Trojaner-Board - Windows blockiert, 50€ Zahlungsaufforderung

Trojaner-Board (https://www.trojaner-board.de/)

- Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)

- - Windows blockiert, 50€ Zahlungsaufforderung (https://www.trojaner-board.de/108007-windows-blockiert-50-zahlungsaufforderung.html)

habe das Script ausgeführt, hier die log:

Code:

ComboFix 12-01-13.05 - Blimsch 14.01.2012  17:38:05.2.1 - x86

Microsoft Windows XP Professional  5.1.2600.3.1252.49.1031.18.3072.2491 [GMT 1:00]

ausgeführt von:: F:\ComboFix.exe

Benutzte Befehlsschalter :: F:\CFScript.txt

AV: Sophos Anti-Virus *Disabled/Updated* {3F13C776-3CBE-4DE9-8BF6-09E5183CA2BD}

 * Neuer Wiederherstellungspunkt wurde erstellt

.

.

((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\programme\D95A2

c:\programme\D95A2\lvvm.exe

.

.

(((((((((((((((((((((((   Dateien erstellt von 2011-12-14 bis 2012-01-14  ))))))))))))))))))))))))))))))

.

.

2012-01-14 16:34 . 2012-01-14 16:34        --------        d--h--w-        c:\windows\PIF

2012-01-14 16:16 . 2012-01-14 16:16        --------        d-----w-        c:\dokumente und einstellungen\Blimsch\Lokale Einstellungen\Anwendungsdaten\Sophos

2012-01-14 13:31 . 2012-01-14 13:31        --------        d-----w-        c:\dokumente und einstellungen\Blimsch\Anwendungsdaten\Malwarebytes

2012-01-12 22:12 . 2012-01-12 22:12        --------        d-----w-        c:\dokumente und einstellungen\Administrator\Anwendungsdaten\EndNote

2012-01-12 16:10 . 2012-01-12 16:10        --------        d-----w-        c:\programme\ESET

2012-01-12 15:51 . 2012-01-12 15:51        --------        d-----w-        c:\dokumente und einstellungen\Administrator\Anwendungsdaten\Malwarebytes

2012-01-12 15:51 . 2012-01-12 15:51        --------        d-----w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\Malwarebytes

2012-01-12 15:51 . 2011-12-10 14:24        20464        ----a-w-        c:\windows\system32\drivers\mbam.sys

2012-01-12 15:49 . 2012-01-12 15:49        --------        d-----r-        c:\dokumente und einstellungen\Administrator\Eigene Dateien

2012-01-12 15:47 . 2012-01-12 15:47        --------        d-----w-        c:\dokumente und einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Mozilla

2012-01-12 15:47 . 2012-01-12 15:47        --------        d-----w-        c:\dokumente und einstellungen\Administrator\Anwendungsdaten\Canneverbe Limited

2012-01-11 18:13 . 2007-05-12 08:23        224016        ----a-w-        c:\windows\system32\tabctl32.ocx

2012-01-11 18:13 . 2007-05-12 08:23        198656        ----a-w-        c:\windows\system32\comdlg32.ocx

2011-12-21 09:00 . 2011-12-21 09:00        --------        d-----w-        c:\programme\OpenVPN Technologies

2011-12-18 07:24 . 2011-12-18 07:24        --------        d-----w-        c:\dokumente und einstellungen\Blimsch\Lokale Einstellungen\Anwendungsdaten\gtk-2.0

2011-12-18 07:18 . 2011-12-18 07:40        --------        d-----w-        c:\dokumente und einstellungen\Blimsch\Lokale Einstellungen\Anwendungsdaten\midori

2011-12-18 07:18 . 2011-12-18 07:18        --------        d-----w-        c:\dokumente und einstellungen\Blimsch\Lokale Einstellungen\Anwendungsdaten\webkit

.

.

.

((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-11-17 05:44 . 2011-08-06 06:13        414368        ----a-w-        c:\windows\system32\FlashPlayerCPLApp.cpl

.

.

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))

.

.

*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12        94208        ----a-w-        c:\dokumente und einstellungen\Blimsch\Anwendungsdaten\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12        94208        ----a-w-        c:\dokumente und einstellungen\Blimsch\Anwendungsdaten\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12        94208        ----a-w-        c:\dokumente und einstellungen\Blimsch\Anwendungsdaten\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]

@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12        94208        ----a-w-        c:\dokumente und einstellungen\Blimsch\Anwendungsdaten\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"DAEMON Tools Lite"="d:\daemon tools lite\DTLite.exe" [2010-04-01 357696]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Ptipbmf"="ptipbmf.dll" [2003-06-20 118784]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-02-18 13680640]

"nwiz"="nwiz.exe" [2009-02-18 1657376]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-02-18 86016]

"FreePDF Assistant"="c:\programme\FreePDF_XP\fpassist.exe" [2009-09-05 385024]

"Sophos AutoUpdate Monitor"="c:\programme\Sophos\AutoUpdate\almon.exe" [2010-09-21 439536]

"SunJavaUpdateSched"="c:\programme\Gemeinsame Dateien\Java\Java Update\jusched.exe" [2011-04-08 254696]

"Malwarebytes' Anti-Malware"="d:\malwarebytes anti-malware\mbamgui.exe" [2011-12-24 460872]

.

c:\dokumente und einstellungen\Blimsch\Startmenü\Programme\Autostart\

Dropbox.lnk - c:\dokumente und einstellungen\Blimsch\Anwendungsdaten\Dropbox\bin\Dropbox.exe [2011-12-5 24242056]

Multidesk Desktop Manager.lnk - d:\multidesk\MultiDesk.exe [2004-4-15 625664]

.

c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\

VPN Client.lnk - c:\windows\Installer\{CCBAA1F7-E5E1-48B2-9ED9-A79C6A37CE78}\Icon3E5562ED7.ico [2010-9-15 6144]

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute        REG_MULTI_SZ           autocheck autochk *\0OODBS

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SophosAntiVirus]

"DisableMonitoring"=dword:00000001

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"d:\\Trillian\\trillian.exe"=

"c:\\Programme\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Programme\\Windows Live\\Messenger\\msnmsgr.exe"=

"d:\\TuneUp 2010\\Integrator.exe"=

"f:\\Downloads\\utorrent.exe"=

"d:\\Skype\\Phone\\Skype.exe"=

"d:\\Winamp\\winamp.exe"=

"d:\\ChemDraw 12\\ChemDraw\\ChemDraw.exe"=

"c:\\Dokumente und Einstellungen\\Blimsch\\Anwendungsdaten\\Dropbox\\bin\\Dropbox.exe"=

"d:\\Microsoft Office\\Office14\\GROOVE.EXE"=

"c:\\Dokumente und Einstellungen\\Blimsch\\temp\\TeamViewer\\Version4\\TeamViewer.exe"=

"d:\\Trillian\\plugins\\skypekit.exe"=

.

R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [15.09.2010 08:09 691696]

R1 SAVOnAccessControl;SAVOnAccessControl;c:\windows\system32\drivers\savonaccesscontrol.sys [14.09.2010 21:57 153344]

R1 SAVOnAccessFilter;SAVOnAccessFilter;c:\windows\system32\drivers\savonaccessfilter.sys [14.09.2010 21:57 24064]

R2 MBAMService;MBAMService;d:\malwarebytes anti-malware\mbamservice.exe [12.01.2012 16:51 652872]

R2 OODefragAgent;O&O Defrag Agent;d:\oo defrag 14\oodag.exe [24.08.2010 21:56 2281800]

R2 SAVAdminService;Sophos Anti-Virus Statusreporter;c:\programme\Sophos\Sophos Anti-Virus\SAVAdminService.exe [08.10.2010 16:15 163056]

R2 SAVService;Sophos Anti-Virus;c:\programme\Sophos\Sophos Anti-Virus\SavService.exe [04.06.2010 12:23 97520]

R2 swi_service;Sophos Web Intelligence Service;c:\programme\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe [08.10.2010 16:15 1541360]

R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;d:\tuneup 2010\TuneUpUtilitiesService32.exe [26.08.2010 13:43 1051968]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [12.01.2012 16:51 20464]

R3 PAC7311;VGA SoC PC-Camera;c:\windows\system32\drivers\PA707UCM.SYS [18.10.2005 10:48 154752]

R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;d:\tuneup 2010\TuneUpUtilitiesDriver32.sys [24.02.2010 13:41 10064]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18.03.2010 12:16 130384]

S3 androidusb;ADB Interface Driver;c:\windows\system32\drivers\androidusb.sys [23.11.2011 19:38 25728]

S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;d:\microsoft office\Office14\GROOVE.EXE [12.06.2011 10:15 31125880]

S3 osppsvc;Office Software Protection Platform;c:\programme\Gemeinsame Dateien\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [09.01.2010 21:37 4640000]

S3 qcusbser;ACER Android USB Device for Legacy Serial Communication;c:\windows\system32\drivers\qcusbser.sys [23.11.2011 19:38 105984]

S3 tapoas;TAP-Win32 Adapter OAS;c:\windows\system32\drivers\tapoas.sys [19.08.2011 01:46 26112]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18.03.2010 12:16 753504]

S4 SophosBootDriver;SophosBootDriver;c:\windows\system32\drivers\SophosBootDriver.sys [14.09.2010 21:57 14976]

.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs

UxTuneUp

.

.

------- Zusätzlicher Suchlauf -------

.

IE: Nach Microsoft E&xcel exportieren - d:\micros~1\Office14\EXCEL.EXE/3000

IE: Nach Microsoft E&xel exportieren - d:\micros~1\Office12\EXCEL.EXE/3000

FF - ProfilePath - c:\dokumente und einstellungen\Blimsch\Anwendungsdaten\Mozilla\Firefox\Profiles\1tt8lb1u.default\

FF - prefs.js: keyword.URL - hxxp://www.google.com/search? ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net

Rootkit scan 2012-01-14 17:41

Windows 5.1.2600 Service Pack 3 NTFS

.

Scanne versteckte Prozesse... 

.

Scanne versteckte Autostarteinträge... 

.

Scanne versteckte Dateien... 

.

Scan erfolgreich abgeschlossen

versteckte Dateien: 0

.

**************************************************************************

.

--------------------- Gesperrte Registrierungsschluessel ---------------------

.

[HKEY_LOCAL_MACHINE\software\DeterministicNetworks\DNE\Parameters]

"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,

   00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,79,00,73,00,\

.

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]

"OODEFRAG14.00.00.01PROFESSIONAL"="045D393BE5BDA378B712095C9CCFAFDD8948D36A05349DDD548A272FF7C6B41EC0886F5CE2AB2D753CB5290B4B54AD0EFE3119905CD542E4260115198307F80A54A7DE1AA17EFB436C75911844CECAEBD63C95ADFA1E763157CA3573310EFA1976372CAD9DE79BDF717BDB4E432C5A184965FDC1FCDAF52A524DF3151AA27E98DE2B1EE1164E7A9C73E8CA0EC80F950A9096AB63420AE18B0163E268A341B029CCEA9E140ACA6E9F24D1C0CC954E980D6CB29ABCEF5E4166D5D939EB6F9C9D3E0151BD39FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C5D575E7D6A3B9808BA7FD869164D6794C038D530D6EB3452BA7FD869164D6794CFD21FD1DAD85CAFD901B59B1244FC843C322B5756B29C062D485792393C1A32D653CE3C7EEFB9F1F7BCF0E7C161788411B78D6BAE8CFDC7A00498C6C67891C1F609E7593638A60610348B6CBB39F7638330AC0CA0DDB16504E67E30BB682B23EC5DC7B18B3AB1E45ECC6C18DA5E630D73A096AB766719DE763564E5F31AE18C377130218CEE8C976425DD2A7B55C38081C3BE107DDA36C9D9E385514E8ED1461A96475747C48EBB688C8DB7801C4A4F94857D5189E2B14CD61D01342FBBBAAD9E579458D21EAF0471878FAA4FA149A3D58A8DDE711B5824D7C05D9E7D090435916C86FB45CF8FB74DCF58BED046B6B635A48E7A8F9198A10CE00278A5D3B46081476FEC3E25ED308FD0C28472632DD8E36082B942CC082966433B7B96ED7AC9C38A82AB5CDBB25C092B8E6127C2EC6CD7F85305ECC3DC311FE23938C49BA51DEF8DDB8C44A567BCD6B45C8E6425D8E8CBE14B1DF4E17349B0EE1110A6162B1E62DCF5B69F28386953F3B41823BBF6DABCBF9A90C6084C8ED9C8BABB390AA4203BB635269AFD798CA1A600DD612E72DFED6BD2474F898BB61E8813427B994E0D5E8FDB2AE5B520E3263D8C1720179B2CE472EB7A02AFF709C477DA0671D88962F40E96E6B651C542095C8E4A6607E207EC18C1B656B5FDE3D89434B822515A31690FF0544445A88C395B9B553DFEDF4B1250946045CAAD35A891A96099FEEA1F6D225C3E4C7D2ABE67C82DE8B1774EE7A8C406AA4F143B0449D5285967540864F388AEC41056D0E68762238855DA0EE046549EA0F4A97DE590FB7D501FB621CE363CA05AD2A2C5A55420BE10BE881FCD440FC9A0BE96F18799D1E0C8D87C4D402F6750485DA8D83349A7A6A887532B59C1BA575B36DCB6AA435B689A307543ADA06ABE29FCA279592957E5D5CC82FA439F5178566A6D90A2B24D92EF44E161A08DD7D16D033E3E75F8BEE9EAB0D0FE5E858047ECED3368584C13BE4738752835BEF752D7429CE27A01220711D8ECC991DBA8BDCA5789C747BD4AB07335DABB9DBFC6EE8215D4C2EECD7BF0C4"

.

Zeit der Fertigstellung: 2012-01-14  17:43:08

ComboFix-quarantined-files.txt  2012-01-14 16:43

ComboFix2.txt  2012-01-14 15:34

.

Vor Suchlauf: 2.273.042.432 Bytes frei

Nach Suchlauf: 2.276.261.888 Bytes frei

.

- - End Of File - - 3C264582E7AFF8C0458A6AE336717114

Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.

Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM!

Downloade dir bitte

aswMBR.exe und speichere die Datei auf deinem Desktop.

Starte die aswMBR.exe - (aswMBR.exe Anleitung)
Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
Klicke auf Scan.
Warte bitte bis Scan finished successfully im DOS-Fenster steht.
Drücke auf Save Log und speichere diese auf dem Desktop.

Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).

soooo... hat etwas gedauert, aber jetzt ist auch aswMBR durch... hier die logs:

gmer:

Code:

GMER 1.0.15.15641 - hxxp://www.gmer.net

Rootkit scan 2012-01-14 20:36:54

Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4 WDC_WD3200AAKB-00UAA0 rev.00.02C01

Running: m066g9fe.exe; Driver: C:\DOKUME~1\Blimsch\LOKALE~1\Temp\kwlyikoc.sys
 
 

---- System - GMER 1.0.15 ----
 

SSDT            \SystemRoot\system32\DRIVERS\savonaccesscontrol.sys (SAV On-access and HIPS for Windows XP (x86)/Sophos Plc)        ZwCreateKey [0xB6FB83BA]

SSDT            \SystemRoot\system32\DRIVERS\savonaccesscontrol.sys (SAV On-access and HIPS for Windows XP (x86)/Sophos Plc)        ZwCreateThread [0xB6FB88A4]

SSDT            \SystemRoot\system32\DRIVERS\savonaccesscontrol.sys (SAV On-access and HIPS for Windows XP (x86)/Sophos Plc)        ZwDeleteKey [0xB6FB8510]

SSDT            spjx.sys                                                                                                            ZwEnumerateKey [0xF74FCDA4]

SSDT            spjx.sys                                                                                                            ZwEnumerateValueKey [0xF74FD132]

SSDT            spjx.sys                                                                                                            ZwOpenKey [0xF74E40C0]

SSDT            spjx.sys                                                                                                            ZwQueryKey [0xF74FD20A]

SSDT            spjx.sys                                                                                                            ZwQueryValueKey [0xF74FD08A]

SSDT            \SystemRoot\system32\DRIVERS\savonaccesscontrol.sys (SAV On-access and HIPS for Windows XP (x86)/Sophos Plc)        ZwSetSystemInformation [0xB6FB8BCE]

SSDT            \SystemRoot\system32\DRIVERS\savonaccesscontrol.sys (SAV On-access and HIPS for Windows XP (x86)/Sophos Plc)        ZwSetValueKey [0xB6FB8576]
 

INT 0x62        ?                                                                                                                   8A19EBF8

INT 0x82        ?                                                                                                                   8A19EBF8

INT 0xB4        ?                                                                                                                   88EE3BF8

INT 0xB4        ?                                                                                                                   88EE3BF8

INT 0xB4        ?                                                                                                                   88EE3BF8

INT 0xB4        ?                                                                                                                   88EE3BF8

INT 0xB4        ?                                                                                                                   88EE3BF8
 

---- Kernel code sections - GMER 1.0.15 ----
 

.text           ntoskrnl.exe!_abnormal_termination + 120                                                                            804E278C 1 Byte  [A4]

?               spjx.sys                                                                                                            Das System kann die angegebene Datei nicht finden. !

.text           C:\WINDOWS\system32\DRIVERS\nv4_mini.sys                                                                            section is writeable [0xB9333360, 0x35483F, 0xE8000020]

.text           USBPORT.SYS!DllUnload                                                                                               B92868AC 5 Bytes  JMP 88EE31D8 

.text           ac9qecqq.SYS                                                                                                        B91EF386 35 Bytes  [00, 00, 00, 00, 00, 00, 20, ...]

.text           ac9qecqq.SYS                                                                                                        B91EF3AA 24 Bytes  [00, 00, 00, 00, 00, 00, 00, ...]

.text           ac9qecqq.SYS                                                                                                        B91EF3C4 3 Bytes  [00, 80, 02]

.text           ac9qecqq.SYS                                                                                                        B91EF3C9 1 Byte  [30]

.text           ac9qecqq.SYS                                                                                                        B91EF3C9 11 Bytes  [30, 00, 00, 00, 5E, 02, 00, ...] {XOR [EAX], AL; ADD [EAX], AL; POP ESI; ADD AL, [EAX]; ADD [EAX], AL; ADD [EAX], AL}

.text           ...                                                                                                                 
 

---- User code sections - GMER 1.0.15 ----
 

.text           D:\OO Defrag 14\oodag.exe[444] kernel32.dll!SetUnhandledExceptionFilter                                             7C84495D 5 Bytes  JMP 00402FB0 D:\OO Defrag 14\oodag.exe (O&O Defrag Agent (Win32)/O&O Software GmbH)
 

---- Kernel IAT/EAT - GMER 1.0.15 ----
 

IAT             \WINDOWS\System32\Drivers\SCSIPORT.SYS[ntoskrnl.exe!DbgBreakPoint]                                                  8A1A12D8

IAT             pci.sys[ntoskrnl.exe!IoDetachDevice]                                                                                [F750FDDC] spjx.sys

IAT             pci.sys[ntoskrnl.exe!IoAttachDeviceToDeviceStack]                                                                   [F750FE30] spjx.sys

IAT             atapi.sys[HAL.dll!READ_PORT_UCHAR]                                                                                  [F74E5042] spjx.sys

IAT             atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT]                                                                          [F74E513E] spjx.sys

IAT             atapi.sys[HAL.dll!READ_PORT_USHORT]                                                                                 [F74E50C0] spjx.sys

IAT             atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT]                                                                         [F74E5800] spjx.sys

IAT             atapi.sys[HAL.dll!WRITE_PORT_UCHAR]                                                                                 [F74E56D6] spjx.sys

IAT             \SystemRoot\system32\DRIVERS\USBPORT.SYS[ntoskrnl.exe!DbgBreakPoint]                                                88EE32D8

IAT             \SystemRoot\System32\Drivers\ac9qecqq.SYS[ntoskrnl.exe!RtlInitUnicodeString]                                        8800001C

IAT             \SystemRoot\System32\Drivers\ac9qecqq.SYS[ntoskrnl.exe!swprintf]                                                    001CBA86

IAT             \SystemRoot\System32\Drivers\ac9qecqq.SYS[ntoskrnl.exe!KeSetEvent]                                                  C61AEB00

IAT             \SystemRoot\System32\Drivers\ac9qecqq.SYS[ntoskrnl.exe!IoCreateSymbolicLink]                                        001C8986

IAT             \SystemRoot\System32\Drivers\ac9qecqq.SYS[ntoskrnl.exe!IoGetConfigurationInformation]                               86C61200

IAT             \SystemRoot\System32\Drivers\ac9qecqq.SYS[ntoskrnl.exe!IoDeleteSymbolicLink]                                        00001C8B

IAT             \SystemRoot\System32\Drivers\ac9qecqq.SYS[ntoskrnl.exe!MmFreeMappingAddress]                                        96868801

IAT             \SystemRoot\System32\Drivers\ac9qecqq.SYS[ntoskrnl.exe!IoFreeErrorLogEntry]                                         8800001C

IAT             \SystemRoot\System32\Drivers\ac9qecqq.SYS[ntoskrnl.exe!IoDisconnectInterrupt]                                       001CB286

IAT             \SystemRoot\System32\Drivers\ac9qecqq.SYS[ntoskrnl.exe!MmUnmapIoSpace]                                              88968B00

IAT             \SystemRoot\System32\Drivers\ac9qecqq.SYS[ntoskrnl.exe!ObReferenceObjectByPointer]                                  8900001C

IAT             \SystemRoot\System32\Drivers\ac9qecqq.SYS[ntoskrnl.exe!IofCompleteRequest]                                          001CA496

IAT             \SystemRoot\System32\Drivers\ac9qecqq.SYS[ntoskrnl.exe!RtlCompareUnicodeString]                                     C6168B00

IAT             \SystemRoot\System32\Drivers\ac9qecqq.SYS[ntoskrnl.exe!IofCallDriver]                                               001CC186

IAT             \SystemRoot\System32\Drivers\ac9qecqq.SYS[ntoskrnl.exe!MmAllocateMappingAddress]                                    428A0A00

IAT             \SystemRoot\System32\Drivers\ac9qecqq.SYS[ntoskrnl.exe!IoAllocateErrorLogEntry]                                     C286880C

IAT             \SystemRoot\System32\Drivers\ac9qecqq.SYS[ntoskrnl.exe!IoConnectInterrupt]                                          8B00001C

IAT             \SystemRoot\System32\Drivers\ac9qecqq.SYS[ntoskrnl.exe!IoDetachDevice]                                              24A48DFA

IAT             \SystemRoot\System32\Drivers\ac9qecqq.SYS[ntoskrnl.exe!KeWaitForSingleObject]                                       00000000

IAT             \SystemRoot\System32\Drivers\ac9qecqq.SYS[ntoskrnl.exe!KeInitializeEvent]                                           4B8BDF8B

IAT             \SystemRoot\System32\Drivers\ac9qecqq.SYS[ntoskrnl.exe!KeCancelTimer]                                               8D3F0304

IAT             \SystemRoot\System32\Drivers\ac9qecqq.SYS[ntoskrnl.exe!RtlAnsiStringToUnicodeString]                                CB033043

IAT             \SystemRoot\System32\Drivers\ac9qecqq.SYS[ntoskrnl.exe!RtlInitAnsiString]                                           0673C13B

IAT             \SystemRoot\System32\Drivers\ac9qecqq.SYS[ntoskrnl.exe!IoBuildDeviceIoControlRequest]                               C13B0003

IAT             \SystemRoot\System32\Drivers\ac9qecqq.SYS[ntoskrnl.exe!IoQueueWorkItem]                                             8366FA72

IAT             \SystemRoot\System32\Drivers\ac9qecqq.SYS[ntoskrnl.exe!MmMapIoSpace]                                                75000E7B

IAT             \SystemRoot\System32\Drivers\ac9qecqq.SYS[ntoskrnl.exe!IoInvalidateDeviceRelations]                                 0B7D80E3

IAT             \SystemRoot\System32\Drivers\ac9qecqq.SYS[ntoskrnl.exe!IoReportDetectedDevice]                                      307B8D00

IAT             \SystemRoot\System32\Drivers\ac9qecqq.SYS[ntoskrnl.exe!IoReportResourceForDetection]                                00AA840F

IAT             \SystemRoot\System32\Drivers\ac9qecqq.SYS[ntoskrnl.exe!RtlxAnsiStringToUnicodeSize]                                 83660000

IAT             \SystemRoot\System32\Drivers\ac9qecqq.SYS[ntoskrnl.exe!NlsMbCodePageTag]                                            6A000E7A

IAT             \SystemRoot\System32\Drivers\ac9qecqq.SYS[ntoskrnl.exe!PoRequestPowerIrp]                                           C6647400

IAT             \SystemRoot\System32\Drivers\ac9qecqq.SYS[ntoskrnl.exe!KeInsertByKeyDeviceQueue]                                    001CC386

IAT             \SystemRoot\System32\Drivers\ac9qecqq.SYS[ntoskrnl.exe!PoRegisterDeviceForIdleDetection]                            4F8B0200

IAT             \SystemRoot\System32\Drivers\ac9qecqq.SYS[ntoskrnl.exe!sprintf]                                                     968D5140

IAT             \SystemRoot\System32\Drivers\ac9qecqq.SYS[ntoskrnl.exe!MmMapLockedPagesSpecifyCache]                                00001C98

IAT             \SystemRoot\System32\Drivers\ac9qecqq.SYS[ntoskrnl.exe!ObfDereferenceObject]                                        22F6E852

IAT             \SystemRoot\System32\Drivers\ac9qecqq.SYS[ntoskrnl.exe!IoGetAttachedDeviceReference]                                478B0000

IAT             \SystemRoot\System32\Drivers\ac9qecqq.SYS[ntoskrnl.exe!IoInvalidateDeviceState]                                     50016A40

IAT             \SystemRoot\System32\Drivers\ac9qecqq.SYS[ntoskrnl.exe!ZwClose]                                                     1CB48E8D

IAT             \SystemRoot\System32\Drivers\ac9qecqq.SYS[ntoskrnl.exe!ObReferenceObjectByHandle]                                   E8510000

IAT             \SystemRoot\System32\Drivers\ac9qecqq.SYS[ntoskrnl.exe!ZwCreateDirectoryObject]                                     000022E4

IAT             \SystemRoot\System32\Drivers\ac9qecqq.SYS[ntoskrnl.exe!IoBuildSynchronousFsdRequest]                                6A18538B

IAT             \SystemRoot\System32\Drivers\ac9qecqq.SYS[ntoskrnl.exe!PoStartNextPowerIrp]                                         868D5200

IAT             \SystemRoot\System32\Drivers\ac9qecqq.SYS[ntoskrnl.exe!IoCreateDevice]                                              00001CA0

IAT             \SystemRoot\System32\Drivers\ac9qecqq.SYS[ntoskrnl.exe!RtlCopyUnicodeString]                                        22D2E850

IAT             \SystemRoot\System32\Drivers\ac9qecqq.SYS[ntoskrnl.exe!IoAllocateDriverObjectExtension]                             4B8B0000

IAT             \SystemRoot\System32\Drivers\ac9qecqq.SYS[ntoskrnl.exe!RtlQueryRegistryValues]                                      51016A18

IAT             \SystemRoot\System32\Drivers\ac9qecqq.SYS[ntoskrnl.exe!ZwOpenKey]                                                   1CBC968D

IAT             \SystemRoot\System32\Drivers\ac9qecqq.SYS[ntoskrnl.exe!RtlFreeUnicodeString]                                        E8520000

IAT             \SystemRoot\System32\Drivers\ac9qecqq.SYS[ntoskrnl.exe!IoStartTimer]                                                000022C0

IAT             \SystemRoot\System32\Drivers\ac9qecqq.SYS[ntoskrnl.exe!KeInitializeTimer]                                           8A05478A

IAT             \SystemRoot\System32\Drivers\ac9qecqq.SYS[ntoskrnl.exe!IoInitializeTimer]                                           001CC38E

IAT             \SystemRoot\System32\Drivers\ac9qecqq.SYS[ntoskrnl.exe!KeInitializeDpc]                                             30C48300

IAT             \SystemRoot\System32\Drivers\ac9qecqq.SYS[ntoskrnl.exe!KeInitializeSpinLock]                                        1CC58688

IAT             \SystemRoot\System32\Drivers\ac9qecqq.SYS[ntoskrnl.exe!IoInitializeIrp]                                             80E90000

IAT             \SystemRoot\System32\Drivers\ac9qecqq.SYS[ntoskrnl.exe!ZwCreateKey]                                                 C6000000

IAT             \SystemRoot\System32\Drivers\ac9qecqq.SYS[ntoskrnl.exe!RtlAppendUnicodeStringToString]                              001CC386

IAT             \SystemRoot\System32\Drivers\ac9qecqq.SYS[ntoskrnl.exe!RtlIntegerToUnicodeString]                                   438B0100

IAT             \SystemRoot\System32\Drivers\ac9qecqq.SYS[ntoskrnl.exe!ZwSetValueKey]                                               8E8D5018

IAT             \SystemRoot\System32\Drivers\ac9qecqq.SYS[ntoskrnl.exe!KeInsertQueueDpc]                                            00001C98

IAT             \SystemRoot\System32\Drivers\ac9qecqq.SYS[ntoskrnl.exe!KefAcquireSpinLockAtDpcLevel]                                2292E851

IAT             \SystemRoot\System32\Drivers\ac9qecqq.SYS[ntoskrnl.exe!IoStartPacket]                                               538B0000

IAT             \SystemRoot\System32\Drivers\ac9qecqq.SYS[ntoskrnl.exe!KefReleaseSpinLockFromDpcLevel]                              52016A18

IAT             \SystemRoot\System32\Drivers\ac9qecqq.SYS[ntoskrnl.exe!IoBuildAsynchronousFsdRequest]                               1CB4868D

IAT             \SystemRoot\System32\Drivers\ac9qecqq.SYS[ntoskrnl.exe!IoFreeMdl]                                                   E8500000

IAT             \SystemRoot\System32\Drivers\ac9qecqq.SYS[ntoskrnl.exe!MmUnlockPages]                                               00002280

IAT             \SystemRoot\System32\Drivers\ac9qecqq.SYS[ntoskrnl.exe!IoWriteErrorLogEntry]                                        8A05478A

IAT             \SystemRoot\System32\Drivers\ac9qecqq.SYS[ntoskrnl.exe!KeRemoveByKeyDeviceQueue]                                    001CC38E

IAT             \SystemRoot\System32\Drivers\ac9qecqq.SYS[ntoskrnl.exe!MmMapLockedPagesWithReservedMapping]                         18C48300

IAT             \SystemRoot\System32\Drivers\ac9qecqq.SYS[ntoskrnl.exe!MmUnmapReservedMapping]                                      1CC58688

IAT             \SystemRoot\System32\Drivers\ac9qecqq.SYS[ntoskrnl.exe!KeSynchronizeExecution]                                      43EB0000

IAT             \SystemRoot\System32\Drivers\ac9qecqq.SYS[ntoskrnl.exe!IoStartNextPacket]                                           320C538A

IAT             \SystemRoot\System32\Drivers\ac9qecqq.SYS[ntoskrnl.exe!KeBugCheckEx]                                                88F93BC0

IAT             \SystemRoot\System32\Drivers\ac9qecqq.SYS[ntoskrnl.exe!KeRemoveDeviceQueue]                                         001CC396

IAT             \SystemRoot\System32\Drivers\ac9qecqq.SYS[ntoskrnl.exe!KeSetTimer]                                                  F6317300

IAT             \SystemRoot\System32\Drivers\ac9qecqq.SYS[ntoskrnl.exe!_allmul]                                                     74070647

IAT             \SystemRoot\System32\Drivers\ac9qecqq.SYS[ntoskrnl.exe!MmProbeAndLockPages]                                         75C0841A

IAT             \SystemRoot\System32\Drivers\ac9qecqq.SYS[ntoskrnl.exe!_except_handler3]                                            05578A0B

IAT             \SystemRoot\System32\Drivers\ac9qecqq.SYS[ntoskrnl.exe!PoSetPowerState]                                             968801B0

IAT             \SystemRoot\System32\Drivers\ac9qecqq.SYS[ntoskrnl.exe!IoOpenDeviceRegistryKey]                                     00001CC5

IAT             \SystemRoot\System32\Drivers\ac9qecqq.SYS[ntoskrnl.exe!RtlWriteRegistryValue]                                       57B60F66

IAT             \SystemRoot\System32\Drivers\ac9qecqq.SYS[ntoskrnl.exe!RtlDeleteRegistryValue]                                      533B6604

IAT             \SystemRoot\System32\Drivers\ac9qecqq.SYS[ntoskrnl.exe!_aulldiv]                                                    03087408

IAT             \SystemRoot\System32\Drivers\ac9qecqq.SYS[ntoskrnl.exe!strstr]                                                      72F93B3F

IAT             \SystemRoot\System32\Drivers\ac9qecqq.SYS[ntoskrnl.exe!_strupr]                                                     8A09EBDA

IAT             \SystemRoot\System32\Drivers\ac9qecqq.SYS[ntoskrnl.exe!KeQuerySystemTime]                                           86880547

IAT             \SystemRoot\System32\Drivers\ac9qecqq.SYS[ntoskrnl.exe!IoWMIRegistrationControl]                                    00001CC5

IAT             \SystemRoot\System32\Drivers\ac9qecqq.SYS[ntoskrnl.exe!KeTickCount]                                                 88084B8A

IAT             \SystemRoot\System32\Drivers\ac9qecqq.SYS[ntoskrnl.exe!IoAttachDeviceToDeviceStack]                                 001CC68E

IAT             \SystemRoot\System32\Drivers\ac9qecqq.SYS[ntoskrnl.exe!IoDeleteDevice]                                              40578B00

IAT             \SystemRoot\System32\Drivers\ac9qecqq.SYS[ntoskrnl.exe!ExAllocatePoolWithTag]                                       8D52006A

IAT             \SystemRoot\System32\Drivers\ac9qecqq.SYS[ntoskrnl.exe!IoAllocateWorkItem]                                          001CC886

IAT             \SystemRoot\System32\Drivers\ac9qecqq.SYS[ntoskrnl.exe!IoAllocateIrp]                                               11E85000

IAT             \SystemRoot\System32\Drivers\ac9qecqq.SYS[ntoskrnl.exe!IoAllocateMdl]                                               8B000022

IAT             \SystemRoot\System32\Drivers\ac9qecqq.SYS[ntoskrnl.exe!MmBuildMdlForNonPagedPool]                                   001CC08E

IAT             \SystemRoot\System32\Drivers\ac9qecqq.SYS[ntoskrnl.exe!MmLockPagableDataSection]                                    C4968B00

IAT             \SystemRoot\System32\Drivers\ac9qecqq.SYS[ntoskrnl.exe!IoGetDriverObjectExtension]                                  8900001C

IAT             \SystemRoot\System32\Drivers\ac9qecqq.SYS[ntoskrnl.exe!MmUnlockPagableImageSection]                                 001CCC8E

IAT             \SystemRoot\System32\Drivers\ac9qecqq.SYS[ntoskrnl.exe!ExFreePoolWithTag]                                           D0968900

IAT             \SystemRoot\System32\Drivers\ac9qecqq.SYS[ntoskrnl.exe!IoFreeIrp]                                                   8B00001C

IAT             \SystemRoot\System32\Drivers\ac9qecqq.SYS[ntoskrnl.exe!IoFreeWorkItem]                                              016A4047

IAT             \SystemRoot\System32\Drivers\ac9qecqq.SYS[ntoskrnl.exe!InitSafeBootMode]                                            D4C68150

IAT             \SystemRoot\System32\Drivers\ac9qecqq.SYS[ntoskrnl.exe!RtlCompareMemory]                                            5600001C

IAT             \SystemRoot\System32\Drivers\ac9qecqq.SYS[ntoskrnl.exe!PoCallDriver]                                                0021E7E8

IAT             \SystemRoot\System32\Drivers\ac9qecqq.SYS[ntoskrnl.exe!memmove]                                                     18C48300

IAT             \SystemRoot\System32\Drivers\ac9qecqq.SYS[ntoskrnl.exe!MmHighestUserAddress]                                        5D5B5E5F

IAT             \SystemRoot\System32\Drivers\ac9qecqq.SYS[HAL.dll!KfAcquireSpinLock]                                                18C4830E

IAT             \SystemRoot\System32\Drivers\ac9qecqq.SYS[HAL.dll!READ_PORT_UCHAR]                                                  1C959E88

IAT             \SystemRoot\System32\Drivers\ac9qecqq.SYS[HAL.dll!KeGetCurrentIrql]                                                 9E880000

IAT             \SystemRoot\System32\Drivers\ac9qecqq.SYS[HAL.dll!KfRaiseIrql]                                                      00001CB1

IAT             \SystemRoot\System32\Drivers\ac9qecqq.SYS[HAL.dll!KfLowerIrql]                                                      0E798366

IAT             \SystemRoot\System32\Drivers\ac9qecqq.SYS[HAL.dll!HalGetInterruptVector]                                            74AAB000

IAT             \SystemRoot\System32\Drivers\ac9qecqq.SYS[HAL.dll!HalTranslateBusAddress]                                           8986C636

IAT             \SystemRoot\System32\Drivers\ac9qecqq.SYS[HAL.dll!KeStallExecutionProcessor]                                        1A00001C

IAT             \SystemRoot\System32\Drivers\ac9qecqq.SYS[HAL.dll!KfReleaseSpinLock]                                                1C8B86C6

IAT             \SystemRoot\System32\Drivers\ac9qecqq.SYS[HAL.dll!READ_PORT_BUFFER_USHORT]                                          C6020000

IAT             \SystemRoot\System32\Drivers\ac9qecqq.SYS[HAL.dll!READ_PORT_USHORT]                                                 001C9686

IAT             \SystemRoot\System32\Drivers\ac9qecqq.SYS[HAL.dll!WRITE_PORT_BUFFER_USHORT]                                         86C60200

IAT             \SystemRoot\System32\Drivers\ac9qecqq.SYS[HAL.dll!WRITE_PORT_UCHAR]                                                 00001CB2

IAT             \SystemRoot\System32\Drivers\ac9qecqq.SYS[WMILIB.SYS!WmiSystemControl]                                              8800001C

IAT             \SystemRoot\System32\Drivers\ac9qecqq.SYS[WMILIB.SYS!WmiCompleteRequest]                                            001CB99E
 

---- Devices - GMER 1.0.15 ----
 

Device          \FileSystem\Ntfs \Ntfs                                                                                              8A20A1F8
 

AttachedDevice  \FileSystem\Ntfs \Ntfs                                                                                              savonaccessfilter.sys (SAV On-access and HIPS for Windows XP (x86)/Sophos Plc)
 

Device          \Driver\usbuhci \Device\USBPDO-0                                                                                    88EE21F8

Device          \Driver\dmio \Device\DmControl\DmIoDaemon                                                                           8A20C1F8

Device          \Driver\dmio \Device\DmControl\DmConfig                                                                             8A20C1F8

Device          \Driver\dmio \Device\DmControl\DmPnP                                                                                8A20C1F8

Device          \Driver\dmio \Device\DmControl\DmInfo                                                                               8A20C1F8

Device          \Driver\usbuhci \Device\USBPDO-1                                                                                    88EE21F8

Device          \Driver\usbuhci \Device\USBPDO-2                                                                                    88EE21F8

Device          \Driver\usbehci \Device\USBPDO-3                                                                                    88FA41F8

Device          \Driver\Ftdisk \Device\HarddiskVolume1                                                                              8A19F1F8

Device          \Driver\Ftdisk \Device\HarddiskVolume2                                                                              8A19F1F8

Device          \Driver\Cdrom \Device\CdRom0                                                                                        88FA11F8

Device          \Driver\atapi \Device\Ide\IdePort0                                                                                  [F7833B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}

Device          \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4                                                                         [F7833B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}

Device          \Driver\atapi \Device\Ide\IdePort1                                                                                  [F7833B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}

Device          \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c                                                                         [F7833B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}

Device          \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18                                                                        [F7833B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}

Device          \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20                                                                        [F7833B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}

Device          \Driver\Ftdisk \Device\HarddiskVolume3                                                                              8A19F1F8

Device          \Driver\Cdrom \Device\CdRom1                                                                                        88FA11F8

Device          \Driver\Ftdisk \Device\HarddiskVolume4                                                                              8A19F1F8

Device          \Driver\Cdrom \Device\CdRom2                                                                                        88FA11F8

Device          \Driver\NetBT \Device\NetBT_Tcpip_{9514F494-7C4D-4204-B56E-929252888553}                                            8871A1F8

Device          \Driver\Ftdisk \Device\HarddiskVolume6                                                                              8A19F1F8

Device          \Driver\Ftdisk \Device\HarddiskVolume7                                                                              8A19F1F8

Device          \Driver\NetBT \Device\NetBt_Wins_Export                                                                             8871A1F8

Device          \Driver\PCI_PNP9266 \Device\0000004a                                                                                spjx.sys

Device          \Driver\PCI_PNP9266 \Device\0000004a                                                                                spjx.sys

Device          \Driver\Ftdisk \Device\HarddiskVolume8                                                                              8A19F1F8

Device          \Driver\Ftdisk \Device\HarddiskVolume9                                                                              8A19F1F8

Device          \Driver\NetBT \Device\NetbiosSmb                                                                                    8871A1F8

Device          \Driver\usbuhci \Device\USBFDO-0                                                                                    88EE21F8

Device          \Driver\usbuhci \Device\USBFDO-1                                                                                    88EE21F8

Device          \FileSystem\MRxSmb \Device\LanmanDatagramReceiver                                                                   886FF1F8

Device          \Driver\usbuhci \Device\USBFDO-2                                                                                    88EE21F8

Device          \FileSystem\MRxSmb \Device\LanmanRedirector                                                                         886FF1F8

Device          \Driver\usbehci \Device\USBFDO-3                                                                                    88FA41F8

Device          \Driver\sptd \Device\2153918016                                                                                     spjx.sys

Device          \Driver\Ftdisk \Device\FtControl                                                                                    8A19F1F8

Device          \Driver\ac9qecqq \Device\Scsi\ac9qecqq1Port3Path0Target0Lun0                                                        88CF9500

Device          \Driver\fasttx2k \Device\Scsi\fasttx2k1Port2Path0Target4Lun0                                                        8A20B1F8

Device          \Driver\fasttx2k \Device\Scsi\fasttx2k1                                                                             8A20B1F8

Device          \Driver\ac9qecqq \Device\Scsi\ac9qecqq1                                                                             88CF9500

Device          \FileSystem\Cdfs \Cdfs                                                                                              88D4D500
 

---- Registry - GMER 1.0.15 ----
 

Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1                                                                  771343423

Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2                                                                  285507792

Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0                                                                  1

Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC                                    

Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0                                 D:\DAEMON Tools Lite\

Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0                                 0x00 0x00 0x00 0x00 ...

Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                 0

Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                              0xE1 0x07 0xA8 0x31 ...

Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001                           

Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0                        0x20 0x01 0x00 0x00 ...

Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12                     0x84 0xF8 0xC1 0xFC ...

Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0                      

Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12                0xDE 0x62 0x7C 0x01 ...

Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)                

Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0                                     D:\DAEMON Tools Lite\

Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0                                     0x00 0x00 0x00 0x00 ...

Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                     0

Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                                  0x0A 0x87 0xB2 0x79 ...

Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)       

Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0                            0x20 0x01 0x00 0x00 ...

Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12                         0x84 0xF8 0xC1 0xFC ...

Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)  

Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12                    0xDE 0x62 0x7C 0x01 ...

Reg             HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\System                                                               

Reg             HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\System@OODEFRAG14.00.00.01PROFESSIONAL                               045D393BE5BDA378B712095C9CCFAFDD8948D36A05349DDD548A272FF7C6B41EC0886F5CE2AB2D753CB5290B4B54AD0EFE3119905CD542E4260115198307F80A54A7DE1AA17EFB436C75911844CECAEBD63C95ADFA1E763157CA3573310EFA1976372CAD9DE79BDF717BDB4E432C5A184965FDC1FCDAF52A524DF3151AA27E98DE2B1EE1164E7A9C73E8CA0EC80F950A9096AB63420AE18B0163E268A341B029CCEA9E140ACA6E9F24D1C0CC954E980D6CB29ABCEF5E4166D5D939EB6F9C9D3E0151BD39FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C5D575E7D6A3B9808BA7FD869164D6794C038D530D6EB3452BA7FD869164D6794CFD21FD1DAD85CAFD901B59B1244FC843C322B5756B29C062D485792393C1A32D653CE3C7EEFB9F1F7BCF0E7C161788411B78D6BAE8CFDC7A00498C6C67891C1F609E7593638A60610348B6CBB39F7638330AC0CA0DDB16504E67E30BB682B23EC5DC7B18B3AB1E45ECC6C18DA5E630D73A096AB766719DE763564E5F31AE18C377130218CEE8C976425DD2A7B55C38081C3BE107DDA36C9D9E385514E8ED1461A96475747C48EBB688C8DB7801C4A4F94857D5189E2B14CD61D01342FBBBAAD9E579458D21EAF0471878FAA4FA149A3D58A8DDE711B5824D7C05D9E7D090435916C86FB45CF8FB74DCF58B
 

---- EOF - GMER 1.0.15 ----

OSAM Logfile:

Code:

Report of OSAM: Autorun Manager v5.0.11926.0

hxxp://www.online-solutions.ru/en/

Saved at 20:43:16 on 14.01.2012
 

OS: Windows XP Professional Service Pack 3 (Build 2600)

Default Browser: Mozilla Corporation Firefox 9.0.1
 

Scanner Settings

[x] Rootkits detection (hidden registry)

[x] Rootkits detection (hidden files)

[x] Retrieve files information

[x] Check Microsoft signatures
 

Filters

[ ] Trusted entries

[ ] Empty entries

[x] Hidden registry entries (rootkit activity)

[x] Exclusively opened files

[x] Not found files

[x] Files without detailed information

[x] Existing files

[ ] Non-startable services

[ ] Non-startable drivers

[x] Active entries

[x] Disabled entries
 
 

[Boot Execute]

-----( HKLM\SYSTEM\CurrentControlSet\Control\Session Manager )-----

"BootExecute" - "O&O Software GmbH" - C:\WINDOWS\system32\OODBS.exe
 

[Control Panel Objects]

-----( %SystemRoot%\system32 )-----

"FlashPlayerCPLApp.cpl" - "Adobe Systems Incorporated" - C:\WINDOWS\system32\FlashPlayerCPLApp.cpl

"javacpl.cpl" - "Sun Microsystems, Inc." - C:\WINDOWS\system32\javacpl.cpl

"nvcpl.cpl" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvcpl.cpl

"nvtuicpl.cpl" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvtuicpl.cpl
 

[Drivers]

-----( HKLM\SYSTEM\CurrentControlSet\Services )-----

"ac9qecqq" (ac9qecqq) - "Microsoft Corporation" - C:\WINDOWS\system32\drivers\ac9qecqq.sys  (Hidden registry entry, rootkit activity | File signed by Microsoft)

"catchme" (catchme) - ? - C:\DOKUME~1\Blimsch\LOKALE~1\Temp\catchme.sys  (File not found)

"Changer" (Changer) - ? - C:\WINDOWS\system32\drivers\Changer.sys  (File not found)

"Cisco Systems Inc. IPSec Driver" (CVPNDRVA) - "Cisco Systems, Inc." - C:\WINDOWS\system32\Drivers\CVPNDRVA.sys

"doqsumar" (doqsumar) - ? - C:\WINDOWS\System32\drivers\yfexxuec.sys  (File found, but it contains no detailed information)

"i2omgmt" (i2omgmt) - ? - C:\WINDOWS\system32\drivers\i2omgmt.sys  (File not found)

"kwlyikoc" (kwlyikoc) - ? - C:\DOKUME~1\Blimsch\LOKALE~1\Temp\kwlyikoc.sys  (Hidden registry entry, rootkit activity | File not found)

"lbrtfdc" (lbrtfdc) - ? - C:\WINDOWS\system32\drivers\lbrtfdc.sys  (File not found)

"MBAMProtector" (MBAMProtector) - "Malwarebytes Corporation" - C:\WINDOWS\system32\drivers\mbam.sys

"MSI US54EX Wireless Adapter" (RT73) - ? - C:\WINDOWS\System32\DRIVERS\rt73.sys  (File not found)

"PCIDump" (PCIDump) - ? - C:\WINDOWS\system32\drivers\PCIDump.sys  (File not found)

"PDCOMP" (PDCOMP) - ? - C:\WINDOWS\system32\drivers\PDCOMP.sys  (File not found)

"PDFRAME" (PDFRAME) - ? - C:\WINDOWS\system32\drivers\PDFRAME.sys  (File not found)

"PDRELI" (PDRELI) - ? - C:\WINDOWS\system32\drivers\PDRELI.sys  (File not found)

"PDRFRAME" (PDRFRAME) - ? - C:\WINDOWS\system32\drivers\PDRFRAME.sys  (File not found)

"PxHelp20" (PxHelp20) - "Sonic Solutions" - C:\WINDOWS\System32\Drivers\PxHelp20.sys

"sptd" (sptd) - "Duplex Secure Ltd." - C:\WINDOWS\System32\Drivers\sptd.sys  (File is exclusively opened, access blocked)

"StarOpen" (StarOpen) - ? - C:\WINDOWS\system32\drivers\StarOpen.sys  (File found, but it contains no detailed information)

"TAP-Win32 Adapter OAS" (tapoas) - "The OpenVPN Project" - C:\WINDOWS\System32\DRIVERS\tapoas.sys

"TAP-Win32 Adapter V9" (tap0901) - "The OpenVPN Project" - C:\WINDOWS\System32\DRIVERS\tap0901.sys

"truecrypt" (truecrypt) - "TrueCrypt Foundation" - D:\TrueCrypt\truecrypt.sys

"TuneUpUtilitiesDrv" (TuneUpUtilitiesDrv) - "TuneUp Software" - D:\TuneUp 2010\TuneUpUtilitiesDriver32.sys

"vsdatant" (vsdatant) - "Zone Labs LLC" - C:\WINDOWS\system32\vsdatant.sys

"WDICA" (WDICA) - ? - C:\WINDOWS\system32\drivers\WDICA.sys  (File not found)
 

[Explorer]

-----( HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----

{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? -   (File not found | COM-object registry key not found)

{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? -   (File not found | COM-object registry key not found)

{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? -   (File not found | COM-object registry key not found)

{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? -   (File not found | COM-object registry key not found)

-----( HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components )-----

{89B4C1CD-B018-4511-B0A1-5476DBF70820} "StubPath" - "Microsoft Corporation" - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install

-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----

{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" - "The Document Foundation" - D:\LibreOffice\Basis\program\shlxthdl\shlxthdl.dll

-----( HKLM\Software\Classes\Protocols\Filter )-----

{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll

{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll

{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll

{807573E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

-----( HKLM\Software\Classes\Protocols\Handler )-----

{314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll

{828030A1-22C1-4009-854F-8E305202313F} "livecall" - "Microsoft Corporation" - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

{828030A1-22C1-4009-854F-8E305202313F} "msnim" - "Microsoft Corporation" - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )-----

{B5A7F190-DDA6-4420-B3BA-52453494E6CD} "Groove GFS Stub Execution Hook" - "Microsoft Corporation" - D:\MICROS~1\Office14\GROOVEEX.DLL

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----

{3D60EDA7-9AB4-4DA8-864C-D9B5F2E7281D} "Arbeitsbereiche" - "Microsoft Corporation" - D:\MICROS~1\Office14\GROOVEEX.DLL

{A3A1D8A1-006D-4B93-BA27-6F6B4C9C4F1D} "ContextMenuHandler Class" - "Sophos Plc" - C:\Programme\Sophos\Sophos Anti-Virus\SavShellExt.dll

{42071714-76d4-11d1-8b24-00a0c9068ff3} "CPL-Erweiterung für Anzeigeverschiebung" - ? -   (File not found | COM-object registry key not found)

{1CDB2949-8F65-4355-8456-263E7C208A5D} "Desktop Explorer" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvshell.dll

{1E9B04FB-F9E5-4718-997B-B8DA88302A47} "Desktop Explorer Menu" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvshell.dll

{1D2680C9-0E2A-469d-B787-065558BC7D43} "Fusion Cache" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll

{99FD978C-D287-4F50-827F-B2C658EDA8E7} "Groove Explorer Icon Overlay 1 (GFS Unread Stub)" - "Microsoft Corporation" - D:\MICROS~1\Office14\GROOVEEX.DLL

{AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} "Groove Explorer Icon Overlay 2 (GFS Stub)" - "Microsoft Corporation" - D:\MICROS~1\Office14\GROOVEEX.DLL

{920E6DB1-9907-4370-B3A0-BAFC03D81399} "Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)" - "Microsoft Corporation" - D:\MICROS~1\Office14\GROOVEEX.DLL

{16F3DD56-1AF5-4347-846D-7C10C4192619} "Groove Explorer Icon Overlay 3 (GFS Folder)" - "Microsoft Corporation" - D:\MICROS~1\Office14\GROOVEEX.DLL

{2916C86E-86A6-43FE-8112-43ABE6BF8DCC} "Groove Explorer Icon Overlay 4 (GFS Unread Mark)" - "Microsoft Corporation" - D:\MICROS~1\Office14\GROOVEEX.DLL

{2A541AE1-5BF6-4665-A8A3-CFA9672E4291} "Groove Folder Synchronization" - "Microsoft Corporation" - D:\MICROS~1\Office14\GROOVEEX.DLL

{72853161-30C5-4D22-B7F9-0BBC1D38A37E} "Groove GFS Browser Helper" - "Microsoft Corporation" - D:\MICROS~1\Office14\GROOVEEX.DLL

{6C467336-8281-4E60-8204-430CED96822D} "Groove GFS Context Menu Handler" - "Microsoft Corporation" - D:\MICROS~1\Office14\GROOVEEX.DLL

{B5A7F190-DDA6-4420-B3BA-52453494E6CD} "Groove GFS Stub Execution Hook" - "Microsoft Corporation" - D:\MICROS~1\Office14\GROOVEEX.DLL

{A449600E-1DC6-4232-B948-9BD794D62056} "Groove GFS Stub Icon Handler" - "Microsoft Corporation" - D:\MICROS~1\Office14\GROOVEEX.DLL

{387E725D-DC16-4D76-B310-2C93ED4752A0} "Groove XML Icon Handler" - "Microsoft Corporation" - D:\MICROS~1\Office14\GROOVEEX.DLL

{FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} "IE User Assist" - ? -   (File not found | COM-object registry key not found)

{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} "Kontextmenü für die Verschlüsselung" - ? -   (File not found | COM-object registry key not found)

{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - D:\Microsoft Office\Office14\msohevi.dll

{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE14\msoshext.dll

{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE14\msoshext.dll

{1E9B04FB-F9E5-4718-997B-B8DA88302A48} "nView Desktop Context Menu" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvshell.dll

{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "OpenOffice.org Column Handler" - "The Document Foundation" - D:\LibreOffice\Basis\program\shlxthdl\shlxthdl.dll

{087B3AE3-E237-4467-B8DB-5A38AB959AC9} "OpenOffice.org Infotip Handler" - "The Document Foundation" - D:\LibreOffice\Basis\program\shlxthdl\shlxthdl.dll

{63542C48-9552-494A-84F7-73AA6A7C99C1} "OpenOffice.org Property Sheet Handler" - "The Document Foundation" - D:\LibreOffice\Basis\program\shlxthdl\shlxthdl.dll

{3B092F0C-7696-40E3-A80F-68D74DA84210} "OpenOffice.org Thumbnail Viewer" - "The Document Foundation" - D:\LibreOffice\Basis\program\shlxthdl\shlxthdl.dll

{E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} "Shell Icon Handler for Application References" - "Microsoft Corporation" - C:\WINDOWS\system32\dfshim.dll

{764BF0E1-F219-11ce-972D-00AA00A14F56} "Shellerweiterungen für die Dateikomprimierung" - ? -   (File not found | COM-object registry key not found)

{e82a2d71-5b2f-43a0-97b8-81be15854de8} "ShellLink for Application References" - "Microsoft Corporation" - C:\WINDOWS\system32\dfshim.dll

{A7005AF0-D6E8-48AF-8DFA-023B1CF660A7} "TeraCopy" - ? - D:\TeraCopy\TeraCopy.dll  (File found, but it contains no detailed information)

{A8005AF0-D6E8-48AF-8DFA-023B1CF660A7} "TeraCopy" - ? - D:\TeraCopy\TeraCopyExt.dll  (File found, but it contains no detailed information)

{4838CD50-7E5D-4811-9B17-C47A85539F28} "TuneUp Disk Space Explorer Shell Extension" - "TuneUp Software" - D:\TuneUp 2010\DseShExt-x86.dll

{4858E7D9-8E12-45a3-B6A3-1CD128C9D403} "TuneUp Shredder Shell Extension" - "TuneUp Software" - D:\TuneUp 2010\SDShelEx-win32.dll

{44440D00-FF19-4AFC-B765-9A0970567D97} "TuneUp Theme Extension" - "TuneUp Software" - C:\WINDOWS\System32\uxtuneup.dll

{BDEADF00-C265-11D0-BCED-00A0C90AB50F} "Web Folders" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Folders\MSONSEXT.DLL

{B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - "Alexander Roshal" - D:\WinRAR\rarext.dll
 

[Internet Explorer]

-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----

ITBar7Height "ITBar7Height" - ? -   (File not found | COM-object registry key not found)

<binary data> "ITBar7Layout" - ? -   (File not found | COM-object registry key not found)

<binary data> "ITBarLayout" - ? -   (File not found | COM-object registry key not found)

-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----

{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_26" - "Sun Microsystems, Inc." - D:\Java\bin\npjpi160_26.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} "Java Plug-in 1.6.0_26" - "Sun Microsystems, Inc." - D:\Java\bin\npjpi160_26.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_26" - "Sun Microsystems, Inc." - D:\Java\bin\npjpi160_26.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----

{72853161-30C5-4D22-B7F9-0BBC1D38A37E} "Groove GFS Browser Helper" - "Microsoft Corporation" - D:\MICROS~1\Office14\GROOVEEX.DLL

{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - D:\Java\bin\jp2ssv.dll

{E7E6F031-17CE-4C07-BC86-EABFE594F69C} "JQSIEStartDetectorImpl Class" - "Sun Microsystems, Inc." - D:\Java\lib\deploy\jqs\ie\jqs_plugin.dll

{B4F3A835-0E21-4959-BA22-42B3008E02FF} "Office Document Cache Handler" - "Microsoft Corporation" - D:\MICROS~1\Office14\URLREDIR.DLL

{39EA7695-B3F2-4C44-A4BC-297ADA8FD235} "Sophos Web Content Scanner" - "Sophos Plc" - C:\Programme\Sophos\Sophos Anti-Virus\SophosBHO.dll

{9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live Anmelde-Hilfsprogramm" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
 

[Logon]

-----( %AllUsersProfile%\Startmenü\Programme\Autostart )-----

"desktop.ini" - ? - C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\desktop.ini

"VPN Client.lnk" - "Cisco Systems, Inc." - D:\Cisco VPN Client\vpngui.exe  (Shortcut exists | File exists)

-----( %UserProfile%\Startmenü\Programme\Autostart )-----

"desktop.ini" - ? - C:\Dokumente und Einstellungen\Blimsch\Startmenü\Programme\Autostart\desktop.ini

"Dropbox.lnk" - "Dropbox, Inc." - C:\Dokumente und Einstellungen\Blimsch\Anwendungsdaten\Dropbox\bin\Dropbox.exe  (Shortcut exists | File exists)

"Multidesk Desktop Manager.lnk" - "smartcoder.net software development" - D:\Multidesk\MultiDesk.exe  (Shortcut exists | File exists)

-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----

"DAEMON Tools Lite" - "DT Soft Ltd" - "D:\DAEMON Tools Lite\DTLite.exe" -autorun

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----

"FreePDF Assistant" - "shbox.de" - C:\Programme\FreePDF_XP\fpassist.exe

"Malwarebytes' Anti-Malware" - "Malwarebytes Corporation" - "D:\Malwarebytes Anti-Malware\mbamgui.exe" /starttray

"nwiz" - "NVIDIA Corporation" - nwiz.exe /install

"Sophos AutoUpdate Monitor" - "Sophos Plc" - C:\Programme\Sophos\AutoUpdate\almon.exe

"SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe"
 

[Print Monitors]

-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----

"Redirected Port" - ? - C:\WINDOWS\system32\redmonnt.dll  (File found, but it contains no detailed information)
 

[Services]

-----( HKLM\SYSTEM\CurrentControlSet\Services )-----

".NET Runtime Optimization Service v2.0.50727_X86" (clr_optimization_v2.0.50727_32) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

"ASP.NET State Service" (aspnet_state) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe

"Cisco Systems, Inc. VPN Service" (CVPND) - "Cisco Systems, Inc." - D:\Cisco VPN Client\cvpnd.exe

"Java Quick Starter" (JavaQuickStarterService) - "Sun Microsystems, Inc." - D:\Java\bin\jqs.exe

"MBAMService" (MBAMService) - "Malwarebytes Corporation" - D:\Malwarebytes Anti-Malware\mbamservice.exe

"Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

"Microsoft SharePoint Workspace Audit Service" (Microsoft SharePoint Workspace Audit Service) - "Microsoft Corporation" - D:\Microsoft Office\Office14\GROOVE.EXE

"NMSAccess" (NMSAccess) - ? - D:\CDBurnerXP\NMSAccessU.exe  (File found, but it contains no detailed information)

"O&O Defrag Agent" (OODefragAgent) - "O&O Software GmbH" - D:\OO Defrag 14\oodag.exe

"Office  Source Engine" (ose) - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE

"Office Software Protection Platform" (osppsvc) - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

"Sophos Anti-Virus" (SAVService) - "Sophos Plc" - C:\Programme\Sophos\Sophos Anti-Virus\SavService.exe

"Sophos Anti-Virus Statusreporter" (SAVAdminService) - "Sophos Plc" - C:\Programme\Sophos\Sophos Anti-Virus\SAVAdminService.exe

"Sophos AutoUpdate Service" (Sophos AutoUpdate Service) - "Sophos Plc" - C:\Programme\Sophos\AutoUpdate\ALsvc.exe

"Sophos Web Intelligence Service" (swi_service) - "Sophos Plc" - C:\Programme\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe

"STI Simulator" (STI Simulator) - ? - C:\WINDOWS\System32\PAStiSvc.exe  (File signed by Microsoft | File found, but it contains no detailed information)

"TuneUp Designerweiterung" (UxTuneUp) - "TuneUp Software" - C:\WINDOWS\System32\uxtuneup.dll

"TuneUp Drive Defrag-Dienst" (TuneUp.Defrag) - "TuneUp Software" - D:\TuneUp 2010\TuneUpDefragService.exe

"TuneUp Utilities Service" (TuneUp.UtilitiesSvc) - "TuneUp Software" - D:\TuneUp 2010\TuneUpUtilitiesService32.exe

"Windows Presentation Foundation Font Cache 4.0.0.0" (WPFFontCache_v0400) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
 

[Winlogon]

-----( HKCU\Control Panel\IOProcs )-----

"MVB" - ? - mvfs32.dll  (File not found)

-----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify )-----

"WgaLogon" - "Microsoft Corporation" - C:\WINDOWS\system32\WgaLogon.dll
 

===[ Logfile end ]=========================================[ Logfile end ]===
 

--- --- ---
 

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru

aswMBR:

Code:

aswMBR version 0.9.9.1297 Copyright(c) 2011 AVAST Software

Run date: 2012-01-14 20:43:48

-----------------------------

20:43:48.109    OS Version: Windows 5.1.2600 Service Pack 3

20:43:48.109    Number of processors: 1 586 0xA00

20:43:48.109    ComputerName: BLIMSCHS-PC  UserName: Blimsch

20:43:48.406    Initialize success

20:47:03.734    AVAST engine defs: 12011401

20:47:43.656    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4

20:47:43.656    Disk 0 Vendor: WDC_WD3200AAKB-00UAA0 00.02C01 Size: 305245MB BusType: 3

20:47:43.656    Disk 1  \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP0T1L0-c

20:47:43.656    Disk 1 Vendor: WDC_WD600AB-00BVA0 21.01H21 Size: 57241MB BusType: 3

20:47:43.687    Disk 0 MBR read successfully

20:47:43.687    Disk 0 MBR scan

20:47:43.718    Disk 0 Windows XP default MBR code

20:47:43.718    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS        12393 MB offset 63

20:47:43.718    Disk 0 Partition - 00     0F Extended LBA            292848 MB offset 25382700

20:47:43.734    Disk 0 Partition - 00     05     Extended             14605 MB offset 25382762

20:47:43.734    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS        14605 MB offset 25382763

20:47:43.750    Disk 0 Partition - 00     05     Extended             29996 MB offset 55295792

20:47:43.750    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS        29996 MB offset 55295793

20:47:44.265    Disk 0 Partition - 00     05     Extended             14998 MB offset 146641320

20:47:44.265    Disk 0 Partition 4 00     07    HPFS/NTFS NTFS        14998 MB offset 116728353

20:47:44.281    Disk 0 Partition - 00     05     Extended            233248 MB offset 238790160

20:47:44.296    Disk 0 Partition 5 00     07    HPFS/NTFS            233248 MB offset 147444633

20:47:44.312    Disk 0 scanning sectors +625137345

20:47:44.390    Disk 0 scanning C:\WINDOWS\system32\drivers

20:47:53.281    Service scanning

20:47:53.593    Service sptd C:\WINDOWS\System32\Drivers\sptd.sys **LOCKED** 32

20:47:54.140    Modules scanning

20:48:06.078    Disk 0 trace - called modules:

20:48:06.093    ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys spjx.sys >>UNKNOWN [0x8a1bf938]<<

20:48:06.093    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a108ab8]

20:48:06.093    3 CLASSPNP.SYS[f7657fd7] -> nt!IofCallDriver -> \Device\00000067[0x8a17bf18]

20:48:06.093    5 ACPI.sys[f74a2620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-4[0x8a110d98]

20:48:06.234    AVAST engine scan C:\WINDOWS

20:48:10.937    AVAST engine scan C:\WINDOWS\system32

20:52:23.703    AVAST engine scan C:\WINDOWS\system32\drivers

20:52:53.375    AVAST engine scan C:\Dokumente und Einstellungen\Blimsch

21:01:22.859    AVAST engine scan C:\Dokumente und Einstellungen\All Users

21:04:42.656    Scan finished successfully

21:05:55.484    Disk 0 MBR has been saved successfully to "F:\MBR.dat"

21:05:55.484    The log file has been saved successfully to "F:\aswMBR.txt"

Zitat:

"doqsumar" (doqsumar) - ? - C:\WINDOWS\System32\drivers\yfexxuec.sys (File found, but it contains no detailed information)

Bitte mit OSAM deaktivieren und löschen. Danach Windows rebooten und ein neues Log mit OSAM machen

hier die log nach dem reboot:

OSAM Logfile:

Code:

Report of OSAM: Autorun Manager v5.0.11926.0

hxxp://www.online-solutions.ru/en/

Saved at 21:31:47 on 14.01.2012
 

OS: Windows XP Professional Service Pack 3 (Build 2600)

Default Browser: Mozilla Corporation Firefox 9.0.1
 

Scanner Settings

[x] Rootkits detection (hidden registry)

[x] Rootkits detection (hidden files)

[x] Retrieve files information

[x] Check Microsoft signatures
 

Filters

[ ] Trusted entries

[ ] Empty entries

[x] Hidden registry entries (rootkit activity)

[x] Exclusively opened files

[x] Not found files

[x] Files without detailed information

[x] Existing files

[ ] Non-startable services

[ ] Non-startable drivers

[x] Active entries

[x] Disabled entries
 
 

[Boot Execute]

-----( HKLM\SYSTEM\CurrentControlSet\Control\Session Manager )-----

"BootExecute" - "O&O Software GmbH" - C:\WINDOWS\system32\OODBS.exe
 

[Control Panel Objects]

-----( %SystemRoot%\system32 )-----

"FlashPlayerCPLApp.cpl" - "Adobe Systems Incorporated" - C:\WINDOWS\system32\FlashPlayerCPLApp.cpl

"javacpl.cpl" - "Sun Microsystems, Inc." - C:\WINDOWS\system32\javacpl.cpl

"nvcpl.cpl" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvcpl.cpl

"nvtuicpl.cpl" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvtuicpl.cpl
 

[Drivers]

-----( HKLM\SYSTEM\CurrentControlSet\Services )-----

"ar64brxg" (ar64brxg) - "Microsoft Corporation" - C:\WINDOWS\system32\drivers\ar64brxg.sys  (Hidden registry entry, rootkit activity | File signed by Microsoft)

"catchme" (catchme) - ? - C:\DOKUME~1\Blimsch\LOKALE~1\Temp\catchme.sys  (File not found)

"Changer" (Changer) - ? - C:\WINDOWS\system32\drivers\Changer.sys  (File not found)

"Cisco Systems Inc. IPSec Driver" (CVPNDRVA) - "Cisco Systems, Inc." - C:\WINDOWS\system32\Drivers\CVPNDRVA.sys

"i2omgmt" (i2omgmt) - ? - C:\WINDOWS\system32\drivers\i2omgmt.sys  (File not found)

"lbrtfdc" (lbrtfdc) - ? - C:\WINDOWS\system32\drivers\lbrtfdc.sys  (File not found)

"MBAMProtector" (MBAMProtector) - "Malwarebytes Corporation" - C:\WINDOWS\system32\drivers\mbam.sys

"MSI US54EX Wireless Adapter" (RT73) - ? - C:\WINDOWS\System32\DRIVERS\rt73.sys  (File not found)

"PCIDump" (PCIDump) - ? - C:\WINDOWS\system32\drivers\PCIDump.sys  (File not found)

"PDCOMP" (PDCOMP) - ? - C:\WINDOWS\system32\drivers\PDCOMP.sys  (File not found)

"PDFRAME" (PDFRAME) - ? - C:\WINDOWS\system32\drivers\PDFRAME.sys  (File not found)

"PDRELI" (PDRELI) - ? - C:\WINDOWS\system32\drivers\PDRELI.sys  (File not found)

"PDRFRAME" (PDRFRAME) - ? - C:\WINDOWS\system32\drivers\PDRFRAME.sys  (File not found)

"PxHelp20" (PxHelp20) - "Sonic Solutions" - C:\WINDOWS\System32\Drivers\PxHelp20.sys

"sptd" (sptd) - "Duplex Secure Ltd." - C:\WINDOWS\System32\Drivers\sptd.sys  (File is exclusively opened, access blocked)

"StarOpen" (StarOpen) - ? - C:\WINDOWS\system32\drivers\StarOpen.sys  (File found, but it contains no detailed information)

"TAP-Win32 Adapter OAS" (tapoas) - "The OpenVPN Project" - C:\WINDOWS\System32\DRIVERS\tapoas.sys

"TAP-Win32 Adapter V9" (tap0901) - "The OpenVPN Project" - C:\WINDOWS\System32\DRIVERS\tap0901.sys

"TuneUpUtilitiesDrv" (TuneUpUtilitiesDrv) - "TuneUp Software" - D:\TuneUp 2010\TuneUpUtilitiesDriver32.sys

"vsdatant" (vsdatant) - "Zone Labs LLC" - C:\WINDOWS\system32\vsdatant.sys

"WDICA" (WDICA) - ? - C:\WINDOWS\system32\drivers\WDICA.sys  (File not found)

(Disabled) "doqsumar" (doqsumar) - ? - C:\WINDOWS\System32\drivers\yfexxuec.sys  (File found, but it contains no detailed information)
 

[Explorer]

-----( HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----

{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? -   (File not found | COM-object registry key not found)

{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? -   (File not found | COM-object registry key not found)

{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? -   (File not found | COM-object registry key not found)

{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? -   (File not found | COM-object registry key not found)

-----( HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components )-----

{89B4C1CD-B018-4511-B0A1-5476DBF70820} "StubPath" - "Microsoft Corporation" - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install

-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----

{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" - "The Document Foundation" - D:\LibreOffice\Basis\program\shlxthdl\shlxthdl.dll

-----( HKLM\Software\Classes\Protocols\Filter )-----

{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll

{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll

{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll

{807573E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

-----( HKLM\Software\Classes\Protocols\Handler )-----

{314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll

{828030A1-22C1-4009-854F-8E305202313F} "livecall" - "Microsoft Corporation" - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

{828030A1-22C1-4009-854F-8E305202313F} "msnim" - "Microsoft Corporation" - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )-----

{B5A7F190-DDA6-4420-B3BA-52453494E6CD} "Groove GFS Stub Execution Hook" - "Microsoft Corporation" - D:\MICROS~1\Office14\GROOVEEX.DLL

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----

{3D60EDA7-9AB4-4DA8-864C-D9B5F2E7281D} "Arbeitsbereiche" - "Microsoft Corporation" - D:\MICROS~1\Office14\GROOVEEX.DLL

{A3A1D8A1-006D-4B93-BA27-6F6B4C9C4F1D} "ContextMenuHandler Class" - "Sophos Plc" - C:\Programme\Sophos\Sophos Anti-Virus\SavShellExt.dll

{42071714-76d4-11d1-8b24-00a0c9068ff3} "CPL-Erweiterung für Anzeigeverschiebung" - ? -   (File not found | COM-object registry key not found)

{1CDB2949-8F65-4355-8456-263E7C208A5D} "Desktop Explorer" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvshell.dll

{1E9B04FB-F9E5-4718-997B-B8DA88302A47} "Desktop Explorer Menu" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvshell.dll

{1D2680C9-0E2A-469d-B787-065558BC7D43} "Fusion Cache" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll

{99FD978C-D287-4F50-827F-B2C658EDA8E7} "Groove Explorer Icon Overlay 1 (GFS Unread Stub)" - "Microsoft Corporation" - D:\MICROS~1\Office14\GROOVEEX.DLL

{AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} "Groove Explorer Icon Overlay 2 (GFS Stub)" - "Microsoft Corporation" - D:\MICROS~1\Office14\GROOVEEX.DLL

{920E6DB1-9907-4370-B3A0-BAFC03D81399} "Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)" - "Microsoft Corporation" - D:\MICROS~1\Office14\GROOVEEX.DLL

{16F3DD56-1AF5-4347-846D-7C10C4192619} "Groove Explorer Icon Overlay 3 (GFS Folder)" - "Microsoft Corporation" - D:\MICROS~1\Office14\GROOVEEX.DLL

{2916C86E-86A6-43FE-8112-43ABE6BF8DCC} "Groove Explorer Icon Overlay 4 (GFS Unread Mark)" - "Microsoft Corporation" - D:\MICROS~1\Office14\GROOVEEX.DLL

{2A541AE1-5BF6-4665-A8A3-CFA9672E4291} "Groove Folder Synchronization" - "Microsoft Corporation" - D:\MICROS~1\Office14\GROOVEEX.DLL

{72853161-30C5-4D22-B7F9-0BBC1D38A37E} "Groove GFS Browser Helper" - "Microsoft Corporation" - D:\MICROS~1\Office14\GROOVEEX.DLL

{6C467336-8281-4E60-8204-430CED96822D} "Groove GFS Context Menu Handler" - "Microsoft Corporation" - D:\MICROS~1\Office14\GROOVEEX.DLL

{B5A7F190-DDA6-4420-B3BA-52453494E6CD} "Groove GFS Stub Execution Hook" - "Microsoft Corporation" - D:\MICROS~1\Office14\GROOVEEX.DLL

{A449600E-1DC6-4232-B948-9BD794D62056} "Groove GFS Stub Icon Handler" - "Microsoft Corporation" - D:\MICROS~1\Office14\GROOVEEX.DLL

{387E725D-DC16-4D76-B310-2C93ED4752A0} "Groove XML Icon Handler" - "Microsoft Corporation" - D:\MICROS~1\Office14\GROOVEEX.DLL

{FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} "IE User Assist" - ? -   (File not found | COM-object registry key not found)

{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} "Kontextmenü für die Verschlüsselung" - ? -   (File not found | COM-object registry key not found)

{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - D:\Microsoft Office\Office14\msohevi.dll

{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE14\msoshext.dll

{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE14\msoshext.dll

{1E9B04FB-F9E5-4718-997B-B8DA88302A48} "nView Desktop Context Menu" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvshell.dll

{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "OpenOffice.org Column Handler" - "The Document Foundation" - D:\LibreOffice\Basis\program\shlxthdl\shlxthdl.dll

{087B3AE3-E237-4467-B8DB-5A38AB959AC9} "OpenOffice.org Infotip Handler" - "The Document Foundation" - D:\LibreOffice\Basis\program\shlxthdl\shlxthdl.dll

{63542C48-9552-494A-84F7-73AA6A7C99C1} "OpenOffice.org Property Sheet Handler" - "The Document Foundation" - D:\LibreOffice\Basis\program\shlxthdl\shlxthdl.dll

{3B092F0C-7696-40E3-A80F-68D74DA84210} "OpenOffice.org Thumbnail Viewer" - "The Document Foundation" - D:\LibreOffice\Basis\program\shlxthdl\shlxthdl.dll

{E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} "Shell Icon Handler for Application References" - "Microsoft Corporation" - C:\WINDOWS\system32\dfshim.dll

{764BF0E1-F219-11ce-972D-00AA00A14F56} "Shellerweiterungen für die Dateikomprimierung" - ? -   (File not found | COM-object registry key not found)

{e82a2d71-5b2f-43a0-97b8-81be15854de8} "ShellLink for Application References" - "Microsoft Corporation" - C:\WINDOWS\system32\dfshim.dll

{A7005AF0-D6E8-48AF-8DFA-023B1CF660A7} "TeraCopy" - ? - D:\TeraCopy\TeraCopy.dll  (File found, but it contains no detailed information)

{A8005AF0-D6E8-48AF-8DFA-023B1CF660A7} "TeraCopy" - ? - D:\TeraCopy\TeraCopyExt.dll  (File found, but it contains no detailed information)

{4838CD50-7E5D-4811-9B17-C47A85539F28} "TuneUp Disk Space Explorer Shell Extension" - "TuneUp Software" - D:\TuneUp 2010\DseShExt-x86.dll

{4858E7D9-8E12-45a3-B6A3-1CD128C9D403} "TuneUp Shredder Shell Extension" - "TuneUp Software" - D:\TuneUp 2010\SDShelEx-win32.dll

{44440D00-FF19-4AFC-B765-9A0970567D97} "TuneUp Theme Extension" - "TuneUp Software" - C:\WINDOWS\System32\uxtuneup.dll

{BDEADF00-C265-11D0-BCED-00A0C90AB50F} "Web Folders" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Folders\MSONSEXT.DLL

{B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - "Alexander Roshal" - D:\WinRAR\rarext.dll
 

[Internet Explorer]

-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----

ITBar7Height "ITBar7Height" - ? -   (File not found | COM-object registry key not found)

<binary data> "ITBar7Layout" - ? -   (File not found | COM-object registry key not found)

<binary data> "ITBarLayout" - ? -   (File not found | COM-object registry key not found)

-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----

{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_26" - "Sun Microsystems, Inc." - D:\Java\bin\npjpi160_26.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} "Java Plug-in 1.6.0_26" - "Sun Microsystems, Inc." - D:\Java\bin\npjpi160_26.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_26" - "Sun Microsystems, Inc." - D:\Java\bin\npjpi160_26.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----

{72853161-30C5-4D22-B7F9-0BBC1D38A37E} "Groove GFS Browser Helper" - "Microsoft Corporation" - D:\MICROS~1\Office14\GROOVEEX.DLL

{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - D:\Java\bin\jp2ssv.dll

{E7E6F031-17CE-4C07-BC86-EABFE594F69C} "JQSIEStartDetectorImpl Class" - "Sun Microsystems, Inc." - D:\Java\lib\deploy\jqs\ie\jqs_plugin.dll

{B4F3A835-0E21-4959-BA22-42B3008E02FF} "Office Document Cache Handler" - "Microsoft Corporation" - D:\MICROS~1\Office14\URLREDIR.DLL

{39EA7695-B3F2-4C44-A4BC-297ADA8FD235} "Sophos Web Content Scanner" - "Sophos Plc" - C:\Programme\Sophos\Sophos Anti-Virus\SophosBHO.dll

{9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live Anmelde-Hilfsprogramm" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
 

[Logon]

-----( %AllUsersProfile%\Startmenü\Programme\Autostart )-----

"desktop.ini" - ? - C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\desktop.ini

"VPN Client.lnk" - "Cisco Systems, Inc." - D:\Cisco VPN Client\vpngui.exe  (Shortcut exists | File exists)

-----( %UserProfile%\Startmenü\Programme\Autostart )-----

"desktop.ini" - ? - C:\Dokumente und Einstellungen\Blimsch\Startmenü\Programme\Autostart\desktop.ini

"Dropbox.lnk" - "Dropbox, Inc." - C:\Dokumente und Einstellungen\Blimsch\Anwendungsdaten\Dropbox\bin\Dropbox.exe  (Shortcut exists | File exists)

"Multidesk Desktop Manager.lnk" - "smartcoder.net software development" - D:\Multidesk\MultiDesk.exe  (Shortcut exists | File exists)

-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----

"DAEMON Tools Lite" - "DT Soft Ltd" - "D:\DAEMON Tools Lite\DTLite.exe" -autorun

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----

"FreePDF Assistant" - "shbox.de" - C:\Programme\FreePDF_XP\fpassist.exe

"Malwarebytes' Anti-Malware" - "Malwarebytes Corporation" - "D:\Malwarebytes Anti-Malware\mbamgui.exe" /starttray

"nwiz" - "NVIDIA Corporation" - nwiz.exe /install

"Sophos AutoUpdate Monitor" - "Sophos Plc" - C:\Programme\Sophos\AutoUpdate\almon.exe

"SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe"
 

[Print Monitors]

-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----

"Redirected Port" - ? - C:\WINDOWS\system32\redmonnt.dll  (File found, but it contains no detailed information)
 

[Services]

-----( HKLM\SYSTEM\CurrentControlSet\Services )-----

".NET Runtime Optimization Service v2.0.50727_X86" (clr_optimization_v2.0.50727_32) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

"ASP.NET State Service" (aspnet_state) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe

"Cisco Systems, Inc. VPN Service" (CVPND) - "Cisco Systems, Inc." - D:\Cisco VPN Client\cvpnd.exe

"Java Quick Starter" (JavaQuickStarterService) - "Sun Microsystems, Inc." - D:\Java\bin\jqs.exe

"MBAMService" (MBAMService) - "Malwarebytes Corporation" - D:\Malwarebytes Anti-Malware\mbamservice.exe

"Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

"Microsoft SharePoint Workspace Audit Service" (Microsoft SharePoint Workspace Audit Service) - "Microsoft Corporation" - D:\Microsoft Office\Office14\GROOVE.EXE

"NMSAccess" (NMSAccess) - ? - D:\CDBurnerXP\NMSAccessU.exe  (File found, but it contains no detailed information)

"O&O Defrag Agent" (OODefragAgent) - "O&O Software GmbH" - D:\OO Defrag 14\oodag.exe

"Office  Source Engine" (ose) - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE

"Office Software Protection Platform" (osppsvc) - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

"Sophos Anti-Virus" (SAVService) - "Sophos Plc" - C:\Programme\Sophos\Sophos Anti-Virus\SavService.exe

"Sophos Anti-Virus Statusreporter" (SAVAdminService) - "Sophos Plc" - C:\Programme\Sophos\Sophos Anti-Virus\SAVAdminService.exe

"Sophos AutoUpdate Service" (Sophos AutoUpdate Service) - "Sophos Plc" - C:\Programme\Sophos\AutoUpdate\ALsvc.exe

"Sophos Web Intelligence Service" (swi_service) - "Sophos Plc" - C:\Programme\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe

"STI Simulator" (STI Simulator) - ? - C:\WINDOWS\System32\PAStiSvc.exe  (File signed by Microsoft | File found, but it contains no detailed information)

"TuneUp Designerweiterung" (UxTuneUp) - "TuneUp Software" - C:\WINDOWS\System32\uxtuneup.dll

"TuneUp Drive Defrag-Dienst" (TuneUp.Defrag) - "TuneUp Software" - D:\TuneUp 2010\TuneUpDefragService.exe

"TuneUp Utilities Service" (TuneUp.UtilitiesSvc) - "TuneUp Software" - D:\TuneUp 2010\TuneUpUtilitiesService32.exe

"Windows Presentation Foundation Font Cache 4.0.0.0" (WPFFontCache_v0400) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
 

[Winlogon]

-----( HKCU\Control Panel\IOProcs )-----

"MVB" - ? - mvfs32.dll  (File not found)

-----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify )-----

"WgaLogon" - "Microsoft Corporation" - C:\WINDOWS\system32\WgaLogon.dll
 

===[ Logfile end ]=========================================[ Logfile end ]===
 

--- --- ---
 

--- --- ---
 

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru

Zitat:

(Disabled) "doqsumar" (doqsumar) - ? - C:\WINDOWS\System32\drivers\yfexxuec.sys (File found, but it contains no detailed information)

Du hast den nur deaktiviert, er sollte aber gelöscht werden

das ist mir dann auch aufgefallen, deswegen hab ich mit osam nochmal gescannt und dann gelöscht...

sorry, hatte gestern beim editieren wohl die falsche log kopiert...
hier jetzt die richtige:

OSAM Logfile:

Code:

Report of OSAM: Autorun Manager v5.0.11926.0

hxxp://www.online-solutions.ru/en/

Saved at 22:04:29 on 14.01.2012
 

OS: Windows XP Professional Service Pack 3 (Build 2600)

Default Browser: Mozilla Corporation Firefox 9.0.1
 

Scanner Settings

[x] Rootkits detection (hidden registry)

[x] Rootkits detection (hidden files)

[x] Retrieve files information

[x] Check Microsoft signatures
 

Filters

[ ] Trusted entries

[ ] Empty entries

[x] Hidden registry entries (rootkit activity)

[x] Exclusively opened files

[x] Not found files

[x] Files without detailed information

[x] Existing files

[ ] Non-startable services

[ ] Non-startable drivers

[x] Active entries

[x] Disabled entries
 
 

[Boot Execute]

-----( HKLM\SYSTEM\CurrentControlSet\Control\Session Manager )-----

"BootExecute" - "O&O Software GmbH" - C:\WINDOWS\system32\OODBS.exe
 

[Control Panel Objects]

-----( %SystemRoot%\system32 )-----

"FlashPlayerCPLApp.cpl" - "Adobe Systems Incorporated" - C:\WINDOWS\system32\FlashPlayerCPLApp.cpl

"javacpl.cpl" - "Sun Microsystems, Inc." - C:\WINDOWS\system32\javacpl.cpl

"nvcpl.cpl" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvcpl.cpl

"nvtuicpl.cpl" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvtuicpl.cpl
 

[Drivers]

-----( HKLM\SYSTEM\CurrentControlSet\Services )-----

"ax5qrh51" (ax5qrh51) - "Microsoft Corporation" - C:\WINDOWS\system32\drivers\ax5qrh51.sys  (Hidden registry entry, rootkit activity | File signed by Microsoft)

"catchme" (catchme) - ? - C:\DOKUME~1\Blimsch\LOKALE~1\Temp\catchme.sys  (File not found)

"Changer" (Changer) - ? - C:\WINDOWS\system32\drivers\Changer.sys  (File not found)

"Cisco Systems Inc. IPSec Driver" (CVPNDRVA) - "Cisco Systems, Inc." - C:\WINDOWS\system32\Drivers\CVPNDRVA.sys

"i2omgmt" (i2omgmt) - ? - C:\WINDOWS\system32\drivers\i2omgmt.sys  (File not found)

"lbrtfdc" (lbrtfdc) - ? - C:\WINDOWS\system32\drivers\lbrtfdc.sys  (File not found)

"MBAMProtector" (MBAMProtector) - "Malwarebytes Corporation" - C:\WINDOWS\system32\drivers\mbam.sys

"MSI US54EX Wireless Adapter" (RT73) - ? - C:\WINDOWS\System32\DRIVERS\rt73.sys  (File not found)

"PCIDump" (PCIDump) - ? - C:\WINDOWS\system32\drivers\PCIDump.sys  (File not found)

"PDCOMP" (PDCOMP) - ? - C:\WINDOWS\system32\drivers\PDCOMP.sys  (File not found)

"PDFRAME" (PDFRAME) - ? - C:\WINDOWS\system32\drivers\PDFRAME.sys  (File not found)

"PDRELI" (PDRELI) - ? - C:\WINDOWS\system32\drivers\PDRELI.sys  (File not found)

"PDRFRAME" (PDRFRAME) - ? - C:\WINDOWS\system32\drivers\PDRFRAME.sys  (File not found)

"PxHelp20" (PxHelp20) - "Sonic Solutions" - C:\WINDOWS\System32\Drivers\PxHelp20.sys

"sptd" (sptd) - "Duplex Secure Ltd." - C:\WINDOWS\System32\Drivers\sptd.sys  (File is exclusively opened, access blocked)

"StarOpen" (StarOpen) - ? - C:\WINDOWS\system32\drivers\StarOpen.sys  (File found, but it contains no detailed information)

"TAP-Win32 Adapter OAS" (tapoas) - "The OpenVPN Project" - C:\WINDOWS\System32\DRIVERS\tapoas.sys

"TAP-Win32 Adapter V9" (tap0901) - "The OpenVPN Project" - C:\WINDOWS\System32\DRIVERS\tap0901.sys

"TuneUpUtilitiesDrv" (TuneUpUtilitiesDrv) - "TuneUp Software" - D:\TuneUp 2010\TuneUpUtilitiesDriver32.sys

"vsdatant" (vsdatant) - "Zone Labs LLC" - C:\WINDOWS\system32\vsdatant.sys

"WDICA" (WDICA) - ? - C:\WINDOWS\system32\drivers\WDICA.sys  (File not found)
 

[Explorer]

-----( HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----

{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? -   (File not found | COM-object registry key not found)

{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? -   (File not found | COM-object registry key not found)

{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? -   (File not found | COM-object registry key not found)

{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? -   (File not found | COM-object registry key not found)

-----( HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components )-----

{89B4C1CD-B018-4511-B0A1-5476DBF70820} "StubPath" - "Microsoft Corporation" - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install

-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----

{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" - "The Document Foundation" - D:\LibreOffice\Basis\program\shlxthdl\shlxthdl.dll

-----( HKLM\Software\Classes\Protocols\Filter )-----

{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll

{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll

{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll

{807573E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

-----( HKLM\Software\Classes\Protocols\Handler )-----

{314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll

{828030A1-22C1-4009-854F-8E305202313F} "livecall" - "Microsoft Corporation" - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

{828030A1-22C1-4009-854F-8E305202313F} "msnim" - "Microsoft Corporation" - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )-----

{B5A7F190-DDA6-4420-B3BA-52453494E6CD} "Groove GFS Stub Execution Hook" - "Microsoft Corporation" - D:\MICROS~1\Office14\GROOVEEX.DLL

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----

{3D60EDA7-9AB4-4DA8-864C-D9B5F2E7281D} "Arbeitsbereiche" - "Microsoft Corporation" - D:\MICROS~1\Office14\GROOVEEX.DLL

{A3A1D8A1-006D-4B93-BA27-6F6B4C9C4F1D} "ContextMenuHandler Class" - "Sophos Plc" - C:\Programme\Sophos\Sophos Anti-Virus\SavShellExt.dll

{42071714-76d4-11d1-8b24-00a0c9068ff3} "CPL-Erweiterung für Anzeigeverschiebung" - ? -   (File not found | COM-object registry key not found)

{1CDB2949-8F65-4355-8456-263E7C208A5D} "Desktop Explorer" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvshell.dll

{1E9B04FB-F9E5-4718-997B-B8DA88302A47} "Desktop Explorer Menu" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvshell.dll

{1D2680C9-0E2A-469d-B787-065558BC7D43} "Fusion Cache" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll

{99FD978C-D287-4F50-827F-B2C658EDA8E7} "Groove Explorer Icon Overlay 1 (GFS Unread Stub)" - "Microsoft Corporation" - D:\MICROS~1\Office14\GROOVEEX.DLL

{AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} "Groove Explorer Icon Overlay 2 (GFS Stub)" - "Microsoft Corporation" - D:\MICROS~1\Office14\GROOVEEX.DLL

{920E6DB1-9907-4370-B3A0-BAFC03D81399} "Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)" - "Microsoft Corporation" - D:\MICROS~1\Office14\GROOVEEX.DLL

{16F3DD56-1AF5-4347-846D-7C10C4192619} "Groove Explorer Icon Overlay 3 (GFS Folder)" - "Microsoft Corporation" - D:\MICROS~1\Office14\GROOVEEX.DLL

{2916C86E-86A6-43FE-8112-43ABE6BF8DCC} "Groove Explorer Icon Overlay 4 (GFS Unread Mark)" - "Microsoft Corporation" - D:\MICROS~1\Office14\GROOVEEX.DLL

{2A541AE1-5BF6-4665-A8A3-CFA9672E4291} "Groove Folder Synchronization" - "Microsoft Corporation" - D:\MICROS~1\Office14\GROOVEEX.DLL

{72853161-30C5-4D22-B7F9-0BBC1D38A37E} "Groove GFS Browser Helper" - "Microsoft Corporation" - D:\MICROS~1\Office14\GROOVEEX.DLL

{6C467336-8281-4E60-8204-430CED96822D} "Groove GFS Context Menu Handler" - "Microsoft Corporation" - D:\MICROS~1\Office14\GROOVEEX.DLL

{B5A7F190-DDA6-4420-B3BA-52453494E6CD} "Groove GFS Stub Execution Hook" - "Microsoft Corporation" - D:\MICROS~1\Office14\GROOVEEX.DLL

{A449600E-1DC6-4232-B948-9BD794D62056} "Groove GFS Stub Icon Handler" - "Microsoft Corporation" - D:\MICROS~1\Office14\GROOVEEX.DLL

{387E725D-DC16-4D76-B310-2C93ED4752A0} "Groove XML Icon Handler" - "Microsoft Corporation" - D:\MICROS~1\Office14\GROOVEEX.DLL

{FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} "IE User Assist" - ? -   (File not found | COM-object registry key not found)

{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} "Kontextmenü für die Verschlüsselung" - ? -   (File not found | COM-object registry key not found)

{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - D:\Microsoft Office\Office14\msohevi.dll

{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE14\msoshext.dll

{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE14\msoshext.dll

{1E9B04FB-F9E5-4718-997B-B8DA88302A48} "nView Desktop Context Menu" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvshell.dll

{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "OpenOffice.org Column Handler" - "The Document Foundation" - D:\LibreOffice\Basis\program\shlxthdl\shlxthdl.dll

{087B3AE3-E237-4467-B8DB-5A38AB959AC9} "OpenOffice.org Infotip Handler" - "The Document Foundation" - D:\LibreOffice\Basis\program\shlxthdl\shlxthdl.dll

{63542C48-9552-494A-84F7-73AA6A7C99C1} "OpenOffice.org Property Sheet Handler" - "The Document Foundation" - D:\LibreOffice\Basis\program\shlxthdl\shlxthdl.dll

{3B092F0C-7696-40E3-A80F-68D74DA84210} "OpenOffice.org Thumbnail Viewer" - "The Document Foundation" - D:\LibreOffice\Basis\program\shlxthdl\shlxthdl.dll

{E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} "Shell Icon Handler for Application References" - "Microsoft Corporation" - C:\WINDOWS\system32\dfshim.dll

{764BF0E1-F219-11ce-972D-00AA00A14F56} "Shellerweiterungen für die Dateikomprimierung" - ? -   (File not found | COM-object registry key not found)

{e82a2d71-5b2f-43a0-97b8-81be15854de8} "ShellLink for Application References" - "Microsoft Corporation" - C:\WINDOWS\system32\dfshim.dll

{A7005AF0-D6E8-48AF-8DFA-023B1CF660A7} "TeraCopy" - ? - D:\TeraCopy\TeraCopy.dll  (File found, but it contains no detailed information)

{A8005AF0-D6E8-48AF-8DFA-023B1CF660A7} "TeraCopy" - ? - D:\TeraCopy\TeraCopyExt.dll  (File found, but it contains no detailed information)

{4838CD50-7E5D-4811-9B17-C47A85539F28} "TuneUp Disk Space Explorer Shell Extension" - "TuneUp Software" - D:\TuneUp 2010\DseShExt-x86.dll

{4858E7D9-8E12-45a3-B6A3-1CD128C9D403} "TuneUp Shredder Shell Extension" - "TuneUp Software" - D:\TuneUp 2010\SDShelEx-win32.dll

{44440D00-FF19-4AFC-B765-9A0970567D97} "TuneUp Theme Extension" - "TuneUp Software" - C:\WINDOWS\System32\uxtuneup.dll

{BDEADF00-C265-11D0-BCED-00A0C90AB50F} "Web Folders" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Folders\MSONSEXT.DLL

{B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - "Alexander Roshal" - D:\WinRAR\rarext.dll
 

[Internet Explorer]

-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----

ITBar7Height "ITBar7Height" - ? -   (File not found | COM-object registry key not found)

<binary data> "ITBar7Layout" - ? -   (File not found | COM-object registry key not found)

<binary data> "ITBarLayout" - ? -   (File not found | COM-object registry key not found)

-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----

{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_26" - "Sun Microsystems, Inc." - D:\Java\bin\npjpi160_26.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} "Java Plug-in 1.6.0_26" - "Sun Microsystems, Inc." - D:\Java\bin\npjpi160_26.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_26" - "Sun Microsystems, Inc." - D:\Java\bin\npjpi160_26.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----

{72853161-30C5-4D22-B7F9-0BBC1D38A37E} "Groove GFS Browser Helper" - "Microsoft Corporation" - D:\MICROS~1\Office14\GROOVEEX.DLL

{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - D:\Java\bin\jp2ssv.dll

{E7E6F031-17CE-4C07-BC86-EABFE594F69C} "JQSIEStartDetectorImpl Class" - "Sun Microsystems, Inc." - D:\Java\lib\deploy\jqs\ie\jqs_plugin.dll

{B4F3A835-0E21-4959-BA22-42B3008E02FF} "Office Document Cache Handler" - "Microsoft Corporation" - D:\MICROS~1\Office14\URLREDIR.DLL

{39EA7695-B3F2-4C44-A4BC-297ADA8FD235} "Sophos Web Content Scanner" - "Sophos Plc" - C:\Programme\Sophos\Sophos Anti-Virus\SophosBHO.dll

{9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live Anmelde-Hilfsprogramm" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
 

[Logon]

-----( %AllUsersProfile%\Startmenü\Programme\Autostart )-----

"desktop.ini" - ? - C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\desktop.ini

"VPN Client.lnk" - "Cisco Systems, Inc." - D:\Cisco VPN Client\vpngui.exe  (Shortcut exists | File exists)

-----( %UserProfile%\Startmenü\Programme\Autostart )-----

"desktop.ini" - ? - C:\Dokumente und Einstellungen\Blimsch\Startmenü\Programme\Autostart\desktop.ini

"Dropbox.lnk" - "Dropbox, Inc." - C:\Dokumente und Einstellungen\Blimsch\Anwendungsdaten\Dropbox\bin\Dropbox.exe  (Shortcut exists | File exists)

"Multidesk Desktop Manager.lnk" - "smartcoder.net software development" - D:\Multidesk\MultiDesk.exe  (Shortcut exists | File exists)

-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----

"DAEMON Tools Lite" - "DT Soft Ltd" - "D:\DAEMON Tools Lite\DTLite.exe" -autorun

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----

"FreePDF Assistant" - "shbox.de" - C:\Programme\FreePDF_XP\fpassist.exe

"Malwarebytes' Anti-Malware" - "Malwarebytes Corporation" - "D:\Malwarebytes Anti-Malware\mbamgui.exe" /starttray

"nwiz" - "NVIDIA Corporation" - nwiz.exe /install

"Sophos AutoUpdate Monitor" - "Sophos Plc" - C:\Programme\Sophos\AutoUpdate\almon.exe

"SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe"
 

[Print Monitors]

-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----

"Redirected Port" - ? - C:\WINDOWS\system32\redmonnt.dll  (File found, but it contains no detailed information)
 

[Services]

-----( HKLM\SYSTEM\CurrentControlSet\Services )-----

"ASP.NET State Service" (aspnet_state) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe

"Cisco Systems, Inc. VPN Service" (CVPND) - "Cisco Systems, Inc." - D:\Cisco VPN Client\cvpnd.exe

"Java Quick Starter" (JavaQuickStarterService) - "Sun Microsystems, Inc." - D:\Java\bin\jqs.exe

"MBAMService" (MBAMService) - "Malwarebytes Corporation" - D:\Malwarebytes Anti-Malware\mbamservice.exe

"Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

"Microsoft SharePoint Workspace Audit Service" (Microsoft SharePoint Workspace Audit Service) - "Microsoft Corporation" - D:\Microsoft Office\Office14\GROOVE.EXE

"NMSAccess" (NMSAccess) - ? - D:\CDBurnerXP\NMSAccessU.exe  (File found, but it contains no detailed information)

"O&O Defrag Agent" (OODefragAgent) - "O&O Software GmbH" - D:\OO Defrag 14\oodag.exe

"Office  Source Engine" (ose) - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE

"Office Software Protection Platform" (osppsvc) - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

"Sophos Anti-Virus" (SAVService) - "Sophos Plc" - C:\Programme\Sophos\Sophos Anti-Virus\SavService.exe

"Sophos Anti-Virus Statusreporter" (SAVAdminService) - "Sophos Plc" - C:\Programme\Sophos\Sophos Anti-Virus\SAVAdminService.exe

"Sophos AutoUpdate Service" (Sophos AutoUpdate Service) - "Sophos Plc" - C:\Programme\Sophos\AutoUpdate\ALsvc.exe

"Sophos Web Intelligence Service" (swi_service) - "Sophos Plc" - C:\Programme\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe

"STI Simulator" (STI Simulator) - ? - C:\WINDOWS\System32\PAStiSvc.exe  (File signed by Microsoft | File found, but it contains no detailed information)

"TuneUp Designerweiterung" (UxTuneUp) - "TuneUp Software" - C:\WINDOWS\System32\uxtuneup.dll

"TuneUp Drive Defrag-Dienst" (TuneUp.Defrag) - "TuneUp Software" - D:\TuneUp 2010\TuneUpDefragService.exe

"TuneUp Utilities Service" (TuneUp.UtilitiesSvc) - "TuneUp Software" - D:\TuneUp 2010\TuneUpUtilitiesService32.exe

"Windows Presentation Foundation Font Cache 4.0.0.0" (WPFFontCache_v0400) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
 

[Winlogon]

-----( HKCU\Control Panel\IOProcs )-----

"MVB" - ? - mvfs32.dll  (File not found)

-----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify )-----

"WgaLogon" - "Microsoft Corporation" - C:\WINDOWS\system32\WgaLogon.dll
 

===[ Logfile end ]=========================================[ Logfile end ]===

--- --- ---

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru

Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SASW und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!

Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt:

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

gesagt, getan, hier die drei logs:

Code:

ESETSmartInstaller@High as downloader log:

all ok

# version=7

# OnlineScannerApp.exe=1.0.0.1

# OnlineScanner.ocx=1.0.0.6583

# api_version=3.0.2

# EOSSerial=28380ab7aa5b5b4d94e3ba2064ab7067

# end=finished

# remove_checked=false

# archives_checked=true

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2012-01-12 04:46:22

# local_time=2012-01-12 05:46:22 (+0100, Westeuropäische Normalzeit)

# country="Germany"

# lang=1033

# osver=5.1.2600 NT Service Pack 3

# compatibility_mode=8192 67108863 100 0 3727 3727 0 0

# compatibility_mode=8449 16775126 50 96 78200 139643793 62941 0

# scanned=117359

# found=5

# cleaned=0

# scan_time=2025

C:\Programme\51BCB\lvvm.exe        a variant of Win32/Kryptik.YVH trojan (unable to clean)        00000000000000000000000000000000        I

C:\Programme\D95A2\lvvm.exe        a variant of Win32/Kryptik.YVH trojan (unable to clean)        00000000000000000000000000000000        I

C:\Programme\LP\1546\2.tmp        a variant of Win32/Kryptik.YVH trojan (unable to clean)        00000000000000000000000000000000        I

C:\Programme\LP\1548\018.exe        Win32/Cycbot.AK trojan (unable to clean)        00000000000000000000000000000000        I

C:\Programme\LP\1548\25.tmp        a variant of Win32/Kryptik.YVH trojan (unable to clean)        00000000000000000000000000000000        I

ESETSmartInstaller@High as downloader log:

all ok

# version=7

# OnlineScannerApp.exe=1.0.0.1

# OnlineScanner.ocx=1.0.0.6583

# api_version=3.0.2

# EOSSerial=28380ab7aa5b5b4d94e3ba2064ab7067

# end=stopped

# remove_checked=false

# archives_checked=true

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2012-01-14 02:00:21

# local_time=2012-01-14 03:00:21 (+0100, Westeuropäische Normalzeit)

# country="Germany"

# lang=1033

# osver=5.1.2600 NT Service Pack 3

# compatibility_mode=8192 67108863 100 0 168176 168176 0 0

# compatibility_mode=8449 16775142 50 96 242649 139808242 0 0

# scanned=11480

# found=0

# cleaned=0

# scan_time=418

ESETSmartInstaller@High as downloader log:

all ok

esets_scanner_update returned -1 esets_gle=53251

# version=7

# OnlineScannerApp.exe=1.0.0.1

# OnlineScanner.ocx=1.0.0.6583

# api_version=3.0.2

# EOSSerial=28380ab7aa5b5b4d94e3ba2064ab7067

# end=finished

# remove_checked=false

# archives_checked=true

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2012-01-14 02:46:37

# local_time=2012-01-14 03:46:37 (+0100, Westeuropäische Normalzeit)

# country="Germany"

# lang=1033

# osver=5.1.2600 NT Service Pack 3

# compatibility_mode=8192 67108863 100 0 169159 169159 0 0

# compatibility_mode=8449 16775142 50 96 243632 139809225 0 0

# scanned=124354

# found=12

# cleaned=0

# scan_time=2211

C:\Dokumente und Einstellungen\Blimsch\Anwendungsdaten\602D9\ADF15.exe        a variant of Win32/Kryptik.YVH trojan (unable to clean)        00000000000000000000000000000000        I

C:\Dokumente und Einstellungen\Blimsch\Anwendungsdaten\8CC51\ADF15.exe        a variant of Win32/Kryptik.YVH trojan (unable to clean)        00000000000000000000000000000000        I

C:\Dokumente und Einstellungen\Blimsch\Lokale Einstellungen\Temp\1D.tmp        Win32/Cycbot.AK trojan (unable to clean)        00000000000000000000000000000000        I

C:\Dokumente und Einstellungen\Blimsch\Lokale Einstellungen\Temporary Internet Files\Content.IE5\SX1LKAL2\3[1].exe        Win32/Cycbot.AK trojan (unable to clean)        00000000000000000000000000000000        I

C:\Programme\D95A2\lvvm.exe        a variant of Win32/Kryptik.YXP trojan (unable to clean)        00000000000000000000000000000000        I

F:\_OTL.zip        multiple threats (unable to clean)        00000000000000000000000000000000        I

F:\_OTL\MovedFiles\01142012_003846\C_Programme\51BCB\lvvm.exe        Win32/Cycbot.AK trojan (unable to clean)        00000000000000000000000000000000        I

F:\_OTL\MovedFiles\01142012_003846\C_Programme\D95A2\lvvm.exe        Win32/Cycbot.AK trojan (unable to clean)        00000000000000000000000000000000        I

F:\_OTL\MovedFiles\01142012_003846\C_Programme\LP\1546\2.tmp        a variant of Win32/Kryptik.YVH trojan (unable to clean)        00000000000000000000000000000000        I

F:\_OTL\MovedFiles\01142012_003846\C_Programme\LP\1548\018.exe        Win32/Cycbot.AK trojan (unable to clean)        00000000000000000000000000000000        I

F:\_OTL\MovedFiles\01142012_003846\C_Programme\LP\1548\25.tmp        a variant of Win32/Kryptik.YVH trojan (unable to clean)        00000000000000000000000000000000        I

${Memory}        multiple threats        00000000000000000000000000000000        I

ESETSmartInstaller@High as downloader log:

all ok

# version=7

# OnlineScannerApp.exe=1.0.0.1

# OnlineScanner.ocx=1.0.0.6583

# api_version=3.0.2

# EOSSerial=28380ab7aa5b5b4d94e3ba2064ab7067

# end=finished

# remove_checked=true

# archives_checked=true

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2012-01-14 06:17:47

# local_time=2012-01-14 07:17:47 (+0100, Westeuropäische Normalzeit)

# country="Germany"

# lang=1033

# osver=5.1.2600 NT Service Pack 3

# compatibility_mode=8192 67108863 100 0 181810 181810 0 0

# compatibility_mode=8449 16775126 50 96 11016 139821876 0 0

# scanned=125207

# found=11

# cleaned=11

# scan_time=2227

C:\Qoobox\Quarantine\C\Dokumente und Einstellungen\Blimsch\Anwendungsdaten\602D9\ADF15.exe.vir        a variant of Win32/Kryptik.YVH trojan (cleaned by deleting - quarantined)        00000000000000000000000000000000        C

C:\Qoobox\Quarantine\C\Dokumente und Einstellungen\Blimsch\Anwendungsdaten\8CC51\ADF15.exe.vir        a variant of Win32/Kryptik.YVH trojan (cleaned by deleting - quarantined)        00000000000000000000000000000000        C

C:\Qoobox\Quarantine\C\Programme\D95A2\lvvm.exe.vir        a variant of Win32/Kryptik.YXP trojan (cleaned by deleting - quarantined)        00000000000000000000000000000000        C

C:\Qoobox\Quarantine\C\Programme\LP\1546\018.exe.vir        a variant of Win32/Kryptik.YXP trojan (cleaned by deleting - quarantined)        00000000000000000000000000000000        C

C:\Qoobox\Quarantine\C\Programme\LP\1546\C054.exe.vir        a variant of Win32/Kryptik.YYD trojan (deleted - quarantined)        00000000000000000000000000000000        C

C:\System Volume Information\_restore{914A42D0-607F-4F2E-954B-308F5E5AA82C}\RP131\A0065620.sys        a variant of Win32/Rootkit.Agent.NVG trojan (cleaned by deleting - quarantined)        00000000000000000000000000000000        C

C:\System Volume Information\_restore{914A42D0-607F-4F2E-954B-308F5E5AA82C}\RP131\A0066623.exe        a variant of Win32/Kryptik.YVH trojan (cleaned by deleting - quarantined)        00000000000000000000000000000000        C

C:\System Volume Information\_restore{914A42D0-607F-4F2E-954B-308F5E5AA82C}\RP131\A0067639.exe        Win32/Cycbot.AK trojan (cleaned by deleting - quarantined)        00000000000000000000000000000000        C

C:\System Volume Information\_restore{914A42D0-607F-4F2E-954B-308F5E5AA82C}\RP131\A0067640.exe        Win32/Cycbot.AK trojan (cleaned by deleting - quarantined)        00000000000000000000000000000000        C

C:\System Volume Information\_restore{914A42D0-607F-4F2E-954B-308F5E5AA82C}\RP131\A0067641.exe        Win32/Cycbot.AK trojan (cleaned by deleting - quarantined)        00000000000000000000000000000000        C

C:\System Volume Information\_restore{914A42D0-607F-4F2E-954B-308F5E5AA82C}\RP132\A0068990.exe        a variant of Win32/Kryptik.YXP trojan (cleaned by deleting - quarantined)        00000000000000000000000000000000        C

ESETSmartInstaller@High as downloader log:

all ok

esets_scanner_update returned -1 esets_gle=53251

# version=7

# OnlineScannerApp.exe=1.0.0.1

# OnlineScanner.ocx=1.0.0.6583

# api_version=3.0.2

# EOSSerial=28380ab7aa5b5b4d94e3ba2064ab7067

# end=finished

# remove_checked=true

# archives_checked=true

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2012-01-15 11:41:02

# local_time=2012-01-15 12:41:02 (+0100, Westeuropäische Normalzeit)

# country="Germany"

# lang=1033

# osver=5.1.2600 NT Service Pack 3

# compatibility_mode=8192 67108863 100 0 244313 244313 0 0

# compatibility_mode=8449 16775141 50 96 13284 139884379 0 0

# scanned=121700

# found=5

# cleaned=5

# scan_time=2318

C:\Qoobox\Quarantine\C\Dokumente und Einstellungen\Blimsch\Anwendungsdaten\602D9\ADF15.exe.vir        a variant of Win32/Kryptik.YVH trojan (cleaned by deleting - quarantined)        00000000000000000000000000000000        C

C:\Qoobox\Quarantine\C\Dokumente und Einstellungen\Blimsch\Anwendungsdaten\8CC51\ADF15.exe.vir        a variant of Win32/Kryptik.YVH trojan (cleaned by deleting - quarantined)        00000000000000000000000000000000        C

C:\Qoobox\Quarantine\C\Programme\D95A2\lvvm.exe.vir        a variant of Win32/Kryptik.YXP trojan (cleaned by deleting - quarantined)        00000000000000000000000000000000        C

C:\Qoobox\Quarantine\C\Programme\LP\1546\018.exe.vir        a variant of Win32/Kryptik.YXP trojan (cleaned by deleting - quarantined)        00000000000000000000000000000000        C

C:\Qoobox\Quarantine\C\Programme\LP\1546\C054.exe.vir        a variant of Win32/Kryptik.YYD trojan (deleted - quarantined)        00000000000000000000000000000000        C

ESETSmartInstaller@High as downloader log:

all ok

# version=7

# OnlineScannerApp.exe=1.0.0.1

# OnlineScanner.ocx=1.0.0.6583

# api_version=3.0.2

# EOSSerial=28380ab7aa5b5b4d94e3ba2064ab7067

# end=finished

# remove_checked=false

# archives_checked=true

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2012-01-15 06:24:44

# local_time=2012-01-15 07:24:44 (+0100, Westeuropäische Normalzeit)

# country="Germany"

# lang=1033

# osver=5.1.2600 NT Service Pack 3

# compatibility_mode=8192 67108863 100 0 268536 268536 0 0

# compatibility_mode=8449 16775141 50 96 7143 139908602 0 0

# scanned=121738

# found=5

# cleaned=0

# scan_time=2316

C:\Qoobox\Quarantine\C\Dokumente und Einstellungen\Blimsch\Anwendungsdaten\602D9\ADF15.exe.vir        a variant of Win32/Kryptik.YVH trojan (unable to clean)        00000000000000000000000000000000        I

C:\Qoobox\Quarantine\C\Dokumente und Einstellungen\Blimsch\Anwendungsdaten\8CC51\ADF15.exe.vir        a variant of Win32/Kryptik.YVH trojan (unable to clean)        00000000000000000000000000000000        I

C:\Qoobox\Quarantine\C\Programme\D95A2\lvvm.exe.vir        a variant of Win32/Kryptik.YXP trojan (unable to clean)        00000000000000000000000000000000        I

C:\Qoobox\Quarantine\C\Programme\LP\1546\018.exe.vir        a variant of Win32/Kryptik.YXP trojan (unable to clean)        00000000000000000000000000000000        I

C:\Qoobox\Quarantine\C\Programme\LP\1546\C054.exe.vir        a variant of Win32/Kryptik.YYD trojan (unable to clean)        00000000000000000000000000000000        I

mbam:

Code:

Malwarebytes Anti-Malware (Test) 1.60.0.1800

www.malwarebytes.org
 

Datenbank Version: v2012.01.15.02
 

Windows XP Service Pack 3 x86 NTFS

Internet Explorer 8.0.6001.18702

Blimsch :: BLIMSCHS-PC [Administrator]
 

Schutz: Deaktiviert
 

15.01.2012 19:36:44

mbam-log-2012-01-15 (19-36-44).txt
 

Art des Suchlaufs: Vollständiger Suchlauf

Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM

Deaktivierte Suchlaufeinstellungen: P2P

Durchsuchte Objekte: 199647

Laufzeit: 7 Minute(n), 24 Sekunde(n)
 

Infizierte Speicherprozesse: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Speichermodule: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungsschlüssel: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungswerte: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateiobjekte der Registrierung: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Verzeichnisse: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateien: 0

(Keine bösartigen Objekte gefunden)
 

(Ende)

SUPERAntiSpyware:

Code:

SUPERAntiSpyware Scan Log

hxxp://www.superantispyware.com
 

Generated 01/15/2012 at 08:29 PM
 

Application Version : 5.0.1142
 

Core Rules Database Version : 8134

Trace Rules Database Version: 5946
 

Scan type       : Complete Scan

Total Scan Time : 00:38:54
 

Operating System Information

Windows XP Professional 32-bit, Service Pack 3 (Build 5.01.2600)

Administrator
 

Memory items scanned      : 478

Memory threats detected   : 0

Registry items scanned    : 36744

Registry threats detected : 0

File items scanned        : 166979

File threats detected     : 67
 

Adware.Tracking Cookie

        C:\Dokumente und Einstellungen\Blimsch\Cookies\blimsch@ad.yieldmanager[2].txt [ /ad.yieldmanager ]

        C:\Dokumente und Einstellungen\Blimsch\Cookies\blimsch@advertising[2].txt [ /advertising ]

        C:\Dokumente und Einstellungen\Blimsch\Cookies\blimsch@anrtx.tacoda[1].txt [ /anrtx.tacoda ]

        C:\Dokumente und Einstellungen\Blimsch\Cookies\blimsch@ar.atwola[1].txt [ /ar.atwola ]

        C:\Dokumente und Einstellungen\Blimsch\Cookies\blimsch@at.atwola[1].txt [ /at.atwola ]

        C:\Dokumente und Einstellungen\Blimsch\Cookies\blimsch@atwola[1].txt [ /atwola ]

        C:\Dokumente und Einstellungen\Blimsch\Cookies\blimsch@content.yieldmanager[1].txt [ /content.yieldmanager ]

        C:\Dokumente und Einstellungen\Blimsch\Cookies\blimsch@tacoda.at.atwola[1].txt [ /tacoda.at.atwola ]

        C:\Dokumente und Einstellungen\Blimsch\Cookies\7N90UPEC.txt [ /doubleclick.net ]

        C:\Dokumente und Einstellungen\Blimsch\Cookies\EU2KPEA9.txt [ /atdmt.com ]

        C:\Dokumente und Einstellungen\Blimsch\Cookies\G9PLN8Z5.txt [ /c.atdmt.com ]

        .doubleclick.net [ C:\DOKUMENTE UND EINSTELLUNGEN\ADMINISTRATOR\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\NE26I5RT.DEFAULT\COOKIES.SQLITE ]

        .atdmt.com [ C:\DOKUMENTE UND EINSTELLUNGEN\ADMINISTRATOR\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\NE26I5RT.DEFAULT\COOKIES.SQLITE ]

        .atdmt.com [ C:\DOKUMENTE UND EINSTELLUNGEN\ADMINISTRATOR\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\NE26I5RT.DEFAULT\COOKIES.SQLITE ]

        .h.atdmt.com [ C:\DOKUMENTE UND EINSTELLUNGEN\ADMINISTRATOR\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\NE26I5RT.DEFAULT\COOKIES.SQLITE ]

        .h.atdmt.com [ C:\DOKUMENTE UND EINSTELLUNGEN\ADMINISTRATOR\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\NE26I5RT.DEFAULT\COOKIES.SQLITE ]

        .atdmt.com [ C:\DOKUMENTE UND EINSTELLUNGEN\ADMINISTRATOR\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\NE26I5RT.DEFAULT\COOKIES.SQLITE ]

        .atdmt.com [ C:\DOKUMENTE UND EINSTELLUNGEN\ADMINISTRATOR\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\NE26I5RT.DEFAULT\COOKIES.SQLITE ]

        .h.atdmt.com [ C:\DOKUMENTE UND EINSTELLUNGEN\ADMINISTRATOR\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\NE26I5RT.DEFAULT\COOKIES.SQLITE ]

        .h.atdmt.com [ C:\DOKUMENTE UND EINSTELLUNGEN\ADMINISTRATOR\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\NE26I5RT.DEFAULT\COOKIES.SQLITE ]

        ad.yieldmanager.com [ C:\DOKUMENTE UND EINSTELLUNGEN\ADMINISTRATOR\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\NE26I5RT.DEFAULT\COOKIES.SQLITE ]

        .serving-sys.com [ C:\DOKUMENTE UND EINSTELLUNGEN\ADMINISTRATOR\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\NE26I5RT.DEFAULT\COOKIES.SQLITE ]

        .imrworldwide.com [ C:\DOKUMENTE UND EINSTELLUNGEN\ADMINISTRATOR\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\NE26I5RT.DEFAULT\COOKIES.SQLITE ]

        .imrworldwide.com [ C:\DOKUMENTE UND EINSTELLUNGEN\ADMINISTRATOR\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\NE26I5RT.DEFAULT\COOKIES.SQLITE ]

        .xiti.com [ C:\DOKUMENTE UND EINSTELLUNGEN\ADMINISTRATOR\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\NE26I5RT.DEFAULT\COOKIES.SQLITE ]

        .serving-sys.com [ C:\DOKUMENTE UND EINSTELLUNGEN\ADMINISTRATOR\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\NE26I5RT.DEFAULT\COOKIES.SQLITE ]

        .kontera.com [ C:\DOKUMENTE UND EINSTELLUNGEN\ADMINISTRATOR\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\NE26I5RT.DEFAULT\COOKIES.SQLITE ]

        .legolas-media.com [ C:\DOKUMENTE UND EINSTELLUNGEN\ADMINISTRATOR\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\NE26I5RT.DEFAULT\COOKIES.SQLITE ]

        .legolas-media.com [ C:\DOKUMENTE UND EINSTELLUNGEN\ADMINISTRATOR\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\NE26I5RT.DEFAULT\COOKIES.SQLITE ]

        .legolas-media.com [ C:\DOKUMENTE UND EINSTELLUNGEN\ADMINISTRATOR\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\NE26I5RT.DEFAULT\COOKIES.SQLITE ]

        .legolas-media.com [ C:\DOKUMENTE UND EINSTELLUNGEN\ADMINISTRATOR\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\NE26I5RT.DEFAULT\COOKIES.SQLITE ]

        .invitemedia.com [ C:\DOKUMENTE UND EINSTELLUNGEN\ADMINISTRATOR\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\NE26I5RT.DEFAULT\COOKIES.SQLITE ]

        .invitemedia.com [ C:\DOKUMENTE UND EINSTELLUNGEN\ADMINISTRATOR\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\NE26I5RT.DEFAULT\COOKIES.SQLITE ]

        ad.yieldmanager.com [ C:\DOKUMENTE UND EINSTELLUNGEN\ADMINISTRATOR\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\NE26I5RT.DEFAULT\COOKIES.SQLITE ]

        .invitemedia.com [ C:\DOKUMENTE UND EINSTELLUNGEN\ADMINISTRATOR\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\NE26I5RT.DEFAULT\COOKIES.SQLITE ]

        ad3.adfarm1.adition.com [ C:\DOKUMENTE UND EINSTELLUNGEN\ADMINISTRATOR\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\NE26I5RT.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\DOKUMENTE UND EINSTELLUNGEN\ADMINISTRATOR\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\NE26I5RT.DEFAULT\COOKIES.SQLITE ]

        .tradedoubler.com [ C:\DOKUMENTE UND EINSTELLUNGEN\ADMINISTRATOR\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\NE26I5RT.DEFAULT\COOKIES.SQLITE ]

        .tradedoubler.com [ C:\DOKUMENTE UND EINSTELLUNGEN\ADMINISTRATOR\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\NE26I5RT.DEFAULT\COOKIES.SQLITE ]

        .serving-sys.com [ C:\DOKUMENTE UND EINSTELLUNGEN\ADMINISTRATOR\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\NE26I5RT.DEFAULT\COOKIES.SQLITE ]

        .serving-sys.com [ C:\DOKUMENTE UND EINSTELLUNGEN\ADMINISTRATOR\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\NE26I5RT.DEFAULT\COOKIES.SQLITE ]

        .zanox-affiliate.de [ C:\DOKUMENTE UND EINSTELLUNGEN\ADMINISTRATOR\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\NE26I5RT.DEFAULT\COOKIES.SQLITE ]

        accounts.youtube.com [ C:\DOKUMENTE UND EINSTELLUNGEN\ADMINISTRATOR\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\NE26I5RT.DEFAULT\COOKIES.SQLITE ]

        accounts.youtube.com [ C:\DOKUMENTE UND EINSTELLUNGEN\ADMINISTRATOR\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\NE26I5RT.DEFAULT\COOKIES.SQLITE ]

        accounts.google.com [ C:\DOKUMENTE UND EINSTELLUNGEN\ADMINISTRATOR\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\NE26I5RT.DEFAULT\COOKIES.SQLITE ]

        .accounts.google.com [ C:\DOKUMENTE UND EINSTELLUNGEN\ADMINISTRATOR\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\NE26I5RT.DEFAULT\COOKIES.SQLITE ]

        .accounts.google.com [ C:\DOKUMENTE UND EINSTELLUNGEN\ADMINISTRATOR\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\NE26I5RT.DEFAULT\COOKIES.SQLITE ]

        .accounts.google.com [ C:\DOKUMENTE UND EINSTELLUNGEN\ADMINISTRATOR\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\NE26I5RT.DEFAULT\COOKIES.SQLITE ]

        accounts.youtube.com [ C:\DOKUMENTE UND EINSTELLUNGEN\ADMINISTRATOR\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\NE26I5RT.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\DOKUMENTE UND EINSTELLUNGEN\ADMINISTRATOR\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\NE26I5RT.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\DOKUMENTE UND EINSTELLUNGEN\ADMINISTRATOR\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\NE26I5RT.DEFAULT\COOKIES.SQLITE ]

        .doubleclick.net [ C:\DOKUMENTE UND EINSTELLUNGEN\ADMINISTRATOR\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\NE26I5RT.DEFAULT\COOKIES.SQLITE ]

        .zanox.com [ C:\DOKUMENTE UND EINSTELLUNGEN\ADMINISTRATOR\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\NE26I5RT.DEFAULT\COOKIES.SQLITE ]

        .apmebf.com [ C:\DOKUMENTE UND EINSTELLUNGEN\ADMINISTRATOR\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\NE26I5RT.DEFAULT\COOKIES.SQLITE ]

        .apmebf.com [ C:\DOKUMENTE UND EINSTELLUNGEN\ADMINISTRATOR\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\NE26I5RT.DEFAULT\COOKIES.SQLITE ]

        .fastclick.net [ C:\DOKUMENTE UND EINSTELLUNGEN\ADMINISTRATOR\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\NE26I5RT.DEFAULT\COOKIES.SQLITE ]

        ad.zanox.com [ C:\DOKUMENTE UND EINSTELLUNGEN\ADMINISTRATOR\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\NE26I5RT.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\DOKUMENTE UND EINSTELLUNGEN\ADMINISTRATOR\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\NE26I5RT.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\DOKUMENTE UND EINSTELLUNGEN\ADMINISTRATOR\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\NE26I5RT.DEFAULT\COOKIES.SQLITE ]

        ad2.adfarm1.adition.com [ C:\DOKUMENTE UND EINSTELLUNGEN\ADMINISTRATOR\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\NE26I5RT.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\DOKUMENTE UND EINSTELLUNGEN\ADMINISTRATOR\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\NE26I5RT.DEFAULT\COOKIES.SQLITE ]

        .tradedoubler.com [ C:\DOKUMENTE UND EINSTELLUNGEN\ADMINISTRATOR\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\NE26I5RT.DEFAULT\COOKIES.SQLITE ]

        .tradedoubler.com [ C:\DOKUMENTE UND EINSTELLUNGEN\ADMINISTRATOR\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\NE26I5RT.DEFAULT\COOKIES.SQLITE ]
 

Trojan.Agent/Gen-Kazy[EX]

        C:\QOOBOX\QUARANTINE\C\DOKUMENTE UND EINSTELLUNGEN\BLIMSCH\ANWENDUNGSDATEN\602D9\ADF15.EXE.VIR

        C:\QOOBOX\QUARANTINE\C\DOKUMENTE UND EINSTELLUNGEN\BLIMSCH\ANWENDUNGSDATEN\8CC51\ADF15.EXE.VIR

        C:\QOOBOX\QUARANTINE\C\PROGRAMME\D95A2\LVVM.EXE.VIR
 

Trojan.Agent/Gen-Cycbot

        C:\QOOBOX\QUARANTINE\C\PROGRAMME\LP\1546\018.EXE.VIR

Das ist ok. In C:\Qoobox bzw. C:\_OTL (Q-Ordner von CF und OTL) sind die Schädlinge isoliert und gut aufgehoben.
Der Rest ist nur Cookies, weg damit. Cookies sind keine Schädlinge direkt, aber es besteht die Gefahr der missbräuchlichen Verwendung (eindeutige Wiedererkennung zB für gezielte Werbung o.ä. => HTTP-Cookie )

Rechner soweit wieder im Lot?

ja, soweit ist alles wieder normal.
Das mit den Malware funden dachte ich mir selbst schon.

Die Quarantänedateien können dann ja wohl weg, oder?

Vielen Dank nochmal :)

Dann wären wir durch! :abklatsch:

Die Programme, die hier zum Einsatz kamen, können alle wieder runter. CF kann über Start, Ausführen mit combofix /uninstall entfernt werden. Melde dich falls es da Fehlermeldungen zu gibt.
Malwarebytes zu behalten ist kein Fehler. Kannst ja 1x im Monat damit scannen, aber immer vorher ans Update denken.

Bitte abschließend die Updates prüfen, unten mein Leitfaden dazu. Um in Zukunft die Aktualität der installierten Programme besser im Überblick zu halten, kannst du zB Secunia PSI verwenden.
Für noch mehr Sicherheit solltest Du nach der beseitigten Infektion auch möglichst alle Passwörter ändern.

Microsoftupdate

Windows XP: Besuch mit dem IE die MS-Updateseite und lass Dir alle wichtigen Updates installieren.

Windows Vista/7: Anleitung Windows-Update

PDF-Reader aktualisieren
Ein veralteter AdobeReader stellt ein großes Sicherheitsrisiko dar. Du solltest daher besser alte Versionen vom AdobeReader über Systemsteuerung => Software bzw. Programme und Funktionen deinstallieren, indem Du dort auf "Adobe Reader x.0" klickst und das Programm entfernst. (falls du AdobeReader installiert hast)

Ich empfehle einen alternativen PDF-Reader wie PDF Xchange Viewer, SumatraPDF oder Foxit PDF Reader, die sind sehr viel schlanker und flotter als der AdobeReader.

Bitte überprüf bei der Gelegenheit auch die Aktualität des Flashplayers:

Adobe - Andere Version des Adobe Flash Player installieren

Notfalls kann man auch von Chip.de runterladen => http://filepony.de/?q=Flash+Player

Natürlich auch darauf achten, dass andere installierte Browser wie zB Firefox, Opera oder Chrome aktuell sind.

Java-Update
Veraltete Java-Installationen sind ein Sicherheitsrisiko, daher solltest Du die alten Versionen löschen (falls vorhanden, am besten mit JavaRa) und auf die neuste aktualisieren. Beende dazu alle Programme (v.a. die Browser), klick danach auf Start, Systemsteuerung, Software und deinstalliere darüber alle aufgelisteten Java-Versionen. Lad Dir danach von hier das aktuelle Java SE Runtime Environment (JRE) herunter und installiere es.