GMER hat bei mir funktioniert, hat aber lange gedauert, deswegen kann ich die Logs erst heute schicken. OSAM ist zu groß das kommt mit der nächsten Nachricht

Das eigentliche Log kam als Web File und konnte hier nicht hochgeladen werden und als Textfile war es zu groß, dahe habe ich den Text hier rein kopiert. Ist das ok so, oder soll ich das Textfile komprimieren, oder vom Web File Bildschirmfotos machen?

Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 21:29:03 on 02.11.2010
OS: Windows XP Professional Service Pack 3 (Build 2600)
Default Browser: Microsoft Corporation Internet Explorer 8.00.6001.18702

Scanner Settings
Rootkits detection (hidden registry)
Rootkits detection (hidden files)
Retrieve files information
Check Microsoft signatures

Filters
Trusted entries
Empty entries
Hidden registry entries (rootkit activity)
Exclusively opened files
Not found files
Files without detailed information
Existing files
Non-startable services
Non-startable drivers
Active entries
Disabled entries
Risk Name Publisher Full Path Status
Common
%SystemRoot%\Tasks
|| "WGASetup.job" "Microsoft Corporation" C:\WINDOWS\system32\KB905474\wgasetup.exe File exists
Control Panel Objects
%SystemRoot%\system32
|||||| "BCMWLCPL.CPL" "Dell Inc." C:\WINDOWS\system32\BCMWLCPL.CPL File exists
|||||| "infocardcpl.cpl" "Microsoft Corporation" C:\WINDOWS\system32\infocardcpl.cpl File exists
|||||| "javacpl.cpl" "Sun Microsystems, Inc." C:\WINDOWS\system32\javacpl.cpl File exists
|||||| "NicConfigSvc.cpl" "Dell Inc." C:\WINDOWS\system32\NicConfigSvc.cpl File exists
|||||| "nvcpl.cpl" "NVIDIA Corporation" C:\WINDOWS\system32\nvcpl.cpl File exists
|||||| "nvtuicpl.cpl" "NVIDIA Corporation" C:\WINDOWS\system32\nvtuicpl.cpl File exists
HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls
|||||| "Nero BurnRights" "Nero AG" C:\Programme\Nero\Nero8\Nero Toolkit\NeroBurnRights.cpl File exists
Drivers
HKLM\SYSTEM\CurrentControlSet\Services
|||||| "AFS2k" (AFS2K) "Oak Technology Inc." C:\WINDOWS\system32\drivers\AFS2K.sys File exists
"ageyykoc" (ageyykoc) C:\DOKUME~1\User\LOKALE~1\Temp\ageyykoc.sys Hidden registry entry, rootkit activity | File not found
|||||| "APPDRV" (APPDRV) "Dell Inc" C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS File exists
|||||| "Bytemobile Boot Time Load Driver" (BMLoad) "Bytemobile, Inc." C:\WINDOWS\System32\drivers\BMLoad.sys File exists
|||||| "Bytemobile Kernel Network Provider" (tcpipBM) "Bytemobile, Inc." C:\WINDOWS\system32\drivers\tcpipBM.sys File exists
"Changer" (Changer) C:\WINDOWS\system32\drivers\Changer.sys File not found
|||||| "Conexant Setup API" (UIUSys) "Conexant" C:\WINDOWS\System32\drivers\UIUSys.sys File exists
|||||| "DgiVecp" (DgiVecp) "Samsung Electronics Co., Ltd." C:\WINDOWS\system32\Drivers\DgiVecp.sys File exists
|||||| "drvmcdb" (drvmcdb) "Sonic Solutions" C:\WINDOWS\System32\drivers\drvmcdb.sys File exists
|||||| "drvnddm" (drvnddm) "Sonic Solutions" C:\WINDOWS\System32\drivers\drvnddm.sys File exists
"fwuwegd" (fwuwegd) "Windows (R) Codename Longhorn DDK provider" C:\WINDOWS\system32\drivers\fwuwegd.sys Hidden file | Hidden registry entry, rootkit activity
"i2omgmt" (i2omgmt) C:\WINDOWS\system32\drivers\i2omgmt.sys File not found
"lbrtfdc" (lbrtfdc) C:\WINDOWS\system32\drivers\lbrtfdc.sys File not found
"PCIDump" (PCIDump) C:\WINDOWS\system32\drivers\PCIDump.sys File not found
"PDCOMP" (PDCOMP) C:\WINDOWS\system32\drivers\PDCOMP.sys File not found
"PDFRAME" (PDFRAME) C:\WINDOWS\system32\drivers\PDFRAME.sys File not found
"PDRELI" (PDRELI) C:\WINDOWS\system32\drivers\PDRELI.sys File not found
"PDRFRAME" (PDRFRAME) C:\WINDOWS\system32\drivers\PDRFRAME.sys File not found
|||||| "PxHelp20" (PxHelp20) "Sonic Solutions" C:\WINDOWS\System32\Drivers\PxHelp20.sys File exists
|||||| "sscdbhk5" (sscdbhk5) "Sonic Solutions" C:\WINDOWS\System32\drivers\sscdbhk5.sys File exists
"SSPORT" (SSPORT) C:\WINDOWS\system32\Drivers\SSPORT.sys File not found
|||||| "ssrtln" (ssrtln) "Sonic Solutions" C:\WINDOWS\System32\drivers\ssrtln.sys File exists
|||||| "tfsnboio" (tfsnboio) "Sonic Solutions" C:\WINDOWS\System32\dla\tfsnboio.sys File exists
|||||| "tfsncofs" (tfsncofs) "Sonic Solutions" C:\WINDOWS\System32\dla\tfsncofs.sys File exists
|||||| "tfsndrct" (tfsndrct) "Sonic Solutions" C:\WINDOWS\System32\dla\tfsndrct.sys File exists
"tfsndres" (tfsndres) "Sonic Solutions" C:\WINDOWS\System32\dla\tfsndres.sys File exists
|||||| "tfsnifs" (tfsnifs) "Sonic Solutions" C:\WINDOWS\System32\dla\tfsnifs.sys File exists
|||||| "tfsnopio" (tfsnopio) "Sonic Solutions" C:\WINDOWS\System32\dla\tfsnopio.sys File exists
|||||| "tfsnpool" (tfsnpool) "Sonic Solutions" C:\WINDOWS\System32\dla\tfsnpool.sys File exists
|||||| "tfsnudf" (tfsnudf) "Sonic Solutions" C:\WINDOWS\System32\dla\tfsnudf.sys File exists
|||||| "tfsnudfa" (tfsnudfa) "Sonic Solutions" C:\WINDOWS\System32\dla\tfsnudfa.sys File exists
"WDICA" (WDICA) C:\WINDOWS\system32\drivers\WDICA.sys File not found
Explorer
HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components
|||||| {89B4C1CD-B018-4511-B0A1-5476DBF70820} "StubPath" "Microsoft Corporation" c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install File exists
HKLM\Software\Classes\Folder\shellex\ColumnHandlers
|||||| {7D4D6379-F301-4311-BEBA-E26EB0561882} "NeroDigitalColumnHandler Class" "Nero AG" C:\Programme\Gemeinsame Dateien\Nero\Lib\NeroDigitalExt.dll File exists
|||||| {F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" "Adobe Systems, Inc." C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.dll File exists
|||||| {C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" C:\Programme\OpenOffice.org 2.4\program\shlxthdl.dll File exists
HKLM\Software\Classes\Protocols\Filter
|||||| {1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" "Microsoft Corporation" C:\WINDOWS\system32\mscoree.dll File exists
|||||| {1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" "Microsoft Corporation" C:\WINDOWS\system32\mscoree.dll File exists
|||||| {1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" "Microsoft Corporation" C:\WINDOWS\system32\mscoree.dll File exists
|||||| {807553E5-5146-11D5-A672-00B0D022E945} "text/xml" "Microsoft Corporation" C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL File exists
HKLM\Software\Classes\Protocols\Handler
|||||| {32505114-5902-49B2-880A-1F7738E5A384} "Data Page Plugable Protocal mso-offdap11 Handler" "Microsoft Corporation" C:\PROGRA~1\GEMEIN~1\MICROS~1\WEBCOM~1\11\OWC11.DLL File exists
|||||| {3D9F03FA-7A94-11D3-BE81-0050048385D1} "Data Page Pluggable Protocol mso-offdap Handler" "Microsoft Corporation" C:\PROGRA~1\GEMEIN~1\MICROS~1\WEBCOM~1\10\OWC10.DLL File exists
HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
|||||| {23170F69-40C1-278A-1000-000100020000} "7-Zip Shell Extension" "Igor Pavlov" C:\Programme\7-Zip\7-zip.dll File exists
{42071714-76d4-11d1-8b24-00a0c9068ff3} "CPL-Erweiterung für Anzeigeverschiebung" deskpan.dll File not found
|||||| {1CDB2949-8F65-4355-8456-263E7C208A5D} "Desktop Explorer" "NVIDIA Corporation" C:\WINDOWS\system32\nvshell.dll File exists
|||||| {1E9B04FB-F9E5-4718-997B-B8DA88302A47} "Desktop Explorer Menu" "NVIDIA Corporation" C:\WINDOWS\system32\nvshell.dll File exists
|||||| {5CA3D70E-1895-11CF-8E15-001234567890} "DriveLetterAccess" "Sonic Solutions" C:\WINDOWS\system32\dla\tfswshx.dll File exists
{FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} "IE User Assist" File not found | COM-object registry key not found
{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} "Kontextmenü für die Verschlüsselung" File not found | COM-object registry key not found
|||||| {42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" "Microsoft Corporation" C:\Programme\Microsoft Office\OFFICE11\msohev.dll File exists
|||||| {00020D75-0000-0000-C000-000000000046} "Microsoft Office Outlook" "Microsoft Corporation" C:\PROGRA~1\MICROS~2\OFFICE11\MLSHEXT.DLL File exists
|||||| {97F68CE3-7146-45FF-BE24-D9A7DD7CB8A2} "NeroCoverEdLiveIcons Class" "Nero AG" C:\Programme\Nero\Nero8\Nero CoverDesigner\CoverEdExtension.dll File exists
|||||| {B327765E-D724-4347-8B16-78AE18552FC3} "NeroDigitalIconHandler Class" "Nero AG" C:\Programme\Gemeinsame Dateien\Nero\Lib\NeroDigitalExt.dll File exists
|||||| {7F1CF152-04F8-453A-B34C-E609530A9DC8} "NeroDigitalPropSheetHandler Class" "Nero AG" C:\Programme\Gemeinsame Dateien\Nero\Lib\NeroDigitalExt.dll File exists
|||||| {1E9B04FB-F9E5-4718-997B-B8DA88302A48} "nView Desktop Context Menu" "NVIDIA Corporation" C:\WINDOWS\system32\nvshell.dll File exists
|||||| {C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "OpenOffice.org Column Handler" C:\Programme\OpenOffice.org 2.4\program\shlxthdl.dll File exists
|||||| {087B3AE3-E237-4467-B8DB-5A38AB959AC9} "OpenOffice.org Infotip Handler" C:\Programme\OpenOffice.org 2.4\program\shlxthdl.dll File exists
|||||| {63542C48-9552-494A-84F7-73AA6A7C99C1} "OpenOffice.org Property Sheet Handler" C:\Programme\OpenOffice.org 2.4\program\shlxthdl.dll File exists
|||||| {3B092F0C-7696-40E3-A80F-68D74DA84210} "OpenOffice.org Thumbnail Viewer" C:\Programme\OpenOffice.org 2.4\program\shlxthdl.dll File exists
|||||| {A4DF5659-0801-4A60-9607-1C48695EFDA9} "Ordner HP Share-to-Web" "Hewlett-Packard" C:\Programme\Hewlett-Packard\HP Share-to-Web\HPGS2WNS.DLL File exists
|||||| {0006F045-0000-0000-C000-000000000046} "Outlook-Dateisymbolerweiterung" "Microsoft Corporation" C:\PROGRA~1\MICROS~2\OFFICE11\OLKFSTUB.DLL File exists
|||||| {F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} "RealOne Player Context Menu Class" "RealNetworks, Inc." C:\Programme\Real\RealPlayer\rpshell.dll File exists
|||||| {DEE12703-6333-4D4E-8F34-738C4DCC2E04} "RecordNow! SendToExt" C:\Programme\Sonic\Sonic Solutions Product CD\RecordNow! Plus\shlext.dll File exists
|||||| {E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} "Shell Icon Handler for Application References" "Microsoft Corporation" c:\WINDOWS\system32\dfshim.dll File exists
{764BF0E1-F219-11ce-972D-00AA00A14F56} "Shellerweiterungen für die Dateikomprimierung" File not found | COM-object registry key not found
|||||| {e82a2d71-5b2f-43a0-97b8-81be15854de8} "ShellLink for Application References" "Microsoft Corporation" c:\WINDOWS\system32\dfshim.dll File exists
|||||| {BDEADF00-C265-11D0-BCED-00A0C90AB50F} "Webordner" "Microsoft Corporation" C:\PROGRA~1\GEMEIN~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL File exists
|||||| {B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" C:\Programme\WinRAR\rarext.dll File exists
Internet Explorer
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser
ITBar7Height "ITBar7Height" File not found | COM-object registry key not found
"ITBar7Layout" File not found | COM-object registry key not found
"ITBarLayout" File not found | COM-object registry key not found
"{D4027C7F-154A-4066-A1AD-4243D8127440}" File not found | COM-object registry key not found
HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units
|||| {8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_04"
hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab "Sun Microsystems, Inc." C:\Programme\Java\jre1.6.0_04\bin\npjpi160_04.dll File exists
|||| {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} "Java Plug-in 1.6.0_04"
hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab "Sun Microsystems, Inc." C:\Programme\Java\jre1.6.0_04\bin\npjpi160_04.dll File exists
|||| {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_04"
hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab "Sun Microsystems, Inc." C:\Programme\Java\jre1.6.0_04\bin\npjpi160_04.dll File exists
|||||| {D27CDB6E-AE6D-11CF-96B8-444553540000} "Shockwave Flash Object"
hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab "Adobe Systems, Inc." C:\WINDOWS\system32\Macromed\Flash\Flash10e.ocx File exists
HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions
|||| {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBC} "ClsidExtension" "Sun Microsystems, Inc." C:\Programme\Java\jre1.6.0_04\bin\npjpi160_04.dll File exists
|||||| {53707962-6F74-2D53-2644-206D7942484F} "ClsidExtension" "Safer Networking Limited" C:\PROGRA~1\SPYBOT~1\SDHelper.dll File exists
|||| {FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Recherchieren" "Microsoft Corporation" C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL File exists
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects
{F8495F2A-BB16-46C2-87EE-6439F2CC57E4} "{F8495F2A-BB16-46C2-87EE-6439F2CC57E4}" File not found | COM-object registry key not found
Logon
%AllUsersProfile%\Startmenü\Programme\Autostart
|||||| "desktop.ini" C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\desktop.ini File exists
%UserProfile%\Startmenü\Programme\Autostart
|||||| "desktop.ini" C:\Dokumente und Einstellungen\User\Startmenü\Programme\Autostart\desktop.ini File exists
|||| "OpenOffice.org 2.4.lnk" C:\Programme\OpenOffice.org 2.4\program\quickstart.exe Shortcut exists | File found, but it contains no detailed information | File exists
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
|||||| "SpybotSD TeaTimer" "Safer-Networking Ltd." C:\Programme\Spybot - Search & Destroy\TeaTimer.exe File exists
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
"Shell" "Microsoft Corporation" C:\WINDOWS\Explorer.exe File exists
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
|||| "Adobe ARM" "Adobe Systems Incorporated" "C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe" File exists
|||| "Adobe Reader Speed Launcher" "Adobe Systems Incorporated" "C:\Programme\Adobe\Reader 8.0\Reader\Reader_sl.exe" File exists
|||| "Broadcom Wireless Manager UI" "Dell Inc." C:\WINDOWS\system32\WLTRAY.exe File exists
|||| "Dell QuickSet" "Dell Inc" C:\Programme\Dell\QuickSet\quickset.exe File exists
|||||| "dla" "Sonic Solutions" C:\WINDOWS\system32\dla\tfswctrl.exe File exists
|||| "DVDLauncher" "CyberLink Corp." "C:\Programme\CyberLink\PowerDVD\DVDLauncher.exe" File exists
|||||| "IntelWireless" "Intel(R) Corporation" "C:\Programme\Gemeinsame Dateien\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel Wireless Tray File exists
|||| "IntelZeroConfig" "Intel(R) Corporation" "C:\Programme\Intel\WiFi\bin\ZCfgSvc.exe" File exists
|||| "MobileConnect" "Vodafone" %programfiles%\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe /silent File exists
|||| "nwiz" "NVIDIA Corporation" nwiz.exe /install File exists
|||| "Samsung PanelMgr" C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe /autorun File exists
|||| "Share-to-Web Namespace Daemon" "Hewlett-Packard" C:\Programme\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe File exists
|||| "SunJavaUpdateSched" "Sun Microsystems, Inc." "C:\Programme\Java\jre1.6.0_04\bin\jusched.exe" File exists
|||| "UpdateManager" "Sonic Solutions" "C:\Programme\Gemeinsame Dateien\Sonic\Update Manager\sgtray.exe" /r File exists
Network Providers
HKLM\SYSTEM\CurrentControlSet\Control\NetworkProvider\Order
|||||| "Dell Wireless WLAN Card Logon Provider" "Dell Inc." C:\WINDOWS\System32\BCMLogon.dll File exists
|||||| "IntelNetProvCredMan" "Intel(R) Corporation" C:\WINDOWS\system32\netprovcredman.dll File exists
Print Monitors
HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors
|||||| "Microsoft Document Imaging Writer Monitor" "Microsoft Corporation" C:\WINDOWS\system32\mdimon.dll File exists
|||||| "PDFCreator" C:\WINDOWS\system32\pdfcmnnt.dll File found, but it contains no detailed information
Services
HKLM\SYSTEM\CurrentControlSet\Services
|||||| ".NET Runtime Optimization Service v2.0.50727_X86" (clr_optimization_v2.0.50727_32) "Microsoft Corporation" C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe File exists
|||||| "ASP.NET State Service" (aspnet_state) "Microsoft Corporation" C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe File exists
|||||| "Dell Wireless WLAN Tray Service" (wltrysvc) C:\WINDOWS\System32\WLTRYSVC.EXE File found, but it contains no detailed information
|||||| "ForceWare IP service" (nSvcIp) "NVIDIA Corporation" C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe File exists
|||||| "ForceWare user log service" (nSvcLog) "NVIDIA Corporation" C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe File exists
"Forceware Web Interface" (ForcewareWebInterface) "C:\Programme\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe" -k runservice File not found
|||||| "Intel(R) PROSet/Wireless Event Log" (EvtEng) "Intel(R) Corporation" C:\Programme\Intel\WiFi\bin\EvtEng.exe File exists
|||||| "Intel(R) PROSet/Wireless Registry Service" (RegSrvc) "Intel(R) Corporation" C:\Programme\Gemeinsame Dateien\Intel\WirelessCommon\RegSrvc.exe File exists
"Intel(R) PROSet/Wireless SSO Service" (WLANKEEPER) "Intel(R) Corporation" C:\Programme\Intel\WiFi\bin\WLKeeper.exe File exists
|||||| "Intel(R) PROSet/Wireless WiFi Service" (S24EventMonitor) "Intel(R) Corporation" C:\Programme\Intel\WiFi\bin\S24EvMon.exe File exists
|||||| "Nero BackItUp Scheduler 3" (Nero BackItUp Scheduler 3) "Nero AG" C:\Programme\Nero\Nero8\Nero BackItUp\NBService.exe File exists
|||||| "NICCONFIGSVC" (NICCONFIGSVC) "Dell Inc." C:\Programme\Dell\QuickSet\NICCONFIGSVC.exe File exists
|||||| "NMIndexingService" (NMIndexingService) "Nero AG" C:\Programme\Gemeinsame Dateien\Nero\Lib\NMIndexingService.exe File exists
|||||| "Office Source Engine" (ose) "Microsoft Corporation" C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE File exists
|||||| "Vodafone Mobile Connect Service" (VMCService) "Vodafone" C:\Programme\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe File exists
|||||| "Windows CardSpace" (idsvc) "Microsoft Corporation" c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe File exists

Zitat:

"ageyykoc" (ageyykoc) C:\DOKUME~1\User\LOKALE~1\Temp\ageyykoc.sys Hidden registry entry, rootkit activity | File not found
"fwuwegd" (fwuwegd) "Windows (R) Codename Longhorn DDK provider" C:\WINDOWS\system32\drivers\fwuwegd.sys Hidden file | Hidden registry entry, rootkit activity

Bitte mit OSAM deaktivieren und löschen

Hier die 2 logs, einmal vor dem Entfernen und einmal danach.

Das File "ageyykoc" wurde allerdings heute Morgen von Osam gar nicht mehr gefunden, , bei keinem der Durchläufe. Das andere wurde nach dem Löschen nicht mehr angezeigt.

OSAM Log vorher:
Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 15:17:12 on 03.11.2010
OS: Windows XP Professional Service Pack 3 (Build 2600)
Default Browser: Microsoft Corporation Internet Explorer 8.00.6001.18702

Scanner Settings
Rootkits detection (hidden registry)
Rootkits detection (hidden files)
Retrieve files information
Check Microsoft signatures

Filters
Trusted entries
Empty entries
Hidden registry entries (rootkit activity)
Exclusively opened files
Not found files
Files without detailed information
Existing files
Non-startable services
Non-startable drivers
Active entries
Disabled entries
Risk Name Publisher Full Path Status
Common
%SystemRoot%\Tasks
|| "WGASetup.job" "Microsoft Corporation" C:\WINDOWS\system32\KB905474\wgasetup.exe File exists
Control Panel Objects
%SystemRoot%\system32
|||||| "BCMWLCPL.CPL" "Dell Inc." C:\WINDOWS\system32\BCMWLCPL.CPL File exists
|||||| "infocardcpl.cpl" "Microsoft Corporation" C:\WINDOWS\system32\infocardcpl.cpl File exists
|||||| "javacpl.cpl" "Sun Microsystems, Inc." C:\WINDOWS\system32\javacpl.cpl File exists
|||||| "NicConfigSvc.cpl" "Dell Inc." C:\WINDOWS\system32\NicConfigSvc.cpl File exists
|||||| "nvcpl.cpl" "NVIDIA Corporation" C:\WINDOWS\system32\nvcpl.cpl File exists
|||||| "nvtuicpl.cpl" "NVIDIA Corporation" C:\WINDOWS\system32\nvtuicpl.cpl File exists
HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls
|||||| "Nero BurnRights" "Nero AG" C:\Programme\Nero\Nero8\Nero Toolkit\NeroBurnRights.cpl File exists
Drivers
HKLM\SYSTEM\CurrentControlSet\Services
|||||| "AFS2k" (AFS2K) "Oak Technology Inc." C:\WINDOWS\system32\drivers\AFS2K.sys File exists
|||||| "APPDRV" (APPDRV) "Dell Inc" C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS File exists
|||||| "Bytemobile Boot Time Load Driver" (BMLoad) "Bytemobile, Inc." C:\WINDOWS\System32\drivers\BMLoad.sys File exists
|||||| "Bytemobile Kernel Network Provider" (tcpipBM) "Bytemobile, Inc." C:\WINDOWS\system32\drivers\tcpipBM.sys File exists
"Changer" (Changer) C:\WINDOWS\system32\drivers\Changer.sys File not found
|||||| "Conexant Setup API" (UIUSys) "Conexant" C:\WINDOWS\System32\drivers\UIUSys.sys File exists
|||||| "DgiVecp" (DgiVecp) "Samsung Electronics Co., Ltd." C:\WINDOWS\system32\Drivers\DgiVecp.sys File exists
|||||| "drvmcdb" (drvmcdb) "Sonic Solutions" C:\WINDOWS\System32\drivers\drvmcdb.sys File exists
|||||| "drvnddm" (drvnddm) "Sonic Solutions" C:\WINDOWS\System32\drivers\drvnddm.sys File exists
"i2omgmt" (i2omgmt) C:\WINDOWS\system32\drivers\i2omgmt.sys File not found
"lbrtfdc" (lbrtfdc) C:\WINDOWS\system32\drivers\lbrtfdc.sys File not found
"PCIDump" (PCIDump) C:\WINDOWS\system32\drivers\PCIDump.sys File not found
"PDCOMP" (PDCOMP) C:\WINDOWS\system32\drivers\PDCOMP.sys File not found
"PDFRAME" (PDFRAME) C:\WINDOWS\system32\drivers\PDFRAME.sys File not found
"PDRELI" (PDRELI) C:\WINDOWS\system32\drivers\PDRELI.sys File not found
"PDRFRAME" (PDRFRAME) C:\WINDOWS\system32\drivers\PDRFRAME.sys File not found
|||||| "PxHelp20" (PxHelp20) "Sonic Solutions" C:\WINDOWS\System32\Drivers\PxHelp20.sys File exists
|||||| "sscdbhk5" (sscdbhk5) "Sonic Solutions" C:\WINDOWS\System32\drivers\sscdbhk5.sys File exists
"SSPORT" (SSPORT) C:\WINDOWS\system32\Drivers\SSPORT.sys File not found
|||||| "ssrtln" (ssrtln) "Sonic Solutions" C:\WINDOWS\System32\drivers\ssrtln.sys File exists
|||||| "tfsnboio" (tfsnboio) "Sonic Solutions" C:\WINDOWS\System32\dla\tfsnboio.sys File exists
|||||| "tfsncofs" (tfsncofs) "Sonic Solutions" C:\WINDOWS\System32\dla\tfsncofs.sys File exists
|||||| "tfsndrct" (tfsndrct) "Sonic Solutions" C:\WINDOWS\System32\dla\tfsndrct.sys File exists
"tfsndres" (tfsndres) "Sonic Solutions" C:\WINDOWS\System32\dla\tfsndres.sys File exists
|||||| "tfsnifs" (tfsnifs) "Sonic Solutions" C:\WINDOWS\System32\dla\tfsnifs.sys File exists
|||||| "tfsnopio" (tfsnopio) "Sonic Solutions" C:\WINDOWS\System32\dla\tfsnopio.sys File exists
|||||| "tfsnpool" (tfsnpool) "Sonic Solutions" C:\WINDOWS\System32\dla\tfsnpool.sys File exists
|||||| "tfsnudf" (tfsnudf) "Sonic Solutions" C:\WINDOWS\System32\dla\tfsnudf.sys File exists
|||||| "tfsnudfa" (tfsnudfa) "Sonic Solutions" C:\WINDOWS\System32\dla\tfsnudfa.sys File exists
"WDICA" (WDICA) C:\WINDOWS\system32\drivers\WDICA.sys File not found
"fwuwegd" (fwuwegd) "Windows (R) Codename Longhorn DDK provider" C:\WINDOWS\system32\drivers\fwuwegd.sys Hidden file | Hidden registry entry, rootkit activity
Explorer
HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components
|||||| {89B4C1CD-B018-4511-B0A1-5476DBF70820} "StubPath" "Microsoft Corporation" c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install File exists
HKLM\Software\Classes\Folder\shellex\ColumnHandlers
|||||| {7D4D6379-F301-4311-BEBA-E26EB0561882} "NeroDigitalColumnHandler Class" "Nero AG" C:\Programme\Gemeinsame Dateien\Nero\Lib\NeroDigitalExt.dll File exists
|||||| {F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" "Adobe Systems, Inc." C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.dll File exists
|||||| {C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" C:\Programme\OpenOffice.org 2.4\program\shlxthdl.dll File exists
HKLM\Software\Classes\Protocols\Filter
|||||| {1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" "Microsoft Corporation" C:\WINDOWS\system32\mscoree.dll File exists
|||||| {1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" "Microsoft Corporation" C:\WINDOWS\system32\mscoree.dll File exists
|||||| {1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" "Microsoft Corporation" C:\WINDOWS\system32\mscoree.dll File exists
|||||| {807553E5-5146-11D5-A672-00B0D022E945} "text/xml" "Microsoft Corporation" C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL File exists
HKLM\Software\Classes\Protocols\Handler
|||||| {32505114-5902-49B2-880A-1F7738E5A384} "Data Page Plugable Protocal mso-offdap11 Handler" "Microsoft Corporation" C:\PROGRA~1\GEMEIN~1\MICROS~1\WEBCOM~1\11\OWC11.DLL File exists
|||||| {3D9F03FA-7A94-11D3-BE81-0050048385D1} "Data Page Pluggable Protocol mso-offdap Handler" "Microsoft Corporation" C:\PROGRA~1\GEMEIN~1\MICROS~1\WEBCOM~1\10\OWC10.DLL File exists
HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
|||||| {23170F69-40C1-278A-1000-000100020000} "7-Zip Shell Extension" "Igor Pavlov" C:\Programme\7-Zip\7-zip.dll File exists
{42071714-76d4-11d1-8b24-00a0c9068ff3} "CPL-Erweiterung für Anzeigeverschiebung" deskpan.dll File not found
|||||| {1CDB2949-8F65-4355-8456-263E7C208A5D} "Desktop Explorer" "NVIDIA Corporation" C:\WINDOWS\system32\nvshell.dll File exists
|||||| {1E9B04FB-F9E5-4718-997B-B8DA88302A47} "Desktop Explorer Menu" "NVIDIA Corporation" C:\WINDOWS\system32\nvshell.dll File exists
|||||| {5CA3D70E-1895-11CF-8E15-001234567890} "DriveLetterAccess" "Sonic Solutions" C:\WINDOWS\system32\dla\tfswshx.dll File exists
{FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} "IE User Assist" File not found | COM-object registry key not found
{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} "Kontextmenü für die Verschlüsselung" File not found | COM-object registry key not found
|||||| {42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" "Microsoft Corporation" C:\Programme\Microsoft Office\OFFICE11\msohev.dll File exists
|||||| {00020D75-0000-0000-C000-000000000046} "Microsoft Office Outlook" "Microsoft Corporation" C:\PROGRA~1\MICROS~2\OFFICE11\MLSHEXT.DLL File exists
|||||| {97F68CE3-7146-45FF-BE24-D9A7DD7CB8A2} "NeroCoverEdLiveIcons Class" "Nero AG" C:\Programme\Nero\Nero8\Nero CoverDesigner\CoverEdExtension.dll File exists
|||||| {B327765E-D724-4347-8B16-78AE18552FC3} "NeroDigitalIconHandler Class" "Nero AG" C:\Programme\Gemeinsame Dateien\Nero\Lib\NeroDigitalExt.dll File exists
|||||| {7F1CF152-04F8-453A-B34C-E609530A9DC8} "NeroDigitalPropSheetHandler Class" "Nero AG" C:\Programme\Gemeinsame Dateien\Nero\Lib\NeroDigitalExt.dll File exists
|||||| {1E9B04FB-F9E5-4718-997B-B8DA88302A48} "nView Desktop Context Menu" "NVIDIA Corporation" C:\WINDOWS\system32\nvshell.dll File exists
|||||| {C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "OpenOffice.org Column Handler" C:\Programme\OpenOffice.org 2.4\program\shlxthdl.dll File exists
|||||| {087B3AE3-E237-4467-B8DB-5A38AB959AC9} "OpenOffice.org Infotip Handler" C:\Programme\OpenOffice.org 2.4\program\shlxthdl.dll File exists
|||||| {63542C48-9552-494A-84F7-73AA6A7C99C1} "OpenOffice.org Property Sheet Handler" C:\Programme\OpenOffice.org 2.4\program\shlxthdl.dll File exists
|||||| {3B092F0C-7696-40E3-A80F-68D74DA84210} "OpenOffice.org Thumbnail Viewer" C:\Programme\OpenOffice.org 2.4\program\shlxthdl.dll File exists
|||||| {A4DF5659-0801-4A60-9607-1C48695EFDA9} "Ordner HP Share-to-Web" "Hewlett-Packard" C:\Programme\Hewlett-Packard\HP Share-to-Web\HPGS2WNS.DLL File exists
|||||| {0006F045-0000-0000-C000-000000000046} "Outlook-Dateisymbolerweiterung" "Microsoft Corporation" C:\PROGRA~1\MICROS~2\OFFICE11\OLKFSTUB.DLL File exists
|||||| {F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} "RealOne Player Context Menu Class" "RealNetworks, Inc." C:\Programme\Real\RealPlayer\rpshell.dll File exists
|||||| {DEE12703-6333-4D4E-8F34-738C4DCC2E04} "RecordNow! SendToExt" C:\Programme\Sonic\Sonic Solutions Product CD\RecordNow! Plus\shlext.dll File exists
|||||| {E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} "Shell Icon Handler for Application References" "Microsoft Corporation" c:\WINDOWS\system32\dfshim.dll File exists
{764BF0E1-F219-11ce-972D-00AA00A14F56} "Shellerweiterungen für die Dateikomprimierung" File not found | COM-object registry key not found
|||||| {e82a2d71-5b2f-43a0-97b8-81be15854de8} "ShellLink for Application References" "Microsoft Corporation" c:\WINDOWS\system32\dfshim.dll File exists
|||||| {BDEADF00-C265-11D0-BCED-00A0C90AB50F} "Webordner" "Microsoft Corporation" C:\PROGRA~1\GEMEIN~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL File exists
|||||| {B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" C:\Programme\WinRAR\rarext.dll File exists
Internet Explorer
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser
ITBar7Height "ITBar7Height" File not found | COM-object registry key not found
"ITBar7Layout" File not found | COM-object registry key not found
"ITBarLayout" File not found | COM-object registry key not found
"{D4027C7F-154A-4066-A1AD-4243D8127440}" File not found | COM-object registry key not found
HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units
|||| {8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_04"
hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab "Sun Microsystems, Inc." C:\Programme\Java\jre1.6.0_04\bin\npjpi160_04.dll File exists
|||| {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} "Java Plug-in 1.6.0_04"
hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab "Sun Microsystems, Inc." C:\Programme\Java\jre1.6.0_04\bin\npjpi160_04.dll File exists
|||| {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_04"
hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab "Sun Microsystems, Inc." C:\Programme\Java\jre1.6.0_04\bin\npjpi160_04.dll File exists
|||||| {D27CDB6E-AE6D-11CF-96B8-444553540000} "Shockwave Flash Object"
hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab "Adobe Systems, Inc." C:\WINDOWS\system32\Macromed\Flash\Flash10e.ocx File exists
HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions
|||| {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBC} "ClsidExtension" "Sun Microsystems, Inc." C:\Programme\Java\jre1.6.0_04\bin\npjpi160_04.dll File exists
|||||| {53707962-6F74-2D53-2644-206D7942484F} "ClsidExtension" "Safer Networking Limited" C:\PROGRA~1\SPYBOT~1\SDHelper.dll File exists
|||| {FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Recherchieren" "Microsoft Corporation" C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL File exists
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects
{F8495F2A-BB16-46C2-87EE-6439F2CC57E4} "{F8495F2A-BB16-46C2-87EE-6439F2CC57E4}" File not found | COM-object registry key not found
Logon
%AllUsersProfile%\Startmenü\Programme\Autostart
|||||| "desktop.ini" C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\desktop.ini File exists
%UserProfile%\Startmenü\Programme\Autostart
|||||| "desktop.ini" C:\Dokumente und Einstellungen\User\Startmenü\Programme\Autostart\desktop.ini File exists
|||| "OpenOffice.org 2.4.lnk" C:\Programme\OpenOffice.org 2.4\program\quickstart.exe Shortcut exists | File found, but it contains no detailed information | File exists
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
|||||| "SpybotSD TeaTimer" "Safer-Networking Ltd." C:\Programme\Spybot - Search & Destroy\TeaTimer.exe File exists
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
"Shell" "Microsoft Corporation" C:\WINDOWS\Explorer.exe File exists
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
|||| "Adobe ARM" "Adobe Systems Incorporated" "C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe" File exists
|||| "Adobe Reader Speed Launcher" "Adobe Systems Incorporated" "C:\Programme\Adobe\Reader 8.0\Reader\Reader_sl.exe" File exists
|||| "Broadcom Wireless Manager UI" "Dell Inc." C:\WINDOWS\system32\WLTRAY.exe File exists
|||| "Dell QuickSet" "Dell Inc" C:\Programme\Dell\QuickSet\quickset.exe File exists
|||||| "dla" "Sonic Solutions" C:\WINDOWS\system32\dla\tfswctrl.exe File exists
|||| "DVDLauncher" "CyberLink Corp." "C:\Programme\CyberLink\PowerDVD\DVDLauncher.exe" File exists
|||||| "IntelWireless" "Intel(R) Corporation" "C:\Programme\Gemeinsame Dateien\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel Wireless Tray File exists
|||| "IntelZeroConfig" "Intel(R) Corporation" "C:\Programme\Intel\WiFi\bin\ZCfgSvc.exe" File exists
|||| "MobileConnect" "Vodafone" %programfiles%\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe /silent File exists
|||| "nwiz" "NVIDIA Corporation" nwiz.exe /install File exists
|||| "Samsung PanelMgr" C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe /autorun File exists
|||| "Share-to-Web Namespace Daemon" "Hewlett-Packard" C:\Programme\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe File exists
|||| "SunJavaUpdateSched" "Sun Microsystems, Inc." "C:\Programme\Java\jre1.6.0_04\bin\jusched.exe" File exists
|||| "UpdateManager" "Sonic Solutions" "C:\Programme\Gemeinsame Dateien\Sonic\Update Manager\sgtray.exe" /r File exists
Network Providers
HKLM\SYSTEM\CurrentControlSet\Control\NetworkProvider\Order
|||||| "Dell Wireless WLAN Card Logon Provider" "Dell Inc." C:\WINDOWS\System32\BCMLogon.dll File exists
|||||| "IntelNetProvCredMan" "Intel(R) Corporation" C:\WINDOWS\system32\netprovcredman.dll File exists
Print Monitors
HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors
|||||| "Microsoft Document Imaging Writer Monitor" "Microsoft Corporation" C:\WINDOWS\system32\mdimon.dll File exists
|||||| "PDFCreator" C:\WINDOWS\system32\pdfcmnnt.dll File found, but it contains no detailed information
Services
HKLM\SYSTEM\CurrentControlSet\Services
|||||| ".NET Runtime Optimization Service v2.0.50727_X86" (clr_optimization_v2.0.50727_32) "Microsoft Corporation" C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe File exists
|||||| "ASP.NET State Service" (aspnet_state) "Microsoft Corporation" C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe File exists
|||||| "Dell Wireless WLAN Tray Service" (wltrysvc) C:\WINDOWS\System32\WLTRYSVC.EXE File found, but it contains no detailed information
|||||| "ForceWare IP service" (nSvcIp) "NVIDIA Corporation" C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe File exists
|||||| "ForceWare user log service" (nSvcLog) "NVIDIA Corporation" C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe File exists
"Forceware Web Interface" (ForcewareWebInterface) "C:\Programme\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe" -k runservice File not found
|||||| "Intel(R) PROSet/Wireless Event Log" (EvtEng) "Intel(R) Corporation" C:\Programme\Intel\WiFi\bin\EvtEng.exe File exists
|||||| "Intel(R) PROSet/Wireless Registry Service" (RegSrvc) "Intel(R) Corporation" C:\Programme\Gemeinsame Dateien\Intel\WirelessCommon\RegSrvc.exe File exists
"Intel(R) PROSet/Wireless SSO Service" (WLANKEEPER) "Intel(R) Corporation" C:\Programme\Intel\WiFi\bin\WLKeeper.exe File exists
|||||| "Intel(R) PROSet/Wireless WiFi Service" (S24EventMonitor) "Intel(R) Corporation" C:\Programme\Intel\WiFi\bin\S24EvMon.exe File exists
|||||| "Nero BackItUp Scheduler 3" (Nero BackItUp Scheduler 3) "Nero AG" C:\Programme\Nero\Nero8\Nero BackItUp\NBService.exe File exists
|||||| "NICCONFIGSVC" (NICCONFIGSVC) "Dell Inc." C:\Programme\Dell\QuickSet\NICCONFIGSVC.exe File exists
|||||| "NMIndexingService" (NMIndexingService) "Nero AG" C:\Programme\Gemeinsame Dateien\Nero\Lib\NMIndexingService.exe File exists
|||||| "Office Source Engine" (ose) "Microsoft Corporation" C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE File exists
|||||| "Vodafone Mobile Connect Service" (VMCService) "Vodafone" C:\Programme\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe File exists
|||||| "Windows CardSpace" (idsvc) "Microsoft Corporation" c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe File exists
|||||| "Windows Presentation Foundation Font Cache 3.0.0.0" (FontCache3.0.0.0) "Microsoft Corporation" c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe File exists
Winlogon
HKCU\Control Panel\IOProcs
"MVB" mvfs32.dll File not found
Winsock Providers
HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries
|||||| "BMI over [MSAFD Tcpip [RAW/IP]]" "Bytemobile, Inc." C:\WINDOWS\system32\bmnet.dll File exists
|||||| "BMI over [MSAFD Tcpip [TCP/IP]]" "Bytemobile, Inc." C:\WINDOWS\system32\bmnet.dll File exists
|||||| "BMI over [MSAFD Tcpip [UDP/IP]]" "Bytemobile, Inc." C:\WINDOWS\system32\bmnet.dll File exists
If You have questions or

Ich seh nur ein Log, wo der eine Eintrag noch vorhanden ist. Wird der noch von OSAM angezeigt?

Komisch, dann wurde der 2. Log wohl nicht hochgeladen. Dann nach mal hier:

Dieser kam NACH der Löschung

Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 15:51:06 on 03.11.2010
OS: Windows XP Professional Service Pack 3 (Build 2600)
Default Browser: Microsoft Corporation Internet Explorer 8.00.6001.18702

Scanner Settings
Rootkits detection (hidden registry)
Rootkits detection (hidden files)
Retrieve files information
Check Microsoft signatures

Filters
Trusted entries
Empty entries
Hidden registry entries (rootkit activity)
Exclusively opened files
Not found files
Files without detailed information
Existing files
Non-startable services
Non-startable drivers
Active entries
Disabled entries
Risk Name Publisher Full Path Status
Common
%SystemRoot%\Tasks
|| "WGASetup.job" "Microsoft Corporation" C:\WINDOWS\system32\KB905474\wgasetup.exe File exists
Control Panel Objects
%SystemRoot%\system32
|||||| "BCMWLCPL.CPL" "Dell Inc." C:\WINDOWS\system32\BCMWLCPL.CPL File exists
|||||| "infocardcpl.cpl" "Microsoft Corporation" C:\WINDOWS\system32\infocardcpl.cpl File exists
|||||| "javacpl.cpl" "Sun Microsystems, Inc." C:\WINDOWS\system32\javacpl.cpl File exists
|||||| "NicConfigSvc.cpl" "Dell Inc." C:\WINDOWS\system32\NicConfigSvc.cpl File exists
|||||| "nvcpl.cpl" "NVIDIA Corporation" C:\WINDOWS\system32\nvcpl.cpl File exists
|||||| "nvtuicpl.cpl" "NVIDIA Corporation" C:\WINDOWS\system32\nvtuicpl.cpl File exists
HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls
|||||| "Nero BurnRights" "Nero AG" C:\Programme\Nero\Nero8\Nero Toolkit\NeroBurnRights.cpl File exists
Drivers
HKLM\SYSTEM\CurrentControlSet\Services
|||||| "AFS2k" (AFS2K) "Oak Technology Inc." C:\WINDOWS\system32\drivers\AFS2K.sys File exists
|||||| "APPDRV" (APPDRV) "Dell Inc" C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS File exists
|||||| "Bytemobile Boot Time Load Driver" (BMLoad) "Bytemobile, Inc." C:\WINDOWS\System32\drivers\BMLoad.sys File exists
|||||| "Bytemobile Kernel Network Provider" (tcpipBM) "Bytemobile, Inc." C:\WINDOWS\system32\drivers\tcpipBM.sys File exists
"Changer" (Changer) C:\WINDOWS\system32\drivers\Changer.sys File not found
|||||| "Conexant Setup API" (UIUSys) "Conexant" C:\WINDOWS\System32\drivers\UIUSys.sys File exists
|||||| "DgiVecp" (DgiVecp) "Samsung Electronics Co., Ltd." C:\WINDOWS\system32\Drivers\DgiVecp.sys File exists
|||||| "drvmcdb" (drvmcdb) "Sonic Solutions" C:\WINDOWS\System32\drivers\drvmcdb.sys File exists
|||||| "drvnddm" (drvnddm) "Sonic Solutions" C:\WINDOWS\System32\drivers\drvnddm.sys File exists
"i2omgmt" (i2omgmt) C:\WINDOWS\system32\drivers\i2omgmt.sys File not found
"lbrtfdc" (lbrtfdc) C:\WINDOWS\system32\drivers\lbrtfdc.sys File not found
"PCIDump" (PCIDump) C:\WINDOWS\system32\drivers\PCIDump.sys File not found
"PDCOMP" (PDCOMP) C:\WINDOWS\system32\drivers\PDCOMP.sys File not found
"PDFRAME" (PDFRAME) C:\WINDOWS\system32\drivers\PDFRAME.sys File not found
"PDRELI" (PDRELI) C:\WINDOWS\system32\drivers\PDRELI.sys File not found
"PDRFRAME" (PDRFRAME) C:\WINDOWS\system32\drivers\PDRFRAME.sys File not found
|||||| "PxHelp20" (PxHelp20) "Sonic Solutions" C:\WINDOWS\System32\Drivers\PxHelp20.sys File exists
|||||| "sscdbhk5" (sscdbhk5) "Sonic Solutions" C:\WINDOWS\System32\drivers\sscdbhk5.sys File exists
"SSPORT" (SSPORT) C:\WINDOWS\system32\Drivers\SSPORT.sys File not found
|||||| "ssrtln" (ssrtln) "Sonic Solutions" C:\WINDOWS\System32\drivers\ssrtln.sys File exists
|||||| "tfsnboio" (tfsnboio) "Sonic Solutions" C:\WINDOWS\System32\dla\tfsnboio.sys File exists
|||||| "tfsncofs" (tfsncofs) "Sonic Solutions" C:\WINDOWS\System32\dla\tfsncofs.sys File exists
|||||| "tfsndrct" (tfsndrct) "Sonic Solutions" C:\WINDOWS\System32\dla\tfsndrct.sys File exists
"tfsndres" (tfsndres) "Sonic Solutions" C:\WINDOWS\System32\dla\tfsndres.sys File exists
|||||| "tfsnifs" (tfsnifs) "Sonic Solutions" C:\WINDOWS\System32\dla\tfsnifs.sys File exists
|||||| "tfsnopio" (tfsnopio) "Sonic Solutions" C:\WINDOWS\System32\dla\tfsnopio.sys File exists
|||||| "tfsnpool" (tfsnpool) "Sonic Solutions" C:\WINDOWS\System32\dla\tfsnpool.sys File exists
|||||| "tfsnudf" (tfsnudf) "Sonic Solutions" C:\WINDOWS\System32\dla\tfsnudf.sys File exists
|||||| "tfsnudfa" (tfsnudfa) "Sonic Solutions" C:\WINDOWS\System32\dla\tfsnudfa.sys File exists
"WDICA" (WDICA) C:\WINDOWS\system32\drivers\WDICA.sys File not found
Explorer
HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components
|||||| {89B4C1CD-B018-4511-B0A1-5476DBF70820} "StubPath" "Microsoft Corporation" c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install File exists
HKLM\Software\Classes\Folder\shellex\ColumnHandlers
|||||| {7D4D6379-F301-4311-BEBA-E26EB0561882} "NeroDigitalColumnHandler Class" "Nero AG" C:\Programme\Gemeinsame Dateien\Nero\Lib\NeroDigitalExt.dll File exists
|||||| {F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" "Adobe Systems, Inc." C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.dll File exists
|||||| {C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" C:\Programme\OpenOffice.org 2.4\program\shlxthdl.dll File exists
HKLM\Software\Classes\Protocols\Filter
|||||| {1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" "Microsoft Corporation" C:\WINDOWS\system32\mscoree.dll File exists
|||||| {1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" "Microsoft Corporation" C:\WINDOWS\system32\mscoree.dll File exists
|||||| {1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" "Microsoft Corporation" C:\WINDOWS\system32\mscoree.dll File exists
|||||| {807553E5-5146-11D5-A672-00B0D022E945} "text/xml" "Microsoft Corporation" C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL File exists
HKLM\Software\Classes\Protocols\Handler
|||||| {32505114-5902-49B2-880A-1F7738E5A384} "Data Page Plugable Protocal mso-offdap11 Handler" "Microsoft Corporation" C:\PROGRA~1\GEMEIN~1\MICROS~1\WEBCOM~1\11\OWC11.DLL File exists
|||||| {3D9F03FA-7A94-11D3-BE81-0050048385D1} "Data Page Pluggable Protocol mso-offdap Handler" "Microsoft Corporation" C:\PROGRA~1\GEMEIN~1\MICROS~1\WEBCOM~1\10\OWC10.DLL File exists
HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
|||||| {23170F69-40C1-278A-1000-000100020000} "7-Zip Shell Extension" "Igor Pavlov" C:\Programme\7-Zip\7-zip.dll File exists
{42071714-76d4-11d1-8b24-00a0c9068ff3} "CPL-Erweiterung für Anzeigeverschiebung" deskpan.dll File not found
|||||| {1CDB2949-8F65-4355-8456-263E7C208A5D} "Desktop Explorer" "NVIDIA Corporation" C:\WINDOWS\system32\nvshell.dll File exists
|||||| {1E9B04FB-F9E5-4718-997B-B8DA88302A47} "Desktop Explorer Menu" "NVIDIA Corporation" C:\WINDOWS\system32\nvshell.dll File exists
|||||| {5CA3D70E-1895-11CF-8E15-001234567890} "DriveLetterAccess" "Sonic Solutions" C:\WINDOWS\system32\dla\tfswshx.dll File exists
{FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} "IE User Assist" File not found | COM-object registry key not found
{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} "Kontextmenü für die Verschlüsselung" File not found | COM-object registry key not found
|||||| {42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" "Microsoft Corporation" C:\Programme\Microsoft Office\OFFICE11\msohev.dll File exists
|||||| {00020D75-0000-0000-C000-000000000046} "Microsoft Office Outlook" "Microsoft Corporation" C:\PROGRA~1\MICROS~2\OFFICE11\MLSHEXT.DLL File exists
|||||| {97F68CE3-7146-45FF-BE24-D9A7DD7CB8A2} "NeroCoverEdLiveIcons Class" "Nero AG" C:\Programme\Nero\Nero8\Nero CoverDesigner\CoverEdExtension.dll File exists
|||||| {B327765E-D724-4347-8B16-78AE18552FC3} "NeroDigitalIconHandler Class" "Nero AG" C:\Programme\Gemeinsame Dateien\Nero\Lib\NeroDigitalExt.dll File exists
|||||| {7F1CF152-04F8-453A-B34C-E609530A9DC8} "NeroDigitalPropSheetHandler Class" "Nero AG" C:\Programme\Gemeinsame Dateien\Nero\Lib\NeroDigitalExt.dll File exists
|||||| {1E9B04FB-F9E5-4718-997B-B8DA88302A48} "nView Desktop Context Menu" "NVIDIA Corporation" C:\WINDOWS\system32\nvshell.dll File exists
|||||| {C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "OpenOffice.org Column Handler" C:\Programme\OpenOffice.org 2.4\program\shlxthdl.dll File exists
|||||| {087B3AE3-E237-4467-B8DB-5A38AB959AC9} "OpenOffice.org Infotip Handler" C:\Programme\OpenOffice.org 2.4\program\shlxthdl.dll File exists
|||||| {63542C48-9552-494A-84F7-73AA6A7C99C1} "OpenOffice.org Property Sheet Handler" C:\Programme\OpenOffice.org 2.4\program\shlxthdl.dll File exists
|||||| {3B092F0C-7696-40E3-A80F-68D74DA84210} "OpenOffice.org Thumbnail Viewer" C:\Programme\OpenOffice.org 2.4\program\shlxthdl.dll File exists
|||||| {A4DF5659-0801-4A60-9607-1C48695EFDA9} "Ordner HP Share-to-Web" "Hewlett-Packard" C:\Programme\Hewlett-Packard\HP Share-to-Web\HPGS2WNS.DLL File exists
|||||| {0006F045-0000-0000-C000-000000000046} "Outlook-Dateisymbolerweiterung" "Microsoft Corporation" C:\PROGRA~1\MICROS~2\OFFICE11\OLKFSTUB.DLL File exists
|||||| {F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} "RealOne Player Context Menu Class" "RealNetworks, Inc." C:\Programme\Real\RealPlayer\rpshell.dll File exists
|||||| {DEE12703-6333-4D4E-8F34-738C4DCC2E04} "RecordNow! SendToExt" C:\Programme\Sonic\Sonic Solutions Product CD\RecordNow! Plus\shlext.dll File exists
|||||| {E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} "Shell Icon Handler for Application References" "Microsoft Corporation" c:\WINDOWS\system32\dfshim.dll File exists
{764BF0E1-F219-11ce-972D-00AA00A14F56} "Shellerweiterungen für die Dateikomprimierung" File not found | COM-object registry key not found
|||||| {e82a2d71-5b2f-43a0-97b8-81be15854de8} "ShellLink for Application References" "Microsoft Corporation" c:\WINDOWS\system32\dfshim.dll File exists
|||||| {BDEADF00-C265-11D0-BCED-00A0C90AB50F} "Webordner" "Microsoft Corporation" C:\PROGRA~1\GEMEIN~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL File exists
|||||| {B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" C:\Programme\WinRAR\rarext.dll File exists
Internet Explorer
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser
ITBar7Height "ITBar7Height" File not found | COM-object registry key not found
"ITBar7Layout" File not found | COM-object registry key not found
"ITBarLayout" File not found | COM-object registry key not found
"{D4027C7F-154A-4066-A1AD-4243D8127440}" File not found | COM-object registry key not found
HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units
|||| {8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_04"
hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab "Sun Microsystems, Inc." C:\Programme\Java\jre1.6.0_04\bin\npjpi160_04.dll File exists
|||| {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} "Java Plug-in 1.6.0_04"
hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab "Sun Microsystems, Inc." C:\Programme\Java\jre1.6.0_04\bin\npjpi160_04.dll File exists
|||| {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_04"
hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab "Sun Microsystems, Inc." C:\Programme\Java\jre1.6.0_04\bin\npjpi160_04.dll File exists
|||||| {D27CDB6E-AE6D-11CF-96B8-444553540000} "Shockwave Flash Object"
hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab "Adobe Systems, Inc." C:\WINDOWS\system32\Macromed\Flash\Flash10e.ocx File exists
HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions
|||| {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBC} "ClsidExtension" "Sun Microsystems, Inc." C:\Programme\Java\jre1.6.0_04\bin\npjpi160_04.dll File exists
|||||| {53707962-6F74-2D53-2644-206D7942484F} "ClsidExtension" "Safer Networking Limited" C:\PROGRA~1\SPYBOT~1\SDHelper.dll File exists
|||| {FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Recherchieren" "Microsoft Corporation" C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL File exists
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects
{F8495F2A-BB16-46C2-87EE-6439F2CC57E4} "{F8495F2A-BB16-46C2-87EE-6439F2CC57E4}" File not found | COM-object registry key not found
Logon
%AllUsersProfile%\Startmenü\Programme\Autostart
|||||| "desktop.ini" C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\desktop.ini File exists
%UserProfile%\Startmenü\Programme\Autostart
|||||| "desktop.ini" C:\Dokumente und Einstellungen\User\Startmenü\Programme\Autostart\desktop.ini File exists
|||| "OpenOffice.org 2.4.lnk" C:\Programme\OpenOffice.org 2.4\program\quickstart.exe Shortcut exists | File found, but it contains no detailed information | File exists
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
|||||| "SpybotSD TeaTimer" "Safer-Networking Ltd." C:\Programme\Spybot - Search & Destroy\TeaTimer.exe File exists
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
"Shell" "Microsoft Corporation" C:\WINDOWS\Explorer.exe File exists
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
|||| "Adobe ARM" "Adobe Systems Incorporated" "C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe" File exists
|||| "Adobe Reader Speed Launcher" "Adobe Systems Incorporated" "C:\Programme\Adobe\Reader 8.0\Reader\Reader_sl.exe" File exists
|||| "Broadcom Wireless Manager UI" "Dell Inc." C:\WINDOWS\system32\WLTRAY.exe File exists
|||| "Dell QuickSet" "Dell Inc" C:\Programme\Dell\QuickSet\quickset.exe File exists
|||||| "dla" "Sonic Solutions" C:\WINDOWS\system32\dla\tfswctrl.exe File exists
|||| "DVDLauncher" "CyberLink Corp." "C:\Programme\CyberLink\PowerDVD\DVDLauncher.exe" File exists
|||||| "IntelWireless" "Intel(R) Corporation" "C:\Programme\Gemeinsame Dateien\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel Wireless Tray File exists
|||| "IntelZeroConfig" "Intel(R) Corporation" "C:\Programme\Intel\WiFi\bin\ZCfgSvc.exe" File exists
|||| "MobileConnect" "Vodafone" %programfiles%\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe /silent File exists
|||| "nwiz" "NVIDIA Corporation" nwiz.exe /install File exists
|||| "Samsung PanelMgr" C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe /autorun File exists
|||| "Share-to-Web Namespace Daemon" "Hewlett-Packard" C:\Programme\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe File exists
|||| "SunJavaUpdateSched" "Sun Microsystems, Inc." "C:\Programme\Java\jre1.6.0_04\bin\jusched.exe" File exists
|||| "UpdateManager" "Sonic Solutions" "C:\Programme\Gemeinsame Dateien\Sonic\Update Manager\sgtray.exe" /r File exists
Network Providers
HKLM\SYSTEM\CurrentControlSet\Control\NetworkProvider\Order
|||||| "Dell Wireless WLAN Card Logon Provider" "Dell Inc." C:\WINDOWS\System32\BCMLogon.dll File exists
|||||| "IntelNetProvCredMan" "Intel(R) Corporation" C:\WINDOWS\system32\netprovcredman.dll File exists
Print Monitors
HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors
|||||| "Microsoft Document Imaging Writer Monitor" "Microsoft Corporation" C:\WINDOWS\system32\mdimon.dll File exists
|||||| "PDFCreator" C:\WINDOWS\system32\pdfcmnnt.dll File found, but it contains no detailed information
Services
HKLM\SYSTEM\CurrentControlSet\Services
|||||| ".NET Runtime Optimization Service v2.0.50727_X86" (clr_optimization_v2.0.50727_32) "Microsoft Corporation" C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe File exists
|||||| "ASP.NET State Service" (aspnet_state) "Microsoft Corporation" C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe File exists
|||||| "Dell Wireless WLAN Tray Service" (wltrysvc) C:\WINDOWS\System32\WLTRYSVC.EXE File found, but it contains no detailed information
|||||| "ForceWare IP service" (nSvcIp) "NVIDIA Corporation" C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe File exists
|||||| "ForceWare user log service" (nSvcLog) "NVIDIA Corporation" C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe File exists
"Forceware Web Interface" (ForcewareWebInterface) "C:\Programme\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe" -k runservice File not found
|||||| "Intel(R) PROSet/Wireless Event Log" (EvtEng) "Intel(R) Corporation" C:\Programme\Intel\WiFi\bin\EvtEng.exe File exists
|||||| "Intel(R) PROSet/Wireless Registry Service" (RegSrvc) "Intel(R) Corporation" C:\Programme\Gemeinsame Dateien\Intel\WirelessCommon\RegSrvc.exe File exists
"Intel(R) PROSet/Wireless SSO Service" (WLANKEEPER) "Intel(R) Corporation" C:\Programme\Intel\WiFi\bin\WLKeeper.exe File exists
|||||| "Intel(R) PROSet/Wireless WiFi Service" (S24EventMonitor) "Intel(R) Corporation" C:\Programme\Intel\WiFi\bin\S24EvMon.exe File exists
|||||| "Nero BackItUp Scheduler 3" (Nero BackItUp Scheduler 3) "Nero AG" C:\Programme\Nero\Nero8\Nero BackItUp\NBService.exe File exists
|||||| "NICCONFIGSVC" (NICCONFIGSVC) "Dell Inc." C:\Programme\Dell\QuickSet\NICCONFIGSVC.exe File exists
|||||| "NMIndexingService" (NMIndexingService) "Nero AG" C:\Programme\Gemeinsame Dateien\Nero\Lib\NMIndexingService.exe File exists
|||||| "Office Source Engine" (ose) "Microsoft Corporation" C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE File exists
|||||| "Vodafone Mobile Connect Service" (VMCService) "Vodafone" C:\Programme\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe File exists
|||||| "Windows CardSpace" (idsvc) "Microsoft Corporation" c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe File exists
|||||| "Windows Presentation Foundation Font Cache 3.0.0.0" (FontCache3.0.0.0) "Microsoft Corporation" c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe File exists
Winlogon
HKCU\Control Panel\IOProcs
"MVB" mvfs32.dll File not found
Winsock Providers
HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries
|||||| "BMI over [MSAFD Tcpip [RAW/IP]]" "Bytemobile, Inc." C:\WINDOWS\system32\bmnet.dll File exists
|||||| "BMI over [MSAFD Tcpip [TCP/IP]]" "Bytemobile, Inc." C:\WINDOWS\system32\bmnet.dll File exists
|||||| "BMI over [MSAFD Tcpip [UDP/IP]]" "Bytemobile, Inc." C:\WINDOWS\system32\bmnet.dll File exists
If You have questions or want to get some help, You can visit hxxp://forum.online

Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!

Der Scan von Malwarebytes hat nichts mehr gefunden, aber der Scan von SUPERAntiSpyware hatte gleich 9 Treffer. Allerdings weiss ich nicht ob die letzen 2 wirklich Trojaner sind. Das Mike Programm habe ich auch auf meinem anderen PC , das ist Software von meiner Arbeit. Allerdings wäre es nicht schlimm, wenn es entfernt wird. Das Update dafür kriege ich auch anders.


SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com

Generated 11/04/2010 at 09:57 PM

Application Version : 4.45.1000

Core Rules Database Version : 5767
Trace Rules Database Version: 3579

Scan type : Complete Scan
Total Scan Time : 01:41:47

Memory items scanned : 573
Memory threats detected : 0
Registry items scanned : 7496
Registry threats detected : 9
File items scanned : 137170
File threats detected : 2

Trojan.Agent/Gen-SSHNAS
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SSHNAS
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SSHNAS#NextInstance
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SSHNAS\0000
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SSHNAS\0000#Service
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SSHNAS\0000#Legacy
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SSHNAS\0000#ConfigFlags
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SSHNAS\0000#Class
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SSHNAS\0000#ClassGUID
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SSHNAS\0000#DeviceDesc

Trojan.Agent/Gen-Cryptor[Egun]
C:\PROGRAMME\MATTHIES\MIKE\UPDATER\MIKEUPDATE.EXE

Trojan.Agent/Gen-FakeAV
C:\PROGRAMME\WINRAR\DEFAULT.SFX

Ein paar Überreste waren da noch.
Probier den Lauf mit combofix nochmal, lad cf neu als cofi.exe wieder runter, die alte vorher löschen.

Soll ich die Reste mit SUPERAntiSpyware VORHER löschen?

Ja bitte vorher löschen

Ok, die Problemfälle habe ich alle aus der Quarantäne entfernt. Ich habe danach nochmal mit allen bisher genutzten Tools Scans vorgenommen, auch im abgesicherten Modus. Aber keiner hat was gefunden.
Folgende Symptone gibt es aber noch:
ComboFix geht immer noch nicht, genauso wie die installation von anderen Programmen, z.b. Antivir. Laut Meldung habe ich nicht ausreichende Berechtigung.
Wenn ich einen I.Explorer starte , öffnet sich nur ein Fenster , aber im Taskmanager sind 2 offen, wenn ich eins schliesse, geht das 2 auch zu.
Beim Herunterfahren habe ich eine Fehlermeldung von Apoint.exe und eine von SSMMgr.exe.
Gibt es eine Möglichkeit zu testen , ob mein User auch tatsächlich Adminrechte hat?

Hm also entweder ist da noch ein Rootkit am werkeln oder Dein Windows wurde zerlegt

Mach mal ein neues Log mit dem Kaspersky TDSS removing Tool

Den TDSS hatte ich am Wochenende schon mal drüberlaufen lassen, der hat nichts gefunden . Hab es gerade nochmal wiederholt mit dem selben Resultat.
Am meisten irritiert mich, das immer 2 Browser aufgehen, wenn ich einen öffne.

TDSS Log

2010/11/08 09:58:14.0953 TDSS rootkit removing tool 2.4.5.1 Oct 26 2010 11:28:49
2010/11/08 09:58:14.0953 ================================================================================
2010/11/08 09:58:14.0953 SystemInfo:
2010/11/08 09:58:14.0953
2010/11/08 09:58:14.0953 OS Version: 5.1.2600 ServicePack: 3.0
2010/11/08 09:58:14.0953 Product type: Workstation
2010/11/08 09:58:14.0953 ComputerName: KJFH-D07EA92F3B
2010/11/08 09:58:14.0953 UserName: User
2010/11/08 09:58:14.0953 Windows directory: C:\WINDOWS
2010/11/08 09:58:14.0953 System windows directory: C:\WINDOWS
2010/11/08 09:58:14.0953 Processor architecture: Intel x86
2010/11/08 09:58:14.0953 Number of processors: 2
2010/11/08 09:58:14.0953 Page size: 0x1000
2010/11/08 09:58:14.0953 Boot type: Normal boot
2010/11/08 09:58:14.0953 ================================================================================
2010/11/08 09:58:15.0171 Initialize success
2010/11/08 09:58:20.0062 ================================================================================
2010/11/08 09:58:20.0062 Scan started
2010/11/08 09:58:20.0062 Mode: Manual;
2010/11/08 09:58:20.0062 ================================================================================
2010/11/08 09:58:21.0046 ACPI (ac407f1a62c3a300b4f2b5a9f1d55b2c) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2010/11/08 09:58:21.0093 ACPIEC (9e1ca3160dafb159ca14f83b1e317f75) C:\WINDOWS\system32\drivers\ACPIEC.sys
2010/11/08 09:58:21.0156 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2010/11/08 09:58:21.0203 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
2010/11/08 09:58:21.0250 AFS2K (b34b1ab0a7690a0e2301fec6d17b2fc1) C:\WINDOWS\system32\drivers\AFS2K.sys
2010/11/08 09:58:21.0375 AmdK8 (22ad3ec1f0486c863d70cdd50b97761b) C:\WINDOWS\system32\DRIVERS\AmdK8.sys
2010/11/08 09:58:21.0437 ApfiltrService (090880e9bf20f928bc341f96d27c019e) C:\WINDOWS\system32\DRIVERS\Apfiltr.sys
2010/11/08 09:58:21.0500 APPDRV (ec94e05b76d033b74394e7b2175103cf) C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS
2010/11/08 09:58:21.0562 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
2010/11/08 09:58:21.0671 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2010/11/08 09:58:21.0703 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2010/11/08 09:58:21.0750 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2010/11/08 09:58:21.0796 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2010/11/08 09:58:21.0859 b57w2k (3a3a82ffd268bcfb7ae6a48cecf00ad9) C:\WINDOWS\system32\DRIVERS\b57xp32.sys
2010/11/08 09:58:21.0937 BCM43XX (b89bcf0a25aeb3b47030ac83287f894a) C:\WINDOWS\system32\DRIVERS\bcmwl5.sys
2010/11/08 09:58:22.0000 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2010/11/08 09:58:22.0046 BMLoad (d002033c1a37f6af51b5f0ba6d0211bc) C:\WINDOWS\system32\drivers\BMLoad.sys
2010/11/08 09:58:22.0109 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2010/11/08 09:58:22.0140 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2010/11/08 09:58:22.0218 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2010/11/08 09:58:22.0250 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2010/11/08 09:58:22.0312 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
2010/11/08 09:58:22.0359 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
2010/11/08 09:58:22.0562 DgiVecp (770471de2550820feeb7e5d24bf2e273) C:\WINDOWS\system32\Drivers\DgiVecp.sys
2010/11/08 09:58:22.0578 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2010/11/08 09:58:22.0656 dmboot (0dcfc8395a99fecbb1ef771cec7fe4ea) C:\WINDOWS\system32\drivers\dmboot.sys
2010/11/08 09:58:22.0734 dmio (53720ab12b48719d00e327da470a619a) C:\WINDOWS\system32\drivers\dmio.sys
2010/11/08 09:58:22.0750 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2010/11/08 09:58:22.0796 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2010/11/08 09:58:22.0843 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2010/11/08 09:58:22.0875 drvmcdb (b15f9e526ba511a48b1b1b8537815740) C:\WINDOWS\system32\drivers\drvmcdb.sys
2010/11/08 09:58:22.0906 drvnddm (fa4670cae95ae2bb857c68e535661145) C:\WINDOWS\system32\drivers\drvnddm.sys
2010/11/08 09:58:23.0000 ewusbnet (13d0f39d356e70f0a5e80d7771382245) C:\WINDOWS\system32\DRIVERS\ewusbnet.sys
2010/11/08 09:58:23.0062 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2010/11/08 09:58:23.0093 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
2010/11/08 09:58:23.0125 Fips (b0678a548587c5f1967b0d70bacad6c1) C:\WINDOWS\system32\drivers\Fips.sys
2010/11/08 09:58:23.0140 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
2010/11/08 09:58:23.0187 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2010/11/08 09:58:23.0234 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2010/11/08 09:58:23.0250 Ftdisk (8f1955ce42e1484714b542f341647778) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2010/11/08 09:58:23.0296 gameenum (065639773d8b03f33577f6cdaea21063) C:\WINDOWS\system32\DRIVERS\gameenum.sys
2010/11/08 09:58:23.0328 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2010/11/08 09:58:23.0390 GTIPCI21 (ca835331825599b938e37525796d3549) C:\WINDOWS\system32\DRIVERS\gtipci21.sys
2010/11/08 09:58:23.0437 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2010/11/08 09:58:23.0484 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2010/11/08 09:58:23.0609 HSFHWICH (a84bbbdd125d370593004f6429f8445c) C:\WINDOWS\system32\DRIVERS\HSFHWICH.sys
2010/11/08 09:58:23.0656 HSF_DPV (b678fa91cf4a1c19b462d8db04cd02ab) C:\WINDOWS\system32\DRIVERS\HSF_DPV.SYS
2010/11/08 09:58:23.0781 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2010/11/08 09:58:23.0859 hwdatacard (8adf5ef39e896a65beded878494ee2b6) C:\WINDOWS\system32\DRIVERS\ewusbmdm.sys
2010/11/08 09:58:23.0921 hwusbfake (83026e41d9960430491432dbd6af969a) C:\WINDOWS\system32\DRIVERS\ewusbfake.sys
2010/11/08 09:58:24.0031 i8042prt (e283b97cfbeb86c1d86baed5f7846a92) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2010/11/08 09:58:24.0281 ialm (e8c7cc369c2fb657e0792af70df529e6) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
2010/11/08 09:58:24.0578 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2010/11/08 09:58:24.0890 IntcAzAudAddService (a7d3a1b2cabdab81ead07c204adb7ce1) C:\WINDOWS\system32\drivers\RtkHDAud.sys
2010/11/08 09:58:25.0062 IntelIde (69c4e3c9e67a1f103b94e14fdd5f3213) C:\WINDOWS\system32\DRIVERS\intelide.sys
2010/11/08 09:58:25.0109 intelppm (4c7d2750158ed6e7ad642d97bffae351) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2010/11/08 09:58:25.0140 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2010/11/08 09:58:25.0187 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2010/11/08 09:58:25.0234 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2010/11/08 09:58:25.0281 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2010/11/08 09:58:25.0296 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2010/11/08 09:58:25.0328 irda (aca5e7b54409f9cb5eed97ed0c81120e) C:\WINDOWS\system32\DRIVERS\irda.sys
2010/11/08 09:58:25.0359 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2010/11/08 09:58:25.0421 irsir (0501f0b9ab08425f8c0eacbdcc04aa32) C:\WINDOWS\system32\DRIVERS\irsir.sys
2010/11/08 09:58:25.0468 isapnp (6dfb88f64135c525433e87648bda30de) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2010/11/08 09:58:25.0484 Kbdclass (1704d8c4c8807b889e43c649b478a452) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2010/11/08 09:58:25.0515 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2010/11/08 09:58:25.0562 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2010/11/08 09:58:25.0656 mdmxsdk (3c318b9cd391371bed62126581ee9961) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
2010/11/08 09:58:25.0703 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2010/11/08 09:58:25.0765 Modem (6fb74ebd4ec57a6f1781de3852cc3362) C:\WINDOWS\system32\drivers\Modem.sys
2010/11/08 09:58:25.0796 Mouclass (b24ce8005deab254c0251e15cb71d802) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2010/11/08 09:58:25.0843 mouhid (66a6f73c74e1791464160a7065ce711a) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2010/11/08 09:58:25.0875 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2010/11/08 09:58:25.0921 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2010/11/08 09:58:25.0968 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2010/11/08 09:58:26.0031 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2010/11/08 09:58:26.0062 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2010/11/08 09:58:26.0093 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2010/11/08 09:58:26.0125 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2010/11/08 09:58:26.0156 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2010/11/08 09:58:26.0203 ms_mpu401 (ca3e22598f411199adc2dfee76cd0ae0) C:\WINDOWS\system32\drivers\msmpu401.sys
2010/11/08 09:58:26.0250 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2010/11/08 09:58:26.0296 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2010/11/08 09:58:26.0328 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2010/11/08 09:58:26.0375 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2010/11/08 09:58:26.0390 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2010/11/08 09:58:26.0421 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
2010/11/08 09:58:26.0453 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2010/11/08 09:58:26.0468 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2010/11/08 09:58:26.0687 NETw5x32 (91f027c242d3ff6e5c09f92a0518297f) C:\WINDOWS\system32\DRIVERS\NETw5x32.sys
2010/11/08 09:58:26.0890 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
2010/11/08 09:58:26.0953 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2010/11/08 09:58:26.0984 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2010/11/08 09:58:27.0031 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2010/11/08 09:58:27.0203 nv (eb2858f920b8135b807b5ccaa3ed73dc) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2010/11/08 09:58:27.0406 nvata (9eccd189a9554c30a0d18a429778c7ba) C:\WINDOWS\system32\DRIVERS\nvata.sys
2010/11/08 09:58:27.0437 NVENETFD (4d6f0d3fb17c1ba64942f415c73adcdb) C:\WINDOWS\system32\DRIVERS\NVENETFD.sys
2010/11/08 09:58:27.0468 nvnetbus (921e63aa1e1a20302223d016acafb52b) C:\WINDOWS\system32\DRIVERS\nvnetbus.sys
2010/11/08 09:58:27.0500 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2010/11/08 09:58:27.0515 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2010/11/08 09:58:27.0562 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
2010/11/08 09:58:27.0625 Parport (f84785660305b9b903fb3bca8ba29837) C:\WINDOWS\system32\DRIVERS\parport.sys
2010/11/08 09:58:27.0656 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2010/11/08 09:58:27.0703 ParVdm (c2bf987829099a3eaa2ca6a0a90ecb4f) C:\WINDOWS\system32\drivers\ParVdm.sys
2010/11/08 09:58:27.0750 PCI (387e8dedc343aa2d1efbc30580273acd) C:\WINDOWS\system32\DRIVERS\pci.sys
2010/11/08 09:58:27.0812 PCIIde (59ba86d9a61cbcf4df8e598c331f5b82) C:\WINDOWS\system32\DRIVERS\pciide.sys
2010/11/08 09:58:27.0828 Pcmcia (a2a966b77d61847d61a3051df87c8c97) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
2010/11/08 09:58:28.0015 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2010/11/08 09:58:28.0046 Processor (2cb55427c58679f49ad600fccba76360) C:\WINDOWS\system32\DRIVERS\processr.sys
2010/11/08 09:58:28.0078 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2010/11/08 09:58:28.0093 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2010/11/08 09:58:28.0156 PxHelp20 (30cbae0a34359f1cd19d1576245149ed) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2010/11/08 09:58:28.0281 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2010/11/08 09:58:28.0328 Rasirda (0207d26ddf796a193ccd9f83047bb5fc) C:\WINDOWS\system32\DRIVERS\rasirda.sys
2010/11/08 09:58:28.0375 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2010/11/08 09:58:28.0390 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2010/11/08 09:58:28.0421 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2010/11/08 09:58:28.0453 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2010/11/08 09:58:28.0484 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2010/11/08 09:58:28.0531 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2010/11/08 09:58:28.0562 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2010/11/08 09:58:28.0625 redbook (ed761d453856f795a7fe056e42c36365) C:\WINDOWS\system32\DRIVERS\redbook.sys
2010/11/08 09:58:28.0703 s24trans (96b4494d4734970f47c566e098c4f527) C:\WINDOWS\system32\DRIVERS\s24trans.sys
2010/11/08 09:58:28.0812 SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) C:\Programme\SUPERAntiSpyware\SASDIFSV.SYS
2010/11/08 09:58:28.0828 SASKUTIL (61db0d0756a99506207fd724e3692b25) C:\Programme\SUPERAntiSpyware\SASKUTIL.SYS
2010/11/08 09:58:28.0890 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2010/11/08 09:58:28.0921 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2010/11/08 09:58:28.0953 Serial (cf24eb4f0412c82bcd1f4f35a025e31d) C:\WINDOWS\system32\DRIVERS\serial.sys
2010/11/08 09:58:28.0984 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2010/11/08 09:58:29.0062 SMCIRDA (d03a4cdb1b089e3f6c23501339506e5e) C:\WINDOWS\system32\DRIVERS\smcirda.sys
2010/11/08 09:58:29.0125 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2010/11/08 09:58:29.0171 sr (50fa898f8c032796d3b1b9951bb5a90f) C:\WINDOWS\system32\DRIVERS\sr.sys
2010/11/08 09:58:29.0218 Srv (0f6aefad3641a657e18081f52d0c15af) C:\WINDOWS\system32\DRIVERS\srv.sys
2010/11/08 09:58:29.0265 sscdbhk5 (d7968049be0adbb6a57cee3960320911) C:\WINDOWS\system32\drivers\sscdbhk5.sys
2010/11/08 09:58:29.0312 ssrtln (c3ffd65abfb6441e7606cf74f1155273) C:\WINDOWS\system32\drivers\ssrtln.sys
2010/11/08 09:58:29.0375 STAC97 (305cc42945a713347f978d78566113f3) C:\WINDOWS\system32\drivers\STAC97.sys
2010/11/08 09:58:29.0468 STHDA (951801dfb54d86f611f0af47825476f9) C:\WINDOWS\system32\drivers\sthda.sys
2010/11/08 09:58:29.0531 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2010/11/08 09:58:29.0562 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2010/11/08 09:58:29.0703 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2010/11/08 09:58:29.0765 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2010/11/08 09:58:29.0812 tcpipBM (dcfeb82ca988598ceb8f83148616038e) C:\WINDOWS\system32\drivers\tcpipBM.sys
2010/11/08 09:58:29.0843 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2010/11/08 09:58:29.0875 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2010/11/08 09:58:29.0890 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2010/11/08 09:58:29.0953 tfsnboio (1d265cd2fb1673a0873bf8cec19ddc7f) C:\WINDOWS\system32\dla\tfsnboio.sys
2010/11/08 09:58:29.0968 tfsncofs (62e4901295e0467cac78e5b4b131ae5c) C:\WINDOWS\system32\dla\tfsncofs.sys
2010/11/08 09:58:29.0984 tfsndrct (a2f380f9252ab3464c859adf91eead9c) C:\WINDOWS\system32\dla\tfsndrct.sys
2010/11/08 09:58:30.0000 tfsndres (d4d66daff883ffecba6fba98627ccc70) C:\WINDOWS\system32\dla\tfsndres.sys
2010/11/08 09:58:30.0031 tfsnifs (9d644eb11fec9487450c4cfcd63a5df4) C:\WINDOWS\system32\dla\tfsnifs.sys
2010/11/08 09:58:30.0046 tfsnopio (e656af05c67edb7c0e9230a5df71ed1b) C:\WINDOWS\system32\dla\tfsnopio.sys
2010/11/08 09:58:30.0062 tfsnpool (64fccb9cce703ca507dffc3cebf6b2cb) C:\WINDOWS\system32\dla\tfsnpool.sys
2010/11/08 09:58:30.0093 tfsnudf (48bc9d8ab4e4b9bff70fb18e55cec3d6) C:\WINDOWS\system32\dla\tfsnudf.sys
2010/11/08 09:58:30.0109 tfsnudfa (79f60822224256b49bfc855da8d651d5) C:\WINDOWS\system32\dla\tfsnudfa.sys
2010/11/08 09:58:30.0187 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2010/11/08 09:58:30.0234 UIUSys (73edf3af56591834f070c3764a17f566) C:\WINDOWS\system32\drivers\UIUSys.sys
2010/11/08 09:58:30.0312 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2010/11/08 09:58:30.0359 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2010/11/08 09:58:30.0390 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2010/11/08 09:58:30.0421 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2010/11/08 09:58:30.0453 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
2010/11/08 09:58:30.0468 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2010/11/08 09:58:30.0515 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2010/11/08 09:58:30.0546 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2010/11/08 09:58:30.0578 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2010/11/08 09:58:30.0593 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2010/11/08 09:58:30.0656 VolSnap (a5a712f4e880874a477af790b5186e1d) C:\WINDOWS\system32\drivers\VolSnap.sys
2010/11/08 09:58:30.0703 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2010/11/08 09:58:30.0750 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2010/11/08 09:58:30.0812 winachsf (0c5b9cf1bdf998750d9c5eeb5f8c55ac) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
2010/11/08 09:58:30.0921 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
2010/11/08 09:58:31.0109 ================================================================================
2010/11/08 09:58:31.0109 Scan finished
2010/11/08 09:58:31.0109 ================================================================================

Mach mal einen Gegencheck mit dem TDSS-Tool von Norman => http://www.trojaner-board.de/82358-a...tml#post499990