Trojaner-Board
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Hilfe, Trojaner pup.dealio auf System entdeckt. Wer kann helfen??? (https://www.trojaner-board.de/94893-hilfe-trojaner-pup-dealio-system-entdeckt-helfen.html)

Flexi99 19.01.2011 21:27
Hilfe, Trojaner pup.dealio auf System entdeckt. Wer kann helfen???
 
Hallo zusammen,
bei meinem regelmäßigen Check habe ich mit Malwarebytes Antimalware den Trojaner pup.dealio entdeckt. Anbei findet ihr die Logfiles von Malwarebytes und OTL. :aufsmaul:

Den Schädling habe ich versucht mittels Malwarebytes zu löschen. Bitte helft mir zu überprüfen, ob mein System wieder sauber ist.

Vielen Dank für eure Hilfe,

Flexi

cosinus 20.01.2011 10:36
Gibt es noch weitere Logs von Malwarebytes? Wenn ja bitte alle posten, die in Malwarebytes im Reiter Logdateien sichtbar sind.

Flexi99 25.01.2011 18:03
Hallo Cosinus,
sorry für die späte Antwort. Anbei mein letzter Log vom 19.1.2011, nachdem ich pop.dealio gelöscht habe.

aktuell läuft noch ein Scan. Der Log folgt dann auch direkt...

Gruß Flexi

Flexi99 25.01.2011 19:52
Hallo Cosinus,
anbei noch der Log vom aktuellen Scan...

Scheint wieder sauber zu sein...

Gruß Flexi

cosinus 25.01.2011 20:40
Beende alle Programme, starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:
:OTL
O4 - HKCU..\Run: [Winsweep]  File not found
O33 - MountPoints2\{1b498004-ecc3-11dd-a4eb-001e6879abde}\Shell - "" = AutoRun
O33 - MountPoints2\{1b498004-ecc3-11dd-a4eb-001e6879abde}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{1b498007-ecc3-11dd-a4eb-001e6879abde}\Shell - "" = AutoRun
O33 - MountPoints2\{1b498007-ecc3-11dd-a4eb-001e6879abde}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{1e8b8418-1b2c-11df-a7c1-001e6879abde}\Shell - "" = AutoRun
O33 - MountPoints2\{1e8b8418-1b2c-11df-a7c1-001e6879abde}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{30a05352-fd65-11de-a77a-001e6879abde}\Shell - "" = AutoRun
O33 - MountPoints2\{30a05352-fd65-11de-a77a-001e6879abde}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{31b7e16a-07b4-11dd-804e-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{31b7e16a-07b4-11dd-804e-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{4b03ccb5-686b-11dd-a351-0050b641fdad}\Shell - "" = AutoRun
O33 - MountPoints2\{4b03ccb5-686b-11dd-a351-0050b641fdad}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{581b3786-0792-11dd-a708-001b24f41381}\Shell - "" = AutoRun
O33 - MountPoints2\{581b3786-0792-11dd-a708-001b24f41381}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{61442cba-67d0-11dd-a34b-0050b641fdad}\Shell - "" = AutoRun
O33 - MountPoints2\{61442cba-67d0-11dd-a34b-0050b641fdad}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{61442cbd-67d0-11dd-a34b-0050b641fdad}\Shell - "" = AutoRun
O33 - MountPoints2\{61442cbd-67d0-11dd-a34b-0050b641fdad}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{948f5057-eca9-11dd-a4ea-001e6879abde}\Shell - "" = AutoRun
O33 - MountPoints2\{948f5057-eca9-11dd-a4ea-001e6879abde}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{9db6ecfc-6857-11dd-a34e-001e6879abde}\Shell - "" = AutoRun
O33 - MountPoints2\{9db6ecfc-6857-11dd-a34e-001e6879abde}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{9db6ecfd-6857-11dd-a34e-001e6879abde}\Shell - "" = AutoRun
O33 - MountPoints2\{9db6ecfd-6857-11dd-a34e-001e6879abde}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{b3536212-96cd-11dd-a407-001e6879abde}\Shell - "" = AutoRun
O33 - MountPoints2\{b3536212-96cd-11dd-a407-001e6879abde}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{b3536213-96cd-11dd-a407-001e6879abde}\Shell - "" = AutoRun
O33 - MountPoints2\{b3536213-96cd-11dd-a407-001e6879abde}\Shell\AutoRun - "" = Auto&Play
[2011.01.04 23:41:33 | 000,000,145 | ---- | M] () -- C:\WINDOWS\System32\imon1.dat
[2010.04.20 20:52:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009.10.20 12:31:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{755AC846-7372-4AC8-8550-C52491DAA8BD}
@Alternate Data Stream - 179 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:C97C8631
@Alternate Data Stream - 125 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:DFC5A2B2
@Alternate Data Stream - 115 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:6BD8DC1C
:Commands
[purity]
[resethosts]
[emptytemp]
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Flexi99 25.01.2011 21:41
Hallo Cosinus,
anbei der Log...

Code:
All processes killed
========== OTL ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Winsweep deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1b498004-ecc3-11dd-a4eb-001e6879abde}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1b498004-ecc3-11dd-a4eb-001e6879abde}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1b498004-ecc3-11dd-a4eb-001e6879abde}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1b498004-ecc3-11dd-a4eb-001e6879abde}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1b498007-ecc3-11dd-a4eb-001e6879abde}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1b498007-ecc3-11dd-a4eb-001e6879abde}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1b498007-ecc3-11dd-a4eb-001e6879abde}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1b498007-ecc3-11dd-a4eb-001e6879abde}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1e8b8418-1b2c-11df-a7c1-001e6879abde}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1e8b8418-1b2c-11df-a7c1-001e6879abde}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1e8b8418-1b2c-11df-a7c1-001e6879abde}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1e8b8418-1b2c-11df-a7c1-001e6879abde}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{30a05352-fd65-11de-a77a-001e6879abde}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{30a05352-fd65-11de-a77a-001e6879abde}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{30a05352-fd65-11de-a77a-001e6879abde}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{30a05352-fd65-11de-a77a-001e6879abde}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{31b7e16a-07b4-11dd-804e-806d6172696f}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{31b7e16a-07b4-11dd-804e-806d6172696f}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{31b7e16a-07b4-11dd-804e-806d6172696f}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{31b7e16a-07b4-11dd-804e-806d6172696f}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4b03ccb5-686b-11dd-a351-0050b641fdad}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4b03ccb5-686b-11dd-a351-0050b641fdad}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4b03ccb5-686b-11dd-a351-0050b641fdad}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4b03ccb5-686b-11dd-a351-0050b641fdad}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{581b3786-0792-11dd-a708-001b24f41381}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{581b3786-0792-11dd-a708-001b24f41381}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{581b3786-0792-11dd-a708-001b24f41381}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{581b3786-0792-11dd-a708-001b24f41381}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{61442cba-67d0-11dd-a34b-0050b641fdad}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{61442cba-67d0-11dd-a34b-0050b641fdad}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{61442cba-67d0-11dd-a34b-0050b641fdad}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{61442cba-67d0-11dd-a34b-0050b641fdad}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{61442cbd-67d0-11dd-a34b-0050b641fdad}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{61442cbd-67d0-11dd-a34b-0050b641fdad}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{61442cbd-67d0-11dd-a34b-0050b641fdad}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{61442cbd-67d0-11dd-a34b-0050b641fdad}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{948f5057-eca9-11dd-a4ea-001e6879abde}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{948f5057-eca9-11dd-a4ea-001e6879abde}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{948f5057-eca9-11dd-a4ea-001e6879abde}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{948f5057-eca9-11dd-a4ea-001e6879abde}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9db6ecfc-6857-11dd-a34e-001e6879abde}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9db6ecfc-6857-11dd-a34e-001e6879abde}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9db6ecfc-6857-11dd-a34e-001e6879abde}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9db6ecfc-6857-11dd-a34e-001e6879abde}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9db6ecfd-6857-11dd-a34e-001e6879abde}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9db6ecfd-6857-11dd-a34e-001e6879abde}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9db6ecfd-6857-11dd-a34e-001e6879abde}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9db6ecfd-6857-11dd-a34e-001e6879abde}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b3536212-96cd-11dd-a407-001e6879abde}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b3536212-96cd-11dd-a407-001e6879abde}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b3536212-96cd-11dd-a407-001e6879abde}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b3536212-96cd-11dd-a407-001e6879abde}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b3536213-96cd-11dd-a407-001e6879abde}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b3536213-96cd-11dd-a407-001e6879abde}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b3536213-96cd-11dd-a407-001e6879abde}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b3536213-96cd-11dd-a407-001e6879abde}\ not found.
C:\WINDOWS\system32\imon1.dat moved successfully.
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{429CAD59-35B1-4DBC-BB6D-1DB246563521}\x86 folder moved successfully.
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{429CAD59-35B1-4DBC-BB6D-1DB246563521} folder moved successfully.
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{755AC846-7372-4AC8-8550-C52491DAA8BD}\x86 folder moved successfully.
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{755AC846-7372-4AC8-8550-C52491DAA8BD} folder moved successfully.
ADS C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:C97C8631 deleted successfully.
ADS C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:DFC5A2B2 deleted successfully.
ADS C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:6BD8DC1C deleted successfully.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
[EMPTYTEMP]
 
User: Administrator
->Temp folder emptied: 9337 bytes
->Temporary Internet Files folder emptied: 179718 bytes
 
User: administrator.xxx
->Temp folder emptied: 402997 bytes
->Temporary Internet Files folder emptied: 464463 bytes
->FireFox cache emptied: 20177706 bytes
 
User: All Users
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32969 bytes
->Flash cache emptied: 41 bytes
 
User: LocalService
->Temp folder emptied: 82513 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: NetworkService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 1302361 bytes
 
User: xxx
->Temp folder emptied: 2110005 bytes
->Temporary Internet Files folder emptied: 1487310 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 42520759 bytes
->Google Chrome cache emptied: 7867545 bytes
->Flash cache emptied: 120499 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 172032 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 66512 bytes
RecycleBin emptied: 4024472533 bytes
 
Total Files Cleaned = 3.912,00 mb
 
 
OTL by OldTimer - Version 3.2.20.5 log created on 01252011_213213

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...
Vielen Dank,

Flexi

cosinus 25.01.2011 21:43
Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Lade dir ComboFix hier herunter auf deinen Desktop. Benenne es beim Runterladen um in cofi.exe.
http://saved.im/mtm0nzyzmzd5/cofi.jpg
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Flexi99 26.01.2011 00:07
Hallo cosinus,
hier der Log von ComoFix:

[code]
Combofix Logfile:
Code:
ComboFix 11-01-24.02 - xxx25.01.2011  23:48:21.2.2 - x86
Microsoft Windows XP Professional  5.1.2600.3.1252.49.1031.18.2046.1369 [GMT 1:00]
ausgeführt von:: c:\dokumente und einstellungen\Vxxx\Desktop\ComboFix.exe
AV: ESET NOD32 antivirus system 2.70 *Enabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
 * Im Speicher befindliches AV aktiv.

.

((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\dokumente und einstellungen\xxx\Anwendungsdaten\EurekaLog
c:\dokumente und einstellungen\xxx\Anwendungsdaten\PriceGong
c:\dokumente und einstellungen\xxx\Anwendungsdaten\PriceGong\Data\mru.xml
c:\windows\system32\Thumbs.db

Infizierte Kopie von c:\windows\system32\autochk.exe wurde gefunden und desinfiziert
Kopie von - c:\windows\system32\dllcache\autochk.exe wurde wiederhergestellt

.
(((((((((((((((((((((((  Dateien erstellt von 2010-12-25 bis 2011-01-25  ))))))))))))))))))))))))))))))
.

2011-01-25 22:53 . 2011-01-25 22:53        17408        ----a-w-        c:\windows\system32\rpcnetp.dll
2011-01-25 22:52 . 2011-01-25 22:52        17408        ----a-w-        c:\windows\system32\rpcnetp.exe
2011-01-25 20:32 . 2011-01-25 20:32        --------        d-----w-        C:\_OTL
2011-01-13 13:32 . 2008-11-25 11:42        30592        -c----w-        c:\windows\system32\dllcache\rndismp.sys
2011-01-13 13:32 . 2011-01-13 13:32        --------        d-----w-        c:\dokumente und einstellungen\xxx\Downloads
2011-01-13 13:19 . 2011-01-13 13:19        --------        d-----w-        c:\dokumente und einstellungen\xxx\Lokale Einstellungen\Anwendungsdaten\TomTom
2011-01-13 13:19 . 2011-01-13 13:19        --------        d-----w-        c:\programme\TomTom International B.V
2011-01-13 13:18 . 2011-01-13 13:19        --------        d-----w-        c:\programme\MyTomTom 3
2011-01-01 15:01 . 2011-01-01 15:07        --------        d-----w-        c:\dokumente und einstellungen\xxx\Anwendungsdaten\WIPE
2011-01-01 15:01 . 2004-03-09 09:00        609824        ----a-w-        c:\windows\system32\Comctl32.ocx
2011-01-01 15:01 . 2007-06-18 16:57        219136        ----a-w-        c:\windows\sqlite3_engine.dll
2011-01-01 15:01 . 2011-01-01 15:01        --------        d-----w-        c:\programme\Wipe 2011
2011-01-01 15:01 . 2007-06-22 01:08        139776        ----a-w-        c:\windows\system32\dhSQLite.dll
2011-01-01 15:01 . 2007-06-18 16:57        219136        ----a-w-        c:\windows\system32\sqlite3_engine.dll
2011-01-01 14:47 . 2011-01-01 14:47        --------        d-----w-        c:\dokumente und einstellungen\xxx\Lokale Einstellungen\Anwendungsdaten\Freeware.de
2011-01-01 14:46 . 2011-01-01 14:46        --------        d-----w-        c:\dokumente und einstellungen\xxx\Anwendungsdaten\OfficeRecovery

.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-01-25 20:37 . 2008-11-21 07:04        44544        ----a-w-        c:\windows\system32\agremove.exe
2010-12-20 17:09 . 2010-11-01 08:19        38224        ----a-w-        c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-20 17:08 . 2010-11-01 08:19        20952        ----a-w-        c:\windows\system32\drivers\mbam.sys
2010-11-18 18:12 . 2008-04-07 16:06        86016        ----a-w-        c:\windows\system32\isign32.dll
2010-11-09 14:51 . 2008-04-07 15:58        249856        ----a-w-        c:\windows\system32\odbc32.dll
2010-11-06 00:27 . 2008-04-07 15:58        832512        ----a-w-        c:\windows\system32\wininet.dll
2010-11-06 00:27 . 2008-04-07 15:58        78336        ----a-w-        c:\windows\system32\ieencode.dll
2010-11-06 00:27 . 2008-04-07 15:58        1830912        ----a-w-        c:\windows\system32\inetcpl.cpl
2010-11-06 00:27 . 2008-04-07 15:58        17408        ----a-w-        c:\windows\system32\corpol.dll
2010-11-03 12:25 . 2008-04-07 15:58        389120        ----a-w-        c:\windows\system32\html.iec
2010-11-02 15:17 . 2008-04-07 15:58        40960        ----a-w-        c:\windows\system32\drivers\ndproxy.sys
2010-11-01 08:13 . 2010-11-01 08:14        96200        ----a-w-        c:\windows\system32\drivers\CDAVFS.sys
2010-10-28 13:12 . 2008-04-07 15:58        290048        ----a-w-        c:\windows\system32\atmfd.dll
.

((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065}"= "c:\programme\softonic-de3\tbsoft.dll" [2010-06-03 2736736]

[HKEY_CLASSES_ROOT\clsid\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065}"= "c:\programme\softonic-de3\tbsoft.dll" [2010-06-03 2736736]

[HKEY_CLASSES_ROOT\clsid\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOSCDSPD"="c:\programme\TOSHIBA\TOSCDSPD\toscdspd.exe" [2005-04-12 65536]
"T-Online_Software_6\WLAN-Access Finder"="c:\programme\T-Online\WLAN-Access Finder\ToWLaAcF.exe" [2008-04-08 671796]
"MyTomTomSA.exe"="c:\programme\MyTomTom 3\MyTomTomSA.exe" [2010-12-10 488840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Toshiba Hotkey Utility"="c:\programme\Toshiba\Windows Utilities\Hotkey.exe" [2008-01-04 1773568]
"TPSMain"="TPSMain.exe" [2008-02-06 271672]
"SmoothView"="c:\programme\TOSHIBA\TOSHIBA Zoom-Dienstprogramm\SmoothView.exe" [2007-05-11 143360]
"DDWMon"="c:\programme\TOSHIBA\TOSHIBA Direct Disc Writer\\ddwmon.exe" [2007-04-26 495616]
"Toshiba Controls Utility"="c:\programme\TOSHIBA\Controls\VolumeIndicator.exe" [2008-02-01 77824]
"nod32kui"="c:\programme\Eset\nod32kui.exe" [2008-07-15 949376]
"TOSUSBSvr"="c:\programme\TOSHIBA\dynadock Utility\TOSUSBSvr.exe" [2007-03-21 258048]
"HP Software Update"="c:\programme\HP\HP Software Update\HPWuSchd2.exe" [2005-05-11 49152]
"AppleSyncNotifier"="c:\programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-04-13 47392]
"UIExec"="c:\programme\T-Mobile Internet Manager 03\UIExec.exe" [2009-03-30 132608]
"Adobe Reader Speed Launcher"="c:\programme\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"QuickTime Task"="c:\programme\QuickTime\qttask.exe" [2010-03-17 421888]
"SunJavaUpdateSched"="c:\programme\Gemeinsame Dateien\Java\Java Update\jusched.exe" [2010-05-14 248552]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"T-Online_Software_6\WLAN-Access Finder"="c:\programme\T-Online\WLAN-Access Finder\ToWLaAcF.exe" [2008-04-08 671796]

c:\dokumente und einstellungen\xxx\Startmen\Programme\Autostart\
Nikon Monitor.lnk - c:\programme\Gemeinsame Dateien\Nikon\Monitor\NkMonitor.exe [N/A]

c:\dokumente und einstellungen\All Users\Startmen\Programme\Autostart\
Audible Download Manager.lnk - c:\programme\Audible\Bin\AudibleDownloadHelper.exe [N/A]
HP Digital Imaging Monitor.lnk - c:\programme\HP\Digital Imaging\bin\hpqtra08.exe [2005-5-11 282624]
Microsoft Office.lnk - c:\programme\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]
VPN Client.lnk - c:\windows\Installer\{08B785C1-3893-4154-B53B-F5D341D0AAAA}\Icon3E5562ED7.ico [2009-12-19 6144]
Windows Search.lnk - c:\programme\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute        REG_MULTI_SZ          autocheck autochk /r \??\C:\0autocheck autochk *

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Programme\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programme\\Mozilla Firefox\\firefox.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Programme\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Programme\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Programme\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Programme\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Programme\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Programme\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Programme\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Programme\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Programme\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Programme\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Programme\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\programme\Microsoft ActiveSync\rapimgr.exe"= c:\programme\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\programme\Microsoft ActiveSync\wcescomm.exe"= c:\programme\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\programme\Microsoft ActiveSync\WCESMgr.exe"= c:\programme\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Programme\\Gemeinsame Dateien\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
"c:\\Programme\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=
"c:\\Programme\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"c:\\Programme\\Bonjour\\mDNSResponder.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R1 nod32drv;nod32drv;c:\windows\system32\drivers\nod32drv.sys [15.07.2008 08:38 15424]
R2 AAV UpdateService;AAV UpdateService;c:\programme\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe [24.10.2008 14:35 128296]
R2 DisplayLinkService;DisplayLink Service;c:\programme\DisplayLink Core Software\DisplayLinkService.exe [27.11.2006 11:20 169568]
R2 MZCCntrl;T-Online WLAN Adapter Steuerungsdienst;c:\programme\Gemeinsame Dateien\Marmiko Shared\MZCCntrl.exe [04.08.2008 11:51 61440]
R2 Start BT in service;Start BT in service;c:\programme\IVT Corporation\BlueSoleil\StartSkysolSvc.exe [19.03.2008 15:52 51816]
R2 tdudf;TOSHIBA UDF File System Driver;c:\windows\system32\drivers\tdudf.sys [26.03.2007 11:22 105856]
R2 trudf;TOSHIBA DVD-RAM UDF File System Driver;c:\windows\system32\drivers\trudf.sys [19.02.2007 11:15 134016]
R2 UI Assistant Service;UI Assistant Service;c:\programme\T-Mobile Internet Manager 03\AssistantServices.exe [16.02.2010 19:54 241664]
R2 vseamps;vseamps;c:\programme\Gemeinsame Dateien\Authentium\AntiVirus5\vseamps.exe [08.04.2010 16:46 117288]
R2 vsedsps;vsedsps;c:\programme\Gemeinsame Dateien\Authentium\AntiVirus5\vsedsps.exe [08.04.2010 16:46 117288]
R2 vseqrts;vseqrts;c:\programme\Gemeinsame Dateien\Authentium\AntiVirus5\vseqrts.exe [08.04.2010 16:46 154152]
R3 CnxtHdAudAddService;Microsoft UAA Function Driver for High Definition Audio Service;c:\windows\system32\drivers\CHDAud.sys [07.04.2008 17:52 732160]
R3 DisplayLinkGA;DisplayLinkGA;c:\windows\system32\drivers\DisplayLinkGAport.sys [24.11.2006 10:29 26208]
R3 DisplayLinkmirror;DisplayLinkmirror;c:\windows\system32\drivers\DisplayLinkmirrorport.sys [27.11.2006 09:25 22752]
R3 DisplayLinkUsbPort;DisplayLink USB Device;c:\windows\system32\drivers\DisplayLinkUsbPort.sys [02.08.2008 22:52 20864]
R3 MACNDIS5;MACNDIS5 NDIS Protocol Driver;c:\progra~1\GEMEIN~1\MARMIK~1\MACNDIS5.SYS [04.08.2008 11:51 17280]
R3 QIOMem;Generic IO & Memory Access;c:\windows\system32\drivers\QIOMem.sys [29.05.2007 10:01 6912]
S0 bgavf;bgavf;c:\windows\system32\drivers\rhmgyuw.sys --> c:\windows\system32\drivers\rhmgyuw.sys [?]
S2 gupdate;Google Update Service (gupdate);c:\programme\Google\Update\GoogleUpdate.exe [25.01.2011 23:16 136176]
S3 azvusb;Virtual USB Hub;c:\windows\system32\drivers\azvusb.sys [24.08.2009 08:14 44544]
S3 CM1063264;C-Media CM106 Like Sound UDAX Interface;c:\windows\system32\drivers\CM106.sys --> c:\windows\system32\drivers\CM106.sys [?]
S3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [03.01.2010 12:52 7680]
S3 O2MDRDR;O2MDRDR;c:\windows\system32\DRIVERS\o2media.sys --> c:\windows\system32\DRIVERS\o2media.sys [?]
S3 ZTEusbnet;ZTE USB-NDIS miniport;c:\windows\system32\drivers\ZTEusbnet.sys [03.01.2010 12:53 110080]
S3 ZTEusbvoice;ZTE VoUSB Port;c:\windows\system32\drivers\zteusbvoice.sys [03.01.2010 12:53 104960]

--- Andere Dienste/Treiber im Speicher ---

*Deregistered* - BMLoad

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper        REG_MULTI_SZ          getPlusHelper
.
Inhalt des "geplante Tasks" Ordners

2011-01-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\programme\Google\Update\GoogleUpdate.exe [2011-01-25 22:16]

2011-01-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programme\Google\Update\GoogleUpdate.exe [2011-01-25 22:16]

2008-07-15 c:\windows\Tasks\Registrierungserinnerung 1.job
- c:\windows\system32\OOBE\oobebaln.exe [2008-04-07 05:52]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2736476
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
FF - ProfilePath - c:\dokumente und einstellungen\xxx\Anwendungsdaten\Mozilla\Firefox\Profiles\thb0f6de.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2736476&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Freeware.de Customized Web Search
FF - prefs.js: browser.startup.homepage - hxxp://www.xxx.de/startseite.html
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\programme\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - c:\programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA} - c:\programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: jqs@sun.com - c:\programme\Java\jre6\lib\deploy\jqs\ff
FF - Ext: PC Sync 2 Synchronisation Extension: bkmrksync@nokia.com - c:\programme\Nokia\Nokia PC Suite 7\bkmrksync
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -

HKLM-Run-ITSecMng - %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe
SafeBoot-WudfPf
SafeBoot-WudfRd
MSConfigStartUp-SUPERAntiSpyware - c:\programme\SUPERAntiSpyware\SUPERAntiSpyware.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2011-01-25 23:54
Windows 5.1.2600 Service Pack 3 NTFS

Scanne versteckte Prozesse...

Scanne versteckte Autostarteinträge...

Scanne versteckte Dateien...


c:\windows\setupapi.log 921 bytes

Scan erfolgreich abgeschlossen
versteckte Dateien: 1

**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------

- - - - - - - > 'winlogon.exe'(1864)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(488)
c:\programme\Windows Desktop Search\deskbar.dll
c:\programme\Windows Desktop Search\de-de\dbres.dll.mui
c:\programme\Windows Desktop Search\dbres.dll
c:\programme\Windows Desktop Search\wordwheel.dll
c:\programme\Windows Desktop Search\de-de\msnlExtRes.dll.mui
c:\programme\Windows Desktop Search\msnlExtRes.dll
c:\windows\system32\WPDShServiceObj.dll
c:\programme\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
c:\programme\Nokia\Nokia PC Suite 7\NGSCM.DLL
c:\programme\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_ger.nlr
c:\programme\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\TPwrCfg.DLL
c:\windows\system32\TPwrReg.dll
c:\windows\system32\TPSTrace.DLL
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\programme\DisplayLink Core Software\DisplayLinkManager.exe
c:\programme\IVT Corporation\BlueSoleil\BTNtService.exe
c:\programme\Bonjour\mDNSResponder.exe
c:\programme\Cisco Systems\VPN Client\cvpnd.exe
c:\programme\Google\Common\Google Updater\GoogleUpdaterService.exe
c:\programme\Java\jre6\bin\jqs.exe
c:\programme\CDBurnerXP\NMSAccessU.exe
c:\programme\Eset\nod32krn.exe
c:\windows\system32\HPZipm12.exe
c:\windows\system32\TODDSrv.exe
c:\programme\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
c:\programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\windows\system32\SearchIndexer.exe
c:\programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\programme\TOSHIBA\TOSHIBA Direct Disc Writer\ddwmon.exe
c:\programme\Microsoft ActiveSync\wcescomm.exe
c:\progra~1\MICROS~4\rapimgr.exe
c:\programme\Gemeinsame Dateien\Marmiko Shared\MWLaMaS.exe
c:\windows\system32\TPSBattM.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\system32\WISPTIS.EXE
c:\programme\HP\Digital Imaging\bin\hpqSTE08.exe
c:\programme\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2011-01-25  23:58:11 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2011-01-25 22:58

Vor Suchlauf: 21 Verzeichnis(se), 152.748.552.192 Bytes frei
Nach Suchlauf: 24 Verzeichnis(se), 152.658.931.712 Bytes frei

- - End Of File - - F969186FABD6238516AAA352BFE586B0
--- --- ---


Vielen Dank,
Flexi

cosinus 26.01.2011 09:25
Bitte mal den Avenger anwenden:

1.) Lade Dir von hier Avenger:
Swandog46's Public Anti-Malware Tools (Download, linksseitig)

2.) Entpack das zip-Archiv, führe die Datei "avenger.exe" aus (unter Vista per Rechtsklick => als Administrator ausführen). Die Haken unten wie abgebildet setzen:

http://mitglied.lycos.de/efunction/tb123/avenger.png

3.) Kopiere Dir exakt die Zeilen aus dem folgenden Code-Feld:
Code:
Files to delete:
c:\windows\system32\rpcnetp.dll
c:\windows\system32\rpcnetp.exe
c:\windows\system32\agremove.exe
c:\windows\system32\drivers\rhmgyuw.sys

Drivers to delete:
bgavf
4.) Geh in "The Avenger" nun oben auf "Load Script", dort auf "Paste from Clipboard".

5.) Der Code-Text hier aus meinem Beitrag müsste nun unter "Input Script here" in "The Avenger" zu sehen sein.

6.) Falls dem so ist, klick unten rechts auf "Execute". Bestätige die nächste Abfrage mit "Ja", die Frage zu "Reboot now" (Neustart des Systems) ebenso.

7.) Nach dem Neustart erhältst Du ein LogFile von Avenger eingeblendet. Kopiere dessen Inhalt und poste ihn hier.

8.) Die Datei c:\avenger\backup.zip bei File-Upload.net hochladen und hier verlinken

Flexi99 27.01.2011 00:49
Hallo Cosinus,
hier erst einmal der Link:
File-Upload.net - backup.zip

Und nun noch der Avenger Logfile:

Logfile of The Avenger Version 2.0, (c) by Swandog46
Swandog46's Public Anti-Malware Tools

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!


Error: file "c:\windows\system32\rpcnetp.dll" not found!
Deletion of file "c:\windows\system32\rpcnetp.dll" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist

File "c:\windows\system32\rpcnetp.exe" deleted successfully.
File "c:\windows\system32\agremove.exe" deleted successfully.

Error: file "c:\windows\system32\drivers\rhmgyuw.sys" not found!
Deletion of file "c:\windows\system32\drivers\rhmgyuw.sys" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist

Driver "bgavf" deleted successfully.

Completed script processing.

*******************

Finished! Terminate.

Gruß Flexi

Flexi99 27.01.2011 00:51
oh, ich glaube das mit dem Verlinken hat nicht richtig geklappt. Wie funktioniert das genau?

cosinus 27.01.2011 09:31
Einfach den Link, den file-upload dir gibt hier komplettt posten

Flexi99 27.01.2011 18:35
Hallo Cosinus,
hier noch einmal der Versuch mit dem Link:

Code:
hxxp://www.file-upload.net/download-3166726/backup.zip.html
Gruß Flexi

cosinus 27.01.2011 19:40
Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.


Downloade Dir danach bitte MBRCheck (by a_d_13) und speichere die Datei auf dem Desktop.
  • Doppelklick auf die MBRCheck.exe.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Das Tool braucht nur einige Sekunden.
  • Danach solltest du eine MBRCheck_<Datum>_<Uhrzeit>.txt auf dem Desktop finden.
Poste mir bitte den Inhalt des .txt Dokumentes

Flexi99 28.01.2011 12:20
Hallo Cosinus,

hier die Logs:

1.Gmer:

[code]
GMER Logfile:
Code:
GMER 1.0.15.15530 - hxxp://www.gmer.net
Rootkit scan 2011-01-28 12:09:07
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 TOSHIBA_ rev.LB01
Running: 8n3hqjeb.exe; Driver: C:\DOKUME~1\xxx~1\LOKALE~1\Temp\uftdypoc.sys


---- System - GMER 1.0.15 ----

SSDT            \??\C:\WINDOWS\system32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)                                                  ZwCreateFile [0x9DCFD930]
SSDT            \??\C:\WINDOWS\system32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)                                                  ZwCreateKey [0x9DD08A80]
SSDT            \??\C:\WINDOWS\system32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)                                                  ZwDeleteFile [0x9DCFDF20]
SSDT            \??\C:\WINDOWS\system32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)                                                  ZwDeleteKey [0x9DD096E0]
SSDT            \??\C:\WINDOWS\system32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)                                                  ZwDeleteValueKey [0x9DD09440]
SSDT            \??\C:\WINDOWS\system32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)                                                  ZwLoadKey [0x9DD098B0]
SSDT            \??\C:\WINDOWS\system32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)                                                  ZwOpenFile [0x9DCFDD70]
SSDT            \??\C:\WINDOWS\system32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)                                                  ZwRenameKey [0x9DD0A250]
SSDT            \??\C:\WINDOWS\system32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)                                                  ZwReplaceKey [0x9DD09CB0]
SSDT            \??\C:\WINDOWS\system32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)                                                  ZwRestoreKey [0x9DD0A080]
SSDT            \??\C:\WINDOWS\system32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)                                                  ZwSetInformationFile [0x9DCFE120]
SSDT            \??\C:\WINDOWS\system32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)                                                  ZwSetValueKey [0x9DD09140]

---- Kernel code sections - GMER 1.0.15 ----

.text          C:\WINDOWS\system32\DRIVERS\ati2mtag.sys                                                                                        section is writeable [0xB861D000, 0x17C7B4, 0xE8000020]

---- User code sections - GMER 1.0.15 ----

.text          C:\WINDOWS\system32\SearchIndexer.exe[468] kernel32.dll!WriteFile                                                              7C810E27 7 Bytes  JMP 00585C0C C:\WINDOWS\system32\MSSRCH.DLL (mssrch.dll/Microsoft Corporation)

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT            \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisRegisterProtocol]                                                        [9DD05CA0] \??\C:\WINDOWS\system32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT            \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisOpenAdapter]                                                            [9DD061C0] \??\C:\WINDOWS\system32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT            \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisCloseAdapter]                                                            [9DD06320] \??\C:\WINDOWS\system32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT            \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisDeregisterProtocol]                                                      [9DD05E10] \??\C:\WINDOWS\system32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT            \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisDeregisterProtocol]                                                        [9DD05E10] \??\C:\WINDOWS\system32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT            \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisRegisterProtocol]                                                          [9DD05CA0] \??\C:\WINDOWS\system32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT            \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisOpenAdapter]                                                              [9DD061C0] \??\C:\WINDOWS\system32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT            \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisCloseAdapter]                                                              [9DD06320] \??\C:\WINDOWS\system32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT            \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisRegisterProtocol]                                                        [9DD05CA0] \??\C:\WINDOWS\system32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT            \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisDeregisterProtocol]                                                      [9DD05E10] \??\C:\WINDOWS\system32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT            \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisCloseAdapter]                                                            [9DD06320] \??\C:\WINDOWS\system32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT            \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisOpenAdapter]                                                              [9DD061C0] \??\C:\WINDOWS\system32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT            \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisCloseAdapter]                                                              [9DD06320] \??\C:\WINDOWS\system32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT            \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisOpenAdapter]                                                                [9DD061C0] \??\C:\WINDOWS\system32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT            \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisRegisterProtocol]                                                          [9DD05CA0] \??\C:\WINDOWS\system32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT            \SystemRoot\system32\DRIVERS\tcpip.sys[TDI.SYS!TdiRegisterDeviceObject]                                                        [BA340FE6] BMLoad.sys (Bytemobile Kernel Driver Loader/Bytemobile, Inc.)
IAT            \SystemRoot\system32\DRIVERS\netbt.sys[TDI.SYS!TdiRegisterDeviceObject]                                                        [BA340FE6] BMLoad.sys (Bytemobile Kernel Driver Loader/Bytemobile, Inc.)
IAT            \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisDeregisterProtocol]                                                        [9DD05E10] \??\C:\WINDOWS\system32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT            \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisRegisterProtocol]                                                          [9DD05CA0] \??\C:\WINDOWS\system32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT            \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisOpenAdapter]                                                              [9DD061C0] \??\C:\WINDOWS\system32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT            \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisCloseAdapter]                                                              [9DD06320] \??\C:\WINDOWS\system32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT            \SystemRoot\system32\DRIVERS\arp1394.sys[NDIS.SYS!NdisCloseAdapter]                                                            [9DD06320] \??\C:\WINDOWS\system32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT            \SystemRoot\system32\DRIVERS\arp1394.sys[NDIS.SYS!NdisOpenAdapter]                                                              [9DD061C0] \??\C:\WINDOWS\system32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT            \SystemRoot\system32\DRIVERS\arp1394.sys[NDIS.SYS!NdisDeregisterProtocol]                                                      [9DD05E10] \??\C:\WINDOWS\system32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT            \SystemRoot\system32\DRIVERS\arp1394.sys[NDIS.SYS!NdisRegisterProtocol]                                                        [9DD05CA0] \??\C:\WINDOWS\system32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT            \SystemRoot\system32\DRIVERS\nwlnkipx.sys[NDIS.SYS!NdisDeregisterProtocol]                                                      [9DD05E10] \??\C:\WINDOWS\system32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT            \SystemRoot\system32\DRIVERS\nwlnkipx.sys[NDIS.SYS!NdisCloseAdapter]                                                            [9DD06320] \??\C:\WINDOWS\system32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT            \SystemRoot\system32\DRIVERS\nwlnkipx.sys[NDIS.SYS!NdisOpenAdapter]                                                            [9DD061C0] \??\C:\WINDOWS\system32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT            \SystemRoot\system32\DRIVERS\nwlnkipx.sys[NDIS.SYS!NdisRegisterProtocol]                                                        [9DD05CA0] \??\C:\WINDOWS\system32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT            \SystemRoot\system32\DRIVERS\nwlnkipx.sys[TDI.SYS!TdiRegisterDeviceObject]                                                      [BA340FE6] BMLoad.sys (Bytemobile Kernel Driver Loader/Bytemobile, Inc.)
IAT            \SystemRoot\system32\DRIVERS\nwlnknb.sys[TDI.SYS!TdiRegisterDeviceObject]                                                      [BA340FE6] BMLoad.sys (Bytemobile Kernel Driver Loader/Bytemobile, Inc.)
IAT            \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisRegisterProtocol]                                                        [9DD05CA0] \??\C:\WINDOWS\system32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT            \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisDeregisterProtocol]                                                      [9DD05E10] \??\C:\WINDOWS\system32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT            \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisCloseAdapter]                                                            [9DD06320] \??\C:\WINDOWS\system32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT            \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisOpenAdapter]                                                              [9DD061C0] \??\C:\WINDOWS\system32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT            \SystemRoot\system32\DRIVERS\nwlnkspx.sys[TDI.SYS!TdiRegisterDeviceObject]                                                      [BA340FE6] BMLoad.sys (Bytemobile Kernel Driver Loader/Bytemobile, Inc.)

---- User IAT/EAT - GMER 1.0.15 ----

IAT            C:\Programme\Cisco Systems\VPN Client\cvpnd.exe[1848] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!GetProcAddress]            [01172BC8] C:\WINDOWS\system32\VSINIT.dll (TrueVector Service/Zone Labs, LLC)
IAT            C:\Programme\Cisco Systems\VPN Client\cvpnd.exe[1848] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!UnhandledExceptionFilter]  [01172CE9] C:\WINDOWS\system32\VSINIT.dll (TrueVector Service/Zone Labs, LLC)
IAT            C:\Programme\Cisco Systems\VPN Client\cvpnd.exe[1848] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!TerminateProcess]          [01172CB8] C:\WINDOWS\system32\VSINIT.dll (TrueVector Service/Zone Labs, LLC)

---- Devices - GMER 1.0.15 ----

AttachedDevice  \FileSystem\Ntfs \Ntfs                                                                                                          amon.sys (Amon monitor/Eset )

Device          \Driver\Tcpip \Device\Ip                                                                                                        vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
Device          \Driver\Tcpip \Device\Tcp                                                                                                      vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)

AttachedDevice  \Driver\Tcpip \Device\Tcp                                                                                                      tcpipBM.SYS (Bytemobile Kernel Network Provider/Bytemobile, Inc.)

Device          \Driver\Tcpip \Device\Udp                                                                                                      vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
Device          \Driver\Tcpip \Device\RawIp                                                                                                    vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
Device          \Driver\Tcpip \Device\IPMULTICAST                                                                                              vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)

---- Registry - GMER 1.0.15 ----

Reg            HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32                                             
Reg            HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ThreadingModel                                Apartment
Reg            HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@                                              C:\WINDOWS\system32\OLE32.DLL
Reg            HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@cd042efbbd7f7af1647644e76e06692b              0xC8 0x28 0x51 0xAF ...
Reg            HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32                                             
Reg            HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ThreadingModel                                Apartment
Reg            HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@                                              C:\WINDOWS\system32\OLE32.DLL
Reg            HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@bca643cdc5c2726b20d2ecedcc62c59b              0x6A 0x9C 0xD6 0x61 ...
Reg            HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32                                             
Reg            HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ThreadingModel                                Apartment
Reg            HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@                                              C:\WINDOWS\system32\OLE32.DLL
Reg            HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@2c81e34222e8052573023a60d06dd016              0xFF 0x7C 0x85 0xE0 ...
Reg            HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32                                             
Reg            HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ThreadingModel                                Apartment
Reg            HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@                                              C:\WINDOWS\system32\OLE32.DLL
Reg            HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@2582ae41fb52324423be06337561aa48              0x86 0x8C 0x21 0x01 ...
Reg            HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32                                             
Reg            HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ThreadingModel                                Apartment
Reg            HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@                                              C:\WINDOWS\system32\OLE32.DLL
Reg            HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@caaeda5fd7a9ed7697d9686d4b818472              0xCD 0x44 0xCD 0xB9 ...
Reg            HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32                                             
Reg            HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ThreadingModel                                Apartment
Reg            HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@                                              C:\WINDOWS\system32\OLE32.DLL
Reg            HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@a4a1bcf2cc2b8bc3716b74b2b4522f5d              0xB0 0x18 0xED 0xA7 ...
Reg            HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32                                             
Reg            HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ThreadingModel                                Apartment
Reg            HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@                                              C:\WINDOWS\system32\OLE32.DLL
Reg            HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@4d370831d2c43cd13623e232fed27b7b              0xFB 0xA7 0x78 0xE6 ...
Reg            HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32                                             
Reg            HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ThreadingModel                                Apartment
Reg            HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@                                              C:\WINDOWS\system32\OLE32.DLL
Reg            HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@1d68fe701cdea33e477eb204b76f993d              0x01 0x3A 0x48 0xFC ...
Reg            HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32                                             
Reg            HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ThreadingModel                                Apartment
Reg            HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@                                              C:\WINDOWS\system32\OLE32.DLL
Reg            HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@1fac81b91d8e3c5aa4b0a51804d844a3              0xF6 0x0F 0x4E 0x58 ...
Reg            HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32                                             
Reg            HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ThreadingModel                                Apartment
Reg            HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@                                              C:\WINDOWS\system32\OLE32.DLL
Reg            HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@f5f62a6129303efb32fbe080bb27835b              0xB1 0xCD 0x45 0x5A ...
Reg            HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32                                             
Reg            HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ThreadingModel                                Apartment
Reg            HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@                                              C:\WINDOWS\system32\OLE32.DLL
Reg            HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@fd4e2e1a3940b94dceb5a6a021f2e3c6              0xF8 0x31 0x0F 0xA9 ...
Reg            HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32                                             
Reg            HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ThreadingModel                                Apartment
Reg            HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@                                              C:\WINDOWS\system32\OLE32.DLL
Reg            HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@8a8aec57dd6508a385616fbc86791ec2              0xFA 0xEA 0x66 0x7F ...

---- Disk sectors - GMER 1.0.15 ----

Disk            \Device\Harddisk0\DR0                                                                                                          sector 61: copy of MBR
Disk            \Device\Harddisk0\DR0                                                                                                          sector 62: copy of MBR

---- Files - GMER 1.0.15 ----

ADS            C:\System Volume Information\_restore{FE5CEDC8-94E2-47E8-83A9-9852CE7A8F30}\RP226\A0037220.exe:BAK                              22528 bytes executable
ADS            C:\System Volume Information\_restore{FE5CEDC8-94E2-47E8-83A9-9852CE7A8F30}\RP226\A0037346.exe:BAK                              22528 bytes executable
ADS            C:\System Volume Information\_restore{FE5CEDC8-94E2-47E8-83A9-9852CE7A8F30}\RP226\A0037418.exe:BAK                              22528 bytes executable
ADS            C:\System Volume Information\_restore{FE5CEDC8-94E2-47E8-83A9-9852CE7A8F30}\RP226\A0037420.exe:BAK                              22528 bytes executable
ADS            C:\System Volume Information\_restore{FE5CEDC8-94E2-47E8-83A9-9852CE7A8F30}\RP227\A0037505.exe:BAK                              22528 bytes executable
ADS            C:\System Volume Information\_restore{FE5CEDC8-94E2-47E8-83A9-9852CE7A8F30}\RP227\A0038506.exe:BAK                              22528 bytes executable
ADS            C:\WINDOWS\system32\autochk.exe:BAK                                                                                            22528 bytes executable

---- EOF - GMER 1.0.15 ----
--- --- ---


2. OSAM:

Code:
OSAM Logfile:

       
Code:

       
Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 12:16:23 on 28.01.2011

OS: Windows XP Professional Service Pack 3 (Build 2600)
Default Browser: Mozilla Corporation Firefox 3.6.13

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Boot Execute]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Session Manager )-----
"BootExecute" - ? - C:\WINDOWS\system32\autochk.exe  (File found, but it contains no detailed information)

[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"HWSETUP.CPL" - "TOSHIBA Corp." - C:\WINDOWS\system32\HWSETUP.CPL
"infocardcpl.cpl" - "Microsoft Corporation" - C:\WINDOWS\system32\infocardcpl.cpl
"javacpl.cpl" - "Sun Microsystems, Inc." - C:\WINDOWS\system32\javacpl.cpl
"LocalCOM.cpl" - "TOSHIBA CORPORATION" - C:\WINDOWS\system32\LocalCOM.cpl
"Startup.cpl" - ? - C:\WINDOWS\system32\Startup.cpl  (File found, but it contains no detailed information)
"TOSCDSPD.cpl" - ? - C:\WINDOWS\system32\TOSCDSPD.cpl  (File found, but it contains no detailed information)
"TOSUSBCtrlCpl.cpl" - "TOSHIBA" - C:\WINDOWS\system32\TOSUSBCtrlCpl.cpl
"TPwrSave.cpl" - "TOSHIBA Corporation" - C:\WINDOWS\system32\TPwrSave.cpl
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"mlcfg32.cpl" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\MLCFG32.CPL
"NokiaConnectionManager" - "Nokia" - C:\PROGRA~1\Nokia\NOKIAP~1\CONNEC~1.CPL
"QuickTime" - "Apple Inc." - C:\Programme\QuickTime\QTSystem\QuickTime.cpl

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"AMON" (AMON) - "Eset " - C:\WINDOWS\system32\drivers\amon.sys
"Apple Mobile USB Driver" (USBAAPL) - ? - C:\WINDOWS\System32\Drivers\usbaapl.sys  (File not found)
"Bytemobile Boot Time Load Driver" (BMLoad) - "Bytemobile, Inc." - C:\WINDOWS\System32\drivers\BMLoad.sys
"Bytemobile Kernel Network Provider" (tcpipBM) - "Bytemobile, Inc." - C:\WINDOWS\system32\drivers\tcpipBM.sys
"C-Media CM106 Like Sound UDAX Interface" (CM1063264) - ? - C:\WINDOWS\System32\drivers\CM106.sys  (File not found)
"catchme" (catchme) - ? - C:\ComboFix\catchme.sys  (File not found)
"Changer" (Changer) - ? - C:\WINDOWS\system32\drivers\Changer.sys  (File not found)
"Cisco Systems Inc. IPSec Driver" (CVPNDRVA) - "Cisco Systems, Inc." - C:\WINDOWS\system32\Drivers\CVPNDRVA.sys
"Deterministic Network Enhancer Miniport" (DNE) - "Deterministic Networks, Inc." - C:\WINDOWS\System32\DRIVERS\dne2000.sys
"DiBcom DIB7700 based TV tuner device" (mod7700) - "DiBcom SA" - C:\WINDOWS\System32\Drivers\mod7700.sys
"Huawei DataCard USB Modem and USB Serial" (hwdatacard) - ? - C:\WINDOWS\System32\DRIVERS\ewusbmdm.sys  (File not found)
"i2omgmt" (i2omgmt) - ? - C:\WINDOWS\system32\drivers\i2omgmt.sys  (File not found)
"lbrtfdc" (lbrtfdc) - ? - C:\WINDOWS\system32\drivers\lbrtfdc.sys  (File not found)
"MACNDIS5 NDIS Protocol Driver" (MACNDIS5) - "Marmiko IT-Solutions GmbH" - C:\PROGRA~1\GEMEIN~1\MARMIK~1\MACNDIS5.SYS
"nod32drv" (nod32drv) - ? - C:\WINDOWS\system32\drivers\nod32drv.sys  (File found, but it contains no detailed information)
"O2MDRDR" (O2MDRDR) - ? - C:\WINDOWS\System32\DRIVERS\o2media.sys  (File not found)
"PCIDump" (PCIDump) - ? - C:\WINDOWS\system32\drivers\PCIDump.sys  (File not found)
"PDCOMP" (PDCOMP) - ? - C:\WINDOWS\system32\drivers\PDCOMP.sys  (File not found)
"PDFRAME" (PDFRAME) - ? - C:\WINDOWS\system32\drivers\PDFRAME.sys  (File not found)
"PDRELI" (PDRELI) - ? - C:\WINDOWS\system32\drivers\PDRELI.sys  (File not found)
"PDRFRAME" (PDRFRAME) - ? - C:\WINDOWS\system32\drivers\PDRFRAME.sys  (File not found)
"PPdus ASPI Shell" (Afc) - "Arcsoft, Inc." - C:\WINDOWS\System32\drivers\Afc.sys
"PxHelp20" (PxHelp20) - "Sonic Solutions" - C:\WINDOWS\System32\Drivers\PxHelp20.sys
"Quanta HotKey Keyboard Filter Driver" (qkbfiltr) - "Quanta Computer, Inc." - C:\WINDOWS\System32\drivers\qkbfiltr.sys
"Quanta HotKey Mouse Filter Driver" (qmofiltr) - "Quanta Computer, Inc." - C:\WINDOWS\System32\drivers\qmofiltr.sys
"TOSHIBA Writing Engine Filter Driver" (tdcmdpst) - "TOSHIBA Corporation." - C:\WINDOWS\System32\DRIVERS\tdcmdpst.sys
"uftdypoc" (uftdypoc) - ? - C:\DOKUME~1\VOLKER~1\LOKALE~1\Temp\uftdypoc.sys  (Hidden registry entry, rootkit activity | File not found)
"vsdatant" (vsdatant) - "Zone Labs, LLC" - C:\WINDOWS\system32\vsdatant.sys
"WDICA" (WDICA) - ? - C:\WINDOWS\system32\drivers\WDICA.sys  (File not found)

[Explorer]
-----( HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components )-----
{89B4C1CD-B018-4511-B0A1-5476DBF70820} "StubPath" - "Microsoft Corporation" - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.dll
-----( HKLM\Software\Classes\Protocols\Filter )-----
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
{807563E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
-----( HKLM\Software\Classes\Protocols\Handler )-----
{314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll
{0A9007C0-4076-11D3-8789-0000F8105754} "Microsoft Infotech Storage Protocol for IE 4.0" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\MSITSS.DLL
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{23170F69-40C1-278A-1000-000100020000} "7-Zip Shell Extension" - "Igor Pavlov" - C:\Programme\7-Zip\7-zip.dll
{42071714-76d4-11d1-8b24-00a0c9068ff3} "CPL-Erweiterung für Anzeigeverschiebung" - ? - deskpan.dll  (File not found)
{2F5AC606-70CF-461C-BFE1-6063670C3484} "DisplayCplExt Class" - "TOSHIBA Inc." - C:\Programme\Toshiba\TouchED\TouchED.DLL
{1D2680C9-0E2A-469d-B787-065558BC7D43} "Fusion Cache" - "Microsoft Corporation" - c:\WINDOWS\system32\mscoree.dll
{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} "Kontextmenü für die Verschlüsselung" - ? -   (File not found | COM-object registry key not found)
{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Programme\Microsoft Office\Office12\msohevi.dll
{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\OFFICE12\msoshext.dll
{00020D75-0000-0000-C000-000000000046} "Microsoft Office Outlook" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\MLSHEXT.DLL
{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\OFFICE12\msoshext.dll
{49BF5420-FA7F-11cf-8011-00A0C90A8F78} "Mobiles Gerät" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~4\Wcesview.dll
{B089FE88-FB52-11D3-BDF1-0050DA34150D} "NOD32 Context Menu Shell Extension" - ? - C:\Programme\Eset\nodshex.dll  (File found, but it contains no detailed information)
{416651E4-9C3C-11D9-8BDE-F66BAD1E3F3A} "Nokia Phone Browser" - "Nokia" - C:\Programme\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
{0006F045-0000-0000-C000-000000000046} "Outlook File Icon Extension" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\OLKFSTUB.DLL
{E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} "Shell Icon Handler for Application References" - "Microsoft Corporation" - c:\WINDOWS\system32\dfshim.dll
{764BF0E1-F219-11ce-972D-00AA00A14F56} "Shellerweiterungen für die Dateikomprimierung" - ? -   (File not found | COM-object registry key not found)
{e82a2d71-5b2f-43a0-97b8-81be15854de8} "ShellLink for Application References" - "Microsoft Corporation" - c:\WINDOWS\system32\dfshim.dll
{5E2121EE-0300-11D4-8D3B-444553540000} "SimpleShlExt Class" - ? - C:\Programme\ATI Technologies\ATI.ACE\Core-Static\atiacmxx.dll
{BD88A479-9623-4897-8546-BC62B9628F44} "SPTHandler" - ? -   (File not found | COM-object registry key not found)
{F0234336-7585-461E-87C2-3CA93C0BBC36} "Undelete Menu Shell Extension" - "AusLogics, Inc." - C:\PROGRA~1\AUSLOG~1\ershell.dll
{BDEADF00-C265-11D0-BCED-00A0C90AB50F} "Web Folders" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Folders\MSONSEXT.DLL
{13E7F612-F261-4391-BEA2-39DF4F3FA311} "Windows Desktop Search" - "Microsoft Corporation" - C:\Programme\Windows Desktop Search\msnlExt.dll
{da67b8ad-e81b-4c70-9b91b417b5e33527} "Windows Search Shell Service" - ? -   (File not found | COM-object registry key not found)
{B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - "Alexander Roshal" - C:\Programme\WinRAR\rarext.dll

[Internet Explorer]
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
<binary data> "ITBar7Layout" - ? -   (File not found | COM-object registry key not found)
<binary data> "softonic-de3 Toolbar" - "Conduit Ltd." - C:\Programme\softonic-de3\tbsoft.dll
<binary data> "{4B3803EA-5230-4DC3-A7FC-33638F3D3542}" - ? -   (File not found | COM-object registry key not found)
-----( HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks )-----
{CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065} "softonic-de3 Toolbar" - "Conduit Ltd." - C:\Programme\softonic-de3\tbsoft.dll
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
{2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} "ClsidExtension" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~4\INetRepl.dll
{53707962-6F74-2D53-2644-206D7942484F} "ClsidExtension" - "Safer Networking Limited" - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
{2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} "Create Mobile Favorite" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~4\INetRepl.dll
{FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Research" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )-----
{10EDB994-47F8-43F7-AE96-F2EA63E9F90F} "QuickStores-Toolbar" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jp2ssv.dll
{E7E6F031-17CE-4C07-BC86-EABFE594F69C} "JQSIEStartDetectorImpl Class" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
{10EDB994-47F8-43F7-AE96-F2EA63E9F90F} "QuickStores-Toolbar" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
{53707962-6F74-2D53-2644-206D7942484F} "Spybot-S&D IE Protection" - "Safer Networking Limited" - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
{9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live ID Sign-in Helper" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

[Logon]
-----( %AllUsersProfile%\Startmenü\Programme\Autostart )-----
"Audible Download Manager.lnk" - ? - C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Audible Download Manager.lnk  (Shortcut exists | File not found)
"desktop.ini" - ? - C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\desktop.ini
"HP Digital Imaging Monitor.lnk" - "Hewlett-Packard Co." - C:\Programme\HP\Digital Imaging\bin\hpqtra08.exe  (Shortcut exists | File exists)
"Microsoft Office.lnk" - "Microsoft Corporation" - C:\Programme\Microsoft Office\Office\OSA9.EXE  (Shortcut exists | File exists)
"VPN Client.lnk" - "Cisco Systems, Inc." - C:\Programme\Cisco Systems\VPN Client\vpngui.exe  (Shortcut exists | File exists)
-----( %UserProfile%\Startmenü\Programme\Autostart )-----
"desktop.ini" - ? - C:\Dokumente und Einstellungen\xxx\Startmenü\Programme\Autostart\desktop.ini
"Nikon Monitor.lnk" - ? - C:\Dokumente und Einstellungen\xxx\Startmenü\Programme\Autostart\Nikon Monitor.lnk  (Shortcut exists | File not found)
-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----
"H/PC Connection Agent" - "Microsoft Corporation" - "C:\Programme\Microsoft ActiveSync\wcescomm.exe"
"MyTomTomSA.exe" - "TomTom" - "C:\Programme\MyTomTom 3\MyTomTomSA.exe"
"T-Online_Software_6\WLAN-Access Finder" - "Deutsche Telekom AG, Marmiko IT-Solutions GmbH" - C:\Programme\T-Online\WLAN-Access Finder\ToWLaAcF.exe /StartMinimized
"TOSCDSPD" - "TOSHIBA" - C:\Programme\TOSHIBA\TOSCDSPD\toscdspd.exe
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"Adobe ARM" - "Adobe Systems Incorporated" - "C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe"
"Adobe Reader Speed Launcher" - "Adobe Systems Incorporated" - "C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"AppleSyncNotifier" - "Apple Inc." - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleSyncNotifier.exe
"DDWMon" - "TOSHIBA Corporation" - C:\Programme\TOSHIBA\TOSHIBA Direct Disc Writer\\ddwmon.exe
"HP Software Update" - "Hewlett-Packard Co." - C:\Programme\HP\HP Software Update\HPWuSchd2.exe
"nod32kui" - "Eset " - "C:\Programme\Eset\nod32kui.exe" /WAITSERVICE
"QuickTime Task" - "Apple Inc." - "C:\Programme\QuickTime\qttask.exe" -atboottime
"SmoothView" - "TOSHIBA Corporation" - C:\Programme\TOSHIBA\TOSHIBA Zoom-Dienstprogramm\SmoothView.exe
"SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe"
"Toshiba Controls Utility" - "TOSHIBA Inc." - C:\Programme\TOSHIBA\Controls\VolumeIndicator.exe
"Toshiba Hotkey Utility" - "TOSHIBA Inc." - "c:\Programme\Toshiba\Windows Utilities\Hotkey.exe" /lang DE
"TOSUSBSvr" - "TOSHIBA" - C:\Programme\TOSHIBA\dynadock Utility\TOSUSBSvr.exe
"TPSMain" - "TOSHIBA Corporation" - TPSMain.exe
"UIExec" - ? - "C:\Programme\T-Mobile Internet Manager 03\UIExec.exe"  (File found, but it contains no detailed information)

[Print Monitors]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----
"HP Standard TCP/IP Port" - "Hewlett Packard" - C:\WINDOWS\system32\HpTcpMon.dll
"PDFCreator" - ? - C:\WINDOWS\system32\pdfcmnnt.dll  (File found, but it contains no detailed information)
"Toshiba Bluetooth Monitor" - "TOSHIBA CORPORATION." - C:\WINDOWS\system32\tbtmon.dll

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
".NET Runtime Optimization Service v2.0.50727_X86" (clr_optimization_v2.0.50727_32) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
"AAV UpdateService" (AAV UpdateService) - ? - C:\Programme\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe
"ASP.NET-Zustandsdienst" (aspnet_state) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
"BlueSoleil Hid Service" (BlueSoleil Hid Service) - ? - C:\Programme\IVT Corporation\BlueSoleil\BTNtService.exe  (File found, but it contains no detailed information)
"Cisco Systems, Inc. VPN Service" (CVPND) - "Cisco Systems, Inc." - C:\Programme\Cisco Systems\VPN Client\cvpnd.exe
"Dienst "Bonjour"" (Bonjour Service) - "Apple Inc." - C:\Programme\Bonjour\mDNSResponder.exe
"DisplayLink Service" (DisplayLinkService) - "DisplayLink Corp." - C:\Programme\DisplayLink Core Software\DisplayLinkService.exe
"getPlus(R) Helper" (getPlusHelper) - "NOS Microsystems Ltd." - C:\Programme\NOS\bin\getPlus_Helper.dll
"Google Updater Service" (gusvc) - "Google" - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe
"InstallDriver Table Manager" (IDriverT) - "Macrovision Corporation" - c:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
"Java Quick Starter" (JavaQuickStarterService) - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jqs.exe
"Microsoft Office Diagnostics Service" (odserv) - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE
"NMSAccessU" (NMSAccessU) - ? - C:\Programme\CDBurnerXP\NMSAccessU.exe  (File found, but it contains no detailed information)
"NOD32 Kernel Service" (NOD32krn) - "Eset " - C:\Programme\Eset\nod32krn.exe
"Office Source Engine" (ose) - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE
"Pml Driver HPZ12" (Pml Driver HPZ12) - "HP" - C:\WINDOWS\system32\HPZipm12.exe
"ServiceLayer" (ServiceLayer) - "Nokia" - C:\Programme\PC Connectivity Solution\ServiceLayer.exe
"Start BT in service" (Start BT in service) - ? - C:\Programme\IVT Corporation\BlueSoleil\StartSkysolSvc.exe  (File found, but it contains no detailed information)
"T-Online WLAN Adapter Steuerungsdienst" (MZCCntrl) - "Deutsche Telekom AG, Marmiko IT-Solutions GmbH" - C:\Programme\Gemeinsame Dateien\Marmiko Shared\MZCCntrl.exe
"TOSHIBA Bluetooth Service" (TOSHIBA Bluetooth Service) - "TOSHIBA CORPORATION" - c:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
"TOSHIBA Optical Disc Drive Service" (TODDSrv) - "TOSHIBA Corporation" - C:\WINDOWS\system32\TODDSrv.exe
"UI Assistant Service" (UI Assistant Service) - ? - C:\Programme\T-Mobile Internet Manager 03\AssistantServices.exe  (File found, but it contains no detailed information)
"vseamps" (vseamps) - "Authentium, Inc" - C:\Programme\Gemeinsame Dateien\Authentium\AntiVirus5\vseamps.exe
"vsedsps" (vsedsps) - "Authentium, Inc" - C:\Programme\Gemeinsame Dateien\Authentium\AntiVirus5\vsedsps.exe
"vseqrts" (vseqrts) - "Authentium, Inc" - C:\Programme\Gemeinsame Dateien\Authentium\AntiVirus5\vseqrts.exe
"Windows CardSpace" (idsvc) - "Microsoft Corporation" - c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
"Windows Live ID Sign-in Assistant" (wlidsvc) - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WLIDSVC.EXE
"Windows Presentation Foundation Font Cache 3.0.0.0" (FontCache3.0.0.0) - "Microsoft Corporation" - c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe

[Winlogon]
-----( HKCU\Control Panel\IOProcs )-----
"MVB" - ? - mvfs32.dll  (File not found)
-----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify )-----
"WgaLogon" - "Microsoft Corporation" - C:\WINDOWS\system32\WgaLogon.dll

[Winsock Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )-----
"mdnsNSP" - "Apple Inc." - C:\Programme\Bonjour\mdnsNSP.dll
-----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries )-----
"NOD32" - "Eset " - C:\WINDOWS\system32\imon.dll

===[ Logfile end ]=========================================[ Logfile end ]===

--- --- ---

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru
Viele Grüße

Flexi


Alle Zeitangaben in WEZ +1. Es ist jetzt 20:47 Uhr.
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132