BKA Virus 1.09 - OTL Logfile Auswertung

HF66 · 03.04.2012, 17:25

hier mal der log von GMER:

[code]
GMER Logfile:

Code:

ATTFilter

GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-04-03 18:23:39
Windows 5.1.2600 Service Pack 3 
Running: 5ipjgwly.exe; Driver: H:\DOKUME~1\Faber\LOKALE~1\Temp\uxtdqpow.sys


---- System - GMER 1.0.15 ----

SSDT            89566698                                                                                         ZwAlertResumeThread
SSDT            8955A470                                                                                         ZwAlertThread
SSDT            8AF03BF8                                                                                         ZwAllocateVirtualMemory
SSDT            8AD45DC0                                                                                         ZwAssignProcessToJobObject
SSDT            8ABC4970                                                                                         ZwConnectPort
SSDT            \??\H:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation)       ZwCreateKey [0xA3C1DD40]
SSDT            8AE20918                                                                                         ZwCreateMutant
SSDT            8AD0FF20                                                                                         ZwCreateSymbolicLinkObject
SSDT            8A4317A8                                                                                         ZwCreateThread
SSDT            8AD41480                                                                                         ZwDebugActiveProcess
SSDT            \??\H:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation)       ZwDeleteKey [0xA3C1DFC0]
SSDT            \??\H:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation)       ZwDeleteValueKey [0xA3C1E680]
SSDT            8AF09AB0                                                                                         ZwDuplicateObject
SSDT            8AF148D8                                                                                         ZwFreeVirtualMemory
SSDT            895CB0E8                                                                                         ZwImpersonateAnonymousToken
SSDT            89567430                                                                                         ZwImpersonateThread
SSDT            8AC933B0                                                                                         ZwLoadDriver
SSDT            8ACBB2A8                                                                                         ZwMapViewOfSection
SSDT            8ADF3BF0                                                                                         ZwOpenEvent
SSDT            8ACA3FC0                                                                                         ZwOpenProcess
SSDT            8AE00A50                                                                                         ZwOpenProcessToken
SSDT            8AD5CAC0                                                                                         ZwOpenSection
SSDT            8AC8CE80                                                                                         ZwOpenThread
SSDT            8ACF79C8                                                                                         ZwProtectVirtualMemory
SSDT            895590D8                                                                                         ZwResumeThread
SSDT            89550440                                                                                         ZwSetContextThread
SSDT            8AE211D8                                                                                         ZwSetInformationProcess
SSDT            8AD4DD58                                                                                         ZwSetSystemInformation
SSDT            \??\H:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation)       ZwSetValueKey [0xA3C1E910]
SSDT            8AD48FD0                                                                                         ZwSuspendProcess
SSDT            8953A2B8                                                                                         ZwSuspendThread
SSDT            895B5CB8                                                                                         ZwTerminateProcess
SSDT            8ACA2120                                                                                         ZwTerminateThread
SSDT            8AD0BE70                                                                                         ZwUnmapViewOfSection
SSDT            8AF0B488                                                                                         ZwWriteVirtualMemory

---- Kernel code sections - GMER 1.0.15 ----

.text           ntkrnlpa.exe!ZwCallbackReturn + 2D48                                                             805045E4 4 Bytes  CALL FAD9A299 
.text           ntkrnlpa.exe!ZwCallbackReturn + 2FC0                                                             8050485C 4 Bytes  [10, E9, C1, A3]
?               SYMDS.SYS                                                                                        Das System kann die angegebene Datei nicht finden. !
?               SYMEFA.SYS                                                                                       Das System kann die angegebene Datei nicht finden. !
.text           H:\windows\system32\DRIVERS\ati2mtag.sys                                                         section is writeable [0xB4925000, 0x2AAE02, 0xE8000020]
init            H:\windows\system32\drivers\ct20xflt.sys                                                         entry point in "init" section [0xB4702EC0]
init            H:\windows\system32\DRIVERS\V0700Afx.sys                                                         entry point in "init" section [0xA3A07990]
?               H:\windows\system32\Drivers\rikvm_D3D96EB9.sys                                                   Das System kann die angegebene Datei nicht finden. !

---- Devices - GMER 1.0.15 ----

Device          \FileSystem\Udfs \UdfsCdRom                                                                      CLBUDF.SYS (UDF File System Driver /CyberLink Corporation.)
Device          \FileSystem\Udfs \UdfsDisk                                                                       CLBUDF.SYS (UDF File System Driver /CyberLink Corporation.)

AttachedDevice  \Driver\Tcpip \Device\Ip                                                                         SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

Device          \Driver\CLKMDRV10_D3D96EB9 \Device\CLRKM#D3D96EB9                                                rikvm_D3D96EB9.sys

AttachedDevice  \Driver\Tcpip \Device\Tcp                                                                        SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice  \Driver\Ftdisk \Device\HarddiskVolume1                                                           tdrpman.sys (Acronis Try&Decide and Restore Points Volume Filter Driver/Acronis)
AttachedDevice  \Driver\Ftdisk \Device\HarddiskVolume1                                                           timntr.sys (Acronis True Image Backup Archive Explorer/Acronis)
AttachedDevice  \Driver\Ftdisk \Device\HarddiskVolume2                                                           tdrpman.sys (Acronis Try&Decide and Restore Points Volume Filter Driver/Acronis)
AttachedDevice  \Driver\Ftdisk \Device\HarddiskVolume2                                                           timntr.sys (Acronis True Image Backup Archive Explorer/Acronis)
AttachedDevice  \Driver\Ftdisk \Device\HarddiskVolume3                                                           tdrpman.sys (Acronis Try&Decide and Restore Points Volume Filter Driver/Acronis)
AttachedDevice  \Driver\Ftdisk \Device\HarddiskVolume3                                                           timntr.sys (Acronis True Image Backup Archive Explorer/Acronis)
AttachedDevice  \Driver\Tcpip \Device\Udp                                                                        SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice  \Driver\Tcpip \Device\RawIp                                                                      SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

Device          \Driver\BTHUSB \Device\000000bd                                                                  bthport.sys (Bluetooth-Bustreiber/Microsoft Corporation)
Device          \Driver\BTHUSB \Device\000000bf                                                                  bthport.sys (Bluetooth-Bustreiber/Microsoft Corporation)
Device          \FileSystem\Cdfs \Cdfs                                                                           CLBUDF.SYS (UDF File System Driver /CyberLink Corporation.)

---- Registry - GMER 1.0.15 ----

Reg             HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0009dd50420e                      
Reg             HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0009dd50420e@000761f0ef2d         0x1D 0xF1 0x59 0xC2 ...
Reg             HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0009dd50420e@0021fea8cb29         0x2A 0x7B 0x67 0x2E ...
Reg             HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001b1000093b                      
Reg             HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001b1000093b@ac932f6d1940         0x44 0x8A 0x17 0xC2 ...
Reg             HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\0009dd50420e (not active ControlSet)  
Reg             HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\0009dd50420e@000761f0ef2d             0x1D 0xF1 0x59 0xC2 ...
Reg             HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\0009dd50420e@0021fea8cb29             0x2A 0x7B 0x67 0x2E ...
Reg             HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\001b1000093b (not active ControlSet)  
Reg             HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\001b1000093b@ac932f6d1940             0x44 0x8A 0x17 0xC2 ...

---- EOF - GMER 1.0.15 ----

OSAM log:

Code:

ATTFilter

OSAM Logfile:

	Code: 

 ATTFilter

  
	Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 18:31:35 on 03.04.2012

OS: Windows XP Professional Service Pack 3 (Build 2600)
Default Browser: Microsoft Corporation Internet Explorer 8.00.6001.18702

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Common]
-----( %SystemRoot%\Tasks )-----
"GoogleUpdateTaskMachineCore.job" - "Google Inc." - H:\Programme\Google\Update\GoogleUpdate.exe
"GoogleUpdateTaskMachineUA.job" - "Google Inc." - H:\Programme\Google\Update\GoogleUpdate.exe

[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"CplMCDec.cpl" - "MainConcept AG" - H:\windows\system32\CplMCDec.cpl
"CPLNumark_NS6.cpl" - "Numark" - H:\windows\system32\CPLNumark_NS6.cpl
"CPLNumark_NS7.cpl" - "Numark" - H:\windows\system32\CPLNumark_NS7.cpl
"CPLNumark_V7.cpl" - "Numark" - H:\windows\system32\CPLNumark_V7.cpl
"DivXControlPanelApplet.cpl" - "DivX, Inc." - H:\windows\system32\DivXControlPanelApplet.cpl
"FlashPlayerCPLApp.cpl" - "Adobe Systems Incorporated" - H:\windows\system32\FlashPlayerCPLApp.cpl
"ImageDrive.cpl" - "Nero AG" - H:\windows\system32\ImageDrive.cpl
"infocardcpl.cpl" - "Microsoft Corporation" - H:\windows\system32\infocardcpl.cpl
"ISUSPM.cpl" - "InstallShield Software Corporation" - H:\windows\system32\ISUSPM.cpl
"javacpl.cpl" - "Sun Microsystems, Inc." - H:\windows\system32\javacpl.cpl
"PCWizard.cpl" - "CPUID" - H:\windows\system32\PCWizard.cpl
"ssmgr.cpl" - "Samsung" - H:\windows\system32\ssmgr.cpl
"viahdcpl.cpl" - "VIA Technologies, Inc" - H:\windows\system32\viahdcpl.cpl
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"CplMCDec" - "MainConcept AG" - H:\windows\System32\CplMCDec.cpl
"CplMCDec_x86" - ? - H:\windows\SysWOW64\CplMCDec.cpl  (File not found)
"CreativeAudioConsole" - "Creative Technology Ltd" - H:\Programme\Creative\Sound Blaster X-Fi\AudioCS\CTAudCS.cpl
"DeviceControl" - "Creative Technology Ltd." - H:\Programme\Creative\Device Control\USBAudio.cpl
"mlcfg32.cpl" - "Microsoft Corporation" - H:\PROGRA~1\MICROS~3\Office14\MLCFG32.CPL
"QuickTime" - "Apple Inc." - H:\Programme\QuickTime Alternative\QTSystem\QuickTime.cpl
"Stifttablett" - ? - H:\WINDOWS\system32\PenTablet.cpl  (File not found)

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"Acronis Snapshots Manager" (snapman) - "Acronis" - H:\windows\System32\DRIVERS\snapman.sys
"Acronis True Image Backup Archive Explorer" (timounter) - "Acronis" - H:\windows\System32\DRIVERS\timntr.sys
"Acronis True Image FS Filter" (tifsfilter) - "Acronis" - H:\windows\System32\DRIVERS\tifsfilt.sys
"Acronis Try&Decide and Restore Points filter" (tdrpman) - "Acronis" - H:\windows\System32\DRIVERS\tdrpman.sys
"Alcor Micro Corp Reader" (SunkFilt) - "Alcor Micro Corp." - H:\WINDOWS\System32\Drivers\sunkfilt.sys
"AsIO" (AsIO) - ? - H:\windows\System32\drivers\AsIO.sys  (File found, but it contains no detailed information)
"Aspi32" (Aspi32) - "Adaptec" - H:\windows\system32\drivers\Aspi32.sys
"AsUpIO" (AsUpIO) - ? - H:\windows\System32\drivers\AsUpIO.sys  (File found, but it contains no detailed information)
"ATI Function Driver for HDMI Service" (AtiHdmiService) - "ATI Research Inc." - H:\windows\System32\drivers\AtiHdmi.sys
"BHDrvx86" (BHDrvx86) - "Symantec Corporation" - H:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\BASHDefs\20120317.002\BHDrvx86.sys
"Bluetooth Audio Device (WDM) from TOSHIBA" (TosRfSnd) - "TOSHIBA Corporation" - H:\windows\System32\drivers\TosRfSnd.sys
"Bluetooth Personal Area Network from TOSHIBA" (tosrfnds) - "TOSHIBA Corporation." - H:\windows\System32\DRIVERS\tosrfnds.sys
"Bluetooth Port Driver from Toshiba" (tosporte) - "TOSHIBA Corporation" - H:\windows\System32\DRIVERS\tosporte.sys
"Bluetooth RFBNEP from TOSHIBA" (Tosrfbnp) - "TOSHIBA Corporation" - H:\windows\System32\Drivers\tosrfbnp.sys
"Bluetooth RFBUS from TOSHIBA" (Tosrfbd) - "TOSHIBA CORPORATION" - H:\windows\System32\Drivers\tosrfbd.sys
"Bluetooth RFCOMM from TOSHIBA" (Tosrfcom) - "TOSHIBA Corporation" - H:\windows\System32\Drivers\tosrfcom.sys
"Bluetooth RFHID from TOSHIBA" (Tosrfhid) - "TOSHIBA Corporation." - H:\windows\System32\DRIVERS\Tosrfhid.sys
"Bluetooth USB Controller" (Tosrfusb) - "TOSHIBA CORPORATION" - H:\windows\System32\Drivers\tosrfusb.sys
"Bluetooth-Audiogerät" (btaudio) - ? - H:\windows\System32\drivers\btaudio.sys  (File not found)
"btwhid" (btwhid) - ? - H:\windows\System32\DRIVERS\btwhid.sys  (File not found)
"BVRPMPR5 NDIS Protocol Driver" (BVRPMPR5) - "Avanquest Software" - H:\WINDOWS\system32\drivers\BVRPMPR5.SYS
"Changer" (Changer) - ? - H:\windows\system32\drivers\Changer.sys  (File not found)
"Cinergy T-Stick service" (AF15BDA) - "ITETech                  " - H:\windows\System32\DRIVERS\AF15BDA.sys
"cpuz134" (cpuz134) - "Windows (R) Win 7 DDK provider" - H:\Programme\CPUID\PC Wizard 2010\pcwiz_x32.sys
"cpuz135" (cpuz135) - "CPUID" - H:\WINDOWS\system32\drivers\cpuz135_x32.sys
"CrystalSysInfo" (CrystalSysInfo) - ? - H:\Programme\MediaCoder\SysInfo.sys  (File not found)
"CSRBC.Sys CSR test driver" (CSRBC) - "CSR" - H:\windows\System32\Drivers\csrbcxp.sys
"CyberLink InstantBurn UDF Filesystem" (CLBUDF) - "CyberLink Corporation." - H:\windows\system32\drivers\CLBUDF.sys
"DgiVecp" (DgiVecp) - "Samsung Electronics Co., Ltd." - H:\WINDOWS\system32\Drivers\DgiVecp.sys
"ELTIMA Virtual Serial Ports Driver" (vserial) - "ELTIMA Software" - H:\windows\System32\DRIVERS\vserial.sys
"epmntdrv" (epmntdrv) - ? - H:\windows\system32\epmntdrv.sys  (File found, but it contains no detailed information)
"EraserUtilRebootDrv" (EraserUtilRebootDrv) - "Symantec Corporation" - H:\Programme\Gemeinsame Dateien\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
"EuGdiDrv" (EuGdiDrv) - ? - H:\windows\system32\EuGdiDrv.sys  (File found, but it contains no detailed information)
"i2omgmt" (i2omgmt) - ? - H:\windows\system32\drivers\i2omgmt.sys  (File not found)
"IDSxpx86" (IDSxpx86) - "Symantec Corporation" - H:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\IPSDefs\20120401.001\IDSxpx86.sys
"imagedrv" (imagedrv) - "Ahead Software AG" - H:\windows\System32\Drivers\imagedrv.sys
"imagesrv" (imagesrv) - "Ahead Software AG" - H:\windows\System32\DRIVERS\imagesrv.sys
"InstantBurn Storage Helper Driver" (CLBStor) - "Cyberlink Co.,Ltd." - H:\windows\system32\drivers\CLBStor.sys
"lbrtfdc" (lbrtfdc) - ? - H:\windows\system32\drivers\lbrtfdc.sys  (File not found)
"Logitech Beep Suppression Driver" (LBeepKE) - "Logitech, Inc." - H:\windows\System32\Drivers\LBeepKE.sys
"Logitech SetPoint Keyboard Driver" (L8042Kbd) - "Logitech Inc." - H:\windows\System32\DRIVERS\L8042Kbd.sys
"Logitech SetPoint KMDF USB Filter" (LUsbFilt) - "Logitech, Inc." - H:\windows\System32\Drivers\LUsbFilt.Sys
"Logitech USB Monitor Filter" (LVUSBSta) - ? - H:\windows\System32\drivers\lvusbsta.sys  (File not found)
"MagicTune" (MagicTune) - ? - H:\windows\System32\drivers\MTiCtwl.sys  (File not found)
"MBAMProtector" (MBAMProtector) - "Malwarebytes Corporation" - H:\windows\system32\drivers\mbam.sys
"NAVENG" (NAVENG) - "Symantec Corporation" - H:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20120402.002\NAVENG.SYS
"NAVEX15" (NAVEX15) - "Symantec Corporation" - H:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20120402.002\NAVEX15.SYS
"Norton Internet Security Settings Manager" (ccSet_NIS) - "Symantec Corporation" - H:\windows\system32\drivers\NIS\1306020.00A\ccSetx86.sys
"Norton Management Settings Manager" (ccSet_MCLIENT) - "Symantec Corporation" - H:\windows\system32\drivers\MCLIENT\0201020.00D\ccSetx86.sys
"Numark MixDeck WDM" (NUMARK_NC06_WDM) - "Numark" - H:\windows\System32\drivers\nc06_wdm.sys
"Numark MixDeck WDM MIDI Device" (NUMARK_NC06_MIDI) - "Numark" - H:\windows\System32\drivers\nc06midi.sys
"PCIDump" (PCIDump) - ? - H:\windows\system32\drivers\PCIDump.sys  (File not found)
"PDCOMP" (PDCOMP) - ? - H:\windows\system32\drivers\PDCOMP.sys  (File not found)
"PDFRAME" (PDFRAME) - ? - H:\windows\system32\drivers\PDFRAME.sys  (File not found)
"PDRELI" (PDRELI) - ? - H:\windows\system32\drivers\PDRELI.sys  (File not found)
"PDRFRAME" (PDRFRAME) - ? - H:\windows\system32\drivers\PDRFRAME.sys  (File not found)
"Pivot" (Pivot) - "Portrait Displays, Inc." - H:\windows\System32\drivers\pivot.sys
"Pivot Mouse/Pointers Filter Driver" (pivotmou) - "Portrait Displays, Inc." - H:\WINDOWS\system32\drivers\pivotmou.sys
"PLCND532 NDIS Protocol Driver" (PLCND532) - "Intellon, Inc." - H:\windows\System32\Drivers\PLCND532.sys
"Portrait Displays low level device driver" (PdiPorts) - "Portrait Displays, Inc." - H:\windows\System32\Drivers\PdiPorts.sys
"SSPORT" (SSPORT) - ? - H:\WINDOWS\system32\Drivers\SSPORT.sys  (File not found)
"SXUPTP Driver" (sxuptp) - ? - H:\windows\System32\DRIVERS\sxuptp.sys  (File not found)
"Symantec Data Store" (SymDS) - "Symantec Corporation" - H:\windows\System32\drivers\NIS\1306020.00A\SYMDS.SYS
"Symantec Eraser Control driver" (eeCtrl) - "Symantec Corporation" - H:\Programme\Gemeinsame Dateien\Symantec Shared\EENGINE\eeCtrl.sys
"Symantec Extended File Attributes" (SymEFA) - "Symantec Corporation" - H:\windows\System32\drivers\NIS\1306020.00A\SYMEFA.SYS
"Symantec Iron Driver" (SymIRON) - "Symantec Corporation" - H:\windows\system32\drivers\NIS\1306020.00A\Ironx86.SYS
"Symantec Network Dispatch Driver" (SYMTDI) - "Symantec Corporation" - H:\windows\System32\Drivers\NIS\1306020.00A\SYMTDI.SYS
"Symantec Real Time Storage Protection" (SRTSP) - "Symantec Corporation" - H:\windows\System32\Drivers\NIS\1306020.00A\SRTSP.SYS
"Symantec Real Time Storage Protection (PEL)" (SRTSPX) - "Symantec Corporation" - H:\windows\system32\drivers\NIS\1306020.00A\SRTSPX.SYS
"SymEvent" (SymEvent) - "Symantec Corporation" - H:\WINDOWS\system32\Drivers\SYMEVENT.SYS
"TechniSat DVB-PC TV Star PCI" (SKYNET) - "TechniSat Digital, S.A." - H:\windows\System32\DRIVERS\SkyNET.SYS
"TOSHIBA Bluetooth HID port driver" (toshidpt) - "TOSHIBA Corporation." - H:\windows\System32\drivers\Toshidpt.sys
"uxtdqpow" (uxtdqpow) - ? - H:\DOKUME~1\Faber\LOKALE~1\Temp\uxtdqpow.sys  (Hidden registry entry, rootkit activity | File not found)
"Virtual Serial Bus Enumerator" (vsbus) - "ELTIMA Software" - H:\windows\System32\DRIVERS\vsb.sys
"Virtueller Bluetooth-Kommunikationstreiber" (BTDriver) - ? - H:\windows\System32\DRIVERS\btport.sys  (File not found)
"WDICA" (WDICA) - ? - H:\windows\system32\drivers\WDICA.sys  (File not found)
"WIDCOMM USB Bluetooth Driver" (BTWUSB) - ? - H:\windows\System32\Drivers\btwusb.sys  (File not found)
"WIDCOMM USB Bluetooth Driver in DFU State" (DFUBTUSB) - ? - H:\windows\System32\Drivers\frmupgr.sys  (File not found)

[Explorer]
-----( HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? -   (File not found | COM-object registry key not found)
{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? -   (File not found | COM-object registry key not found)
{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? -   (File not found | COM-object registry key not found)
{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? -   (File not found | COM-object registry key not found)
{BDEADF00-C265-11d0-BCED-00A0C90AB50F} "Web Folders" - "Microsoft Corporation" - H:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Folders\MSONSEXT.DLL
-----( HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components )-----
{10880D85-AAD9-4558-ABDC-2AB1552D831F} "LightScribe Control Panel" - "Hewlett-Packard Company" - "H:\Programme\Gemeinsame Dateien\LightScribe\LSRunOnce.exe"
{89B4C1CD-B018-4511-B0A1-5476DBF70820} "StubPath" - "Microsoft Corporation" - h:\WINDOWS\system32\Rundll32.exe h:\WINDOWS\system32\mscories.dll,Install
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - H:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.dll
-----( HKLM\Software\Classes\Protocols\Filter )-----
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - H:\windows\system32\mscoree.dll
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - H:\windows\system32\mscoree.dll
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - H:\windows\system32\mscoree.dll
{807573E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - H:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
-----( HKLM\Software\Classes\Protocols\Handler )-----
{4746C79A-2042-4332-8650-48966E44ABA8} "CPureGoProtoInfo Object" - "Cisco Systems, Inc." - H:\Programme\Gemeinsame Dateien\Pure Networks Shared\Platform\puresp4.dll
{314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - H:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll
{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - H:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL
{828030A1-22C1-4009-854F-8E305202313F} "livecall" - "Microsoft Corporation" - H:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
{828030A1-22C1-4009-854F-8E305202313F} "msnim" - "Microsoft Corporation" - H:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
{03C514A3-1EFB-4856-9F99-10D7BE1653C0} "Windows Live Mail HTML Asynchronous Pluggable Protocol Handler" - "Microsoft Corporation" - H:\Programme\Windows Live\Mail\mailcomm.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )-----
{B5A7F190-DDA6-4420-B3BA-52453494E6CD} "Groove GFS Stub Execution Hook" - "Microsoft Corporation" - H:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLL
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{23170F69-40C1-278A-1000-000100020000} "7-Zip Shell Extension" - "Igor Pavlov" - H:\Programme\7-Zip\7-zip.dll
{C539A15A-3AF9-4c92-B771-50CB78F5C751} "Acronis True Image Shell Context Menu Extension" - "Acronis" - H:\Programme\Acronis\TrueImageHome\tishell.dll
{C539A15B-3AF9-4c92-B771-50CB78F5C751} "Acronis True Image Shell Extension" - "Acronis" - H:\Programme\Acronis\TrueImageHome\tishell.dll
{3D60EDA7-9AB4-4DA8-864C-D9B5F2E7281D} "Arbeitsbereiche" - "Microsoft Corporation" - H:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLL
{D66DC78C-4F61-447F-942B-3FB6980118CF} "CInfoTipShellExt Class" - "Microsoft Corporation" - H:\Programme\Microsoft Office\Office14\VISSHE.DLL
{0563DB41-F538-4B37-A92D-4659049B7766} "CLSID_WLMCMimeFilter" - "Microsoft Corporation" - H:\Programme\Windows Live\Mail\mailcomm.dll
{42071714-76d4-11d1-8b24-00a0c9068ff3} "CPL-Erweiterung für Anzeigeverschiebung" - ? -   (File not found | COM-object registry key not found)
{872A9397-E0D6-4e28-B64D-52B8D0A7EA35} "DisplayCplExt Class" - "Advanced Micro Devices, Inc." - H:\Programme\ATI Technologies\ATI.ACE\Core-Static\atiamaxx.dll
{99FD978C-D287-4F50-827F-B2C658EDA8E7} "Groove Explorer Icon Overlay 1 (GFS Unread Stub)" - "Microsoft Corporation" - H:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLL
{AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} "Groove Explorer Icon Overlay 2 (GFS Stub)" - "Microsoft Corporation" - H:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLL
{920E6DB1-9907-4370-B3A0-BAFC03D81399} "Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)" - "Microsoft Corporation" - H:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLL
{16F3DD56-1AF5-4347-846D-7C10C4192619} "Groove Explorer Icon Overlay 3 (GFS Folder)" - "Microsoft Corporation" - H:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLL
{2916C86E-86A6-43FE-8112-43ABE6BF8DCC} "Groove Explorer Icon Overlay 4 (GFS Unread Mark)" - "Microsoft Corporation" - H:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLL
{2A541AE1-5BF6-4665-A8A3-CFA9672E4291} "Groove Folder Synchronization" - "Microsoft Corporation" - H:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLL
{72853161-30C5-4D22-B7F9-0BBC1D38A37E} "Groove GFS Browser Helper" - "Microsoft Corporation" - H:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLL
{6C467336-8281-4E60-8204-430CED96822D} "Groove GFS Context Menu Handler" - "Microsoft Corporation" - H:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLL
{B5A7F190-DDA6-4420-B3BA-52453494E6CD} "Groove GFS Stub Execution Hook" - "Microsoft Corporation" - H:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLL
{A449600E-1DC6-4232-B948-9BD794D62056} "Groove GFS Stub Icon Handler" - "Microsoft Corporation" - H:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLL
{387E725D-DC16-4D76-B310-2C93ED4752A0} "Groove XML Icon Handler" - "Microsoft Corporation" - H:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLL
{FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} "IE User Assist" - ? -   (File not found | COM-object registry key not found)
{B988C8B2-373B-11CF-B6E0-00AA00BBBA9E} "ImageComposer.CompositionPropertyPage" - "Microsoft Corporation" - H:\Programme\Microsoft Image Composer\SERVER.DLL
{506F4668-F13E-4AA1-BB04-B43203AB3CC0} "ImageExtractorShellExt Class" - "Microsoft Corporation" - H:\Programme\Microsoft Office\Office14\VISSHE.DLL
{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} "iTunes" - "Apple Inc." - H:\Programme\iTunes\iTunesMiniPlayer.dll
{DC70C4A5-2044-4c59-B806-DEFB9AE0DF7C} "KbLogiExt Class" - "Logitech, Inc." - H:\Programme\Logitech\SetPointP\kbcplext.dll
{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} "Kontextmenü für die Verschlüsselung" - ? -   (File not found | COM-object registry key not found)
{32683183-48a0-441b-a342-7c2a440a9478} "Media Band" - ? -   (File not found | COM-object registry key not found)
{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - H:\Programme\Microsoft Office\Office14\msohevi.dll
{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - H:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE14\msoshext.dll
{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - H:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE14\msoshext.dll
{0875DCB6-C686-4243-9432-ADCCF0B9F2D7} "Microsoft OneNote Namespace Extension for Windows Desktop Search" - "Microsoft Corporation" - H:\Programme\Microsoft Office\Office14\ONFILTER.DLL
{00020D75-0000-0000-C000-000000000046} "Microsoft Outlook" - "Microsoft Corporation" - H:\PROGRA~1\MICROS~3\Office14\MLSHEXT.DLL
{7842554E-6BED-11D2-8CDB-B05550C10000} "Monitor" - ? -   (File not found | COM-object registry key not found)
{0006F045-0000-0000-C000-000000000046} "Outlook File Icon Extension" - "Microsoft Corporation" - H:\Programme\Microsoft Office\Office14\OLKFSTUB.DLL
{A4D78B20-6E05-1069-8758-4E73FD83DEAD} "QCopy" - ? - H:\windows\dropcpyr.dll  (File found, but it contains no detailed information)
{E99987AC-6311-4686-B095-EB30B69F9258} "Samsung AnyWeb Print" - ? - H:\Programme\Samsung AnyWeb Print\W2PDeskband.dll
{E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} "Shell Icon Handler for Application References" - "Microsoft Corporation" - H:\WINDOWS\system32\dfshim.dll
{764BF0E1-F219-11ce-972D-00AA00A14F56} "Shellerweiterungen für die Dateikomprimierung" - ? -   (File not found | COM-object registry key not found)
{e82a2d71-5b2f-43a0-97b8-81be15854de8} "ShellLink for Application References" - "Microsoft Corporation" - H:\WINDOWS\system32\dfshim.dll
{5E2121EE-0300-11D4-8D3B-444553540000} "SimpleShlExt Class" - "Advanced Micro Devices, Inc." - H:\Programme\ATI Technologies\ATI.ACE\Core-Static\atiacmxx.dll
{BDEADF00-C265-11D0-BCED-00A0C90AB50F} "Web Folders" - "Microsoft Corporation" - H:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Folders\MSONSEXT.DLL
{B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - "Alexander Roshal" - H:\Programme\WinRAR\rarext.dll
Logitech Setpoint Extension "{B9B9F083-2B04-452A-8691-83694AC1037B}" - ? -   (File not found | COM-object registry key not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad )-----
{fbeb8a05-beee-4442-804e-409d6c4515e9} "CDBurn" - ? -   (File not found | COM-object registry key not found)

[Internet Explorer]
-----( HKCU\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars )-----
{32683183-48a0-441b-a342-7c2a440a9478} "{32683183-48a0-441b-a342-7c2a440a9478}" - ? -   (File not found | COM-object registry key not found)
-----( HKCU\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
{002C5F79-B71E-44FD-966A-684AD20F58C2} "SmarThru4 Als HTML speichern" - ? - H:\Programme\SmarThru 4\WebCapture.dll
{A9A0537F-A1B3-4472-BE97-CBB588B2965F} "SmarThru4 Auswahl erfassen" - ? - H:\Programme\SmarThru 4\WebCapture.dll
{7944DB2F-E7C7-4A84-922D-305182AD87F3} "SmarThru4 Markierten Text speichern" - ? - H:\Programme\SmarThru 4\WebCapture.dll
{C4F01940-1BF8-4447-AF12-7B548BBBFEB2} "SmarThru4 Web Capture" - ? - H:\Programme\SmarThru 4\WebCapture.dll
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
ITBar7Height "ITBar7Height" - ? -   (File not found | COM-object registry key not found)
<binary data> "ITBar7Layout" - ? -   (File not found | COM-object registry key not found)
<binary data> "TerraTec Home Cinema" - "TerraTec Electronic GmbH" - H:\PROGRA~1\TerraTec\TERRAT~1\THCDES~1.DLL
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} "a-squared Scanner" - "Emsi Software GmbH" - H:\WINDOWS\DOWNLO~1\asquared.ocx / hxxp://ax.emsisoft.com/asquared.cab
{0D41B8C5-2599-4893-8183-00195EC8D5F9} "asusTek_sysctrl Class" - ? - H:\WINDOWS\DOWNLO~1\ASUSTE~1.DLL / hxxp://support.asus.de/common/asusTek_sys_ctrl.cab
{4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} "Bitdefender QuickScan Control" - "Bitdefender LLC" - H:\WINDOWS\DOWNLO~1\qsax.dll / hxxp://quickscan.bitdefender.com/qsax/qsax.cab
{6C269571-C6D7-4818-BCA4-32A035E8C884} "Creative Software AutoUpdate" - "Creative Technology Ltd" - H:\WINDOWS\DOWNLO~1\CTSUEngn.ocx / hxxp://ccfiles.creative.com/Web/softwareupdate/su/ocx/15102/CTSUEng.cab
{E705A591-DA3C-4228-B0D5-A356DBA42FBF} "Creative Software AutoUpdate 2" - "Creative Technology Ltd" - H:\PROGRA~1\Creative\SHARED~1\SOFTWA~1\CTSUEng.ocx / hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab
{D4B68B83-8710-488B-A692-D74B50BA558E} "Creative Software AutoUpdate Support Package" - "Creative Technology Ltd" - H:\WINDOWS\DOWNLO~1\CTPIDPDE.ocx / hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
{F6ACF75C-C32C-447B-9BEF-46B766368D29} "Creative Software AutoUpdate Support Package" - "Creative Technology Ltd" - H:\PROGRA~1\Creative\SHARED~1\SOFTWA~1\CTPID.ocx / hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/110926/CTPID.cab
{0067DBFC-A752-458C-AE6E-B9C7E63D4824} "Geräteerkennung" - "Logitech, Inc." - H:\WINDOWS\DOWNLO~1\LOGITE~1.OCX / hxxp://www.logitech.com/devicedetector/plugins/LogitechDeviceDetection32.cab
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_31" - "Sun Microsystems, Inc." - H:\Programme\Java\jre6\bin\npjpi160_31.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} "Java Plug-in 1.6.0_31" - "Sun Microsystems, Inc." - H:\Programme\Java\jre6\bin\npjpi160_31.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_31" - "Sun Microsystems, Inc." - H:\Programme\Java\jre6\bin\npjpi160_31.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
{BF3CD111-6278-11D2-9EA3-00A0C9251384} "O2C-Player Version 1.x" - "Eleco plc" - H:\WINDOWS\system32\O2CPLA~1.OCX / hxxp://www.o2c.de/download/O2CPlayer.CAB
{7530BFB8-7293-4D34-9923-61A11451AFC5} "OnlineScanner Control" - "ESET" - H:\PROGRA~1\ESET\ESETON~1\ONLINE~1.OCX / hxxp://download.eset.com/special/eos/OnlineScanner.cab
{4D054067-DE3A-48F9-B19B-BCD229B9AE8D} "PrinterHelpEtcActiveX Control" - "오룡방" - H:\WINDOWS\DOWNLO~1\PRINTE~1.OCX / hxxp://www.samsungdp.com/printerhelp/ActiveX/DrPrinter.cab
{D27CDB6E-AE6D-11CF-96B8-444553540000} "Shockwave Flash Object" - "Adobe Systems, Inc." - H:\windows\system32\Macromed\Flash\Flash11f.ocx / hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
{17492023-C23A-453E-A040-C7C580BBF700} "Windows Genuine Advantage Validation Tool" - "Microsoft Corporation" - H:\WINDOWS\system32\LegitCheckControl.DLL / hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
{4FEE6316-7B6F-4A6C-BD4E-4157C59A9E9D} "{4FEE6316-7B6F-4A6C-BD4E-4157C59A9E9D}" - ? -   (File not found | COM-object registry key not found) / hxxp://static.s2g.gate5.de/ovi_maps/OviMaps_4.0.12.12.cab
{6D2EF4B4-CB62-4C0B-85F3-B79C236D702C} "{6D2EF4B4-CB62-4C0B-85F3-B79C236D702C}" - ? -   (File not found | COM-object registry key not found) / hxxp://www.facebook.com/controls/contactx.dll
{8100D56A-5661-482C-BEE8-AFECE305D968} "{8100D56A-5661-482C-BEE8-AFECE305D968}" - ? -   (File not found | COM-object registry key not found) / hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
{C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} "{C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB}" - ? -   (File not found | COM-object registry key not found) / hxxp://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-29-0.cab
{D27CDB6E-AE6D-11CF-96B8-416053540000} "{D27CDB6E-AE6D-11CF-96B8-416053540000}" - ? -   (File not found | COM-object registry key not found) / hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
{DB28CF23-0083-40B5-BF63-69925D672385} "{DB28CF23-0083-40B5-BF63-69925D672385}" - ? -   (File not found | COM-object registry key not found) / hxxp://www.nero.com/doc/NeroVersionChecker.cab
{E06E2E99-0AA1-11D4-ABA6-0060082AA75C} "{E06E2E99-0AA1-11D4-ABA6-0060082AA75C}" - "WebEx Communications, Inc" - H:\Programme\WebEx\ieatgpc.dll / 
{E2883E8F-472F-4FB0-9522-AC9BF37916A7} "{E2883E8F-472F-4FB0-9522-AC9BF37916A7}" - ? -   (File not found | COM-object registry key not found) / hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
{48E73304-E1D6-4330-914C-F5F514E3486C} "An OneNote senden" - "Microsoft Corporation" - H:\Programme\Microsoft Office\Office14\ONBttnIE.dll
{94BB0C4C-B957-479A-85E4-42F53B89F681} "Samsung AnyWeb Print" - ? - H:\Programme\Samsung AnyWeb Print\W2PBrowser.dll
{FFFDC614-B694-4AE6-AB38-5D6374584B52} "Verknüpfte &OneNote-Notizen" - "Microsoft Corporation" - H:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )-----
{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} "Norton Toolbar" - "Symantec Corporation" - H:\Programme\Norton Internet Security\Engine\19.6.2.10\coIEPlg.dll
{AD6E6555-FB2C-47D4-8339-3E2965509877} "TerraTec Home Cinema" - "TerraTec Electronic GmbH" - H:\PROGRA~1\TerraTec\TERRAT~1\THCDES~1.DLL
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - H:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
{72853161-30C5-4D22-B7F9-0BBC1D38A37E} "Groove GFS Browser Helper" - "Microsoft Corporation" - H:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLL
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - H:\Programme\Java\jre6\bin\jp2ssv.dll
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} "Java(tm) Plug-In SSV Helper" - "Sun Microsystems, Inc." - H:\Programme\Java\jre6\bin\ssv.dll
{E7E6F031-17CE-4C07-BC86-EABFE594F69C} "JQSIEStartDetectorImpl Class" - "Sun Microsystems, Inc." - H:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} "Norton Identity Protection" - "Symantec Corporation" - H:\Programme\Norton Internet Security\Engine\19.6.2.10\coIEPlg.dll
{6D53EC84-6AAE-4787-AEEE-F4628F01010C} "Norton Vulnerability Protection" - "Symantec Corporation" - H:\Programme\Norton Internet Security\Engine\19.6.2.10\IPS\IPSBHO.DLL
{B4F3A835-0E21-4959-BA22-42B3008E02FF} "Office Document Cache Handler" - "Microsoft Corporation" - H:\PROGRA~1\MICROS~3\Office14\URLREDIR.DLL
{AA609D72-8482-4076-8991-8CDAE5B93BCB} "Samsung BHO Class" - ? - H:\Programme\Samsung AnyWeb Print\W2PBrowser.dll
{9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live ID-Anmelde-Hilfsprogramm" - "Microsoft Corporation" - H:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

[LSA Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Lsa )-----
"Authentication packages" - "Acronis" - H:\windows\system32\relog_ap.dll

[Logon]
-----( %AllUsersProfile%\Startmenü\Programme\Autostart )-----
"Button Manager v5.099.lnk" - ? - H:\Programme\INITIO\v5.099\INIHID.EXE  (Shortcut exists | File exists)
"desktop.ini" - ? - H:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\desktop.ini
-----( %UserProfile%\Startmenü\Programme\Autostart )-----
"batch.cmd" - ? - H:\Dokumente und Einstellungen\Faber\Startmenü\Programme\Autostart\batch.cmd
"desktop.ini" - ? - H:\Dokumente und Einstellungen\Faber\Startmenü\Programme\Autostart\desktop.ini
-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----
"NokiaSuite.exe" - "Nokia" - H:\Programme\Nokia\Nokia Suite\NokiaSuite.exe -tray
-----( HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run )-----
"{Default}" - ? -   (File not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"3170 Scan2PC" - ? - "H:\WINDOWS\Twain_32\Samsung\CLX3170\Scan2pc.exe"
"Acronis Scheduler2 Service" - "Acronis" - "H:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedhlp.exe"
"AcronisTimounterMonitor" - "Acronis" - H:\Programme\Acronis\TrueImageHome\TimounterMonitor.exe
"Adobe ARM" - "Adobe Systems Incorporated" - "H:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe"
"Bluetooth Connection Assistant" - ? - LBTWIZ.EXE -silent  (File not found)
"Live! Central 3" - "Creative Technology Ltd" - "H:\Programme\Creative\Creative Live! Cam\Live! Central 3\CTLVCentral3.exe" /mode2
"LVCOMSX" - "Logitech Inc." - H:\WINDOWS\system32\LVCOMSX.EXE
"Malwarebytes' Anti-Malware" - "Malwarebytes Corporation" - "H:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
"nmctxth" - "Cisco Systems, Inc." - "H:\Programme\Gemeinsame Dateien\Pure Networks Shared\Platform\nmctxth.exe"
"Samsung PanelMgr" - ? - H:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe /autorun
"StartCCC" - "Advanced Micro Devices, Inc." - "H:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
"SunJavaUpdateSched" - "Sun Microsystems, Inc." - "H:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe"
"Sunkist2k" - "Alcor Micro, Corp." - H:\Programme\Multimedia Card Reader\shwicon2k.exe
"TrueImageMonitor.exe" - "Acronis" - H:\Programme\Acronis\TrueImageHome\TrueImageMonitor.exe
"UpdReg" - "Creative Technology Ltd." - H:\WINDOWS\UpdReg.EXE
"VolPanel" - "Creative Technology Ltd" - "H:\Programme\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" /r

[Print Monitors]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----
"Redirected Port" - ? - H:\windows\system32\redmonnt.dll  (File found, but it contains no detailed information)
"SmarThru PC Fax Port" - ? - H:\windows\system32\SamFaxPort.dll

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"Acronis Scheduler2 Service" (AcrSch2Svc) - "Acronis" - H:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedul2.exe
"Acronis Try And Decide Service" (TryAndDecideService) - ? - H:\Programme\Gemeinsame Dateien\Acronis\Fomatik\TrueImageTryStartService.exe  (File found, but it contains no detailed information)
"Apple Mobile Device" (Apple Mobile Device) - "Apple Inc." - H:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe
"ASP.NET-Zustandsdienst" (aspnet_state) - "Microsoft Corporation" - H:\windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
"BrSplService" (Brother XP spl Service) - "brother Industries Ltd" - H:\WINDOWS\system32\brsvc01a.exe
"Canon Camera Access Library 8" (CCALib8) - "Canon Inc." - H:\Programme\Canon\CAL\CALMAIN.exe
"Creative Audio Engine Licensing Service" (Creative Audio Engine Licensing Service) - "Creative Labs" - H:\Programme\Gemeinsame Dateien\Creative Labs Shared\Service\CTAELicensing.exe
"Creative Audio Service" (CTAudSvcService) - "Creative Technology Ltd" - H:\Programme\Creative\Shared Files\CTAudSvc.exe
"Creative Dolby Digital Live Pack Licensing Service" (Creative Dolby Digital Live Pack Licensing Service) - "Creative Labs" - H:\Programme\Gemeinsame Dateien\Creative Labs Shared\Service\DDLLicensing.exe
"Creative Media Toolbox 6 Licensing Service" (Creative Media Toolbox 6 Licensing Service) - "Creative Labs" - H:\Programme\Gemeinsame Dateien\Creative Labs Shared\Service\MT6Licensing.exe
"Creative Service for CDROM Access" (Creative Service for CDROM Access) - "Creative Technology Ltd" - H:\WINDOWS\system32\CTsvcCDA.exe
"CyberLink Product - 2011/11/03 14:05:16" (CLKMSVC10_D3D96EB9) - "CyberLink" - H:\Programme\CyberLink\PowerDVD9\NavFilter\kmsvc.exe
"Cyberlink RichVideo Service(CRVS)" (RichVideo) - ? - H:\Programme\CyberLink\Shared files\RichVideo.exe
"Dienst "Bonjour"" (Bonjour Service) - "Apple Inc." - H:\Programme\Bonjour\mDNSResponder.exe
"Firebird Server - MAGIX Instance" (FirebirdServerMAGIXInstance) - "MAGIX®" - H:\Programme\MAGIX\Common\Database\bin\fbserver.exe
"Google Update Service (gupdate1ca19d523fc2adc)" (gupdate1ca19d523fc2adc) - "Google Inc." - H:\Programme\Google\Update\GoogleUpdate.exe
"Google Update-Dienst (gupdatem)" (gupdatem) - "Google Inc." - H:\Programme\Google\Update\GoogleUpdate.exe
"InstallDriver Table Manager" (IDriverT) - "Macrovision Corporation" - H:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe
"iPod-Dienst" (iPod Service) - "Apple Inc." - H:\Programme\iPod\bin\iPodService.exe
"Java Quick Starter" (JavaQuickStarterService) - "Sun Microsystems, Inc." - H:\Programme\Java\jre6\bin\jqs.exe
"LightScribeService Direct Disc Labeling Service" (LightScribeService) - "Hewlett-Packard Company" - H:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe
"Logitech Bluetooth Service" (LBTServ) - "Logitech, Inc." - H:\Programme\Gemeinsame Dateien\LogiShrd\Bluetooth\lbtserv.exe
"Machine Debug Manager" (MDM) - "Microsoft Corporation" - H:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\mdm.exe
"MBAMService" (MBAMService) - "Malwarebytes Corporation" - H:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe
"Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - H:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
"Microsoft SharePoint Workspace Audit Service" (Microsoft SharePoint Workspace Audit Service) - "Microsoft Corporation" - H:\Programme\Microsoft Office\Office14\GROOVE.EXE
"Norton Internet Security" (NIS) - "Symantec Corporation" - H:\Programme\Norton Internet Security\Engine\19.6.2.10\ccSvcHst.exe
"Norton Management" (MCLIENT) - "Symantec Corporation" - H:\Programme\Norton Management\Engine\2.1.2.13\ccSvcHst.exe
"Office  Source Engine" (ose) - "Microsoft Corporation" - H:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE
"Office Software Protection Platform" (osppsvc) - "Microsoft Corporation" - H:\Programme\Gemeinsame Dateien\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
"Portrait Displays SDK Service" (PdiService) - "Portrait Displays, Inc." - H:\Programme\Gemeinsame Dateien\Portrait Displays\Drivers\pdisrvc.exe
"Pure Networks Platform Service" (nmservice) - "Cisco Systems, Inc." - H:\Programme\Gemeinsame Dateien\Pure Networks Shared\Platform\nmsrvc.exe
"ServiceLayer" (ServiceLayer) - "Nokia" - H:\Programme\PC Connectivity Solution\ServiceLayer.exe
"Skype Updater" (SkypeUpdate) - "Skype Technologies" - H:\Programme\Skype\Updater\Updater.exe
"SyncThru Web Admin Service" (SWAS_Core) - ? - H:\Programme\Samsung Network Printer Utilities\SyncThru Web Admin Service\SWAS.exe
"SyncThru Web Admin Service-Berichtsgenerator" (SWAS_Report_Plugin) - ? - H:\Programme\Samsung Network Printer Utilities\SyncThru Web Admin Service Report Generator\SWASReports.exe  (File found, but it contains no detailed information)
"SyncThru Web Admin Service-Plug-In zum Ermitteln lokaler Geräte" (SWAS_Srv_LDD) - ? - H:\Programme\Samsung Network Printer Utilities\SyncThru Web Admin Service Local Device Discovery\LocalDevDiscoveryPlugin.exe
"SyncThru Web Admin Service-Treiberverwaltungs-Plug-In" (SWAS_Srv_DriverManagement) - ? - H:\Programme\Samsung Network Printer Utilities\SyncThru Web Admin Service Driver Management\SWASDriverManagementPlugin.exe
"UPnPService" (UPnPService) - "Magix AG" - H:\Programme\Gemeinsame Dateien\MAGIX Shared\UPnPService\UPnPService.exe
"Windows CardSpace" (idsvc) - "Microsoft Corporation" - h:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
"Windows Live ID Sign-in Assistant" (wlidsvc) - "Microsoft Corporation" - H:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WLIDSVC.EXE
"Windows Presentation Foundation Font Cache 3.0.0.0" (FontCache3.0.0.0) - "Microsoft Corporation" - h:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
"Windows Presentation Foundation Font Cache 4.0.0.0" (WPFFontCache_v0400) - "Microsoft Corporation" - H:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
"WMDM PMSP Service" (WMDM PMSP Service) - "Microsoft Corporation" - H:\WINDOWS\system32\MsPMSPSv.exe

[Winlogon]
-----( HKCU\Control Panel\Desktop )-----
"SCRNSAVE.EXE" - "Microsoft Corporation" - H:\windows\System32\plusaqar.scr
-----( HKCU\Control Panel\IOProcs )-----
"MVB" - ? - mvfs32.dll  (File not found)
-----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify )-----
"LBTWlgn" - "Logitech, Inc." - h:\programme\gemeinsame dateien\logishrd\bluetooth\LBTWlgn.dll
"WgaLogon" - "Microsoft Corporation" - H:\windows\system32\WgaLogon.dll

[Winsock Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )-----
"mdnsNSP" - "Apple Inc." - H:\Programme\Bonjour\mdnsNSP.dll

===[ Logfile end ]=========================================[ Logfile end ]===
         
 --- --- ---

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru

und der AVAST! log:

Code:

ATTFilter

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-04-03 18:33:15
-----------------------------
18:33:15.812    OS Version: Windows 5.1.2600 Service Pack 3
18:33:15.812    Number of processors: 2 586 0x602
18:33:15.812    ComputerName: CENTER  UserName: Faber
18:33:17.187    Initialize success
18:35:33.218    AVAST engine defs: 12040301
18:36:16.890    Service scanning
18:36:34.406    Modules scanning
18:37:12.296    Disk 0 trace - called modules:
18:37:12.328    ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys amdide.sys PCIIDEX.SYS 
18:37:12.328    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8b268ab8]
18:37:12.328    3 CLASSPNP.SYS[ba0e8fd7] -> nt!IofCallDriver -> \Device\00000096[0x8b339510]
18:37:12.328    5 ACPI.sys[b9f5e620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-4[0x8b2a5d98]
18:37:12.781    AVAST engine scan H:\windows
18:37:44.640    AVAST engine scan H:\windows\system32
18:45:21.359    AVAST engine scan H:\windows\system32\drivers
18:46:26.984    AVAST engine scan H:\Dokumente und Einstellungen\Faber
19:04:59.500    AVAST engine scan H:\Dokumente und Einstellungen\All Users
19:09:21.390    Scan finished successfully
19:10:39.171    The log file has been saved successfully to "H:\Dokumente und Einstellungen\Faber\Desktop\aswMBR.txt"

cosinus · 03.04.2012, 19:13

aswMBR bitte neu machen, da fehlt was im Log

HF66 · 04.04.2012, 05:48

aswMBR log:

Code:

ATTFilter

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-04-03 18:33:15
-----------------------------
18:33:15.812    OS Version: Windows 5.1.2600 Service Pack 3
18:33:15.812    Number of processors: 2 586 0x602
18:33:15.812    ComputerName: CENTER  UserName: Faber
18:33:17.187    Initialize success
18:35:33.218    AVAST engine defs: 12040301
18:36:16.890    Service scanning
18:36:34.406    Modules scanning
18:37:12.296    Disk 0 trace - called modules:
18:37:12.328    ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys amdide.sys PCIIDEX.SYS 
18:37:12.328    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8b268ab8]
18:37:12.328    3 CLASSPNP.SYS[ba0e8fd7] -> nt!IofCallDriver -> \Device\00000096[0x8b339510]
18:37:12.328    5 ACPI.sys[b9f5e620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-4[0x8b2a5d98]
18:37:12.781    AVAST engine scan H:\windows
18:37:44.640    AVAST engine scan H:\windows\system32
18:45:21.359    AVAST engine scan H:\windows\system32\drivers
18:46:26.984    AVAST engine scan H:\Dokumente und Einstellungen\Faber
19:04:59.500    AVAST engine scan H:\Dokumente und Einstellungen\All Users
19:09:21.390    Scan finished successfully
19:10:39.171    The log file has been saved successfully to "H:\Dokumente und Einstellungen\Faber\Desktop\aswMBR.txt"


aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-04-03 20:42:54
-----------------------------
20:42:54.734    OS Version: Windows 5.1.2600 Service Pack 3
20:42:54.734    Number of processors: 2 586 0x602
20:42:54.734    ComputerName: CENTER  UserName: Faber
20:43:00.765    Initialize success
20:43:13.718    AVAST engine defs: 12040301
20:43:34.453    Service scanning
20:43:52.734    Modules scanning
20:44:49.421    Disk 0 trace - called modules:
20:44:49.453    ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys amdide.sys PCIIDEX.SYS 
20:44:49.453    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8b268ab8]
20:44:49.453    3 CLASSPNP.SYS[ba0e8fd7] -> nt!IofCallDriver -> \Device\00000096[0x8b339510]
20:44:49.453    5 ACPI.sys[b9f5e620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-4[0x8b2a5d98]
20:44:49.812    AVAST engine scan H:\
22:11:34.125    Scan finished successfully
22:31:07.734    The log file has been saved successfully to "H:\Dokumente und Einstellungen\Faber\Desktop\aswMBR.txt"

cosinus · 04.04.2012, 12:11

Irgendwas machst du da falsch. Ich sehe keinen Eintrag über den MBR

HF66 · 04.04.2012, 12:41

hängt sich jetzt immer wieder auf >=>

Code:

ATTFilter

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-04-03 18:33:15
-----------------------------
18:33:15.812    OS Version: Windows 5.1.2600 Service Pack 3
18:33:15.812    Number of processors: 2 586 0x602
18:33:15.812    ComputerName: CENTER  UserName: Faber
18:33:17.187    Initialize success
18:35:33.218    AVAST engine defs: 12040301
18:36:16.890    Service scanning
18:36:34.406    Modules scanning
18:37:12.296    Disk 0 trace - called modules:
18:37:12.328    ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys amdide.sys PCIIDEX.SYS 
18:37:12.328    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8b268ab8]
18:37:12.328    3 CLASSPNP.SYS[ba0e8fd7] -> nt!IofCallDriver -> \Device\00000096[0x8b339510]
18:37:12.328    5 ACPI.sys[b9f5e620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-4[0x8b2a5d98]
18:37:12.781    AVAST engine scan H:\windows
18:37:44.640    AVAST engine scan H:\windows\system32
18:45:21.359    AVAST engine scan H:\windows\system32\drivers
18:46:26.984    AVAST engine scan H:\Dokumente und Einstellungen\Faber
19:04:59.500    AVAST engine scan H:\Dokumente und Einstellungen\All Users
19:09:21.390    Scan finished successfully
19:10:39.171    The log file has been saved successfully to "H:\Dokumente und Einstellungen\Faber\Desktop\aswMBR.txt"


aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-04-03 20:42:54
-----------------------------
20:42:54.734    OS Version: Windows 5.1.2600 Service Pack 3
20:42:54.734    Number of processors: 2 586 0x602
20:42:54.734    ComputerName: CENTER  UserName: Faber
20:43:00.765    Initialize success
20:43:13.718    AVAST engine defs: 12040301
20:43:34.453    Service scanning
20:43:52.734    Modules scanning
20:44:49.421    Disk 0 trace - called modules:
20:44:49.453    ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys amdide.sys PCIIDEX.SYS 
20:44:49.453    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8b268ab8]
20:44:49.453    3 CLASSPNP.SYS[ba0e8fd7] -> nt!IofCallDriver -> \Device\00000096[0x8b339510]
20:44:49.453    5 ACPI.sys[b9f5e620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-4[0x8b2a5d98]
20:44:49.812    AVAST engine scan H:\
22:11:34.125    Scan finished successfully
22:31:07.734    The log file has been saved successfully to "H:\Dokumente und Einstellungen\Faber\Desktop\aswMBR.txt"

cosinus · 04.04.2012, 13:13

Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.

HF66 · 04.04.2012, 13:34

seltsam, seltsam...alle einstellungen ausprobiert - auch die empfohlene "none" variante => log

Code:

ATTFilter

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-04-04 14:25:31
-----------------------------
14:25:31.937    OS Version: Windows 5.1.2600 Service Pack 3
14:25:31.937    Number of processors: 2 586 0x602
14:25:31.937    ComputerName: CENTER  UserName: Faber
14:25:32.406    Initialize success
14:25:36.546    AVAST engine defs: 12040301
14:25:39.265    Service scanning
14:25:58.468    Modules scanning
14:26:04.890    Disk 0 trace - called modules:
14:26:04.921    ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys amdide.sys PCIIDEX.SYS 
14:26:04.921    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8b29cab8]
14:26:04.921    3 CLASSPNP.SYS[ba0e8fd7] -> nt!IofCallDriver -> \Device\00000096[0x8b2a8510]
14:26:04.921    5 ACPI.sys[b9f5e620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-4[0x8b2a6d98]
14:26:04.921    Scan finished successfully
14:31:17.265    The log file has been saved successfully to "H:\Dokumente und Einstellungen\Faber\Desktop\aswMBR.txt"

cosinus · 04.04.2012, 13:41

Downloade Dir bitte MBRCheck (by a_d_13) und speichere die Datei auf dem Desktop.

Doppelklick auf die MBRCheck.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Das Tool braucht nur wenige Sekunden.
Danach solltest du eine MBRCheck_<Datum>_<Uhrzeit>.txt auf dem Desktop finden.

Poste mir bitte den Inhalt des .txt Dokumentes

HF66 · 04.04.2012, 13:52

Code:

ATTFilter

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:			
Windows Version:		Windows XP Professional
Windows Information:		Service Pack 3 (build 2600)
Logical Drives Mask:		0x02007f98

Kernel Drivers (total 194):
  0x804D7000 \windows\system32\ntkrnlpa.exe
  0x806E6000 \windows\system32\hal.dll
  0xBA5A8000 \windows\system32\KDCOM.DLL
  0xBA4B8000 \windows\system32\BOOTVID.dll
  0xB9F87000 imagesrv.sys
  0xB9F58000 ACPI.sys
  0xBA5AA000 \windows\System32\DRIVERS\WMILIB.SYS
  0xB9F47000 pci.sys
  0xBA0A8000 isapnp.sys
  0xBA670000 pciide.sys
  0xBA328000 \windows\System32\DRIVERS\PCIIDEX.SYS
  0xBA0B8000 MountMgr.sys
  0xB9F28000 ftdisk.sys
  0xBA5AC000 dmload.sys
  0xB9F02000 dmio.sys
  0xBA330000 PartMgr.sys
  0xBA671000 amdide.sys
  0xBA0C8000 VolSnap.sys
  0xB9EEA000 atapi.sys
  0xBA5AE000 imagedrv.sys
  0xB9ED2000 \windows\System32\Drivers\SCSIPORT.SYS
  0xBA0D8000 disk.sys
  0xBA0E8000 \windows\System32\DRIVERS\CLASSPNP.SYS
  0xB9EB2000 fltmgr.sys
  0xB9E5B000 SYMDS.SYS
  0xB9E49000 sr.sys
  0xB9D65000 SYMEFA.SYS
  0xB9D4E000 KSecDD.sys
  0xB9D37000 WudfPf.sys
  0xB9CAA000 Ntfs.sys
  0xB9C7D000 NDIS.sys
  0xB9C12000 timntr.sys
  0xB9BB9000 tdrpman.sys
  0xB9B9A000 snapman.sys
  0xBA0F8000 ohci1394.sys
  0xBA108000 \windows\System32\DRIVERS\1394BUS.SYS
  0xB9B80000 Mup.sys
  0xBA168000 \SystemRoot\System32\DRIVERS\nic1394.sys
  0xBA228000 \SystemRoot\system32\DRIVERS\AmdPPM.sys
  0xB4CCB000 \SystemRoot\system32\DRIVERS\ati2mtag.sys
  0xB4CB7000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
  0xBA238000 \SystemRoot\System32\drivers\pivot.sys
  0xB4C8F000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
  0xB4C0D000 \SystemRoot\system32\drivers\ctaud2k.sys
  0xB4BE9000 \SystemRoot\system32\drivers\portcls.sys
  0xBA248000 \SystemRoot\system32\drivers\drmk.sys
  0xB4BC6000 \SystemRoot\system32\drivers\ks.sys
  0xB4B91000 \SystemRoot\System32\DRIVERS\ctoss2k.sys
  0xBA460000 \SystemRoot\system32\drivers\ctprxy2k.sys
  0xB49D8000 \SystemRoot\system32\drivers\ct20xflt.sys
  0xBA258000 \SystemRoot\System32\DRIVERS\l1e51x86.sys
  0xBA278000 \SystemRoot\System32\DRIVERS\imapi.sys
  0xB5A9C000 \SystemRoot\System32\Drivers\CLBStor.SYS
  0xBA288000 \SystemRoot\System32\DRIVERS\cdrom.sys
  0xBA298000 \SystemRoot\System32\DRIVERS\redbook.sys
  0xBA468000 \SystemRoot\System32\Drivers\GEARAspiWDM.sys
  0xBA470000 \SystemRoot\System32\DRIVERS\usbohci.sys
  0xB49B4000 \SystemRoot\System32\DRIVERS\USBPORT.SYS
  0xBA478000 \SystemRoot\System32\DRIVERS\usbehci.sys
  0xBA5F6000 \SystemRoot\System32\DRIVERS\ASACPI.sys
  0xBA2A8000 \SystemRoot\System32\DRIVERS\serial.sys
  0xB5A94000 \SystemRoot\System32\DRIVERS\serenum.sys
  0xBA480000 \SystemRoot\System32\DRIVERS\fdc.sys
  0xB5A90000 \SystemRoot\System32\DRIVERS\wmiacpi.sys
  0xBA742000 \SystemRoot\System32\DRIVERS\audstub.sys
  0xBA5F8000 \SystemRoot\System32\Drivers\RootMdm.sys
  0xBA488000 \SystemRoot\System32\Drivers\Modem.SYS
  0xBA2B8000 \SystemRoot\System32\DRIVERS\rasl2tp.sys
  0xB5A8C000 \SystemRoot\System32\DRIVERS\ndistapi.sys
  0xB4902000 \SystemRoot\System32\DRIVERS\ndiswan.sys
  0xBA2C8000 \SystemRoot\System32\DRIVERS\raspppoe.sys
  0xBA2D8000 \SystemRoot\System32\DRIVERS\raspptp.sys
  0xBA490000 \SystemRoot\System32\DRIVERS\TDI.SYS
  0xB48F1000 \SystemRoot\System32\DRIVERS\psched.sys
  0xBA2E8000 \SystemRoot\System32\DRIVERS\msgpc.sys
  0xBA498000 \SystemRoot\System32\DRIVERS\ptilink.sys
  0xBA4A0000 \SystemRoot\System32\DRIVERS\raspti.sys
  0xB5A80000 \SystemRoot\System32\Drivers\PdiPorts.sys
  0xB4899000 \SystemRoot\System32\DRIVERS\rdpdr.sys
  0xBA2F8000 \SystemRoot\System32\DRIVERS\termdd.sys
  0xBA4A8000 \SystemRoot\System32\DRIVERS\kbdclass.sys
  0xBA4B0000 \SystemRoot\System32\DRIVERS\mouclass.sys
  0xBA308000 \SystemRoot\system32\DRIVERS\SymIM.sys
  0xBA5FA000 \SystemRoot\System32\DRIVERS\swenum.sys
  0xB483B000 \SystemRoot\System32\DRIVERS\update.sys
  0xB5B00000 \SystemRoot\System32\DRIVERS\mssmbios.sys
  0xBA340000 \SystemRoot\system32\DRIVERS\vsb.sys
  0xBA318000 \SystemRoot\System32\DRIVERS\usbhub.sys
  0xBA5FC000 \SystemRoot\System32\DRIVERS\USBD.SYS
  0xBA158000 \SystemRoot\System32\Drivers\NDProxy.SYS
  0xA87D6000 \SystemRoot\system32\drivers\AtiHdmi.sys
  0xA4407000 \SystemRoot\system32\drivers\ha20x22k.sys
  0xA43D7000 \SystemRoot\system32\drivers\emupia2k.sys
  0xA43AD000 \SystemRoot\System32\DRIVERS\ctsfm2k.sys
  0xA4318000 \SystemRoot\System32\drivers\CTHWIUT.SYS
  0xA42E3000 \SystemRoot\System32\drivers\CT20XUT.SYS
  0xA4195000 \SystemRoot\System32\drivers\CTEXFIFX.SYS
  0xA40E8000 \SystemRoot\system32\drivers\MCLIENT\0201020.00D\ccSetx86.sys
  0xA40C4000 \SystemRoot\system32\drivers\NIS\1306020.00A\ccSetx86.sys
  0xA409D000 \SystemRoot\system32\drivers\NIS\1306020.00A\Ironx86.SYS
  0xBA62A000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
  0xBA6A6000 \SystemRoot\System32\Drivers\Null.SYS
  0xBA62C000 \SystemRoot\System32\Drivers\Beep.SYS
  0xBA3A0000 \SystemRoot\System32\DRIVERS\HIDPARSE.SYS
  0xBA3A8000 \SystemRoot\System32\drivers\vga.sys
  0xBA62E000 \SystemRoot\System32\Drivers\mnmdd.SYS
  0xBA630000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
  0xBA3B0000 \SystemRoot\System32\Drivers\Msfs.SYS
  0xBA3B8000 \SystemRoot\System32\Drivers\Npfs.SYS
  0xB48D1000 \SystemRoot\System32\DRIVERS\rasacd.sys
  0xA406A000 \SystemRoot\System32\DRIVERS\ipsec.sys
  0xA4011000 \SystemRoot\System32\DRIVERS\tcpip.sys
  0xA3FB3000 \SystemRoot\System32\Drivers\NIS\1306020.00A\SYMTDI.SYS
  0xA3F8D000 \SystemRoot\System32\DRIVERS\ipnat.sys
  0xA3F63000 \??\H:\WINDOWS\system32\Drivers\SYMEVENT.SYS
  0xA3EE0000 \SystemRoot\System32\DRIVERS\netbt.sys
  0xA3EBE000 \SystemRoot\System32\drivers\afd.sys
  0xBA188000 \SystemRoot\system32\DRIVERS\netbios.sys
  0xBA1B8000 \SystemRoot\system32\drivers\NIS\1306020.00A\SRTSPX.SYS
  0xA3E93000 \SystemRoot\system32\DRIVERS\rdbss.sys
  0xA3E23000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
  0xBA1C8000 \SystemRoot\System32\Drivers\Fips.SYS
  0xA3DC5000 \??\H:\Programme\Gemeinsame Dateien\Symantec Shared\EENGINE\eeCtrl.sys
  0xA3DA7000 \??\H:\Programme\Gemeinsame Dateien\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
  0xA3CDB000 \??\H:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\BASHDefs\20120317.002\BHDrvx86.sys
  0xBA64C000 \SystemRoot\system32\drivers\AsUpIO.sys
  0xBA64E000 \SystemRoot\system32\drivers\AsIO.sys
  0xBA208000 \SystemRoot\System32\DRIVERS\wanarp.sys
  0xBA218000 \SystemRoot\System32\DRIVERS\arp1394.sys
  0xBA400000 \SystemRoot\System32\DRIVERS\usbccgp.sys
  0xA3C64000 \SystemRoot\system32\DRIVERS\V0700Vid.sys
  0xA3C3F000 \SystemRoot\system32\DRIVERS\CtClsFlt.sys
  0xA87C6000 \SystemRoot\system32\drivers\usbaudio.sys
  0xA3BF5000 \SystemRoot\system32\DRIVERS\V0700Afx.sys
  0xA3BDF000 \SystemRoot\System32\Drivers\GemCCID.sys
  0xA4130000 \SystemRoot\System32\Drivers\SMCLIB.SYS
  0xA87B6000 \SystemRoot\System32\Drivers\Cdfs.SYS
  0xBA410000 \SystemRoot\System32\Drivers\BTHUSB.sys
  0xA3B9C000 \SystemRoot\System32\Drivers\bthport.sys
  0xBA418000 \SystemRoot\System32\DRIVERS\USBSTOR.SYS
  0xA4118000 \SystemRoot\System32\DRIVERS\hidusb.sys
  0xA8796000 \SystemRoot\System32\DRIVERS\HIDCLASS.SYS
  0xA8786000 \SystemRoot\System32\Drivers\LEqdUsb.Sys
  0xA8776000 \SystemRoot\System32\Drivers\WDFLDR.SYS
  0xA3A8B000 \SystemRoot\System32\DRIVERS\Wdf01000.sys
  0xB5ADC000 \SystemRoot\System32\DRIVERS\kbdhid.sys
  0xA3CD7000 \SystemRoot\System32\DRIVERS\mouhid.sys
  0xBA7E6000 \SystemRoot\System32\Drivers\LHidEqd.Sys
  0xA8756000 \SystemRoot\system32\DRIVERS\rfcomm.sys
  0xBA450000 \SystemRoot\system32\DRIVERS\BthEnum.sys
  0xA39D2000 \SystemRoot\system32\DRIVERS\bthpan.sys
  0xBA458000 \SystemRoot\System32\DRIVERS\LHidFilt.Sys
  0xBA370000 \SystemRoot\System32\DRIVERS\LMouFilt.Sys
  0xA8746000 \SystemRoot\system32\DRIVERS\bthmodem.sys
  0xA3992000 \SystemRoot\System32\Drivers\dump_atapi.sys
  0xBA5BC000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
  0xBF800000 \SystemRoot\System32\win32k.sys
  0xA3A37000 \SystemRoot\System32\drivers\Dxapi.sys
  0xBA378000 \SystemRoot\System32\watchdog.sys
  0xBF000000 \SystemRoot\System32\drivers\dxg.sys
  0xBA7B7000 \SystemRoot\System32\drivers\dxgthk.sys
  0xBF012000 \SystemRoot\System32\ati2dvag.dll
  0xBF061000 \SystemRoot\System32\ati2cqag.dll
  0xBF137000 \SystemRoot\System32\atikvmag.dll
  0xBF1F4000 \SystemRoot\System32\atiok3x2.dll
  0xBF275000 \SystemRoot\System32\ati3duag.dll
  0xBF9C7000 \SystemRoot\System32\ativvaxx.dll
  0xBF640000 \SystemRoot\System32\ATMFD.DLL
  0xA0F2D000 \??\H:\windows\system32\drivers\mbam.sys
  0xA3B0C000 \SystemRoot\system32\DRIVERS\tifsfilt.sys
  0xA0DF2000 \SystemRoot\System32\Drivers\CLBUDF.SYS
  0xA0DB9000 \SystemRoot\System32\Drivers\Udfs.SYS
  0xA0CED000 \SystemRoot\System32\DRIVERS\ndisuio.sys
  0xA3952000 \SystemRoot\system32\DRIVERS\pnarp.sys
  0xA394A000 \SystemRoot\system32\DRIVERS\purendis.sys
  0xA0A23000 \SystemRoot\System32\DRIVERS\mrxdav.sys
  0xA0B18000 \SystemRoot\System32\Drivers\Aspi32.SYS
  0xA3B7C000 \??\H:\WINDOWS\system32\drivers\cpuz135_x32.sys
  0xA0691000 \??\H:\windows\system32\Drivers\rikvm_D3D96EB9.sys
  0xBA777000 \SystemRoot\System32\Drivers\LBeepKE.sys
  0xA0611000 \SystemRoot\System32\DRIVERS\srv.sys
  0x9FEF4000 \SystemRoot\system32\drivers\wdmaud.sys
  0xA0031000 \SystemRoot\system32\drivers\sysaudio.sys
  0x9F8EE000 \SystemRoot\System32\Drivers\HTTP.sys
  0xA0341000 \SystemRoot\System32\DRIVERS\ipfltdrv.sys
  0x9ECD1000 \SystemRoot\System32\Drivers\NIS\1306020.00A\SRTSP.SYS
  0x9E84C000 \SystemRoot\system32\DRIVERS\wudfrd.sys
  0x9EA6D000 \??\H:\DOKUME~1\Faber\LOKALE~1\Temp\aswMBR.sys
  0x9E6CC000 \??\H:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20120403.041\NAVEX15.SYS
  0x9E6B8000 \??\H:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20120403.041\NAVENG.SYS
  0x9E65D000 \??\H:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\IPSDefs\20120403.002\IDSxpx86.sys
  0x9E592000 \SystemRoot\system32\drivers\kmixer.sys
  0xA0A50000 \SystemRoot\System32\DRIVERS\asyncmac.sys
  0x7C910000 \WINDOWS\system32\ntdll.dll

Processes (total 82):
       0 System Idle Process
       4 System
     876 H:\WINDOWS\system32\smss.exe
    1756 csrss.exe
    1800 H:\WINDOWS\system32\winlogon.exe
    1844 H:\WINDOWS\system32\services.exe
    1856 H:\WINDOWS\system32\lsass.exe
     320 H:\WINDOWS\system32\ati2evxx.exe
     360 H:\WINDOWS\system32\svchost.exe
     436 svchost.exe
     972 H:\WINDOWS\system32\svchost.exe
    1004 H:\WINDOWS\system32\svchost.exe
    1072 H:\WINDOWS\system32\ati2evxx.exe
    1488 svchost.exe
     524 svchost.exe
     664 H:\WINDOWS\system32\brsvc01a.exe
     692 H:\WINDOWS\system32\brss01a.exe
     704 H:\WINDOWS\system32\spoolsv.exe
     740 H:\Programme\Creative\Shared Files\CTAudSvc.exe
    1412 scardsvr.exe
     616 svchost.exe
     756 H:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedul2.exe
     784 H:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe
     920 H:\Programme\Bonjour\mDNSResponder.exe
    1068 svchost.exe
    1472 H:\WINDOWS\system32\CTSVCCDA.EXE
    1720 H:\Programme\Java\jre6\bin\jqs.exe
    1764 H:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe
    2076 H:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe
    2128 H:\Programme\Norton Management\Engine\2.1.2.13\ccsvchst.exe
    2260 H:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\mdm.exe
    2316 H:\Programme\Norton Internet Security\Engine\19.6.2.10\ccsvchst.exe
    2508 H:\Programme\Gemeinsame Dateien\Portrait Displays\Drivers\pdisrvc.exe
    2540 H:\Programme\CyberLink\Shared files\RichVideo.exe
    2884 H:\WINDOWS\system32\tcpsvcs.exe
    3192 H:\WINDOWS\system32\snmp.exe
    3228 H:\WINDOWS\system32\svchost.exe
    3432 H:\Programme\Samsung Network Printer Utilities\SyncThru Web Admin Service\SWAS.exe
    3508 H:\Programme\Gemeinsame Dateien\Acronis\Fomatik\TrueImageTryStartService.exe
    3600 H:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WLIDSVC.EXE
    3788 H:\WINDOWS\system32\MsPMSPSv.exe
    3812 H:\Programme\Gemeinsame Dateien\Pure Networks Shared\Platform\nmsrvc.exe
    2728 H:\Programme\Samsung Network Printer Utilities\SyncThru Web Admin Service Report Generator\SWASReports.exe
    3832 H:\Programme\Samsung Network Printer Utilities\SyncThru Web Admin Service Driver Management\SWASDriverManagementPlugin.exe
    2204 H:\Programme\Samsung Network Printer Utilities\SyncThru Web Admin Service Local Device Discovery\LocalDevDiscoveryPlugin.exe
    3132 H:\Programme\Canon\CAL\CALMAIN.exe
     840 H:\Programme\Norton Management\Engine\2.1.2.13\ccsvchst.exe
    3048 H:\Programme\Norton Internet Security\Engine\19.6.2.10\ccsvchst.exe
    3640 H:\WINDOWS\system32\wbem\wmiapsrv.exe
    3828 H:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WLIDSVCM.EXE
     768 alg.exe
    5320 H:\WINDOWS\explorer.exe
    3668 H:\WINDOWS\system32\svchost.exe
    5748 H:\Programme\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe
    4772 H:\WINDOWS\system32\CTxfispi.exe
    4768 H:\Programme\Acronis\TrueImageHome\TrueImageMonitor.exe
    5168 H:\Programme\Multimedia Card Reader\shwicon2k.exe
    5912 H:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe
    2364 H:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedhlp.exe
    3968 H:\Programme\Gemeinsame Dateien\Pure Networks Shared\Platform\nmctxth.exe
    4008 H:\WINDOWS\system32\LVCOMSX.EXE
    4144 H:\WINDOWS\system32\Ctxfihlp.exe
    4168 H:\WINDOWS\system32\rundll32.exe
    4188 H:\Programme\Logitech\SetPointP\LBTWiz.exe
    4632 H:\Programme\Acronis\TrueImageHome\TimounterMonitor.exe
    5052 H:\WINDOWS\twain_32\Samsung\CLX3170\Scan2Pc.exe
    5208 H:\WINDOWS\V0700Mon.exe
    3320 H:\Programme\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    4332 H:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe
    5700 H:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe
    4788 H:\WINDOWS\system32\ctfmon.exe
    4884 H:\Programme\Nokia\Nokia Suite\NokiaSuite.exe
    5948 H:\Programme\INITIO\v5.099\INIHID.EXE
    2552 H:\Programme\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    4832 H:\Programme\PC Connectivity Solution\ServiceLayer.exe
    5428 H:\Programme\PC Connectivity Solution\Transports\NclUSBSrv.exe
    2640 H:\Programme\PC Connectivity Solution\Transports\NclMSBTSrv.exe
    4020 WudfHost.exe
    5760 H:\Programme\MixMeister Fusion\FusionDemo.exe
    4220 H:\Programme\Microsoft Office\Office14\OUTLOOK.EXE
    2748 OSPPSVC.EXE
    2780 H:\Dokumente und Einstellungen\Faber\Desktop\MBRCheck.exe

\\.\E: --> \\.\PhysicalDrive1 at offset 0x00000000`00007e00  (NTFS)
\\.\H: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00  (NTFS)
\\.\I: --> \\.\PhysicalDrive2 at offset 0x00000000`00007e00  (NTFS)

PhysicalDrive1 Model Number: ST3250410AS, Rev: 3.AAF   
PhysicalDrive0 Model Number: WDCWD2500AAKS-00L9A0, Rev: 01.03E01
PhysicalDrive2 Model Number: WDCWD1600AAJS-00B4A0, Rev: 01.03A01

      Size  Device Name          MBR Status
  --------------------------------------------
    232 GB  \\.\PhysicalDrive1   Windows XP MBR code detected
            SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A
    232 GB  \\.\PhysicalDrive0   Windows XP MBR code detected
            SHA1: ADFE55CD0C6ED2E00B22375835E4C2736CE9AD11
    149 GB  \\.\PhysicalDrive2   Windows XP MBR code detected
            SHA1: ADFE55CD0C6ED2E00B22375835E4C2736CE9AD11


Done!

cosinus · 04.04.2012, 14:40

Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!

HF66 · 04.04.2012, 15:54

mwb logfile:

Code:

ATTFilter

 Malwarebytes Anti-Malware  (Test) 1.60.1.1000
www.malwarebytes.org

Datenbank Version: v2012.04.04.03

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Faber :: CENTER [Administrator]

Schutz: Aktiviert

04.04.2012 15:48:28
mbam-log-2012-04-04 (16-51-57).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 328774
Laufzeit: 1 Stunde(n), 3 Minute(n), 13 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 4
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|StartMenuLogoff (PUM.Hijack.StartMenu) -> Bösartig: (1) Gut: (0) -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Microsoft\Security Center|AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bösartig: (1) Gut: (0) -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Microsoft\Security Center|FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bösartig: (1) Gut: (0) -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Microsoft\Security Center|UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bösartig: (1) Gut: (0) -> Keine Aktion durchgeführt.

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

und hbier der SUPERAntiSpyware log

Code:

ATTFilter

SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com

Generated 04/04/2012 at 06:44 PM

Application Version : 5.0.1146

Core Rules Database Version : 8415
Trace Rules Database Version: 6227

Scan type       : Complete Scan
Total Scan Time : 01:35:24

Operating System Information
Windows XP Professional 32-bit, Service Pack 3 (Build 5.01.2600)
Administrator

Memory items scanned      : 1149
Memory threats detected   : 0
Registry items scanned    : 38266
Registry threats detected : 3
File items scanned        : 132200
File threats detected     : 3

Disabled.SecurityCenterOption
	HKLM\SOFTWARE\MICROSOFT\SECURITY CENTER#ANTIVIRUSDISABLENOTIFY
	HKLM\SOFTWARE\MICROSOFT\SECURITY CENTER#FIREWALLDISABLENOTIFY
	HKLM\SOFTWARE\MICROSOFT\SECURITY CENTER#UPDATESDISABLENOTIFY

Adware.Tracking Cookie
	H:\Dokumente und Einstellungen\Faber\Cookies\ZQYNN0JW.txt [ /www.etracker.de ]
	H:\Dokumente und Einstellungen\Faber\Cookies\ZPMOTILS.txt [ /doubleclick.net ]
	H:\Dokumente und Einstellungen\Faber\Cookies\R037YRP7.txt [ /apmebf.com ]

cosinus · 04.04.2012, 21:27

Bitte alles entfernen. was SUPERAntiSpyware und Malwarebytes gefunden haben.
Das waren aber nur noch Überreste und Cookies.

Cookies sind keine Schädlinge direkt, aber es besteht die Gefahr der missbräuchlichen Verwendung (eindeutige Wiedererkennung zB für gezielte Werbung o.ä. => HTTP-Cookie )

Ist dein System nun wieder in Ordnung oder gibt's noch andere Funde oder Probleme?

HF66 · 05.04.2012, 09:17

funde entfernt

keine weiteren funde oder probleme

cookies kenn ich, leere ja auch die cache rglm. bzw vor jedem shutdown des rechners...auch sonst achte ich eigentlich sehr auf sicherheit bzw ordnung am pc

system läuft unauffällig und gut wie vor der "attacke" - scheint so als hätte norton internet security das gröbste im ersten aufwasch isoliert / vernichtet / blockiert

ich danke jedenfalls für die tolle, kompetente und vor allem flotte hilfestellungen, wieder einiges gelernt und neue tools kennegelernt

vielen herzlichen dank!!

cosinus · 05.04.2012, 13:15

Zitat:

cookies kenn ich, leere ja auch die cache rglm. bzw vor jedem shutdown des rechners...

Die Cookies haben so nichts mit dem Cache zu tun.
Der Browsercache auch nur wenig mit dem Shotdown von Windows. Wohl aber lässt sich ein Browser so einstellen, dass Cache oder auch Cookies bei jedem Beenden des Browser gelöscht werden

Wegen Cookies und anderer Dinge im Web: Um die Pest von vornherein zu blocken (also TrackingCookies, Werbebanner etc.) müsstest du dir mal sowas wie MVPS Hosts File anschauen => Blocking Unwanted Parasites with a Hosts File - sinnvollerweise solltest du alle 4 Wochen mal bei MVPS nachsehen, ob er eine neue Hosts Datei herausgebracht hat.

Ansonsten gibt es noch gute Cookiemanager, Erweiterungen für den Firefox zB wäre da CookieCuller http://filepony.de/download-cookie_culler/
Wenn du aber damit leben kannst, dich bei jeder Browsersession überall neu einzuloggen (zB Facebook, Ebay, GMX, oder auch Trojaner-Board) dann stell den Browser einfach so ein, dass einfach alles beim Beenden des Browser inkl. Cookies gelöscht wird.

Ich halte es so, dass ich zum "wilden Surfen" den Opera-Browser oder Chromium unter meinem Linux verwende. Mein Hauptbrowser (Firefox) speichert nur die Cookies von den Sites die ich auch will, alles andere lehne ich manuell ab (der FF fragt mich immer) - die anderen Browser nehmen alles an Cookies zwar an, aber spätestens beim nächsten Start von Opera oder Chromium sind keine Cookies mehr da.

Dann wären wir durch!

Die Programme, die hier zum Einsatz kamen, können alle wieder runter. CF kann über Start, Ausführen mit combofix /uninstall entfernt werden. Melde dich falls es da Fehlermeldungen zu gibt. Mit Hilfe von OTL kannst du auch viele Tools entfernen:

Starte bitte OTL und klicke auf Bereinigung.
Dies wird die meisten Tools entfernen, die wir zur Bereinigung benötigt haben. Sollte etwas bestehen bleiben, bitte mit Rechtsklick --> Löschen entfernen.

Malwarebytes zu behalten ist zu empfehlen. Kannst ja 1x im Monat damit einen Vollscan machen, aber immer vorher ans Update denken.

Bitte abschließend die Updates prüfen, unten mein Leitfaden dazu. Um in Zukunft die Aktualität der installierten Programme besser im Überblick zu halten, kannst du zB Secunia PSI verwenden.
Für noch mehr Sicherheit solltest Du nach der beseitigten Infektion auch möglichst alle Passwörter ändern.

Microsoftupdate

Windows XP: Besuch mit dem IE die MS-Updateseite und lass Dir alle wichtigen Updates installieren.

Windows Vista/7: Anleitung Windows-Update

PDF-Reader aktualisieren
Ein veralteter AdobeReader stellt ein großes Sicherheitsrisiko dar. Du solltest daher besser alte Versionen vom AdobeReader über Systemsteuerung => Software bzw. Programme und Funktionen deinstallieren, indem Du dort auf "Adobe Reader x.0" klickst und das Programm entfernst. (falls du AdobeReader installiert hast)

Ich empfehle einen alternativen PDF-Reader wie PDF Xchange Viewer, SumatraPDF oder Foxit PDF Reader, die sind sehr viel schlanker und flotter als der AdobeReader.

Bitte überprüf bei der Gelegenheit auch die Aktualität des Flashplayers:

Adobe - Andere Version des Adobe Flash Player installieren

Notfalls kann man auch von Chip.de runterladen => http://filepony.de/?q=Flash+Player

Natürlich auch darauf achten, dass andere installierte Browser wie zB Firefox, Opera oder Chrome aktuell sind.

Java-Update
Veraltete Java-Installationen sind ein Sicherheitsrisiko, daher solltest Du die alten Versionen löschen (falls vorhanden, am besten mit JavaRa) und auf die neuste aktualisieren. Beende dazu alle Programme (v.a. die Browser), klick danach auf Start, Systemsteuerung, Software und deinstalliere darüber alle aufgelisteten Java-Versionen. Lad Dir danach von hier das aktuelle Java SE Runtime Environment (JRE) herunter und installiere es.

HF66 · 05.04.2012, 14:29

das mit den cookies und der cache habe ich so wie von dir beschrieben eigentlich gemeint - mit dem "leeren"

etwas schlecht beschrieben halt von mir

nochmals vielen lieben dank, alle deinstalls erfolgreich absolviert und wieder was gelernt

mille grazie

03.04.2012, 19:13	#17
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	BKA Virus 1.09 - OTL Logfile Auswertung aswMBR bitte neu machen, da fehlt was im Log __________________ __________________

04.04.2012, 12:11	#19
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	BKA Virus 1.09 - OTL Logfile Auswertung Irgendwas machst du da falsch. Ich sehe keinen Eintrag über den MBR __________________ Logfiles bitte immer in CODE-Tags posten

04.04.2012, 13:13	#21
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	BKA Virus 1.09 - OTL Logfile Auswertung Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button. __________________ --> BKA Virus 1.09 - OTL Logfile Auswertung

04.04.2012, 14:40	#25
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	BKA Virus 1.09 - OTL Logfile Auswertung Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs. Denk dran beide Tools zu updaten vor dem Scan!! __________________ Logfiles bitte immer in CODE-Tags posten

BKA Virus 1.09 - OTL Logfile Auswertung

Log-Analyse und Auswertung: BKA Virus 1.09 - OTL Logfile Auswertung