Trojaner-Board
Seite 2 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Internetexplorer Scriptfehler automatisches starten von Audiodateien (https://www.trojaner-board.de/98944-internetexplorer-scriptfehler-automatisches-starten-audiodateien.html)

mihrchen 12.05.2011 21:19
Hallo Arne,

hier sind die Logs von GMR, OSAM und MBR.

Grüße,

Markus


GMER Logfile:
Code:
GMER 1.0.15.15627 - hxxp://www.gmer.net
Rootkit scan 2011-05-12 22:03:28
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 TOSHIBA_MK1032GSX rev.AS021G
Running: g2m3e4r.exe; Driver: C:\DOKUME~1\Markus\LOKALE~1\Temp\kwtcqpoc.sys


---- System - GMER 1.0.15 ----

SSDT            F7AC5836                                                                                                  ZwCreateKey
SSDT            F7AC582C                                                                                                  ZwCreateThread
SSDT            F7AC583B                                                                                                  ZwDeleteKey
SSDT            F7AC5845                                                                                                  ZwDeleteValueKey
SSDT            F7AC584A                                                                                                  ZwLoadKey
SSDT            F7AC5818                                                                                                  ZwOpenProcess
SSDT            F7AC581D                                                                                                  ZwOpenThread
SSDT            F7AC5854                                                                                                  ZwReplaceKey
SSDT            F7AC584F                                                                                                  ZwRestoreKey
SSDT            F7AC5840                                                                                                  ZwSetValueKey
SSDT            \??\C:\Programme\SUPERAntiSpyware\SASKUTIL.SYS (SASKUTIL.SYS/SUPERAdBlocker.com and SUPERAntiSpyware.com)  ZwTerminateProcess [0xEDE50620]

Code            F7AC1C9C                                                                                                  ZwRequestPort
Code            F7AC1D3C                                                                                                  ZwRequestWaitReplyPort
Code            F7AC1BFC                                                                                                  ZwTraceEvent
Code            F7AC1C9B                                                                                                  NtRequestPort
Code            F7AC1D3B                                                                                                  NtRequestWaitReplyPort
Code            F7AC1BFB                                                                                                  NtTraceEvent

---- Kernel code sections - GMER 1.0.15 ----

init            C:\WINDOWS\system32\drivers\tifm21.sys                                                                    entry point in "init" section [0xF67C0EBF]

---- Devices - GMER 1.0.15 ----

AttachedDevice  \Driver\Kbdclass \Device\KeyboardClass0                                                                    SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)

Device          \FileSystem\Cdfs \Cdfs                                                                                    DLAIFS_M.SYS (Drive Letter Access Component/Sonic Solutions)

---- EOF - GMER 1.0.15 ----
--- --- ---




MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows XP Professional
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x0000000c

Kernel Drivers (total 155):
0x804D7000 \WINDOWS\system32\ntoskrnl.exe
0x80701000 \WINDOWS\system32\hal.dll
0xF7996000 \WINDOWS\system32\KDCOM.DLL
0xF78A6000 \WINDOWS\system32\BOOTVID.dll
0xF7446000 ACPI.sys
0xF7998000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xF7435000 pci.sys
0xF7496000 isapnp.sys
0xF74A6000 ohci1394.sys
0xF74B6000 \WINDOWS\system32\DRIVERS\1394BUS.SYS
0xF78AA000 compbatt.sys
0xF78AE000 \WINDOWS\system32\DRIVERS\BATTC.SYS
0xF7A5E000 pciide.sys
0xF7716000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xF7417000 pcmcia.sys
0xF74C6000 MountMgr.sys
0xF73F8000 ftdisk.sys
0xF799A000 dmload.sys
0xF73D2000 dmio.sys
0xF78B2000 ACPIEC.sys
0xF7A5F000 \WINDOWS\system32\DRIVERS\OPRGHDLR.SYS
0xF771E000 PartMgr.sys
0xF74D6000 VolSnap.sys
0xF73BA000 atapi.sys
0xF74E6000 disk.sys
0xF74F6000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xF739A000 fltmgr.sys
0xF7388000 sr.sys
0xF7372000 DRVMCDB.SYS
0xF7726000 PxHelp20.sys
0xF735B000 KSecDD.sys
0xF72CE000 Ntfs.sys
0xF72A1000 NDIS.sys
0xF7287000 Mup.sys
0xF7676000 \SystemRoot\system32\DRIVERS\intelppm.sys
0xF7962000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0xF6981000 \SystemRoot\system32\DRIVERS\ati2mtag.sys
0xF696D000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xF6945000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0xF67E8000 \SystemRoot\system32\DRIVERS\w39n51.sys
0xF77FE000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0xF67C4000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xF7806000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xF7686000 \SystemRoot\system32\DRIVERS\nic1394.sys
0xF679C000 \SystemRoot\system32\drivers\tifm21.sys
0xF6788000 \SystemRoot\system32\DRIVERS\sdbus.sys
0xF6760000 \SystemRoot\system32\DRIVERS\e100b325.sys
0xF7696000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0xF780E000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xF6731000 \SystemRoot\system32\DRIVERS\SynTP.sys
0xF79C2000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xF7816000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xF76A6000 \SystemRoot\system32\DRIVERS\imapi.sys
0xF79C4000 \SystemRoot\System32\Drivers\DLACDBHM.SYS
0xF76B6000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xF76C6000 \SystemRoot\system32\DRIVERS\redbook.sys
0xF670E000 \SystemRoot\system32\DRIVERS\ks.sys
0xF79C6000 \SystemRoot\System32\Drivers\x10hid.sys
0xF76D6000 \SystemRoot\System32\Drivers\HIDCLASS.SYS
0xF781E000 \SystemRoot\System32\Drivers\HIDPARSE.SYS
0xF7BB4000 \SystemRoot\system32\DRIVERS\audstub.sys
0xF7596000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xF797A000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xF66F7000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xF75A6000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xF75B6000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xF7896000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xF66E6000 \SystemRoot\system32\DRIVERS\psched.sys
0xF75C6000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xF789E000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xF7736000 \SystemRoot\system32\DRIVERS\raspti.sys
0xF66B6000 \SystemRoot\system32\DRIVERS\rdpdr.sys
0xF75D6000 \SystemRoot\system32\DRIVERS\termdd.sys
0xF79D0000 \SystemRoot\system32\DRIVERS\swenum.sys
0xF6658000 \SystemRoot\system32\DRIVERS\update.sys
0xF7263000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xF79D4000 \SystemRoot\system32\DRIVERS\NBSMI.sys
0xF725B000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0xF75E6000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xEE163000 \SystemRoot\system32\drivers\RtkHDAud.sys
0xEE13F000 \SystemRoot\system32\drivers\portcls.sys
0xF7616000 \SystemRoot\system32\drivers\drmk.sys
0xF7626000 \SystemRoot\system32\DRIVERS\Tvs.sys
0xF775E000 \SystemRoot\system32\DRIVERS\tsxt_kern_i386.sys
0xF776E000 \SystemRoot\system32\DRIVERS\wowhd_kern_i386.sys
0xF7636000 \SystemRoot\system32\DRIVERS\csiidecoder_kern_i386.sys
0xEE02C000 \SystemRoot\system32\DRIVERS\AGRSM.sys
0xF777E000 \SystemRoot\System32\Drivers\Modem.SYS
0xF76F6000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xF7A18000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xF7ABA000 \SystemRoot\System32\Drivers\Null.SYS
0xF7A1A000 \SystemRoot\System32\Drivers\Beep.SYS
0xF77CE000 \SystemRoot\System32\Drivers\DLARTL_N.SYS
0xF77D6000 \SystemRoot\System32\drivers\vga.sys
0xF7A1C000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xF7A1E000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xF77DE000 \SystemRoot\System32\Drivers\Msfs.SYS
0xF77E6000 \SystemRoot\System32\Drivers\Npfs.SYS
0xF65B4000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xEDFD1000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xEDF78000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xEDF50000 \SystemRoot\system32\DRIVERS\netbt.sys
0xEDF2A000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xEDF08000 \SystemRoot\System32\drivers\afd.sys
0xF7526000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xF7536000 \SystemRoot\system32\DRIVERS\netbios.sys
0xF77EE000 \SystemRoot\system32\DRIVERS\ssmdrv.sys
0xEDE46000 \??\C:\Programme\SUPERAntiSpyware\SASKUTIL.SYS
0xF7546000 \SystemRoot\system32\DRIVERS\arp1394.sys
0xF77F6000 \??\C:\Programme\SUPERAntiSpyware\SASDIFSV.SYS
0xEDE1B000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xEDD83000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xF7556000 \SystemRoot\System32\Drivers\Fips.SYS
0xEDD5D000 \SystemRoot\system32\DRIVERS\avipbb.sys
0xF7A22000 \??\C:\Programme\Avira\AntiVir Desktop\avgio.sys
0xF7586000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xF6B18000 \SystemRoot\system32\DRIVERS\hidusb.sys
0xF6B14000 \SystemRoot\system32\DRIVERS\mouhid.sys
0xEDD45000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xF7A24000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xEE01C000 \SystemRoot\System32\drivers\Dxapi.sys
0xF7836000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xF7B01000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF46A000 \SystemRoot\System32\ATMFD.DLL
0xEBBF0000 \SystemRoot\system32\DRIVERS\avgntflt.sys
0xEDEA8000 \SystemRoot\System32\Drivers\DRVNDDM.SYS
0xF7B51000 \SystemRoot\System32\DLA\DLADResN.SYS
0xEBBB2000 \SystemRoot\System32\DLA\DLAIFS_M.SYS
0xEBC61000 \SystemRoot\System32\DLA\DLAOPIOM.SYS
0xF7A56000 \SystemRoot\System32\DLA\DLAPoolM.SYS
0xF7866000 \SystemRoot\System32\DLA\DLABOIOM.SYS
0xEBB9A000 \SystemRoot\System32\DLA\DLAUDFAM.SYS
0xEBB84000 \SystemRoot\System32\DLA\DLAUDF_M.SYS
0xEBA4B000 \??\C:\Programme\Sandboxie\SbieDrv.sys
0xF7886000 \SystemRoot\system32\DRIVERS\AegisP.sys
0xEBB78000 \SystemRoot\system32\DRIVERS\s24trans.sys
0xEBAB4000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xEBAB0000 \SystemRoot\system32\DRIVERS\netdevio.sys
0xEB7EE000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0xEB5F5000 \SystemRoot\System32\Drivers\HTTP.sys
0xEB575000 \SystemRoot\system32\DRIVERS\srv.sys
0xF7756000 \SystemRoot\system32\DRIVERS\LVPr2Mon.sys
0xF6C2F000 \SystemRoot\system32\drivers\wdmaud.sys
0xEB485000 \SystemRoot\system32\drivers\sysaudio.sys
0xBFF50000 \SystemRoot\System32\TSDDD.dll
0xBF012000 \SystemRoot\System32\ati2dvag.dll
0xBF055000 \SystemRoot\System32\ati2cqag.dll
0xBF094000 \SystemRoot\System32\atikvmag.dll
0xBF0CA000 \SystemRoot\System32\ati3duag.dll
0xBF355000 \SystemRoot\System32\ativvaxx.dll
0xB760F000 \??\C:\DOKUME~1\Markus\LOKALE~1\Temp\kwtcqpoc.sys
0xB7569000
0x7C910000 \WINDOWS\system32\ntdll.dll

Processes (total 94):
0 System Idle Process
4 System
796 C:\WINDOWS\system32\smss.exe
844 csrss.exe
876 C:\WINDOWS\system32\winlogon.exe
924 C:\WINDOWS\system32\services.exe
936 C:\WINDOWS\system32\lsass.exe
1140 C:\WINDOWS\system32\ati2evxx.exe
1156 C:\WINDOWS\system32\svchost.exe
1236 svchost.exe
1276 C:\Programme\Sandboxie\SbieSvc.exe
1296 C:\WINDOWS\system32\svchost.exe
1384 C:\Programme\Intel\Wireless\Bin\EvtEng.exe
1416 C:\Programme\Intel\Wireless\Bin\S24EvMon.exe
1456 svchost.exe
1636 svchost.exe
1936 C:\WINDOWS\system32\spoolsv.exe
1996 C:\Programme\Avira\AntiVir Desktop\sched.exe
188 svchost.exe
580 C:\Programme\Avira\AntiVir Desktop\avguard.exe
672 C:\Programme\Toshiba\ConfigFree\CFSvcs.exe
772 C:\WINDOWS\ehome\ehrecvr.exe
816 C:\WINDOWS\ehome\ehSched.exe
1516 C:\Programme\Java\jre6\bin\jqs.exe
1712 C:\Programme\Gemeinsame Dateien\logishrd\LVMVFM\LVPrcSrv.exe
1732 C:\Programme\Avira\AntiVir Desktop\avshadow.exe
244 C:\Programme\Intel\Wireless\Bin\RegSrvc.exe
372 svchost.exe
488 C:\WINDOWS\system32\svchost.exe
1056 C:\Programme\Toshiba\TOSHIBA Applet\TAPPSRV.exe
704 C:\PROGRA~1\COMMON~1\X10\Common\X10nets.exe
840 mcrdsvc.exe
3456 C:\WINDOWS\system32\dllhost.exe
3732 C:\WINDOWS\system32\ati2evxx.exe
3852 explorer.exe
3992 C:\WINDOWS\system32\wbem\wmiapsrv.exe
2084 alg.exe
3624 ehtray.exe
3652 CLI.exe
3356 ehmsas.exe
1324 SynTPEnh.exe
3788 THotkey.exe
3888 SmoothView.exe
4004 Toshiba.exe
3860 TvsTray.exe
4064 DLACTRLW.EXE
3808 ZCfgSvc.exe
2428 iFrmewrk.exe
2484 avgnt.exe
1772 LWS.exe
600 ctfmon.exe
2748 TOSCDSPD.exe
2904 psi_tray.exe
276 COCIManager.exe
3968 Dot1XCfg.exe
644 CLI.exe
620 CLI.exe
1260 SbieCtrl.exe
3628 SUPERAntiSpyware.exe
3288 igfxsrvc.exe
3576 csrss.exe
3744 C:\WINDOWS\system32\winlogon.exe
520 C:\WINDOWS\system32\ati2evxx.exe
1904 C:\WINDOWS\explorer.exe
1788 C:\WINDOWS\ehome\ehtray.exe
1792 C:\Programme\ATI Technologies\ATI.ACE\CLI.exe
2652 C:\Programme\Synaptics\SynTP\SynTPEnh.exe
324 C:\Programme\Toshiba\TOSHIBA Applet\THotkey.exe
1952 C:\Programme\Toshiba\TOSHIBA Zoom-Dienstprogramm\SmoothView.exe
3096 C:\Programme\Toshiba\Tvs\TvsTray.exe
1892 C:\WINDOWS\system32\DLA\DLACTRLW.EXE
2676 C:\Programme\Intel\Wireless\Bin\ZCfgSvc.exe
784 C:\Programme\Intel\Wireless\Bin\iFrmewrk.exe
2476 C:\Programme\Synaptics\SynTP\Toshiba.exe
2716 C:\Programme\Avira\AntiVir Desktop\avgnt.exe
3712 C:\WINDOWS\ehome\ehmsas.exe
3536 C:\Programme\Logitech\Logitech WebCam Software\LWS.exe
2840 C:\Programme\Toshiba\TOSCDSPD\TOSCDSPD.exe
3044 C:\WINDOWS\system32\wuauclt.exe
728 C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
3208 C:\Programme\Logitech\Logitech Vid\Vid.exe
536 C:\Programme\Sandboxie\SbieCtrl.exe
2936 C:\Programme\Secunia\PSI\psi_tray.exe
5748 C:\Programme\Gemeinsame Dateien\logishrd\LQCVFX\COCIManager.exe
5868 C:\Programme\ATI Technologies\ATI.ACE\CLI.exe
4892 C:\Programme\ATI Technologies\ATI.ACE\CLI.exe
3048 C:\Programme\Sandboxie\SandboxieRpcSs.exe
2896 C:\Dokumente und Einstellungen\Markus\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\Application\chrome.exe
1224 C:\Programme\Sandboxie\SandboxieDcomLaunch.exe
5524 C:\Dokumente und Einstellungen\Markus\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\Application\chrome.exe
5848 C:\Programme\Sandboxie\SandboxieCrypto.exe
3144 C:\Dokumente und Einstellungen\Markus\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\Application\chrome.exe
4312 C:\WINDOWS\system32\igfxsrvc.exe
3184 C:\Dokumente und Einstellungen\Markus\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)

PhysicalDrive0 Model Number: TOSHIBAMK1032GSX, Rev: AS021G

Size Device Name MBR Status
--------------------------------------------
93 GB \\.\PhysicalDrive0 Windows XP MBR code detected
SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A


Done!





OSAM Logfile:
Code:
Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 22:10:01 on 12.05.2011

OS: Windows XP Professional Service Pack 3 (Build 2600)
Default Browser: Microsoft Corporation Internet Explorer 6.00.2900.2180

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Common]
-----( %SystemRoot%\Tasks )-----
"GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Programme\Google\Update\GoogleUpdate.exe
"GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Programme\Google\Update\GoogleUpdate.exe
"1-Klick-Wartung.job" - ? - C:\Programme\TuneUp Utilities 2008\OneClickStarter.exe  (File found, but it contains no detailed information)

[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"HWSETUP.cpl" - "TOSHIBA Corp." - C:\WINDOWS\system32\HWSETUP.cpl
"inetcpl.cpl" - "Microsoft Corporation" - C:\WINDOWS\system32\inetcpl.cpl
"infocardcpl.cpl" - "Microsoft Corporation" - C:\WINDOWS\system32\infocardcpl.cpl
"javacpl.cpl" - "Sun Microsystems, Inc." - C:\WINDOWS\system32\javacpl.cpl
"LocalCOM.cpl" - "東芝公司" - C:\WINDOWS\system32\LocalCOM.cpl
"TOSCDSPD.cpl" - ? - C:\WINDOWS\system32\TOSCDSPD.cpl  (File found, but it contains no detailed information)
"TPwrSave.cpl" - "TOSHIBA Corporation" - C:\WINDOWS\system32\TPwrSave.cpl
"xhidcpl.cpl" - ? - C:\WINDOWS\system32\xhidcpl.cpl  (File found, but it contains no detailed information)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"Avira AntiVir Personal" - "Avira GmbH" - C:\PROGRA~1\Avira\ANTIVI~1\avconfig.cpl
"Desktop Search" - ? - C:\Programme\Windows Desktop Search\ControlPanel.cpl  (File found, but it contains no detailed information)
"Pando" - "Pando Networks" - C:\Programme\Pando Networks\Media Booster\PMB.cpl
"ToshSrv" - "TOSHIBA Corporation" - C:\Programme\TOSHIBA\TOSHIBA Controls\ToshSrv.cpl

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"AEGIS Protocol (IEEE 802.1x) v3.4.9.0" (AegisP) - "Meetinghouse Data Communications" - C:\WINDOWS\System32\DRIVERS\AegisP.sys
"avgio" (avgio) - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\avgio.sys
"avgntflt" (avgntflt) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\avgntflt.sys
"avipbb" (avipbb) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\avipbb.sys
"Bluetooth ACPI from TOSHIBA" (tosrfec) - "TOSHIBA Corporation" - C:\WINDOWS\System32\DRIVERS\tosrfec.sys
"catchme" (catchme) - ? - C:\DOKUME~1\Markus\LOKALE~1\Temp\catchme.sys  (File not found)
"Changer" (Changer) - ? - C:\WINDOWS\system32\drivers\Changer.sys  (File not found)
"DLABOIOM" (DLABOIOM) - "Sonic Solutions" - C:\WINDOWS\System32\DLA\DLABOIOM.SYS
"DLACDBHM" (DLACDBHM) - "Sonic Solutions" - C:\WINDOWS\System32\Drivers\DLACDBHM.SYS
"DLADResN" (DLADResN) - "Sonic Solutions" - C:\WINDOWS\System32\DLA\DLADResN.SYS
"DLAIFS_M" (DLAIFS_M) - "Sonic Solutions" - C:\WINDOWS\System32\DLA\DLAIFS_M.SYS
"DLAOPIOM" (DLAOPIOM) - "Sonic Solutions" - C:\WINDOWS\System32\DLA\DLAOPIOM.SYS
"DLAPoolM" (DLAPoolM) - "Sonic Solutions" - C:\WINDOWS\System32\DLA\DLAPoolM.SYS
"DLARTL_N" (DLARTL_N) - "Sonic Solutions" - C:\WINDOWS\System32\Drivers\DLARTL_N.SYS
"DLAUDFAM" (DLAUDFAM) - "Sonic Solutions" - C:\WINDOWS\System32\DLA\DLAUDFAM.SYS
"DLAUDF_M" (DLAUDF_M) - "Sonic Solutions" - C:\WINDOWS\System32\DLA\DLAUDF_M.SYS
"DRVMCDB" (DRVMCDB) - "Sonic Solutions" - C:\WINDOWS\System32\Drivers\DRVMCDB.SYS
"DRVNDDM" (DRVNDDM) - "Sonic Solutions" - C:\WINDOWS\System32\Drivers\DRVNDDM.SYS
"EagleNT" (EagleNT) - ? - C:\WINDOWS\system32\drivers\EagleNT.sys  (File not found)
"i2omgmt" (i2omgmt) - ? - C:\WINDOWS\system32\drivers\i2omgmt.sys  (File not found)
"kwtcqpoc" (kwtcqpoc) - ? - C:\DOKUME~1\Markus\LOKALE~1\Temp\kwtcqpoc.sys  (Hidden registry entry, rootkit activity | File not found)
"lbrtfdc" (lbrtfdc) - ? - C:\WINDOWS\system32\drivers\lbrtfdc.sys  (File not found)
"MHN-Treiber" (MHNDRV) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\mhndrv.sys
"PCIDump" (PCIDump) - ? - C:\WINDOWS\system32\drivers\PCIDump.sys  (File not found)
"PDCOMP" (PDCOMP) - ? - C:\WINDOWS\system32\drivers\PDCOMP.sys  (File not found)
"PDFRAME" (PDFRAME) - ? - C:\WINDOWS\system32\drivers\PDFRAME.sys  (File not found)
"PDRELI" (PDRELI) - ? - C:\WINDOWS\system32\drivers\PDRELI.sys  (File not found)
"PDRFRAME" (PDRFRAME) - ? - C:\WINDOWS\system32\drivers\PDRFRAME.sys  (File not found)
"PSI" (PSI) - "Secunia" - C:\WINDOWS\System32\DRIVERS\psi_mf.sys
"PxHelp20" (PxHelp20) - "Sonic Solutions" - C:\WINDOWS\System32\Drivers\PxHelp20.sys
"SASDIFSV" (SASDIFSV) - "SUPERAdBlocker.com and SUPERAntiSpyware.com" - C:\Programme\SUPERAntiSpyware\SASDIFSV.SYS
"SASKUTIL" (SASKUTIL) - "SUPERAdBlocker.com and SUPERAntiSpyware.com" - C:\Programme\SUPERAntiSpyware\SASKUTIL.SYS
"SbieDrv" (SbieDrv) - "SANDBOXIE L.T.D" - C:\Programme\Sandboxie\SbieDrv.sys
"ssmdrv" (ssmdrv) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\ssmdrv.sys
"Toshiba Mobile PC Service" (TVALD) - "Toshiba Corporation" - C:\WINDOWS\System32\DRIVERS\NBSMI.sys
"TOSHIBA Network Device Usermode I/O Protocol" (Netdevio) - "TOSHIBA Corporation." - C:\WINDOWS\System32\DRIVERS\netdevio.sys
"TOSHIBA Virtual Sound with SRS technologies" (Tvs) - "TOSHIBA Corporation" - C:\WINDOWS\System32\DRIVERS\Tvs.sys
"WDICA" (WDICA) - ? - C:\WINDOWS\system32\drivers\WDICA.sys  (File not found)
"WLAN-Transport" (s24trans) - "Intel Corporation" - C:\WINDOWS\System32\DRIVERS\s24trans.sys

[Explorer]
-----( HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components )-----
>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS "Browseranpassungen" - "Microsoft Corporation" - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
{89820200-ECBD-11cf-8B85-00AA005B4383} "Internet Explorer 6" - "Microsoft Corporation" - %SystemRoot%\system32\ie4uinit.exe
KB910393 "KB910393" - "Microsoft Corporation" - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\EasyCDBlock.inf,PerUserInstall
>{22d6f312-b0f6-11d0-94ab-0080c74c7e95} "Microsoft Windows Media Player" - "Microsoft Corporation" - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
{6BF52A52-394A-11d3-B153-00C04F79FAA6} "Microsoft Windows Media Player" - "Microsoft Corporation" - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp.inf,PerUserStub
{44BBA842-CC51-11CF-AAFA-00AA00B6015B} "NetMeeting 3.01" - "Microsoft Corporation" - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
{89B4C1CD-B018-4511-B0A1-5476DBF70820} "StubPath" - "Microsoft Corporation" - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
<{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} "Versions-Update für Internet Explorer" - "Microsoft Corporation" - C:\WINDOWS\system32\ieudinit.exe
{5945c046-1e7d-11d1-bc44-00c04fd912be} "Windows Messenger 4.7" - "Microsoft Corporation" - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.dll
{B2F55D43-C7A4-4B7C-90D7-7A860DFA9F2A} "PXCInfoShlExt Class" - "Tracker Software Products Ltd." - C:\Programme\Tracker Software\Shell Extensions\XCShInfo.dll
-----( HKLM\Software\Classes\Protocols\Filter )-----
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
{807553E5-5146-11D5-A672-00B0D022E945} "text/xml" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL
-----( HKLM\Software\Classes\Protocols\Handler )-----
{32505114-5902-49B2-880A-1F7738E5A384} "Data Page Plugable Protocal mso-offdap11 Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\WEBCOM~1\11\OWC11.DLL
{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )-----
{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} "SABShellExecuteHook Class" - "SuperAdBlocker.com" - C:\Programme\SUPERAntiSpyware\SASSEH.DLL
{56F9679E-7826-4C84-81F3-532071A8BCC5} "Windows Desktop Search Namespace Manager" - "Microsoft Corporation" - C:\Programme\Windows Desktop Search\MSNLNamespaceMgr.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{23170F69-40C1-278A-1000-000100020000} "7-Zip Shell Extension" - "Igor Pavlov" - C:\Programme\7-Zip\7-zip.dll
{88C6C381-2E85-11D0-94DE-444553540000} "ActiveX-Cacheordner" - "Microsoft Corporation" - C:\WINDOWS\system32\occache.dll
{7D559C10-9FE9-11d0-93F7-00AA0059CE02} "Code Download Agent" - "Microsoft Corporation" - C:\WINDOWS\system32\webcheck.dll
{E6CC6978-6B6E-11D0-BECA-00C04FD940BE} "ConnectionAgent" - "Microsoft Corporation" - C:\WINDOWS\system32\webcheck.dll
{42071714-76d4-11d1-8b24-00a0c9068ff3} "CPL-Erweiterung für Anzeigeverschiebung" - ? - deskpan.dll  (File not found)
{1CDB2949-8F65-4355-8456-263E7C208A5D} "Desktop Explorer" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvshell.dll
{1E9B04FB-F9E5-4718-997B-B8DA88302A47} "Desktop Explorer Menu" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvshell.dll
{5CA3D70E-1895-11CF-8E15-001234567890} "DriveLetterAccess" - "Sonic Solutions" - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
{1D2680C9-0E2A-469d-B787-065558BC7D43} "Fusion Cache" - "Microsoft Corporation" - c:\WINDOWS\system32\mscoree.dll
{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} "Kontextmenü für die Verschlüsselung" - ? -  (File not found | COM-object registry key not found)
{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Programme\Microsoft Office\OFFICE11\msohev.dll
{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\OFFICE12\msoshext.dll
{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\OFFICE12\msoshext.dll
{1E9B04FB-F9E5-4718-997B-B8DA88302A48} "nView Desktop Context Menu" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvshell.dll
{CF822AB4-6DB5-4FDA-BC28-E61DF36D2583} "PDF-XChange PDF Preview Provider" - "Tracker Software Products Ltd." - C:\Programme\Tracker Software\Shell Extensions\XCShInfo.dll
{67EB453C-1BE1-48EC-AAF3-23B10277FCC1} "PDF-XChange PDF Property Handler" - "Tracker Software Products Ltd." - C:\Programme\Tracker Software\Shell Extensions\XCShInfo.dll
{EBD0B8F4-A9A0-41B7-9695-030CD264D9C8} "PDF-XChange PDF Thumbnail Provider" - "Tracker Software Products Ltd." - C:\Programme\Tracker Software\Shell Extensions\XCShInfo.dll
{640167b4-59b0-47a6-b335-a6b3c0695aea} "Portable Media Devices" - "Microsoft Corporation" - C:\WINDOWS\system32\audiodev.dll
{cc86590a-b60a-48e6-996b-41d25ed39a1e} "Portable Media Devices Menu" - "Microsoft Corporation" - C:\WINDOWS\system32\audiodev.dll
{D8BD2030-6FC9-11D0-864F-00AA006809D9} "PostAgent" - "Microsoft Corporation" - C:\WINDOWS\system32\webcheck.dll
{5B043439-4F53-436E-8CFE-28F80934DBE6} "PXCPreviewHandlerXP Class" - "Tracker Software Products Ltd." - C:\Programme\Tracker Software\Shell Extensions\PXCPrevHost.exe
{E91B2703-013E-4A99-AD33-2B6FB00AA356} "RecordNow! ContextMenuExt" - ? - C:\Programme\Sonic\RecordNow!\shlext.dll
{DEE12703-6333-4D4E-8F34-738C4DCC2E04} "RecordNow! SendToExt" - ? - C:\Programme\Sonic\RecordNow!\shlext.dll
{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\shlext.dll
{E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} "Shell Icon Handler for Application References" - "Microsoft Corporation" - c:\WINDOWS\system32\dfshim.dll
{764BF0E1-F219-11ce-972D-00AA00A14F56} "Shellerweiterungen für die Dateikomprimierung" - ? -  (File not found | COM-object registry key not found)
{e82a2d71-5b2f-43a0-97b8-81be15854de8} "ShellLink for Application References" - "Microsoft Corporation" - c:\WINDOWS\system32\dfshim.dll
{5E2121EE-0300-11D4-8D3B-444553540000} "SimpleShlExt Class" - ? - C:\Programme\ATI Technologies\ATI.ACE\atiacmxx.dll
{F5175861-2688-11d0-9C5E-00AA00A45957} "Subscription Folder" - "Microsoft Corporation" - C:\WINDOWS\system32\webcheck.dll
{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE} "Subscription Mgr" - "Microsoft Corporation" - C:\WINDOWS\system32\webcheck.dll
{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7} "TrayAgent" - "Microsoft Corporation" - C:\WINDOWS\system32\webcheck.dll
{4858E7D9-8E12-45a3-B6A3-1CD128C9D403} "TuneUp Shredder Shell Extension" - "TuneUp Software GmbH" - C:\Programme\TuneUp Utilities 2008\SDShelEx-win32.dll
{44440D00-FF19-4AFC-B765-9A0970567D97} "TuneUp Theme Extension" - "TuneUp Software GmbH" - C:\WINDOWS\System32\uxtuneup.dll
{E6FB5E20-DE35-11CF-9C87-00AA005127ED} "WebCheck" - "Microsoft Corporation" - C:\WINDOWS\system32\webcheck.dll
{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB} "WebCheck SyncMgr Handler" - "Microsoft Corporation" - C:\WINDOWS\system32\webcheck.dll
{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB} "WebCheckChannelAgent" - "Microsoft Corporation" - C:\WINDOWS\system32\webcheck.dll
{08165EA0-E946-11CF-9C87-00AA005127ED} "WebCheckWebCrawler" - "Microsoft Corporation" - C:\WINDOWS\system32\webcheck.dll
{BDEADF00-C265-11D0-BCED-00A0C90AB50F} "Webordner" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
{97090E2F-3062-4459-855B-014F0D3CDBB1} "Windows Deskbar" - ? -  (File not found | COM-object registry key not found)
{13E7F612-F261-4391-BEA2-39DF4F3FA311} "Windows Desktop Search" - "Microsoft Corporation" - C:\Programme\Windows Desktop Search\msnlExt.dll
{D426CFD0-87FC-4906-98D9-A23F5D515D61} "Windows Desktop Search Outlook Express SearchProtocol Class" - "Microsoft Corporation" - C:\Programme\Windows Desktop Search\OEPH.dll
{B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - "Alexander Roshal" - C:\Programme\WinRAR\rarext.dll
{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD} "WMP Add To Playlist Launcher" - "Microsoft Corporation" - C:\WINDOWS\system32\wmpshell.dll
{8DD448E6-C188-4aed-AF92-44956194EB1F} "WMP Burn Audio CD Launcher" - "Microsoft Corporation" - C:\WINDOWS\system32\wmpshell.dll
{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C} "WMP Play As Playlist Launcher" - "Microsoft Corporation" - C:\WINDOWS\system32\wmpshell.dll
XCShInfo "{B2F55D43-C7A4-4B7C-90D7-7A860DFA9F2A}" - ? -  (File not found | COM-object registry key not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad )-----
{E6FB5E20-DE35-11CF-9C87-00AA005127ED} "WebCheck" - "Microsoft Corporation" - C:\WINDOWS\system32\webcheck.dll

[Internet Explorer]
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
ITBar7Height "ITBar7Height" - ? -  (File not found | COM-object registry key not found)
<binary data> "ITBar7Layout" - ? -  (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} "Java Plug-in 1.5.0_04" - "Sun Microsystems, Inc." - C:\Programme\Java\jre1.5.0_04\bin\npjpi150_04.dll / hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_04-windows-i586.cab
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_24" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_24.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} "Java Plug-in 1.6.0_24" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_24.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_24" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_24.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
{233C1507-6A77-46A4-9443-F871F945D258} "Shockwave ActiveX Control" - "Adobe Systems, Inc." - C:\WINDOWS\system32\Adobe\Director\SwDir.dll / hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
{BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} "Zylom Games Player" - "Zylom Games" - C:\WINDOWS\Downloaded Program Files\zylomgamesplayer.dll / hxxp://game.zylom.com/activex/zylomgamesplayer.cab
{E2883E8F-472F-4FB0-9522-AC9BF37916A7} "{E2883E8F-472F-4FB0-9522-AC9BF37916A7}" - ? -  (File not found | COM-object registry key not found) / hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
{FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Recherchieren" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
{5CA3D70E-1895-11CF-8E15-001234567890} "DriveLetterAccess" - "Sonic Solutions" - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
{2F85D76C-0569-466F-A488-493E6BD0E955} "dsWebAllowBHO Class" - "Microsoft Corporation" - C:\Programme\Windows Desktop Search\dsWebAllow.dll
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jp2ssv.dll
{E7E6F031-17CE-4C07-BC86-EABFE594F69C} "JQSIEStartDetectorImpl Class" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

[Known DLLs]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\KnownDLLs )-----
"url" - "Microsoft Corporation" - C:\WINDOWS\system32\url.dll

[Logon]
-----( %AllUsersProfile%\Startmenü\Programme\Autostart )-----
"Secunia PSI Tray.lnk" - "Secunia" - C:\Programme\Secunia\PSI\psi_tray.exe  (Shortcut exists | File exists)
-----( %UserProfile%\Startmenü\Programme\Autostart )-----
"desktop.ini" - ? - C:\Dokumente und Einstellungen\Markus\Startmenü\Programme\Autostart\desktop.ini
-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----
"Logitech Vid" - "Logitech Inc." - "C:\Programme\Logitech\Logitech Vid\vid.exe" -bootmode
"SandboxieControl" - "SANDBOXIE L.T.D" - "C:\Programme\Sandboxie\SbieCtrl.exe"
"SUPERAntiSpyware" - "SUPERAntiSpyware.com" - C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe
"TOSCDSPD" - "TOSHIBA" - C:\Programme\TOSHIBA\TOSCDSPD\toscdspd.exe
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"Adobe ARM" - "Adobe Systems Incorporated" - "C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe"
"Adobe Reader Speed Launcher" - "Adobe Systems Incorporated" - "C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"ATICCC" - "ATI Technologies Inc." - "C:\Programme\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
"avgnt" - "Avira GmbH" - "C:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min
"DLA" - "Sonic Solutions" - C:\WINDOWS\System32\DLA\DLACTRLW.EXE
"IntelWireless" - "Intel Corporation" - "C:\Programme\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
"IntelZeroConfig" - "Intel Corporation" - "C:\Programme\Intel\Wireless\bin\ZCfgSvc.exe"
"LogitechQuickCamRibbon" - "Logitech Inc." - "C:\Programme\Logitech\Logitech WebCam Software\LWS.exe" /hide
"SmoothView" - "TOSHIBA Corporation" - C:\Programme\TOSHIBA\TOSHIBA Zoom-Dienstprogramm\SmoothView.exe
"SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe"
"THotkey" - "TOSHIBA" - C:\Programme\Toshiba\Toshiba Applet\thotkey.exe
"Tvs" - "TOSHIBA Corporation" - C:\Programme\TOSHIBA\Tvs\TvsTray.exe

[Print Monitors]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----
"Microsoft Document Imaging Writer Monitor" - "Microsoft Corporation" - C:\WINDOWS\system32\mdimon.dll
"Toshiba Bluetooth Monitor" - "Toshiba America Business Solutions, Inc." - C:\WINDOWS\system32\tbtmon.dll

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
".NET Runtime Optimization Service v2.0.50727_X86" (clr_optimization_v2.0.50727_32) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
"ASP.NET-Zustandsdienst" (aspnet_state) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
"Avira AntiVir Guard" (AntiVirService) - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\avguard.exe
"Avira AntiVir Planer" (AntiVirSchedulerService) - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\sched.exe
"ConfigFree Service" (CFSvcs) - "TOSHIBA CORPORATION" - C:\Programme\TOSHIBA\ConfigFree\CFSvcs.exe
"Google Update Service (gupdate)" (gupdate) - "Google Inc." - C:\Programme\Google\Update\GoogleUpdate.exe
"Google Update-Dienst (gupdatem)" (gupdatem) - "Google Inc." - C:\Programme\Google\Update\GoogleUpdate.exe
"Intel(R) PROSet/Wireless Event Log" (EvtEng) - "Intel Corporation" - C:\Programme\Intel\Wireless\Bin\EvtEng.exe
"Intel(R) PROSet/Wireless Registry Service" (RegSrvc) - "Intel Corporation" - C:\Programme\Intel\Wireless\Bin\RegSrvc.exe
"Intel(R) PROSet/Wireless Service" (S24EventMonitor) - "Intel Corporation " - C:\Programme\Intel\Wireless\Bin\S24EvMon.exe
"Java Quick Starter" (JavaQuickStarterService) - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jqs.exe
"MHN" (MHN) - "Microsoft Corporation" - C:\WINDOWS\System32\mhn.dll
"Office Source Engine" (ose) - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE
"Process Monitor" (LVPrcSrv) - "Logitech Inc." - C:\Programme\Gemeinsame Dateien\LogiShrd\LVMVFM\LVPrcSrv.exe
"Sandboxie Service" (SbieSvc) - "SANDBOXIE L.T.D" - C:\Programme\Sandboxie\SbieSvc.exe
"TOSHIBA Application Service" (TAPPSRV) - "TOSHIBA Corp." - C:\Programme\Toshiba\TOSHIBA Applet\TAPPSRV.exe
"TuneUp Designerweiterung" (UxTuneUp) - "TuneUp Software GmbH" - C:\WINDOWS\System32\uxtuneup.dll
"TuneUp Drive Defrag-Dienst" (TuneUp.Defrag) - "TuneUp Software GmbH" - C:\WINDOWS\System32\TuneUpDefragService.exe
"Windows CardSpace" (idsvc) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
"Windows Presentation Foundation Font Cache 3.0.0.0" (FontCache3.0.0.0) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
"X10 Device Network Service" (x10nets) - "X10" - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

[Winlogon]
-----( HKCU\Control Panel\IOProcs )-----
"MVB" - ? - mvfs32.dll  (File not found)
-----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions )-----
{A2E30F80-D7DE-11d2-BBDE-00C04F86AE3B} "Internet Explorer-Branding" - "Microsoft Corporation" - C:\WINDOWS\system32\iedkcs32.dll
{4CFB60C1-FAA6-47f1-89AA-0B18730C9FD3} "Internet Explorer-Zonenzuordnung" - "Microsoft Corporation" - C:\WINDOWS\system32\iedkcs32.dll
-----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify )-----
"!SASWinLogon" - "SUPERAntiSpyware.com" - C:\Programme\SUPERAntiSpyware\SASWINLO.DLL

===[ Logfile end ]=========================================[ Logfile end ]===
--- --- ---

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru

cosinus 13.05.2011 15:50
Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SASW und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!

mihrchen 14.05.2011 17:50
Hallo Arne,

Malwarebytes und SuperAnti finden nix mehr.

Ich danke Dir sehr, dass du dir soviel Mühe gegeben hast. Ohne eure Hilfe hätte ich die Rootkits nicht entfernen können. Ihr liefert hier eine echt professionelle Arbeit ab.

Weiter so!

Grüße Markus

cosinus 14.05.2011 17:55
Dann sollten wir durch sein! :abklatsch:

Bitte abschließend die Updates prüfen, unten mein Leitfaden dazu.
Für noch mehr Sicherheit solltest Du nach der beseitigten Infektion auch möglichst alle Passwörter ändern.


Microsoftupdate

Windows XP: Besuch mit dem IE die MS-Updateseite und lass Dir alle wichtigen Updates installieren.

Windows Vista/7: Anleitung Windows-Update



PDF-Reader aktualisieren
Dein Adobe Reader ist nicht aktuell, was ein großes Sicherheitsrisiko darstellt. Du solltest daher besser die alte Version über Systemsteuerung => Software deinstallieren, indem Du dort auf "Adobe Reader x.0" klickst und das Programm entfernst.

Ich empfehle einen alternativen PDF-Reader wie SumatraPDF oder Foxit PDF Reader, beide sind sehr viel schlanker und flotter als der AdobeReader.

Bitte überprüf bei der Gelegenheit auch die Aktualität des Flashplayers, hier der direkte Downloadlink:

Mozilla und andere Browser => http://filepony.de/?q=Flash+Player
Internet Explorer => http://fpdownload.adobe.com/get/flas..._player_ax.exe


Java-Update
Veraltete Java-Installationen sind ein Sicherheitsrisiko, daher solltest Du die alten Versionen löschen (falls vorhanden, am besten mit JavaRa) und auf die neuste aktualisieren. Beende dazu alle Programme (v.a. die Browser), klick danach auf Start, Systemsteuerung, Software und deinstalliere darüber alle aufgelisteten Java-Versionen. Lad Dir danach von hier das aktuelle Java SE Runtime Environment (JRE) herunter und installiere es.


Alle Zeitangaben in WEZ +1. Es ist jetzt 06:36 Uhr.
Seite 2 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132