\program files\Hewlett-Packard\IAM\bin\ItReports.DLL
f:\program files\SUPERAntiSpyware\SASWINLO.dll
f:\windows\system32\WININET.dll
f:\program files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll
f:\program files\Hewlett-Packard\IAM\Bin\AuthWiz.dll
f:\program files\Hewlett-Packard\IAM\Bin\TpmAuth.dll
f:\program files\Hewlett-Packard\IAM\Bin\TokenAuth.dll
f:\program files\Hewlett-Packard\IAM\Bin\ittalsnap.DLL
f:\program files\Hewlett-Packard\IAM\Bin\ItVCard.dll
f:\program files\Hewlett-Packard\IAM\Bin\ASChnl.dll
f:\program files\Hewlett-Packard\IAM\Bin\ItDAC.dll
f:\program files\Hewlett-Packard\IAM\Bin\ItAuth.dll
f:\program files\Hewlett-Packard\IAM\Bin\ItVCClient.dll
f:\program files\Hewlett-Packard\IAM\Bin\TrayIcon.dll
f:\program files\Hewlett-Packard\IAM\Bin\BioAuth.dll
f:\program files\Hewlett-Packard\IAM\Bin\ASBIoAT.dll
f:\program files\Hewlett-Packard\IAM\Bin\STEngine.dll
f:\windows\system32\xenroll.dll
f:\program files\Hewlett-Packard\IAM\Bin\NetAdmin.dll
f:\windows\system32\IfxWlxEN.dll

- - - - - - - > 'Explorer.exe'(1484)
f:\windows\system32\WININET.dll
f:\windows\system32\APSHook.dll
f:\program files\Hewlett-Packard\IAM\bin\ItClient.dll
f:\windows\system32\webcheck.dll
f:\windows\system32\IEFRAME.dll
f:\progra~1\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL
f:\windows\system32\mshtml.dll
f:\windows\system32\msls31.dll
.
Zeit der Fertigstellung: 2010-09-23  23:31:18
ComboFix-quarantined-files.txt  2010-09-23 21:31
ComboFix2.txt  2010-09-23 20:12

Vor Suchlauf: 6.215.966.720 bytes free
Nach Suchlauf: 6.202.245.120 bytes free

- - End Of File - - 12D91590B660FB0E215DCB00C8ADA236
         
--- --- ---

Antwort

Themen zu Befall : Rootkit tdjzasdk, diverse Trojaner & monmvr32.exe
adobe, antivir, antivir guard, avira, bho, desktop, diagnostics, excel, hijack, hijackthis, hkus\s-1-5-18, internet, internet explorer, launch, monitor, object, registry, rootkit, rundll, scan, security, software, start menu, superantispyware, system, trojan.hiloti, trojaner, usb, windows, windows xp



Ähnliche Themen: Befall : Rootkit tdjzasdk, diverse Trojaner & monmvr32.exe


  1. Windows 7: diverse Toolbars und Rootkit durch Avira gefunden
    Log-Analyse und Auswertung - 15.06.2014 (18)
  2. Rootkit/ Malware Befall
    Plagegeister aller Art und deren Bekämpfung - 03.10.2012 (7)
  3. Datenübertragung auf einen neuen PC nach Befall mit Rootkit und Trojaner.
    Plagegeister aller Art und deren Bekämpfung - 15.08.2012 (1)
  4. Win 7 64 bit trojaner befall Trojan.Apppatch olinb.exe rootkit.0Acces 800000cb.@
    Plagegeister aller Art und deren Bekämpfung - 26.07.2012 (10)
  5. Trojaner/Rootkit Befall: 00000008.@ in C:\Windows\Installer\{d1e2a56f-b2e0-272b-03e2-f508e482a5a7}\U
    Plagegeister aller Art und deren Bekämpfung - 24.07.2012 (6)
  6. Trojaner/Rootkit Befall: 00000008.@ in C:\Windows\Installer\{2f163d28-5dca-430c-1267-a8b9c6b56536}\U
    Plagegeister aller Art und deren Bekämpfung - 23.07.2012 (7)
  7. Rootkit Befall C:\Windows\Installer
    Plagegeister aller Art und deren Bekämpfung - 17.07.2012 (31)
  8. Logfiles von Live Security Platinum Trojaner mit Rootkit.0Access Befall
    Log-Analyse und Auswertung - 17.07.2012 (5)
  9. Rootkit Befall
    Plagegeister aller Art und deren Bekämpfung - 10.07.2012 (1)
  10. Rootkit.gen gefunden/Rootkit-Befall - Bin ich im dran? Brauche dringend Beratung !!!
    Plagegeister aller Art und deren Bekämpfung - 25.05.2012 (3)
  11. kein Internetzugang, vermutlich nach Befall von sirefef.? (=diverse Buchstaben)
    Plagegeister aller Art und deren Bekämpfung - 19.04.2012 (34)
  12. Rootkit/Trojaner - Befall --- Neuaufsetzung gewünscht
    Plagegeister aller Art und deren Bekämpfung - 11.04.2012 (34)
  13. Evtl Trojaner Befall / Rootkit / a1vcwtl4.exe
    Log-Analyse und Auswertung - 09.01.2011 (2)
  14. Diverse Viren auf Laptop: TR/Trash.Gen // TR/Spy.Agent.blbk // TR/Rootkit.Gen2'
    Mülltonne - 28.10.2010 (1)
  15. atapi.sys-Rootkit (TDSS) und weiterer Befall
    Plagegeister aller Art und deren Bekämpfung - 22.05.2010 (3)
  16. Virus/Rootkit Befall? H8SRTkuuotrpkjl.sys
    Log-Analyse und Auswertung - 11.01.2010 (3)
  17. möglicherweise rootkit virus befall
    Plagegeister aller Art und deren Bekämpfung - 22.12.2009 (11)

Zum Thema Befall : Rootkit tdjzasdk, diverse Trojaner & monmvr32.exe - Hallo, heute habe ich bein scannen mit Malwarebytes einiges an frischem Unrat gefunden darunter hws. 2 trojaner und 1 rootkit Google war bei monmvr32.exe und tdjzasdk nicht sehr hilfreich. Bestätigung - Befall : Rootkit tdjzasdk, diverse Trojaner & monmvr32.exe...
Archiv
Du betrachtest: Befall : Rootkit tdjzasdk, diverse Trojaner & monmvr32.exe auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.