Trojaner-Board
Seite 2 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   System Tool auf meinem Rechner (https://www.trojaner-board.de/96661-system-tool-meinem-rechner.html)

cosinus 01.04.2011 14:06
Zitat:
"11c534c4-6686-4829-9181-0c7138c232c4" (11c534c4-6686-4829-9181-0c7138c232c4) - ? - D:\Player\cds300.dll (File not found)
"5461eb35-d328-447b-9da1-7063764bec28" (5461eb35-d328-447b-9da1-7063764bec28) - ? - D:\Player\cds300.dll (File not found)
Bitte mit OSAM nach Anleitung deaktivieren und löschenm

Gargamel456 08.04.2011 06:32
Ok, hat diesmal etwas laenger gedauert...
Hier ist das Logfile über die gelöschten Dateien:

OSAM Logfile:
Code:
Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 22:25:42 on 07.04.2011

OS: Windows XP Home Edition Service Pack 2 (Build 2600)
Default Browser: Mozilla Corporation Firefox 3.6.16

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Common]
-----( %SystemRoot%\Tasks )-----
"BMMTask.job" - ? - C:\PROGRA~1\ThinkPad\UTILIT~1\BMMTASK.EXE  (File found, but it contains no detailed information)
"Google Software Updater.job" - "Google" - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe
"HPpromotions journeysoftware.job" - "hp" - C:\Programme\hp\digital imaging\bin\hp promotions\journeysoftware\HPpromo.exe

[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"IBMJavaPlugin141.cpl" - "IBM" - C:\WINDOWS\system32\IBMJavaPlugin141.cpl
"infocardcpl.cpl" - "Microsoft Corporation" - C:\WINDOWS\system32\infocardcpl.cpl
"javacpl.cpl" - "Sun Microsystems, Inc." - C:\WINDOWS\system32\javacpl.cpl
"PhAudioFilter.cpl" - "Philips Applied Technologies" - C:\WINDOWS\system32\PhAudioFilter.cpl
"tp4ex.cpl" - "IBM Corporation" - C:\WINDOWS\system32\tp4ex.cpl
"TP98.CPL" - "IBM Corp." - C:\WINDOWS\system32\TP98.CPL
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"Avira AntiVir Personal" - "Avira GmbH" - C:\PROGRA~1\Avira\ANTIVI~1\avconfig.cpl
"Avira AntiVir PersonalEdition Classic " - "Avira GmbH" - C:\PROGRA~1\Avira\ANTIVI~1\avconfig.cpl
"Avira AntiVir PersonalEdition Classic Konfiguration" - ? - C:\PROGRA~1\ANTIVI~1\avconfig.cpl  (File not found)
"QuickTime" - "Apple Inc." - C:\Programme\QuickTime\QTSystem\QuickTime.cpl

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"AEGIS Protocol (IEEE 802.1x) v3.1.6.0" (AegisP) - "Meetinghouse Data Communications" - C:\WINDOWS\System32\DRIVERS\AegisP.sys
"ANC" (ANC) - "IBM Corp." - C:\WINDOWS\System32\drivers\ANC.SYS
"Apple Mobile USB Driver" (USBAAPL) - ? - C:\WINDOWS\System32\Drivers\usbaapl.sys  (File not found)
"avgio" (avgio) - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\avgio.sys
"avgntflt" (avgntflt) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\avgntflt.sys
"avipbb" (avipbb) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\avipbb.sys
"Bluetooth-Audiogerät" (btaudio) - ? - C:\WINDOWS\System32\drivers\btaudio.sys  (File not found)
"Bluetooth-Bus-Enumerator" (btkrnl) - ? - C:\WINDOWS\System32\DRIVERS\btkrnl.sys  (File not found)
"Bluetooth-LAN-Zugangsserver" (BTWDNDIS) - ? - C:\WINDOWS\System32\DRIVERS\btwdndis.sys  (File not found)
"btwhid" (btwhid) - ? - C:\WINDOWS\System32\DRIVERS\btwhid.sys  (File not found)
"catchme" (catchme) - ? - C:\DOKUME~1\jana\LOKALE~1\Temp\catchme.sys  (File not found)
"Changer" (Changer) - ? - C:\WINDOWS\system32\drivers\Changer.sys  (File not found)
"drvmcdb" (drvmcdb) - "Sonic Solutions" - C:\WINDOWS\System32\drivers\drvmcdb.sys
"drvnddm" (drvnddm) - "Sonic Solutions" - C:\WINDOWS\System32\drivers\drvnddm.sys
"GEAR ASPI Filter Driver" (GEARAspiWDM) - ? - C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys  (File not found)
"Huawei DataCard USB Modem and USB Serial" (hwdatacard) - ? - C:\WINDOWS\System32\DRIVERS\ewusbmdm.sys  (File not found)
"IBM PSA Access Driver" (psadd) - "Windows (R) 2000 DDK provider" - C:\WINDOWS\system32\Drivers\psadd.sys
"ibmfilter" (ibmfilter) - "IBM" - C:\WINDOWS\system32\drivers\ibmfilter.sys
"IBMTPCHK" (IBMTPCHK) - ? - C:\WINDOWS\System32\drivers\IBMBLDID.SYS  (File found, but it contains no detailed information)
"lbrtfdc" (lbrtfdc) - ? - C:\WINDOWS\system32\drivers\lbrtfdc.sys  (File not found)
"PCIDump" (PCIDump) - ? - C:\WINDOWS\system32\drivers\PCIDump.sys  (File not found)
"PDCOMP" (PDCOMP) - ? - C:\WINDOWS\system32\drivers\PDCOMP.sys  (File not found)
"PDFRAME" (PDFRAME) - ? - C:\WINDOWS\system32\drivers\PDFRAME.sys  (File not found)
"PDRELI" (PDRELI) - ? - C:\WINDOWS\system32\drivers\PDRELI.sys  (File not found)
"PDRFRAME" (PDRFRAME) - ? - C:\WINDOWS\system32\drivers\PDRFRAME.sys  (File not found)
"PMEM" (PMEM) - "Microsoft Corporation" - C:\WINDOWS\SYSTEM32\Drivers\PMEMNT.SYS
"PxHelp20" (PxHelp20) - "Sonic Solutions" - C:\WINDOWS\System32\Drivers\PxHelp20.sys
"QCNDISIF" (QCNDISIF) - "IBM Corporation." - C:\WINDOWS\System32\drivers\qcndisif.SYS
"sdcplh" (sdcplh) - "Macrovision Europe Ltd" - C:\WINDOWS\System32\drivers\sdcplh.sys
"Smapint" (Smapint) - ? - C:\WINDOWS\System32\drivers\Smapint.sys  (File not found)
"sscdbhk5" (sscdbhk5) - "Sonic Solutions" - C:\WINDOWS\System32\drivers\sscdbhk5.sys
"ssmdrv" (ssmdrv) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\ssmdrv.sys
"ssrtln" (ssrtln) - "Sonic Solutions" - C:\WINDOWS\System32\drivers\ssrtln.sys
"TDSMAPI" (TDSMAPI) - ? - C:\WINDOWS\System32\drivers\TDSMAPI.SYS  (File found, but it contains no detailed information)
"tfsnboio" (tfsnboio) - "Sonic Solutions" - C:\WINDOWS\System32\dla\tfsnboio.sys
"tfsncofs" (tfsncofs) - "Sonic Solutions" - C:\WINDOWS\System32\dla\tfsncofs.sys
"tfsndrct" (tfsndrct) - "Sonic Solutions" - C:\WINDOWS\System32\dla\tfsndrct.sys
"tfsndres" (tfsndres) - "Sonic Solutions" - C:\WINDOWS\System32\dla\tfsndres.sys
"tfsnifs" (tfsnifs) - "Sonic Solutions" - C:\WINDOWS\System32\dla\tfsnifs.sys
"tfsnopio" (tfsnopio) - "Sonic Solutions" - C:\WINDOWS\System32\dla\tfsnopio.sys
"tfsnpool" (tfsnpool) - "Sonic Solutions" - C:\WINDOWS\System32\dla\tfsnpool.sys
"tfsnudf" (tfsnudf) - "Sonic Solutions" - C:\WINDOWS\System32\dla\tfsnudf.sys
"tfsnudfa" (tfsnudfa) - "Sonic Solutions" - C:\WINDOWS\System32\dla\tfsnudfa.sys
"TPHKDRV" (TPHKDRV) - "IBM Corporation" - C:\WINDOWS\system32\drivers\TPHKDRV.sys
"TPPWR" (TPPWR) - "IBM Corp." - C:\WINDOWS\System32\drivers\Tppwr.sys
"TSMAPIP" (TSMAPIP) - ? - C:\WINDOWS\System32\drivers\TSMAPIP.SYS  (File found, but it contains no detailed information)
"Virtueller Bluetooth-Kommunikationstreiber" (BTDriver) - ? - C:\WINDOWS\System32\DRIVERS\btport.sys  (File not found)
"WDICA" (WDICA) - ? - C:\WINDOWS\system32\drivers\WDICA.sys  (File not found)
"WIDCOMM USB Bluetooth Driver" (BTWUSB) - ? - C:\WINDOWS\System32\Drivers\btwusb.sys  (File not found)
"WLAN Transport" (s24trans) - "Intel Corporation" - C:\WINDOWS\System32\DRIVERS\s24trans.sys

[Explorer]
-----( HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{BDEADF00-C265-11d0-BCED-00A0C90AB50F} "Webordner" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
-----( HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components )-----
{89B4C1CD-B018-4511-B0A1-5476DBF70820} "StubPath" - "Microsoft Corporation" - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Programme\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll
{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" - ? - C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
-----( HKLM\Software\Classes\Protocols\Filter )-----
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
-----( HKLM\Software\Classes\Protocols\Handler )-----
{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{42071714-76d4-11d1-8b24-00a0c9068ff3} "CPL-Erweiterung für Anzeigeverschiebung" - ? - deskpan.dll  (File not found)
{5CA3D70E-1895-11CF-8E15-001234567890} "DriveLetterAccess" - "Sonic Solutions" - C:\WINDOWS\system32\dla\tfswshx.dll
{1D2680C9-0E2A-469d-B787-065558BC7D43} "Fusion Cache" - "Microsoft Corporation" - c:\WINDOWS\system32\mscoree.dll
{73B24247-042E-4EF5-ADC2-42F62E6FD654} "ICQ Lite Shell Extension" - ? -  (File not found | COM-object registry key not found)
{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} "Kontextmenü für die Verschlüsselung" - ? -  (File not found | COM-object registry key not found)
{32683183-48a0-441b-a342-7c2a440a9478} "Media Band" - ? -  (File not found | COM-object registry key not found)
{7842554E-6BED-11D2-8CDB-B05550C10000} "Monitor" - ? -  (File not found | COM-object registry key not found)
{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "OpenOffice.org Column Handler" - ? - C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{087B3AE3-E237-4467-B8DB-5A38AB959AC9} "OpenOffice.org Infotip Handler" - ? - C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{63542C48-9552-494A-84F7-73AA6A7C99C1} "OpenOffice.org Property Sheet Handler" - ? - C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{3B092F0C-7696-40E3-A80F-68D74DA84210} "OpenOffice.org Thumbnail Viewer" - ? - C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{DEE12703-6333-4D4E-8F34-738C4DCC2E04} "RecordNow! SendToExt" - ? - C:\Programme\IBM RecordNow!\shlext.dll
{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\shlext.dll
{E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} "Shell Icon Handler for Application References" - "Microsoft Corporation" - c:\WINDOWS\system32\dfshim.dll
{764BF0E1-F219-11ce-972D-00AA00A14F56} "Shellerweiterungen für die Dateikomprimierung" - ? -  (File not found | COM-object registry key not found)
{e82a2d71-5b2f-43a0-97b8-81be15854de8} "ShellLink for Application References" - "Microsoft Corporation" - c:\WINDOWS\system32\dfshim.dll
{BDEADF00-C265-11D0-BCED-00A0C90AB50F} "Webordner" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
{B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - ? - C:\Programme\WinRAR\rarext.dll  (File found, but it contains no detailed information)

[Internet Explorer]
-----( HKCU\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars )-----
{32683183-48a0-441b-a342-7c2a440a9478} "{32683183-48a0-441b-a342-7c2a440a9478}" - ? -  (File not found | COM-object registry key not found)
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
<binary data> "ITBarLayout" - ? -  (File not found | COM-object registry key not found)
<binary data> "{855F3B16-6D32-4FE6-8A56-BBB695989046}" - ? -  (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{CAFEEFAC-0014-0001-0000-ABCDEFFEDCBA} "Java Plug-in 1.4.1" - "IBM." - C:\Program Files\IBM\Java141\jre\bin\NPJPI141.dll / hxxp://java.sun.com/products/plugin/1.4.1/jinstall-141-win.cab
{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} "Java Plug-in 1.5.0_06" - "Sun Microsystems, Inc." - C:\Programme\Java\jre1.5.0_06\bin\npjpi150_06.dll / hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_22" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_22.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} "Java Plug-in 1.6.0_22" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_22.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_22" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_22.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
{8FFBE65D-2C9C-4669-84BD-5829DC0B603C} "{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}" - ? -  (File not found | COM-object registry key not found) / hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} "AcroIEHlprObj Class" - "Adobe Systems Incorporated" - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
{5CA3D70E-1895-11CF-8E15-001234567890} "DriveLetterAccess" - "Sonic Solutions" - C:\WINDOWS\system32\dla\tfswshx.dll
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} "Google Toolbar Notifier BHO" - "Google Inc." - C:\Programme\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jp2ssv.dll
{E7E6F031-17CE-4C07-BC86-EABFE594F69C} "JQSIEStartDetectorImpl Class" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
{FC4FAA08-82BE-48A5-921F-1C50AFBA82E0} "{FC4FAA08-82BE-48A5-921F-1C50AFBA82E0}" - ? - C:\WINDOWS\system32\hnetcfgd.dll  (File not found)

[LSA Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Lsa )-----
"Notification packages" - ? - C:\WINDOWS\system32\pwdmon.dll  (File found, but it contains no detailed information)

[Logon]
-----( %AllUsersProfile%\Startmenü\Programme\Autostart )-----
"Adobe Reader - Schnellstart.lnk" - "Adobe Systems Incorporated" - C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe  (Shortcut exists | File exists)
"desktop.ini" - ? - C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\desktop.ini
"Digital Line Detect.lnk" - "BVRP Software" - C:\Program Files\Digital Line Detect\DLG.exe  (Shortcut exists | File exists)
"HP Digital Imaging Monitor.lnk" - "Hewlett-Packard Co." - C:\Programme\HP\Digital Imaging\bin\hpqtra08.exe  (Shortcut exists | File exists)
"HP Image Zone Schnellstart.lnk" - "Hewlett-Packard Co." - C:\Programme\HP\Digital Imaging\bin\hpqthb08.exe  (Shortcut exists | File exists)
-----( %UserProfile%\Startmenü\Programme\Autostart )-----
"desktop.ini" - ? - C:\Dokumente und Einstellungen\jana\Startmenü\Programme\Autostart\desktop.ini
"OpenOffice.org 3.2.lnk" - ? - C:\Programme\OpenOffice.org 3\program\quickstart.exe  (Shortcut exists | File found, but it contains no detailed information | File exists)
-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----
"ibmmessages" - "IBM" - C:\Programme\IBM\Messages By IBM\ibmmessages.exe
"Sony Ericsson PC Suite" - "Sony Ericsson Mobile Communications AB" - "C:\Programme\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" /systray /nologon
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"avgnt" - "Avira GmbH" - "C:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min
"BMMGAG" - "IBM Corp." - RunDll32 C:\PROGRA~1\ThinkPad\UTILIT~1\pwrmonit.dll,StartPwrMonitor
"BMMLREF" - ? - C:\Programme\ThinkPad\Utilities\BMMLREF.EXE  (File found, but it contains no detailed information)
"BMMMONWND" - "IBM Corp." - rundll32.exe C:\PROGRA~1\ThinkPad\UTILIT~1\BatInfEx.dll,BMMAutonomicMonitor
"dla" - "Sonic Solutions" - C:\WINDOWS\system32\dla\tfswctrl.exe
"EZEJMNAP" - "IBM Corp." - C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
"HP Software Update" - "Hewlett-Packard Company" - "C:\Programme\HP\HP Software Update\HPWuSchd2.exe"
"ibmmessages" - "IBM" - C:\Programme\IBM\Messages By IBM\\ibmmessages.exe
"IBMPRC" - "IBM Corp." - C:\IBMTOOLS\UTILS\ibmprc.exe
"QCWLICON" - "IBM Corp." - C:\Programme\ThinkPad\ConnectUtilities\QCWLICON.EXE
"QuickTime Task" - "Apple Inc." - "C:\Programme\QuickTime\qttask.exe" -atboottime
"SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe"
"TP4EX" - "IBM Corporation" - tp4ex.exe
"TPHOTKEY" - ? - C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe  (File found, but it contains no detailed information)
"TPKMAPHELPER" - "IBM Corp." - C:\Programme\ThinkPad\Utilities\TpKmapAp.exe -helper
"UC_Start" - ? - C:\Programme\IBM\Updater\\ucstartup.exe  (File found, but it contains no detailed information)

[Print Monitors]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----
"CutePDF Writer Monitor" - ? - C:\WINDOWS\system32\cpwmon2k.dll  (File found, but it contains no detailed information)

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
".NET Runtime Optimization Service v2.0.50727_X86" (clr_optimization_v2.0.50727_32) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
"Anwendungsverwaltung" (AppMgmt) - ? - C:\WINDOWS\System32\appmgmts.dll  (File not found)
"ASP.NET-Zustandsdienst" (aspnet_state) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
"Avira AntiVir Guard" (AntiVirService) - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\avguard.exe
"Avira AntiVir Planer" (AntiVirSchedulerService) - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\sched.exe
"EvtEng" (EvtEng) - "Intel Corporation" - C:\Programme\Intel\Wireless\Bin\EvtEng.exe
"Google Software Updater" (gusvc) - "Google" - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe
"IBM KCU Service" (TpKmpSVC) - ? - C:\WINDOWS\system32\TpKmpSVC.exe  (File found, but it contains no detailed information)
"IBM PM Service" (IBMPMSVC) - ? - C:\WINDOWS\System32\ibmpmsvc.exe  (File signed by Microsoft | File found, but it contains no detailed information)
"IBM PSA Access Driver Control" (PsaSrv) - ? - C:\WINDOWS\system32\PsaSrv.exe  (File not found)
"IBM Rapid Restore Ultra Service" (IBM Rapid Restore Ultra Service) - ? - C:\Programme\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
"InstallDriver Table Manager" (IDriverT) - "Macrovision Corporation" - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
"Java Quick Starter" (JavaQuickStarterService) - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jqs.exe
"PEVSystemStart" (PEVSystemStart) - ? - C:\cofi\PEV.cfxxe  (File found, but it contains no detailed information)
"Pml Driver HPZ12" (Pml Driver HPZ12) - "HP" - C:\WINDOWS\system32\HPZipm12.exe
"QCONSVC" (QCONSVC) - "IBM Corp." - C:\WINDOWS\System32\QCONSVC.EXE
"RegSrvc" (RegSrvc) - "Intel Corporation" - C:\Programme\Intel\Wireless\Bin\RegSrvc.exe
"Sony Ericsson OMSI download service" (OMSI download service) - ? - C:\Programme\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe  (File found, but it contains no detailed information)
"Spectrum24 Event Monitor" (S24EventMonitor) - "Intel Corporation " - C:\Programme\Intel\Wireless\Bin\S24EvMon.exe
"Windows CardSpace" (idsvc) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
"Windows Presentation Foundation Font Cache 3.0.0.0" (FontCache3.0.0.0) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe

[Winlogon]
-----( HKCU\Control Panel\IOProcs )-----
"MVB" - ? - mvfs32.dll  (File not found)
-----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions )-----
{c6dc5466-785a-11d2-84d0-00c04fb169f7} "Softwareinstallation" - ? - appmgmts.dll  (File not found)
-----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify )-----
"QConGina" - "IBM Corp." - C:\WINDOWS\system32\QConGina.dll
"tphotkey" - ? - C:\WINDOWS\system32\tphklock.dll  (File found, but it contains no detailed information)

===[ Logfile end ]=========================================[ Logfile end ]===
--- --- ---

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru[/HTML]

Hier noch ein aktuelles Logfile:

OSAM Logfile:
Code:
Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 22:32:24 on 07.04.2011

OS: Windows XP Home Edition Service Pack 2 (Build 2600)
Default Browser: Mozilla Corporation Firefox 3.6.16

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Common]
-----( %SystemRoot%\Tasks )-----
"BMMTask.job" - ? - C:\PROGRA~1\ThinkPad\UTILIT~1\BMMTASK.EXE  (File found, but it contains no detailed information)
"Google Software Updater.job" - "Google" - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe
"HPpromotions journeysoftware.job" - "hp" - C:\Programme\hp\digital imaging\bin\hp promotions\journeysoftware\HPpromo.exe

[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"IBMJavaPlugin141.cpl" - "IBM" - C:\WINDOWS\system32\IBMJavaPlugin141.cpl
"infocardcpl.cpl" - "Microsoft Corporation" - C:\WINDOWS\system32\infocardcpl.cpl
"javacpl.cpl" - "Sun Microsystems, Inc." - C:\WINDOWS\system32\javacpl.cpl
"PhAudioFilter.cpl" - "Philips Applied Technologies" - C:\WINDOWS\system32\PhAudioFilter.cpl
"tp4ex.cpl" - "IBM Corporation" - C:\WINDOWS\system32\tp4ex.cpl
"TP98.CPL" - "IBM Corp." - C:\WINDOWS\system32\TP98.CPL
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"Avira AntiVir Personal" - "Avira GmbH" - C:\PROGRA~1\Avira\ANTIVI~1\avconfig.cpl
"Avira AntiVir PersonalEdition Classic " - "Avira GmbH" - C:\PROGRA~1\Avira\ANTIVI~1\avconfig.cpl
"Avira AntiVir PersonalEdition Classic Konfiguration" - ? - C:\PROGRA~1\ANTIVI~1\avconfig.cpl  (File not found)
"QuickTime" - "Apple Inc." - C:\Programme\QuickTime\QTSystem\QuickTime.cpl

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"AEGIS Protocol (IEEE 802.1x) v3.1.6.0" (AegisP) - "Meetinghouse Data Communications" - C:\WINDOWS\System32\DRIVERS\AegisP.sys
"ANC" (ANC) - "IBM Corp." - C:\WINDOWS\System32\drivers\ANC.SYS
"Apple Mobile USB Driver" (USBAAPL) - ? - C:\WINDOWS\System32\Drivers\usbaapl.sys  (File not found)
"avgio" (avgio) - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\avgio.sys
"avgntflt" (avgntflt) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\avgntflt.sys
"avipbb" (avipbb) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\avipbb.sys
"Bluetooth-Audiogerät" (btaudio) - ? - C:\WINDOWS\System32\drivers\btaudio.sys  (File not found)
"Bluetooth-Bus-Enumerator" (btkrnl) - ? - C:\WINDOWS\System32\DRIVERS\btkrnl.sys  (File not found)
"Bluetooth-LAN-Zugangsserver" (BTWDNDIS) - ? - C:\WINDOWS\System32\DRIVERS\btwdndis.sys  (File not found)
"btwhid" (btwhid) - ? - C:\WINDOWS\System32\DRIVERS\btwhid.sys  (File not found)
"catchme" (catchme) - ? - C:\DOKUME~1\jana\LOKALE~1\Temp\catchme.sys  (File not found)
"Changer" (Changer) - ? - C:\WINDOWS\system32\drivers\Changer.sys  (File not found)
"drvmcdb" (drvmcdb) - "Sonic Solutions" - C:\WINDOWS\System32\drivers\drvmcdb.sys
"drvnddm" (drvnddm) - "Sonic Solutions" - C:\WINDOWS\System32\drivers\drvnddm.sys
"GEAR ASPI Filter Driver" (GEARAspiWDM) - ? - C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys  (File not found)
"Huawei DataCard USB Modem and USB Serial" (hwdatacard) - ? - C:\WINDOWS\System32\DRIVERS\ewusbmdm.sys  (File not found)
"IBM PSA Access Driver" (psadd) - "Windows (R) 2000 DDK provider" - C:\WINDOWS\system32\Drivers\psadd.sys
"ibmfilter" (ibmfilter) - "IBM" - C:\WINDOWS\system32\drivers\ibmfilter.sys
"IBMTPCHK" (IBMTPCHK) - ? - C:\WINDOWS\System32\drivers\IBMBLDID.SYS  (File found, but it contains no detailed information)
"lbrtfdc" (lbrtfdc) - ? - C:\WINDOWS\system32\drivers\lbrtfdc.sys  (File not found)
"PCIDump" (PCIDump) - ? - C:\WINDOWS\system32\drivers\PCIDump.sys  (File not found)
"PDCOMP" (PDCOMP) - ? - C:\WINDOWS\system32\drivers\PDCOMP.sys  (File not found)
"PDFRAME" (PDFRAME) - ? - C:\WINDOWS\system32\drivers\PDFRAME.sys  (File not found)
"PDRELI" (PDRELI) - ? - C:\WINDOWS\system32\drivers\PDRELI.sys  (File not found)
"PDRFRAME" (PDRFRAME) - ? - C:\WINDOWS\system32\drivers\PDRFRAME.sys  (File not found)
"PMEM" (PMEM) - "Microsoft Corporation" - C:\WINDOWS\SYSTEM32\Drivers\PMEMNT.SYS
"PxHelp20" (PxHelp20) - "Sonic Solutions" - C:\WINDOWS\System32\Drivers\PxHelp20.sys
"QCNDISIF" (QCNDISIF) - "IBM Corporation." - C:\WINDOWS\System32\drivers\qcndisif.SYS
"sdcplh" (sdcplh) - "Macrovision Europe Ltd" - C:\WINDOWS\System32\drivers\sdcplh.sys
"Smapint" (Smapint) - ? - C:\WINDOWS\System32\drivers\Smapint.sys  (File not found)
"sscdbhk5" (sscdbhk5) - "Sonic Solutions" - C:\WINDOWS\System32\drivers\sscdbhk5.sys
"ssmdrv" (ssmdrv) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\ssmdrv.sys
"ssrtln" (ssrtln) - "Sonic Solutions" - C:\WINDOWS\System32\drivers\ssrtln.sys
"TDSMAPI" (TDSMAPI) - ? - C:\WINDOWS\System32\drivers\TDSMAPI.SYS  (File found, but it contains no detailed information)
"tfsnboio" (tfsnboio) - "Sonic Solutions" - C:\WINDOWS\System32\dla\tfsnboio.sys
"tfsncofs" (tfsncofs) - "Sonic Solutions" - C:\WINDOWS\System32\dla\tfsncofs.sys
"tfsndrct" (tfsndrct) - "Sonic Solutions" - C:\WINDOWS\System32\dla\tfsndrct.sys
"tfsndres" (tfsndres) - "Sonic Solutions" - C:\WINDOWS\System32\dla\tfsndres.sys
"tfsnifs" (tfsnifs) - "Sonic Solutions" - C:\WINDOWS\System32\dla\tfsnifs.sys
"tfsnopio" (tfsnopio) - "Sonic Solutions" - C:\WINDOWS\System32\dla\tfsnopio.sys
"tfsnpool" (tfsnpool) - "Sonic Solutions" - C:\WINDOWS\System32\dla\tfsnpool.sys
"tfsnudf" (tfsnudf) - "Sonic Solutions" - C:\WINDOWS\System32\dla\tfsnudf.sys
"tfsnudfa" (tfsnudfa) - "Sonic Solutions" - C:\WINDOWS\System32\dla\tfsnudfa.sys
"TPHKDRV" (TPHKDRV) - "IBM Corporation" - C:\WINDOWS\system32\drivers\TPHKDRV.sys
"TPPWR" (TPPWR) - "IBM Corp." - C:\WINDOWS\System32\drivers\Tppwr.sys
"TSMAPIP" (TSMAPIP) - ? - C:\WINDOWS\System32\drivers\TSMAPIP.SYS  (File found, but it contains no detailed information)
"Virtueller Bluetooth-Kommunikationstreiber" (BTDriver) - ? - C:\WINDOWS\System32\DRIVERS\btport.sys  (File not found)
"WDICA" (WDICA) - ? - C:\WINDOWS\system32\drivers\WDICA.sys  (File not found)
"WIDCOMM USB Bluetooth Driver" (BTWUSB) - ? - C:\WINDOWS\System32\Drivers\btwusb.sys  (File not found)
"WLAN Transport" (s24trans) - "Intel Corporation" - C:\WINDOWS\System32\DRIVERS\s24trans.sys

[Explorer]
-----( HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{BDEADF00-C265-11d0-BCED-00A0C90AB50F} "Webordner" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
-----( HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components )-----
{89B4C1CD-B018-4511-B0A1-5476DBF70820} "StubPath" - "Microsoft Corporation" - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Programme\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll
{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" - ? - C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
-----( HKLM\Software\Classes\Protocols\Filter )-----
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
-----( HKLM\Software\Classes\Protocols\Handler )-----
{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{42071714-76d4-11d1-8b24-00a0c9068ff3} "CPL-Erweiterung für Anzeigeverschiebung" - ? - deskpan.dll  (File not found)
{5CA3D70E-1895-11CF-8E15-001234567890} "DriveLetterAccess" - "Sonic Solutions" - C:\WINDOWS\system32\dla\tfswshx.dll
{1D2680C9-0E2A-469d-B787-065558BC7D43} "Fusion Cache" - "Microsoft Corporation" - c:\WINDOWS\system32\mscoree.dll
{73B24247-042E-4EF5-ADC2-42F62E6FD654} "ICQ Lite Shell Extension" - ? -  (File not found | COM-object registry key not found)
{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} "Kontextmenü für die Verschlüsselung" - ? -  (File not found | COM-object registry key not found)
{32683183-48a0-441b-a342-7c2a440a9478} "Media Band" - ? -  (File not found | COM-object registry key not found)
{7842554E-6BED-11D2-8CDB-B05550C10000} "Monitor" - ? -  (File not found | COM-object registry key not found)
{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "OpenOffice.org Column Handler" - ? - C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{087B3AE3-E237-4467-B8DB-5A38AB959AC9} "OpenOffice.org Infotip Handler" - ? - C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{63542C48-9552-494A-84F7-73AA6A7C99C1} "OpenOffice.org Property Sheet Handler" - ? - C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{3B092F0C-7696-40E3-A80F-68D74DA84210} "OpenOffice.org Thumbnail Viewer" - ? - C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{DEE12703-6333-4D4E-8F34-738C4DCC2E04} "RecordNow! SendToExt" - ? - C:\Programme\IBM RecordNow!\shlext.dll
{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\shlext.dll
{E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} "Shell Icon Handler for Application References" - "Microsoft Corporation" - c:\WINDOWS\system32\dfshim.dll
{764BF0E1-F219-11ce-972D-00AA00A14F56} "Shellerweiterungen für die Dateikomprimierung" - ? -  (File not found | COM-object registry key not found)
{e82a2d71-5b2f-43a0-97b8-81be15854de8} "ShellLink for Application References" - "Microsoft Corporation" - c:\WINDOWS\system32\dfshim.dll
{BDEADF00-C265-11D0-BCED-00A0C90AB50F} "Webordner" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
{B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - ? - C:\Programme\WinRAR\rarext.dll  (File found, but it contains no detailed information)

[Internet Explorer]
-----( HKCU\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars )-----
{32683183-48a0-441b-a342-7c2a440a9478} "{32683183-48a0-441b-a342-7c2a440a9478}" - ? -  (File not found | COM-object registry key not found)
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
<binary data> "ITBarLayout" - ? -  (File not found | COM-object registry key not found)
<binary data> "{855F3B16-6D32-4FE6-8A56-BBB695989046}" - ? -  (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{CAFEEFAC-0014-0001-0000-ABCDEFFEDCBA} "Java Plug-in 1.4.1" - "IBM." - C:\Program Files\IBM\Java141\jre\bin\NPJPI141.dll / hxxp://java.sun.com/products/plugin/1.4.1/jinstall-141-win.cab
{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} "Java Plug-in 1.5.0_06" - "Sun Microsystems, Inc." - C:\Programme\Java\jre1.5.0_06\bin\npjpi150_06.dll / hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_22" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_22.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} "Java Plug-in 1.6.0_22" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_22.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_22" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_22.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
{8FFBE65D-2C9C-4669-84BD-5829DC0B603C} "{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}" - ? -  (File not found | COM-object registry key not found) / hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} "AcroIEHlprObj Class" - "Adobe Systems Incorporated" - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
{5CA3D70E-1895-11CF-8E15-001234567890} "DriveLetterAccess" - "Sonic Solutions" - C:\WINDOWS\system32\dla\tfswshx.dll
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} "Google Toolbar Notifier BHO" - "Google Inc." - C:\Programme\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jp2ssv.dll
{E7E6F031-17CE-4C07-BC86-EABFE594F69C} "JQSIEStartDetectorImpl Class" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
{FC4FAA08-82BE-48A5-921F-1C50AFBA82E0} "{FC4FAA08-82BE-48A5-921F-1C50AFBA82E0}" - ? - C:\WINDOWS\system32\hnetcfgd.dll  (File not found)

[LSA Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Lsa )-----
"Notification packages" - ? - C:\WINDOWS\system32\pwdmon.dll  (File found, but it contains no detailed information)

[Logon]
-----( %AllUsersProfile%\Startmenü\Programme\Autostart )-----
"Adobe Reader - Schnellstart.lnk" - "Adobe Systems Incorporated" - C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe  (Shortcut exists | File exists)
"desktop.ini" - ? - C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\desktop.ini
"Digital Line Detect.lnk" - "BVRP Software" - C:\Program Files\Digital Line Detect\DLG.exe  (Shortcut exists | File exists)
"HP Digital Imaging Monitor.lnk" - "Hewlett-Packard Co." - C:\Programme\HP\Digital Imaging\bin\hpqtra08.exe  (Shortcut exists | File exists)
"HP Image Zone Schnellstart.lnk" - "Hewlett-Packard Co." - C:\Programme\HP\Digital Imaging\bin\hpqthb08.exe  (Shortcut exists | File exists)
-----( %UserProfile%\Startmenü\Programme\Autostart )-----
"desktop.ini" - ? - C:\Dokumente und Einstellungen\jana\Startmenü\Programme\Autostart\desktop.ini
"OpenOffice.org 3.2.lnk" - ? - C:\Programme\OpenOffice.org 3\program\quickstart.exe  (Shortcut exists | File found, but it contains no detailed information | File exists)
-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----
"ibmmessages" - "IBM" - C:\Programme\IBM\Messages By IBM\ibmmessages.exe
"Sony Ericsson PC Suite" - "Sony Ericsson Mobile Communications AB" - "C:\Programme\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" /systray /nologon
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"avgnt" - "Avira GmbH" - "C:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min
"BMMGAG" - "IBM Corp." - RunDll32 C:\PROGRA~1\ThinkPad\UTILIT~1\pwrmonit.dll,StartPwrMonitor
"BMMLREF" - ? - C:\Programme\ThinkPad\Utilities\BMMLREF.EXE  (File found, but it contains no detailed information)
"BMMMONWND" - "IBM Corp." - rundll32.exe C:\PROGRA~1\ThinkPad\UTILIT~1\BatInfEx.dll,BMMAutonomicMonitor
"dla" - "Sonic Solutions" - C:\WINDOWS\system32\dla\tfswctrl.exe
"EZEJMNAP" - "IBM Corp." - C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
"HP Software Update" - "Hewlett-Packard Company" - "C:\Programme\HP\HP Software Update\HPWuSchd2.exe"
"ibmmessages" - "IBM" - C:\Programme\IBM\Messages By IBM\\ibmmessages.exe
"IBMPRC" - "IBM Corp." - C:\IBMTOOLS\UTILS\ibmprc.exe
"QCWLICON" - "IBM Corp." - C:\Programme\ThinkPad\ConnectUtilities\QCWLICON.EXE
"QuickTime Task" - "Apple Inc." - "C:\Programme\QuickTime\qttask.exe" -atboottime
"SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe"
"TP4EX" - "IBM Corporation" - tp4ex.exe
"TPHOTKEY" - ? - C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe  (File found, but it contains no detailed information)
"TPKMAPHELPER" - "IBM Corp." - C:\Programme\ThinkPad\Utilities\TpKmapAp.exe -helper
"UC_Start" - ? - C:\Programme\IBM\Updater\\ucstartup.exe  (File found, but it contains no detailed information)

[Print Monitors]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----
"CutePDF Writer Monitor" - ? - C:\WINDOWS\system32\cpwmon2k.dll  (File found, but it contains no detailed information)

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
".NET Runtime Optimization Service v2.0.50727_X86" (clr_optimization_v2.0.50727_32) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
"Anwendungsverwaltung" (AppMgmt) - ? - C:\WINDOWS\System32\appmgmts.dll  (File not found)
"ASP.NET-Zustandsdienst" (aspnet_state) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
"Avira AntiVir Guard" (AntiVirService) - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\avguard.exe
"Avira AntiVir Planer" (AntiVirSchedulerService) - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\sched.exe
"EvtEng" (EvtEng) - "Intel Corporation" - C:\Programme\Intel\Wireless\Bin\EvtEng.exe
"Google Software Updater" (gusvc) - "Google" - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe
"IBM KCU Service" (TpKmpSVC) - ? - C:\WINDOWS\system32\TpKmpSVC.exe  (File found, but it contains no detailed information)
"IBM PM Service" (IBMPMSVC) - ? - C:\WINDOWS\System32\ibmpmsvc.exe  (File signed by Microsoft | File found, but it contains no detailed information)
"IBM PSA Access Driver Control" (PsaSrv) - ? - C:\WINDOWS\system32\PsaSrv.exe  (File not found)
"IBM Rapid Restore Ultra Service" (IBM Rapid Restore Ultra Service) - ? - C:\Programme\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
"InstallDriver Table Manager" (IDriverT) - "Macrovision Corporation" - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
"Java Quick Starter" (JavaQuickStarterService) - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jqs.exe
"PEVSystemStart" (PEVSystemStart) - ? - C:\cofi\PEV.cfxxe  (File found, but it contains no detailed information)
"Pml Driver HPZ12" (Pml Driver HPZ12) - "HP" - C:\WINDOWS\system32\HPZipm12.exe
"QCONSVC" (QCONSVC) - "IBM Corp." - C:\WINDOWS\System32\QCONSVC.EXE
"RegSrvc" (RegSrvc) - "Intel Corporation" - C:\Programme\Intel\Wireless\Bin\RegSrvc.exe
"Sony Ericsson OMSI download service" (OMSI download service) - ? - C:\Programme\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe  (File found, but it contains no detailed information)
"Spectrum24 Event Monitor" (S24EventMonitor) - "Intel Corporation " - C:\Programme\Intel\Wireless\Bin\S24EvMon.exe
"Windows CardSpace" (idsvc) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
"Windows Presentation Foundation Font Cache 3.0.0.0" (FontCache3.0.0.0) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe

[Winlogon]
-----( HKCU\Control Panel\IOProcs )-----
"MVB" - ? - mvfs32.dll  (File not found)
-----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions )-----
{c6dc5466-785a-11d2-84d0-00c04fb169f7} "Softwareinstallation" - ? - appmgmts.dll  (File not found)
-----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify )-----
"QConGina" - "IBM Corp." - C:\WINDOWS\system32\QConGina.dll
"tphotkey" - ? - C:\WINDOWS\system32\tphklock.dll  (File found, but it contains no detailed information)

===[ Logfile end ]=========================================[ Logfile end ]===
--- --- ---

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru[/HTML]

cosinus 08.04.2011 06:59
Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SASW und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!

Gargamel456 11.04.2011 09:23
Ok, hier die Logfiles :glaskugel:

Malwarebytes:

HTML-Code:
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Datenbank Version: 6320

Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180

09.04.2011 11:17:16
mbam-log-2011-04-09 (11-17-16).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Durchsuchte Objekte: 208385
Laufzeit: 50 Minute(n), 9 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Datenbank Version: 6320

Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180

09.04.2011 11:17:16
mbam-log-2011-04-09 (11-17-16).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Durchsuchte Objekte: 208385
Laufzeit: 50 Minute(n), 9 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
SASW:

HTML-Code:
SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com

Generated 04/09/2011 at 06:11 AM

Application Version : 4.50.1002

Core Rules Database Version : 6795
Trace Rules Database Version: 4607

Scan type      : Complete Scan
Total Scan Time : 01:46:48

Memory items scanned      : 745
Memory threats detected  : 0
Registry items scanned    : 6816
Registry threats detected : 55
File items scanned        : 71025
File threats detected    : 1

Adware.Tracking Cookie
        C:\Dokumente und Einstellungen\jana\Cookies\jana@doubleclick[1].txt

Adware.180solutions/Search Assistant
        HKCR\Interface\{2B0ECEAC-F597-4858-A542-D966B49055B9}
        HKCR\Interface\{2B0ECEAC-F597-4858-A542-D966B49055B9}\ProxyStubClsid
        HKCR\Interface\{2B0ECEAC-F597-4858-A542-D966B49055B9}\ProxyStubClsid32
        HKCR\Interface\{2B0ECEAC-F597-4858-A542-D966B49055B9}\TypeLib
        HKCR\Interface\{2B0ECEAC-F597-4858-A542-D966B49055B9}\TypeLib#Version
        HKCR\Interface\{DDEA2E1D-8555-45E5-AF09-EC9AA4EA27AD}
        HKCR\Interface\{DDEA2E1D-8555-45E5-AF09-EC9AA4EA27AD}\ProxyStubClsid
        HKCR\Interface\{DDEA2E1D-8555-45E5-AF09-EC9AA4EA27AD}\ProxyStubClsid32
        HKCR\Interface\{DDEA2E1D-8555-45E5-AF09-EC9AA4EA27AD}\TypeLib
        HKCR\Interface\{DDEA2E1D-8555-45E5-AF09-EC9AA4EA27AD}\TypeLib#Version
        HKCR\Interface\{F1F1E775-1B21-454D-8D38-7C16519969E5}
        HKCR\Interface\{F1F1E775-1B21-454D-8D38-7C16519969E5}\ProxyStubClsid
        HKCR\Interface\{F1F1E775-1B21-454D-8D38-7C16519969E5}\ProxyStubClsid32
        HKCR\Interface\{F1F1E775-1B21-454D-8D38-7C16519969E5}\TypeLib
        HKCR\Interface\{F1F1E775-1B21-454D-8D38-7C16519969E5}\TypeLib#Version

Adware.180solutions/ZangoSearch
        HKCR\Interface\{7FA8976F-D00C-4E98-8729-A66569233FB5}
        HKCR\Interface\{7FA8976F-D00C-4E98-8729-A66569233FB5}\ProxyStubClsid
        HKCR\Interface\{7FA8976F-D00C-4E98-8729-A66569233FB5}\ProxyStubClsid32
        HKCR\Interface\{7FA8976F-D00C-4E98-8729-A66569233FB5}\TypeLib
        HKCR\Interface\{7FA8976F-D00C-4E98-8729-A66569233FB5}\TypeLib#Version
        HKCR\Interface\{A16650A9-B065-40EC-BBD1-F8D370D17FB1}
        HKCR\Interface\{A16650A9-B065-40EC-BBD1-F8D370D17FB1}\ProxyStubClsid
        HKCR\Interface\{A16650A9-B065-40EC-BBD1-F8D370D17FB1}\ProxyStubClsid32
        HKCR\Interface\{A16650A9-B065-40EC-BBD1-F8D370D17FB1}\TypeLib
        HKCR\Interface\{A16650A9-B065-40EC-BBD1-F8D370D17FB1}\TypeLib#Version
        HKCR\Interface\{BDDDF1A5-51A9-4F51-B38D-4CD0AD831B31}
        HKCR\Interface\{BDDDF1A5-51A9-4F51-B38D-4CD0AD831B31}\ProxyStubClsid
        HKCR\Interface\{BDDDF1A5-51A9-4F51-B38D-4CD0AD831B31}\ProxyStubClsid32
        HKCR\Interface\{BDDDF1A5-51A9-4F51-B38D-4CD0AD831B31}\TypeLib
        HKCR\Interface\{BDDDF1A5-51A9-4F51-B38D-4CD0AD831B31}\TypeLib#Version
        HKCR\Interface\{E43DFAA6-8C16-4519-B022-8792408505A4}
        HKCR\Interface\{E43DFAA6-8C16-4519-B022-8792408505A4}\ProxyStubClsid
        HKCR\Interface\{E43DFAA6-8C16-4519-B022-8792408505A4}\ProxyStubClsid32
        HKCR\Interface\{E43DFAA6-8C16-4519-B022-8792408505A4}\TypeLib
        HKCR\Interface\{E43DFAA6-8C16-4519-B022-8792408505A4}\TypeLib#Version

Adware.Zango Toolbar/Hb
        HKCR\Interface\{067C6A37-72EA-4437-863A-5BE20C246F3C}
        HKCR\Interface\{067C6A37-72EA-4437-863A-5BE20C246F3C}\ProxyStubClsid
        HKCR\Interface\{067C6A37-72EA-4437-863A-5BE20C246F3C}\ProxyStubClsid32
        HKCR\Interface\{067C6A37-72EA-4437-863A-5BE20C246F3C}\TypeLib
        HKCR\Interface\{067C6A37-72EA-4437-863A-5BE20C246F3C}\TypeLib#Version
        HKCR\Interface\{1A2AF056-1FE1-47CA-993D-5D09D18E674E}
        HKCR\Interface\{1A2AF056-1FE1-47CA-993D-5D09D18E674E}\ProxyStubClsid
        HKCR\Interface\{1A2AF056-1FE1-47CA-993D-5D09D18E674E}\ProxyStubClsid32
        HKCR\Interface\{1A2AF056-1FE1-47CA-993D-5D09D18E674E}\TypeLib
        HKCR\Interface\{1A2AF056-1FE1-47CA-993D-5D09D18E674E}\TypeLib#Version
        HKCR\Interface\{B247F5BF-BD9D-4ECD-8FC1-365F36A1FDA1}
        HKCR\Interface\{B247F5BF-BD9D-4ECD-8FC1-365F36A1FDA1}\ProxyStubClsid
        HKCR\Interface\{B247F5BF-BD9D-4ECD-8FC1-365F36A1FDA1}\ProxyStubClsid32
        HKCR\Interface\{B247F5BF-BD9D-4ECD-8FC1-365F36A1FDA1}\TypeLib
        HKCR\Interface\{B247F5BF-BD9D-4ECD-8FC1-365F36A1FDA1}\TypeLib#Version
        HKCR\Interface\{BBBFB891-98AE-4678-86F3-BD5A2EED86C9}
        HKCR\Interface\{BBBFB891-98AE-4678-86F3-BD5A2EED86C9}\ProxyStubClsid
        HKCR\Interface\{BBBFB891-98AE-4678-86F3-BD5A2EED86C9}\ProxyStubClsid32
        HKCR\Interface\{BBBFB891-98AE-4678-86F3-BD5A2EED86C9}\TypeLib
        HKCR\Interface\{BBBFB891-98AE-4678-86F3-BD5A2EED86C9}\TypeLib#Version

cosinus 11.04.2011 12:33
Sieht ok aus, da wurden nur Cookies und Überreste gefunden.
Noch Probleme oder weitere Funde in der Zwischenzeit?

Gargamel456 13.04.2011 07:09
Nein nichts weiter...
War alles okay soweit.
Kann ich malwarebytes und SASW deinstallieren und wieder online banking machen?

cosinus 13.04.2011 09:45
Ja die Tools können wieder runter.

Dann wären wir durch! :abklatsch:

Bitte abschließend die Updates prüfen, unten mein Leitfaden dazu.
Für noch mehr Sicherheit solltest Du nach der beseitigten Infektion auch möglichst alle Passwörter ändern.


Microsoftupdate

Windows XP: Besuch mit dem IE die MS-Updateseite und lass Dir alle wichtigen Updates installieren.

Windows Vista/7: Anleitung Windows-Update



PDF-Reader aktualisieren
Dein Adobe Reader ist nicht aktuell, was ein großes Sicherheitsrisiko darstellt. Du solltest daher besser die alte Version über Systemsteuerung => Software deinstallieren, indem Du dort auf "Adobe Reader x.0" klickst und das Programm entfernst.

Ich empfehle einen alternativen PDF-Reader wie SumatraPDF oder Foxit PDF Reader, beide sind sehr viel schlanker und flotter als der AdobeReader.

Bitte überprüf bei der Gelegenheit auch die Aktualität des Flashplayers, hier der direkte Downloadlink:

Mozilla und andere Browser => http://filepony.de/?q=Flash+Player
Internet Explorer => http://fpdownload.adobe.com/get/flas..._player_ax.exe


Java-Update
Veraltete Java-Installationen sind ein Sicherheitsrisiko, daher solltest Du die alten Versionen löschen (falls vorhanden, am besten mit JavaRa) und auf die neuste aktualisieren. Beende dazu alle Programme (v.a. die Browser), klick danach auf Start, Systemsteuerung, Software und deinstalliere darüber alle aufgelisteten Java-Versionen. Lad Dir danach von hier das aktuelle Java SE Runtime Environment (JRE) herunter und installiere es.

Gargamel456 01.05.2011 01:22
Okay, Vielen vielen Dank für die Hilfe!!!!
:party:

Sorry, das wollte ich eigentlich schon viel früher schreiben!


Alle Zeitangaben in WEZ +1. Es ist jetzt 02:52 Uhr.
Seite 2 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132